Well it’s been a while since I updated this, so now is the time…
Working for the government, past or present..
Just a short article as something came up in conversation earlier…
Many people don’t know, but in most countries when you work for the government/civil service you job can often entail more than you sign up for. In my experience working for Commonwealth countries, if you have a position that requires security clearance, gaining that clearance may mean you have to sign up for more than you really want. For example, as a customs officer, you’d expect would have to report any knowledge of drugs supply or usage, and cannot partake themselves. What most don’t know is that if you work for customs, but not as an agent/officer, you are covered by the same rules. What’s more even if you leave the employment of the service, you are still required by law, governance and contract to continue in your role of reporting incidences for the full duration of the clearance you obtained as part of the position (usually 5 years). This means that if you gained customs clearance in 2008, contracted to customs for 9 months then left the service, you would still be required to report any such drug use/dealing until 2013 (assuming the usual 5 year period for clearance.)
Now what’s even more convoluted, some countries like Australia and the UK require you to report any issues of a national nature regardless of whether it is dealt with by the department you work for or not. Another example, is if you are an Australian Customs officer, agent, employee or contractor if you were made aware of a scam marriage you’d be expected to report the incident in full to the Department of Immigration and Municipal Affairs (DIMA) just as you would be expected to report knowledge of Tax (GST (VAT for Europeans, Sales Tax for the Americans) or Income tax) Evasion to the Australian Tax Office (ATO.)
One has to wonder why would anyone want to take a position with such responsibility.. Well it’s probably to do with the job security, once in and cleared, unless you commit a crime yourself, you’ve pretty much got a job for life, and the jobs are not low paid generally.
Karnival Tan-Nadur 2011 Photos..
Well what a success it was. The photos are up on facebook here: http://www.facebook.com/ (if you want to tag/comment on the photos please email michelle@shellsshots.com with your facebook email address or ID so I can add you… sorry you won’t be able to add/search on me directly because of problems with stalkers, but I should be able to add you.)
The evening was fun to say the least, many people in all sorts of outfits, all having fun. One thing that was very surprising to me, is many were drunk and yet there was no trouble, and only a few were silly. One guy and his poor girlfriend had passed out and was sitting in his own vomit, his girlfriend very obviously fed up, both Jez and I agreed if he had been our partner it would have been the last night he dated us. We both agreed getting drunk is ok, getting drunk in public is ok, getting so drunk you pass out in your own vomit in public is a big no-no.
On the funny side, I received one comment which surprised me and made me laugh no end… “Are you Marilyn Manson?” one girl asked…! I mean, come on are you kidding me? Here’s some photos of Marilyn Manson..
The local Goth/Alternative group was great though mostly camera shy, and I’m looking forward to partying and spending time with them.
The results of the attack…
This was done by my partner of the time (Katie Crothers – now ex-partner), and I was forced to remove it, however now I cannot be forced to remove it again so here it is again:
Why have I marked it public again it you might ask? Well simply when I get messages from my friends saying, “Hey your ex Katie just added/messaged me and she told me you beat her up, told her this about me” (and other things) well I guess it’s about time the truth was known.
Creating an EV Certificate Request in OpenSSL
Quick technical FAQ as it has just taken me over 2 hours to find out how to do this…
When generating a CSR (Certificate Signing Request) for an EV (Extended Validation) certificate there are some required fields. These required fields are very well documented (probably too well) and the problem you will find is trying to generate the EV request often fails with:
Subject Attribute businessCategory has no known NID, skipped
problems making Certificate Request
5478:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too long:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/a_mbstr.c:154:maxsize=2
The solution is to add the oid for businessCategory, some documentation will indicate that this is possible by just using the oid in the subject… Forget it, it doesn’t work. The correct solution is modify your openssl.cnf file ( /usr/local/etc/openssl.cnf /etc/ssl/openssl.cnf and /etc/openssl.cnf are common locations.)
Under the section “new_oids” (create one if it doesn’t exist) add the following:
[ new_oids ]
businessCategory=2.5.4.15
streetAddress=2.5.4.9
stateOrProvinceName=2.5.4.8
countryName=2.5.4.6
jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2
jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1
jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3
Then you can use the following command to generate the CSR and a new key for the server:
openssl req -new -newkey rsa:2048 -out ev-key.csr -subj ‘/CN=<webserver name eg www.michellesullivan.org/O=My Company Ltd/businessCategory=V1.0, Clause 5.(b)/jurisdictionOfIncorporationCountryName=<country code of registration of ‘My Company Ltd’/C=<country>/streetAddress=<business address>/ST=<state>/serialNumber=<company incorporation number for “My Company Ltd”>’
Note: because braces are used you need to use single quotes to surround the subject, also EV certificates cannot be issued to WildCard CNs so don’t waste your time.