Der Linux Info Tag am 10. Oktober 2009 in Landau (Rheinland-Pfalz) findet wie jedes Jahr auch dieses Jahr wieder mit einem kleinen aber feinen Programm im Kreuz+Quer in Landau statt. Auch dieses Jahr wird es die Möglichkeit geben sich über CAcet, Zertifikate und Sicherheit am Computer zu informieren, sowie eine Assurance durchführen zu lassen.
Weitere Infos und die Möglichkeit sich anzumelden gibt es im CAcert-wiki.
The CAcert-Blog is now fully X509 enabled.
From never visited the site before and using a named certificate you can, with one click (log in), register for the site and have author status ready to write your own contribution.
If you only have a WoT unnamed certificate you can write your article and it will be spam controlled by the PR people (aka editors).
If you had a contributor account and haven’t posted anything yet you have been downgraded to a subscriber (no comment or write a post access) with all the other spammers. The good news is once you log in with a certificate you get upgraded to the correct status just as if you’d registered.
There is no password authentication any more. The time taken to make sure both behaved reliably was not possible in the time the admins had available.
Please ignore the big blog upgrade notice – we are using Debian security maintained packages and don’t need a WordPress upgrade.
So get to it – write something interesting.
[Edits thanks to Henrik Heigl]
CAcert wird auf der 1. IT & Business Messe Stuttgart vom 6. bis 8. Oktober 2009 mit einem Demo Point Neue Messe Stuttgart (Flughafen), Halle/Stand: 1H12-3 im Themenpark “Open Source Business Solutions” vertreten sein.
Continue reading
On Oct 29, 2009 the NLUUG will keep its Fall Conference – The Open Web.
One of the speakers, Henk Klöpping, will mention CAcert in his talk The Shameless Plug.
As it is custom CAcert wil have a boot there.
If you want to help and have successfully passed the Assurer Challenge pleace add your name on the list at the CAcert wiki.
Over at the Economist, they are reporting on how to figure out whether a bot can be human: that which we software geeks call the Turing test.
IF A computer could fool a person into thinking that he were interacting with another person rather than a machine, then it could be classified as having artificial intelligence. That, at least, was the test proposed in 1950 by Alan Turing, a British mathematician. Turing envisaged a typed exchange between machine and person, so that a genuine conversation could happen without the much harder problem of voice emulation having to be addressed.
It’s curious how Alan Turing managed to predict the arisal and social domination of things like IRC, ICQ and now Skype. Back to the Turing Test, some AI people are now doing it within competitions:
At a symposium on computational intelligence and games organised in Milan this week by America’s Institute of Electrical and Electronics Engineers, researchers are taking part in a competition called the 2K BotPrize. The aim is to trick human judges into thinking they are playing against other people in such a game. The judges will be pitted against both human players and “bots” over the course of several battles, with the winner or winners being any bot that convinces at least four of the five judges involved that they are fighting a human combatant. Last year, when the 2K BotPrize event was held for the first time, only one bot fooled any judges at all as to its true identity—and even then only two of them fell for it.
Can a competition help? Apparently, Yes! It revealed that the way to tell if it is a bot is to measure its perfection:
…But it must also have enough flaws to make it appear human. As Jeremy Cothran, a software developer from Columbia, South Carolina, who is another veteran of last year’s competition, puts it, “it is kind of like artificial stupidity”.
Mr Pelling says that one of the biggest challenges lies in programming the bots to account for sneaky tactics from the judges. It is relatively easy to manipulate the game and do unnatural things in order to elicit behavioural flaws in a badly programmed bot. And if a judge observes even a single instance of unnatural behaviour the game is, as it were, over.
To me, that’s a surprising result. Obvious now that I think about it.
Maybe competitions can help because they encourage really innovative things and thinking? Can they help us at CAcert?
To this end, we recently had the bright idea that one way to get our systems to the next level in security and robustness was to run a competition to create a signing server. The idea behind the signing server is that it is basically a hand-built small computer that just does signing. That part is simple, and the obvious approach is to buy a small machine, load up Linux or BSD, install Apache, and start signing. And, that’s precisely what we do! Today, right now, as it happens. Good luck, guys!
But how to make such a signing server secure? That’s a really tricky question. Worse, it is a question with many contradictory answers, and many very expensive answers. I have a feeling that it should be cheap, it should be something we can do without contradictory answers, and it should be something we can do ourselves.
It should also be fun! Maybe, just maybe, we can run a design competition to create the design for a new-generation, open and secure signing server. Any one agree?
Recently CAcert has experienced some hardware problems with its signing server. The critical systems admin team has recommended to install new up-to-date hardware, and thanks to a donation from NLUUG (the association of (professional) Open Systems and Open Standards users in the Netherlands) to Oophaga, CAcert’s hardware keeper, a new machine has been made available to CAcert on July 20, 2009.
This opportunity is used by the critical systems administrators to test new technology and software. Thorough testing is performed on the new system before migrating all data from the old signing server to the new server inside the secure data center.
The actual migration will take place on Friday September 11. During the migration, the signing system will be out of operation for a period of period of four to eight hours. This means that CAcert signing service will not be available on Friday September 11 2009 between 14:00 CEST and 22:00 CEST. If all goes well, the service may be restored before 22:00 CEST, but we cannot predict that in advance.
UPDATE: full service was restored at 16:00 CEST, the total service interruption lasted only from 14:30 CEST until 16:00 CEST.
CAcert will be present at mrmcd0x8h with 2 presentations and a Keysigning party:
OpenExpo, the Swiss leading conference and trade show for Free and Open Source Software, will take place for the 7th time Wednesday and Thursday, September 23. and 24. 2009 at the Eulachhallen in Winterthur / Zürich. CAcert.org is proud to be present among many other Open Source Projects as part of the Open Source Community.
Additional Swiss CAcert assurers or CAcert assurers from any country with successfully passed assurer test and willing to help, register in the CAcert.org Wiki.
———————————————————————————————————————————————————————————————————————————————–
OpenExpo, die Schweizer Messe und Tagung für Freie und Open Source Software findet zum siebten Mal statt, am Mittwoch und Donnerstag, 23. und 24.September 2009 in den Eulachhallen in Winterthur / Zürich. CAcert.org ist stolz darauf, mit vielen anderen Open Source Projekten an diesem Anlass teilnehmen zu dürfen und Teil der Open Source Community zu sein.
Zusätzliche Schweizer CAcert.org Assurer oder CAcert.org Assurer aus irgend einem Land mit erfolgreich absolviertem Assurer Test, welche mithelfen wollen, tragen sich bitte im CAcert.org Wiki ein.
CAcert’s SysAdmin team used the opportunity of HAR2009 to destroy a broken disk drive. HAR2009 is an open-air gathering of hackers, and although “hard to explain” it was ideal for this need. The disk had only been in use for a short period within the signing server, but was taken out of service because of reliability issues. This is common with today’s disk drives, and does not relate to a particular manufacturer. To get high performance, the envelope is pushed, and consequently many more drives fail than we want.
In order to be in compliance with CAcert’s policies, the disk must be wiped and then destroyed. With a newly-developed disk destruction machine MAXXeGUARD offered for free use by CMGG and Security.nl for all attendees of HAR2009, it was an opportunity too good to pass up.
All such actions are logged and witnessed for future audit purposes. The process has been photographed (see pictures below) both for the evidence purposes and to give us all an idea as to how much work goes into CAcert’s systems.
The disk destroying machine, Front view
Close-up of the disk destroying machine with disk drive
The disk drive starts his way to heaven
Shred as shred can or no way to escape the shredder
Tiny bits and pieces
SysAdmin Team Leader Wytze showing the final result
Photos by Hans Van de Looy, CAcert.org Assurer
As we know, CAcert Inc. is incorporated in NSW, Australia under the Association Incorporation Act 1984. That Act has now been updated to the Association Incorporation Act 2009, which is expected to come into effect during late 2009. Once in effect, the new Act will apply automatically, which means that any changes required will have to be aligned with our rules.
For CAcert Inc. the most significant change, among other changes is, that three (3) committee members (CAcert Board) will have to reside in Australia. Other relevant changes will come into effect as well. This gives us tasks: to evaluate consequences for CAcert Inc. and for members, and propose any changes required at a General Meeting.