 lighting talk session. I'm amazed that so many people are here. There was a lot of partying going on at night, and so the room filled up quite well. Maybe other people will come in. We have a three-hour marathon session. This is the longest lighting talk session we ever had, I think. So the first introduction is how do you do lightning talks? How to make the lighting talks work for you? This is for the speakers, this is for the audience. So how do we make the lighting talks work for you? Work for us as the organizers, and of course for everyone out there on the streaming devices and so on. It's very, very simple. All the speakers that are already here, please tell the other speakers that might come in. Please sit in the front row here. Consided schedule, mind when your time will come up for your talk. So if you see the previous speaker on stage, just prepare yourself, come to the stage manager, he will give you instructions, then move to the side of stage during the talk before your slot, and then when it's your time, get on stage quickly. Please speak into the microphone. Look how I'm holding the microphone. If I take the microphone away, you won't hear very much. Grab the microphone like this and use your trump against your chin. If you're excited and something, this always works. I'm a bit excited too and shaking and so on, and it works quite well. Please speakers, don't turn around. There are no slides behind you. This won't work for you. You have the slides right in front of your screen. You can look at your slides here and advance the slides using this clicker here. Stay calm during your talk, relax a bit, and it's for five minutes. It's quite cool to be up here and to have all the people here listening to you and just deliver your talk. Stay in time, get your applause, and then leave the stage and please leave the clicker here on the podium for the next speaker. Please everyone or a lot of speakers take it with them. Please leave it here. We need it. So next thing, to the audience, of course, be excellent to each other and watch the timekeeper. I will introduce Honky here. He is the first time on the stage for the lightning talk. Thank you, Honky, very much. And we give you a quick demonstration how this thing works. If you don't know it already, you have five minutes for your talk. The first four minutes of your talk, you will see a green light here. If you step aside as a speaker, you notice this and it advances for the first four minutes. And after four minutes are up, it turns yellow for 30 seconds. It gets up more and more yellow. And the last 30 seconds, then you have still time to bring your last slide. The last 30 seconds will be red. Honky, please advance to red. And then it's time for you to help us get the speaker of the stage. In the last years, we used this nasty sound and last conference, we decided to laudate the speaker from the podium. And so give the speaker, when the five minutes are up, give you a sign, please count with me. Let's practice this. Five, four, three, two, one. And applause. The beginning was a bit slow. Let's practice this again. Five, four, three, two, one. Yeah. Thank you. This was excellent. So that's from me. So let's get started. The first talker, the first speaker is a long time speaker. He is here and every come, come on the stage, Frantisek. Frantisek, Algodora, up for back. Please come on the stage. This is your talk. Okay. So, hello, everyone. Thank you for the opening talk. I have been told that I'm supposed to be completely natural. The first one was about what to do and how to do it well. This one is supposed to be what not to do. And just a random topic, it's a Fude Kim base. I am with Fude Kim base for nine years. So we are people who like playing with the food, drinks, fermentation, be all. We are here on the camp, so you can come and visit us. This year, basically, we have done several events already. If you have been at the Gantt at Newline, we have been there for a bit. We have done big event in Czech Republic, which is called Kvas, growing specialized information. The one I was involved with especially. This year, we do the camp here. So you can find us on the campground. We will talk in a second slide about that. And we hope to be, of course, also in Leipzig and preferably inside, if possible. So, let's come to the camp because that's now on, so it's the most hot. When I have seen the 30 degrees on Saturday Sunday, it's going to be very interesting, especially for the teardown. We are in the sector R8, if everybody knows on the map. You can find us easily by the smell, by the lights and the sign. We are going to have, again, experimental kitchen, two workshop venues, and lots of activities. You can come, for example, tonight for cider tasting. If you have booked in already, there will be krapatasting, which is unofficially a nice. And otherwise, we'll do different workshops like kombucha making. There will be sessions probably for the bread making and other stuff. So we are open. You can come and play. You can use our kitchen. It's fine. We have also some new things this year on the campground. We have finally, for the first time, a cooling trailer, which makes our life a much, much easier thing. And also for the villages around, because they can call things, which really helps. Plus, we have a bar. So, you can come and you can have some ciders and check beer on the tap. Do not hesitate. We will be there. So that would be kind of, you know, the four here. Of course, there will be probiotic drinks, because you need to hydrate yourself also without alcohol. So we have a few hundred liters of those. And just pop in. We are there. It's going to be fun. Actually, it's fun already. Now, out on what we are going to do like, you know, in the next few months, I will be personally doing cider season. So I'll be doing more cider, which you should be some of it able to taste the last season at the CCC Congress. Of course, we will be at the Congress. At least people try to be as close as possible, as we did before, hopefully in the main venue. Now, we are also taking care about the logistics, because it's starting to be a bit more demanding with the stuff, like, you know, let's say being more specialized and getting better equipment and more of it. So we are now getting our story tried and kind of improving the driving licenses and trailers and playing every event, like with one ton of stuff going in and out eight times. It's a lot of fun. Basically, if I can say one thing, the log engines here are my personal heroes, you know, every year more and more. So, you know, progressing on the stuff, we are getting, I think, more and more, I would say, semi-professional. We can come and check. We have even running water and it's warm, you know, for washing the dishes, you know. There's even a hands-up this time. So, you know, getting there slowly and steadily. I would like to therefore once more invite you to come in, see what we are doing, and maybe in the line of, you know, minute or so, we can, like, you know, mention other activities. There is, of course, you know, things like, you know, today, for example, we make a syrup. Non-alcoholic, completely fun. I have actually exercise in the morning with picking up around 20 kilos of Mirabelle at seven o'clock. There will be other stuff, you know, like, of course, we'll have one more cheese tasting. Otherwise, come, if you are interested in something, talk to us. We have still slow pots, you know, on the list, which are free. And what we are actually really trying to do is to be as open as possible so you can come and do something what is related to food, drinks, or bio, and do it in the place. So, you can do your workshops, of course. You taste your tasting events. If you are not prepared for this time, let us know. Come now and we can prepare for the congress. Let us know in advance, you know, in the workshop, come just a bit in advance. We have slots, and, you know, like, more use it is, better it comes. Okay? So, thank you very much for everything, for your attention, and I hope to see you very soon at Food Hacking Base. Bye. Thank you very much. Frantisek, the next talk up here is Chris Cray with MB2.R5OH-OT. That is excellent. So, now he said it, I don't have to do it. So, the title of my talk is, as he said, and the subtitle is, How to Help Users Choose Less Bad Passwords. So, that might be your first question. It was an article run by the Postillion. It's the German Onion News Network, and it was run in mid-March of 2014, mid-March, not first. And this is the article. IT experts name it as the world's best safest password. Even the CCC was quoted if you see multi-tell him regards. I don't know who he is. And next question might be, who am I? My name is Chris. I'm a nerd. I'm a coder. I work for the LRZ. What's the LRZ? It's the Leibniz Rechenzentrum. I like the English title better, because it says Leibniz Supercomputing Center. It has the word supercomputing in it. And we're an IT service provider for universities in Munich, and basically lots of them around Munich. That's us. Nice building with the supercomputer in the background. That's us. Very funny people. That's our fastest supercomputer being top nine of all the known computers that have been benchmarked worldwide currently. That's our boss representing at the last congress. And so you might, what? So what? Whereas I'm working for the central identity provider, the IDM. We have over a quarter of a million users, and we can set about 30,000 passwords or the others get synced in from other IDMs. Now we're getting somewhere. So of course we have a password policy for all of these passwords. And we have of course the usual boring stuff, which is use capital and lowercase letters. And we also use PONED. PONED started out as a typo. If you're really excited, P and O are pretty close together. And so actually it was owned. So it's owned. It means I own you. I have now a possession of your computer, and I can take something from it. What might that be? So own agent progress looks like this. You have a cloud, and there's data raining out of the cloud. And there's Mrs. Steantala collecting all the data. She may or may not be responsible for the data raining out of the cloud in the first place. So there we have a very long list of passwords on the black and dark internet. But don't fret. We have a hero in shining armor. His name is Troy Hunt. Troy who? He is a security researcher and blogger. He has a funny website. It's called HIBP. That stands for have I been PONED. Now we know what that means. You can check your password online on his website. That seems scary, but it's actually pretty cool and warrants a talk on its own. Maybe we see ourselves next year. And you can download the list of passwords. And you say download. Let's not do that. But he said let there be crypto. And the database went poof. And through the magic of char one turns into a very long list that is indeed published on the white internet. Magic, char one. Sorry. No time. Please ask your neighbor. So then what? Then we download the database. It's a very handy 10 gigabytes turned. We unpack the database into a very unhandy 22 gigabytes plain text. Then we write a bit of code. And we stick the code into our password workflow. And then we kindly inform our users if their password has been stolen and we reject it. So how might that look? If a user comes up with that password, that is a stupid password. And that says something about the user. It says if you take a stupid password that has been used by a million other users, it has been stolen 10,000 times already. And because it's stupid, you shouldn't be using that. If that is your password, then it's a very clever password. And it's probably your own. And you're the only one using that. And you're using it everywhere. And somewhere it has been stolen. That also says something about the user. So in both cases, choose a different password. And the only question that is left, so what about that? The most secure password in the world. Is that stolen? No, of course not because it's the most secure password in the world. And that's it. Thank you. Thank you for your talk. The next talk is going to be about digital analog TV. Thank you again for all the translation angels and subtitling angels. Thank you. Hello. Digital analog TV. Timer. Four years ago, we were given this cool radio badge at camp. And this opened the path to SDR and signal processing for me. And like one year later, the Kais computer club was celebrating its birthday and someone did an art installation with a bunch of TVs in our hackerspace. And at some point I thought, how do I get a picture from my computer onto this TV? And the name of the game is Pell. Pell is short for face alternating line. These are some specs like the resolution, the frame rate, Pell is interlaced, which makes the frame rate effect of only 25 frames per second. There are some frequency bands we can use and there's a chrome or subcarrier. What this is, I will tell you later. Basically, Pell, you could say, is a way or standard of analog encoding for video information. Pell comes out of this cable. This cable is very closely related to this cable. This you may know from your video consoles. And the difference between this cable and this cable is that the signal on the white cable is modulated, which means that it's just multiplied with a carrier frequency. So, how does a picture get onto the TV screen? And every old TV screen is a so-called cathode ray tube. You have a big long vacuum tube with a fluorescent screen and electron beam shooting onto the screen, generating a spot. The brightness of the spot is regulated by the amount of electrons you shoot. So by varying the current of this electron beam, you can change the brightness. And by scanning the beam across the screen, you can make lines. And by doing multiple lines, you can get an image. It's called scan lining and it's what all old TVs did. So what our signal has to carry is the brightness information of the spot. This, of course, only is for black and white, but we will come to color later. Also, the signal carries synchronization pulses. You need to know when to start the next line. It's like in VGA. But in this case, we do it in bands. So the signal carrying the information and the signal carrying the synchronization share the same medium. Here's the specifications of how the sync pulses should look. Also, there's so-called train pulses for horizontal sync. So you also need to know when to start the next frame. So there are special pulses telling the TV when to start the next frame. Here, for example, is one scan line or one line of the picture you see on the top left. It shows that it's going brighter and brighter and brighter from left to right. In between two sync pulses. Okay, but how does color get into this? For this, we need to do some math. As you may know, white is red plus green plus blue. This is because our eyes are built that way to receive red, green, and blue light. All screens are red, green, and blue. We can change this formula and say, white is red plus blue. Green is white minus red plus blue. Why do we need that? The things we are already transmitting the white information. We are already transmitting the black and white information. And the thing is that colored television is backward compatible to black and white television. And they said, okay, we are already transmitting white. If we also transmit green and red and blue, that's redundant. Let's get rid of green. Only transmit red and blue and white and calculate green afterwards. There's also some fancy names for that. The color information is called chroma. The brightness information is called luma. And you may have seen these characters YCBCR or YUV. That's the formula names for these values. This is the most complicated math. As I said, there's a color subcarrier. And what they do is they take the chroma information and they multiply it with a sine wave of that frequency. And so what you get in the end is the brightness information mixed in with the color information. And to know, let's skip that. I have no time. So what are the needed steps to transmit radio? To transmit videos on radio. We need to resize the video. We need to do color space transformation. We need to do interlacing and modulation. First approach, second approach. I have no time for that. Current approaches to use FMPEG and green radio. FMPEG, I have this call. In the beginning, we say which file we want. Then we say we need raw video because all TVs don't understand that compression. Then we say we want to scale and letterbox our video because modern videos are 16 to 9. TVs understand 4 to 3 ratio. Then we want to interlace. Interlacing is explained in the FMPEG documentation page. What it says is it takes the odd lines of every odd frame and the even lines of an even frame and interlaces them together and outputs them. Here we again say we want raw video and we want YUV pixel format. This is our color space transformation. Here we say we want 25 frames per second or 50 frames per second interlaced. And this just pipes it into our program. And we also can double check our image. We can write it to file and import it into GIMP, separate it, readjust it and there's our big bug bunny frame capture. It looks more daunting than it actually is and I already show the interesting bits. I use these three frame parts. In the top is the brightness and then we have the value of the blue and the value of the red part. So in the beginning, we just read it in and we add some spacing for the synchronization pulses. As I said, the synchronization is done in signal. Then we add some more padding because it's needed. Then we add the things and then we transmit it out. If you want any information, please go to the slides. Thank you very much. Those were really, really a lot of slides. The next talk is in German from Felix D. From Felix D, an event for flexible traffic systems. Hello. I'm looking forward to being here. I challenge the signal angels. If you don't speak German and you're interested in the talk and the topic, please approach me afterwards. An event for flexible traffic systems. It's about a lot of changes. We talk a lot about e-mobility, but in reality something completely different happens. There are ÖPNV solutions, maps and so on in Europe, in Germany, quite a lot, but otherwise it looks very different in the world. We have, I would say, over half of the world has no data from their traffic systems, especially in Africa, Latin America and large parts of Asia. And that's changing at the moment. And the question is how it changes, because of course the traffic systems are less formal, they don't necessarily have a clear time, a schedule, a women's plan, which we are used to at least here. That means we need new approaches, OpenStreetMap is cool, OpenStreetMap probably everyone knows, that's the Wikipedia of the cards, you can edit and then the whole thing turns around, you have an editor and everyone can participate. A lot of people participate, because of that there is a lot of data, there are a lot of people who actively work on the project and also take up ÖPNV data, and above all in the global south. People can do that themselves, they do that in cities partially, they do that in different ways from NGOs, much more diverse than it might have been used here. Here in Nicaragua we have such a map, with the data you of course want to do something, so you give it to a GTFS, it has cool apps that you can use, the other people can use, the government may participate, and everything is cheerful, in this case the first ÖPNV map in Central America. OpenStreetMap also takes out some of the time components, because of that the whole thing becomes less complex and we can really use it everywhere in the world without creating any large applications, create cards, record the data and have direct solutions that help us. And as I said, that's all the beginning, in reality the ÖPNV is a bit different and I call it semi-formal or alternative. Often it is based on frequency, so maybe the time is not really that important or you want to keep it different. There are many other stops, the areas of, well, all the routes where you can keep the bus, as you need it, so demand driven, and of course there is a much bigger kind of transport media than we are used to it. For this reason we are working on an expansion of GTFS, that is GTFX Flex, which mainly goes in the direction of demand, so I keep a bus here or a certain transport media, or I have certain transport media that I bring somewhere, very different types, depending on where I have to go, different routes that can also change at certain times of the day. If you are interested, talk to me, look at the website, we are currently in an evaluation time, we want to have feedback, we want ideas and we want people to participate, because right now, here in the world, something is really happening with ÖPNV. Thank you. The next talk, do you hear me? The next talk is going about to be do-it-yourself brain hacking to C in 3D, which is a bit interesting to hear. I am a bit afraid, but we will see. Thank you Ben Sina for entering this talk. Thank you. Hi, I am Ben. Oh, where is the clicker? So actually last year I gave a talk at Christmas about hacking how we see, about eye skills, which is, was demonstrating how you can use virtual reality environments if you have lazy eye to straighten up your eyes in C in 3D. And this project has continued and it has become more and more complex and larger and larger, and now it is composed of these five sub-projects and it has become clear that we need a dedicated lead for each of these. So I would like to tell you something about them, because perhaps some of those leads are sitting here in the audience. The first part is about personal experience, to literally see what is possible with your own eyes, despite what your eye doctor might have told you. So this is a take-home app, sort of 10 minutes a day of training. And by the end, you should be far enough that you have the vocabulary and the knowledge to be able to speak to your doctor on an Algoner. The second part, you know words are good, but data is better. We need to be able to objectively see what is happening to the eyes so we can understand which techniques work best for who. And to do this, we have created an open source, open hardware eye tracking headset which folds up and fits inside a Google Cardboard second generation for a handful of dollars, rather than hundreds of dollars. So this gives us access to some really useful information, but it's no good unless we can get it into the hands of lots and lots of people which requires manufacturing. And how can you manufacture something locally and affordably? Well, this is my primitive little prototyping setup with a cheap laser cutter, 3D printer and a Ninkjet. And what I would really like is a fireproof cabinet with these things stacked vertically and much better automation. So that an enterprising entrepreneur, anywhere in the world can take this blueprint, create this from the design and just go to clone it with demand. So at that point, perhaps you're reaching lots and lots and lots of people. And this has always been the end goal. It feels like there's feedback. I'm sorry about that. The end goal has always been to push on the science and to change medical best practice. And to do that, we want to harness this reproducibility crisis, which is rocking science. We want to turn it into our ally with open data, which means that all of the experimental data is openly available and nothing is hidden from view with open source so that researchers can modify these frameworks to challenge their hypotheses, to answer their questions. But those changes are stored in the central repository and don't go anywhere. They persist to make it reproducible. So every single piece of data is tagged with the exact build that created it. So researchers can take the same build, experiment with different cohorts, take different cohorts, experiment with the same build. And finally, this citizen science aspect. Can we get cohorts in the tens of thousands producing data each day rather than the current state of the art, which is a couple of dozen people coming to a lab once every few weeks. So obviously, this is quite ambitious and it's going to take quite a lot of money. But closer to you. Closer. Okay, I was trying not to make it so loud. Yeah, we have sources of ethical funding that we've identified and we're quite far along. But that's another whole project in its own right. So here I'm really looking for somebody who's an excellent communicator, somebody who can deal with individual investors, institutional investors and things like crowdfunding. So finally, this affects a lot of people around the world. There's about 400 million people out there right now. And this is an interesting opportunity to build an open business, one that's really doing something worthwhile. My passion is not building businesses. So if there's anybody out here who has a proven record in building businesses and you're not greedy and you want to do something worthwhile, I would also love to talk to you. So if this has interested you and you'd like to learn more, then please come to the workshop tomorrow in Goldberg. Thank you very much. Thank you very much for that very interesting talk. The next one is Maus Robertson with Summit of October 2019 International Uprising. Just give me a minute to start the slides. Hi, this is something bigger. This is something much bigger than myself. And it is completely not about me. It is about the international uprising, movement of movement, extinction, rebellion. So the global change, the climate change, the global warming, has been known for more than 100 years. There were these scientific papers in 1911. And what is different now that ExxonMobil was engaging in a fake news disinformation campaign. ExxonMobil once upon a time was the most valuable company on the planet and they actively engaged in the fake news campaign. What is happening now, this is completely new. It wasn't happening a year ago, but the climate change now is so visible that arctic is on fire. There is Albedo effect that this ice does not reflect heat. The water absorbs the heat. All these models are getting out of hand. So many climate refugees. That this is not only an environmental issue, it is a national security issue that collapse of the society. So what do we do with it? Because this message is very bleak, it is hopeless. However, due to non-violent direct action by going on the streets, by going out there, as citizens, normal, regular people, people who attained this knowledge, we can tell the government to tell the truth. So no longer fake news, no longer propaganda and pushing one message or another, but hey, tell the truth, tell what is the situation. The second point is to act now, because we need to act now. We need to lower down the emissions. And the third point is that this is not a political movement. We don't want to acquire power, we just want to get work done. So these are the three guiding principles. There are also 10 major rules. I'll just click quickly. This is, these rules just make sense. They are simple, they are easy to understand. I can intuitively relate to that. And Extinction Rebellion is a movement of movements. International movement of movements, decentralized, no leaders, everything transparent, in public, open source. There are so many feedback mechanisms. And it originated in the UK, so it is happening. And this date, the 7th of October, will be probably one of the biggest uprisings in the history of the humanity. It happens once in a generation, maybe once in a century. There was a 4th of July, the US declared independence. And I think that it is possible that we will protest as long as necessary. That we will just go on the streets, we will build this type of camp, but not in the, you know, Granze, Siegel Park. But we'll go to the major square of London, Parliament Square. And we will build the camp, and we will do this as long as necessary. I think that this is one of the most important dates in the history of the humanity. And there are a few things that make me think that this time is different. For instance, around 70 years ago, there was the nuclear weapons. That was a game changer. 50 years ago, there was an Apollo project, Man on the Moon. That was a game changer. Around 30 years ago, the internet became, you know, WWW. Internet was a game changer. 10 years ago, you know, a blockchain, Satoshi Nakamoto, white paper. This is a game changer. Now Elon Musk is flying to Mars and establishing a new civilization. But until then, we have only one planet. The things are getting out of control. And now us, people, citizens, hackers, now we have the potential to tell the truth, act now, and it is completely non-political movement. We are here to get the job done. Thank you. The next talk is going to be from Michael Stapelberg about this tree, a Linux distribution to research fast packet management. Hello, everyone. Okay, so my name is Michael Stapelberg. You can reach out to me on Twitter if you'd like to discuss any more of this. My observation is very simple. Whenever I install a package in any of the bigger Linux distributions, it takes a really long time. And if you pay attention to the slide, you can see that even for installing like a couple of kilobytes of Perl script, I need to transfer like 100 megabytes of data and wait 25 seconds. And this comes out at a data rate of just like 3 megabytes per second. And this astonishes me, given that my computer is easily capable of processing many gigabytes per second. So where does this discrepancy come from and can we do any better? So in the distry Linux distribution, you can install that same package that you just saw on the slide before in just 0.1 second. And even for larger packages such as the QMU package, which comes in at like 500 megabytes, you can see that the installation rate is 100 megabytes per second, maxing out the gigabit link that I was using here. And it takes only 4.5 seconds to install QMU. So how can this distribution be so much faster than all of the established distributions? The first key idea is that we use images as the package format instead of archives. So instead of having like a tarball or a CPIO archive or anything like that, we use an image format such as SquashFS or CD images. It doesn't really matter as long as you use an image format. The big advantage of using an image format instead of an archive format is that you don't need to do any unpacking. So you don't need to first load something onto your hard disk, verify the signature, and then extract it again. You can just immediately mount it after you have downloaded it. And it turns out that downloading a file from the internet is a thing that we're really good at now. Like we can do it maxing out even fast links. I have in fact tested this with a 100 gigabit network card and I can achieve package installation speeds of 12 gigabytes per second. The other interesting side effect of this is that when you use images for your packages, you can set up a package build environment such as like change routes or P builder or whatever else you have in the established distributions in merely a fraction of a second and this takes many seconds in other distributions. Further package installation, which just means adding something to the package store, is actually atomic. So you don't need to use fsync to synchronize disk access to your local disk. You can just restart afterwards and there's no breakage. The second key idea is that we use separate hierarchies. So you can see that each program is available under a relatively long path, which starts with slash RO for read only and then it's followed by the full name of the package including the full version number. So that means that all of the packages that we have available are co-installable. So you don't have any conflicts at installation time, which also means that we don't need to do any dependency resolution at package installation time. The rest of the system is laid out as usual. So you have your slash etsy for config files and slash bar cache, et cetera, et cetera. And then the last key idea that I want to present here is exchange directories, because it turns out that programs, if you install them into separate hierarchies, they still need to sometimes exchange data using well-known paths with each other. Two examples for this are the MAN program, which shows, for example, the Nginx MAN page by locating it within user share MAN or GCC, your C compiler, which needs to access the header files of libUSB if you want to link a program against libUSB. The prudent approach that we're taking here is that we're emulating these well-known paths. So user include jpeglib.h can be read just like a normal file, but in reality it is a sim link to the package store. This design decision means that we are entirely compatible with third-party software or third-party sources that have not been yet packaged for distry itself. So you can just download your favorite program from the internet, be it Spotify or Chrome or something that you need to compile yourself and you can just run it on distry. So about the project, it is meant for distribution research. So the idea is that I'm setting a bar. I'm setting the bar very high. Like this is the minimum viable thing that you can use in order to have a working Linux computer. I'm using this on my laptop for many months now. It works just fine. Like I can watch Netflix, I can run Chrome, like all of the usual stuff that you want to do with the computer, no problem whatsoever. I'm not looking for any users or contributors. What I want to do is put a little bit of public pressure on the existing distribution package managers and really ask these maintainers, why is it so slow? Can you use any of these ideas to make it faster? So you're welcome to try it out. We have easy instructions for how to run it in QMU, for how to write it to a USB stick and use your computer from a USB stick, for how to run it in virtual box. You can run it via Docker or Google Cloud anything goes. And if this interests you at all, if you have anything to share, anything to observe, any feedback or just want to talk, I'm very happy to talk about this at any time. So just find me. Thank you. In German as well. And the next talk we'll be in German is from Bettina, 25 Jahre Internet für alle und dann der Ping EVO. Just give me a minute. Yeah, hi. Just like you said, it's in German, but if you want to learn more, you can talk to us in English later. We are more of a local interest. So, yeah, hello, I'm Bettina from Ping EVO. And hello, I'm Dredgit from FOSSAG, but also active at Ping. And yeah, we're going to tell you something about Ping EVO. What is that? That is the private Internet user community founded in 1994 by students of the University of Dortmund. And our main goal is the development of education and science. That's what we do mainly these days, further education events around technology and the Internet in the future. You can see our early years here. So we've been hit very often on the Hobbitronic Home. That was a screwdriver fair in Dortmund, but also on many others. We made it in time. And yeah, it was a lot of fun. We put in a lot of engagement. How did it all come about? We thought in 1993 that we wanted to get into this Internet, but back then we didn't have anything. There was no Internet here, there was nothing, so we said, well, then we'll do it ourselves. We'll be a provider. We'll buy the hardware, we'll build everything up, we'll create access to the Internet for everyone. And that's why we founded the Ping EVO in January 1994 as a community user association. And from the beginning, we had an initiative to connect the schools to the Internet to show them how it works and so on. That was great for a few years. Then in the late 1990s, the big crisis came, namely, there were things like online, which were faster and better and somehow even cheaper than us. And we all became older, we had full-time jobs, we suddenly had families, and somehow the whole time went away, which you had as a student, what do you do there? Yes, we said to ourselves, well, we're now doing more on further education, less as a provider to interest people and also people outside of the association. And at some point we decided, well, our selection department no longer needs a person, we're shutting them down. And we're now only doing further education and other activities that you'll see here a little later. Here you can see our members' development. So, as I just said, first of all, a rasant success, so until about 1999, we were up to 1,600 members. And just as quickly it went up again, as the people who only used us as a provider noticed, oh, there's something else better. And the idealists stayed there and the ones who find the ideas overall good. Here you can see it on such a strange click in December 2005. There was another association, which was just like us, a little smaller, the PRIMA EV. And then we said, well, we're closing together now, we're merging our resources so that we can continue to vote with fewer members. And as you can see, we're just shaking very slowly, because, as I said, the idealists will stay there and someone will also come to us with a further education. Here you can see what we've driven. That was a very cool day, but still just in 1940, when it was shut down. We were nominated in the initiative Wege ins Netz from the, what is it, the BMW? A science. Well, it was definitely a pretty cool thing. And that's it. The dreaded will now tell you what we're driving today. Yes, as Bettina has said, we are now very active in the further education and we have a very nice association and we also have the opportunity because, for example, the local press is often published, also to reach people, which is usually not reachable at a Hexbase. So we also offer loot workshops, for children, from very simple buildings to more complex things. We have, for example, the Dunky Car project. Do you know one or the other? It's a Raspberry Pi that is autonomous. The vehicle, the mobile vehicle and the Dell vehicle are controlled. We have built up a small track with our VR meetups that also show examples of what you can do with virtual reality. And it's just a small trip from all the things we do. Workshops are a functional program or functional, should be called functional programming. We also do a make-up fair. We take part. We do open source software alternatives to, for example, image processing with GIMP. We also have, especially when we reach a few seniors, we also offer special benefits for the security in the Internet, browser usage, cell phones. Then together with the FOSS AG, there are also such nerd evenings where we sit down together, do some cooking, snacking and do some more difficult topics and are still very active. And now you can see a few pictures of our server cabinet and that's the squad from before, how they were very active. But as you have now seen with the members of the numbers, they are shaking with time. And that's why we are here to hope that we can still inspire one another who comes from peace, from Bochum, Dortmund or the corner and would like to maybe join us. Exactly. And you can find us near the University of Dortmund still in Eichlinghofen. We have a beautiful club that wants to be filled with a lot of life again. And if you want to join us or if you maybe have a club or an initiative yourself and want to exchange with us, resource bonds, whatever, contact us. Thank you. We have automated ground control points for drones. Is Quanten here? Yes. Hello. Hello. Yes, I'm Quanten and together with Andreas Honeck, we did a project where we prepared it. We did automatic ground control points for photogrammetry. So when you have a drone and you want to make a photogrammetry 3D model of an area, you have to deploy ground control points to get a reference 3D model out of it. So normally you deploy these tiles there on the ground, take a GPS device and measure their position. Then you can fly your drone over it and take photos. And afterwards, at the computer, you have to mark these ground control points in the picture. Say this is ground control point number five and has this coordinate and you have to click it in every picture. And then you can let the computer compute the model that's a complicated process, but it works and then you get a fancy 3D model. But we are lazy. So why we have to mark these ground control points? Computers can also find things. QR codes. The computer can find them so they can find the position inside the image and they can also extract information out of it. So we don't have to say this is QR code number five. The computer knows it itself. So we have created this QR code format. We use the highest possible error correction within the 25 by 25 pixels and we use the upper left marker as a reference point. So the middle of this red box is now our coordinate. And we have created an old sheen to make it really universal. You can encode in your OSM ID so you can even pave it in your parking lot and create a code and say this is this position and create an OSM node so our software can identify it. You can use the local ID that's what we are using here on the camp. So when you're placing the QR code for a short amount of time and then you can create in tableware as a lookup tableware the ID and the coordinators associated. And you can also hard code coordinates. So when you have this chronicle points this is a plane that we printed out and this we will have here. You have to deploy these QR codes anyway and you have to measure their position if you're doing it yourself. Here on the airfield we will do it for you so you can skip both points and then you can fly your drone and take the photos and then there's a cool part. You can let the computer find the QR codes so you can say there are images find the QR codes and then you get a table for the drone mapping open drone map for example software to find these QR codes and then you get a wonderful hopefully wonderful Q reference auto photo and 3D model. So we want you to participate in this if you have a drone and want to fly here fly over the airfield it's down go to the Haver and then follow the sign to the airfield and take photos. I will deploy these planes we have six QR codes that we will play there right after the stock and when you're taking photos or using software please post them on Twitter with the hashtag CCC camp map. We still have some things that we have to implement in our software so if you want to code some Python have a look at our issue tracker or come around and you can code together if you're interested in any of these topic if you're interested in drones in imagery in photogrammetry just also come around and talk. You can find me at Carlsund Andreas Hornig is not on the camp but you can contact him on Twitter also me I have a deck number so also an email address and we have the wonderful domain OSM.to where you can find the links to our project page we have a camp Viki page and we also have a Twitter account where I will announce when the QR codes are laid down and measured out. One last thing maybe I also doing a project about high precision GPS that I will also use to measure in these QR codes so if you're interested in high precision GPS real-time kinematics you can also come around and we're really up. Thanks. Thank you Krampen for the cool talk for the next talk unified alpha by Pippen brace yourself for some heavy formulas is Pippen around here yeah welcome to the stage hello I'm even Carlos or Pippen and I'm one of the GIMP developers this is going to be a talk about pixels but it's mostly going to be screenshots of my terminal I want to talk about unified alpha unified alpha to explain what it is it's the combination of straight alpha and premultiplied alpha these are two ways of representing pixels in images and what people are most used to is what is called separate alpha where you have a red, green, blue and then an alpha component each of them storing a number and each of them are completely separate from each other so the red only stores red and the alpha is only about how opaque the pixel is premultiplied alpha you scale each of the components by the alpha so I have two columns there on the right hand side we have some concepts rated to premultiplied the reason we want premultiplied or associated alpha is that the mathematics for compositing that is putting two partially transparent images on top of each other is a lot simpler with premultiplied or associated alpha it becomes exactly the same math for all of the components and we can easily do it with SIMD or on a GPU instead of quite a lot of computation it's like one and a half time as many arithmetic instructions the conversions between each of these representations is traditionally done this way to go from straight to associated you multiply the red component by alpha and for all the others and for going the other way around and we get into a problem because we were multiplying by alpha and to get back the original color component we would have to divide by the alpha and if alpha is zero we have undefined behavior and the traditional way to fix this is to just say that well if it is zero it was probably black which means that associated alpha cannot store color information for transparent pixels here's an illustration of kind of what's going on if you go from straight alpha to associated back to straight on the top and the bottom of this set of values shows that we just get black out and there's a similar thing going on if you go from associated to straight to associated all of these examples store pure white as in 255, 255, 255 or 111 in the color components and you see in the bottom example where alpha is zero we don't get back to our original result and this is some more information about these representations associated alpha can store emissive information that is values where the RGB components are higher than the alpha and this is useful for compositing things like fire or lightsabers the actual problem we have here this is a plot of one divided by x the actual problem is that as we are approaching zero one divided by x approaches infinity and in integral positions that just means you blow out all of the data we can store in floating point however it's a little bit different because the precision of floating point is actually really really high close to zero so it mostly kind of work apart from the special value of zero and I spent a few iterations on how to approach this and what I've ended up doing is saying that every value that is smaller than a threshold I treat like the threshold so there is no zero and this is the actual code I do for limiting it so if alpha is bigger than one divided by one to the power of no 65536 then I just say that well that is the value of the alpha here so this is my computation of straight alpha to associated unified alpha and it's the same computation as earlier but I first limit the alpha I store the alpha directly as it was and the corresponding conversion becomes simpler I just can divide with abandon because I know it will never be zero and why this particular value well if you multiply by a power of two or divide by a power of two in floating point and the power is not really really high you only change the exponent not the significant so it means that it is completely symmetric to go back and forth between these two representations and we don't lose information and in Gimp this means things like you can blur an image and use the anti-erase feature of the erase tool but it also means okay thank you very much very very sorry for interrupting but we have to stay in time here and it is a long session on the translation translation angels are really sweating in their box there and we are very happy to have them here so please give a big round of applause to translation angels the next talk is from Dorota let's talk about suffering hello my name is Dorota and I would like to talk about suffering where's the clicker is this one so suffering is a bad thing I am sure that most of you do not like to suffer and I'm also sure that you do not like to see others suffer so suffering is kind of evil but how do you measure evil death is kind of something that we can measure it's quite similar to suffering so I have a riddle for you how many deaths from nuclear power are there resulting for every gigawatt hour of energy and for some help there is also the number from coal any guesses okay you don't know yet but I am going to tell you so here's the answer it's 40 it's 4 000 less and for comparison there is a number for hydropower nuclear power just happens to be the safest in terms of death or the lowest in terms of death okay of course those numbers might be disputed but like the difference is so huge that you cannot ignore it but what other things cause suffering so like there is factory farming and there's 50 billion million for those who are not using the american system 50 billion american animals killed per year for human consumption and like what kind of questions can we ask did they enjoy their lives what do you think maybe not how can we actually find it out or is it even something that we should worry about there are other things that we could worry about like artificial general intelligence I wouldn't like for a paperclip maximizer to turn all the world into paperclips or global warming we had to talk about this already bioweapons global poverty those are things related to suffering and this is where effective altruism comes in those things you have seen on the previous slides are one of the things that have been identified as important for reducing the suffering and this is what effective altruism tries to evaluate what kind of things are worth acting on how to act them and basically we have the methods which are rational scientific informed data driven which ensures that we are effective and we want to prevent the suffering and make the world better so it means that is altruism and if you do not like to see others to suffer then you are also an altruist you can learn more about this of the effective altruism website or 80,000 hours there is no really centralized place to learn about it this is like more of a loose community of people who have the similar values and therefore there is also an EA hub where it just lists a lot of local groups there might be a group in your area there are about 40 groups in Germany alone there's one in Netherlands as far as I know there's one in Finland and you of course can talk to me if you are more interested in the topic I am usually hanging out around KS West thank you thank you thank you very much for your talk please all speakers try to hold the microphone just like this hold it in your right hand and this is about the right distance with your thumb thank you very much so the next talk is going to be about teaching IoT with open hardware in Github and Classroom by Thomas Anberg thank you for being here thanks for the introduction and hi everybody I'm a software engineer and maker from Zurich and last year I started teaching IoT engineering to bachelor students at an applied science university this talk describes my teaching setup the slides are on Twitter at Tomberg here's our IoT reference model devices with sensors and actuators connected to a back end allowing physical and virtual interactions the course is hosted on Github and covers the software aspects of IoT systems including firmware, connectivity options, transport protocols data formats and cloud platforms we chose hardware that is easy to get started available, well documented and open source it has a big online community for Google ability and supports Wi-Fi, BLE or Loro one we use the Arduino IDE and Python is still an option it's an ESP8266, no surprise and an NRF52840 for Python both with the feather footprint and growth sensors there's a growth to feather adapter made by Seed and as a gateway we use a Raspberry Pi 00W to provide starting points and reduce redundancy I added a curated wiki so only I can edit it we also have a Slack which the students use to ask questions and help each other for Loro one we use the RFM95W feathering it needs some hardware tweaks so I made a little patch PCB still works, good it's available on the wiki and to collect issues with hardware example code or slides we use Github issues that's not a surprise to developers but for teachers it might still be new so students can help fix the slides a specific issue we had was using the ESP with the growth adapter it turns out you need to pull up a pin and this can be done with an additional resistor you've seen that the core slides are on Github but what about the hands-on part to provide a repo per students per assignment we use Github classroom each instance of the course is a separate class and contains assignments we had an assignment per hands-on exercise and a group assignment for the final project creating an assignment results in an invitation link this classroom project is open source by the way and the URL can be embedded into the hands-on repo and instead of cloning or forking the repo this link creates a deep copy the advantage is that this deep copy is private and you see that the URL has the students Github name appended so you know who is who and yeah the students work on these repos and push their results only a teacher can see the repos unless they make it public and as Github grants unlimited private repos to educators I use a separate repo per class the setup is detailed in our meta repository check it out the slides are all linked and that's it for me thanks for your time interesting talk and all speakers it's quite normal to be nervous when you're up here it's just relax it's your time take your time and the next one is Mario Belling and is talking about Susie AI hello I'm actually not Mario Belling my name is Michael Christen we wanted to do this talk together but now I'm doing it alone so I'm talking today about the nerd stream the nerd stream is talking to a computer and the computer will not only answer but maybe also solve a problem for you and actually there are now a lot of devices which do something which looks similar like this they are commercial applications and they are meanwhile in many households but there's no real completely open source personal assistant which can fulfill the same expectations as these devices so that's what I'm talking about today and because these devices are not only a nerd stream it's also now going to saturate the families all over the world we should do something about the privacy problem with these devices because it happens that exactly the nerds which had this stream in the beginning are not adopting the idea because they want to have a device which is which is private and keeps your privacy and doesn't talk to a cloud so that's what we are doing and that's what we need we need a privacy respecting assistant framework so this is not only a chatbot it's a whole framework of things and with a lot of people all around the world we already worked about two years on this problem the first Asia community has helped a lot there and a lot of contributions had been made to the whole ecosystem of things which addresses a lot of conversational applications so this is such a big task to do that we want to solve this problem not only with algorithms but also with a large community and therefore I'm addressing you all in this talk to participate in this approach and we have some examples where this kind of approach was very successful one of them is the example with the Wikipedia and the Wikipedia made it very simple to contribute we learned also from other kinds of open source projects and we all bring this together to fulfill this big goal to create a machine which can answer to our questions and our advantage is that a lot of dynamic webpages are now providing JSON interfaces which we can just take and take information out of a lot of webpages to make skills out of it so that's our approach and for this we need a big ecosystem the ecosystem looks like this we have already a smart speaker based on Raspberry Pi and a good microphone but we also have all these apps an Android app iOS and also a web chat application it's not only able to answer questions with text but also with pictures audio, video, crafts, pie charts and so on so what we did is a big repository where you can put in skills and we made it easy to make the skills so if you go to suzi.ai you see this repository you can learn by example click on any of these examples and then you see how the skill language works so with the skill language we'll be doing something similar like wiki code so if you want to create a web page in the past you had to learn HTML but with the Wikipedia it was easy to make it with wiki code so our code is the language of thought and if you click on that small i on the top right corner you get an explanation what kind of syntax you should use so this is what we want to do and we want to do it with a big community and we are now at a situation where we want to reach out to all of you to help to make a lot of skills so we can compete with these commercial applications and make an open source version which is privacy aware and doesn't get into the privacy of the people so we have a workshop tomorrow at four o'clock please come to the hack center where we teach you how to make skills and please go to suzie.ai and just click around it's a fun thing to do thank you please take the microphone down with you to the internet and leave the clicker here the next talk is batch magic like this please hello everyone my name is homfufdeng or hbdeng if you want to find me online so i'm going to talk about this name tag that i'm wearing right now we call it batch magic so what is it basically a usb power leg batch as you can see you can access it through bluetooth but the funny thing is you don't need to pay your device to the phone in order to change the text we develop an open source android application that allows you not only to write any text but also add different effects and click as you can even draw um on the app so um just a little bit back throughout of the project we found this device in the electronic market in shenzhen china if any one of you haven't been there they're all kind of gerics but you can find and uh the batch came together with a very simple android application and also ios it looked basically like this what you see on the screen it's not so nice and it's also closed source they're also very limited text and effects but you can do and there's a mix between different languages our community we want to to to build something different we want to make a cooler app but again the the circle is not open so some of the developer in asia try to look into it as we we plan to build something new that can send different messages and send different effects to the device and here come the beauty of open source while we try to figure out what is the communication protocol that allow her to to talk to the device we found someone on the internet or they hacked into there's a few last year so and so basically he used a wire shack in order to inspect what's going on under the hood and this person was so kind to publish all he fighting online i don't know if he's here today but if goji marshaling if you are here thank you very much for your work based on this work we develop the new application that now available on app roy and also Android of course now you can do all kinds of stuff with this batch and at the same time if you want to add in new effects or want to do something more with the application you can do so the code entirely open source these are the qr code you can scan it and get the app to your phone and again this project is developed by the force asia community we started the community in 2009 not so long ago only about 10 years so the whole idea and beginning it tried to foster open source education in asia and engage more asian contributors to the whole open source ecosystem batch magic is only one of many projects that we working on you can find the code on the force asia github our developers are actively communicate on the github channel they're also all the github channel of different projects so the thing that i want to emphasize here it's not only the app that we so proud of it's not the product but the journey how we come up with this whole thing and then this project allow a lot of young people to get engaged and work on open source technology so we introduce this to the school and the doctors of student got excited and want to learn more okay how they can dry android application how they can contribute to the community and this is the way we want to go so what next now we have the android app we're working on the ios as well and we want to add more device into batch magic we are still working on open up the hardware of this batch and create our own open firmware and hopefully to be released in the the upcoming months if you want to learn more about us my share already mentioned earlier in November in sunshine we organize her open tech summit where we invite people everywhere to come to us we can connect you with hardware producer in sunshine and learn about the open source community in Asia we are enforce them every year and in March we have the annual force Asia summit in Singapore March 19 to 20 second in Berlin we also have the open tech summit Europe happened every year in home of us if you are proud please come join us you can find the batch the application online and I also have a few here if you want to check it out come to me and all you want to hack it and release the hardware come to me at the end I will be also at the workshop up to see tomorrow thank you thank you very much thank you for the talk thank you for the talk the next talk is going to be hold by Jens Olich which takes his presenter with him and it's about digitalization and cyber are the two sides of the same coin have fun hello my name is Jens Olich and on the internet I'm known as Yule I want to talk about European politics and how fascinating it is and I've chosen one of the best quotes I've heard in the recent months digitalization and cyber are two sides of the same coin let's examine this quote a bit more on July 16th we got a new president of the EU commission Ursula von der Leyen a German politician her former job was the German minister of defense but you might know her from 2009 where she got the nickname of Jens Ursula because she was the only the first federal politician to introduce internet censorship on a federal level in Germany it failed horribly and some of you might have thought wow this really does it this breaks this breaks it for me I'm now doing something political significant I'm going to join the pirate party now it's 2019 she is still politically significant the pirate party not much so but she is now she has now moved to Brussels although yeah she now became the president of the EU commission she was confused about her job earlier she thought that the council of the European Union nominated her that's what she wrote in her favor letter to the armed forces even though it was the European Council that's a totally different institution now council of the European Union European Council many people confuse that but most people who confuse that don't apply for that job so she had some time to prepare for her job so she wrote down her agenda a union that strives for more and published that and there were lots of interesting quotes in that paper especially when it came to the part that was about digital politics she said to lead the way on a next generation hyperscalers we will invest in blockchain high performance computing quantum computing algorithms and tools to allow data sharing and data usage yeah blockchain and quantum computing check but no mention of open source open data she also said in my first 100 days in office I will put forward legislation for a coordinated European approach to the human and ethical implications of artificial intelligence that's super ambitious actually so in February she wants to have a law presented on ethical AI but there is no consultation process even started yet I would say that's not possible that thing but the real kicker is this wonderful gem of a quote digitalization and cyber two sides of the same coin what does that even mean it sounds like straight out of science fiction story cyber what does it mean maybe the french-speaking people in the room would say yeah that's because English is not the best language for international communication we should stuck to french the the language of international diplomacy but it doesn't really make more sense in french either the numerations and the cyber space are the two sides of the same coin what does she actually mean by that it becomes a little little little more clearer in the german where they talk about digitalization and computer and network security are two sides of the same coin so it is about cyber security so that kind of cyber we are talking about we are not talking about cyber um I don't know as a aesthetic movement where you wave around neon tubes a lot we're talking about cyber security and that phrase struck me as a little odd so I went searching where does this odd phrase come from let's ask google and I find um many results that have something with zeemans.com a chat street actually they are seem to be the only ones who are using that they even had an interview why is digitalization and cyber security two sides of the same coin interview with zeeman ceo jo chesna of course she didn't prepared herself it was written into that document by someone and it is just an incorrectly shortened zeeman's slogan digitalization and cyber are two sides of the same coin it's not a mysterious phrase after all thank you very much that's all I have thank you very much thank you thank you thank you thank you for thank you for your talk I'm very excited for the next talk because I do not nothing about it but its speaker please greet wukami wukami for introducing deep hello hello it's about I'm wukami I live in brussel since five years now and the talk is about I would say the experience that I had over the last five years being involved into EU politics and it's like it's like like we keeping that space for a moment longer so what I learned over the last five years basically think that I also connected to what Jens already said it's a language so we often like as technicians when you are when you are involved in policy things it's very often about the difference of meaning in terms let's say for example if a politician or a social scientist or political scientist talk about algorithm what they mean is basically yeah like a a synonym for for automation while a technician or like an engineer and another algorithm is a solution so it's a completely different thing that we are talking about so why does it matter it matters because policy is all about expressing ideas and trying to change for the good and I what I learned as a good thing in Brussels is that I have the feeling that everybody wants to do the right thing so yeah Brussels what what I learned over the last five years in terms of influencing EU policy is there is on one hand there are a couple of groups they are tied to especially digital rights like you know data protection free speech net neutrality and open knowledge or like free free knowledge and and there are a couple of groups that deal with it but when it comes to the real technical parts or or more like you know cyber security or also artificial intelligence or other discussions that are more that have a deeper technical approach it's it's very difficult to actually have a good conversation and um what we want to do is to get a new organization started called deep which stands for digital expertise in European politics and what we want to do is to get technicians closer to the Brussels bubble to do two things one thing is to influence policy before it gets you know uh before the proposals get issued by the European Commission so being involved into the the phases before that saw green paper white papers as well as the consultations and on the other hand helping educating policy makers so not so much politicians because politicians get elected only for a certain amount of time but the people who actually write all this the things so it's basically the staff of the European Parliament or the commission or the council and uh starting discussions with them and and uh helping them to understand the gist of the technical things in order to influence the policy at the end right now so we are we are just really in the in the first like phase of it which is all about money and how yeah how how we can actually get that together and we are still in between that or like in the middle of the discussion because it one thing that I also realized is that on one hand we have basically American companies in the industry lobbying yeah with like American uh industry money on the other hand we have the civil society that is basically paid by American foundations so that has to be that has to change and we are discussing how to actually change that which is a longer discussion that than what what is possible to do here in five minutes and so I'm at the about freedom village my name is Fukami and I would like to talk to you guys how to actually fix that in the future thank you very much thank you Fukami and now to something completely different from very interesting imperative draw the internet please come to the stage hi chaos family okay thanks right so I'd like to share some thoughts about drawing the internet I basically the last year I asked a very simple question to kids in two different countries and the simple question was the I should mention these kids were between six and twelve so this is in Belgium this is primary school I gave them one similar assignment as I mentioned draw the internet and I explicitly chose to include the word internet because I wanted to be inspired I wanted to be have the future generation our children to inspire me what are we doing on the web that we're building right now like we have this a lot of talk about what is the internet where is it going where did it came from what is the web blah blah blah but I wanted to like project myself into what did these younger people think about internet my name is Dries you can reach me on these channels I'm part of the Fright Camp Village and Fright Camp is a family friendly hacker camp which we do in Belgium every two years and this is very much on that ethos the inspiration very much came from what I experienced as a co-organizer of this camp I did a first collection of drawings so I had a first collection of drawings from kids in Belgium that is in winter 2018 and then I traveled to Senegal in February 2019 so pretty recently and I did the same experiment because I wanted to know what does it cultural influence on internet perception is and I just want to share a couple of these results now so this is a very typical kind of thing that came out a couple of times this this reads just like other space the internet is infinite and this boy age 12 he made a drawing of planets so I found this infinity kind of thing it's pretty inspiring I believe this is someone from Senegal and you see like the level of abstraction is so much higher the super interesting thing in Senegal was that kids when you mention the word internet the word does not really exist in their culture but I'll get back to that later so the level of extraction just becomes a lot higher a lot of colors of course you like the the use of color that inspired me in this drawing this was interesting as a result from Belgium like intertangled wires it's someone aged seven and this is what it's in their mind when the word internet is mentioned which I think is cool again age six you're asking to draw internet it's like yeah what will they come up with and they tend to draw like people and connections between people like you see the curly lines between the heads of the people like they're connected somehow and then there's like a little heart which I think is super cool and super fun this was interesting in Senegal a lot of the kids they draw devices like because there is like they never in that country never had computers or the introduction of computers of computing as we have it in Europe for instance so there it's like mobile is the default they would draw mobile devices it's phones and tablets and there's like nothing else that's their way to access this this way of connecting and what I liked about this drawing were the little dots around the the phone or the the tablet I think it's a phone that was drawn here so the little dots for me they meant like this like extends beyond the device I'm not really sure whether that was the intention of the drawing but that was my interpretation of it this is a very typical Belgian result where kids would draw their interpretation of YouTube or other video sharing platforms I like the spelling of Google here very Belgian this was again a result from Senegal I want to jump ahead a bit so the first thing that we saw like as a conclusion what did come out of this like the first critical conclusion was age evolution younger kids would draw like super out there drawings like it would be totally crazy stuff really whereas they grow older their bias just gets so much more narrow they're thinking gets so much more narrow they draw Fortnite or they draw YouTube or they draw Google images so they're like evolving towards that the last thing is that in Senegal internet does not exist people talk about communication and connecting and that for me is the core message of this internet is something that connects us and we shouldn't be talking about that as is something digital per se thank you so much the next talk is kidspace.org one click orders for open source hardware electronics right hello my name is Casper and I'm the creator and main maintainer of kidspace.org which is a website for sharing electronics projects click on oh did I go too far now okay so apologies I this is a PDF and this presentation is supposed to be a website with videos and that all of that didn't work out and it's not completely updated because I wasn't aware of and how it works at the camp but the way electronics are made is you have a printed circuit board and you have parts that you sold on to printed circuit board so you have through hole components that kind of poke the legs through and if this was working you'd see a nice video of that you have surface mount devices and if you'd see a nice picture of that I had prepared better and so surface mount is when the components sit on top of the board rather than going through you can one of the best ways to do this is to get a hacked toaster oven or one of the cheapest ways to do this is hack a toaster oven and use a solder paste and heat up the board carefully and then your parts kind of the solder reflows and your parts get soldered on if you want to know more about that check out your local hack space of course there's loads of workshops here at the camp as well to learn more about that so the way electronics are designed is on one side you have a schematic layout tool where you define all the connections that you want between your components and then you have the PCB the PCB layout tool where you then actually root the connections on a physical model of your board and loads of people are doing this and they're sharing freely online you can find loads of projects online that you could try and remake this is just a kind of informal survey that I've done of projects and of course more and more projects are going up and there's other sources for these as well the problem with it is that often when you come across a project it's kind of hard to get to that point that you want to get to of having the parts and having the board so it's kind of they all have different structures and different some of them are more like blogs some of them are file repositories and it's hard to find your way around to get to the point so what you really would like to do is go from there and you want the board and you want the parts so this is what I've been trying to do with these projects one part is kidspace.org it's a project sharing website but even earlier than that I started what I started with was a browser extension that helps you buy parts so it quickly it automates parts purchasing for you so it can automate the typical kind of component distributors like digikey, mouser, rs and it does this by by replicating the web request that you would if you were clicking around the site those sites yourself the browser extension does that for you so you can have a list of components and you put it into the browser extension and it puts it into your shopping cart there's a video of that which is not going to work unfortunately it's available for Chrome and Firefox you can just use it without kidspace.org by yourself with a spreadsheet and you can load other bills and materials online somewhere as well so the other part to this is of course you want the board and you want to make a complete project so that's what kidspace.org is for kidspace presents the whole project together with the boards and a readme and a detailed bill of materials and buttons on there where you can just click and it hooks up to the extension and you can then get all the parts for someone's project the way you add a project on kidspace currently is you set up your own get repository somewhere github or gitlab or your own server and then you submit a pull request to the kidspace project and say you want to add yours and you then it gets added so the idea really is to have this virtual kit so the creators can make the design and put it up online and you can buy independently yourself so there are a few interesting projects that I would love to have time to talk about too but I don't so come find me around camp yeah thank you very much we're going to our next talk it's called Android Privacy is not a luxury please Hi I'm Christopher Weatherhead I work for Privacy International and I thought you might like this talk it's a little bit of a preview of some ongoing research we're currently doing and I kind of need your help with it so I'll come to that in the end and yeah I just hope to give you a little bit of an introduction so we're doing some work on pre-installed Android apps and the general like privacy problems with them this is based on some recent research by a group of academics who did a who looked who looked and analyzed the domain and did an analysis on 1000 over 1700 devices from 200 different vendors and found only 9% of the apps that are pre-installed on those devices appear in the Play Store or the Google Play Store which makes this domain really hard to analyze so we're trying to I guess some like case studies and some stories about this so we can put pressure on Google because this area needs better regulation from what is essentially Google the gatekeeper and our interest is that these apps are often stored on low-end low-cost phones and this disproportionately affects people who have those devices so what are the problems with this well the first ones around consent pre-installed apps are as they as they say they're pre-installed so they often come with things like custom permissions some of those custom permissions can bypass Android's own security policy because they're pre-installed often these permissions are pre-accepted so they can access things like the microphone, camera and location without prompting the user and some of these custom permissions are particularly nefarious in that they can do things like access text messages read other applications information and also they can initiate calls and receive calls which is a bit problematic there's also a lack of control for the end user these are often can't delete these apps they run in the background and especially in low-cost contexts where the cost of data is high these could be secretly like working in the background sucking data and that data could be going to all sorts of third parties it's really hard to know where that data is going and also on less of a privacy point but on just a general niceness point these often these apps are using a space on a device that usually has very limited space and finally even off from our own analysis of security practices they're usually woeful they can have things like sending personal information over running crypto channels so sending things like personal information names and details along with things like the IMEI of the phone over HTTP that's always nice and then some of the apps we've even had to look at have vulnerabilities arbitrary code execution and this is really bad in when it comes to pre-installed apps because of the some of them have these permissions that are outside of the Android security model so once you're in you're pouring basically so oh and finally on the security side obviously some of these phones are still being sold as new with Android 4.2.2 or Android 5 which has got no critical vulnerabilities in it so what are our solutions well we're trying to put pressure on Google particularly to to put more to better certify these manufacturers devices because they have such a controlling influence in the ecosystem we like Google to be clearer as to what a certified partner has to what thresholds they have to actually cross to get their app certified and pre-installed on a phone and then also they should they should not they should not authorize phones that have that have permissions which void the Android security model from a deletion perspective users should be able to delete their apps that seems pretty sensible and this goes on from 35c3 talk on a safer topic about Facebook we'd also like to see Google implement a centralized privacy hub where you can control not just your app permissions in your but also your advertising data and that kind of stuff so you can ban trackers or you can globally ban things from accessing your camera that kind of stuff yeah if you're interested in this and you'd like to help out please come and contact me as all my contact details yeah thank you very much thank you for your talk and could you please leave the clicker thank you so much so the next speaker up here is any key with OpenSQL making 3D objects by code here you go close the clicker yeah thank you hello everyone hope you're all enjoying camp my name is Aniki I'm a self-taught maker and I think I got 10 years ago my first 3D printer the cupcake scene scene machine and since then I've been involved in the 3D printing scene and that kind of stuff and one thing that actually have always amazed me is that how many people have 3D printers and I if I ask them hey what do you make with it or what do you design with it they don't they just print other people's stuff and then I ask them why well most people don't know how to draw at least not electronically in that kind of stuff neither do I but I do know how to code so I want to talk about how you can actually use your coding skills to actually make 3D objects and that's something done by something called OpenSCAT OpenSCAT whatever you want to call it I have absolutely no affiliation with this project whatsoever I'm just a fan user of it it's open source you can run it on your Mac, Linux whatever machine you have even on a Raspberry Pi and by using code you can actually or take a DXF file a 2D design file and turn it into a 3D file or completely from scrap create objects so you can start very simply by saying okay I want to have a cube and then you just give a command called a cube 10 by 10 by 10 and you have a 3D cube in space and you can see from the syntax it's somewhat like C language base so it's if you're familiar with programming an Arduino or something like that you'll find the syntax to be very familiar and there are all kinds of other shapes that you can make you can make a cylinder you can actually make a cylinder with the top and the bottom radius to be different so you get a cone and all those kinds of things you can actually make but as it is a programming language you can actually do operations with these things so I can take that cube and I can take that cylinder and by putting a difference command around it it actually always first draws the first object within the difference command and anything else than what I specify it actually subtracts from it so I end up in this case with a cube with a hole through it and whatever other objects I add within that difference command it starts subtracting that one other method that you can actually draw more complex shapes something that I actually use a lot is I can put for instance a few cylinders in a particular order so I'm using the cylinder command here and I use a translate command to actually place it somewhere in space so a particular order and in this case like a triangle now I have these three cylinders by just simply putting a whole command around it it makes a 3D object of that outline of that shape now if I want to have maybe holes in this triangle I can take those exact same three cylinders just shorten the radius a little bit but keeping one on the same space and use my difference command and I end up having a nice triangular plate with rounded corners with holes in it and all that kind of stuff but the nice thing about all of this is it's a programming language so you can really make the benefits of having a programming language so when I design stuff I'm very impatient I very quickly want to make something and then I'll find out everything that's wrong about it and I'll go back and fix it you can do that all with parameters so in the beginning of my program I define my parameters that I'll probably later know that I will have to change and I make modules for these objects to make my code very simple and very readable and this is really how you can leverage the power you can loops and all those kinds of things to really make very complex things with just a few lines of code now even you might not have ever heard of the existence of OpenSCAD if you have ever visited Thingiverse you probably have been in contact with these kind of OpenSCAD files if you go to Thingiverse the website to download 3D objects from you can select on something called customizable anything that is customizable means it is actually written in OpenSCAD and therefore anything that's written in OpenSCAD even on Thingiverse itself that is customizable you can even in the web page change therefore so for instance in this example this is a cylinder slot you want to change the code on how to open up the slot you don't have to know how to program you don't have to download even OpenSCAD whatsoever in Thingiverse website you see there are four variables for the numbers that you want to have for the object and it will automatically adjust the code but what's the great thing on that same page you find the button few source so you can actually see the source code on how this object was created by that person and all that person does is in the beginning specify those variables those variables therefore are picked up by Thingiverse to show it into a nice web interface and then you can take all that code that is in existence there so let me give you some examples that are out there if you for instance lost your keys well not if you lost your keys if you only have one key left and you need more keys someone with an OpenSCAD program that you can take a photo of your camera of your key it will analyze it and automatically translate it into an actual 3D printable key so you can have spare keys other projects someone made a customizable thing from your laptop to that you don't have to put a silly sticker on it or something like that but then you can make something nice with your name on it or something like that to hide your camera someone made it for quick set keys if you have a quick set key actually tested this last week you can just type in the code and you get it so hopefully I've given you some ideas and go create and make something and share thank you so the next talk is about introducing Neurodiversity by Jantje is Jantje here? yeah come on stage so also the speakers for the next session please get ready on the talk before you so we can change the stage quickly and now you have the stage Jantje yeah okay thank you so yeah Neurodiversity what exactly is that well there's neuro in it so it's got to have something to do with Neurology and it does and it's in fact the diversity of the Neurology of our brain what does that have to do with computers well not much except if you view the brain as one giant computer so yeah the concept is basically that all humans have different neurological makeup and there's of course going to be some variety about that and from which we have obviously profited as humans across our entire existence but there has been in the last decade or so a trend of putting that taking that concept or the fact that there's a certain variance and turning that slowly narrowing the concept of what we define as normal and so creating basically illnesses or disorders and so what exactly falls into that for example the concept of autism or ADHD or bipolar disorder or many of these other yeah things that we usually define as mental illnesses or disorders and are currently trying to cure are actually not that there are things that humans have done over or human brains have done over our entire existence and there's proof of that there's proof for example in stone age art that there were people with specific processing differences and those are the same that autistic people most likely or most of them exhibit so we can with pretty pretty shortly say that there were autistic people in stone age so should we really be trying to cure something that has existed over all this time and has in fact been positively selected by genetics so the idea that many of these things that we define as disorders might not be of course calls into question our concept of what is normal and in fact that concept is just a concept and not something that is somehow defined in nature and that doesn't necessarily invalidate the experiences of people of autistic people or ADHD people or whatever but it defines how we treat them and it is the concept of no diversity is related to the concept of to the social model or concept of disability which means that some things that are disabilities in our current culture are only disabilities because our culture is built in a certain way so for example being deaf or hard of hearing is only a disability and some deaf or hard of hearing people do not define themselves as disabled because we talk with speech and we need to hear it and in fact that has not always been true many linguists now think that the first language that when humans first started to develop language was actually a sign language so even the concept that we need to talk is not it's just based that on the fact that most of our cultures talk but not all of them so what does neurovisity have to do with the internet and well most of the things that we're talking about here well first of all for the neurodiversity movement and for many people who are neurodiverse in some way whether they're autistic or ADHD or bipolar or whatever the emergence of the internet and especially the emergence of social media has been well a radical change in our lives because there's new modes of communication and yeah the next talk is coming with AI-powered robots in real life by Hao don't give up trying trust? all right so my name is Hao I founded this company called DoraBot five years ago this is about to show you what the state of art of AI and how they get applied to robots that actually work in real life so there are about 50 slides bear with me now what's AI there's a one definition of AI is thinking or acting rationally and AI is used very widely to the left is what AI is used 30 years ago which is recognizing handwritten digits and what AI can do now is identifying each of the cars in a picture and then actually separating them so they know they're different cars and there are a bunch of other applications of AI the AI can play go beat the top and top human player AI can allow you to go into a store pick up item and then leave without waiting in the line for checking right so you don't need to pay with your credit card and stuff the AI just recognize who you are and what item you pick it up as you go and then we have robots that move shelves in the warehouses to kind of ship stuff that you buy ordered online and AI can recognize stuff in the video whether or not this part of the video is a car or is a human AI can recommend you similar products that you've searched for can tell you where you should drive on the map right can fetch a cup of coffee for you operate a coffee machine and can generate you know different kind of synthetic or generate or replace a face of a character onto another one that you cannot distinguish as a human can think that it can new faces based on source pictures right so the the people's face on the bottom right is they don't exist right they I think that human the best this is my favorite AI can actually beat human starcraft player already by just what these are the visualization of how the neural network works so if you're interested the slide is online there's reference book about AI and a robot is a machine that can carry out physical tasks basically and there are just differences between the the robots before versus robot now basically robot nowadays with AI equipped can work in more unstructured or dynamic environment versus robot before can only work in structured environment that's programmed now previously we do 2d vision now we can do 3d previously the mobile robot have to follow lines on the ground now we can navigate freely in any environment previously you have to use a teach pendant or remote control to program the robot now we can actually have the robot compute its own paths automatically and previously we have rigid robot now we have collaborative robot that even if it hits you it doesn't break your bones now to the left is what I built in 2012 in noise bridge in San Francisco to the right is after the company is established it will be built in 2017 so both are mobile multiplayer and all the following are how they can get applied this is a gripper it's a dexterous hand it mimicking human hand it can grasp balls it can run kind of operate a screwdriver it can kind of put salt on a plate we can also have the mobile multiplayer draw pictures operating coffee machine making dumplings picking items from the shelf directly and this is how it works so basically the it shows how the robot evaluates the environment around it and then figure out how to grasp an item so how do we apply it to real life right so one one of the options is conference service so I just came from Macau in this international conference of AI and then we we put robot in use so we have conference participants present their badge to the robot and then the robot fetches the souvenir and then presented the souvenir to the to the participant we have people lining up for receiving the souvenir from robot we have coffee pouring robot so we have a barrel with coffee and then if the robot sees you stands in front of it it pulls the lever on the coffee barrel and then kind of present you with the cup of coffee and this is my favorite part so essentially what's happening is we have mobile robot running around in the reception and have so we have them serving drinks but then they soon become garbage collection robot because people just put place on them and this is what the company is mainly about we actually put robot in logistics so loading boxes into trailers sorting packages different ways of sorting packages different ways of sorting items that's not in a package and other stuff and then yeah so if you are interested talk to me this is my contact thanks thank you very much dear audience I'm very shy and don't like to interrupt people that's why I need your help though but I don't think we need your help for the next speaker because I'm very very happy to have been here on stage I'm very happy he could be convinced be here the next talk will be in german and it's been 10 years doodle and that you tresten ein resumé ja hallo okay also 10 Jahre doodle ich nehme an es wissen wenige leute was doodle ist wer weiß was doodle ist das das doodle was hier steht das du dre hey a par cool dann wer weiß was das hier ist doodle das wissen hoffentlich alle so ungefähr genau also es geht eigentlich um da um sowas und zwar eine event scheduling application wir haben sowas in dresden nachgebaut das sieht dann so aus eigentlich ziemlich ähnlich zu den ganzen sachen wie es original doodle ist allerdings was wir gemacht haben ist ein haufen krypton features reingepackt dass es jetzt zehn Jahre herr damals war das noch cool und neu heute gibt es sowas mit krypt pad und mit krypt bin und ja es gibt so ein paar application es nennt sich alles zero zero prove oder zero footprint application die idee ist einfach nur dass man mit javascript sachen verschlüsselt und dann verschlüsselt auf dem server speichert gibt es verschiedene protokolle in denen es passiert und genauso was haben wir also gemacht wie gesagt zehn Jahre her wenn euch das mehr interessiert dann hier schaut euch die vorträge an das habe ich schon ein paar mal vorgetragen einmal auf dem camp 2011 und auf dem ccc 2009 und auf den datensporen die bald wieder sind in dresden genau da gibt es videos dazu könnt ihr euch genau die features anschauen so und jetzt ist es zehn jahre herr jetzt stellt mir uns die frage nach was ist jetzt passiert seitdem die sache ist die wir haben so ein paar ich habe einfach ein paar testing zusammen gesammelt die umfragen werden alle drei monate gelöscht das heißt sie sind nur drei monat auf dem server drauf und also sie werden nach drei monaten gelöscht wenn keiner sie benutzt mehr und so genau dazu komme ich gleich das erste coole feature ist mittlerweile jetzt auf 20 verschiedenen sprachen also ein riesen dank an die community ich habe ich habe also ein unzähligen sprachens submissions bekommen das war also unglaublich teilweise was alles dabei ist genau ihr könnt noch mehr übersetzen wenn ihr das wollt müsst ihr einfach die dateien schicken genau das nächste jetzt komme ich eigentlich dazu wie gesagt es wird nach alle drei monate gelöscht und ich habe mal gezählt wie viele umfragen überhaupt so gescheduled werden und da sind naja ich komme 130.000 user die pro monat des benutzen und sind 12.000 umfragen die pro monat gescheduled werden also ist doch eine ganz schön große zahl und jetzt ist es so im interface man muss an irgendein stelle weil also dudel das dudele steht natürlich für unseren leerstuhl datenschutz und datensicherheit in dresden und wir sind ja keine usability expert man muss also in irgendein stelle dann klicken ja ich möchte die umfragen symmetrisch mit javascript verschlüsseln und jetzt die frage an euch was denkt ihr von diesen 12.000 umfragen wie viele davon sind verschlüsselt wie viele haben doch diesen button geklickt ja ich möchte die umfragen verschlüsselt haben ich sehe dann eins einer okay eins ruft mal rein wer denkt was 10 prozent höre ich da okay also 30 prozent ja ach du ich klick mal auf den nisten ach so genau hier noch mal die frage ja wie viele waren das naja okay was lernen wir da raus na wir brauchen security by design and privacy by design das funktioniert anders nee also das wenn ihr die leute nie die leute benutzen das weil sie denken hey cool das ist ja verschlüsselt alles toll aber weil wir die features erst danach eingebaut haben und das erst mal getestet haben und dann haben wir es nie wieder geändert dadurch ist es ja so wenig geblieben aber gut so ist das genauer jetzt habe ich noch ein paar ich habe noch genug zeit ich habe noch ein paar fun facts vorbereitet also eigentlich zwei das erste ich hatte schon gesagt hier solche emails hatte ich öfter bekommen insgesamt einige ich benutze gern dudel und möchte gern was zurückgeben deshalb habe ich eine besetzung angefertigt und so sieht es dann aus use this option if you see the characters in print traces benutzt der dia option wenn sie durch zeicher in der klammer aus eh ja keiner naja ich kann ja so gut schwäbisch habe ich noch nie eingebaut aber das kommt noch genau das nächste ist wenn man eine umfrage löschen muss löschen will damit man sich dann ins knieschi ist und die versehen dich den button drückt muss man erst mal sowas eingeben naja also hier muss man eingeben yes i know what i am doing in das text fällt einfach rein reinschreiben damit man auch sicher die umfrage löscht da gibt es ein paar strings zum beispiel please delete this poll i'm aware of the consequences und so verschiedene Sachen und klar wenn man sich vertippt dann löscht er die umfrage nicht naja also wenn man bei i hate these stupid entry fields eingibt i don't like these stupid entry fields dann zeigt er an ja dass es nicht geht so achtungen vor solchen features ich hab diese email bekommen die lass ich einfach mal stehen weil die zeit ist ekel rum ja okay die ging dann über die pressestelle an den prof und der soll es sich rechtfertigen rektor warum er solche wird er benutzt das war spaß gut thank you the next talk is gemeinnützelt is also in german it's gemeinnützelt by mo oh hello my name is mo i actually decided on the last minute to give the talk in english so more people can enjoy what i'm going to tell you um so i want to take this opportunity to tell you about a great milestone that we achieved just last week so this is really like nice and hot stuff but i also want to thank everyone who was involved in the creation of and in the process of this project the conversation around it started taking shape in 2011 2012 and it took a while before we reached the state in 2016 where we started by creating a legal entity um so i don't really see my slides so i don't know what's going on um ah there are much the slides so in 2016 we created an entity called the center for the cultivation of technology um what what is it it's a german non-profit limited liability company uh so it's something that you don't see that often usually people create gemeinnützige feine this is a is a company but it's also a charity um and what does this charity do the charity is a legal host for open source projects so whenever projects have to interact with money they need some kind of way of making the money flow and uh we provide a legal entity that you can pick and choose um uh to um help you with your money um uh this is the quote from the bylaws uh and this is uh leading to what milestone we reached so we created a legal entity that um says in the bylaws that the goal of the of the organization is to develop and further the free and open technologies and bear with me this is not a perfectly fine definition for everything else but this is targeted towards the tax authorities because we have to argue why are we a charity why are we doing stuff that is beneficial to the public and before we started this i talked to many different lawyers i talked to many different organizations and everyone was like um maybe development of software cannot be a charitable activity um so we tried we set out uh to do it um and uh this is kind of what we some of the kind of services that we are providing to our projects we're not done yet so this is an in progress conversation uh we want to help people with their donation processing uh we help projects with um um grants and other supporting contracts um uh but we also um look at the side of okay there's money coming into the project how does the team make decisions around spending the money how can the project create some transparency towards the people giving money and also towards the team itself so that's a big part of what we're building is kind of a management platform for similar organizations they might be in completely different spaces they might be around political activism or other fields where you want to share a legal entity across many different projects um so um we started in october 2016 to register the entity so the first business year was october november december 2016 uh in 2016 we um started slowly doing stuff um but the real first business year was 2017 and uh this was a crucial kind of a phase because you the how the tax authorities evaluate your charity status is based on previous activities so they look into the past you finalize the full year you submit the documents you submit an annual report explaining what you did and then you wait and this was the phase the past months we submitted uh a while ago the 2017 filings and you can see some numbers here so in our first official business year we already um had 800 000 uh euros in money coming in two projects that we host um we spend 142 uh kilo euros on employment uh so we can provide employment for people in case they want that um and we paid 149 kilo euros to um contractors that develop software and this is the achievement it's the confirmation of our charity status thank you so the next talk is going about a digital climate strike it's hold by blip is blip here please come to the stage and use the click zip hi we are in the midst of a climate crisis we cannot longer call it just global warming it's a fully fledged crisis temperatures rise huge areas of ice glaciers have melted already species get extinct insect populations um decrease our ecosystem is experiencing huge harm and for us humans this is dangerous not just for the animals and the planet but also for us areas will get inhabitable new illnesses will rise with the rising temperatures the reason for all this has been known for decades and is confirmed by scientists we have been and still are emitting too many greenhouse gases into the atmosphere we are just burning too much fossil fuel too much oil too much gas we have been oh yeah some insects still live on my arm so that's a good sign but we have been externalizing costs on the environment for too long and science shows that we cannot continue like this we need to be carbon neutral by 2025 this is in almost five years individual actions are not enough to change this we need large-scale change we need governments to change policies fright is for future extinction rebellion and other organizations have been calling for the next international climate strike on september 20 this year this is in a month please go participate in the strike go out on the street tell your friends and family and co-workers and now finally coming to what you can see on this slide please consider joining the strike on the internet if you run a website or a blog or a social media profile consider blacking out or greening out your website display a different avatar to raise awareness for the international climate strike week that will start on september 20 and continue until september 27 you can find some resources on these three internet websites i put on my slide shut down for climate net shut down for climate dot de for a german version and soon also digital climate strike net which is not yet online there is templates for these blackoutsides there is a wordpress plugin there will be more soon so please let the internet participate in the strike here on the camp i have co-organizing the bits and trees village bits on boime we are the sustainability village on camp so if you're interested in what we do here come to the about freedom cluster today at 4 p.m. we will have a panel where a lot of organizations will present themselves amongst others fighters for future extinction rebellion c3 sustainability that tries to make ccc events more sustainable so please come by have a look and if you're motivated to help please join us thanks the next talk is open science and open robotics the pocket science lab okay yeah i'm going to talk about a pocket science lab some of you might know it already it's an open hardware device and since recently you can also use it for robotics and the whole story of the open pocket science lab started in 2014 when praveen came to the first asia summit at that year in cambodia we ran it at that time in plampe and he introduced the idea of an open hardware device for experiments specifically for physics so the first versions of open of this open hardware look like this and yeah it was the adrino uno form factor and we continuously developed it later on it got this size that we also use today and so today it also supports bluetooth and you can attach a wi-fi module for the esp 8266 there are many small enhancements and recently we even achieved to attach more digital pins for example so you can run more devices at the same time and yeah more sensors so this is how it looks like it's developed together with the first asia community and open tech in germany we produce large batches in germany and in china so try to also make it sustainable and available for everyone there are many useful instruments on it so components can be attached by pins we have a desktop app we have an android app and you can build your own apps we support standards like the uart standard how it works you connect it here through an app for example on the mobile phone and there's a usb connection and you can power the device also through your mobile phone then you click on these apps there and so there are instruments inside the app that you can access for example an oscilloscope multi meter logic analyzer wave generator power source accelerometer barometer compass you can attach a lot of sensors any sensor that runs with adrino will also work with us and we are adding more and more sensors for gas for example ph ph meter and so on so this is then how the oscilloscope looks like you see different waves or for example the power source here's the multi meter wave generator and logic analyzer you can create digital waves with digital instrument or with analog instruments and recently we introduced the this instrument is actually not to read it is actually to control servos so small motors you can have four motors and you can draw here which angle you want and then drag and drop them into a timeline similar to a video editor so this was really cool we ran a workshop here in shenzhen a few weeks ago and yeah actually may eight yeah and you see people really get excited and want to build it and there's a small robot on the table that they tried to control with it so that's really something new and cool another thing that we are doing is you're now able to generate config files and you can attach an esp and then control the device through wi-fi and you can leave it offline anywhere and come back at some point later and collect the data so for example you can control time interval you can control channels and so on so whatever you can do with the app connected you should also be able to do it when the app is not connected and come back later and use the device as a complete data logger yeah here are a few specs for the experts in the room and there are always a lot of questions you can find them also on our website so it's for example the first question is always how many channels so we have four channels and we have two msps so if you use several sensors at the same time of course you have to like it's not like every device can have this kind of access you need to separate this so the bottleneck here is basically the usb connection if you use wi-fi actually we can also talk about like making it faster making the bandwidth wider and so on but it wasn't needed so far how can you get involved in the project so the whole project is open it is free and open so please join us thank you very much get it to the next speaker thank you thank you very much now there's sofia selie we are going to learn something about olabini thank you for being here okay uh thank you hello my name is sofia selie and i'm the partner and colleague of olabini and today i'm going to talk about him because he is unfairly persecuted in ecuador which is my home country and he was illegally detained and right now he's under investigation for the alleged crime of hacking into computer systems so the first thing we're talking about uh olabini is actually asking ourselves who is olabini so olabini is a software developer who many times have participated in ccc and he mainly works right now on security cryptography and privacy developing software to enhance privacy and security and cryptography but also on the research and cryptography itself on the past he was also a collaborator into several programming languages especially with the j ruby project but he has also been around collaborating with other security project like the tool project enigmail project the ledson creep project and right now what we are leading is the version four of the of the record messaging protocol as a cryptographic protocol but also its implementation right now as i said he's legally detained in ecuador with the alleged crime of hacking into computer systems but actually does it seems to be not actually the crime that he committed but uh even the e f f have actually concluded that it's not really he's not really detained or investigated because of some crime that he committed but actually because of some political reasons um basically the political reasons seems to be that he's a friend of julian assange and uh as we know uh my country ecuador has expelled julian assange from the embassy and ever since then there has been some uh persecution against olabini uh ever since then so yeah the next question of course that i already talked a little bit about why is uh why is he detained so how a lot of this happens is the first question uh prior to answer the main question so how all of this happened is uh on 11 of april and which the day in which julian assange was expelled from the embassy in ecuador uh olabini was actually detained in ecuador when he was uh at the airport um there was actually no real charges when he was detained he was just detained because they wanted to detain him uh there was no charges and apparently as i said the only reason why he was get he was detained is because of his friendship with julian assange over the period of his investigation and detention process a lot of human rights violations has happened as i said there's no real charges so that's a human rights violations uh he didn't have any access to his lawyers uh there was actually no presumptions of innocence he was actually guilt uh ever since day one that he was actually detained uh he lived in awful cells conditions because he was detained for 72 days in a latin american prison and i don't know if you have ever visited a latin american prison is not the best cell conditions he was actually living there for 72 days um there's an absurdity of actually being him in the preventing prison because uh actually there's no reason if there's no real charge where a person should be in preventing prison uh to justify uh it's uh preventing prison the ecuador government have actually shown his devices his laptop his usd drivers his ubikis as evidence that he was actually trying to hack into some system and as as we know as people who actually attend the ccc that's actually very upset because we all have a lot of devices and that's no evidence that we commit any kind of crime as evidence the quatorion governor has also shown that uh he had a lot of english books uh regarding programming and that was actually something that they show us evidence so what's the current state as i said he was detained in a to a latin american prison he was in prison for 72 days uh after we did an abias corpus he was actually released but that doesn't mean the persecution has stopped because actually he's still under investigation for at least 132 days uh 32 days 32 more days was added into his investigation because they decided to link someone else to his case so the political persecution can continue so why should we care because this is actually that can happen to anyone who works in the area of research that we work in the area of research with privacy security and cryptography because this is a misunderstanding from the from any government on the type of field work that we do um because this actually makes our field look like we only do some crimes but not the kind of research on actually protecting people and protecting human rights um so that's why should we care so what can we what can you all do as a community you can retweet with the hashtag free olabini you can also donate and go find me uh page that i didn't put here but if you want to know exactly the page come talk to me you can visit the website free olabini.org you can talk about it and you can engage in any kind of way possible international pressure is something that can definitely help in this case and with that thank you very much you can follow me on twitter and if you want to know more information you can find it under that twitter and we will probably do a session on one of the workshops some day so i will put on my twitter profile if you're interested thank you thank you very much thank you please leave the clicker here and bring the microphone down so the next talk is Daniel Graal with securing server-side scripting so hello everyone um so i wanted to talk about how to secure un potentially untrusted scripts that run on an enterprise application server in also critical environments so the company i work for has as customers the uh big energy companies who run the electrical grid and um they somehow like security uh even though they want to do something with the loads of data they produce so they need some some very um sophisticated reporting things and want to plug in as as deep as possible so um they actually require access to internal api of the java enterprise application server that you run so we provide groovy scripting on this server provided by the users who work in the back office um to produce all kinds of extensions so um what they typically do is something like this so you iterate through all the dates of the last month um get some data from the internal api and do something sensible with it like checking whether the measurement is below some limit or so um yeah but is this really secure uh obviously not uh if you can just write a script like this that that terminates uh the the whole server so black out so um this would be a denial of service but you could also think of uh attacking confidentiality so here you would bypass the privilege system by just getting every privilege because you have access to this api and then you read any data and if you think of um just creating in uh network socket is as easy as uh this uh in this one line you can send the data uh to to some other place where it don't belongs um you could also think of the other way round manipulating data attacking integrity so like here setting um some value to 1000 times the limit um okay looks looks not so scary but if you remember I said um this software is potentially running the energy grid of Germany so this is blackout for everyone uh not so good so the idea is to restrict to a secure api um where we know that that all classes and methods are to be used are really secure and safe and we cannot bypass authorization so um but how to do this so the user could still access the full api um and the idea is to to use um a library called groovy sandbox so essentially it allows you to restrict the runtime uh what what kind of imports you use but then you ask uh imports so why do I need this so I can do everything at runtime everything's evaluated at runtime if you run such a script so um for for instance you just assign variable and you can't uh efficiently detect this uh statically so you can also use some some shortcuts some convenience methods and the only solution can be to to intercept everything like this at runtime um so the idea is that this groovy sandbox library allows you to attach interceptors um at runtime that intercept every method call array access object creation etc etc um and then you would check against the white list of allowed classes and methods uh and at best you're also blacklist what's not to be used ever uh like losing a class loader or opening network sockets or so um you also have to consider a lot of hard cases that um convenience methods um in in in a language like groovy brings um like for instance you can just convert some string to a process execution so in this one liner you could just start an additional web server so um you have to consider these these kinds of vulnerabilities too uh and also uh you have hard cases where you have a script that just runs forever um and what to intercept here so there is no method call there is no variable access nothing at all so um the only possibility here is is to to put this in a further sandbox run it in a separate thread uh and and kill that uh if if it takes too long so how do you kill threads in java um i'm not sure um so uh the thing is um there is this one method that has been deprecated for over 20 years and and all guides on how to do java programming say don't use it um but this is actually the only thing to do to to kill something that is just not responding okay um thank you um if if you have any more questions or ideas so you can talk to me uh you can reach me by mail or uh here at the camp in the village uh faking business route thank you thank you thank you very much thank you thank you the next the next the next talk is going to be held by bmc fun and is handling the the topic of documenting proprietary bmc hardware have fun with that okay uh hi i'm going to talk about bmcs um so um what are bmcs it's it means baseboard management controller it's a bit of a weird name but it's the server inside your server that controls things like power on power off um keyboard video mouse and uh serial over line and often it has um direct memory access to the host system so to your server which runs applications or whatever um and should usually stay secure um so it has a lot of a lot of power over the system um like examples include um iLO from hp enterprise or um iDRAC from Dell um this kind of thing we're talking about um this the security is usually a bit questionable um you have web servers in there doing string copy and scanf without a limit that kind of stuff and ipmi the the most popular protocol used to access um bmcs is kind of designed in the nineties and um the authentication is a bit questionable by modern standards um so usually you you know from from ssh there's public key um authentication and stuff and i don't think that's in ipmi um and usually the the firmware for bmcs is proprietary sometimes there are open source parts in there often there's linux in there but everything else is usually proprietary um so a year ago i decided to do something about this and i got myself um this board it was cheap and it has um an iLO chip in the middle there's a lot on there but this interesting part is in the middle um that's a custom chip from hp which uh implements all the the iLO functionality um it's an rmsoc so um you can just use gcc and put code on there and uh fortunately for me the boot loader is not signed so you can actually just write your own code on the flash and if the code is kind of correct it will run and and do things um the bad thing is hp doesn't provide any documentation for how the iLO hardware actually works um so i can't just uh go on and port linux because i don't know how the hardware works um so i started to document how the hardware works with a bit of reverse engineering poking bits there's now um on gitlab.com slash bmc fun um a repository with some documentation it's enough to boot linux so i have timers and the serial pod and and uh ethernet also which is useful um but none of the really interesting stuff like um how you control the host how you do power on power off and and all that um and there's still a lot to do i need more documentation for all the interesting peripherals in there which would be needed to make this actually useful um you can port your own operating system um if you're interested i'm just releasing documentation for now so so it's a bit of a white box reverse engineering thing where there's documentation and then a clean new implementation um by the way i have one of these boards uh with me um talk to me here if you're interested in getting it um and uh from iLO 5 um they started to sign um the bootloader but i'd really like to figure out how it works exactly because um i'm not sure it protects against everything that could be done to run custom code on there um there were a few groups of people who helped along the way um airbus and synactive released um interesting research on vulnerabilities in iLO the open bmc project uh showed that it is possible to run a bmc with fully free software uh giDRA the disassembly and uh decompiler helped a lot and thank you for listening go to this url vinter set thank you you did great thank you very much thank you thank you thank you thank you very much um the next talk is hold by mastro gippo and he is telling us something i like to do myself very much also so it's called backstage penetration oh thank you hello okay hello everybody um uh so uh there was this concert in italy it's uh it was a huge concert and uh um there were probably most of the uh biggest artist uh biggest italian artist uh uh in italy there and uh i will it was for a 20th anniversary of a radio show and uh i really wanted to get into the backstage to meet my ears so i started thinking we went there maybe an hour earlier so i started thinking about how to get into the backstage there were a lot of there was a lot of security um so i started thinking about how to get a badge so i started taking picture uh with my brand new phone uh with super zoom uh to try and and take a good picture of uh of a badge uh and maybe uh print it later maybe get out of the concert and get to a close uh print shop or uh or maybe uh next time get one of these printers uh but it's uh pretty heavy it's hard to to bring around um it's it's not very comfortable to to have on your backpack uh during a concert but definitely this is a very good idea to to bring one of this uh to an event and uh maybe you can also uh have some preparation before the event so i didn't know about that i didn't follow the the social media of this event too much too closely uh but yeah why bother making the effort to take a very good quality picture of a badge when there's instagram so thank you to thanks to these artists or maybe even thanks to this uh all areas friend that posted this about two hours before the concert started so you just have to bring a laptop uh maybe scan some uh social medias and you will get a badge and then go somewhere and have it printed but we didn't have time we didn't want to uh go to the effort to to crop it uh to prepare it to print it we also had almost half an hour before the concert started so we started looking around and well basically this is the uh how it was configured there was a main stage and there was a big rail holding back all the people and at the sides of the rail there were security guards uh looking at the badges to to decide who'd let in and who to who cannot let in cannot be let in uh and uh these security guards are third parties they are not from the same organization of the concert so they don't really know uh which badges this night or whatever the event is so they need um something to to check them against and on this rail there was an A4 paper uh piece of paper attached with the picture of all the badges for them to easily compare and of course you can just uh take it and rip apart one of the badges I decided to be an artist uh both because uh I was kind of a con artist and uh because it didn't there were many many artist badges around so they couldn't know uh everybody and also I used a piece of string from the gadget from the gadget they gave away to to to make a necklace so this was my badge uh I careful I didn't have knives or anything so I just cut the paper and fold it on the back and yeah this is it and I mean so I got in I met my favorite artist showing proudly my fake badge and uh I'd like to to give you uh some some takeaway some ideas that I got from this so the most important thing is to look around to learn how people behave to understand what everyone is doing uh to see how they're interacting with uh with the security and uh and mimic what everyone is doing there were three important things uh the water bottle everyone in the concert didn't uh couldn't have a water bottle uh with a cap on so only people from the backstage could have a cap on the bottle because uh all the bars were removing the the caps before giving away the bottles so I had a cap on my pocket and I closed my bottle to make it look like a was backstage uh also the t-shirt they were selling t-shirt like like people like artists and the smug face so good luck thank you very much next on stage Stefan Schindler with make rustfest.eu more environmentally friendly there he is there you are you just click your slides for now wonderful is this close enough okay this close wonderful so uh welcome to my very spontaneous talk actually it's too bright today um so we have been uh looking at multiple things at rustfest we try to be very inclusive but one thing we noticed uh actually pretty late was we were flying a lot of people over a lot of places so what are we now we're looking at the train map so next iteration will be on Barcelona which is the I don't know flame shaped thing the bottom left in in Spain and these are all the connections we looked up for our attendees and our speakers that are sure to work because there's no Brexit or anything else strange happening so oh these are flipped rustfest is a community conference like camp as well and um since you know climate change is happening and uh bad thing all of these people had to go to Rome so these are 400 people and yeah you could fill a plane if they were from the same city or it takes I think 50 planes for all of them to get there so back to the map so we started with uh with these cities to see if we can reach uh Barcelona in a reasonable amount of time and it turns out we have a winner the longest route is from Oslo it takes almost three days and it goes via Gothenburg so this is the purple line so let me walk you through it so worst case if you're inside Europe you go from your city Oslo to Gothenburg and sleep there for a night then you go from Gothenburg to Copenhagen and Hamburg during the next day and then go for I don't know go for dinner then you take the night train from Hamburg to Frankfurt to Basel to Zurich and arrive in the morning there you take a shower go to a pre-event and then in the afternoon you take the next train go to Geneva and then to Barcelona and there you go so it takes you at worst two and a half days to get to Barcelona and back or or back sorry so we are hoping that more people will show up and say hey one of the routes passed through my city like Paris is a good candidate that they will make a pre-event so people will go there and join the ride which also means that if you depart together from the same event and go to the same next event you will ride together so you can have a hack session in the train during the ride also the CFP is open until the end of the week or Monday I don't know a couple days more and if you're interested in the Rust programming language come and join us it's the beginning of November if you're interested in more stuff that I do personally then go to sdata.ch yeah or find me around here thank you thank you thank you very much the next talk is about open laser tech is hold by Florian we are really looking forward to it's looking promising hi I'm Florian and about a year ago I was playing together with friends in laser tech for the people who don't know what laser tech is you have things in your hand and it's about shooting each other but the whole thing only with light in red to be exact and then I sat together with the friends on a spray and we thought about it with my nerd friends and thought about building something like that one year later it looks like this is our first prototype to see if our idea works and I brought it here too our idea we want to build an open source open hardware laser tech system what you see here is for example this black point that is an infrared receiver you can see a lens on the right picture and exactly the case consists of such plastic tubes exactly what is inside inside is an esp 32 with wi-fi and bluetooth on board the power supply we do a very normal power bank and the system is also an android app and a server that I can explain now why so we thought the tagger names in laser tech they communicate with each other and the tagger again about bluetooth with the smartphone app yeah why actually a smartphone app there was our idea simply that so you could also program the game completely somehow on the microcontroller but then we thought with a smartphone you are just much more flexible what somehow updates are going on and you can use many other features such as gps or so you can somehow hide your gaming area to now play outside and somewhere in laser tech exactly communicate then do the apps with each other via a server yes what is there so far so we have here as I said this tagger prototype is already done it can also shoot infrared and somehow be hit the connection with the app is already there and that is just a simple app that somehow then records that you were hit exactly the server is still a bit there is not so much say i say yes what can i tell you exactly our goal was to somehow make this tagger as cheap as possible so that you can somehow build 20 or 10 of them and then play with your five friends in the park outside yes if you want to do something with it or just follow it here you have a few links to github or twitter to me uh um speak to me so yeah if you didn't understand anything because you're not speaking german we are building an open source laser tech system speak to me if you are interested in it thank you thank you very much time has really flown by we have arrived at our last talk of just camp's lightning talk session i would like to introduce to the stage hn one with janitor so where is there a tweet sweeper on the screen hi so i wanted to talk about janitor which is a site project i've been working on with friends for some years now and a great backstory for this project would be from working on firefox to bootstrapping development environments so that's the title of this of the talk so we are a small team working on this site project the main developer of this project is jan carromness he worked at modzilla when he first created the project he was working on developer tools for firefox and then he moved to typefox to work on gitpod an IDE for github and i joined i joined on the ride for this project i am a sysadmin for janitor and right now i work for the foreign networks which is 90 security company based in berlin and i also worked for a cyber security club in france where whose name is academy and also there are a lot of there are some more people who joined us on the ride and who brought some features some cool features and some yeah some exciting features so what is janitor why janitor we we realized while working on firefox you can't directly work on firefox and put some and have some contributions landed directly in firefox you need first to download gigabytes of stuff like cloning the repository and downloading with your package manager some dependencies configure these dependencies if it's not automatically done configure the toolchain and read some documentation to know about the workflow and so on and you have to do this again and again if you switch from one devices to another if you switch from one operating system to another you will need to maybe learn how it works on your new operating system and if you are just curious about about learning about some projects you will need to read documentation for some projects just for basic for basic commands so with janitor we wanted to get rid of all of that and to let newcomers and developers focus on coding and landing features so if you want to have a look right now it's available at janitor.technology and because i wanted to play it safe i'm not doing a live demo i will i have it on slides now so janitor you can create containers to work on projects right now we have 15 supported projects from firefox to chromium thunderbird and so on you work on in private containers which come fully pre-configured a full checkout of the source code and these containers are ready in two seconds or less you get access to a web IDE and to terminal and to a terminal this terminal gets all the latest tools like git with the latest version gcc and so on you get a full checkout of course as a source code you've got some smart helpers to get you running faster than on your local machine i guess and you get also to do access so if you want to install software in the container you can you also get access to web preview if you want to try out some web projects and you get access also to remote desktop environments if you want to run a just compiled version of firefox for example uh basically how it works behind the scenes we are we need a docker file which we're working from a docker file a base docker file which will be open today and then from this docker file you check out the source code you install your debundant scenes and then that's done it's it's ready to be put on janitor.technology so for this project what's next first we want to update so we want to update the projects to be much more fresher and we want to uh and we want to lend some new features we want also to have some more work for integration so you spend less time reading documentation for basic commands and you spend more time reading documentation for complex stuff which is great uh we want also to add new docker hosts to the cluster so we can welcome more people and more projects uh we i want to add live collaboration feature which would let you uh work uh with people in the same container have the same preview same web preview or same um remote desktop and if you want to have your project added on janitor it's possible uh it's possible you just need a docker file for that for that so if you're interested you can reach us on free node you can reach us on twitter and you can check out on janitor technology and on github thanks thank you so these were the lightning talks for this camp there will be other lightning talks probably on the next cows communication congress and to wrap up all the talks I have to say some thank yous to a lot of people who make all this awesomeness here possible the first thank you goes out to get goes out to get sick who normally does the lightning calls couldn't be here but supported us with a lot of infrastructure please give big hands to get sick for supporting us and of course all this here would not be possible with all so many angels supporting us the translation angels stage managers the heralds the video angels and many many others and last but not least the big thank you to honky who helped me here on stage thank you so much all of you