 So, I already said welcome. So just let me briefly tell you how this works. For those of you who have never listened to any lightning talks and who never gave a lightning talk, how to talk lightning, it's pretty easy actually. Just sit in one of the front rows if you submitted a lightning talk and would like to say something here and get on stage quickly once your talk comes up. I will announce the talks right before they start. And then talk into the microphone like me right now. Do not turn around to see your slides because you'll see what happens. You can't hear me anymore if I turn around. You have a monitor down there, so just look there for your slides if you need to look at them like me right now. Then use the clicker, which always has to remain on this podium to advance your slides just right and left here and stay calm like me right now and deliver your talk. It's good if you finish on time. That's what lightning talks are all about. We have a fast-paced session here with five minutes for each talk, so please finish before the five minutes are over. Receive your applause, profit. How to listen to lightning talks, for those of you in the audience, it's pretty easy, just be excellent to each other and watch the timekeeper. The timekeeper is this thing here in front of me. Can you see it from down there? Can you see it? Yeah? Okay. So watch the timekeeper because this one helps us to check if the five minutes are over or not. Alex, would you like to say something about it? Yes, just a few words, it's very easy to use. It visualizes the remaining talking time, gets it now has two and a half minutes left and it starts in green when you have five minutes left and I will do now a fast forward. So don't panic if the green runs out. If this is like this, you still have two minutes left. The yellow signal shows you that you have one minute left and now when the red turns up, you have 30 seconds left and when we are just like this, the device begins to blink and you know you have been to lightning talks at your task. Five, four, three, two, one, ah, we have to try this again I think. Let's try this again, yeah. You are not awakened here. One more try, five, four, three, two, one, ah, very nice. All right. So basically don't panic if you see all yellow, then you still have one minute. There are translations available for the lightning talks. We have English to German translations, English to French and I think we have a German talk or two, so German to English. I don't know about German to French right now, but we'll see. You can't access the translation via decked phones right now, so please check the wiki with the translations topic or check streaming.c3lingo.org for information on how to listen to the streams and the translations. That's it. Let us two-watt and begin with the talks. Ah, the clicker please. Yeah, one more thing. Please let the clicker on this podium. Good morning Congress. Hello Lightning Talk fans. Maybe we will get the slides somewhere soon. No hurries, early morning still. Good morning. So earlier this year, Sir Tim Berners-Lee did a call for action with quite some urgency because he thought the internet as we know it is in danger. It is in danger because it is centralizing more and more and becoming the playground of a few huge multinational companies. One of the concerns was that we are losing control over our data. So I would like to join this call for action and help doing something again against it. And I want to introduce a software for self-hosting micro-blogging engines or a micro-blogging engine. And I want to talk about micro-blogging very briefly, my narrow use case, and then a little bit more in detail about self-hosting actually. And finally about the software I did, my two-watt. So micro-blogging, I use it mostly for tagging links I find on the internet and storing and building some knowledge archive, a little bit like delicious was back then. And I was using the software of a great French PHP developer, which is very simple and does almost what I want, but it's not that easy to self-host no more. So why do I want to self-host? It gives me the freedom of choice, the software that runs is my choice. It gives me the freedom, which data do I want to publish and what do I not want to publish? It gives me the sovereignty over which features are available and which features are not dependent on the software I use. It's free of legalese, I do not have to accept any terms of conditions because I am the provider of the software. And I do not have to give up rights, so I do not have small print, I do not hand over usage rights of what I post to anybody else just because I post. And it is very much do it yourself. And however it can be scary. There is some entry barrier if you know nothing about it. You have to install things, there may be dependencies, you have to choose platforms. There is security issues, there is an operational red tail, so if things go wrong, you have to take action yourself. And there may be several issues to choose servers or to pay servers. So what can be done about it? My approach is to keep things simple and to do few things that you can take responsibility for because you know what is going on. And I think to that avail it is useful and important to leverage experiences that are there, use well-known rather old technologies that are bear of surprises. Use small code bases and have a good usability for housekeeping tasks. So keep things up and running should be nice and easy to do. Now I am seeing I am a little bit fast actually. Now the software I am about to do which is pretty much a work in progress and will always be and do it yourself manner. It is one file and one step install. Visitors of the micro block just see static files. There is no server code running except the web server itself which delivers flat files. The editor that posts something to his or her own micro block uses a CGI for that. So the one file one install actually is a CGI. I did that in Go for good portability to various platforms so you can easily run this on your own hardware on a Raspberry Pi or in a cloud computer in a shared hosting environment as well. And it delivers atom feeds, uses atom storage and flat file readable. Thank you. Next up is digital information for refugees newcomers. Hi. My name is Ulrike and I work for the non-profit association I rights. We care a lot about consumer rights in the digital age and one of my projects I am currently working in is dealing with a question on researching how refugees can find digital information on consumer protection more easily than it is nowadays. So basically we are asking ourselves the question how should digital information for refugees and newcomers, people new in Germany but also in other countries, should look like. Why is this important? Well, refugees newcomers are also using digital media such as like everyone else nowadays. And when they arrive in a foreign country they have certain information leads like finding a place to stay, finding a doctor, where to get asylum and residential rights and so on but they also have questions on consumer rights. They might not know that it's called consumer protection but what about buying yourself a SIM card, getting a mobile contract, what about a guarantee, what is a guarantee, what are insurances, what insurances I need and so we are researching how we can get more information on these topics out to the people arriving new in our country. This might be important for you as more and more people coming in with migration in society and so you might also deal with the question how to get information, whatever kind of consumer protection or any other information to people like that. And let's start with the research, I'm going to give a few examples of a user research we did. This is one of our focus groups with the Syrian refugees on this photo we are currently using Apple devices, well Apple devices are not mainly distributed in this focus group or in this certain target group so if you really think you want to program an app you might focus on Android first. A second thing, where are we, where are people using the internet, well mainly it's social networks for many refugees I talk to, Facebook is basically the internet, well it's not the internet for myself I have a different standpoint on it but if I want to inform this group of people I really need to go to the social networks otherwise my information will not have the impact as it should like. So if you want to distribute information you also have to have a standpoint on that but you can't totally deny that people are using Facebook or other social media. Then please use plain language, especially in German language we're very used to having long phrases explaining stuff very well, this is not very helpful for people arriving here in the country with some basic German knowledge, also think about Erasmus students so you don't always have to think about refugees and newcomers but other groups like Erasmus students, tourists and so on can profit from plain German language as well. First point, if you're providing information use videos and pictures, this is very helpful for someone to catch someone's attention, especially videos are very well consumed and as I talked about social networks videos and pictures are also well promoted by social networks as content in a better way than just plain text. When it comes to videos you can also use subtitles and this is not only accounting for the mother tongue but also for German language, we found out that many people really like to practice with German and practicing it by German videos and if they can find the German text underneath they can check well did I understand it right or wrong and may have a success story for themselves while consuming information. Last but not least, if you give out information, digital information, please use examples and show very clear consequences, don't use them, maybe be very clear on consequences. Thanks goes out to everyone who participated in the research, I can be found at the Code for Germany example if anyone wants to talk to me afterwards. Thank you. On time. Thank you. So next up is MetaContainer, let me just pull this over to me. Alright. Okay. So hello, I would like to talk about my project MetaContainer that I've made to make sharing resources like USB devices, networks, file system easier. So I was frustrated with the amount of configuration to, for example, share a USB device with other computer while doing it securely in a decentralized way. So let's see how you could do that with MetaContainer. So basically I wanted to make it as easy as possible. So we will use one command to export a resource. In this example, let's say I want to share a file with my friend, a director from my laptop. So I just use one command to export the directory, get a string called reference. And let's say my friend uses another command to mount the directory on his computer. And the reference as you can see on the slide is the long string. And it contains all that is needed to identify where the resource is and to securely mount it. For example, it contains a hash of my public key so my friend can be sure that he is re-accessing what he should be accessing. Okay. So MetaContainer currently has also three other types of resources implemented, remote desktops where you can use, and you can connect to another personal computer with a remote desktop, eternal networks, so you can, for example, bridge to eternal networks to buildings or speaker and microphone support where you can use speaker from your Raspberry Pi to play music from your laptop, for example. And there I have other ideas like sharing USB devices or video or cellular ports and whatever. So basically, my project is an abstraction layer over open source project which are used to share resources like SSHFS, Pulse Audio, Tiger VNC, USB IP, and other projects. So it adds a layer which makes the process secure and, let's say, easy. And also, by using an encrypted overlay network, it makes it makes easy to connect to computers even behind NAT, so it uses NAT pass through and can bypass firewalls to Sarah. And I also have initial support for creating virtual machines and other computer resources that can use the resources which are shared using the functionality I described previously. Like, for example, you can create a virtual machine that uses a file on another host without any configuration except for exporting and starting the virtual machine. Or, for example, you can start a container on a server that uses a network that is running on your, that is in your home, for example. And that's another example why this could be useful. Let's say you have a small laptop that you want to develop a project that uses, for example, neural networks, and you have a fast server or fast computer in another place so you can easily create, run the training session while sharing only the director with your project and nothing else with the computer that is training the neural network. So basically, I used a lot of open source technologies in MetaContainer. I used Nix which is a really nice package manager. When you are building that many dependencies, you want to use something that can do it easily. I used CAP and PROTO which is also a really nice RPC protocol. It is something similar to PROTO buffers, if you know that. Okay. So thanks for your attention. And if you are interested in it, you can visit the website or seek out on the GitHub. Thank you. Thank you. So the next talk is going to be a video introduction into Arduino. Let me see, I have put it on the other screen and let's go. Okay. So I'm teaching a class every day during the Congress on how to solder and then how to program an Arduino. This is actually a video that is much more sped up than it is in real life, just so it would fit in the five minutes of the soldering that we do in this class and the soldering part takes about an hour and then when I'm done with soldering and we've checked that everybody's works, then I go through and I explain what digital input is and digital output is and analog input and analog output and if there is time I explain non-blocking state machines. I also am selling kits and when you're done with this workshop you should be able to program all of the kits on your own with the exception of one that isn't Arduino compatible. So the target audience is really someone who's never soldered before, someone who's never programmed before. And there's also two other classes that are being taught every day over, or not every day. There's one more session of the Intro to Arduino kit that Mitch Altman teaches and in that you spend about three hours soldering together an Arduino clone. If you do his workshop you can use that Arduino in my workshop. If you don't do that workshop I have Arduino's you can buy from me as well. And then there's another power supply surface mount workshop where you learn how to use a solder mask and solder paste and place all of the components and then heat all of the solder. So reflow the solder so that it looks like when you open your cell phone those tiny components when you're done with that class you'll understand how those are all assembled. Only in industry you use a pick and place machine for that. So yeah that's more or less what we're doing over there and you should come by if you want to learn how to solder or you don't know how to program you want to learn how to program. So yep so we can watch the end of the video and you'll see when it's done this is actually me. The hardware hacking area is walk out this room and then the next hall it's the first group of tables on the left. It's a big projector it says hardware hacking area right now or in a couple of minutes probably Mitch Altman will be starting his course actually I think it's in an hour he starts his course. My course is at 5.30 every day except the last day it's at one o'clock. Any other questions yeah. So basically I also teach you how to unsolder things because in general and also Mitch will teach you that too because invariably someone puts on a component backward or fills in a hole and then we test it and the end video is testing it and the end of the video is testing it. All right so if there are no other questions would you like the video to run to the end or is it. Yeah I mean it's cool to see how it's tested because a lot of people don't realize that it does stuff but yeah my talk part is not really that long. Yeah no problem. So this is actually an LDR which is a light dependent resistor so it can detect what the current light state is and that's the analog sensor plug it into your Arduino and then when it's done this is going to be the test program where it works as a night light and you can change it into all these different colors because it's a RGB LED so yeah you can stop it if you want it just goes through a bunch of different colors at this point. Thanks. Thanks a lot. Next up is a child growth monitor. Hi my name is Marcus and I want to introduce you to a global problem which is UNICEF study from 2017 says there are 3 million children dying of because of hunger every year so malnutrition prevents the development of brain and body of over 200 million children and affects generations to come but hunger is not simply a lack of food it's usually a more complex problem and at the root of it is a lack of information so is this child malnourished that's not that easy to answer the question parents and governmental frontline workers often fail to detect even death threatening severe malnutrition in children way too often children die because they are brought to the hospital when it's already too late in fragile countries like South Sudan and Madagascar governments and NGOs often don't know the magnitude of crisis and where exactly help is needed so in chronic situations like in India with over 40 percent of malnourished children regular nutrition service of millions of children are needed there is a standard method of measuring but it's expensive and even worse it's very time-consuming the people who do the measurement have to be experts that have to undergo regular training and actions of the capabilities to measure children precisely and accurately so how do we detect malnutrition today the standard system has three to four parameters it's the age of the child the weight the height there's also the middle upper arm circumference a rapid and cheap indicator but prone to errors and not enough in itself of the four the biggest challenge to an accurate measurement is the height of children children are moving and especially in crisis is very stressful for both the children and the parents if two people need to hold down the child on them to measure it against the wooden board it is hard to read the data and to process it correctly in the field so one centimeter can be the tipping point but what if you could do a standardized measurement just with your smartphone no additional cost no experts needed accurate and precise feedback in no time that is what we are doing we are building a mobile solution that is quick and easy to use with high accuracy and we are doing it non-profit publishing all source code under gpl v3 this picture is a real measurement of my son done by an early prototype the google project tango smartphones we're using do a projection of infrared dot pattern for a 3d point kill three times per second it's the same technology that is used in microsoft connect and apple space id hardware the tango api was a foundation of google arco so if you are familiar with any of that please come talk to me afterwards we currently use a convolutional neural network to detect humans and their body parts in regular rgb video and automate the measuring process and we could possibly build predictors for the weight of the child and unhealthy even life-threatening conditions like wasting where children lose fat stunting where children can't develop healthy mind body and overweight which is a rising problem everywhere in the world we are starting the first beta tests in india in march and we'll do a pilot on three locations in india from april to june in this areas we expect 40 malnourished children and two percent with severe acute malnutrition by simultaneously collecting data from the standardized nutrition surveys in the field we want to feed an online machine learning system to get better results over time so we have a budget for the pilot 2018 we have a partner organization that are experts in the nutrition service we are working on a scientific board we have a google fire base backend we have a first generation of convolutional neural network a prototype of the app using tensorflow and project tango and we will publish the software on github today on the gplv3 so we need you we need uh if you want to contribute please contact me via email or attend the meetup today at 2 p.m at the fernse turm at of sea base and we need more people building the app uh the backend and the machine learning part um like data scientists um experts in augmented reality solutions um if you have uh interested interest in that area uh if you have knowledge if you have just enough time for a talk or want to contribute minutes hours days of your time to this i think very uh important course then please contact us and uh i brought uh we brought six project tango smartphones just like any of the three teams in india will use we also want to host discussions about of course the technical implementation but also ethics and privacy issues so thank you for your attention and uh contact me thank you true thanks so next up is going to be libero silicon there it is let's go okay okay um hello my name is david lansenthalo i'm the CEO and founder of the startup Lensville Technologies we have a small station startup and we started to uh cooperate with other companies in order to break the monopole of this big semiconductor manufacturers so what we are doing we want to make free and open source semiconductors that means you can build this stuff in your basement if you like because the specification and of the process and the technology you can just take any design from the internet and build it in your basement um also the gpl turned out to be not really sufficient for covering semiconductor processes and technology so we have worked out with some friends of mine who are lawyers the libero silicon public license which is basically in essence the gpl but specifically also covers the cases of how do we manage design to physical products um yes and um we've also want to introduce a smart contract version of the rm scheme in order that everyone can actually earn money by developing free and open source software so why are we doing this um mpw's um for the people who are not aware of what that means it's multi-project wafer and this multi-project wafer shuttle services cost around twenty thousand dollars or more and take minimum two months and so if you want to design a microchip you are on it for years and pay a hundred thousands of US dollars and uh you're not free to build your own chips at home even so you've designed it because you don't have the design files and sometimes the manufacturers want NDAs from you and for the NDAs themselves so it's totally insane and paranoid to market so you see this closed market has limited the development of uh semiconductors so the the market is continuously falling because it's expensive and only big companies can afford developing semiconductors so we work together with the projects a lot of open source projects would have a lot of different parts of this toolchain we developed um are developing and please join there that's my company down there this big logo uh this Lensville electronics um yeah and as I mentioned we want to reward IP developers uh using uh uh democratize the democratized decentralized uh solution on any middle man system like Ethereum or whatever is a way of life so we're gonna rent to make the hardware part happening we rent out the clean room and equipment from your Hong Kong University of Science and Technology that's pictures from a Navasta recently to negotiate uh renting the room and we can build basically the whole CMOS process with flash and RAM is everything there and uh we also have uh we have been working on an EDA a fully integrated integrated development environment to develop chips that's QtFlow down there in the reference so uh in the back end we use gray wolf Q router uh Eco was very lock all the open source tools all here also linked in my presentation slides that's screenshots of the tool the toolchain we developed so on the very right you see a pad frame with pre routing and on the left you see a text editor and in the middle signal viewer so the simulated circuit so we have some issues and we need your help so please um uh come to me afterwards if you know some at C++ QT or C and or very long and please help here please contact me thanks thanks thank you so next up is known beacons where is it known beacons wifi automatic association attack okay hello guys uh I wanna start this talk by asking you a few questions how many of you have stayed in one of the hotels mentioned on this slide please raise your hands okay I can see most of you have uh how many of you have ever set up a chromecast device this is a Google device that allows you to stream what you have in your mobile device on your television I can see a few hands again um how many of you have ever visited a hot spot that belongs to a phone network if you don't know what a phone network is is a kind of situation where you can share uh some of your bandwidth and uh in exchange you can join wifi for free okay I can see some and finally how many of you have connected to the insecure wifi network here in the congress okay I can see most of you have um so if you raise your hand and I think most of you did then you may be vulnerable to an attack that we call known beacon attack what we do there is that we spawn a rogue access point um that actually broadcasts dozens of beacon frames what is a beacon frame a beacon frame is the message that the access point is gonna sound to everyone uh in order to announce its presence so for example if you open up your network manager from your mobile phone and you see 10 networks around then there are 10 different beacon frames around so what we're doing is spoofing faking these messages and uh we try to simulate an environment where like dozens of networks around um these networks are of popular open uh public uh networks so for example all the hotels that we mentioned earlier uh phone type networks common ESS IDs ESS IDs the actual name of the network like public airport test uh we can brute force so if you have set up a Chromecast you probably know that in order to set it up you need to connect to an open network uh that it has uh as an ESS ID Chromecast and then for integers that we can brute force uh and many others this dictionary is actually getting bigger and bigger thanks to the contributions of the wifi feature community and uh the effectiveness of our attack is actually based on that what is gonna happen so as soon as we broadcast these beacon frames if you have the default settings that means that you have the auto connect flag enabled the auto connect flag is a special flag that allows you to connect to the wifi network you know you leave the area you come back and you see your device that has connected to the same wifi network so we exploit this flag and even if you have connected once in your life with that device uh on that network then you will automatically connect to our rogue access point and then we can mount further attacks we can do data sniffing we can present phishing phases and so forth and so on uh someone may ask isn't this the karm attack the karm attack is a very famous attack that exploits the active scanning for networks that the stations have associated in the past but this is not the karm attack most network managers nowadays have patched are protected from karma because they don't do the active scanning they do the passive scanning they won't send probe request frames for networks that they have associated with in the past this attack that I'm describing right now the known beacons exploits only the auto connect flag that means that even if your network manager is not sending probe request frames like that uh for previously connected networks it's still vulnerable and uh all network managers currently are vulnerable to this attack except from windows of course again the effectiveness of this attack has to do with uh how huge dictionary I'm going to I'm going to use and uh if the victim has connected to one of the networks uh that I have in my dictionary uh so this new feature will be included in the new version of wifi feature version 1.4 uh which is going to be released in the upcoming days uh we have passed host APD for doing this uh there are many new features and uh I want to thank everyone who helped with this new release and specifically the wifi feature core developers Brian Smith and Anakin Tang and everyone else of course you help that was all thank you very much thank you next up color based network analysis hello everyone good morning uh my name is Florian and I want to talk to you about colors and networks can I start? Is there a problem? Can I start? Yeah, yeah, yeah. Okay listen moving okay thank you um why I'm doing this uh nowadays uh networks are about protocols and protocols are defined either they are defined openly uh and we can read them in rfcs or they are closed source and proprietary and we have to some kind of reverse engineering and trying to figure out how can we get into it and how can we use it and uh one thing that came into my mind is MIT found out that if a if a human body is seen in an object it's quite faster to recognize an object in a picture than reading a text and finding this object in the text so uh I think it's more efficient to see a network in a different way than we used to at the moment at the moment we often use wire shock or TCP dump stuff like this and parse all the network information reading stuff and finding the right point or the right bit what I'm trying to introduce is uh we need we take the the bits and bytes of an IP packet and form pixels so we have colors and uh in the front you can see I cut the IP packet or take the IP packet put uh three bytes together into one pixel and this for the full amount of the IP frame so up to 1500 bytes uh and this so you can create structures and patterns which are really great I think and here you can see the difference what will happen if you vary the number of bytes from an IP packet you put into a pixel at first on the top level I put 24 bits of an IP packet into one pixel that's the maximum because we have the RGB which uh takes uh up to 8 bytes and uh in the second one I have uh half the amount of bytes I put into one pixel and in the last button picture I used just one byte so just black and white um I see the point that uh if we take the full color range uh of RGB as a human we don't see the difference between uh some colors but uh if machines if machines uh take uh a look into it they see the difference and say maybe they can see a difference so here I can show you a simple example how it will look like um I think most of you used some time for uh VoIP and there are different speech codecs and uh you can see um without a further knowledge about PCMA and uh all the speech uh codecs how they can be efficient and how they can be used and uh lower one you can see uh the PCMA is not using the bandwidth as it should be there are a lot of space that is not used so there's a tool out there and this is how it looks like if you run it on the Wi-Fi at the moment um if you take a look at it at the first moment I see a lot of scared faces but don't be scared it's just regular uh patterns and uh structures and if you take a look into specific ones uh you see structures and counters and everything is quite smooth and simple and you can see quite easily what is happening and what is what is not happening I see totally the point that uh you don't have the information uh if a color changes what is actually happening but you can identify it more easily and more efficient for example um I like Viashark the Viashark is really great uh for this example I extracted an ICMP stream and uh two packets are modified and with Viashark I'm it's very difficult to find the differences in the packets and uh on the right hand side you see the same information just in colors and I think everyone can see the orders everyone can spot uh where the colors and changes and where the difference are made from the Viashark point of view everything looks the same but uh if you take everything into colors you can spot it at the point where something is happening and take a look close look into it so if you want uh try it out give it a try take a look at the code uh it's online uh have fun and make more colors in the network thank you thank you uh I forgot to mention we'll have a 15 minute break at 12 30 so from 12 30 to 12 45 next up is Hacker Iggy. Good morning my name is Ayubo uh uh apologies for having this talk in German now as it addresses purely and solely German legal circumstances and issues the talk is about cooperatives or genossenschaften auf Deutsch und was die für Leute wie uns tun können um ich treffe seit jahren immer wieder leute unter uns die haben ihren ganz stabilen Brot und Hauptjob und machen nebenbei sinnvolle Dinge für die die Nutznießer ihn gern ein bisschen geld geben würden oder auch geben und sie haben ein latentes schlechtes Gewissen deswegen nämlich weil die Menge an Geld die da pro Jahr so zusammenkommt so eine richtige eigene Firma mit Buchführung Finanzamt Steuerberater und so weiter nicht so richtig rechtfertigt aber es ist auch zu viel ums dem Finanzamt nun einfach mal zu verschweigen und zu sagen naja gott waren Freundschaftsdienst ich kann auch Leute die betreuen irgendwelche Webseiten oder ähnliches und wollen dafür seit jahren mal Geld nehmen wissen aber nicht über wen man das machen kann ich selber bin podcaster und meine Hörer würden mir gerne und tun es manchmal auch ein bisschen Geld in Hut schmeißen dafür braucht man auch eine gewisse infrastruktur die sich bei denen umsetzen solange es im Hobbybereich ist aber wirklich nicht lohnen trotzdem wird es mich freuen wenn ich mal ein bisschen hardware oder so kaufen kann was braucht man also eigentlich man brauchen unternehmen in dass man nach bedarf ein und austreten kann wo man sich gegeben falls zeitweise sogar anstellen lassen kann das muss ja nicht gleich ein riesen job sein mini job tut es ja vielleicht auch wenn man pro Jahr pro monat ein paar hundert euro einnimmt oder so und man brauchen unternehmen was diese kleinen gelder einsammelt und möglichst verlust arm weiter leitet entweder einzeln über eine anstellung oder aber kollektiv außen im gemeinschaft stopp voraus das ist eine geschichte die gab's früher auch schon schon zu kaiser seiten hatten leute dieses problem handwerker heimarbeiter bauern klein händler mussten sich zusammentum um sozusagen ihre admin kosten sinnvoll und für sie vertretbar zu gestalten und überhaupt um überhaupt gemeinsam mal zum beispiel einkaufen zu können material kaufen zu können oder sowas die lösung heißt genossenschaft ein gesetz aus den 1890er jahren und wie ich meine zu unrecht ein bisschen vergessen und viel zu wenig benutzt ich habe diese idee schon vor einigen monaten mal vorgestellt wir sind inzwischen so etwa 20 leute die sowas vorhaben wir würden gern so um die hundert werden damit das ganze zu vertretbaren kosten fliegt und allen auch spaß macht das ganze ist realistisch wenn es eben viele gründer gibt viele mitglieder in der genossenschaft die in kleiner menge grundkapital geben und die ingang setzen kosten teilen und es brauchen natürlich auch ein paar aktive mitgliedern par sind wir schon ein paar mehr könnten es sein deren umsatz ohne schmerzen den laufenden verwaltungsaufwand bezahlt ich habe mal grob gerechnet falls in grüßenordnung haben wollt wenn man kleinbeträge auf diese weise vereinen haben will da muss man damit rechnen dass so um die 20 prozent für admin draufgehen das ist relativ gut bei kleinbeträgen und natürlich müssen die mitgliedere genossenschaft lieben und ihr helfen also wir müssen natürlich unsere website selber aufsetzen unsere services selber hosten unsere front-and-back-amps selber schreiben denn beispielsweise typisches problem wenn ihr sagen wir mal ein kontainer elektronik bauteile importieren wollt dann ist ja auch mal ganz gut wenn man arbeitgebersprich die genossenschaft hat die nötigen identnummern hat und auch dafür braucht man schnitzstellen und braucht man informationen was heißt das konkret wir brauchen 100 leute die ungefähr in hunderte in hutschmeißen damit die ganze sache anlaufen kann es dauert ungefähr ein halbes jahr und wir brauchen initial so um die 50.000 euro umsatz im jahr damit das ganze sinn macht was sollt ihr jetzt machen falls euch das interessiert sollt ihr mir mail schreiben schleichwerbung mein podcast ist mein einziger mailserver und als betreff dieser mail bitte nur das wortinteresse schreiben dann kann ich das pasen und filtern und dann anschließend eure kontaktdaten einwerfen wenn ihr eine lang versionen und mehr folien haben wollt dann guckt mal auf media ccc.de nach hecker eg da findet ihren vortrag von mir auf den datenspuren den letzten wo ich das ein bisschen näher erläutere und paar mehr informationen gebe ansonsten keine fragen sind zu dumm ich werde um halb eins da auch weiter sitzen und ihr könnt mich gerne ansprechen erreichbar bin ich auf twitter unter etta juvo oder wenn euch das lieber ist auf 3 ma unter dieser id hier vielen dank danke so next up is a radio badge talk with their own hardware I'm pulled I told him it goes out of his five minutes okay so this is going to be a demo which means what try to attach this computer to the output let's see it looks good video people could you switch to the VGA podium feet did he bring a VGA hardware he's pointing at you I don't know what he means can somebody whistle the jeopardy melody so this is what happens when you bring your own hardware I can also try the digital output yeah use the digital output always digital is always better walk can you switch the video feed I'm outputting something so you are apparently outputting something I'm sorry if you can just start talking maybe alright so you might remember the radio badge from last camp and we are still developing firmware for it and the hacker F crew has made a new feature which is high-speed frequency sweeping available for the hacker F and I've spent some time during this summer trying to port the firmware and today we finally got it merged into a special branch of the heck of the radio firmware and it oh yeah all right there you go so here you go this is the radio and 30 C 3 3 30 C 3 3 30 C 33 C 3 on the way back I decided hey let's make the radio cyber again for you guys and we had a look okay hacker has a new firmware and this is a screenshot of it you can sweep frequencies pretty fast it's actually implemented inside the form of the hacker F to allow fast changing of the tuned frequency and then display a power spectrum on the PC so we've added this to the firmware as a special program made called Q spectrum analyzer it knows the hacker F and it therefore also knows the radio and if you add the right firmware to your radio you can use that it's in the opera merge branch at the moment because that's one of the features that the hacker F is also adding it requires a C P L D update of your radio check the hacker of documentation how to do that and ideally you do a clean checkout of the firmware first to build it and now we can have a look if this works so I've already programmed it and if you launch your spectrum analyzer you've got a frequency selection start and stop and if you say start okay this is now coming live from the radio over here this is the Wi-Fi frequency band you can see a 2.4 gigahertz it starts going and then 2.4 8 gigahertz there's a sudden drop and that's where Wi-Fi ends the upper 20 megahertz over here are not used so this is a 100 megahertz span and it's pretty fast we can also have a look at maybe some frequencies which are related to GSM from 800 megahertz to a thousand megahertz maybe so that's a 200 megahertz span it's a little bit slower here in the Wi-Fi frequency region we have a much faster scanning rate than in the other frequency regions but you can see over here there's obviously some GSM activity going on this one probably too and if you reduce the frequency span that's a from around 800 to 900 you get a little bit more speed so we scanning around 1 gigahertz per second the hacker f can do I think around 6 gigahertz per second still working on making this faster but it's pretty good already and it gives you a nice overview over the spectrum and you can do arbitrary large ranges here so you can go let's say from 100 megahertz to 2,700 megahertz and it gets slower so this will take around 2 to 3 seconds now to complete but you can get an overview like with a real spectrum analyzer of what's going on around here alright thank you very much and the hacker f are guys are also doing nice USB snooping attacks using their new board and that radio actually has two USB ports and forget that if anyone support that you would be very happy thanks you there's going to be another talk with their own hardware so we see how the setup works there it's about hacking a piano all right there we go hi let's go okay so yo my name is going to fight and this is my piano well not exactly this is the entire piano but this is the electronic part I thought like a few months ago well this is piano it's nice it has a new USB port and you can do pretty much whatever you like with a new USB port so I decided why not try to hack it and take control of one computer with it so I'm just going to demo you I'm not going to touch anything just change to another screen and just plug it in it's actually supposed to do audio right now but the audio doesn't seem to work too bad it was supposed to actually play the Flintstones anyways and well basically the a while ago you have like a month ago you had 14 USB kind of exploits that got out in October for the Linux channel and most of those are denial of services basically well you have use after three years you have memory correction etc. I didn't have the time to look at them but what I can tell is that you could pretty much exploit one of them with this piano and get to a cannot exploit you in a piano cannot to cannot exploit so I'm lucky to me and finally I mean a video about the subject on oh actually how this piano the like the update system basically compass just two strings to check if the update is correct so you can pretty much have your own update through USB doesn't even need the data and it makes no sense it's actually fairly easy but if you want to see how I actually did that and how it works inside out or an introduction to hardware king well you can check this video on a note it's it actually makes no sense this piano actually makes no sense so like you have access to the data I do the same thing with data so don't try to apply it to any subject I try to give a broader view but please just research your subject if you want to do how do I can thanks and they like if you're here I've nice day and see you later thank you so this is what we have until okay welcome back to the lightning talk session the second half starting with living on a dollar a day I make a silent talk I have speak a lot of yeah a lot of words and I've shown people a lot of things I will give you one hint keep in mind it's paid by our taxes and we have also yeah we are also a part of the problem as is a instiller talk as you see the pictures we have we pay this fuck up from our taxes we are heard in the world we are hackers we can do something please help to stop to waste Africa many many thanks thank you so next up one of the usual usual suspects of lightning talk sessions TD RM good morning I'd like to talk about TD RM the Tihonksh dual radiation monitoring system I gave a similar talk last year and I will give you a brief recap Tihonksh and dual are two nuclear power plants closely to where I live in Aachen and they've had several autoges and have false fissures and this is of great concern to us because in case of radioactive followed not only Aachen but entire North Korean Westphalia is in danger we decided to play a part in making our region safer by providing sensors these are distributed in a strategic locations around the power plants and we get measurements of radiation so what's new first of all it's not just us there are several other organizations that play a part in protesting against these power plants for example here you can see a human chain from 50,000 people from three countries or the projection of the message stop Tihonksh and dual onto the nuclear power plants tower also the usual things posters protests what have you so what did we do first of all we decided to improve our website to reach out to more people to make the data easier to interpret easier to read we had a project project with students from the faculty of media of the University of Applied Sciences in Düsseldorf that created a web app that not only shows you information and details but also measurements of the radiation that you can interpret at first glance how did we get these measurements at first we used PI GI boards so Geiger Mulder tubes and Raspberry Pi these had some problems due to the high voltage supply so we decided to switch to semiconductors which are unfortunately more expensive and less accurate we fixed the problems we are back to PI GI now we get measurements and create a sliding window average which is sent encrypted to our server earlier this year some physics students approached us they're building a highly sensitive gamma sensor this sensor can distinguish different levels of energy and those allows us to recognize different isotopes it's a work in progress there are prototypes and we're looking forward to use these new sensors so what happens with the data first of all we provide raw data you can see measurements for every station for every cluster of stations for everybody who wants to analyze the data in more detail and as already shown we have easy to interpret renderings of the current readings for people who just want to know whether they should run away and we have some data that's also easy to interpret but more detailed for example for catastrophe management this is important to us as going the official way with all the bureaucracy involved with communicating with Belgium authorities and so on takes hours which is too long so we provide data in minutes we're still working on how to get all these information together and how to display them it's a work in progress but we're confident that we'll have a good website later so in summary we started a tech project the whole thing gained a lot of momentum not only we but also other organization reached more people drew more attention to the problems we provided a simple method to get data and this enables us and others to raise awareness and start a discussion about these problems so what's in store for the next years we dream big we want to also correlate our information with wind and weather data we want to reach more non-tech people the normal people for example with social media and other channels we would like to provide a failed proof network which is more difficult than it sounds because in the case of nuclear disaster we have to ensure reliability and of course we would always like to improve the sensors and the distribution of sensors more people better collaboration with most of these things we aren't the experts so if you know anything about any of these things if you're enthusiastic about making the world a better place to what come to us talk to us we are at the fifth assembly you can contact us via email the project has a mailing list I am the Stoital beer on Twitter you can reach me there and also thank you for your attention thank you next up the story of it room how it room got taken down for a day good morning everybody well I'm a student at all university and also a network administrator and I want to tell you a story how at room got taken down for a day and I assure you it's quite peculiar so first the scenario imagine you go into your office on a Monday morning and users start calling in and claim at room isn't working well first you think well it's got to be the users fault except it wasn't at room somehow had stopped working over the weekend and I want to invite you on the journey and how we fight for the issue and how we fix it well the first thing you do is you try to associate your own client with that room and see if it's working and what's not working if anything is going wrong and what we found was that we were not getting an IP address so of course it's got to be the DHCP server ain't it well except it's a little bit strange because actually we monitor our DHCP server quite closely and we didn't notice anything strange happening so it was not the DHCP sir we locked in on the box and we didn't see anything wrong with it so we started sniffing the network and hope that maybe we find the issue there and I'm sure you all have seen such a wireshark trace but before we analyze this I want to give you a quick reminder how DHCP works if a client joins a network it basically shouts into the network via broadcast hey is anybody there can anybody give me an IP address and some information on the network and whatnot to which a server replies with an offer so basically it says hey you can have this IP address take these settings and whatnot and this is followed by the request where the client request this specific IP address and the whole thing is concluded by an acknowledged so what do we see here well at the marker we see a DHCP discover we see twice strangely but there's the offer missing so something is going on in the network strangely enough when we did the same sniffing at the DHCP server side we saw that the DHCP server received all discovers sent out all the offers but the offers never reached the client so at this point you start to sweat as a network administrator because obviously what what is going on what is going on you don't know so what we did was actually well this is another slide where I can where I can show you again the offer was missing it was not received by the client we had to trace the way of a packet and this is very short we did a lot of things to actually find out whether packets were going if you're interested in how we did it and how we correlated all the forwarding databases entries and so on you can visit me at the at the open knowledge foundation assembly when we trace the packet of well first a quick word on our network we have a highly redundant structure in our university with about 1400 switches everything is redundant and connected into loops so obviously we have to use spending tree protocol to ensure that there are no loops in the network and only one path is active and as you can see here there are multiple distribution switches and then at some point there are access switches where the clients are connected so what happened was that one the DHCP server that you see over here sent its offer it should go the red way to the cell phone down here but for some reason it was not going that way and it received I was received by a totally different port where I drew this little cloud now the first thing you do is go to the office where this port is located and have a look what's on this port and this thing was on this port so this looks quite interesting this thing here represents the back end I rebuilt it in our assembly so it's not exactly what we found but this thing here with is the back end we had a netgear switch and there we have a disassembled Cisco access point that we wanted to fix because we don't have support contracts for them anymore what happened is that we didn't know what to do next but then one of our colleagues had a closer look at the whole thing and what you notice is that this access point is not powered well there's no power cord connected it this is not a power over ethernet switch so actually it should be fine except it wasn't because when you take a closer look at the netgear switch you notice the port was up so how the hell can that happen well it's quite easy the netgear switch obviously or apparently has a mass shielding problem so over the shielding of the ethernet cable and the voltage supplied by the data lines the access point got powered up but it got not powered up entirely so what happened was that the networks with the network chip on the access point got pulled slightly up which caused all of its inputs go to a high impedance state which caused it to reflect on incoming network packets so this little switch here negotiated a 100 m bit link with itself so I talked about spending 3 first usually if you have a packet reflection your network going on spending 3 notices the whole thing and blocks a connection except on this port we used it for testing purposes and disabled the whole thing a few months ago so you see the whole thing was quite peculiar what happened well the client sends a DHCP discover to this point everything's working fine the discover reached the DHCP server at the same time the discover reached the access point the access point reflected the whole thing while the DHCP server wasn't processing the packet and this cost because of the reflection was the same source MAC address that all forwarding database entries in all switches in our university flipped through this one peculiar port and all answers were going to this port and this is how at a room got taken down for a day by an access point that had no power thank you thank you next up BT mining or data mining in the parliament okay hi everyone I'm going to be briefly talking about a data set in search of a problem that it wants to solve so here in Germany we in theory have some open data stuff so for example in the last coalitions contract between SPD and CDU they said yeah we want to make our state very transparent and we want to make all our stuff available and so on which is funny on many levels and they never did it in the end so what does exist is the parliamentary documentation system and that is a system hosted by the Bundestag that contains all the all the agenda items all the laws that were drafted and all the protocols from the from the plenary sessions that basically contains everything but since it's run by a state institution that basically has no API it has no capability for bulk downloads it is PDF documents so it's not very machine readable and it has no nice way to get access to metadata so there is some external system that has metadata but it uses different identifiers and in the end it's less work to just basically scrape the system as is so there are some upsides to the system the PDFs actually do have a text track going back to 1946 so to the first session of the German parliament they have a text track with very very good OCR so it's it's really nice I haven't found any errors so far and the URLs where these PDFs are saved are highly predictable and they have a decent HTML website that can be scraped fairly easily and they have a very friendly tech team so I basically called them up and I was like do you have some capability for bulk downloads and they were like nah we don't have that but feel free to scrape but just do us at night so that was very friendly so the result is roughly 500 lines of code of python that are released on the URL shown here I downloaded about 19,000 Kleine Anfragen which is for the people not from Germany where political party can ask the government a question and the government has to answer within a certain time frame then there are around 10,000 draft laws, 4,000 plenary protocol and in total about 130,000 documents, 76 gigabytes, SPDF and I think I deleted the .txt version by now but yeah I also for good measure just put a backup of everything on archive.org just in case our democracy ever goes missing and then we'll have a backup so what's next I have no idea what I'm doing so I have no idea about machine learning I have no idea about text mining I think there could be some really cool things you could do with this data set but I don't have the skill set so that's why I'm here if you have a cool idea what you want to do with this then you can grab the data set using one of these methods you can download it from the internet archive using the IA Python client that they provide it takes quite a while it's actually faster to just scrape it again from the back end because the internet archive is so slow but do it at night you can grab it from my server of HTTPS as TARGZ files if everyone does that at once my server will go down so maybe do some rate limiting and you can obviously collect it yourself there's the source code and yeah only run it at night and I think that's already it so if there are any very quick questions I don't know if we can do that I can't do it because I don't have the space on my laptop for this right now but if someone wants to do it and and send me the information I can tweet it out on at Malek's Marvel on Twitter so M-A-L-E-X-M-A-V-E I forgot to put it on the slides apparently okay great and I'll put the link on the on the URL there the more Velkomuta.de all right thank you very much next up is Imperfect VR so hi I'm creative coding and this talks about a project called Imperfect VR VR is relatively still relatively new for most people and they have questions like this or this one I live in Brexit Britain so this is an interesting question or even this question this is also like you see it's a British tabloid so you see how they how they depict the evil scientist evil and but what people are looking for in VR is actually this so this is VR face and most people would like to buy VR face you pay someone some money and they they give you this and okay there's something wrong with the slides so Imperfect VR is about a different approach to VR it's about the idea that everyone can make can create a VR and everyone means people who who don't have coding experience I started Imperfect VR as a workshop at electromagnetic field last year and I've given 10 workshops so far and most of my attendance I have never coded before and what we are doing in like about two hours is basically do a hello VR world and it's it's quite underwhelming it's not it's not something really amazing but this takes like two hours to code and and to set up and basically I show you the the whole workshop basically this is this is the code that we are writing so the all the things that you need is a you need a smartphone you need a cardboard that you can that you can laser cut yourself or build yourself and you need a framework called a frame which is open source made by people from Mozilla and then you can create a VR and you get a VR interface but this time you have made it yourself. And oh that's that's the wrong slide sorry. So coming back to that idea that we we we think about like where do we get our where do we get our our media from where where do how do we get access to media and this is the people who who sell you VR and there there is I don't have like personal issues with Mark Zuckerberg to be honest but the question is what is what is the reason behind it what is the reason behind building these things and these are the wrong slides I have to go very fast so this is this gets a little bit uncanny and imperfect VR is a different approach it's in fact we are basically looks like this and it's made by us it's made by you and it's comes from a culture of VR that is about a medium it's not it's not just a business and this culture has been around for a long time this is from from the 90s and it's coming back again this is this symposium by arts and code which ran last year there are artists like Jeremy Bailey and Tim Sega and there's glitch art there's a scene who uses glitch art in VR this is hyphen lab another strong voice in in this field and this is Jane Gauntlet and this is be another lab and this is Torsten and Sara Lisa Fogel was disconnected Torsten spent 48 hours in VR and this is the dream machine by Brian Giesin it produces flicker so you get your own virtual reality and haptic feel by Chris Salter a marshmallow laser feast the constitute tapfobos and this is a weird sense hacking experiment so to wrap it up it's our choice the creators and inhabitants of virtual vaults you decide if you want to buy your stuff from large corporations or if you want to do it yourself and you choose to what this is imperfect VR and I'm creative coding thank you thank you next up is Viper on Rexus he's coming all right let's go hi I'm Harry and I will talk about the Viper experiment flying on board a Rexus rocket what is the Rexus program Rexus means rocket experiments for university students and it is a program by DLR and SNSB the German and the Swedish Space Administration and it provides the possibility for students to build a space project with a full project cycle about one and five year from the first proposal of our reviews and documentation and so on to the rocket launch the rocket itself it has it has a mass of 450 kilogram and a poji of 90 kilometers so it provides around two or three minutes of time for experiments in microgravity and it has just a payload of 55 kilograms so here there's space for around five small experiments here it will start from the European Space and Sounding Rocket range S range it is in Kiruna northern Sweden our rocket will start in March 2018. Our concrete experiment Viper the project as it means vaporizing ice penetration experiment on a rocket and yeah we penetrate into ice and allow pressure and low gravity environment and want to collect some data about the ice mating process there are a few interesting things because below six millibar of pressure the SNL liquid phase so the ice will supplement or vaporize instantly if you melt into it yeah we have some research groups doing numerical simulations on this process and we want to collect the data to verify those simulations these are common conditions in space applications and we use this to simulate an Enceladus like environment but what is Enceladus let's have a look. Enceladus it is Saturn moon it has a rocky core with a global ocean around this rocky core but over the global ocean there's a big ice crust and yeah liquid water can be very interesting for the search for life and you have to go through this very big ice crust if you want to get to the liquid water so there's a project the Enceladus Explorer Initiative mainly by the DLR and they try to build a lander for a possible mission to Enceladus and yeah we do some research for them. A quick overview of our CAD I cannot go in detail because of the time the hard part is this gray unit in the middle it contains three small ice cylinders over it you can see in yellow and red the heat probes formatting to the ice they are pressed on the ice by springs on the blue and as the blue unit with the ice cylinders and the green cupula above it a completely closed unit so no vapor or possible liquid water can escape into the rocket module it only can escape through the venting holes to the outside of the rocket reasons for participating in the Rexus project you learn a lot of stuff your university can't teach you practical stuff but also things like interdisciplinary work and working in bigger teams you contribute to relevant research public published papers and so on and you meet people from all over Europe you can travel around and last but not least you are two weeks at S-Range Space Center so if you have the chance to participate in such a project two word. Thank you. Feel free to contact me if you want to have further information thanks. Next up is unlock your inner clock from solar restrictions. You please don't pull out anything there. No, no, no, no. I just broke a lamp, right. I'm sorry. It won't be an actual lightning talk. So, but it will be about light so after 10 years of watching CCC videos I thought it's time to throw something back at you. What I want to tell you about isn't new in fact it's really old. I thought the first time a scientist talking about it on TV like 15 years ago and the studies itself took place in like the 80s. So, yeah, that's not new. I've been preaching about it to everybody I see and it's getting a little bit more traction lately but still people do not use this kind of energy source to the full potential. So, here's the thing really quick. Have you ever wondered why people sleep at night and are active at the day? Some of you might think well isn't it the other way around but you do realize most people work that way, right? Also, people are more active in the summer and have a better mood in the summer and have a less mood in the winter. They sleep more, eat more. Some say they even get depressed. So, why is it? There must be a reason. So, some say it may be the warmth but you can turn up the heat and feel like summer. It may get your blood flowing a little bit but it's not the same. Some say vitamin D but you can't eat vitamin D and feel like summer doesn't work. So, what is it? Well, you've experienced this a hundred of times and see it when the spring comes, days get longer. Everybody's going outside, sitting in front of the coffees. Everybody's raising their head in the sky to get a tiny fraction of sunlight. So, obviously it's the light but what is the difference between sunlight and every other light you have around you? Well, you see it here like this is a light bulb in the natural sunlight and you see it then the light bulb almost have a completely lack of blue frequencies in the spectrum and that is how most artificial light is and that is a really stupid source to have around you as a daylight source. So, because by the amount of the color blue that is how your body distinguishes between night and day, between summer and winter. I'll tell you really quick how that works. So, you have receptors in your eye like for seeing, like for the colors blue, red, green, some for brightness, some for movement to trigger your attention when something's going on on the side, all these signals, they go into your seeing nerve into parts of your brain where imagery is processed, right? So, but you do have receptors in your eye that only receptor color blue and the signals, they do not go into your seeing nerve. They go not into parts of your brain where imagery is processed, they go right back to the ancient root part of your brain to an area called supra-chasmatic nucleus. Comes from chasm, a Greek word for sun. Supra-chasmatic nucleus and when the blue light signals hit that area, a whole shitload of things is going on and the most important thing is it cuts off the sleep hormone production the production of melatonin and that is what you want to have during the day because if you don't have it, the people think it's already evening and prepares you for nighttime and makes you sleepy. Also, serotonin, dopamine, all the chemicals in your brain that make you happy and active, they increase. Blood pressure rises, heart rate increases and that is what you want to have during your day and that comes from blue light signals in your eye. So, these are the old slides, apparently. Yeah, so this kind of light which I brought with me and broke but I have some more lamps with me. What is this kind of light? Is it magic? Does it cost a thousand dollar? Well, there are antidepressant therapy lamps for hundreds of euros but you don't need to buy that. You can have them really cheap. This one was like 30 euros on Amazon. The number you want to focus on, the technology of the lamp doesn't matter at all. The number you want to focus on is 6,500 K. It's like a color temperature with like 2,000 that's really cozy and 6,500 means it has the same color temperature that the sun has in the summer. So it means it has enough blue light signals to get you activated during the day and that is what you want to make use of and that is what I wanted to share with you. Thank you. So I have some of these lamps around with me. I'm really meant to, please approach me if you want to pimp your space with some of these lamps. Yeah, I'm happy to share these lamps with you. Thank you. Next up, how to avoid headhunters? Yeah, I want to share some experience, some practices I have for myself when dealing with headhunters. The clicker is... First, a quick poll at the start. Who of you has encountered contact with a headhunter ever? Like LinkedIn or Xing, they're also called Personal Vermittler or Recruiter. Okay, approximately 10%, I would say. And who of you actually got his current job via a headhunter? That would be interesting. One, two, three, four. Okay, interesting. First, have a look what a headhunter actually does. Well, it's pretty straightforward. He wants to earn money. That's nothing bad. Basically, he builds a big database out of job vacations and applicants. Applicants are found, well, via business platforms and similar and then he goes to the employer and shows him his applicants, which has the best match. And he tries to earn money, well, basically through several services and, of course, a signed contract at the end. Yeah, there are different motivations, depending on the point of view. At the headhunter, of course, he wants to earn money. The most money is made via a signed contract which is approximately 30% of a one-year salary, which can be quite much. How we will see the applicant, of course, he wants to have a fast application. He wants to have the job. There are some lies often told by headhunters I want to go on to at this point. And the employer, of course, he wants to have an applicant most times for jobs where you cannot find that easily applicant because they're very rare. So this seems like a triple win situation. So everyone gets what he wants, everybody is happy, but only at the first glance, at the second glance, you will see there are some problems. And TLDR, you as an applicant, decrease your chances to get the job because of higher fees for the employer. And those can be quite big. Here we have a scenario with three applicants. The first one applies without a headhunter and we got two with the headhunter. There is a minor gap at the matching. Basically, perhaps there are some hard skills missing like he hasn't knowledge in Node.js or whatever, but that's not that needed for the job. He can basically or all of them basically can do the job. And please get closer to the mic because we already get feedback. Oh, okay, thanks. You can see your slides down on the monitor also. You don't have to turn around. Yeah, I want to point out the important things. Yeah, and from the point of view of an employer, you also want to save money. There is basically no need to take this applicant because he has the same matching, but the employer has to pay this money and why should he do this? It's just don't money. But well, there's an exception to this, which is if the headhunter has an exclusive mandate or the job is not officially listed, which means this applicant vanishes and only those applicants are left over. So the chances are again equal and it should be okay to take a headhunter. I made a nice action diagram, which I follow when encountering contact with the headhunter, which can be downloaded at the following URL. It's pretty self-explanatory, self-explaning. So I want to go into at this point. Yeah, thank you for your attention and have a nice Congress. Thank you. So the last talk is going to be pretty easy privacy. Hi, my name is Svam, sorry. And I want to tell you about pretty easy privacy. This is somehow a follow-up on pretty good privacy. So what we're trying is to roll out mass encryption, encryption for the masses. So this is more or less a long-term project. So we also wrote an internet draft, an RFC. I read it out loud the first sentence. Building on already available security formats and message transports. Pretty easy privacy describes protocols to automatize operations like key management, key discovery and private key handling. So PEP, how we call it, is a cross-platform expectation to easily use existing crypto tools. It's designed to encrypt all digital written communications with the starting point of email. It encrypts automatically whenever and with whatever most privacy enhancing crypto standard is available. So we're following the opportunistic approach. And all end user software shall be hassle-free and zero-touch. It's not yet another crypto tool with a closed user base. It's not any platform provider. It's not implementing any own crypto and it's not replacing any crypto tool per se but we're compatible with stuff that's there. It's also not just an email encryption tool even though that this is the beginning. This is how we start. So at the moment it's just an email encryption tool. Yeah, we wanna roll out mass encryption to optimize the costs of mass surveillance. We wanna make the use of crypto pretty easy. So not only for the users but also for developers. They can plug in PEP just into existing apps. And users can then just use it without any hassle by default. This is the architecture. So you have your app at the bottom, at the top. Then we have adapters in various languages. They're coming on the next slide. And then with this adapter, you plug in the engine and the engine knows about the crypto has. So the adapters is kind of bindings for the engine API. So the engine knows about the transport protocols about the different crypto standards that are there. And then as a developer, you only have to care for the interface between your app and the adapter. And if any crypto breaks or something, then we fix the engine. The engine is code audited and open source for sure. Yeah, this is the list of adapters. So we tried to have everything like JNI for Java, C-Hash for Windows stuff, JSON, Object C for iOS and stuff. Yeah, Python, C++. And this is what it does at the moment. It handles OpenPGP and Asmime without any hassle for the user. So it automatically encrypts. It encrypts the subject in line. There's no key management needed. There's no key server, any other centralized infrastructure. Fingerprints, we translate into trust words. We have an opt-in passphrase and the header is encrypted and obfuscated. And we have a sync protocol. This is the trust words instead of fingerprints. And this is the sync. So you sync your keys, contacts and calendar over various devices with your own devices. We're using IMAP for that. So actually you sync not over the cloud, which is just other people's computers, but your own computers. We're trying to do everything right. So it's end trend. It's peer-to-peer. There's no centralized infrastructure, any closed service and it's free software with code audits. We wanna be compatible with multiple crypto technologies. So at the moment it's PGP, Asmime and GPT and there's gonna be OTR and OMEMO and Axlottle and what else is there. Same with message transports. At the moment it's SMTP, Xchange and that stuff. But we also wanna go for XMPP and even SMS and stuff. Multiple platforms, multiple languages. But content encryption is not everything. I think this audience knows this very well. So in the future, when those guys are ready, we also wanna pipe everything through Grinunet. If you don't know about Grinunet, check it out. They're also here in hall two having an assembly. Grinunet is a mesh routing layer designed to replace the old insecure internet protocol stack. You know this is all from the 70s, so we need to have nowadays internet. So Pep does what the user would want to do. So what we do is instead of writing how-to guides, which we all did, we're coming from the crypto party movement and these things, we do write the user expectations into software and protocols to take away the crypto needs from the user's perspective. So we actually given up on the user understanding why to use crypto and how to use crypto and we're just sneaking it in. So users don't have to think about the crypto anymore, they can just use it by default. Thank you, right on time.