 Go, okay. Can you hear me? Great. My name is Ralph. I'm a researcher at Technician Institute at München And you may have heard about all this stuff concerning SSL and men in the middles that you didn't know how meltdown of this year So what we propose is following a suggestion by Kai Engert to have a little tool. You may know convergence Okay, so this is a setup of our tool. You have some user surfing Going to a server and then back checking with our notary server if she's seeing the correct certificate Our server does the check you get a report of the result and what happens? Okay, so far so good and this is what where everything changes because unlike convergence of perspectives What we propose now to do is to trace through to the server So Alice does a trace route across the man in the middle reports the result or cross bear tool and This actually has a list of hunting tasks that you can pull from the server so any user out there can pull this hunting task list and Also do trace routes for us to the server and the whole goal now is to get a good estimate of where the man in the middle is Sitting in this case In the left corner and it's usually a Wi-Fi access point in this case But that's what we're interested really in we want to collect data. Where is the man in the middle? What is he doing? That's what we do other researchers. So Bob reports we get the results and we evaluate all that stuff I don't have much time to go into details here But of course the more users we have the more accurate our traces will be and our hope for example is can we distinguish if we have a Say state-level attacker where the man in the middle is sitting on the Border router of the autonomous system. Although we have some weird hacker a Mac a blackhead who's sitting on the Wi-Fi access point of some hotel That's what he proposed to do. It's a young project We have written most of it first release will be mid-January, but we need Bob's and Bobina's to use it Feel free to talk to me after the talk here I'll be sitting somewhere over there and you can access our website find us on Twitter or here. Well, that's all for me. Thanks And actually you've got two minutes and 50 seconds if you want to take questions. Are you good? We have We have herald angels with microphones So please just try to flag them down and we'll head over you do as quickly as possible again because There are many more people watching this on the streams They won't hear you unless you speak into a microphone So please go ahead and if you have a question say it into the mic and find one of these guys. They'll come to you any questions One down here Can you can you only use data from people that are sure that they are in the In a man in the middle attack or can you use data from everyone? You can use it with any firefox at a moment. Whatever your situation is in it has two Two components one is the guarding part, which is exactly like convergence in fact convergence is one of our back ends Or you can use the second component as well where you pull the hunting tasks and work for us So it's a moment. It's only firefox Manpower and all that more questions Okay, give me a huge round of applause for finishing it on time Okay, up next we have I sniff SSL. Are you here? You're good. Okay. Could you get the video angel to just make sure that? Yeah, cuz I just plugged in I want to make sure that I'm working with the new cable Can you check the switcher box and who knows this might just magically work. Are you sure it's set to the We're using this extension cable. Oh Another thing don't walk between the podium and the table I Think we had three pretty near fatal accidents yesterday as long as nobody dies It's all good Yeah, yes Round of applause for whatever made that work. Are you ready to go and I'm pretty I'm pretty sure those are your slides Okay, can you hear me? Okay? Okay, my name is Hubert. I work as a pen tester for a bank. I'm here to talk about a little slide I'm here to talk about a little tool. I wrote which performs a man in the middle attack on iPhones slide So This is about the CVE 2011 0228 vulnerability which was announced in June or July and Just a very brief intro to what the vulnerability is about So you have SSL certificates SSL certificate chains So here we have an example of a normal certificate for PayPal It's issued by the Verisign CA then there's an intermediate Verisign certificate Which is has signed the PayPal certificate slide Okay, I thought that so here's here's another example of a certificate for another website From start com which is signed as a search for another website slide Okay, so here's just just looking at a small part of the certificate Which is the basic constraint which is the which says is this certificate a CA certificate or not? Which is said to know so any certificate you normally get from a CA will have that set to know slide So normally What we've done here is we've used the website certificate to sign a further certificate for PayPal comm which is of course invalid Which and any normal browser will reject this but the bug in the iPhone is the iPhone will accept this slide So, yeah, so this is the description of the patch That Apple released something about SL validation slide so I wanted to practically exploit this and As anyone used Maxim Allen spikes SSL sniff No, so SSL sniff is a tool written in C++ which does an SSL man in the middle attack and it connects to the Target site to get downloads a certificate generates a fake certificate and presents that so I try to use it But it just didn't actually work with with the iPhone There was something wrong about the SS the certificates that I that SSL sniff was generating So I just decided to do it myself in Python So that the setup for that is just a Linux VM a cheap $8 of USB stick and airbase ng and DHCP D and IP tables slide So here's some the the C++ code of SSL sniff and after a lot of debugging I found that the the thing with the set version 3 that's what was making it not work So I kind of got SSL sniff working, but it's C++ code. It's like thousands of lines. It's a lot of hassle to work with slide So I just decided to do it myself in Python. So I used the end to crypto module to Generate a new certificate on the fly slide So actually this is the wrong version of the slides on my mind slide so basically These aren't actually the right slides anyway So yeah, so you basically have a Python tool which intercept traffic slide and Actually the if you look at the iPhone 3g which was sold until 2009 Actually until last year all these these are iPhone sales So the iPhone 3g which was sold until last year The the last supported software version for that is 421 and which is permanently vulnerable to this So I think there's about 20 million iPhones around which will be permanently vulnerable to this bug So yeah, so I think that there'll be exploitable phones for this out for a couple years slide Yeah, so these are the resources. It's a little Python project on github This is some instructions for how to set up the Wi-Fi connection with IP tables and airbase And these are the two advisories from the guys that found the original iPhone bug. Okay. Thanks very much any any questions Yeah, I Did was that an earlier version of the slides? Yeah, that was actually the current version of the slides Okay, I apologize for that If we have time at the end we can maybe find the correct version, but yeah, you've got another 50 seconds for questions Okay, we have any questions put up your hand over there Get to you So Apple seriously doesn't patch a vulnerability like that even in older iPhones Yeah, so basically with the iPhone 3g they just decided it's out of support now and the the the last supported software that is 421 and The the the vulnerability was patched in 435 So if you have a 3gs or newer you can you can patch but if you have an iPhone 3g or older There's no patch available There is actually a patch available if you jailbreak the device someone has developed a jailbreak patch for it But you could argue that makes your phone insecure in other ways, so and that's your time give me a round of applause Django is up next and you have a live demo. I believe Fred. Oh Oh, that's right. You're yeah, I apologize Anyone hear me So my name is Jeremy as Kangas, and I am self-employed software developer I mostly make money with iPhone and Android apps But in the last year I have been doing more and more Bitcoin related stuff just for interest and maybe I will start some business with it Anyway with a couple of friends. We have done this Library and its goal is to make Moving bitcoins around as easily as possible so any anyone can create that website which moves bitcoins around and They of course you can do like simple web sops, but you can also Create marketplaces or anything like previously Creating this kind of websites was pen in the ass because payment processing is not that easy and cheap But with Bitcoin it is like there is some I Wrote down some example application you could like make money with The idea is that you can you can make really good money By enabling other people to make money selling software or service or product Which other people can use to make earn money. So Using the software the library is really easy So it's Python and Chiang web framework You just need a couple of functions and models to make a simple website so next slide and So there are Lots of features in this library and it's basically everything you need to start your own website and Finally there is small tutorial I wrote for the library and if you want to Learn the library you can look at it and create your own website So that's it any questions. All right. That's that's it. We're time web WMD. Are you up? web WMD, are you in the room? Web FWD. I'm sorry Yeah, that's that's that's yeah Okay, yep, give him another round of applause. That was that was great. I love that. No, no, that's fine So what do we do? Do you think that you could just direct me into pointing and clicking in places? Okay, yeah Here use this Can we turn off the streams for just 15 seconds I actually please point it at my eyes I Need to see Hi, my name is Joseph Chomoji. I am going about to talk about Let's figure out how we're gonna do this How did you want? How did you want to should I play the video or did you want me to play the video? Okay Time starts now Hi, my name is Joseph Chomoji. I am talking about the web for what? Which is the Mozilla's open innovation program where people with open source projects can get world-class support from the Mozilla Foundation or This is called web for what which is the comes from Mozilla. Love So Check out their website Their guidelines and please go down here At the bottom and there is a link. Okay, can you click on that? Thank you. So here these are these are their guidelines Especially important is the manifesto. Oops here, but yes, okay, if you want you can click on it and then Yes, and then So basically interop interoperability of web protocols standards Open software, etc. This is the most important for them. So can you go back now? Yeah, and up and there If no here, sorry portfolio Yeah, so I would like to introduce a few projects which were already approved so this is an open source distance learning platform where people can Text chat with each other talk with each other and video chat with each other and also see lectures and presentations and share the desktop and files Can you go down a little bit cash music here? musicians can collect emails from fans can show their upcoming tour can sell tickets can pull in social media and Filter the content of this social media. Can you go down? This is Photo sharing platform where you own You retain full ownership of your photos wherever they were uploaded flicker or Wherever else can you go down? So here you can? Remix modules of open source software here bio engineers can create new living Creatures by recombining their genetical code and Veresa is Micropayment and microcredit Tracking tool Can you go back up? Thank you. So now they're about Mentors so if you have an interesting open source software then Project then you can get your work class Mentors view this here from every kind of professions So they can help in many many stages of your startup Among others there are financiers and Public relations marketing technology, whatever extend time oops Up again up again. Yes and there partners Partners I yeah, yeah here. So Mozilla Foundation or web for what has also very interesting partners for cloud Computing for Project management tools for payment services, etc. Etc. Thank you very much go up So here you can apply with your project I can answer more questions if you ask me, but I am not a representative of Mozilla Foundation or web forward One more question who has heard about this before Be pleased hands up Okay, you're at your five-minute mark. Thank you so much and hopefully the rest of the Session we are on PDFs I believe except for the demos where I can actually probably go and find somewhere to take a shower Moon mission are you here? Moon mission of the nerds part-time scientists Nope, okay Good to go. I knew it was gonna be a mistake bringing this thing out Yes, okay. Let's do it. Um, actually, would you feel more comfortable with the handheld? Can you manage to two devices two devices? Double geeking, okay. Okay. Yep, and then you know to call slide right exactly. Okay, cool and go. Hi I'm John foot. I'm recovering scientists next slide Okay, um, I'm gonna talk about driving high-power LEDs Now most of you have probably played around with a little LEDs, right? Anybody done that like down the hardware hacking section Okay, well, I'm gonna talk about these big hockey LEDs next slide Okay, so if you don't do the the little LEDs and you hook it up to a voltage source I get batteries something you know you got to put a resistor in there. Anybody tried it without a resistor Yeah, what happens it blows the hell up. It's great fun. Try it Okay, so next slide, please. Okay, what do you do with these big honking resistors? Well, you can put a big ass resistor in there But that may not be the best way to do things as the next slide shows because this sucker will get hot, right? If you look at the numbers remember power equals current times voltage We got a lot of current we got a lot of voltage drop across this this sucker is gonna get hot And even if it's only dissipating five watts think about the size of that resistor think about a hundred watt light bulb How hot does that get how much smaller is that resistor than a hundred watt light bulb? So it's gonna get smoking hot and furthermore you're wasting power. It's it's in elegant next slide, please Okay, so this is how you don't do it. Okay? People think well, I can make a nice little Adjustable voltage supply and I'll just dial in the voltage just perfectly so we'll get the right current through the LED No next slide, please. The reason why is because the voltage Current relationship for a diode is exponential if you diddle around with little voltage You're gonna get might get huge current swings and that might be too much current to blow up the LED next slide, please Okay, so diodes want current and next slide. I'll show you a couple ways to get them Okay, you can do a linear current source using a couple of these different things. These work great However, these are basically smart resistors. They also get hot if you you can use a Voltage regulator put a big honking heatsink it'll work great, but you might once again. We're wasting power Okay, so how do we do this right next slide, please? We'll show you okay? This is a sepik buck converter that stands for single and in primary inducted converter There's the inductor right. It's that curly thing that you might have slept through in physics class Okay, this is a resistor now. This is a tiny little resistor. It's less than an ohm so it's not taking any power Here's a switch that's not taking any power So any power that comes from the voltage source down the ground is hopefully going to go into that Diode and this kind of looks a little gnarly, but let me show you how it works. It's actually pretty easy on the next slide Okay, so there's a switch here and that switch can either be closed or open when it's closed The current comes from the power source down through the inductor through the LED and into ground Okay, and when it's open it this this diode kind of recirculates it now Inductors are kind of like flywheels for current they keep they like to keep a constant current going they store energy in the magnetic field Next next slide, please. Okay, so this is how the thing works There's a smart little chip that knows when to close and open the switch This chip is looking at the current through the diode and you can measure that from the voltage across the sense resistor If that voltage is too small That means the currents too small, so he closes that switch charges up the inductor gets more on Current flowing and when that gets too much current he opens a switch it recycles and the current still goes through the LED Next slide, please. Okay, so this is an actual circuit I built This is that smart chip this looks kind of gnarly, but now you know how it works, right? This is just a switch This is a sense resistor and it's kind of monitoring the sense resistor and it's either turning on or off that switch Depending on feedback and you can turn the whole thing on and off if you want to dim your LED using pulse width modulation Next slide, and this is the money slide. There's no way you can possibly read that, but this is this is the I'm sorry, sorry Okay This is the url This is a whole bunch of Everybody wants to make these chips because everybody wants to replace the light bulb with these more efficient LED things So there's a whole bunch of chips you can you can buy that basically do that that little Transistor man thing and that is pretty much the end of my Presentation, that's me. Thank you very much. This is gonna stay in here for the rest of the lightning talks It's do we have the free software song? Okay, you just got to make me one promise Okay, right, yeah, okay. Yeah, of course Okay Whatever you do just Whoa, hold up. I still have to extract a promise from you Please tell me first. Okay. Well, and actually first of all, could I borrow the mic back? Check check. Okay. Just a couple of hints for using this microphone Make sure that it's pointed directly at your mouth another thing that you want to try to avoid Don't touch the antenna because that that will that will cause some problems with the noise and it's really easy It's also really easy during your presentation for the microphone to get So so well, I'm gonna use you as a guinea pig because you're singing. I'm assuming okay So it's very important. Also when you move when you look at the camera Or when you go look at your slides or when you rotate around and around In a little dance That that that one's just for you guys to make sure that the microphone stays pointed at your mouth also be where The internet is watching you So don't turn your back on it. Okay, and that being said, I will let you know when to go. You ready? Okay, so Again, we're real professional here and One two three go Ahoy, I'm Marius Stüppes from Hamburg and I'm very sorry that So less opportunities are here to freely sing songs. I First thought to bring my guitar, but then I decided you all should see that singing without a guitar is also possible It's not just singing with the guitar all the people always say. Oh, I can't sing. I don't have a guitar, but I Think there's no problem. So slight You see the first verse and we're just gonna start to sing, you know, the free software song Join us now and share the software you be free Hackers you be free Join us now and share the software slide. You'll be Hackers you'll be free How does can get piles of money? That is true Hackers slide that is true But they cannot help their neighbors. That's not good Hackers, that's not good When we have enough free software at our call hackers at our Call you kick out those sturdy licenses ever more hackers ever more Join us now and next slide Join us now and share the software you'll be free Hackers you'll be free Join us now and share the software you'll be free Hackers you'll be I didn't actually think that was going to happen. All right null bytes reversed Yeah, how about a round of applause both for that and for having to follow that? Okay? Are you ready? Yeah, one two Oh, are you gonna use the don't don't don't forget my advice right point point you good. Yeah Look at the screen. Okay Look at the camera. Okay. Good. Give him a round of applause for that. That's pretty good I'm Daniel. I'd like to talk a little about a little Clutch in the Java web application world About null bytes that if under circums circumstances If the weather is just right and the moon is right, you might get command execution and next slide So null bytes are by no means new right so this class of vulnerabilities has been around for a while Ever since someone decided that it's a good idea to terminate strings with a null byte in C So everyone probably has seen something like that where this is a PHP application where you try to Open a file and you give it a prefix and you give it an appendix and the middle there is an attacker control string So now what an attacker can do is he can get around to prefix the images folder by just Putting dot dot slash in front of the part that he specifies And to get rid of the dot jpeg at the end It's a little bit harder, but he can use a null byte because when that string is passed on to the underlying C library the String will get cut off at the null byte because C thinks at null the string is terminated next slide So wouldn't it be nice to have something like that for uploads as well This is a regular upload Request as your browser sends it when you upload a file and as you can see the file name is sent in a content Disposition header in the segment that is for the uploaded file and that content Disposition header has an attribute called file name and that just carries the name of the file now the native approach slide Would be to just use as in the URL a percent zero zero To indicate the null byte however that doesn't work because the file name in there isn't melted isn't URL encoded So that percent zero zero will never be decoded and you will end up with a file that has the name pit Jsp percent zero zero dot jpeg Which doesn't get you anywhere, right? Because you want the extension of the file to be jsp to execute a code and not Jpeg Now another approach is to use next slide, please To use a literal null byte so historically this never used to work because web servers were written in C, right? And when the web server receives this request it will just see that content disposition had a right until the dot Jsp And the web application framework is probably going to automatically correct that for a you that the quote is open And just send the string file to Jsp onto the web application framework into your web application So the application will see that the extension is actually dot Jsp dot Jsp and will not allow the file to be stored Now as it turns out nowadays actually there's a bunch of web servers that aren't written in C but that are written in Java and for Java is Nullbyte in a string is a perfectly valid character. So basically what's going to happen if you upload something like that to Say Tomcat The Tomcat will just pass this request with the entire line including the null byte onto the web application framework You're probably going to use something like Apache Commons file uploads Apache Commons file uploads is just going to put the entire string that is in the file name parameter into a class property And we'll pass that on to the web application itself Now if the web application doesn't take care It will validate the string will read everything after the last dot which is dot JPEG extend time And we'll say yes, that's a valid file and write it to this but when it's actually written to this It will end up having the Jsp extension next slide So what can you do about it never just store a file on disk with an attack-controlled file name? Just use an arbitrary file name that you chose yourself because otherwise you might have collisions anyway if two people upload the same file with the same file name and also it's not a good idea at all to like serve files from your main domain Where you have authentication cookies because you will be vulnerable to cross-site scripting. Thank you Do you want to take one quick question with your next 23 seconds repeat the question Repeat the question What about the weather? Why does it not work sometimes? Well, sometimes if a web application doesn't allow file uploads or doesn't have the necessary functionality or isn't written in Java It doesn't work All right life hacking are you here? Actually, no take take this one Okay, and here's another example of why we run slides off of one laptop Previous times lightning talks been run. We wasted a lot of time switching video and things like that and in the rules on the wiki it says that The time it takes you to set up your laptop if you insist on doing a live demo comes out of your time So we're going to start the five minutes right now. Oh god. He totally got that one for free, didn't he? Can you can you hear me? Okay? Okay Test test. Okay. My name is Thorsten Lisman and I want to present you a haps loop for him Or you also can call it HLWM So what is it? It is a manual tiling window manager for x11 and I started writing it in the end of July this year So if if you say I have a new tiling window manager, then there are only two questions The first one is how does that does the tiling algorithm work and the other one is how can I configure it? So the tiling algorithm is just a binary tree a binary tree of frames Initially you have one large frame over your entire desktop and then you can do exactly two things with it You can either split the frame up into two subframes or you can place some windows for example some terminals there Okay, that's all then The only way to configure it is by calling internal HLWM commands There are two ways to call a command The first one is to call it with a client on the command line Or you also can bind keys to commands. So the command is executed if you press the key and Of course, you can bind these commands by calling the command for it So this is rather abstract, but it's actually quite simple as you can see in a quick demonstration Here you can see you have one frame. I will switch the microphone Okay You in you initially have one frame and now you can split the frame You can have now you have two frames and you can split one frame again and place them clients there Like this Or you can place a client in another frame a terminal here and you have a terminal so you can call a client To execute some HLWM commands These are the commands you can these are the commands you can execute and for example, you can can call the command Focus right and then the and then the focus goes to the right And You also can say give me the current layout and then the yeah, then the binary tree is printed. That's all so as you can see the control of the window manager is really keyboard oriented oriented and With this client you have a good possibility to Write scripts for it. So it's probably a good window manager for you if you say I want to spend lots of time in configuring and scripting my window manager and it's not Very good for you if you say I want I only want to use the default configuration and the default configuration has to suit me and It's also not very good for you if you Only want to use the mouse so Because the yeah, it's mainly keyboard driven So if you say hmm, I want to write some fancy scripts for my window manager then try it out You can get some information on the home page You also can pull the git repository join the ISE channel Of course read the main page for it. Thanks And you've got a minute for questions if you'd like it Questions down front What's it written in and how big is it? It is written in C. It uses glib and xlib and currently There are 6,500 lines of code Another question Okay. Thank you. And he followed directions by not walking Between the table and the podium where I have many many cables Okay, so up next Now it appears that we have Unless I edit the article right now Also moon mission of the nerds. Did you ever show up? Mr. Slot the originally assigned slot. Okay Now we have life hacking Life hacking ready to go. Okay. Oh, okay. Thank God Because yeah those last-minute notes I was going to do for myself. Yeah, that's when the reporter showed up Yeah, another pro tip don't hit the microphone with your head ask the presenter for the microphone if he hasn't given you one Also, you may choose to use the podium microphone if you think you're going to be Moving around a lot or you think you might have problems holding the microphone You can always ask for a mic check because these podium microphones will work and if the sound guy is following me here The the podium mics actually will pick up your voice from as far away as this You just have to be sure, you know, if you move your head around a lot You just have to be sure to check with the sound guy that might be the better option for you And if well, okay, I guess I'm gonna have to keep it here now If you want to do that so it looks like Yeah, now we are back exactly on time. So you ready? Go Okay, so I'm going to show how I use bookkeeping which sounds really really really boring And I've used this a lot in the last few years and I just want to show you how it can be cool and fun slight So why am I doing this my grandma told me to this is actually true my grandma said boy You should use bookkeeping to keep ahead of your finances and this is really useful And there's also a lot of questions that will pop up in our lives every once in a while that we can Comfortably and decisively answer with this. So like I had a hundred euros a week ago and where is this gone? how did it go away and Maybe you bought something that broke and you want to know how old it was So you can check it and you can know how much you paid for it So maybe you can do a calculation if you want to buy a new one or if you want to get it repaired Actually, another thing that is useful is to keep track of how much you use on bandwidth Maybe you use your mobile phone a lot. You use mobile internet. So you may want to know which contract suits you And yeah, you can do comparisons of like the important things in life. How much do I spend on food? How much do I spend on hardware and should I change this balance slide? So what I use is came my money. This is just something I stumbled upon a couple years ago when I started this It's a very friendly looking nice client. These are not my figures I do not own hundreds of thousands of dollars, but maybe I can get there in time slide So, how do I do it? I just record all the transactions. This sounds really bad Like if I buy a sandwich at a railway station while traveling, do I record that? Yes, I do I do it for all my accounts. I do it for cash accounts, which is just my bag of money I do it for my checkings accounts and everything the resolution I chose is half a euro which is convenient and if there's any, you know sense left over I just don't care I put them in a cookie jar so I can roll them up into these little, you know coin roll things I really really love that You can do data validation by bank statements So you go to your bank every once in a while and you get your statement And you can cross-check that actually came my money supports this as a native operation to cross-check your stuff with the bank statement Which is really useful This does not take up a lot of my life I do five to ten minutes every one to three days depending on how much money I spend and Well, the data that is accumulated is currently a hundred and seventy five kilobytes of G zipped XML data And I've been doing this for five years. So that's actually okay. If you unzip it You can see how it's like two and a half megabytes of XML data Yes, like please So this is some data. I upfuscated this. This is not the real data I changed the numbers, of course, and this is Israeli shekels because I find the sign is really funny But what we're getting into here is seeing how correlations of this data with what happens in your life is interesting like with these prominent dips I went on holidays big and expensive holidays and Yeah, you can see how things move the the light blue line is a moving three month average three month average The violet line is a moving six month average. So that's just you know playing around with I'm a physicist So I really love playing around with data and statistics and stuff slight and Yeah, as I said, you can see life events the red one is just miscellaneous entertainment like going to shows and stuff The yellow bars is alcohol spendings and the blue bars is cigarette spendings so you can see how I quit smoking and how that helps and You can see how my girlfriend broke up with me right here and Well, yeah, this was one hell of a New Year's party too So slight, please This is something for a more serious analysis. So how much am I using on mobile phone contracts? You see how this is always a quarter of a year. So you see, you know, five five years gets to a lot of data I'm not even they love you. Just go you've got all right. Thank you So here it was a pretty expensive contract and then I switched it which means that I used a lot less Money on my mobile phone in the following months. This has to do with a girlfriend again But now I started using mobile data So there's some cost-added and I'm I'm going to think of course I'm going to think about changing my contract so I can get this down a bit slide and now here's an important trick I want to show you in my last 30 seconds You are going to think that I cannot possibly track all my transactions I'm going to forget stuff and of course. Yes, you do and what I do to mitigate this is I just have a category called leakage so I thought of all the transactions I've tracked down like 30 euros and I'm just going to put five euros in I forgot this Okay, so you have a category for your own failures, and it's not too bad You can just put it in this and it kept me going for five years All right, just for those of you who haven't For those of you who may not have seen prior lightning talks what we do to call time And we might need a little bit of practice at this one is when you have ten seconds I go like this and then I start counting from down from ten and then when I reach five Okay All right, that that was that was pretty weak Yeah, let's let's let's let's let's do that one again Also, Etherpad are you here? Okay, cool. Um, just Okay, this is why I ask you to send me everything in PDF and Review it ahead of time Yes, yeah Okay, do you realize that I receive 12 different presentation formats from people Like I don't like it. I don't like PDF either No, no, no, no, let's that that's fine. I got a Hackers don't like to follow directions. Sometimes that's a good thing. Sometimes it's not I Rather not if that's okay Okay, use yours, but I'm taking out of your time. We can always do the Jeopardy song like We could also bring back the free software song guy And actually if I would recommend just testing with the podium mic real quickly that might be better if you're gonna So can everybody hear me? Yeah, sounds good. Okay, great So my talk is called our goal is to make collaborative editing the standard on the web I will talk about either pet light because that my name is Peter martis Kerr. So I will start So what is it a pet light and what is it a pad? So eat a pad is an open source source software It's to allow people to write together in real time on the web So if you have a friend for example in Australia, you can send him a link to your pad And you can write together and you can see why he writing what he's writing So everybody has their own color and for example here a small screenshot Person one has blue and person two has red So what can you do with eat a pad? So the most common use case is brainstorming so for example your manager send a pad link to their employees and Ask them. Hey, you have any marketing ideas how we can do that and every employee writes on this pad And how a later the manager looks again on this pad and there are lots of ideas and everybody gets inspired of what the other People are writing and this is much more efficient than if you would ask Send me emails because you have everything copy paste together So so just one use case other thing is meeting minutes. So if you have Voice of IP conference everybody can write its part of the meat minutes You know that usually you have one person in here have to write all minutes Even if you don't know about what he's writing so you can solve that with a pad very easily you can do Translations so for example if you want to translate a complicated text you don't need one specialized translator It's enough if you have 10 people that are able to translate a bit and say can correct each other So this is also a very common use case and on the chairman pirate party We use it to write together on newsletter and breast leases and yeah, so these are the most common use cases So either pad has two big problems one problem is it's like I said up in Sniper So it has very high memory usage. It has memory leaks So the longer you run it the more memory it uses it has very random high CPU usage And it's very very difficult to install the other problem is it's also coders nightmare It's written in three different programming language on the server side It's Java Scala and Java script which runs on Rhino There's nearly no documentation And then nearly no comments in the code so it's very very difficult to change it even if it's open source So open source is not everything you also need documentation to This is why I created either pet light So either pet light basically takes some of the sewers from the original ether pad and reported it to know. Yes, which is Java script on server side So this part uses much less memory we went from 2 gigabyte to about 30 megabyte run We have much less code from about 100,000 lines to 10,000 lines We optimized it to be easy embeddable So the ideas that you have are a web application and you want to embed Etherpad light as part of your web application So this is what our use case is what you specialize it for and it has nearly the same function So many people think it's called either pet light because it has less functions, but we call it either pet light because it Uses less resources. So this is a very common mistake So, yeah, basically that's it so Please install it and give feedback. Tell me how you use it why you use it Send pull request. We have our ISE channel and go to this URL Okay, cool. Thank you Yeah, wait, what's your oh, I'm sorry. You're after hacker fleet. I apologize. Yeah, okay. Yeah, go just go Yeah, but the the okay check check, okay This is a classic example. And you know the first day went so well Everything was just you know on your little cat at the end and then people started asking me to use prezo and PowerPoint and Libra and blah blah blah and now you're seeing why I ask you for PDF slides can just jump right one from the other not interrupt the flow and They see that this is what happens because I have this problem. I have a really hard time saying no to people Huh, what? Let's talk about it I See I'm very well rehearsed at these things Hmm now I'm wondering which two people said that I'm not taking it away from your time because I still have to edit the rest of The schedule. All right So everybody give you on from hacker fleet round of applause Especially since we just made them really nervous Go check my check. Hey at least one thing works Cool Welcome. My name is can you okay? Just just yeah Okay, so Mike check. Yes, great. So my name is Ian from the hacker fleet and we do open source development. So in the Space we have shitloads of objects man-made objects thousands of them measuring and observing and taking pictures and giving us information about our planet, but on the oceans we have that which is Nothing it sucks So what we need is something like that at the ocean something that can do a lot more than just being at one position and measuring Like a speed and some wind the temperature So we need something bigger something better and we need open source So our vision is to form a community that develops autonomous naval robots To develop our own autonomous sailboat dash satellite of the oceans robot stuff and of course hackerships everywhere So how to achieve that? We need to communicate better. There are far too less hackers that do stuff for the oceans on the oceans or at the oceans and we Need to do more together. There are a lot of sailing Enthusiasts all around this room. I'm pretty sure but they don't work together They do they go sailing and they come back and they go to these conferences But we need to do more together So we supply you all with communication infrastructures with resources with technical resources Even if you have a cool project with money, and if you have a cool project, please ask us We will give you everything that that we can give you to make it happen So maybe you've heard of open-street map Some people are trying to do something like for the oceans, but what there's already sucks because No proper data acquisition is yet possible. There are two ways to do that first thing is with the real ships and That would be pretty easy and second away would be with robots. We want to Do that both ways so This is our current project presented at the hardware hacking area currently right now And I will be after the talk downstairs there to answer questions It's our workbench prototype is It is not a final product It will be an example for how to integrate our software and hardware platform into boats and it will not be something to surveil other people This is a current bridge of a ship you see shit lots of electronics all there But the problem is they all dump their data They display it and then don't store anything and even if they store this data is not used for anything But but we could make you best map ever from that data that is on That ridges from every ship in the world So only thing we need to do is develop software and hardware to acquire the data and make better maps from that so to former community we're gonna do a sailing trip with Hopefully a lot of you people we're thinking of 50 40 50 people in August and the name of the journey is cross-sea scripting I hope you will attend. It's in from 9th August to 19th August in the Adriatic Sea, which is At least from my point of view the most beautiful sailing area on this planet And after that we're gonna attend the conference nothing will happen with it Which is directly at the harbor in split Croatia So if you would like to do more hardware hacking do more boat hacking hack the seven seas or just Sail with us in August. Please subscribe our mailing list Cross-sea scripting at hacker fleet rock and if you don't know how don't know how to do that It's explained there. If you have any questions, please Show me now All right. He's got a minute for questions any questions on hacker fleet Repeat the question, Ian Why is it blue? It's a color any random you please Are you involved with seasteading? with what? The seasteading movement in the United States and all over the world where you have a thing called fm rile It's like burning man for boats and we're building floating cities and stuff We are we have exchanged some ideas, but there is no constant communication going on Which we would like to change so if you have any artwork that would be great Just to clarify Alex was talking about the sea steady movement any other questions Raise your hand I got flyers if you would like to have some so ask me afterwards. Thanks. Great. Thank you, Ian Actually what over here? Why don't we why don't we practice the Okay, you guys you guys are doing so good right up until the buzzer. We can do better than this. Okay. You ready? Okay. Let's do this Yes, that was much better, thank you give yourselves a round of applause okay Anybody knows how to get the picture on my screen on the Yeah What I'm trying to show here is Okay, I now have one and a half minute left I guess So I was thinking of so Showing so I work in the European Parliament for the Greens and I was thinking of making a live show live amendment of one of the directives in the pipeline so I've now Citrix client running to my desktop Here No Doesn't want to No, I think I will have to take this later because this is I Didn't count on on this problem here with the screen management So we've just moved me later Sorry about that Presentation if you want to do it Kid, can you can you run through it in three minutes and 37 seconds one of the directives is now in the pipe pipeline? Definition of piracy so that you could show see exactly the application that we use and how easy it is and to get kind of a picture of of What the people in the parliament are doing and and how it's done There is a I think if you put the link on the there's a the application is called at 4 a.m. And There is a demo I don't know if you put the link Yeah, the the links to all of the slides and any links you want me to put up will be on the wiki page afterwards Yeah, but I do ask permission before I do that and I thought maybe I could ask the audience for proposals to amend this It's a directive on Enforcement of intellectual property rights and the customs for cost the customs enforcement are active. So it's a kind of an act to thing so But can I show it later? If there's an open slot sure if you can get working. Okay. All right. Give them a round of applause for the effort And there go Gregor are you here? Gregor. Yep. Well, he's on he was on the schedule next actually No, he's he's right there Yes, and then after this presentation, we're going to take a break to give the rocket badge people a chance to set up their live demo Stretching break. Yes stretch in bathroom break and setting up the rocket badge live demo, which actually arranged. There's in advance And had a very good reason for doing so so give them a round of applause for getting that Okay, so good. Go ahead take it away five minutes My name is Gregory. I'm grown up here in Berlin since 76. My parents were on a secret journey 1990 1989 I was introduced into a therapy called homo therapy and had the idea Early in this beginning how our atmosphere Clean itself. It is like a pepper to mobile at the shapes of day and night in the center of day and night There are mass fluctuation of light that Give energy to the ground and all to the to the complete environment next slide, please so we see that this loop on the morning or in the first wave is going to the ground and and pollute or give energy and and healing or renewal to the earth next slide But check one one two. Okay. Let's go ahead. Maybe it makes a bit simpler Okay so air become polluted in the last one 200 years mostly from the industrial chemical and other stuff we created and I'm talking about at least the so much therapy called Agniotra It's an old ritual from the Vedas from the Atavaveda. You may heard about this Except was made 1947 by a guy called Shree Gajananan. So next slide, please An evening we got the same way what we got also in the morning the complete or not complete the Verbrauch the energy the The use energy comes into the higher atmospheres and With the solar wind and the magnetic fields it all changed over from north to south and south to north And we got this phenomenon like weather is and whatever and we got natural resources of this weather and we got our industrial resources of implicit the weather Anyways next slide So we got this There is a little tripod or a pot of copper Where we came like fire inside At the Sun rise and sundown. That's the basic fundamental Homa Agniotra and This Homa Agniotra You burn cowshit clarified butter called ghee and rice in the center in the middle of Sun rise and sundown next slide So when you prepare yourself five minutes or ten ten minutes before the center of the wave is coming So next slide the Fire have to burn and you put the rice inside and then something special happens It makes the energy that is naturally there already there And giving a natural renewal to a world That makes it double or more I say like an anti-atom bomb and This fertilizes the atmosphere with the clarified butter that you burn and Gives you a biological field around the agriculture Production or whatever you do so next slide so you see It's like there were measures like it is like two kilometers radius where it's polluting the atmosphere with this Clarified butter it's like a fertilization of the atmosphere next slide So at the daytime you go your daily routine. It is only made for 15 minutes and morning and 15 minutes and evening Next slide, please So we have a difference between organic Conventional organic and homo in the homo. We have a special structures if you can see Like a five star And the food is more tasty tasteful and everything is great Love peace and unity. Good night All right, just a quick word before the break Guys, please it's really Thanks, it's really really hard to get up and do some of these things And oftentimes people are running late. They just found out about an hour beforehand and you know No matter how much you might not like the talk or zone out during it It's gonna be over in less than five minutes. So show some fucking respect Okay, anyway, so now rocket badges coming up. We've got a ten minute break Please be back here at 20 after two. Thank you Short announcement during the break if you are planning to participate in our massive multiplayer pong game with your rocket The last rows aren't the best the receivers are here and there are lots of free places in the front So use the break and come up from if you want to play with your rocket in the multiplayer game Okay, so enjoy the break and use the time to come from up front if you want to play Should we use the break for rocket Q&A? Okay Yeah Check check Okay, it is I am very very proud to introduce the rocket badge team that hacked the lightning talk format So give them a round of applause for that Okay, I never said you could not schedule three back-to-back demos That were thematically different enough to constitute their own lightning talks All at the same time plus it's the rocket badge. So it's really really awesome. So they have three They have a five minute talk and then two demos was that it? Okay, so they have a five minute talk and two demos and they're taking up the next 15 minutes Give the rocket badge team a huge round of applause. They're gonna take it from here Okay, this is about the Multiplayer massive multiplayer Pong we Wanted to have a nice game with playable with the rockets by a bigger audience and basically if you have a rocket you can log in into the game and you have the option to control the right or left side and it's basically averaged from all your inputs and You have to You can play a little bit in the background The the setup is basically done Currently with two of the tracker readers you see around which to track all your movement if you enabled it on your rocket but you can actually use You can actually use a rocket as a receiver also the the code for this is all in our good and The numbers in the in the bottom right should be the number of players, but actually it looks like it's broken That's what happens if you do some last-minute changes. I'm very sorry about that You can check out all the code the Pong is implemented in JavaScript Using web sockets to connect to the game script, which is written in Python There's the compute complete Python lip for controlling games Down in the hack centers. There's a four five player Tetris Six oh, sorry six player Tetris Implemented with the Python game like and rockets Okay, second shortly trying to fix a thing with a number of lock and people because I think it's pretty interesting to see How many people are controlling the pedals? I'll use the meantime and tell something about the setup for people who want to redo it themselves What you what we're basically using using here is the the open beacon readers For inputting your movement, but that is not said not necessary. You can also use Rocket with a bridge code from where does it work right off the box sack or do you have to change something? Okay, so it should basically easily work with rockets as a receiver part But not in the version which is currently committed sack will commit the needed changes today or something like that So if you want to do it on your own notebook, you need a rocket as a receiver and I want you also needs to announce rockets, right? No, you don't We don't know what we need we need Well, we open beacon readers are configured to only receive packets and we have distributed at least three rockets in the room here which announced the game and But if you're using a rocket to play the game you it It switches the channel announces a game such as back to another channel Reads packets and once a second such as back and announced the game So we only need one single rocket to play the whole game as a server. Yeah, but We are using a little bit more leverage set up here So, oh, okay 20 people on the left side 45 people on right side Okay, do you want to say something about how the averaging works or what our ideas for the algorithm were a sake? During the talk we already tried this It turned out where people had problems reaching the complete top and the complete bottom because everyone needs to control the record So in this version I implemented some kind of idle timeout if you take part of the game But don't use the rocket control for like 40 seconds you'll get thrown out of the game So you have better chance of reaching the extreme positions to hit the ball But that was only one of the ideas the other idea was Okay, the other idea was to to allow oversteering So basically scale it up a little bit to make it easier to reach the top But I think this idea is the better one and any questions about the setup Or do you just want to play? Yes, I like to know about the averaging Why do you average the position and not the movement you could also say if Majority of people steer up Thing goes up paddle Yeah, I thought I would Was more interesting that way What one thing is you could reach more easily the Position because it could move quicker if everyone decides to switch and the second thing is it was to show that Some kind of swarm intelligence there's no no correct answer to move the paddle But the people automatically decide what to choose to hit the correct spot Thank you. So welcome to our new talk Moving the pedals. It's a live demo So we will shortly said oh, it's already running sec is really fast set up the game here Why are the numbers back to zero sec? He don't know Because it's the second talk, of course, we had to reset it. That's the rules of lightning talks. It's very very hard Nick is really strict there So we had to we had to restart the software now. Nothing is working anymore So what sec what is Happy restarting I try to continue what you were What you were trying to what you were trying to explain about the the movement of the pedal The idea is you if you press up and down there is no no way to Give it except position from zero to some arbitrary value So the swarm intelligence has to randomly decide do I press up or down if everybody would press up because the pedal has to Go up the pedal would instantly be at the top of the screen So it's a bit of a delay of people. Oh, should I go up should I know in the more they go up So high as the the pedal goes but not everybody is allowed to do the right decision So this really is a funny experiment and we were quite surprised that it actually Worked in a way what we would like to try if sec has the game running back He fell over the power cable So if the thing is back working again We would try to possibly increase the speed of the ball and see how fast these warm intelligence or it should increase Automatically shouldn't it sec? I think we've even said it to after every lost ball to increase the speed So we can see how fast this swarm intelligent pedal movement can really get a pedal to a specified position because in theory The audience could instantly move the pedal to any position if they just do the right decision in how many people press up or down So what your basic algorithm in your brain should be? choose a random number between zero and the value you want to go and Decide open that if you have to press but of course that will not it's getting faster Well, I think he's repowering the recipients That looks almost second. We're not that hecker jeopardy here. You can use You can use working technology And I I think it would be better if it would move We have left players. That's unfair sec only one I think this is a little a little unfair because of the left side Okay Possibly a few more people should where are your rockets? Please join the Join the forces of the left side. It's very unfair Are we getting higher? Okay, so now the speed of the ball should increase with time, right? Okay, it's increasing even more now. Are there any questions in the meantime while you are playing here There's one far in the back. Can the microphone go far in the back, please? Hi, we'd like to Get the logs of people's votes. Is that possible? Do you log the the votes from the badges? We're running at full TCP dump on the on the packet. So excellent log. Good stuff. Thanks very much And I think we can we can publish it later if you want to to analyze how such things work So we put such dumps anywhere where you can get it. I think it's getting faster now. I Think you should restart it You have to rejoin the game. I guess One minute. Okay, we have to get close to them Are there any last-minute questions for this talk before we start the next one Where my slides these are our slides there in the background of the pong and I think we used all of them No, this was yesterday. I think okay now remember the speed is increasing again. So get the Why are there 47 and 21? So thanks for your help Okay, so welcome to our third talk And we need more players here and it's still getting very fast Yes, you should remove the increase a little bit. I think they actually got one. That's not that difficult Why did you how it starts always in this direction? That's really unfair. You should alternate that sex is very unfair It wasn't random. It was all going through that one side Yeah, that's not random a sec going to the side who won is not random Why are 43 players not able to move a paddle to a specified position? What am I playing? I'm playing left. Okay Everybody has to play up press up to get to the real to the real limits. Yes, everybody has sector didn't change it So really have to you have to agree on the top level Does anybody still have questions about the setup you need? This is a code is basically in the git repository. So if you go to these the rocket website and Check out the git repository. You should where do you find it? It's in our standard rocket. It's a github and repositories called rocket with with a zero and no C If it's a consensus, can we ban somebody? Sorry, if it's a consensus, can we ban somebody? No currently not The the code is in the tools game Bong it's like Pong but with a B Oh, okay, that's actually not scope of this talk, but it's how How how does the mesh network work and how does tracking work? That's not really part of this demo, but every rocket just for tracking just broadcasts its current ID and several readers several readers around the convention center and they they listen and We're trying to there's there's a more or less clever script trying to deduce your position if you're seen by more than one readers because it's sending in different transmission strengths, so if you only see the packets which are sent very well with very high power you're far away and It also sends your nickname which you configured on your rocket and there's actually Since yesterday are working Jason Which contains all the data and there will also be a packet capture file of all the transmitted data And as to the network that's just simply flood fill each badge retransmits the packet It sees if it's within its current parameters Okay, just to make that clear the measure You have to restart again. I think To make that clear the mesh network has nothing to do with either the tracking or with this This is direct transmissions from your batch to our receivers here And that's basically the same what the tracking does This is the same receivers and your batch is sending on a different channel your nickname and your ID and The mesh network is completely different and this broadcasting the time from batch to batch And you find the yule for the tracking on the Twitter account Thank you Just so that you guys know all links provided by presenters including slides if they give permission will be posted in the wiki article lightning talks where the schedule was and then as soon as As soon as lightning talks are over give me a couple of days after the Congress I will post all of the content to the wiki which will be archived a couple of weeks after the Congress ends so guys Give the rocket badge guys a huge round of applause Is the okay rocket team here? Okay rocket. Okay, great. Just give me a little quick second to set up again here I used the time for a last announcement to all Pong fans out there yesterday Someone brought us a loadable to play Pong rocket versus rocket directly with the wireless So this is will be linked in a few minutes on the wiki you need two rockets and you can play Pong wirelessly against each other Thanks Okay, all right do a quick might check on the podium then hello, hello, and then introduce yourselves really quickly Okay, this is to open. It's Just I'll bring up the slides, but just do your intro. I bring them up Check check and then I this was a very very last-minute submission But I thought you know why not have four talks of rocket content. You guys like that Okay, so without any further ado. We're going to just a quick review of the format Every presenter has four minutes at the one-minute mark. I or at when those four minutes are up I asked for extend time and that's when you guys applaud if you like it Applaud if you like it and then if you don't like it you can Stay silent and that means they're over and Then for advancing slides presenters don't forget to call slides and just a quick review of mic position If you're using the podium mic, you don't you don't have to eat the podium mic You can stand back here, and they will hear you just fine So do a quick mic check for both of you on the podium. Yeah, that seems as well No, no Hello, can you hear me? Okay, yeah, so just be sure that the audience can hear you they'll they'll give you visual feedback if they can't So without any further ado. We have five minute Got five minutes in the clock and go Okay, this is top. I'm book. We make some shameless advertisement for a new rocket application since already a few rockets with you I guess we build a dating app for the rocket and slightly is of course very important because Dating seems to be a hard problem and it involves some awkward social situations you need to get close to people physical proximity and Talk to them and maybe in the end they don't share your views on cannibalism or anything So so it's good to know before and of course as all social problems they have a technical solution and This technical solution is our application Slide please there is a dating site in the wiki the dating site is not very well populated there is four categories or five categories for human dating and This is what there's three entries in there a total. So that's more categories and actual entries and we want to Get this up. So Repeat the question Is there a carbon dating like every life form based on carbon? I Didn't get it. Sorry Okay, so so we have this great new application and you can check it out Slide please on on our website download it now and put it on your rocket and in the meantime to be as well I explain to you how it works So the basic idea of okay rocket is you create a profile of your preferences and This profile is broadcasted to other users also have this application running So it's very simple you go to those website you download the the code file if you don't trust us download the C file and compile it yourself and Put it on your rocket by just copying it using must You just be mass storage mode and then you're asked to fill out a small profile Consisting of 14 binary questions. So like what chromosomes do you have what chromosomes? Would you like your partner to have if you like we are your e-mags dogs our cats? And so on So this creates a small bit string that is just broadcast to your vicinity Along with the nicknames of other people having the application running And then you instantly see a list of people and how much their profile matches yours And if there's someone whose profile has a more than 80% match with yours then the red LED starts blinking So you should have a look around and see if there's any other people have the red LED blinking and then you should go talk to them so Okay, so this is the the camp rocket and the current rocket have Another position for the red LED. So you should say it's down left Okay, so this is the bottom left LED is the red one on the 28 C3 badge and on the camp badge. It's It's it's green. Yeah, okay, so yeah Don't load the app by the way next slide. We actually did a field test and it works So, okay, this couple wasn't major Wasn't made with the application, but they were asked to to install it on the rocket and they completed their profiles and indeed the red LED started blinking for them. So that Confirm that our questions work or that Yeah So yeah Super sufficient. Yeah, so fork it create your own versions of it Download it play with it and hopefully find people who you like and who like you our network has currently two players Extend time any questions or Go for a field test. Maybe you can easily extend the questions. So you can set up other things from dating So one person yesterday suggested to us that we should make a flamethrower version of it So you can go around and your flame starts blinking as soon as it finds someone with a different view on the favorite editor So that's very easy send us pull requests or something and we get out more versions Okay, our over distributed locks management. Are you here? Cool? Go Okay. Hi, we're from a community ISP and we want to present you our solution for it's a tool We wrote it's called arbor and we wrote it to manage hard disk encryption keys next slide so you probably well probably a lot of you know the problem you have like a Server with an encrypted hard disk and you have a lot of admins that need to access this hard disk. So next slide So what you do you share a password? Well, we can do better. I think next slide Then there's another problem. You don't just have one server We have a whole bunch of servers and you need to have access to all of them. So you need to know like several passwords and next slide You need to type all those passwords for example consider you have a power outage and you have to type in like for half An hour password. So that's not really a convenient solution next slide so We thought well we can do better and we wrote a tool to address those problems and I want to start with a wish list that Captures what we want this tool to fulfill next slide Yeah, so we have mainly two things first that that's the per admin policy So we like to be able to say that a certain amount of admins have access to this and that disk and another subset of admins have Access to all the disk and one admin has access to only one disk and We also like to ease the disk the key distribution next slide so for for the different kind of accesses we Kind of map a user to a lock slot so looks has eight key slots and You just define which user is in which slot slot and then we can set the access like that next slide so If Alice wants to add access for Bob's she types Arbor at user Bob and the disk and then Arbor will add and will generate a new key next slide will generate the random locks key and put that key into Bob slot next slide Further it will take the random locks key and encrypt it with Bob's GPG public key and Then we have an encrypted Locks random key which we can hand over to Bob next slide We can hand over this key distribution. We are mail. We can put it in a git repository Push it and tell Bob to pull it next slide and Then Bob can actually just type in I want to open that disk and if the disk was closed Next slide It will take the encrypted file decrypted with the private key Send the key to the slot and open the disk next slide So there are two more items on our checklist. We want to do automation. So next slide I fear two examples of commands you can execute with Arbor. So in the first example you show that Arbor groups your disks by server and by location and You can just apply commands to to a whole bunch of disk by just saying I want to apply it to the whole server and You also have script hooks Where you can define what kind of scripts get executed after After a certain action is performed. So You might imagine in the first command that there would be a post open hook That just starts all the v servers after all the disks are opened and that works all automatically Then another very handy use case for automation is if if you consider that for example, you don't trust if anymore You want to remove her from all the disk you have so that should be also something that should happen really fast Okay, next slide then another item on our checklist is deniability so We want to provide at least some form of deniability And this is achieved by storing the all the metadata that we have about the key also in in the encrypted format. So When you look at the at a Arbor key, you don't know For which server there is a key in it and you don't even know how many keys are in it because we apply random padding to the To the keys so you can always deny that you're even on the that you can even access a disk next slide That's the future future work that you want to do and the next slide All right project memopole are you here project memopole? Okay, unhosted Oh wait unhosted or me. Oh memopole. Okay Okay memopole Quick mic check. Hello Are both of you presenting here? Hello? And go My name is Timo and we would like to show you a project called memopole Let's talk about background first and then let's see how the machine works next slide, please We come from Estonia and Estonia is a little country northeast Europe and we have developed a lot of governmental IT applications and This installation is about them and Mo will talk about these government IT applications Next slide So this is our national ID card that we have had over 10 years now In essence, it's a smart card that has some encryption keys that are signed by the national government certificate agency So it enables authentication and digital signing Next slide please So over the years our government agencies have set up different databases collecting information Needed for the operation for example driver licenses different kind of permits income tax, etc So to enable this Cross communication between these databases. There was this framework called XT or X Road that established So they provides this backbone of Services and information movement between But this network is really closed down. It's really hard to get the normal citizen to get access to to these services Next slide, please so as a means for an ordinary citizen to access this databases and Services a web portal called HDA or Estonia.te was established It tries to be a central place through which all citizen state communication could grow and After authenticating with your ID card, you can have access to the all information that the government has on you in different databases Even through the government has tried to promote this portal. It's relatively unknown in the common public Most people still don't have a clue what Information the government has about them and they don't know that they have a way and the right to access this information So in 2010 there was a need to reflect on these fast developments and the idea of Memopole came alive The concept was to turn around the positive image of e-government and present the same Data seen in government portal from another perspective When the government portal uses nice green happy and friendly aesthetics Memopole was meant to be the opposite big scary noisy and evil The machine has a smart reader and the pin pad when the user inserts his Personal document to the machine and enters pin code It starts collecting data from the databases through government portal and also from other sites like Google and Facebook After color collecting the data, it's analyzed and computed into animation Next slide, please This is the second version of the machine and this also included a scanner for international passports and other ID cards With them the level of data is of course smaller as it can access only public information but it's it still enables to generate the kind of Information sphere about the person you can see the machine in action on the website Just talking about privacy might seem abstract to regular public But providing the way to experience the invasion of it personally might alter some views Next slide, please extend time Here are some examples of data presented on the screen. It displays medical prescription drugs for from health System you can see your high school exams in the center There is a tax database that you can calculate Incomes and Facebook and Google widgets Next slide, please so in next year there will be a Memopole 3 in Germany and the plan is to include German ID card in the system as well so To access this day this card We need the local knowledge. So if there are some people who have been doing some things with it It would be nice to meet you and maybe talk about it next slide, please Thank you Okay, unhosted. Are you up and food hacking base is on deck right after this Sup Yeah, you can hear me, right? Yep Just try to maintain the consistent position by the microphone so the sound guy doesn't have to keep adjusting Okay, okay ready and go right so I'm young I'm the design dictator for the unhosted project and we love the web and we want to Help you achieve freedom from the web's monopolies and yeah next slide, please I'm gonna tell you a quick thing about software evolution next slide. So basically Software or what we what we do all the time is we have apps on the top and we have data on the bottom like your data Next which might be your documents and photos next slide and next slide And there are multiple applications. So whatever your word processor your photo editor next slide, please and yeah, that's all on desktop so you have your home folder your my documents and all the different apps and you have your data where you know, they are Next slide, please But yeah, that was on the desktop next slide Now on the web there basically you have all these package deals of apps and storage so you have your Google Docs you have your Facebook you have your Flickr and You need to get accounts at each one. You need to put your data there You give your data away you license it away, and it's a hassle to keep track of all of this next, please So yeah, and it's hosted so you you don't even know any anymore where it is So it's not even on your computer anymore Next mostly in California next So what we want to do is enable you to to have the Yeah, the good parts of the web next Yeah, but but with the with the good parts of your devices as well. So next all your next All your devices which essentially boils down to having a browser where you can access these from next Right, so we propose a better architecture next for the web next and which we separate web apps from data storage so say you have your your your web apps your photo editor your Document editor and but your data is in one place your home folder for the web Which might be whatever your couch DB instance? Your own cloud might be even your Dropbox if we get that legacy support running, but basically next You go to an application in your browser, then you authenticate with your or you via a webfinger call You get to the remote storage next that gets loaded in and basically synced all the time while you work on it Next and get synced back and if you leave it then It's vanishing again, so you can use it on your friends computer or on the internet cafe next Next so we call that protocol what we are basically all we do is a one-page Specification for an open protocol we call remote storage, so it's similar to local storage in the browser But remote so you can use it not only locally, but it basically syncs your local storage to this Remote storage that you have next so yeah the technology we use is basically we say Free software on the web or free free hosted software for the web is not the solution because it's still hosted on the server that you can't control So we say JavaScript is awesome because it's always on your client. It always runs on your computer So the apps are pure JavaScript next They do a webfinger call next to the storage and they authenticate either via OAuth next Or we do the sign-in via browser ID, which is developed by Mozilla and it's really really good Which wants to take sign-in basically from now from the operating system the user management from the operating system to the browser which is great next and Cross origin resource sharing which is basically which basically allows the JavaScript app to make cross origin across the main Ajax calls to access the data from the remote storage next extend time Thanks, yeah, and get put delete for syncing data next and We work on making storage providers compatible like own cloud couch TV and eventually Google Drive and WordPress and Dropbox next Yeah, that's me on the left That's Mikhil on the right. He's our code communist and in the middle It's Kenny who had the original idea and we are in a small town called unhoshed, which is basically our name Oh, yeah, we'll just make the application a lot slower If if you're a good coder know why should I know it depends on how good you can code JavaScript. So yeah, and next slide we're sponsored by Your donations and the NLF foundation which does foundation next We also do awesome projects with terms of service didn't read which is for rating terms of service next then Libre projects with lists lists free software web products next and Open tabs, which is decent less than transactions next Yeah, we're unhosted everywhere and thanks quick mic check Yeah, sure Yeah Hello So man, yeah, go perfect. Okay. So hi to everyone. I'm glad to hear to see a full haul It's not because of me. I guess but still it's nice My name is Francis. I'll pull back you may know me already from the CCC camp and from the last conference But also short lightning talk. I Am now in the head of the food hacking base Which is a small project which you could see in the camp for the first time where it was a part of the hackers on a plan under Nick far We basically come together doing different workshops presentations we were doing various food hacking, of course because that's what we like and In this let's say year From what I started. Let's say this project. We did also Hacker tour in my case and today and the last three days. We did several events here in the 28 C3 next slot. Yeah. Oh, sorry. Could you back? Yeah, so This is up. Sorry. I will just you know have to orient a little bit The first thing which I did inspired by 20 C3 And through the context which I got here was a hacking tour around Europe I went first to progress bar. We had a really great party It was open progress bar party in Slovak Republic after I pop in a better lap I went to sea base Hamburg. I went to Holland. It was really great I did it also workshops and met people who I met already here. So it was nice kind of, you know Come together again Next thing which I did was joining all nine one labs in Ireland It's a really great space in Galway. We founded a nice group called all nine one brewers. Next slide, please Where we don't we did a lot of brewing. I Did some non-alcoholic brewing about if you can see on the Irish and French faces on the photos the alcoholic experiments were More in favor, I would say next slide, please We are playing again with experiment incubator improving a bit, you know the design, but I have to say that we didn't got so far Compared to our drinking experiments Big event of this year ever I guess many of you Where was CCC camp? It was a great event. I'm really glad that I was there and It was five days of madness. I would say in its peak, but Yes, the experience was really amazing We did loads of sushi workshops, you know in the Indonesian cuisine, you know There are come people from Russia doing cross workshops. We did parties under the Polish Hacker space who came I Have to say that I'm really looking forward for the next one And I hope you come and we will have more fun brewing and experimenting next one Resounding also in our present, you know, not just on 28 C3. I hope in 29 C3 and 30 etc This year we came here and we did things just based on donations Open source. So means who would like to do something just came we got the things together and We did some probably workshop again some sushi to us. We have now just starting a Cheese tasting downstairs from a guy from soar who came from France? So if you like crock-o-fort, etc, you can pop in and You can do basic what you like come to us talk to us We can come Thank you And we can come together somewhere around My next big plan for this year 2012 it's to move to Japan where I would like to study more of the fermentation in the Japanese way, which I think are amazing and I hope that I will be able to share the knowledge which I get there and elsewhere with more of you There are lots of people doing Food hacking or however you like to call it like DIY bio which do a lot of biotechnologies Brewers of course, I think this part is really important of society or the important part of the society of the hacker scene And I see it strengthening the hacker centers and hacker movement. So please Come forward do it enjoy it and have a great time. So thank you very much for your presence And I will see you later on All right quick mic check. Is it fine? All right, so at the beginning a small disclaimer from me Usually I get really nervous at the stage, but I really like this tree. It should we're off in like about few minutes So luckily for us By the end of this presentation, I should be fine on the stage So afterwards just ask me some questions and now right now we're moving to my presentation My name is Slava Mujaps and I'm a member of the confidence organizing crew and This presentation will be about the conference. We have annually in May in Krakow in Poland So next slide, please What am I going to talk about? We'll answer for W questions What is the confidence? Where will it be held when why should you come to it and after at the end? I have a small bonus for you. All right. So next slide, please First of all, what is confidence? We are doing this conference for almost eight years now This year we have like the 10th edition It started us as a small project for just a Polish community, but right now it's much more international Most of the talks are heard in English. We have lots of workshops and villages around What do we have for in plans for this year? We have like two days of the conference We will be divided into two trucks every day We will have discussion panels on the most current topics in the it security industry in Poland And then we have lots of social activities connected with the conference. It's not only about the technical part It's also about the many types of villages. We have we had the lock-picking villages Some old computer-style villages who have everything last year. We also have like capture the flag Quake three arena contests We even had a special map for the quick three arena, which was like resembling the whole place We had maybe some of you do remember that we also had this special map for the CCC camp this year We just made a camp which was inside the quick three arena. You could play it next slide, please. All right, so where will it happen? First of all, we are in Poland and we are visiting in Krakow and usually the conference is held in Krakow You have to come to this place. It's really a magical city It used to be a capital of the country right now It's not but it's still a capital of the cultural part of the country So at the top most you see the picture of the Krakow itself and the main market But then last year we had a really good occasion and we found out an old water pumping station It's located near the city It's still in the city actually and we had a full access to it What you see it on the picture is that this red bricks around it looks like a factory It's totally industrial. There are still some running pumps downstairs Which are pumping water for like the zoo, which is nearby It still works, but they're trying to shut it down at some time in the future So they allowed us to enter this place. So this year will have confidence also in this area, and it's really crazy That's why it brings us to the industrial style. You will see that there are lots of like Industry workers and everything around which is still working. So you have to see it next slide, please Alright, when will it happen? Usually we have the confidence in May So this year there's no exception from that the dates we've chosen are 23rd and 24th of May and You are all invited to come to the conference. By the way, I've just put a small part of the Calendar there because this is the working week we have from the 21st to the 26th, which is Saturday Before the confidence itself, we will have another conference about the web page web web systems front ends and the back ends and everything and after the confidence we will have a huge land party for the Polish guys and for the Game geeks who are coming to our place. So you can just prepare yourself for even having like the whole week in Krakow and Add that at some point step into the confidence. Alright next slide, please Why should you come? First of all Is at the time one minute. Alright, you have to come there It's a technical conference, but we have a huge underground style and everything's fine. I'm just skipping to the bonus part. Oh This year last year we had the gringo warrior Which was like a mix of the contest for lock pickers You had to like set yourself free from the prison Then get over your documents and leave the area this year we're going even further if you see these marking on the plans There is a bunker hidden at the odd one part of the whole area and we we got the blueprints for the whole Bunker and we're gonna prepare like a spy games inside it We have we will have motion detectors. You will have to sneak past the guard. Maybe like somehow And of course save the princess All right next slide for me and this is the contact information and by the way I really enjoyed the traffic light signs you have here. Thank you very much This year we'll have like You can ask me later on thank you Okay, great my name is Mitch Altman and This is kind of ad hoc, but a few of us are going to talk about geeks and depression and suicide This is a fantastically uplifting part a way to end 28c3 in the lightning talks, but we're actually going to make it At least I'm going to introduce it as something Worthwhile and maybe even a little entertaining the thing is Oh, so Nick's gonna close the lightning talks