 Hello everybody. Hello everybody. Good afternoon. Welcome to the first lightning talk session of Dead Con 15. We've got six frightfully exciting speakers for you today, starting with Gareth Randall talking about Triplix, which has encrypted backups with no keys or passwords. Thank you very much. Good afternoon. This is a talk about a project that I've created called Triplix, which is to deal with a problem that we have with off-site backups. That's the sort of backup if your computer's stolen or your house burns down and basically you've lost everything except the backup. Now typically people do that by writing their data onto one storage device, taking it to a distant location and hiding it. But there's a problem. Now it looks like the graphics are not coming out here. I'm just going to see if they've got it. Stop the timer. Come on, maximize them. Right. The problem with sending an off-site backup is how you're going to encrypt it. Now you could encrypt it with a private key, but then of course there's the issue of how do you actually keep the private key safe? Private key may be the thing you're actually trying to restore. You could encrypt it with a password, but you might forget it. Now you might say, hey, that's not very likely. But consider the example in the financial services industry where you have to store data for seven years or maybe more. You could have say the police come to your organization and say we're trying to investigate financial fraud. Can you restore data from years ago? And it turns out the people who created that backup left the company so you don't actually know where the actual keys are. Okay, let's look at this project. This is a simplified solution. We have some plain text here, which can be any size. And we have random byte stream, which is the same length. And it's basically just the exclusive or in that together and storing this and the random data on two separate volumes. So you're now to decrypt that. Of course you bring the two together. Exclusive or them again, you get back your original data. So the secret you're now encrypting with is effectively the location of these two hidden storage volumes. So there is a problem though. If you lose one or if one becomes damaged without your knowledge, the other one silently becomes useless as well. Can we solve that? And fortunately we can. We can write three volumes each with any two of which can be brought together to restore the data. But any one of which on its own is useless to an attacker. So how does this work? Right. Our three volumes here, I've used a floppy disk logo, which is almost a bit like security by obscurity. But these could be anything. These could be USB memory sticks. These could even be tapes. They're actually written in stripes like raids. And you can see here that whenever you exclusive or something again, you get back the original data. So you can exclusive or D1, X or A with A to get back D1. You can exclusive or those two to get back D2, concatenate them and you've got your data. I'll leave it as an exercise to work out how you get the data from the third one and any of the other two. So there's a cost. It costs three bytes of storage for every byte of plain text. The great advantage is that you are now encrypting with a one-time pad. Thank you very much. Now if, and of course only if, your random sources are truly random, then any possible decrypt is equally likely. So dare I say it, it's effectively unbreakable. So let's look at the actual project. It's written in Java. You're basically doing your tar piping standard in, writing to your three volumes which you've plugged in. When you want to restore, you run the program and you pick any two. Heavily unit tested because the outputs obviously look very random. You can't tell them by eye whether they're right or wrong. I would hope that this becomes more mainstream and I'm very thankful to DebComp for giving me the chance to make that happen. And thank you for listening. Perfectly timed with four seconds to go. Next up is Tomas Bohert talking about implementing Debian with Ethereum. Ready? I don't know. It is already starting. Okay, so I want to share my excitement with something that I recently tried. Anybody tried Ethereum yourself? Okay, one guy. So it's cool probably. You think also? It's cool. Okay. So we want to share our excitement with it. So Ethereum is a bit like Bitcoin. Everybody knows about Bitcoin. But it's like Ethereum is like Turing machine, well Turing complete machine compared to Abacus, right? Because with Ethereum you can do much more. You can execute this in a distributed manner, arbitrary programs. Okay, it's actually quite difficult to understand what it means and so on. But I will try to introduce it very fast. So some basic facts. It was initially described three years ago. And there were many iterations already. They are improving the protocol and so on and so on. Frontier is the recent release two weeks ago which they made, which people could start mining the blocks necessary for computations on Ethereum blockchain. And in some sense it started really working. So instead of Bitcoins you have Ether. There's the same principle. The hash functions are a bit different and so on and so on. And there was an initial presale from Bitcoin which I didn't participate in. I mined some blocks using Amazon GPUs just for fun. So internally what's happening? There is a bytecode that is run on a virtual machine that it's basically distributed everywhere in some sense like Bitcoin. But it's tearing complete. That's very important. You can do whatever you want. So you can do arithmetic strings and so on. And there is a JavaScript language that you can use to compile your programs. And then you have to publish them on a blockchain so that people can use them. And I think they are using LLVM right now to do that. So programs in Ethereum are usually called contracts. And you have to pay, think about Bitcoin again, to execute your programs or actually to publish them. It's not very much. And contracts can access and modify the state on the blockchain. So think about it as a big database and you have programs that are executed independently of even the authors and modify the state. The programs cannot be changed when they are deployed. In some sense they are virtually distributed. So pretty cool stuff. This is the implementation of Bitcoin in Ethereum. This is like Bitcoin in Ethereum. What we see here is a balance mapping. I call it DEPCOIN. The creator of the contract has a lot of DEPCOINs at the beginning. And then you can execute within this program everybody can send, execute the code, paying a bit of ether to make transfers between people and doing transfers of DEPCOINs. So this is basically what we have right now with Bitcoin in 20 lines of code. There's another contract that I made. It's a program that you can bet your ether. So you can send money to this contract and it will flip a coin and it will give you two times more or zero. So basically it gives you zero all the time on average. So you can do that kind of stuff and you cannot control it. So what I want to do with that? I want to model the Debian democracy with Ethereum. I want to implement our interactions with it. So this is just a template. I want to map people and packages that they can upload and the new member process and so on as an exercise to actually know how Ethereum works. So this is what I said basically. I want to re-implement Debian with Ethereum. So I did some basic research recently to do that and I implemented some basic stuff like adding DTS and so on. There is no voting and that stuff that may be a bit complicated but I welcome you to help me with that. We could package Ethereum as well. That may be a bit difficult because it's moving very fast. So if you are interested please contact me. I have some ether. I can give it to you so you can play with it. And we can do something together. Thank you. Okay. Thank you very much. The next person is Yvonne Oluwch with universal operating software how to get all demographics represented. Just a moment. Please stand by while we equip the speaker. We'll actually take this out of order for the moment. So next up for just a moment is Adrian Gebenel Lopez talking about Rescatux which is a rescue task based Debian live CD. You ready? In just a moment. So clip the thing to his belt. Sorry for the longest. Okay. Welcome, Adrian. Okay. Thank you for coming here. I'm going to talk about Rescatux so let's go. What is Rescatux? Rescatux in the first place it's a Debian live CD so it uses the Debian live technology. Its main purpose is rescue. So that means that when your computer does not boot it helps you so that it boots again. And it has not also Linux user target in the users that are going to use the Rescatux live CD not only our Linux users but also Windows users. And its main property is that it's tasks based. I mean most of the other rescue CDs on the open source world give you the tools and you have to know to now how to use these tools. With Rescatux you just launch a task and it does it for you. So on the new Linux features section we have some examples. We have restore group and also restore group version 2. We can change the general Linux password so that we won't forget it. We can change it for another one or when the old system leaves the company we can set it a new one. If we are not very good at messing with Sudars file we can also regenerate it so that it works and then we can re-ed it. And we can do a file system check SCK. For the Windows people we can clear Windows passwords so that you don't need a password to enter into Windows. Then you can set up within Windows a new one. You can also promote a user so that it is an administrator and admin. You can also unlock a Windows user because sometimes the account aspires and you can also restore the Windows NBR so that if you are not using group you can boot with CC Linux actually. And just some extra features. Here's a screenshot that shows a hacker gritter from Tails, the diagnostics CD, where you can choose a language and a keyword so that the live CD works with your language ready. It's also to the text architecture at boot and it also has lootback.cfg support and we are looking for what for integrating it back to Daniel Life itself. So I wanted to present Rescatx just in case some of you in the devian world did not know about it and also because we need help on rewriting and we need it for jazzy, writing documentation, it's like every other project, we need documentation. To get new features, ideas, it goes minute. It's also very important to test and to find new books because depending on the book that it happens your computer may scribe and also it will be nice to have UFI support for Daniel Life which I think it is not currently implemented. So that's it. You have plenty of videos in YouTube in order to find how Rescatx works and how it is to use it. Thank you very much. OK, thank you very much. Next up is Richie Hartman with how to use Git to manage your digital life. And here he comes. Thank you. So most of you will probably have used Git at some point in your life but you probably mostly use it for code to check out, to distribute code or whatever. The thing is it's useful for a lot more than just using it for plain source code. There are examples. For example, if you want to do configuration management some people just think of pushing things out. But if you want to have backups, revision backups of your configuration it would make sense to not have this in a large, huge backup file. Just have one distinct repository with all the changes which you can then track all of a sudden and blame it on people or whatever. For example, you could use ETC Keeper for this. There is also the possibility to use it to manage your block and just have it at the background of your blogging engine. Ikiwiki would be an example for this. And then there is my main motivation for standing here to actually manage your own configuration, your own home basically to just manage all of your digital life in your home user or in your user home with Git. There would be two tools for this. We CSH to manage all your user configuration and Git Annex to basically manage everything else which allows you to maintain information about files in Git and synchronise this across arbitrary hosts and have arbitrary subsets of files but you don't have to check in all the data into Git. But it still takes care of tracking this where it is and just copying it back and forth by rules which you can define. All of this is pretty quick. There will be a buff tomorrow at 15.30 in Room Amsterdam which is in Building A where you are more than welcome to join and either tell us how you are using Git for non-code purposes or on the other hand just learn how others are doing it and basically exchange ideas. You want me to know? Oh, okay. No, no questions at this point. So just as a quick example of what you... Oh no, there's one more tool, MR which you probably want to use if you have more than one repository. That's all of you. Basically it takes out the pain out of managing your repositories if you say have 20 repositories from one project and then you have a few for work, you have a few for your configurations, whatever. Keeping all of those up to date is a kind of pain in the ass. If you have one single tool to just keep track of all of those repositories and then update them when you want to or just push out new information to your repository upstreams when you need to, all of a sudden this becomes one single command and five minutes of Wi-Fi at the local airport will just be enough to get everything synchronised down and upwards again. Thank you. Again, 15.30 tomorrow, Amsterdam. I think that gives Richie the land speed record. He's actually still got nearly two minutes left, but never mind. Long anticipated. Now we have Yvonne Ollewatch speaking about universal operating software. How to get all demographics represented? Hello. Hi, my name is Yvonne Ollewatch. I'm from Kenya and I thought I'd do this talk because I'm sure most of you are wondering. I'm new. This is my first DevCon to attend and I got to learn about DevCon last year. I was in a women tech conference where women technologies to have gotten from Africa and were brought for a conference here in Germany. I met a Debian contributor from there who said I'd fit in well in this group. I don't know what criteria she used, but then that's how I found myself. So this year when there was a Richie programme, I tried contributing in documentation, but then I was told documentation had been phased out. There's no longer that. Then I tried, I was told maybe I can try to maintain Debian, which I'm working, it's a working progress. Like today in the morning, I was so happy to learn. I was being taught how to use BTS, which is very nice. I found it's very simple and doable. So I thought I'd give a talk on how to increase more diversity in Debian because this is the first diversity section that you guys have created. I'm very honoured to be here to represent Africa as a whole. Also specifically with diversity, I'd like to put more focus in women, more women African being represented in Debian. We have a very good number of women technologists in Kenya who are doing well in open source, and if we can get more of that into this community, I think it would be great. So women developers in Kenya. If you've been in Africa and especially Kenya, you'll know IHUB. IHUB.com are my members there. Statistically speaking, we are like 15% women technologists there who are web developers, mobile developers and doing other things in tech. To get more women participation, I was looking at the structure under which Debian operates. It's volunteerism. So you get free hours out of your normal day job and you get to add something in Debian. If you look into the Kenyan context, personally I feel that's a long shot because for someone to get to us a day to contribute faster, just the cultural setup that you have back home I think might not fit well, but with time I'm sure it will fit if we get the right target audience. Then also, how do you tap into the developers community? So my suggestion was that if we had to get more women developers into Debian, I'd really appreciate if we can do partnership with an organization for women in tech in Kenya known as Acura Chicks. It targets young women who are either studying computer science or computer engineering, and then we train them into programming, teaching them various software programming languages. I'm part of Acura Chicks, and from there is where I came up with an initiative known as Cards, which stands for socially keen individuals redefining technology spaces. We do meetups once a month, or as frequent as possible with availability of resources, and we ensure that you build the technology community for women in the Kenyan society. So if we can do the same with Debian because before we do the long shot of someone having time to spend two hours or one hour on their own, we need to, a personal feel, we need to do more meetups, get more people in courage so that without that they know they feel compelled even when they're on their own to do some contribution in Debian. Then with that also, that one goes hand in hand with how to meet women in these communities or regular meetups. Then also, mentor-mentee program physically besides the one you guys, besides the one Debian already has online, because when I tried contributing during our treaty, you are to be connected. You being a mentee and you have a mentor who guides you through that. So I would also appreciate as much as we have that online, you can also do the physical mentor-mentee program. So I looked into the Debian Wiki for Debcom for 2016 or Debcom 16 and you guys had already talked about this organizing remote Debian conferences to attract more people which is a good step and I support that. So Debian is a volunteer community which is working well to continue creating more support for force and I know it just needs dedication and determination for people to contribute to this. So I hope materials are available and resources can help to grow that and attract more and I hope to see more African women in Debcom 16. Thank you. Thank you very much. One more speaker. Soon we will be talking about QML. So am I loud and clear? Great. So this is a five minute edition of the talk that I'm going to do on Monday two in here. So hang on. This is about QML how to write fancy GUI application in the modern world and we have this simple application. It's a rectangle that has a size and we can run it. Simple. So let's make it a bit more complex. We could say let's make it red and tarah or live and we could continue saying we want another rectangle and we wanted to say we wanted to bind it so that it fits in half of the red rectangle. This is basically anchoring things to each other saying that this inner rectangle is going to have top and bottom matching the parent rectangle and the right is the same parent that right and finally anchors left is parent horizontal center. So now we have a red square and white square covering half of it. So let's try to say maybe we want a bit of text in the middle and we have a text saying debconf and here we have a text placed in the middle. Next let's do a bit of mouse interaction. What about seeing a mouse area and let's just fill the white rectangle and when clicked let's do some magic no the white one because it is a child of the white one. So now we have a white rectangle and if we click it we get a debug output saying clicked but that's not finished enough for this. So let's extend and saying let's give this text an id saying it's called a text field and when clicked let's say text field dot rotation plus equals 180. So we have now, when we're clicking it, it is basically being rotated but we can get it even more fancy. Say so let's say whenever the rotation changes of the text field behavior on rotation let's just do a number a number animation and we should just seeing it actually flip nice and smoothly. Okay and this is more or less the basics of all of where we'll start on Monday. So everybody show up on Monday in here at around 2 I think but details in the schedule. Have fun.