 Okay, our next speaker is from Munich. His name is Bernd Paison. I'm a French, I have to pronounce it the French way. Paison, I suppose you say that in German. Normally I pronounce it French as well. Okay. He's going to present his own project of a shared cloud environment, if I correct. A peer-to-peer. A peer-to-peer. Okay, so please let's have a big hand for Mr. Bernd Paison from Munich. Okay, my talk is called Cloud Collapses. It looks like you have reached the end. That is me coming from Google Plus shutting down and then they had some hiccups right after the announcement when you load the Google Plus page, you've got an empty page and it said it looked like you have reached the end. So that's what will be true in April. You really have reached the end on Google Plus and you've reached the end on other clouds as well. So what I'm talking about is now what to do with your data. And I want to say one thing about this cloud, cloud collapse that is very commonly used for this kind of problem in the clouds. That is very bad Greek because apocalypse means uncovering. It does not mean any catastrophic. It's just uncovering. And so what we really mean when we want to say it in Greek is a Sinepho catastrophe. Sinepho is cloud and catastrophe, you know what it is that made it in the English as well. So cloud collapse is very bad Greek but it has been translated in the cloud I suppose. So that's how it's going on. So this is a pretty dark picture. There's a tornado and the lightning and the people in the cloud are here in a farm land. They're probably playing farm well in the cloud, in Facebook or so. So the tornado creates a lot of chaos and what do you do? So let's talk about why I'm motivated to do this thing. The internet is bad gateway. We have a lot of travel internet. Let's see what we have kind of political problems. Five years after Snowden we have this EU parliament. They did upload filters, link taxes and of course they want to upload filters to use to filter terrorist contents. I don't know what terrorist contents is but they seem to know. And the Germany wants a cyber administration like the Chinese CAC or CAC as we often say. That is media and if you publish something on the internet you are treated like a TV broadcaster. And that means you have to go through many bureaucratic hoops. That would be a problem if they really do it. And we have all these requests for back doors. Please back door, back door here, back door there, back door in 5G, back door in any chat program, whatever. We have a progress on the political side. The ECHR rules that the GCHQ Dragnex surveillance actually violates your right. And my project NETTO becomes more and more usable and still not finished, still not polished, still not perfect but the top layer is going on. So what is cloud calyps? What goes wrong? So clouds are failing. Here you see a bubble diagram of world's biggest stage of breaches and hacks inside the clouds. And this one starts about 2010. And there were little failures, little failures and it became bigger, bigger, bigger, bigger. And now you have each of the big bubbles is about half a billion of people affected. So yes, the cloud looks darker and darker and darker and is falling apart. What kind of cloud failing events did we have last year? Something like Microsoft bought GitHub so it's not failing but it's now owned by someone we don't like or many people like. That one was easy. You can install GitLab and Dropbox dropped the Linux client except for X4 unencrypted and the explanation is somehow weak. If you don't know that Condoleezza rise is in Dropbox management, you maybe think, they are stupid but I don't think they are stupid. This is on purpose. Facebook had so many scandals that I have a literature link, made a special look back onto the Facebook scandals. The year in Facebook, it was very terrible. Google Plus had some similar problems in their APIs that affected both users and they are now shutting it down. One of the users was me and so I thought, what to do with my data? So that started this subproject of Net2O. Tumblr deleted all porn which means there's now 1% left of the contents of Tumblr. And yes, the last one is what I just made up. You can't date on Tinder anymore because stating while it's Facebook policy. The second part is correct. Tinder uses Facebook login so they have to somehow get over that. On Facebook it's not allowed to date so when you use the Facebook login to go to Tinder and share your Facebook account and so it's probably also not allowed. So the purpose of Tinder, of course, is not to share cat photos if you have any questions about that. What are the root causes of this cloud failing? One root cause is that the ad-based revenue model is toxic, inherently. I will come to that next slide. The next root cause is the user plus password authentication. That is all these data breaches that is just doesn't work. People pick 1, 2, 3, 4, 5, 6, 7 as password so and they will continue to do so. This doesn't work. And the main root cause is your data is on someone else's computer, not on your own computer. It's not under your control. And it's under control of a big company. As you see in the federated system under a small company a small person is the same problem on a different scale. So why is the ad-based revenue model advice a toxic? So they have, first of all, they have the incentive to keep you on the side and they do that by XKCD3H6. Are you coming to bed? I can't. This is important. What? Somebody is wrong on the internet. So when you have a controversial discussion you will be engaged, you will answer that, you will comment, you will write back and forth and that will keep you on the side. So that's why you don't have the dislike because otherwise if you have a controversial discussion you just hit the dislike button and forget about it but now you have to comment if you dislike something. And the incentive is also to make you easy target of manipulation because that's what they sell is their ads and that's the worst fake news they have. The ads don't tell you the truth. The ads want to manipulate it to buy something. And they want to get a lot of information about you because they think then they can sell their ads at a higher price because targeted ads are more expensive than targeted ads and so they want to know everything about you to meet their creepy business model. Make your post about your private things, not the Tumblr and Tinder way but the private parts, the private things, the things they don't know about you easily. And yeah, the participants on this kind of social networks also think yeah, it's a good idea if the people are already weak and easy to influence, I become influencer and make a lot of money. So all this drags the entire social network seen into this ad-based business. When you go on YouTube you have a lot of influencers, maybe you don't because you go to YouTube to see a Chaos computer with your but you don't please don't go to YouTube. Go to the CCC media center. And you should be aware that this is nothing new with the problem. This is in TV, in this is very old the problem. So every newspaper wants to do the same thing with you. So obviously the centralized has problems, it has its good parts because centralized means there's good funding, there's robust hardware, there's a lot of protection against attacks. And yeah, the downside is you don't have, you give away your privilege, you don't have to give away your privilege, you don't have to give away your privilege, it's a honey pot for everybody who wants to get one billion password combinations, it's captive because it wants to stack you in and when it's not generating enough revenue, the CEO just will shut it down and all the time you invested in it, all the contents is going away. And yeah, there is a censorship problem. All these big powers want to censor something. So here in the West we have copyright based censors because our power is the people who own things. And the far east there is political censorship because their political still is more powerful. And then you have all this nipple censorship with some religious issues. And you have this toxic business model that is bad on the centralized. You can go federated, let's say you leave Google Plus for diaspora, many people do so. And it has the big advantage, it's not actually captive because it's small business operating this diaspora server. It's cheap and they don't really need a lot of money to do so. I think the plus for our people told us you need about two cents per month and the user to operate such a thing. So it's really cheap. The censorship becomes more regionally. So in parts of the world, for example in Japan, Lollicon is okay. Lollicon is a dropout of a previous censorship on porn. And the Japanese government said, okay, we messed this up. So we don't censor again because that will move the people to more weird fetishes. And just allow it. This is all fiction. It's just images painted by some artists. Nobody is harmed by these Lollicons. But in the rest of the world, there's this child porn, especially in German. So the musta done, now it's musta done a big search in from this Lollicon community because they use musta done to post their stuff. And these are isolated to Japan. You can't get their feeds on European American musta done service. So you have blacklisted notes, you have regional censorship instead of global censorship. You can't do Lollicon on Facebook or Twitter or so. That is why they came to musta done in the first place. The downside to a funding, underpowered hardware and attack protection is also bad because this are operated by small business or by private persons. And the problem of lack of privacy is the same as above because it's all public postings. And the end of life is, now it's the win of the note admin of a particular note. So if you sign up on a note that goes down next week, you lose all your data just because there may not be even an announcement when they shut down. It's just shutting down. So that possibility is peer-to-peer. So you have full control over your own note and you have privacy because you can limit who can access you. And funding is mostly development funding because operating of a peer-to-peer network is very cheap. It's you, you operate it with your own computer and you need your own computer anyhow or your own mobile, whatever. The plus-minor side is that peer-to-peer networks cannot really censor. So the plus thing is, yeah, we don't really want censorship. The downside is it attracts the people who are refugees from censorship first. And so maybe the contents looks are lollicons, or terrorists, whatever people fly from the censorship, whatever ugly things are there will come in early. That is actually a problem because that shapes the mental image of such a system to people. So when I want to make this a friendly place, nonexistent censorship can be a problem. And also the trolls, the people who, whose communication pattern is so evil that you cannot really tolerate them, they will come very early as well. They get kicked out of the other places so they come as refugees. So you really need to do this full control of your notes so you can kick out people you don't like, kick out content you don't like. Therefore the downside that you have, the upside that you have full control note is mirrored by the downside that you actually have full responsibility for your own note. What do you do on your own? There's nobody helping you as you. So what is about this taking out? Fortunately we have the article 20, you can now legally take out your own data and the big cloud providers are obliged to help you. They sometimes they provide something, lackluster and still the situation we still have is not very good but they have a duty. So if they are too bad unsaid you can talk to some official and have said regulate it. Put a bit more pressure on that. Taking out your data is important. If they want to suck in your data they have this big tornado to take your data but to get out you need help maybe from the government finally. So what I'm doing is not to owe and if you want to start have a look over this lower six layers or five layers you best go to the 31 3C talk on my home page. I'm talking a lot about the technical details here. I'm talking about the app level details about how to take in your data. Not about so much about the packet formats encrypt things and flow controls, the command language and the distributed data. A bit about that because that is needed for implementing it to our social networks. So today will be more mostly six and seven and not the other sticks. So let's start with the take out. You go to Google plus was the first thing I wanted to take out so you on Google you go to takeout.google.com settings take out and they always localize everything for you including the file names and the zip which is awful. So you select nothing only the stream data of Google plus and then you have to go through. This is HTML by default. HTML, HTML, HTML you have to change that to JSON because that HTML is not possible what they produce very ugly HTML. Please use JSON. The JSON is not perfect, far from perfect but it's much better than the HTML. So let's look at how does this JSON look like? This is a real posting and you see down here they have this unique code escapes for what's this what's this. So I decoded that for you. This is just HTML angular brackets. So what you have is you have some anchor, the URL where you find it on Google plus until April and later you won't find it anymore. You have a creation time, you have an update time, unfortunately you have no editing history, you have an author which is always four tuples. So you have display name, profile page URL, avatar image URL and the resource name of this posting are just somehow redundant because the URL has the resource as well differently encoded of course but it's the same thing. And the author that is the resource name of the author that is sometimes plain text, you can ask for your own name there or you get that number encoded in something like base 64 or whatever that is. And then you have the content that is very limited HTML because Google plus does not have so many formatting options and you have bold, you have some links in there, let's go a bit down and you have things like link, when you have a link, when you post something, I want to show you this link on the internet, you get the link and then you have all these plus ones, the people who liked your postings, they are like the author, all the details are in there, so you have a lot of redundancy inside of this data base, the chasing thing, you have to make sure that it's just the same person always. And here in this part, in this example, we don't have any comments, but normally you have all the comments, the comments that are lacking the plus ones, you don't get the data of the plus ones and the plus ones are lacking the timestamps, so you don't know when the people liked that, there's the details that are lacking that I want to take out but Google doesn't give me, so let's look at how does the competition do this, if you have Facebook, the timestamps are no longer human variables, they are just seconds, since you mix timestamp seconds, I like that because easy to pass and yeah, you don't have likes and you have comments here, you have a timestamp for the comment, I don't want to scroll, I don't want to skip, so you have your data description and the post double in this case because that's a video and it has a little, oh my presentation crashed, fuck, so let's go back to the Facebook takeout, then we go to the Twitter takeout, a treat you think is a small thing, it's just 280 characters now, maximum, but they have a very complicated way to describe the things inside the treat, so when you see the treat itself, please, the treat itself is just full text here, it's very short, but they give you a lot of metadata about that, they say who is the user ID, what did you reply to, when did you create this, where exactly is the substring you need to highlight as a hashtag or as a user ID and what's the screen name of these people, you can do make some use of that, this is not too bad, it just blows up the archive, but Google plus is much worse with blowing up the archive size, on average, every image you post it there, you get in the takeout three times on average, they don't duplicate these images, they just push them to use three, maybe four times on average, so images are big and people on Google plus often use to post images because it was a great function Google had done right, and so many photographers went to Google plus posting a lot of big images and then they do the takeout, they get the images three to four times. If you do blogging on Google, blogger is still alive but it looks like ten years ago, so they are not doing anything on their blogger and maybe they are shutting down it when they want to, I don't know why they bought it in the first time when they don't do anything new with it, but yeah, that's it, Google, so you might want to take your blogger posting out, it's not, JSON, it's an Ethernet feed, so it's XML, XML is okay, we can't pass XML easily, it has a reasonably metadata structure, not too much, I kept all the actual content and the metadata is okay, so it's not too much and the content is HTML, you have to deal with HTML, that is not a big problem as well, so what do you need to program for this imports, if you want to import the people into the diaspora you have to do the same things as I do, so you need a JSON parser, you need an XML parser, you need an HTML parser and these are all parts which are either easy to write or in many frameworks you just have them, so you need this Schema's first set, you don't want to take anything in, you want to know what you're taking in and in Net2O you need an HTML to markdown converter and diaspora, same thing because modern frameworks often use markdown during HTML and you need a download of the missing parts because the archive does not really contain everything, but in Google the avatar photos of all the thousand people that commented and plus one all your postings, the avatar photos are not in your takeout, only the screen names, so when you have the URLs you can collect them all and you can download all these avatars and what you need to do in Net2O particularly, you need to assign a temporary secret key for all those persons because in Net2O a person is identified by a key, a pub key and you don't know the real person is not importing your data, you are importing the data, so you have to assign a temporary secret key which you hand over later to the person if they join that network, so it's how then does the social network look like it's implemented in Net2O, so you have texts as markdown, no big deal, you have images as JPEG PNG, no deal at all, you have movies as MQB WebM, some deal because all those multimedia streaming APIs like GStreamer or on Android are clumsy and not the way I like them. I want to have open GL as backend, so I want the thing to render into GL texture, that is one of the easier things they can do, so it's not a big problem, if you want to embed it in your browser you need to hope that the browser supports all this stuff, usually it does, so that's what you want as data formats. In Net2O, the structure for something which like a timeline is a chat log in general, so you have a chat app, you can add entries to your chat log, chat logs can be synchronized between instances, if you have duplicates they don't get, they get deduplicated, they don't get copied, if you add new things, the chat log has a mechanism to spread that out through peer-to-peer network, so that is all there, that is working well, and the timeline just is a chat log with maybe one line of your posting and the link to a DVCS project, DVCS means distributed version control system, so like, think like good, but minimize to the features you actually need for simple things, you don't need all this fancy stuff with Git, and it has 100 different commands, and each command has at least 20 different options, now you don't need that. What you need is patches, diffs, merges, forks, that kind of thing is what you need, and that's what I'm giving you in Net2O as well, no need for big things, but small things are very important, you want to edit your posting after you did it, because usually you write your posting, you look through it, you fix all the typos, then you press send, and then magically a typo appears in the title, right in the first word, and you want to fix it because it looks really like you are stupid, and therefore you need a version control system, and yeah, so a DVCS project, how is it structured? It's a chat log again because all this thing is recurring, now it's a check-in log as the chat log, and each check-in has either a patch set or a snapshot, and it is not difficult to build that data structure. Now if there's actions on your postings, actions are typically actions to reshare, you reshare, you add a message yourself, you put it into your own timeline, so that is a fork of the DVCS project, you add another postings to it, and you put your log message into your own timeline, a comment is the same, but you kind of make a pull request, which is probably ended automatically, so you put the log message into the original project, log, and what you can do with that, you can do both, something you can't do on Google+. You can say, okay, I want to write a comment and I want to reshare that comment. Other social networks have these sort of functions where you have ready discussions or they only have the reshare function, something like Twitter where you have comments and reshares look a bit different, but essentially are the same, it's always a postings that refers to the original posting. And you probably want to have likes, so the like is a chat log message into the DVCS project without link or anything, just this one character for the sum up of a plus, what you decided to have as your like, or maybe dislike as well, because you don't want to have the people to comment on bad postings. That's how it's supposed to be structured and what's missing now? Because I'm not finished. The shutdown was announced in October and I wanted to present it here and I wrote code, but I'm not fully finished. I still have things to do. So the bike importer for Google percent is almost finished. It's just not tested with all my 3,000 postings. It's tested with a few important postings where all the challenges are inside. And what I need to write is a bike importer for the other big things like Facebook, Twitter, blogger, if you have suggestions, Instagram, maybe Tumblr, that is all not so difficult to write an importer. The formats are relatively easy to deal with. It's only that you have to put all the infrastructure in place that you can bike import these things. I want to use the avatar to display the user ID at the moment. I just take a screen name. I need a markdown renderer and Net2O, but that's what you see here is a presentation using the user interface for Net2O. So actually there's not much to do here. This markdown is very easy to pass and the rendering is already in place and works. We are movie players that need to look nice. If it doesn't look nice, the people will not post your photos on the social networks. That is one of the problems I have with the diaspora. The background maybe is okay, but the display does not look like Google Plus or polished. It needs to be polished if you want to have photographers inside. These are people who think visually have artist's mind and they don't tolerate when it's ugly. They just don't tolerate it. They don't come to you. That is why they didn't come to Facebook. Facebook's album viewer is just too ugly for these people. The key handover to contacts needs to be programmed. The infrastructure is there, but it needs the actual details needs to be programmed. And I need to mark this important key as non-trustworthy. They are not the original person, not the real person and all the content that is coming from this person is not authentic. It's coming from Google. They could have messed up with that in any possible way. You don't know. So in Net2O, every chat message, every posting is signed by the person who did it. It's authentic. That is where the good crypto system does. It ensures authenticity. It ensures your privacy because it's encrypted. It ensures that it's integrity because the hash is correct and it's authentic that it's really coming by the person who controls the secret key. But here the important key is not controlled by the person who owns that posting. So it's not authentic. It's not trustworthy. And I don't have any mechanism for that at the moment because normally in a secret secure system you know only the person who has the key can sign it. Here it's not the case. So the last part, I'm good in time. The last part is the non-technical problems. The one non-technical problem if you move from one community to another is what to do with your contacts. If you lose an oil you are in this two user Google Plus style ghost town. Now Google Plus wasn't really a ghost town but it didn't have so many people inside to look for them. But when you don't get your contacts over you are in a ghost town. You're just only you. What's the point of a social network with only one person? No point. So a related problem is how to make social networks nice places. And the ad-based revenue is actually working against that. So they don't want to make it a nice place. They want to make it a place where you are angry enough to reply but not angry enough to leave. That is a very thin limit. They have to dance on that volcano. And the third non-technical problem is how do I fund Net2O? And at the moment I fund Net2O by using my technology, especially the user interface, technology to get some contracts. Totally unrelated to peer-to-peer networks but interesting contracts and maybe I should think of some other way of funding it. I don't know. When a lot of people use it each person needs to give only very little money to fund it or maybe only a few persons need to give some money and most of the people can use it for free. That is the ideal world. I don't want to sell a big thing because that would give me that toxic kind of business model. So I'm done. You have literature and links. The most important, at least, the other one likes XKCD was embedded in the presentation when you want to know more about Net2O, you go on my home page, watch previous videos, read some documentation. If you want to know what these biggest data breaches are really, here is the link. And if you can read German and you want to see how many breaches of those were Facebook only, they're on timeline. And that's the QR code of my Net2O key in the inverted format because I had to shift to night mode here with my presentation, all slides dark. Normally that is inverted and the cameras do a better job when everything is bright and not dark. So we have time for questions and answers. Well, thank you, Bernd. Wow. Thank you. Okay. We still have about 10 more minutes. Sorry, I have to do this because I don't see against the light. Are there any questions? The mics are open. Yeah. Yeah, I think. Oh, there we are. Speaking to the mic, please go right to it like I'm doing. It's okay. Yeah. I have one question regarding the security of the node because you mentioned the security of the big central model, I must rely on the operator, on the decentralized, I must rely on the administrator of the POT, but on the small Net2O, I must rely on my own. Yeah, that's what I said. It means responsibility, but the attack vector on your side is always there. So if you go to Facebook, to Google+, your own computer can always be hacked. That attack vector does not go magically away because you go to the cloud. So on your side, I have to take care with my implementation that it's robust and secure and that you can use that as normal person without having a too big attack vector. But the attack vector never goes down to zero. Some invimate can come in and compromise your laptop first, install a key logger and the keyboard and then in the second visit, use that key logger to extract the password for your hard disk and then decrypt your hard disk and install different programs. That kind of things is totally out of reach for me. That kind of breaches that is in your responsibility, but that is an attack vector that can be done anyhow. So that is why they have this backdoor, this Trojan horses, the state Trojans they want to install on your laptop and your smart phones. That kind of thing, other people have to fight. That is not communication on the network, that is your device security. And that problem is always persistent. That does not change when you use a big cloud. It just makes it easier with the big cloud because now you have this big company which has to comply to all kinds of laws in the region. When you get an NSF national security letter, Google has to collaborate. They are prison partner, Facebook is prison partner, Twitter is prison partner, Microsoft, Apple, they all have to collaborate. But you as a normal person, you don't have to collaborate. They won't ask you. They will break into your computer, maybe you can do some things to prevent that. Other people may give talks here to help you, but that is out of my reach. And that is not changing when you change from big cloud to small cloud to peer to peer. That's not changing. Yeah, as they say. The network is not secure, but your computer is your business. Yeah. I mean, my device is my job. I have a question. How many, how big is your crowd until today? At the moment, it's all still in small development. I have a few testers. We regularly use the chat app to chat with each other. There are four to five people who are regularly. On my contact list, I have about 30 people who tried it. So it's small. At the moment, it's really small. And to stabilize that, it's okay because my testers still find bugs and send me reports and keep me busy. And I want organic growth. So I don't want to, the worst nightmare is when I'm ready in April and all of Google Plus, all 300 millions to users come in. That would be too much. So grow, slow, get the technology robust and stable and then grow organically. I don't want to be the fastest growing network in the world. That would be very difficult to handle. In French, they would call that umbrella de l'échec, embarrassment of riches. Yeah, yeah, yeah. Okay. Any more questions? The mics are open. No, well, in this case, as I understand it, you're happy for beta testers, aren't you? Yeah. So if you feel free, there's a stream. You can always, if you don't have your camera with you, you haven't taken it down. Always look at the stream. And I'm on the table right over there on the corner. Just over around here next to the stage. When you have questions to me, you don't want to talk in public. Go there. Right at the corner with the robot playing and the LED lights and just there. Okay. Let's have a big hand for Bear Paison.