On the evening of Friday, the 23rd of October 2009 will be held a somewhat end user-oriented conference on the theme of Cryptography, SSL/TLS and trust networks, with the opportunity to sign GPG keys and be assured by CAcert.org assurers. This conference will be held in Switzerland, at the University of Applied Science – HES-SO / HE-Arc Ingénierie in St-Imier (BE).

You can find details on Linux User Group – Neuchâtel

Registration is not required – if you want to participate in GPG key signing, please send your GPG key info and fingerprint until Monday 19 to: schaefer (at) alphanet (dot) ch – and Entrance is free.

This conference is co-organized by HE-Arc / ISIC, Linux User Group – Neuchâtel and by individual CAcert.org Assurers.

———————————————————————————————————————————————————————————-

Le soir du vendredi 23 octobre 2009 aura lieu à l’Institut des systèmes d’information et de communications de la Haute Ecole Arc ingénierie – HES-SO à St-Imier (BE) en Suisse une conférence sur le thème de la cryptographie, de SSL/TLS et des réseaux de confiance, avec l’opportunité de signer des clés GPG et d’être vérifié par des assureurs CAcert.

Détails ici, Groupe d’Utilisateurs Linux – Neuchâtel

Inscription non nécessaire – mais vous devez envoyer vos informations de clés publique GPG et empreinte à: schaefer (arobas) alphanet (point) ch, si vous voulez participer à la signature de votre clé. Entrée gratuite.

Cette conférence est co-organisée par la HE-Arc / ISIC, Groupe d’Utilisateurs Linux – Neuchâtel et des assureurs individuels de CAcert.org.

The Admin-Team is going to implement a change to the main website tonight, that
will increase the speed of the website.
There is currently expected a downtime of parts of the website (login,
certificate issueing) for a few minutes during the implementation.

Das 2. ITK-Forum Mittelstand am 28. Oktober 2009 findet in Haberkasten Mühldorf (90km östlich von München) mit CAcert Beteiligung statt.

Die Veranstaltung findet am 28. Oktober 2009 von 13 bis 17:30 Uhr statt und der Eintritt ist frei – Reservierungen vorab sind gewünscht.

Weitere Infos sind unter http://wiki.cacert.org/events/ITK-Forum-Mühldorf2009 zu finden.

John F Kennedy inspired a nation by saying that. Then he said:

“ask what you can do for your country!”

What can you do for your community? Here’s one idea I’ve been playing around with. I call it Adopt-A-Page but I reckon there is a better title out there for it. It works like this:

1. Identify your place inside the Community. Sysadm? Assurer? Coder? Arbitrator? Cert-user? There are lots of possibilities.
2. Find your favourite CAcert.org web page that relates to your part in the Community.
3. Link to that place from your many websites.
4. Keep it live and relevant. Update your collection from time to time.

That was easy! Why is this so important? Another easy question with a simple answer: FUNDING. CAcert needs money to finance the current audit work programme and the next audit. We can get that by (a) being a source of advertising and (b) by being higher profile.

Both of those things can be helped by YOU linking into CAcert. That’s because a little help by you, multipled by the size of our community, equals a lot of help!

It really doesn’t matter where you link in to. You choose. What matters more is that you use diverse websites, if you have them to hand.

This is one thing you can do for your Community!. Point your website to us. Proclaim your ability as an Assurer. Tell the world which system you administer. Tell us you care. Loudly! Tell us you’re part of the community. Hell, tell us anything you like, as long as it includes a link 🙂

Der Linux Info Tag am 10. Oktober 2009 in Landau (Rheinland-Pfalz) findet wie jedes Jahr auch dieses Jahr wieder mit einem kleinen aber feinen Programm im Kreuz+Quer in Landau statt. Auch dieses Jahr wird es die Möglichkeit geben sich über CAcet, Zertifikate und Sicherheit am Computer zu informieren, sowie eine Assurance durchführen zu lassen.
Weitere Infos und die Möglichkeit sich anzumelden gibt es im CAcert-wiki.

Over at the Economist, they are reporting on how to figure out whether a bot can be human: that which we software geeks call the Turing test.

IF A computer could fool a person into thinking that he were interacting with another person rather than a machine, then it could be classified as having artificial intelligence. That, at least, was the test proposed in 1950 by Alan Turing, a British mathematician. Turing envisaged a typed exchange between machine and person, so that a genuine conversation could happen without the much harder problem of voice emulation having to be addressed.

It’s curious how Alan Turing managed to predict the arisal and social domination of things like IRC, ICQ and now Skype. Back to the Turing Test, some AI people are now doing it within competitions:

At a symposium on computational intelligence and games organised in Milan this week by America’s Institute of Electrical and Electronics Engineers, researchers are taking part in a competition called the 2K BotPrize. The aim is to trick human judges into thinking they are playing against other people in such a game. The judges will be pitted against both human players and “bots” over the course of several battles, with the winner or winners being any bot that convinces at least four of the five judges involved that they are fighting a human combatant. Last year, when the 2K BotPrize event was held for the first time, only one bot fooled any judges at all as to its true identity—and even then only two of them fell for it.

Can a competition help? Apparently, Yes! It revealed that the way to tell if it is a bot is to measure its perfection:

…But it must also have enough flaws to make it appear human. As Jeremy Cothran, a software developer from Columbia, South Carolina, who is another veteran of last year’s competition, puts it, “it is kind of like artificial stupidity”.

Mr Pelling says that one of the biggest challenges lies in programming the bots to account for sneaky tactics from the judges. It is relatively easy to manipulate the game and do unnatural things in order to elicit behavioural flaws in a badly programmed bot. And if a judge observes even a single instance of unnatural behaviour the game is, as it were, over.

To me, that’s a surprising result. Obvious now that I think about it.

Maybe competitions can help because they encourage really innovative things and thinking? Can they help us at CAcert?

To this end, we recently had the bright idea that one way to get our systems to the next level in security and robustness was to run a competition to create a signing server. The idea behind the signing server is that it is basically a hand-built small computer that just does signing. That part is simple, and the obvious approach is to buy a small machine, load up Linux or BSD, install Apache, and start signing. And, that’s precisely what we do! Today, right now, as it happens. Good luck, guys!

But how to make such a signing server secure? That’s a really tricky question. Worse, it is a question with many contradictory answers, and many very expensive answers. I have a feeling that it should be cheap, it should be something we can do without contradictory answers, and it should be something we can do ourselves.

It should also be fun! Maybe, just maybe, we can run a design competition to create the design for a new-generation, open and secure signing server. Any one agree?

Recently CAcert has experienced some hardware problems with its signing server. The critical systems admin team has recommended to install new up-to-date hardware, and thanks to a donation from NLUUG (the association of (professional) Open Systems and Open Standards users in the Netherlands) to Oophaga, CAcert’s hardware keeper, a new machine has been made available to CAcert on July 20, 2009.

This opportunity is used by the critical systems administrators to test new technology and software. Thorough testing is performed on the new system before migrating all data from the old signing server to the new server inside the secure data center.

The actual migration will take place on Friday September 11. During the migration, the signing system will be out of operation for a period of period of four to eight hours. This means that CAcert signing service will not be available on Friday September 11 2009 between 14:00 CEST and 22:00 CEST. If all goes well, the service may be restored before 22:00 CEST, but we cannot predict that in advance.

UPDATE: full service was restored at 16:00 CEST, the total service interruption lasted only from 14:30 CEST until 16:00 CEST.