 So we'll have lightning talks here, which are basically five minute talks that everyone can Give if he manages to register in time and sometimes we also have three minute talks But I think in this session we'll only have five minute talks To make sure that every speaker uses only five minutes. We have this nifty device called timekeeper, which Alex constructed Would you like to say something about that? I will give a short introduction on the first four minutes of your five minute talk Everything will be green. You just don't need to hurry and during the first four minutes the screen column highs up Until it's on top and if it's like this you still have one minute left and in the last minute It starts becoming yellow from the button up and for 30 seconds You have a yellow light and when it's this way you still have 30 seconds left and only if the red light is on top Like for instance that you know There is a moment when it's like this and I show you this No, we started five. We don't want to get into the last ten seconds. We tried again five four three Two one Marvelous, okay, I think we can work with that. I mean it's day four. So everyone is a bit Tired So if you're a speaker and you don't know when your talk is supposed to be you can recheck your time slot at the Mirror wiki because the other wiki is a bit flaky right now. I couldn't update it today So this is the address for the mirror wiki and just go to the lightning talk page there and you can see your time slot Now if you're a speaker, please sit in front somewhere if you know your talk is going to come up soon and then Get up as soon as the previous talker has finished exchange the clicker. You will need this to advance the slides Just press on the right button Don't don't miss the right button because then you this happens so Yeah, but this blackout button is rather small so everything should work fine Then the important thing is to talk into the microphone and not turn around and look at the slides and talk on Because we can't Understand you especially the people in the stream don't like it if they hear don't hear anything So you can see your slides down there on this monitor and also the timekeeper Just you basically see the same picture as up there So trust trust the monitor. It really is the same pictures up there. It's your friend the mic and the monitor are your friends So since the wiki was down, I don't have all the contact info and all the description for all talks So if you would like your information to be preserved for future generations then Try to create a lightning talk page in the wiki I tried it to this this morning it didn't work But you can maybe check from time to time and once you have created this page I can later on put it into the schedule and then your people have a link there They can click on and look up your contact info and your talk description and maybe your slides if you uploaded them So if you would like that then please try to create a lightning talk page in the wiki I think it will be online after the Congress for at least a few days and editable There's also a translation available the English talks will be translated into German German talks into English just called deck number 80 14 for Zal G and Every talk should be translated. Yeah Let's take this moment to give a big hand to the translation people because they're really doing an awesome job Especially with the lightning talks with all these different topics So then I think we can begin have a great session So I'll start the first talk which is going to be spatial spread of student hackathons Well, that's a nice start is the talker here again spatial spread of student hackathons nobody Yeah, yeah, there's some some karaoke here That's that's yeah, that's a bit sad. So I guess the speaker is not there. Hmm Yeah, then no, we're would be stupid if we now sit here for five minutes I think we just go on then take this away. Maybe he got stuck in an elevator Or maybe he didn't get a ticket But that was another person that Never mind, then then we just continue with per six This may come as a surprise So your talk is up now per six. Are you there? That's nice Okay. Hey, hello Perlfans So I'm in your and I'm here to convince you that Perl six is a beautiful nice language worth looking at So let me remark that I'm actually not a per six developer But I used to be one in fact almost ten years ago I gave a talk at the regional Linux conference titled per six just now and I agree that the title was may be a little bit premature At that time I was hacking on parks a very fun project where we tried to build a prototype compiler for Perl six and Haskell This project was led by my personal hero namely odd way tongue and was really really nice Anyway, I am certain to say that the joint release of part six and new hurt was cancelled and that person and and so after years of Announcing that per six would be released at some unspecified Christmas as the future I hope that they are now as happy as this camel that it was actually released a couple days ago Okay, so a per six is not source level Compatible with power five, but still you can use part six modules from power five and vice-versa works rather great So let's dive straight in here's a short example program So you still have the secrets, but they are invariant now so in line two you see basic input output and Also from line three you can infer that everything is an object in politics just like in pure Python or Ruby So and you can use either object-oriented notation for calling a method or procedural one Then in the next block you see a for loop There you have like in Ruby and block which gets a parameter I and this block gets passed into the for function In fact, the for function is nothing magical You can define your own control structures if you need arises. They are just special subroutines which get a block, right? In line 10 you see that Paul 6 is still an operator operator based language So there's a principled way to create new operators out of given ones This one is called on hyper operator if you have like an ordinary operator in this case the star then you could can put brackets around it and then it will be operator which you can apply to a list and The result will be that the operator is applied to between any two elements of the list So this is a nice way of calculating the factorial of six Finally in the last line you see Another way of systematically creating new operators out of given ones This is operator for doing component wise addition. So you have one plus three two plus five and three plus six Here's how you do object orientation in politics So you have a class keyboard a proper keyboard you have inheritance You can define accessors if you want to you are you will also have like get automatically created get us and set us In line three you see a sub typing declaration. So the name of such a kid So it consists only of uppercase letters If you want to you can also give a proper name to this subtype and then use it several times Also typing is optional in politics, but it's available if you want to this is called gradual typing and From line six you can infer that politics as a proper like method Argument passing Decoration, yeah, so you can declare many parameters the question mark indicates that one of those is optional You can also create declare named parameters. It's very nice Finally, let me mention rules rules are there Like the outgrowls of regular expressions They are vastly overhauled their main difference to regular expressions are the following firstly They are not no longer white space sensitive So it can insert white space and also comments into rules so that you can de-opfuscate your regular expressions and secondly, you so if a match succeeds you do not only have like groups the pattern groups which are like the first or the second and third For looking into the match, but you get a fully fledged a past tree, which you can then further process Okay, so that was it. I hope you are convinced that politics is at least looking at it was in development for a long time And now it's here for your enjoyment. Thank you very much Thanks a lot So we'll just continue with the next talk then so we have lots of time today since the talk was cancelled We can all just relax There you go. You have to know that this programming language is a kind of better calculator Type 2 plus 3 into the terminal Monty Monty did so strange. Nothing happens. She wondered Yes, of course not. You still have to press the enter key Python explained Now our five appeared on the screen. Wow great Monty exclaimed. Can I calculate everything with it? Just try it. Python suggested so now you might wonder what's going on here So this was just a little excerpt from my book. So at the moment, I'm working on an open source book project And they're a creative commons share a light license. Yeah, and this is joint work with Ingo black Schmidt the pearl fanboy from the talk before Yeah, so What's the idea? I think programming is great fun and creative. So kids should really learn it. Yeah, and I'm writing this book and so they can start programming early. So the target audience are Let's say fifth or sixth grade children This is not just a non fictional book but instead it includes a funny fantasy story and each chapter of course includes a lots of exercises and At the end of the book the aim is that the kids should have done an own little project Yeah, which is pretty cool and they can show it to their friends Yeah, then I can show you some pictures. I've drawn. So this is the heroine of the book. This is Monty She's just an ordinary little girl and she loves math and logic and earthworms and also rain Yeah Yeah, and she has a nice life, but then suddenly some aliens appear Yeah, and capture her because they're really in trouble They had just one programming alien which is alien which is lost and now Monty has to fix all the trouble because their spaceship is broken Yeah, so they really need her and The third character in the book is Yeah, a stocking She calls herself Python or pie. Yeah, she believes that she's a dangerous snake which in fact she's not and She's able to understand the spoken and written language of the aliens which is pretty good Then she can translate everything to Monty Yeah, so these are the main characters. Of course, they have lots of adventures in the book Here's one example of an exercise of the book It's just swapping values of variables This should teach the kids that you should choose proper names for your variables not your frog and duck Yeah, exactly. Yeah, and wow, I'm quite good at time. That's pretty much it So the staff is on GitHub. You can check it out, but at the moment everything is just in German yeah Yeah, so I thank you for your attention and have a nice last day on this great conference. Yeah So next up Modern security models for operating systems. This is a 16 to 9 talk video people. I Think looks like it No, it's not Geez Yes, it is Okay, thank you I'd like to present you Modern security model for operating systems As you can see we use more and more at that so-called smart devices And we store more and more data on them This data is sensitive So it's rather obvious that we need to protect them and in fact in mobile devices The data is somehow protected, but what about desktop systems? What's the difference between these two images? The tricky part is that if we press install We want to ask us for password, but in Android for example We need to accept a set of privileges the application would get when operating What's the real difference here? in the first case the desktop systems Installed application is a full extension of the user It just works on behalf of the user So it can do everything user could do by sitting on the terminal and in the case of most of mobile systems Application is somehow jailed or restrained to the privileges we accepted it to have so Operating systems to be useful have Some resources some services Which should be protected in desktop systems? They're mostly not in mobile devices. They are I'd like to introduce you to the system Which provides access control on on desktop systems? It consists it's founded on three pillars I don't have time to discuss all of them or they roll in this framework But it consists of dark Which is familiar to most of you I think smark which is one of lsm's if maybe Selenux rings more bells than it's maybe not something similar but analogous and Sinara the new policy tracker in User space if you know polkit or policy kit it's something like that, but much faster and much Much better. So what's what's it's all about? You have? Service in system say it's network manager and you have application which want to to manage some features of this service and it connects with some IPC to the service for example debas or Unix socket and the service needs to know if this application has access to alter the settings For example, if it's our Dedicated GUI to alter networking in our system then it's okay For the service to listen to that application and alter the settings But if it's some random application with we download from internet probably it's not How the service knows That the access should be granted or not it asks it's it asks sinara Which is a basically a database with policy on the current system and sinara answers the service if the Access should be granted or not. So if the the altering should have effect or not So how to narrow knows the answers? First of all, we can have some same defaults built in defaults in the system We can have manifest. So if you know the concept of Android the application can come with predefined manifests and Manifests the the the accesses they would need and privacy manager and administrator can alter the policy online There are these questions in the systems as I said before So what we Happens is that the service in this case for example GPS knows who who came and wants to know something or alter something and it Sends the credentials of the application to sinara it queries sinara and Sinara knows the answer as it is database and can Return answer to the service so service knows If the access should be granted or not, that's all if you have any questions. I would be around here. Thank you Will continue with two other 16 to 9 talks next time I also state the final name and so on Okay, that's it. Go ahead. Okay. Hello My name is you and I and I've written another pink town So let's start. Why did I actually do it? So? It's working. Okay, so I see me town I see me town basically Well, I see MP the diagnostics protocol We probably know it by pink to check if a remote host is up or not. What's the path to this? Remote host and this protocol is quite Flexible the product you can put any payload on top of it, especially you can you can even put the IP Data on it and it because it's used for diagnostics. It's usually very open no one Oh, some people close it, but many people keep it open for their use So we can actually use it as a cover channel and this idea is not new It's been around for like 20 years or so since frack in 96 But and there has been many implementations But I decided we need a new one and I'm gonna tell you why so I'm gonna talk about the previous implementations The first one I thought I you will probably see online is ICMP TX It's very primitive. It doesn't have many features It's mostly a reference implementation if you want to read like short code that explains how to do Virtual interfaces stuff and ICMP low level. It's a great code But you can't really use it in real life. The next one you'll find is hums In case you don't know, this is like a futuristic BMW car. Nobody Fixed it, but yeah, so and it's very advanced. It has IP address assignment and many cool feature Authentication encryption so you can set up MTU. It's written in C++ But it's too complicated in my opinion and that's not very usable and it does things that other tools does much better Like open VPN. So I didn't want to use it in real life So it came up with my implementation my implementation aims for usability and Simplicity, okay So there is no manual configuration of anything you just run the one the command and it works You don't need to disable the ping replies on the server or stuff like that. You can just do it There is name resolution so you can specify an address and not an IP which no other tool is done I don't know why it's very simple thing to do We have congestion adjustments, which is very cool if the server Has lots of data to give to the client and the client is behind a net or a firewall The client picks it up and sends a the request in higher rates So the server now has greater bandwidth to send the data back It also has a peer-to-peer communication So if both client and server are on the same network They both will just use the echo requests and not the replies. It will be faster I didn't put any crypto because I think other tools should do it like open VPN and it's point to point only the only cons I see right now is it only supports Linux? so The future I'm gonna expand the support in other platforms I'm going to contribute to open up a t-package in the coming month I hope and if anyone can help me port it to OS X or Android that will be great There is also another idea I've been thinking about To combine it with so cut in one way, but I'm still thinking of it So if you have any input you can give me if it's a good idea a bad idea, I think it's awesome I would really like to hear from you That's it. If you have questions contributions requests talk to me. It's very easy to find me I'm Yanai L on all the platforms. So thanks a lot. That's it Just stay there for a second. I think this is also yours Okay, hello, remember me So it's me again My name is Yanai same thing as previously and I work for checkpoint and this talk is based on a post we're gonna put on our blog So this is our blog if anyone is interested we have cool stuff and Yeah, I'm gonna talk about how to do an ICMP tunnel with no roots So in Linux you need roots to set up an ICMP tunnel even as a client You need to actually needed to set up a virtual interface You need to do some routing so your traffic will actually go through that interface and you need to do some low-level ICMP Read and write which requires elevated privileges So how can he overcome this idea because many people don't have root on their devices namely Android is very common Not to have root on but you maybe still want to have an ICMP tunnel so The routing and virtual interface is easy. We'll just use a socks proxy We'll forward the traffic for it. We can use it to flabbery injection like t-socks does or with Modern browsers they have configuration for socks proxy. So it's easy and open VPN also has it But what about the ICMP? Well, that's all there is a solution. There is a one application that does ICMP requests on Traffic on behalf of any user. It's ping and ping. It's really cool But it's a suite so you can't do hacks on it really it's very protected You need to just go with what the authors of pink thought when they wrote being so getting data out is easy We have the minus p flag you can specify a pattern 16 bytes. Oh, it's good enough. You can send data That's quite easy. But what about incoming so incoming data? Well, I thought about a very elaborate scheme to send pinks to the server the server will delay the replies or drop them And then the client will figure from this encoding what the original data was but that's really that's a problem It's hassle to implement. It's very inefficient. We'll get like bits per second That's that kind of suck So I kind of left this idea and then I came I debugged my tunnel and I found this So I don't know if you can see but this Actually is a client sending a ping normal ping to a server and the server instead of replying with the original payload Sends a different payload and for some reason the authors of pink thought it would be great If the client will just do hex dump of what's this server sense? So if the server sends a wrong payload Pink says, okay, maybe I'm a hex dump now and I should dump the data from the server. Cool. So Yeah So this is method two basically just the client just send ff's the server will reply with anything it wants escaping the ff's and ping will just bring the hex dump the client can just do the reverse hex dump and get the result So that's cool And this is my method and I just when I saw it I wrote a quick demo of a reverse shell over this thing like a reversal over ICMP Which requires no root and I going to put this demo right now. It's a one-liner, but yeah people will object But can you put it up? If we don't have time you can put it in double speed Yes What is it? Sorry Okay, so what we see here on my right is the client on on the left will be the server on on Amazon or is running? No It's I think it stops. Yeah Okay, so now I'm connected to the server. I'm gonna download the server code from from the internet Blah blah blah blah blah blah blah blah blah. Oh, I should what sorry? I'm not pressing anything You know just hope the demo works Alright, so I'm pinging the server and now I'm on the server. I'm gonna stop the automatic reply by the kernel. So now It stops and the server does not reply anymore and I'm gonna Start running the server The ping server, so please start. Yes Okay, the server is running now. I'm gonna start the client So the client does not is a normal client. There are no privileges there. This is my one-liner as you can see Yeah, and now there is a ping lots of said in the middle there is an interactive bash more said and Then another ping and now I'm running Commands on the server and they come from the client if you can see the server is running Commands like who am I and it says my user not the root. So that's how it is Yeah Thank you you can Thanks, you can stop that now just running the the normal commands on the server to see it was actually coming from the client But that's about it Okay, cool. Thank you very much again. I was in I and thank you. Thanks a lot So we're going back to a note school four by three Talk Borg backup so Hi I want to show you a bit about Borg backup. It's a rather new backup software and Some guy on Twitter said about a software the holy grail of backup software Well, you check it on your own if you agree. My name is Thomas Waldman and clickers here So What did it come from? You some of you maybe no attic backup and Borg backup is basically a fork of attic backup Attic is about five years old and it has a quite good design internally from the software It exists for quite a while. So it's not that new But the problem a bit with attic was the development was rather slow going because the main developer has no time and He wants to do all on his own and so the pull requests on github piled up and it all was a bit slow and Some people wanted to contribute including me and it didn't go on So a few months later, we basically decided okay, we fought the project so we can advance it and that's how Borg backup came to life in May this year and the goals are to be faster paced of course and To be also more inviting to the community so new developers can get in more easily and can get their pull requests accepted So what are the features it's quite an easy tool you have a easy command line in the face You can also have a single file binary for some platforms for Linux for free BSD for Mac OS X So it's basically no installation. Just copy the binary onto your system and you can do a restore It supports different compression methods for example as that for it's a very fast compression You can also have a ZMA or Zlib. That's slower, but better compression We do encryption and authentication It's encrypt then Mac. So it's the recommended mode And we use a ES in counter mode and HMAC chart to five six We also have a few support so you can do a backup and later mount the backup archive So for example, you can use your file manager to just copy some single files out of it It's based on content defined chunking and it does de-duplication based on these chunks Free and open software or platform support is quite good We support multiple architectures. It's not only x68. It's also on ARM and it may be also runs on other platforms You can have extended attributes and ACLs on your file system. It has support for hard links and Basically everything you can think of There's also quite good test coverage and we use a continuous integration system and everything is based on Python 3 And a little bit of siphon and C for better speed But about 90% is in Python About a de-duplication, it's quite nice because it works on the chunks. It's not on Complete file based de-duplication, but it's based on pieces of files so you can De-duplicate your virtual machine images and if you start your virtual machine and Stop it again and make another backup. It will only back up the few chunks in the virtual machine image that really changed Also, if you rename a big directory It will still work with the de-duplication because it's not based on the name You can de-duplicate between Different machines if you just start them in the same repository you have historical de-duplication so if only a little changed since last back up it will only back up this and Also, if there are duplicates within the same backup, they will also be covered Maybe look this up on the internet. It's a bit too much for now But it's based on a rolling hash. So the computations it needs to do are quite efficient This is the most important URL it's just on github or backup and Well, if you have any questions, I'm here at the Python assembly. It's on the first floor Just take the stairs and then on the left Yeah, or meet me on Twitter or on the IRC and if you have anything just use github make pull requests make feedback Thank you Thanks So we didn't really have to push anyone off the stage until now Yeah, they they do see they can't see the monitor, but they always forget it's I understand that it's no problem So talking to the mic don't forget that the monitor is down there Hello Yeah, we didn't hear my noise product for to tell him that see for a certain speicherungen as möglich gemacht hat It's something to do the Deutsche Bundes post Bundes post was from Geben die Schitts euren internet verkeer vor Zugriff durch alle Behörden durch den Start und so weiter die Deutsche Bundes post ist ein E-mail datendienst Was schützt sie sich jetzt alle Inhaltsdaten und alle verkehrs und Metadaten Das ist natürlich wichtig weil wir menschen aufgrund vom Metadaten töten also nicht direkt wir sondern unsere freunde und das geschenk von Heiko Maas an uns ist Die Regelungen in der vorrat platten speicherungen dass der gesamte e-mail bereich komplett von der speicherungen ausgenommen ist Danke Heiko Wir wissen auch dass der deutsche deutsche bundes post nicht von dem bnd gelesen werden kann wenn ihr eine de e-mail adresse dafür verwendet denn alle e-mail adressen mit der endung de werden vom bnd herausgefiltert Wie funktioniert die deutsche bundes post Die ip-pakete werden über e-mail ausgetauscht und die e-mails werden über das unsichere überwachte netzwerke schickt Und wie das genau funktioniert das sagt euch jetzt soll Also technisch ganz einfach wir machen wir nutzen das tun device Neben jedes ip-paket was da ankommt packen das in e-mail versenden es über s n tp holen es über e-mail wieder ab Entpacken das ip-paket stecken es wieder in ein tap ent an tun device und es ist wieder im netzwerk stack Fusiert also mit allem was irgendwie mit ip kann Es gibt nichts neues unter der sonne auch ip über e-mail nicht vor zehn jahren wurde ein itf draft standard von Herrn donald eastlake geschrieben wie man den ip-pakete in e-mail in dem fall maim kodieren kann es gibt also application slash maim ip um die pakete einzupacken wir machen einfach base 64 packen paar optionen hinzu die uns sagen von wo kam die die pakete und welches ip format ist es Zudem können wir noch angeben wie lang es denn normalerweise dauert und wie länger dann die ip pakete über e-mail bedrückten Higher is better Also wir haben die tausend fache sicherheit Dauert auch tausend mal länger aber Auf sieben sekunden kann man schon mal auf sein pick warten Ja, wir haben eine implementierung der draft standard um richter standard zu werden braucht zwei also wer möchte kann hier einfach noch mal unser Mainstraat nach implementieren man kann sich hier auch bei dovetail Das ist unsere referenz implementierung mal ein paar ideen holen Is nun park zahlen rubikot Also bitte lasst mir nicht verarschen Netzpolitik org hat mehr information darüber korbu verwenden lupig verwendeten tor and held verwenden otr verwenden Und dann seid ihr vielleicht sicher Thank you An introduction to jackel No not again So johannes trap around May the real johannes trap please stand up Last call This is actually a bit um yeah, it's not very nice if you register talk and don't show up because other people would like to Give a talk and i had to tell them it's all full Yeah, you have to think of some punishments No, i think i'll just remove the slide now and we'll continue i mean we now have um We have a few minutes left before the break of course and we still have two talks But if you're sitting here right now and think you have a pdf on your Notebook that you can bring up here and want to talk about Then you can do that since we still have time But right now we'll continue with the next two talks. There is one I think what I don't understand you you're too quiet Okay, then Okay, okay, that's nice. So here's what we do. We we just take the next two talks now and after that you can come up Put your pdf on an usb stick and I can load it up I don't have one Okay, we have one. Yeah, we'll see hopefully you talk about something serious So let's continue with void linux state of the void The yearly state of the void talk morning um Hi, I'm god talks and in obo land and I'm talking about void linux Uh had anyone see of you you guys my last year's talks One guy again, um It was the one with the kitties no kitties this this time so, um Please look at the monitor not the slide Nice slides So the history void linux is linux distribution fusion which was started in 2008 as a test bet for the For the package manager which now x pps as part of void Juan which is an Spanish guy is the founder and project leader. He started the project in 2008 Yeah, what's what's void linux? We are an Ordinary linux distribution. We are rolling release Some things are quite different We are using lippere ssl instead of open ssl. We dropped actually dropped system d one and a half years ago and replaced it Replace it with run it. I still don't know how to pronounce Is it run it or is this our unit? I don't know and we have our own Our own Package manager with which is called x pps Um x pps is a package manager from the scratch We are signing every package which is which are Loaded from remote sources if you have a local repository you can also do unsigned packages and we have It's an ordinary It's an ordinary package manager, but we have still some cool tools like We can generate nice dependency graphs using Dot format which can be seen here You can see here bash is quite low on its On its dependencies actually fun fact if you're doing If you're doing a gnome dependency graph the png of the dependency graph is about 30 megabytes big in png I have no time. What's what linux for devs? We are completely managed on github. We have We have continuous integration based on build, but so if any packages get updated on github They are going to our continuous integration and they are automatically if they build in our In our repositories Now why use what linux? We are very fast in development. You will see this in the next slides We have quick updates and it's very easy to get involved due to our Github-based development The last year there was one active user in the audience. How many void linux users are here? Oh great. I think we degraded about 100 percent percent That's that's still one. Are you the same the same guy at last last year? Ah, okay, so we have at least two active you void linux now Which is great about 100 percent in one year Yeah um And although I says actually looks Okay, some more db no buntu some more mac Nice okay The last year, uh, this is our this is the last year of our package Package system the void packages. So we have got 15 000 updates in the last year, which are about Uh 40 commits per day Don't get me on this We have about 6200 packages in Global and we are doing Yeah, you can see the numbers. It's just this this Oh time's up conclusion. We are the new cutting and like in the um on the block and we have two active People which are using this stuff quite some Fun fact um quite some more people were at our assembly We are still at the assembly at the hall three if you want to come and drink a marty or or whatever just just uh join in Uh, a lot of stuff happened last year. I just so showed that and thank you We have no time for for questions. This is the url We have a twitter account and this is my private twitter account. Have a nice day. Thank you thank you We still have one talk and then yeah, no no problem, but stay stay in front of stay stay here because you have to get up quickly So this is going to be a 16 to 9 talk again Hey, everyone, uh, my name is les van. You may call me bobby because it's much simpler today I'm going to present you android intern fuzzy model for droser or you may call it fuzzy noser because it's simpler um a little bit of introduction, uh, basically Um, we want to build we have built actually an under an open source project where Um, we fuzz intents intents are used for android to communicate between activities to announce some events stuff like that and an intent has several parameters like six parameters And in the first phase we collect information about our system. We target either one package or the whole system android system then we Create the first Intents and then we send it to the system Then we collect the responses. We we see how Applications handle those malformed intents or to say Um for those who are not familiar with droser droser is an open source framework for testing android security Basically, you have a server running on your linux machine and the client. It's called and droser agent You install it on An android phone or device actually It communicates with your server through an android debug port 31415 by default And then you have this console where you can list all the modules help Help any module or run every any comment any module What does our fuzzy noser? At this point is able to Send broadcast intents files the intents it can save a seed file Which is actually a trace of all the intents which have been run until a crash occurred And if a crash occurred You have a log file saved And also the state just not to Must re-run the whole thing From the beginning but from the crash point onwards Um a cool feature also is this denial of service attack We have been performed against activity manager using our project This is how it looks like basically you run the name of the module in our case intents fuzzy noser And then passing some some parameters Running help you can see what kind of parameters it accepts and which kind of values Regarding the results we get a lot of Exceptions so far like java exceptions Illegal exceptions and security exceptions And of course this denial of service attack against the activity manager Can you have the short movie you want to show your demo movie? Yeah, okay You can play it for from the middle or something I'll try Yeah Okay full screen Yeah, I can kind of play it from from the middle Just to skip like two minutes Okay So, uh, this is drozer in the left. This is the agent And this is our module and basically We are using Intents lot fuzzy noser minus minus dose attack dose command You can skip like 20 seconds or so We are running against this calm. Don't under the bluetooth package Yeah, please please skip like until Yeah, you can skip it until here Yeah, so this is the command and You will see the result in a second Basically, if you try to open any other application It will shut down automatically and it does it for for the whole for any application This is Happening only during this denial of service attack Thank you. We can come back to the presentation I have just one more slide click Yeah, and Here is our account. It's fuzzing on github. You can reach us We have several projects there and thank you for your attention and Please come and contribute with your feedback opinions anything. Thank you very much All right, thanks Okay You have a clicker on the on the podium I just have to look for your talk here fuzzing pdf So I will also talk about fuzzing But on linux, so yeah, wait a second. I have to determine the aspect ratio right now. It's four by three So video people it's four by three Let's go Hello, um, i'm hano and I run the fuzzing project which is uh, yeah, I try to fuzz free software and improve security and Remove bugs from free software packages Fuzzing is basically can be explained as you throw garbage at software So what you do is you use some input and then you add errors to the input and then you see if something bad happens And something bad could be a crash, but also could be other things like everything that indicates that there's some bug um There's a tool called american fuzzy lob which has now been available for like two years I think and It really kind of redefined what good fuzzing is because it uses a very intelligent algorithm That it observes code paths in an application and if it finds a new code path it feeds that input that generated that code path back into the Fuzzer and uses that as a further sample for fuzzing That's how it looks. So it has a very nice, uh, ascii interface Um, uh, most of the stuff is not that important The most important thing is the red number you see which is a number of crashes it found in some application Um, this is a kind of maybe unusual example for a bug that I discovered with american fuzzy lob um here you see a relatively simple Calculation so we have some number that is squared and it's And then a modular operation with a very large number And you can see two results and I would like to ask who thinks the first result is the correct one Not that many who thinks the second is the correct one Okay, so most don't have an opinion on it Actually the first is the correct one and that can be easily seen because a squaring roughly If you square something it's roughly twice the size of the result. The second result is the result from open SSL Yeah, it's been fixed now last security update fix that That's the where the bug was introduced I have no idea what it does. It's It's an assembly optimization of the algorithm and yeah somehow a bug slipped in there um, then, um, here's a very simple example of A stack out of bound street. I hope you all see that this code is wrong because we're reading Um an array out on an index that doesn't exist um These kinds of bugs Are a bit tricky to find because usually when you run this code it will just run and read something out of the memory But it will not crash. So the application will still run. It may do something wrong. It may have some malfunction but Yeah, so it's kind of a bit tricky to find these bugs, but there's Another great tool which is called address sanitizer And it's a feature of the compiler and if you compile an application with address sanitizer Then these kinds of bugs will give you these kinds of error messages um Yeah, which is nice and if you're using fuzzing in combination with address sanitizer, then you find much more bugs But also, uh, you can just use this for testing your application And i'm still seeing applications that if you just compile them with address sanitizer They will show just by running them some invalid memory reads and that really shouldn't happen So if you're developing any kind of software in c Then try address sanitizer test your software with it and uh, yeah, if it shows you bugs then please fix them Yeah, thanks for listening If you want to hear a longer version of that talk and are in berlin on the 5th of january I will do a longer talk on the fuzzing project in the aftra hacker space And I also did a talk yesterday, but yeah, you missed that Yeah, thanks Thanks a lot Thanks a lot for jumping in on such short notice ultra lightning blitz flash talk So, uh, then we will start with a break right now So we'll meet again at two o'clock in this room for the next Part of the lightning talk session Hanno, I think you want your flash drive back, right? Okay, I think I think we can start with the next uh part of the lightning talk sessions Please have a seat close the doors And somehow you see I'm over here because uh the fail overflow crew somehow Yeah, they took over our stage and they are going to present a short hardware hacking demo It should speak for itself. That's it. Thanks a lot. So now we have to set everything back up again These guys are really fast. I mean When they came up here on the stage I I thought geez So that's it I should probably get my get my slides back again now So then we're going to continue with the regular lightning talks now IPFS is the next one All right, so uh IPFS who here has heard of IPFS before Oh, that's pretty great. So, um Oh, is that okay just a minute we uh cannot show you Brand new things just on the screen. So either you step back for one talk We have a chance to ref you your pdfs. Okay, or you take the old ones Um, they they are the guys that just gave me this is the wasp stick. I'm supposed to plug in here No, I get it. I mean all the all the trouble you're killing me Okay, IPFS update looks much better Ah, that's better Okay, cool. These are the slides. I actually am more comfortable with All right, so IPFS is a protocol to upgrade the web. What's the sand floor interplanetary file system? It's kind of a mixture of torrents and git and the web and a bunch of things that have existed for a while But we're putting them all together and making them great So the web today is this big giant cluster of weird things connected all over the place and it's you know, like a giant hive consciousness And it's really great. It's really awesome. It enables, you know, what we have today You have all of these different services for people to do everything they need to eat along with their lives and It's awesome But they're mostly centralized, you know, if your connection to the backbone goes down if the server goes down if things Break it's very fragile. You lose access to all the things you rely on and So like the web right now is very centralized You know some aspects are decentralized But what we really would love is for a fully distributed web Where there's no single point of failure. No single point of attack for you know, bringing down infrastructure So IPFS is a protocol to upgrade the web You have the we call it the distributed web or the permanent web or the merkle web, you know for a merkle tree hashing It's offline or it can be offline. It's smarter. It's distributed Permanent safer and faster So today we use location addressing if I want to access a you know page I give my browser the location of the page I say it's google.com which resolves to an ip address and then I go to talk to that machine and I get the things from it Right. So example.com goes to this and then I follow the path down from there Uh, that's you know, that's centralized broken What we do is we take and we map to content location So we really don't care where things are. We just care what they are Um the way we do that is content addressing which is similar to how git works So today or yeah, so right now you would go and request, you know to a given server I want this thing And you have to go all the way to that server no matter who else in the world has it you go to them and you get it from them and With ipfs you can request the file from anybody who has it no matter where they are Anywhere on the internet anywhere in the world or if they're right next to you or if they're in Antarctica You can get it from them without really much extra effort or without any extra effort um So the ipfs stack is really three parts you have a peer-to-peer networking layer Where you have you know networking you have basic transport tcp reliable or reliable udp You have a routing layer Which you knows For us a distributed hash table and then on top of that you have data formats So you can format your data in different ways to make it easy to transport around the world and you know transport around the web And you have a naming layer Which allows you to have mutability over kind of a static web Which is you know kind of required and then on top of all that you build applications, which Is the fun part Then that stack looks like this where we have all these different options at every given layer You know all these options for networking you can use cjna s wr web rtc quick You could have you know, we use a cadently the ht for routing, but you can use many different things You know The exchange can be bit torrent. It could be our bit swap. It could be straight up hdp just as an exchange And then in the middle everything is a merkle deg data structure And that builds on top of all of that and then above that you have you know, we can implement our own dns type thing We have ip ns you have namecoin you can use for naming and then you build applications on top of that The ipfs project itself is very open. We you know open source everything is out there We have lots of contributors As this is actually you know a cool little graphic We have all the people who have helped out and contributed ipfs. It's exciting to see that many faces on the thing We have all these applications that people have built so far and many more This is just a small list that we pulled together for this presentation lots of really cool stuff And if you there's this that's where that list is from And oh crap go back and if you want to learn more there is a session at uh 14 25 and hall 13 It's kind of a small group session But yeah, that's I think all the time I have right Thank you So You probably want your usb flash drive back Just come afterwards by my laptop here Open source and the right side of the brain. No, this is not the one That's it. Yeah Yes, it is So uh, we're going to spend a little bit time talking about Free and open source software and the right side of the brain And in particular how people with right brain competencies Can interact with programmers and developers. What do I mean exactly by right brain competencies? Could be a designer could be a usability expert These are probably the two competencies we'll speak the most about it could also be a musician a writer Somebody who plans a media campaign Any of the skills that you need to launch a mass movement any of the skills you need For persuasion to work most of the things we think of as a whole lot of fun And they are different than the skills necessary for programming But they interlink in all sorts of interesting ways. Okay, so forward Images are powerful I wrote a piece a while ago basically talking about how there's an analogy to pre-compiled code I'll show you an example of what I mean the brain processes image very differently than it processes written language Which do you notice first on this slide? If you're like me, you probably notice the images The text the words take longer to go through Um, it's it's a different It's a much older processing system written language is a very new technology Only dates back about 5,000 6,000 years We as a species we as organisms Have been processing visual data and reacting to it for many millions of years And as a result It acts on us differently. It acts on our emotions. It acts on a very gut level Which is powerful can be dangerous can also Be something really useful if you're trying to create software that changes the world So, um, I come to this with a few core assumptions usability and design have value many open source Applications not all because there's plenty of crappy software all over the place to be found But many lag behind commercial software in terms of usability Design and usability are specialized skill. I just went to a wonderful lecture Teaching programmers the basics of good good ui good ux If you have the ability to bring in a trained designer or ux professional on your open source project I would really advocate that you go that that route because it is it's it's a different It's a different brain sense a different set of skills And my assumption is that people want their projects to be the best and would like better skills to There are a lot of cultural differences But there also are a lot of cultural similarities There are a lot of barriers to be overcome One of which is that repositories from github On out are not really set up to measure or track the contributions of anything other than code commit and There's a great tool called resource space that Provides a way around that, but it's not really integrated into anything You know, I would hope that some of these features may be better supported in the future Different creative cultures I think the biggest shift really Has to be finding ways of for designers and programmers to come together And just getting stories of success out there two examples lightning fast before we close Signal hugely influential. This is an app that lets you have encrypted conversations on your phone I installed it in a matter of minutes. It was effortless It's gotten rave reviews. It's available for ios android now for desktop also get it if you don't have it already hugely praised and influential in the encryption community and if you look at Their credits You're you have a designer at the very top If me this is a much smaller project I'm about to go over so I'll stop now and just say Say What you want to concentrate on is finding a designer and learning to speak the same language You can contact me at artmeatscode.org if you're interested in more information. Thank you Thank you. I have to close a few windows Next one is find find it Yeah, hi, my name is giak. I want to tell you about find find it It was previously named search silo in case you heard about that already And what is it? It's a manual meta search engine So it means you can use it via a website or a browser extension or an android app And all of them give you an input field and in that input field you can type in search queries using shortcuts So let's see some examples If you type in db boolean comma hamburg you get redirected to the German railway's website showing you the next train from boolean to hamburg If you type in tell maya comma dd, you get redirected to the german phone book You see people living in dristen named maya and their phone numbers If you type in php string length you get redirected to the php documentation of that very function So what's the magic behind it? No big mention actually There's a parser taking the query apart. So from tell maya dd We know keyword equals tell argument count equals to make a do a database look up We get a url that url has placeholders we fill in the search arguments into the placeholders Some placeholders are special like or in this case. So orders of type city So for cities we have a mapping table for every country in that case the input dd gets replaced with dristen And then dristen goes into the url and this url gets redirected So actually it's not a whole story because sometimes we have some Clashes we have the same keyword and many possible targets For instance, if we type in fr bourgeois, we want a french dictionary But which one french german french english french swedish Or if you type in w Berlin, we want a wikipedia article of Berlin But the german wikipedia english wikipedia Or a goes for amazon, but which amazon british amazon us amazon and so on Solution is namespaces. So we as the users say, okay, we speak german. We live in germany So we want shortcuts having with coming from these languages and in this country And then all the shortcuts have also their namespace and they get prioritized according to our setting Registered users get their own namespaces So you can if you register you can set up all your keywords in your namespace And even other users can follow your namespace So a use case for that could be you're at the company You set up some shortcuts for the company's wiki and then your colleagues can follow your namespace And can benefit from your constant maintenance of these shortcuts Shortcuts are revisioned and they're editable like in the wiki. So it's like wikipedia. We can revert and go back And there's also an autocomplete. So there are certainly 5000 shortcuts. You don't need to remember all of them You can just search while While typing and all these the search goes Not only over the keywords, but also over the possible titles. So this is all the possible comma shortcuts starting with leuchaban And there's also an api. So in case you say I don't want to give all my search queries to a foreign server You can build your own parser You can ask the api and just send okay keyword equals tell argument count equals two give me the url template And then you can get this jason and fill in the url your search arguments by yourself And yeah, it's a free software and free data. So there's shortcuts are licensed on the creative comments The code this license on a fair gpl You can follow me on twitter at find find underscore it and Most the next goal is I want to have built more mobile apps. So if you're good at creating native Mobile apps then yeah, feel free to contact me. Okay, thanks thank you Next up hack basis and hacker nomadism Hi congress um Yeah, so I'm going to be talking about hack basis and hacker nomadism a hack basis are living hacker spaces so You know, there's this design pattern that hackers shouldn't actually sleep in hacker spaces That's probably a good idea if the space isn't designed for that But if you've got like a separate space or if it's a camp or something Then it might actually work. So I decided to kind of investigate that in canary island Lanzarote and And the the other part to to my talk is hacker nomadism We should be kind of like the idea that if you have several hack basis, then we could possibly maybe move around Um them, you know, it's kind of to form a kind of a new lifestyle um, so the hack base is Um, that's where it is. You see that's like the Saharan desert. Um, the canary islands are a Spanish Uh Still running Spanish colony. There's about a hundred volcanoes in the place. It looks like mars or moon or something and it's Uh, really awesome to live in haga there. Um That's like a long description of what's kind of goes on there The if you if you look at kind of the bottom part, you know, it's this kind of self sustainability resilience um But also critical theory temporary architecture and energy systems and so forth because um The whole idea is to really to go to to to build everything ground up and uh and right, so This are some of the recent pictures for the project For three years. It was a normal house But then the house kind of got too small. There was like 17 people at one time in uh Running around before uh before christmas In a house that had kind of like one or two bedrooms So that was uh, that was kind of Crazy, so we decided, okay, let's try to rather than spending money on rent Um by landing the desert and just start building it there And these are some of our first experiments this year. Um Okay, that will be general about the hack base project. Um So about hacker nomadism, right? Then if you're in the hack base for two three four months, then you're like, okay Well, or or congress is ending. You might ask yourself what do you want to do next in my life, right and um, the total is a torque slash calendar is uh Attempt the systematic Overview of everything everything that's going on Um in the european hackers thing um, this is just like a Short list of events of course as all sites on on this uh Page it's openly editable so you can freely you are invited kindly invited to freely participate um, as you see there's actually quite a lot of going on and uh The intention of my talk is to to um encourage you to you know to go to more of this um events and uh, you know Leave some of this congress feeling also in the middle of the year um, the other the second systematic part is a collection of maps So I've been moving around a lot for the last four or five years. I've basically been living like this and I've compiled kind of like pretty conclusive maps of This different cities I've lived in for at least like two months or so um That's berlin Sorry, it's on google maps really like It's gonna it's um, I'm gonna set up the open street maps, but it was really the Easiest thing to just start with this. So It's gonna be ported soon. Um Yeah um, that's the hackerspaces.org definition of hackbases um and Um, there's actually several ones right so cyber hippie totalism is the long official name for the one i'm running um There's two in india. There's uh You know, there's there's calafau in berlin and so on. So there's really a bunch of these spaces already running Um, you're really invited to check them out. Um, sending mails, you know and um So on and this is the third and final systematic investigation. I'm hosting the site. It's um You know, it's not only about hack basis, right? I mean, um If you look if you look at the talk yesterday, I mean, um, um, what was it 10 years after we lost the war? It was really There was a very positive. I think encouragement to To work with others, right? So to acquire these topics I I've also like looked at, you know Different spaces and they're listed here. Um, this is the poster And uh, that's our plans for this season. We want to buy land and everything else and Uh Live with lizards and hack. That's it. Thanks Thanks a lot So next talk impact if you remember that from uh, from the first session, this is going to be cancelled due to reasons Um, are the wiki data people around already? Okay, then we'll continue with that right away It's gonna be a nice cat bright All right, so wiki data isn't machine readable and uh, that kind of sucks Um, don't you wish that your bot or um, whatever website you are creating could make use Of the informational wikipedia easily so, um About three years ago wiki data went live wiki data is also run by the wiki media foundation just like wikipedia. It's um Well, it's kind of the I like to call it the encyclopedia by bots for bots But officially it's the knowledge base anyone can edit Um, yeah, both is obviously true It's actually the the idea is basically have something like wikipedia for structured data um And make it possible to use this. Well, you you probably know info boxes on wikipedia, right? and they kind of look different on different language versions and Sometimes they also have more information one language or they have different information in uh different languages And if you have ever looked at the source of this page the wiki text, this is all kind of maintained as um Rather complex template transclusions and parameters and it's nasty to parts Especially if you deal with different language versions or very different kinds of informations like the sun and sports and I don't know chemical elements and so on um So the idea behind wiki data is to maintain all this information in a central place And make it possible to use that. Well, obviously in different wikipedia articles, but also Wherever you like And one very important bit with that is people don't always agree, right? Sometimes the question even even a seemingly simple question like how large is the country is a really political question, right because people don't agree on borders So wiki data doesn't collect facts. It collects statements It says it just collects who said what about what when and where right? So, um That makes the data model a bit more complex Uh, it gives you and it makes it a little harder to query But it gives you a lot more depth of information. It doesn't Doesn't just tell you. Okay. That's the number of people in the city. It tells you when and how it was uh, how that number was figured out and where the source is So, uh, you actually can have a lot of different Um statements about the same the same topic now, um We also give you a way to query this. Um, there's a sparkle endpoint, which is very powerful So very simple thing would be listing all books by Hemingway But you could also do more Well that kind of list you can basically find anywhere, but Do you want to know the most common causes of death of us presidents or something similar? You can just ask for it If you can figure out the sparkle syntax, I'm still struggling with sparkle. So if there are any experts here, I'm very happy to to learn There is also a Much more simple jason-based api But in that case, you already have to know What you want, uh, what you are looking for So basically if you already have the idea of this thing you want information about you can use a simpler api That's for instance useful if you want to have The name of the thing in 50 different languages We can give you that right So, um This afternoon They're at uh at 4 p.m. In hall 13 There will be a workshop Where I will give some more in-depth information about this and hopefully there will be a time and opportunity To experiment a bit and um, there will be time to discuss the data model and maybe different Um applications of this Yeah, that's it. Thank you Thank you Next talk is going to be genesis dot re in white screen Ah there one two three one two three Thank you very much The project I am presenting is called genesis dot re many people ask The dot re domain extension This is actually french territory reunion on the indian ocean near madagascar Next slide you can advance the slides yourself. There's a clicker device Yeah When I see all the work Completed at the camp at the congress I realized that much of the work is is wasted. We put so much effort into setting up infrastructure Borrowing staff putting up systems in place Four days of congress and then It is uh gone. We need to clean up. We need to tear down I would like to Establish a permanent base permanent habitat So We could preserve this lifestyle All day every day Currently it is not sustainable because we don't have enough sleep. We don't have enough nutrition We know that this is only four days. So we push our bodies to the limits But if we approach it in a systematic way, we have the food Hacking area. We have a sleep hacking area. We have a agriculture hacking area So this is the big thing Creating establishment. Whoops This is a google search for a spain city for sale Many places in spain in portugal are left abandoned because people from the Farmers are migrating to cities and the whole city is abandoned This is one of the articles 50 000 pounds it can get you a garage in london. London is so expensive However, this amount of money can buy a whole city This is me. This is my last day In the office. I was working as an IT contractor and I was earning too much money Seriously, I was earning too much money in my job. So I thought I need to quit it and go 10x the amount of money that is in the system is just enormous And I believe that money is actually for free These are some personal loans at 3.5 percent. It is next to nothing So right now I'm just Putting systems and policies and procedures So I can accept infinite amounts of money as an individual if I receive 200 000 euros That would be money laundering counterterrorism So basically opening businesses opening structures putting this all together And one of my mentors says Business and entrepreneurship are the fastest vehicles of change I will give you some time to read the quote of the andy warhol. Good business is the best art and in principle, I believe that by Creating the village the ecosystem the cows town We can learn how to grow food in in syria. We can do the hydroponics We can do water reclamation. We can do clean energy So this is my way and contribution to actually save the planet I'll say a little bit more about syria for instance It is caused by climate changes. There is a term on wikipedia environmental refugees and They estimate 250 million refugees globally so this is This is it Genesis.re Genesis means source origin beginning. This is the first chapter of the bible And whether we like it or not bible Has a strong influence on the western culture and I really wanted to create Something new by the whole city and have the cows lifestyle all day every day in a sustainable manner Thanks a lot Encrypted walkie-talkie Coming up Hello everyone I will present the project we have in common with the five people We are not a startup. We do this because we think it's necessary and we do it with our own means So we wish to develop encrypted walkie-talkies There are two lines that direct our work First to create a device in the least complicated manner based on open source software and hardware And that being the exact opposite of today's mobile phones before you say just encrypt your phone Secondly, we wish to use strong reliable and known encrypting so that users can trust it What is the interest or purpose of such a device? Basically, we want to make it possible for numerous people to communicate in real time in a secure manner Another major interest of walkie-talkies is to communicate without using Infrastructures external infrastructures such as mobile phone relays and antennas that we do not control Also, we try to build walkie-talkies that don't transmit acknowledgments when receiving so that they are not subject to Geolocation at least for the ones receiving Last but not least designing this is interesting because there isn't such a device available on the public market for civil society What does our project look like in order to use a strong crypto? We had to turn towards digital walkie-talkies The devices will be pushed to talk We wanted to be possible for numerous people to communicate at the same time as with analog walkie-talkies Therefore the devices will communicate over channels so that everyone on the same channel Can transmit and receive We also considered integrating a text messaging function with a similar protocol to pages, but we haven't yet studied that part We chose not to use zrtp or asymmetric encryption Why because zrtp is based on defy helman and only enables two people to communicate at the same time And therefore doesn't match our goals As for asymmetrical encryption, it would require long and complex procedure of exchange of keys We judged that impractical for walkie-talkies that are mainly tactical objects Here is the general model that is the base of our prototypes Three things to pay attention to here For the digital encryption of the voice we use codec 2 This is an encoder with a low bit rate and is open source Secondly the data is encrypted and authenticated with shasha20 and poly1305 from dj birnstein and an rfc exists for this As for the radio transmission, the digital signal is modulated in gmsk, but we may actually use something else, but similar to that The diagram is identical for transmission and reception And we have no time to detail the protocol and management of the nonce of shasha20 so um, we have created a functional prototype that is here Prototype this functional prototype is using prototype stm cards that are themselves using arm Cortex m4 sound card and digital microphone Uh, we use a transceiver for the gmsk modulation and demodulation Uh, for our test we have made a depot antennas that look like this So far it works without amplification and with a power of 200 milliwatts In town the prototypes have a scope of 800 meters And a lot of work remains specifically concerning signal amplification not to go into details So concerning applications, uh, why encrypt phones emails and not everything? Uh, as for the rest I think you can let your imagination run And so just to show you I think someone wants to say something to us in an encrypted prototype walkie-talkie Okay, a little sound connection problem. And so, um You can uh, like email us or just catch us at the end of this If anyone has knowledge or wishes to work on that. Thank you for your attention Thank you Now we are continuing with the annual food hacking base report. Hi. Hi. Okay My name is franjishik algodorapfelbeck and I am representing what we have done and what we didn't This year with the food hacking base and many other people Now I will start with the camp because it was our main event this year 2015 Many of you I hope were there and enjoyed We have fran Again a hub for people to come and play with the food the drinks and bio Our group basically gets resources through catatonic campaigns and through our donations Establish workshop venues experiment the kitchens Put some structuring like basic workshop for cheese dating or beer brewing Extraction of DNA from kivis and after we invite people to fill it up the rest of the slots Most of them with their activities. So basically you don't have to belong to us. We just have to show up Talk to us and do what you like. We are basically environment for people who are in the food drink and bill believing Uh that hacking can be applied as we do And joining us. So we had a camp. We had a great time. Uh, we got resources to do what we liked Many events were happening. I hope that you can check Some of them and join us in the future After the camp We had a tour Again, we did all the few so you're touring europe basically going to party We have been in balkan Very interesting congress in syria in ovisat. We have an mrmcd in darmstadt and many other places Promoting our activities and basically talking to the people improving the Places where people can play with the drinks food and taking it further The tour was great and we really enjoyed now 32c3 was not as easy and not as I would say fruitful as in the years In the past years, we have been prohibited to do our food drink and bill activities In the congress center. We deeply disagree with that and we would like to change this in the future For that we need to communicate with you with the orga and find the ways how we can Do what we believe is supposed to be here and do it in a manner which doesn't endanger the congress, of course But also allows people to do new ways develop a new Horizons, I would say in these fields here in the hacker community a hacker event Now, we have been running therefore independently We had a small assembly here, which was designed and dedicated to our Hacking of our experiment incubator playing with the recipes and so on However, our main activities were happening around two kilometers away in the central sociale, which I would like to thank for the hospitality We managed to get enough resources to get the Play set up You have to pay the rent, of course and we invited people again Open doors everybody's welcome Donation based no one turn away for the lack of funds People came they have found us which we were very happy. We ended up in the plus numbers, which is very important for us And even people who didn't have a ticket for the congress, of course Welcome, so we tried to open doors as much as possible as usually with the beer brewing workshops. We had different activities from let's say, you know hosting the Amalet tomat, which you could see, you know here in the hacker center Hacker's cch, unfortunately also was asked to leave later on And we have been doing the cheese taste things and many other events you can check our wikis When they are up, of course the congress wikis For the 2016 we have of course plans In my case, I would like to come back to the europe and start through the king basin sito We will be looking for a place where to do so. So i'm not considering germany check you will see We will participate in 33 c3 Dofima, sorry We really hope that it will be in the congress center and we will do our best on our side to Manage and help to make it happen We deeply respect the orga of ccc through the years of cooperation So we really hope that we will be able to find a way If we don't we will go independent again, maybe with others we will see And we will do what we like and again We will open the doors and invite people to do What is kind of common for us and what is uniting us? So, uh, I would like to thank everyone for your time I would like to thank the central sociale for hosting us and of course, you know to this great event We just organized and it was very nice. Thank you very much. Thank you all right From chemical plant protection to digital plant protection Yeah, good afternoon Uh, my name is walter. I'm a beekeeper that is volunteering his time in a number of beekeeping organizations And uh, what is the beekeeper doing here? Well, uh, I also spent 14 years of my life working in silicon valley Uh, what I want to talk about is uh, currently we're doing Chemical plant protection. This is pretty much the dominant system Uh as a beekeeper, I'm not very happy about that because there's quite a bit of collateral damage not just the typo in the slide and One of the reasons is the pesticides used have been Getting more and more toxic. We're now the current generation is about 7 000 times more toxic to bees than DDT Why is this going on because the industry? Uh, is the chemical industry and for somebody whose only Tool is a hammer every problem is a nail Everybody in the industry in the sector thinks chemistry is the only way to protect plants. I think There are other industries that made the same mistake 20 years ago photography was all wet chemistry And this is what happened to the company that didn't get the message that this can also be done digitally so Right now there's a big buzz In the farm industry. They've discovered that the digital revolution is happening But they're essentially busy digitizing the old model Taking the big tractors putting gps on it. Essentially. They're busy eliminating the farmer But some people are already working in a different direction. They see that The digital revolution can change the model completely And there is a paradigm shift that We can use as a model that is already happening The old model in lawn care is that I cut the lawn every two weeks The lawn is this high and I need a big tractor A big lawnmower To get that job done. The new model is I use Robot the robot is always there. That's essential So the problem that the big machine here Is solving doesn't even arise in the new model There are some companies that are already working in this direction, but They come from the traditional farming sector And what they're building is very expensive very heavy And if you build an expensive machine, it needs to work fast to earn its money back I think there's a different model and it's not just myself But there are a whole bunch of people that are already working on this If the machine is cheap, it can be Slow, it doesn't need to be fast to earn its money back It can actually be always on the field just like the lawn mowing robot does And that changes a whole bunch of parameters And makes certain problems actually solvable There are competitions from different universities already But they look like toy cars driving around in certain fields We built something different. Can you start the video on here or this is the pdf file This is the pdf. I don't have a video. Sorry. All right. Anyway, we built a prototype in order to get the cost down We used Bicycle technology electric bicycle technology in hub motors and things like that To build a very low-cost platform to host the intelligence on Why not drones? Also the farming magazines are full of stories about using drones But drones use a whole bunch of energy to stay in the air Once they discover something they cannot exert force to do anything about it So, um, we think we need to take the technology that people are playing with In drones put it on a stable low-cost platform And get rid of chemicals I think our friends in the food hacking sector want to work with pesticide free ingredients as well And so if you are interested in taking this Farming revolution in a whole different direction help with the rover help with image processing with actors and sensors Please contact me. There's also more information on the wiki for the lightning talks Don't try to go to the main wiki. It's been down for the whole conference, but the mirrors are working. Thank you very much Just the questions the video online So Okay, so the video can be seen using the wiki link Then we have the final talk Not just made in china For this one, I'll have to start my browser I mean, I already have it open here, but I have to move it over move over over So it should work now. I think it's full screen Okay. Yeah, thanks very much. Hi everyone. My name is chris ellis You can interact with this presentation at the vgood URL just down there. I'll just give you a minute to do that. I'd like to introduce myself I am an online blogger and a journalist. I'm really into open source and a couple of years ago I was finding it very frustrating to raise money for doing what I was doing because my crime was I was telling the truth and the truth doesn't pay So I realized something I realized that if there is a problem You are the problem and I had to go and solve this problem myself I have a background in coding when I was young. I was very fortunate to have a father who taught me how to Code I used to do machine language and assembly actually Um, and so I commissioned in fact I'm I'm no good at these high level languages nowadays javascript does my head in so I recruited a friend To program a project called pro tip, which is a free open source project It's a bitcoin wallet that runs in the chrome browser. It's automatically detects bitcoin addresses on web pages There is no need for you to install any malware on your website I'm sorry Some javascript on your website that masquerades the button that then phones home back to essentialized api So they can track all your data. There is no surveillance model in this in this paradigm You simply need as an artist or a creator or a web host to put a bitcoin address on your page This this is how you win at the internet Okay, you install pro tip you install an ad blocker running through tour and you pay the artist directly and you block the ads That's how you win at the internet. You pay the artist directly peer-to-peer for less than like a tenth percent or less than a 20th percent Advertising is just a recommendation from someone you don't trust And the advertising used to work in the old days Because you knew you could trust the ad because of the amount of money that went into putting it onto a centralized broadcasting network When google invented ad words they made ads cheap and so the signal is now noisy. We can't trust it anymore So this works on popular websites like xkcd even if it's buried very at the bottom in the in the footer It will find it for you even if it's in the html header actually This is it working on a decentralized system using ipfs. You saw the ipfs talking guy talking earlier This is actually a sort of ipfs gateway that's run by alexandria.media the guys They're a really great where you can you can talk to them later at four o'clock downstairs in hall four And this is the developer. He did all the hard work. Okay, all I did is I did the campaigning. I'm an activist I'm not really a coder. I mean, I know code I get code, but I'm not, you know, really really into it So this is leo cambal. He deserves most of the credit Please fork this before silicon valley does because you know what they're gonna do that is gonna reversion the code so I you know developers are artists too and so I wanted to create something because bitcoin is a light wallet I wanted to create this there's a little freedom device. It's called a full node It's got a bitcoin full node running on it right now if I get a battery out one of these sort of batteries You can get for the e-cigarettes Okay, so right now it is booting up. It's going to sync with the wi-fi network I configured this just now before I came up here and it's going to start Distributing bitcoin blocks. It's going to go in through tour. It's got gnu pg It's got all these things listed here open vpn It's ready to go with mulvad vpn so you can pay them in cash or in bitcoin anonymously It's got ipfs if you're a journalist in a country like venezuela, for example Sorry wrong slide if you're a country in venezuela, for example And you're subject to censorship you don't have to worry about that because you can simply publish things I'd really really like to get secure drop on here, but I don't know how So if anyone would like to help me, please step forward My twitter account is there in the bottom right hand corner of these slides My pledge to you is that in the year 2016 I will make 500 of these regardless of what impact it has On my health or my living standards. I live very frugally. I live in a council flat in north london I will make as many of these as possible. I've made 20 already live on air You can check out the videos the links in the in the presentation slide Um, I I also document everything I do contemporaneously. So we live stream this out on on google unfortunately, but I'm you know The reality is the reality and I teach people what I'm doing as I'm doing it I I even live stream my mistakes right even the mistakes that I make um go live on air And this is currently the distribution of bitcoin full nodes on on the network You can see it's very heavily centralized this project really is about giving people permission to connect and to be discovered Regardless of where they are in the world So not only can you buy one of these for me directly? You can build it at cc0 the actual license on my on my github the link is coming up in just a moment But already we've had seven people pledge these nodes. This is ala kanani. She's in Botswana I can't show you all the others for obvious reasons there in places like india and venezuela and and I can't reveal to you Their identities, but I'm I'm going to send them One of these so that they can start to report honestly on what is going on in in their country So thanks very much. If you could just click on that that video for me That would be great. You can join me at four o'clock in hall four next to the cloakroom This is how you get there you walk through that main hall as south direct anxiety and then after director again After linked inciter and then it's there. Thank you Thank you very much So this concludes the likening talk sessions of this congress I think we saw lots of interesting projects lots of new information Lots of great people here on the stage. We had uh, I think in total 60 speakers So a big warm round of applause for all the people who participated, please