warning: Creating default object from empty value in /home/gwolf/drupal6/modules/taxonomy/ on line 33.

Demoting multi-factor authentication

Submitted by gwolf on Mon, 06/18/2018 - 20:11

I started teaching at Facultad de Ingeniería, UNAM in January 2013. Back then, I was somewhat surprised (for good!) that the university required me to create a digital certificate for registering student grades at the end of the semester. The setup had some not-so-minor flaws (i.e. the private key was not generated at my computer but centrally, so there could be copies of it outside my control — Not only could, but I noted for a fact a copy was kept at the relevant office at my faculty, arguably to be able to timely help poor teachers if they lost their credentials or patience), but was decent...
Authentication was done via a Java applet, as there needs to be a verifiably(?)-secure way to ensure the certificate was properly checked at the client without transfering it over the network. Good thing!
But... Java applets grow out of favor. I don't think I have ever been able to register my grading from a Linux desktop (of course, I don't have a typical Linux desktop, so luck might smile to other people). But last semester and this semester I suffered even to get the grades registered from Windows — Seems that every browser has deprecated the extensions for the Java runtime, and applets are no longer a thing. I mean, I could get the Oracle site to congratulate me for having Java 8 installed, but it just would not run the university's applet!
So, after losing the better part of an already-busy evening... I got a mail. It says (partial translation mine):

Subject: Problems to electronically sign at UNAM

We are from the Advance Electronic Signature at UNAM. We are sending you this mail as we have detected you have problems to sign the grades, probably due to the usage of Java.

Currently, we have a new Electronic Signature system that does not use Java, we can migrate you to this system.

The certificate will thus be stored in the cloud, we will deposit it at signing time, you just have to enter the password you will have assigned.

Of course, I answered asking which kind of "cloud" was it, as we all know that the cloud does not exist, it's just other people's computers... And they decided to skip this question.

You can go see what is required for this implementation at de la firma (Test your signature): It asks me for my CURP (publicly known number that identifies every Mexican resident). Then, it asks me for a password. And that's it. Yay :-Þ

Anyway I accepted, as losing so much time to grade is just too much. And... Yes, many people will be happy. Partly, I'm releieved by this (I have managed to hate Java for over 20 years). I am just saddened by the fact we have lost an almost-decent-enough electronic signature implementation and fallen back to just a user-password scheme. There are many ways to do crypto verification on the client side nowadays; I know JavaScript is sandboxed and cannot escape to touch my filesystem, but... It is amazing we are losing this simple and proven use case.

And it's amazing they are pulling it off as if it were a good thing.

WikiLovesMonuments wants *you* (and me!)

Submitted by gwolf on Mon, 09/03/2012 - 17:35

What, haven't you heard about the WikiLovesMonuments photo contest around cultural heritage? Copying from its web page,

Wiki Loves Monuments is an international photo contest around cultural heritage monuments in September. Starting from the Netherlands in 2010 and organized on a European level in 2011, we go global in 2012!

I heard about this initiative in Iván Martínez's Wikimedia talk at COSIT 2012, held last week in Coatzacoalcos, Veracruz (I intend to write a bit more regarding COSIT later on). I loved the idea, and intend to participate — Not because I take great pictures (I don't, and I usually take them using my aging phone, which gives decent results but nothing beyond that), but because I love to move by bike in the city, and it's one of the best ways to roll in front of some of them. But more on me later… Back to the topic!

WikiLovesMonuments aims to improve on Wikimedia's (the organization behind Wikipedia and several other Free Culture reference projects) coverage of important landmarks all over the world. To do so, they are offering a trip to attend WikiMania 2013 in Hong Kong to the first place winner, and other "photography-related" prizes to the other winners.

So, back to me: My motivation to enter the contest is to help Wikimedia. I know my shots won't be top-notch (although they will be the best I can do). I enjoy biking in my city, and often go not too far from many of the listed monuments. I am amazed at the number of monuments still pending in my area (of course, it's not by mistake this is called "La ciudad de los palacios", The city of the palaces) — Surely some of the readers of this post will have (or will find easy to take) some photos to add. Of course, I'll try to focus on the missing monuments, but if you are a good photographer, you might want to submit a better version for a monument that's already there.

So, some pointers, from what's closest to what's farthest from me:

At least for Mexico, the listings are taken from the National Institute for Anthropology and History (INAH)'s Public registry of archaeological zones and monuments. So, I cannot wait to start my biking session today to get some good end-of-summer evening sun and get some pictures taken! :-D

Syndicate content