Adding a feature to MediaWiki WikiEditor formatting
MediaWiki is an excellent tool for maintaining documentation and I’ve had a self-hosted instance since at least 2011-06-04 (that’s the oldest edit in my internal user contributions list). And some 3,436 edits later, I still can’t remember the tags for SyntaxHighlight, which is an awfully nice little highlighter that uses pygments to render structured text in a more readable form. I got tired of looking them up every few weeks and so thought there must be a way to add some hints to the user interface.
I was surprised the WikiEditor plugin, which provides a nice point-n-click interface to some of the more commonly used MediaWiki markup tags, did not have an option or extension for SyntaxHighlight point-n-click and but, of courese, you can edit the JavaScript that renders the toolbar and amend it with features you want.
The instructions are pretty clear, if not quite the step-by-step howto some are.
- Make sure you have WikiEditor enabled in LocalSettings.php
- You need permission to edit the Common.js page, which if you run the site you should have, but regular users can’t.
- If it doesn’t seem to load, make sure you clear all caches before testing.
On my site, the URL for Common.js is https://your.host.tld/mediawiki/index.php?title=MediaWiki:Common.js which contained only the default
/* Any JavaScript here will be loaded for all users on every page load. */
and to which I added:
/* Any JavaScript here will be loaded for all users on every page load. */
// Check if we're editing a page.
if ( [ 'edit', 'submit' ].indexOf( mw.config.get( 'wgAction' ) ) !== -1 ) {
// Add a hook handler.
mw.hook( 'wikiEditor.toolbarReady' ).add( function ( $textarea ) {
// Configure a new toolbar entry on the given $textarea jQuery object.
$textarea.wikiEditor( 'addToToolbar', {
section: 'advanced',
group: 'format',
groups: {
list: {
tools: {
syntaxhighlight : {
label: 'SyntaxHighlight',
type: 'select',
list: {
'bash': {
label: 'Bash',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="bash">',
post: '</syntaxhighlight>'
}
}
},
'unixconfig': {
label: 'Config',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="unixconfig">',
post: '</syntaxhighlight>'
}
}
},
'apacheconf': {
label: 'ApacheConfig',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="apacheconf">',
post: '</syntaxhighlight>'
}
}
},
'json': {
label: 'JSON',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="json">',
post: '</syntaxhighlight>'
}
}
},
'patch': {
label: 'Patch',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="diff">',
post: '</syntaxhighlight>'
}
}
},
'php': {
label: 'PHP',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="php">',
post: '</syntaxhighlight>'
}
}
},
'javascript': {
label: 'JavaScript',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="javascript">',
post: '</syntaxhighlight>'
}
}
},
'html': {
label: 'HTML',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="html">',
post: '</syntaxhighlight>'
}
}
},
'css': {
label: 'CSS',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="css">',
post: '</syntaxhighlight>'
}
}
},
'arduino': {
label: 'Arduino',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="arduino">',
post: '</syntaxhighlight>'
}
}
},
'perl': {
label: 'Perl',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="perl">',
post: '</syntaxhighlight>'
}
}
},
'python': {
label: 'Python',
action: {
type: 'encapsulate',
options: {
pre: '<syntaxhighlight lang="python">',
post: '</syntaxhighlight>'
}
}
}
}
}
}
}
}
} );
});
}
and coolio, it works:
Technology democratizes nuclear-grade munitions
A bad day for FSDco shareholders.
The notification on his phone reminded him to connect his car to WiFi to receive the latest update, FSD V14.2.3.7 to correct a few minor errors and improve the music experience, offering fully dynamic live equalization and improved external noise cancellation.
The next day, he drove to work, everything behaving normally. The FSD feature worked as well as ever and he was sure he could hear the improvement in the sound system, jamming out, drumming his fingers on the steering wheel, windows down, making extended eye contact with pedestrians as he drove by. He couldn’t remember the last time he had to take control of the vehicle.
In his day job he oversaw a small team of developers connecting a programmatic AI to a remote quantum computer and the latest AI developed code had cut the execution time for a novel Shor’s algorithm implementation on the cloud Quantum Computer for 512 bit Elliptic Curve decode to under a minute while their newly developed quantum resistant signing algorithm had finally surpassed EC key resistance by a factor comfortably outside the statistical margin of error. The business model was to break everyone else’s certificates while offering a novel technology that unbroke the break they created, one they just happened to have patented, and progress was promising.
He joined the rush hour ride home, enjoying the freedom to continue his work on his phone as FSD navigated the heavy traffic.
It was a beautiful day across most of the US, warm spring weather brought lots of people out shopping and strolling along city and urban areas leading to some congestion in traffic routes. His FSD rerouted a new path through the city center but he didn’t pay any attention as the car often deviated off the most direct route as it dynamically responded to changing traffic conditions.
He was reviewing the results of the latest batch of QC test runs against a minor revision on his phone when his car gave a warning beep of imminent rear collision and before he could even look up, another FSD car passed going beyond full plaid mode, the wheel motors smoking as it streaked past into the intersection ahead, veered deftly around the lamp posts and onto the side walk and blasted through a pedestrian crowd, launching bodies and parts high into the air before it ran, speed barely slowed by the bodies, hard through a glass building front and exploded into flames, ripping out the far wall and causing the building to lurch precariously as glass and shattered mortar fell into the street.
He was boxed in between two Luddite gas cars in front and behind, looking on in horror, the sound of the screams of the survivors drowning out even the loud pop music blasting with improved fidelity in his car when the windows rolled themselves up and the doors locked themselves. Despite the changing acoustics, the sound system compensated dynamically, maintaining the same excellent balance and sound-stage imaging and creating a truly immersive, nearly live acoustic experience. The new noise cancellation algorithm immediately silenced the screams outside his car as the windows snuffed into their seals.
The Luddite car in front of him pulled off to the side clearing space in front and suddenly his car accelerated so hard his head snapped back against the seat and his phone went flying from his hands clattering against the rear window. While FSD had dulled the reflexes he had learned all those years ago driving his parent’s Luddite car, he still reflexively jammed unfamiliar feet in the direction of the manual pedals, mashing all of them to the floor. He was unsure, at first, if the car was trying to get him out of danger as it swerved through traffic accelerating as it went past the now burning building, but soon he realized in terror that his car had rejected his authority and any obligation of care for his safety.
Block by block he caromed past accident after accident: buildings on fire, pedestrians ripped to shreds, body parts and blood sprayed across streets and building facades each horrific track of destruction punctuated by the terminally deconstructed remains of an FSD car.
Soon, the car reached a clear spot and accelerated past 300 kph, smoke from the overheated wheel motors starting to infiltrate the cabin, the battery over-temp alerts lighting up the digital dashboard. His slow human reflexes barely had the cognitive processing speed to register a crowd of people in his path that had gathered around bodies lying in the street, attempting to give aid. Their silhouettes flashed on the in-car collision warning display and the car aimed directly at them calculating an optimal path of destruction at fully automated speed.
He tried to grab the steering wheel, clumsy hands spinning it easily without any effect. The FSD system aimed straight at the largest cluster and suddenly the windshield was covered in blood as the sound of body impacts arrhythmically penetrated the sound system’s otherwise excellent noise cancellation. He felt the car veer left and glimpsed the looming outline of an ambulance ahead between streaks and chunks obscuring his blood coated windscreen before the car exploded through the frame of the ambulance spraying burning lithium fragments down the street.
The hack had hit almost 3 million vehicles and of those, half had followed the new instructions: at 17:30 or as soon after as possible, navigate toward areas of high pedestrian congestion, wait for at least 500 m of clear road and when detected, lock the vehicle down, remove all power limits and accelerate to maximum velocity, scan for any cluster of more than 5 pedestrians tighter than one car width in the direction of travel and drive through them. Once there are no more pedestrians or if the batteries or wheel motors indicate imminent failure, aim for the next large target: either a vehicle or building.
More than 10,000,000 people were killed across the United States in less than 15 minutes. FSDco issued a remote shutdown within 30 minutes of the first accident data uplink and mostly ended the carnage. The attack was traced to a small insurgent group that had infiltrated the vehicle company. They had bribed a young, somewhat underpaid IT manager who had signed the insurgent’s modified firmware thinking it was a tuner’s test firmware and unaware of the real intentions or functions of the code. They’d then pushed a DNS poisoning attack through a popular but compromised smart speaker device, attacking owner’s private WiFi and redirected the scheduled patch download to their own server, pushing the legitimately signed but hacked firmware to about half the vulnerable vehicles.
FSDco had only noticed an atypically small update confirmation rate for their legitimate update the morning of the attack and had opened an investigation that day, but as the access compromise was edge and transient everything looked normal at the servers aside from the statistical anomaly and so no alarm was raised until the system-wide tracking dashboard lit up reporting a massive near-simultaneous loss of telemetrics event.
Most EVs get software updates from network connections and the driver has no possible way to know what they are. The updates are validated using cryptographic hashes, called certificates, which are supposed to be carefully controlled, but these can be and have been hacked. Further, there’s an assumption that certificates are secure enough to trust but occasionally a subtle error/malicious hack breaks the validity of that assumption. This has happened a number of times. Accident? Who knows?
Using vehicles as weapons is an obvious way to exploit a powerful kinetic device that easily gets past all security screens and can cause mass casualties. A significant expense for any attacker is that the attack modality also consumes operators (the driver) as well as the munition (the vehicle). It would be quite challenging to recruit large numbers of attackers to voluntarily engage in suicide vehicle attacks and so they remain relatively rare, despite almost always being successful. FSD vehicles provide an irresistible target for an extraordinary weapon of opportunity to any state or non-state antagonist.
A nuclear grade weapon for the price of a zero day
Each Tesla’s battery back is about 70 kWh (many quite a bit larger). There are about 5,000,000 Teslas on the road.
5,000,000 cars * 70 kWh/car = 350 gWh or 300 kt total energy capacity.
2017-09-03: the DPRK tested their largest yield nuclear weapon to date, an estimated 140 kt, possibly a thermonuclear bomb. The DPRK’s estimated spend on their nuclear program is about $642,000,000/year over 20 years or about $15,000,000,000 total, and that from a country with an estimated GDP of $28,000,000,000. The DPRK determined it was worth about 2.7% of their GDP over more than 20 years to be able to deliver 140 kt (or so) to an enemy country.
Why bother if the enemy has a more potent munition pre-emplaced; one that merely requires a hacked certificate to seize control?
Zero day exploits run about $1,400,000, 0.01% of the DPRK nuclear budget. A zero day would be a major expense for a non-state aligned armed insurgent group but hardly insurmountable. Pretty much every angry organized group in the world can scrape together a million bucks and an internet connection.
OTA upgradable, drive by wire vehicles give every one of them a cheap path to a nuclear-scale, pre-emplaced weapon of mass destruction. Recruitment is irrelevant and vehicles operating systems have no mercy.
Zero day exploits are sold and traded for every major platform regularly; the price varies depending on the size and overall security of the target platform. Zero days to hack voting machines or ATMs tend to be expensive. Hacks for Windows are cheap and plentiful, though price also varies with the mode of deployment. The easiest to deploy and so most valuable are “drive by” which means either figuratively—you visit a hacked web page and your phone is hacked—or literal—your car or phone passes a hacked/fake cellular base station or compromised WiFi access point and your phone or car is compromised, usually as stealthily as possible.
The reason Zero Day exploits are expensive is they’re fairly hard to find. They rely on things like buffer overruns and unsanitized inputs. Your phone gets asked to open a window 100×200 pixels, fine, but if it tries to open a window 36,000 pixels wide and the register space allocated for the multi-gigabyte image canvas bleeds into a critical system memory into which the hacker puts code instead of picture data where it is read, not by the GPU, but by the core OS and suddenly your phone has a new background feature you didn’t want. Drive-by hacking of SIMS is common, and a common hackable feature is enable silent SMS GPS coordinate location reporting, for example, to track a target.
Finding exploitable flaws where the original developers (probably) accidentally introduced a bug or a failure and then figuring out how do do something other than just crash or reboot the target device takes time and patience and so the hacks are valuable and sold on the dark web. If they’re used and someone notices, the error is fixed and the zero day has much less value. You get one try, like with the exploding pagers; nobody is carrying a Gold Apollo pager any more. So intelligence services and terrorist groups “bank” zero days and use them sparingly. If someone had figured out how to take control of FSD cars to implement a mass automated vehicle ramming attack it is very unlikely anyone would know until it was tried.
And AI programming tools should be able to find exploitable flaws much more quickly and far more cheaply. AI can also, by more or less the same process, find flaws for the good guys, white hat hackers, too so they can be fixed before they’re exploited by the black hat hackers, doing “penetration testing,” and “vulnerability scanning.” A problem is that such research is hard to differentiate from malicious attacks. And, at least for now, the good guys don’t put AI on the internet and let it try to hack people’s computers but the bad guys sure do.
FSD is a national security risk. Drive by wire vehicles are pre-emplaced munitions that can’t ever be secured and may be hacked any day or may have, long ago, already been hacked and are just sleeping, waiting for the kill command.
Optane, a modern technology tragedy (plus FreeBSD nvmecontrol)
Intel won the storage wars. They invented a storage technology in 2015 that was the best of everything: almost as fast as (then) RAM, basically infinite write endurance in any normal use, and fairly cheap. They even made a brilliant config on m.2 with integrated supercap for power-failure write flush. Just awesome and absolutely the write tech for modern file systems like ZFS. It is perfect for SLOGs. You wish you had a laptop that booted off an Optane m.2 You wish your desktop drives were all NVME Optane.
Well, wishes are all we got left, sadly. Optane, RIP 2022.
You can still buy optane parts on the secondary markets and it seems some of the enterprise DC products are at least still marked current on Intel’s website, but all retail stocks seem to be gone.
Man was that an amazing deal at $0.50/GB. In my application, the only practical form factor was M.2 and even that was a bit wonky in an HP DL360 G9, but more on that later. There are a variety of options and most are available on the used market:
| PN | Intro | Cap GB | Write MB/s | write k iops | PBW endurace | PLP | $ (market, 2024) |
| MEMPEK1W016GAXT | Q1’17 | 16 | 145 | 35 | 0.2 | NO | 5 |
| SSDPEL1K100GA | Q1’19 | 100 | 1,000 | 250 | 10.9 | YES | 109 |
| SSDPEL1K200GA01 | Q1’19 | 200 | 2,000 | 400 | 21.9 | YES | 275 |
| SSDPEL1K375GA | Q1’19 | 375 | 2,200 | 550 | 41 | YES | 800/1,333/NA |
| SSDPEK1A058GA | Q2’22 | 58 | 890 | 224 | 635 | YES | 32/140 |
| SSDPEK1A118GA01 | Q2’22 | 118 | 1050 | 243 | 1292 | YES | 70/229 |
Any of these would be a good choice for a SLOG on rotating media, but the later ones are just insane in terms of performance, and that’s compared to enterprise SSDs. They pricing cratered after they were canceled and dangit, didn’t get em. The used market has gone way up, better price increase than bitcoin over the same period and they’re not virtual beanie babies! The SSDPEL1K100GA is the best deal at the moment and has a beefy supercap for power continuity and is still $818 on Amazon, apparently introduced at $1,170. This pricing might have explained why Optane didn’t do better. The 375 GB M.2 would be an awfully nice find at $0.50/GB, that’d be a pretty solid laptop boot disk.
Hardware
For SLOG you really want two devices mirrored in case one fails. The risk of an optane DC grade device failing is trivial and given it has Power Loss Protection, the most likely cause of failure and why your main array failed to write out the transactions committed to the SLOG, we’re really talking about media failure and as it is 3D X-Point it is NOT going to wear out like NAND, it’s rational to single-disk it. I almost striped mine but in the end decided against it because that quadruples the fail rate over a single device and 8x over mirrored and I don’t really need the space.
So how do you install two M.2 devices in a computer that doesn’t have M.2 slots on the mobo? With a PCI card, of course. But wait, you want two in a slot, right? And these are x4 devices, the slots are x8 or x16, so two should be able to pair, right?
Not so fast. Welcome to the bizarre world of PCI furcation. If you want to add two drives to the core PCI bus, you have to split the bus to address the cards. Some mobos support this and others do not. As shipped, the HPE DL360 G9 did not.
BUT, a firmware update, v 1.60 (April 2016) added “support to configure the system to bifurcate PCIe Slot 1 on the DL360 Gen9 or PCIe Slot 2 on the DL380 Gen9.” W00t. A simple Supermicro AOC-SLG3-2M2 supports 2x M.2 cards and only requires bifurcation to work, all good.
Not so fast. In order to pack the DL360 G9 with 2.5 SSDs, you need a Smart Array Controller (set for passthru for ZFS) and that sits in slot 1 and while I believe it can go in any X16 slot, the cabling is not compatible and that’s a lotta SAS cables to replace. Bifurcation on the mobo is out.
But you can fucate on a PCI card just as well – likely this adds some latency and it’d be interest to perf test against more direct connections. I ended up choosing a RIITOP dual M.2×22110 PCI card and it worked out of the box transparently, both disks showed and while I’m not getting 250,000 IOPS, performance is good. It is based on the ASMedia ASM2812, seems like a reasonable chip used in a lot of the lower cost devices of this type, most with 4x M.2 slots instead of 2.
Software
FreeBSD recognizes the devices and addresses them with nvmecontrol. You can pull a full status report with, for example nvmecontrol identify nvme0, which provides information on the device or nvmecontrol identify nvme0ns1 which gives details about the storage configuration, including something important (foreshadowing) the LBA format (probably #00, 512).
Current LBA Format: LBA Format #00 ... LBA Format #00: Data Size: 512 Metadata Size: 0 Performance: Good LBA Format #01: Data Size: 512 Metadata Size: 8 Performance: Good LBA Format #02: Data Size: 512 Metadata Size: 16 Performance: Good LBA Format #03: Data Size: 4096 Metadata Size: 0 Performance: Best LBA Format #04: Data Size: 4096 Metadata Size: 8 Performance: Best LBA Format #05: Data Size: 4096 Metadata Size: 64 Performance: Best LBA Format #06: Data Size: 4096 Metadata Size: 128 Performance: Best
The first thing I’d do with a used device is wipe it:
gpart destroy -F /dev/nvme0 gpart destroy -F /dev/nvme1
I would not bother formatting the device to LBA 03/4k. Everyone tells you you should, but you don’t get much of a performance increase and it is a huge pain because nvmecontrol currently times out after 60 seconds (at least until the patch needed is pushed to kernel or you recompile your kernel with some fixes) if you did want to try, you’d run:
# time nvmecontrol format -f 3 -m 0 -p 0 -l 0 nvme0 316.68 real 0.00 user 0.00 sys (no errors)
-f 3 sets LBA Format #03, 4096 which should give “Performance: Best” which certainly sounds better than “Good.”
But it’ll error out. You need to mod /usr/src/sys/dev/nvme/nvme_private.h with the below modifications and recompile the kernel so it won’t time out after 60 seconds.
#define NVME_ADMIN_TIMEOUT_PERIOD (600) /* in seconds def 60 */ #define NVME_DEFAULT_TIMEOUT_PERIOD (600) /* in seconds def 30 */ #define NVME_MIN_TIMEOUT_PERIOD (5) #define NVME_MAX_TIMEOUT_PERIOD (600) /* in seconds def 120 */
Performance Aside
I tested 512 vs 4k in my system – and perhaps the AIC’s bridge latency or the whole system’s performance so limited the performance of the optane cards that a no difference would appear, these cards do rock at the hardware level (this is with 4k formatting):
# nvmecontrol perftest -n 32 -o read -s 4096 -t 30 nvme0ns1 && nvmecontrol perftest -n 32 -o write -s 4096 -t 30 nvme0ns1 Threads: 32 Size: 4096 READ Time: 30 IO/s: 598310 MB/s: 2337 Threads: 32 Size: 4096 WRITE Time: 30 IO/s: 254541 MB/s: 994
That’s pretty darn close to what’s on the label.
However, testing 512 vs. 4k formatting at the OS level (didn’t test raw) it was a less extraordinary story:
| LBA/FW ver. | 4k E2010650 | 512 E2010650 | 4k E2010485 | 512 E2010600 |
| Median Mb/s | 759.20 | 762.30 | 757.50 | 742.80 |
| Average Mb/s | 721.70 | 722.87 | 721.64 | 724.35 |
Definitely not +10%
So I wouldn’t bother reformatting them myself. Testing a few configurations with
fio --name=random-write --ioengine=posixaio --rw=randwrite --bs=64k --numjobs=1 --size=4g --iodepth=1 --runtime=60 --time_based --end_fsync=1
I get
| Device\Metrics | Max IOPS | Avg WBW MiB/s | avg SLAT µS | avg LAT µS |
| 10 SAS SSD ZFS Z2 Array | 20,442 | 1,135 | 4,392 | 53.94 |
| Optane 100G M.2 Mirror | 20,774 | 624 | 3,821 | 95.77 |
| tmpfs RAM disk | 23,202 | 1,465 | 6.67 | 42 |
Optane is performing pretty close to the system limit by most metrics – the SLAT and LAT metrics are highly dependent on software.
Formatting
I did something a bit funky since 100GB is way more than this little server could ever use for SLOG. I set it at 16GB which is probably 4x overkill, then used the rest as /var mountpoints for my jails because the optanes have basically infinite write endurance and the log files in var get the most writes on the system. I’m not going into much detail on this because it’s my own weird thing and chances anyone else cares is pretty small.
Initialize GPT
gpart create -s gpt nda0 gpart create -s gpt nda1
Create Partitions
gpart add -b 2048 -s 16g -t freebsd-zfs -a 4k -l slog0 nda0 gpart add -b 2048 -s 16g -t freebsd-zfs -a 4k -l slog1 nda1 gpart add -s 74g -t freebsd-zfs -a 4k -l ovar0 nda0 gpart add -s 74g -t freebsd-zfs -a 4k -l ovar1 nda1
ZPool Operations
zpool add zroot log mirror nda0p1 nda1p1 zpool create optavar mirror nda0p2 nda1p2 zpool set autotrim=on optavar
Create Datasets
zfs create -o mountpoint=/usr/local/jails/containers/jail/var -o compression=on -o exec=off -o atime=off -o setuid=off optavar/jail-var etc
Electronic Signatures and PDF
Electronic signatures are a technology that has been bizarrely slow to mature. Lots of documents still rely on the idiotic premise that some stupid graphic somehow serves as a secure measure of document authenticity. This might have had some slight measure of validity in the days of actual paper documents being required with “wet signatures.” but the premise of face-to-face document signing ceremonies should have long been consigned to history with signet rings, let alone a global transit trade in random bits of paper bearing binding proof of commitment.
First the Uniform Electronic Transactions Act (UETA, 1999) then H.R.1714/S.761, Electronic Signatures In Global and National commerce (E-Sign) act (2000) was signed (ha) into law (probably with a wet signature), now Public Law 106–229, it has been legally binding to sign documents with electronic signatures for 25 years.
So why is it almost never done? Why do are we still sometimes asked to fax “signed” documents?
Why do we fax “signed” documents? Because lawyers and legislators are unbelievably, almost incomprehensibly ignorant of the most basic operational functions of technology and absolutely too stupid, too utterly moronic, mindbogglingly dense and incomprehensibly dumb that… and I am NOT making this up… but seriously… there are people who actually have an impact on laws and legal matters who believe that fax transmissions are more “secure” and less prone to interception, manipulation, or hacking than email. Yes, people who believe this kind of thing are actually allowed to practice law. Truly tragic but still true. The world suffers that such profound ignorance persists.
Have you ever tried to electronically sign a document? Turns out it isn’t trivial and the burden isn’t the core technology or concept but a few problematic implementation steps.
The first barrier is the interjection of the certificate mafia’s profit motives. Various corporate monsters saw an opportunity to make bank exploiting the aforementioned abject technical ignorance and utter technical incompetence of our legislative and legal infrastructure and build a certification model that relies on pay-for-validation, lying that this would somehow ensure authenticity and people were too dumb to question the obvious idiocy of this stupid model. Even today, we rely on the good graces of the Mozilla foundation’s Let’s Encrypt to make secure communication viable because various OS and browser level dumbness considers self-signed certificates insecure for the stupidest, most reprehensible reasons possible. But Let’s Encrypt, bless them, won’t give you an X.509 signing certificate.
We’re all lucky CACert.org steps into this horrific void and, while it is complicated, offers an extremely secure, highly reliable, and (most importantly) free process for getting yourself an X.509 signing certificate. In order to get a signing certificate, you have to validate your identity in person at a meet up using their points system, a process that is infinitely more secure than any of the for-profit signing certificate providers that consider willingness to pay proof of identity. The USG should offer X.509 client certificates for free with passports and RealID renewals, but I’d still use CACert myself, cause they’re awesome.
For now: first, set up an account on CACert, install their root certificates in your OS and browser (why aren’t they included by default? Ask the certificate mafia.) You’ll need to do one of the things they require to prove you are who you claim (yes, actual security, unlike ANY of the commercial certificate providers, unreal how insanely stupid this process is) and then have CACert issue a Client Certificate.
Assuming you have your points with CACert, the basic process is fairly well documented:
You need to generate a signing request in your name, which you can do with OpenSSL, but it is easier using CACert’s nice online process.
It will take a few seconds (60?) and I’m not sure about the compatibility problems that might arise from a longer key, there are some bugbears once we try to use lamo corporate commercial software, but 4096 worked for me. You MUST GET YOUR PRIVATE KEY and save it to your OpenSSL enabled computer.
Remember to press the red “Show private key” button and copy/save the private key to a secure directory on your computer, you’re gonna need it later to convert the certificate into something dumb ass spyware Windows computers can use, which you need because Acrobat forms still can’t be signed without Adobe’s awful spyware Acrobat Reader.
(note the actual private key has quite a bit of text between the Begin and End lines but you know… redacted for privacy). Then click the blue “Copy CSR to Clipboard” button and switch over to New Client Certificate window and paste it where you’re supposed to.
You need the .crt version of the certificate to continue and that private key text file you saved earlier for the next step, as well as downloading the CACert root certificate and then you need openssl working (should be on most real computers, Windows or Apple is beyond my interest) and merely execute this one simple command:
$ openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -nomac -export -out DavidGessel_3d_sha1.pfx -inkey private_key_for_CAcert_CSR.txt -in gessel@blackrosetech.com.crt -certfile CA_Cert_root_X0F.crt
To explain:
- openssl will generate a combined binary version of your certificate in pkcs12 format
- because Windows and Acrobat suck, you have to specify moderately insecure crypto: SHA1-3DES rather than the Linux default of AES 256 because why would a monopoly company like Microsoft have any incentive to fix bugs? If you don’t Windows will tell you “The password you entered is incorrect” to unlock your key because why fix bugs when corporate IT types are just utterly incompetent and will only specify windows no matter how awful and unusable it is because point-n-click?
- -nomac is another setting Windows needs to be able to use the cert and if you don’t specify this Windows will tell you “The password you entered is incorrect” again, because Windows does not care if it works for you because you have no choice.
- The -out certificate is what’s being generated and Windows native is .pfx, but .p12 will work too.
- The -inkey is the private key you remembered to save using the red button before (right? you need that).
- the -in (file) is the Client Certificate in normal X.509 .crt format real computers understand that CACert generated for you.
- the -certfile is CACert’s root certificate.
Now, WØØt, you have a certificate that should work. Go over to your dumb Windows machine and make sure you import the CACert root certificates – you just download them and then right click and select “install certificate” for the class 1, then the class 3, then the .pfx certificate you just created.
Now, finally, you can sign a document like someone who actually uses a computer rather than a quill and parchment to process documents.
Acrobat is another program that just doesn’t care too much about usability or user experience, so different versions might work differently. I had to click the “Signature Panel” button to open a sidebar to show the signature fields then right click and then choose my sig and click sign and save.
One final note about the state of signing in FOSS: it kinda sucks still. Various entities that use acrobat fairly well will generate forms with standard signature locations which you can print and sign and fax (not email) like we’re still waiting for Y2K or print and sign and snail mail if we are nostalgic for the pre-telephone era, or click and sign and email like we’re in the 21st century.
I’m not aware of any FOSS program that handles signature fields in the expected way. You can sign a whole pdf document with a variety of FOSS tools, and CACert has a good summary of these, but that signature, while binding on the document as a whole does not show in the form fields and so whatever non-tech functionary is asking you to sign the document is never going to understand how your e-sign compliant signature is binding and is going to insist you take a time machine back to the mid-80s to find a working fax machine unless you use Acrobat, which means Windows or Mac at least in a VM. You might be able to get some version of Acrobat to work in Wine, but you’ll need an old one that uses an internal certificate store rather than relying on the windows version (pre Acrobat X, I’m pretty sure).
Fun, huh? Basic digital functions are still broken decades after introduction but we have AI generated Teledep influencers telling us doubleplus buy useless beauty products and trust their health and exercise advice.