 Yeah, so hello everyone. Let me introduce Werner Koch, the primary author of Noopici, and give him a welcome applause, please. Thank you. Thank you. I hope that's a bit of feedback. So, can you understand me all? Yeah? Okay, so fine. Yeah, I've been asked to give a talk here, and obviously I don't give a technical talk about GPG and how to encrypt and all this stuff, but it's not very interesting for this hacker community here right now. So instead, the idea was that I tell something about the past, present and future of Noopici. So this is just a sketch of the history and what we're going to do in the future. So I think I have to have a bit to hurry. So, well, so this is about the past. If we walk back, well, 25 years to 1991, this was the time I quit my job and started as a freelancer. But more interesting is that Phil Zimmerman then wrote a little tool called PGP, which was used to encrypt and which was encrypt data, mostly on mailbox nets, on the early internet, to keep confidential. So he said the NGOs back then for the anti-nuclear movement, they needed a secure way of communicating. So he wrote the first public tool, which was easy to use for non-geeks, well, kind of non-geeks, but people who used mailbox networks back then that were all kind of geeks. And that was, yeah, I think in 1991. And the cool thing is it was the first real usable crypto software you could use outside of military or government stuff and well, it worked. It didn't work really good from Cryptographer's point of view because he had the usual thing what an amateur Cryptographer does, he invented his own algorithm. Back then this was excusable because nobody encryption all this stuff. It was very new to the public or for an average programmer. Nobody knew what, how this encryption worked. The only thing people, unique people know were the Crip Program, which does a bit of desk encryption for the past phrases or the ETC password. So a couple of people like Peter Gertman, Hal Finney, Derek Atkins, they helped him to fix PGP1 by replacing the not-so-good homemade algorithms by standard algorithms. PGP2 took up then, I think about 1992. So it was used by everyone. All geeks started to create their keys from military-grade keys, which back then was, I think, 1024 bits. But PGP2 had a couple of problems. The first problem was that PGP2 used RSA. RSA is the most common used public key algorithm. So I don't explain what public key algorithm means, I hope you all know this. There was a patent on it in the US only. The US is the main software country, and so you don't want to have this patent there. Okay, so he couldn't really distribute the stuff, except if he used a library from the RSA Incorporated, the so-called BeSafe library. He didn't like that very much. There is an option in the international version of PGP2 to use a cool implementation, a better implementation. Some of you might have heard of BeSafe. It's the only crypto library which implemented the really backduit random number generator from the NSA. That's from this company, which now has been bought by EMC, I think. The second problem was the idea patent. The idea is the symmetric algorithm for the bike encryption. This is pretended by a company of persons from Switzerland, and the patent was about most of the world, with the exception of, I think, Denmark, Luxembourg, and a few other small countries. The people in Switzerland wrote to you that you have to pay for the royalties if you don't use it only for private things, and non-private things means any NGO or stuff. So, well, you could ignore all this stuff mostly for private use. The real problem was the export restriction. This is kind of the beginning of the crypto wars back in the 90s, because the US government said that all encryption, which is stronger than, well, about 40 bits, so real encryption and nothing a week, is kind of arms, so you can't use it. You can't export it unless you get a license for exporting this. For some reason, this PGP leaked out via an FTP server, so it not really leaked. Someone downloaded it from Europe, from the US server, because Phil uploaded it once to an FTP server. He was confronted with criminal investigations about arms trafficking. So, really hard thing. So, that was not good. Fortunately, after a couple of years, they settled this, and they thought, it's okay, so we can't do anything. It's still not allowed to export this, but, well, we can't go after him. Phil founded a new company to commercialize on this PGP2 thing, because it was so interesting. In 96, we really had the internet now. Well, in Germany, not really, but in the US, definitely. It had more and more users. He figured that a real good version of PGP needs to be done, and so they came up with what was PGP5. In spring 97, the Diffie-Hellman patent expired, another patent which is also related to all this public stuff expired, and at the same time, they released PGP5. With the fear that there would be problems later, and you could not distribute any more PGP for whatever other reasons, too, John Callas and Phil Zimmerman decided that they wanted to publish the format of PGP5, and they did this by asking the IOTF to charter a new working group, the Open PGP Working Group, that was at the IOTF meeting in Munich in fall 97. So, well, you can read that though. However, a year later, a PGP incorporated was bought by Network Associated, and later also by other companies. Currently, it's owned by Simon Tech. So, well, that's good that we have a free standard for this, so we know the format, it's nothing secret. So we have, in 98, the Open PGP specification was published as ROC2440, and, well, nine years later, an update was done which included modern algorithms like SHA-2, which has the nice number 4880, and I wonder what the next number will be. Okay, let's see, what's my involvement in this? I always wanted to meet Richard Stallman and just listen to one of his talks, and the first opportunity back then was at the integral network congress in Aachen in 97 in September, and, well, I think Richard spoke at the last, somewhere there, about current GNU projects. You may also notice that the next day, James Bidstof and I incorporated a talk there. It was a very funny talk because there were a couple of cryptographers there, and Richard Stallman was always interrupted there, and, well, yeah, it's funny. So the interesting thing is, in the session after the talk, Richard asked us to write cryptographic software because in US programmers can't do that due to the export restrictions. Even not if they are living outside of the US, as long as you have a citizenship as you are a US citizen, you could be accused of arms trafficking and so on. So the idea was that, for example, Europe, Asia, people write cryptographic software and then export it to the US, so the US import is allowed here. Yeah, I found myself then later in, to look at this, this was in December, I think, in November, so I think, okay, I try this, so, because we had this PGP2, which is claimed to be free software, but it has these problems with the patents, and it's also not a DFSG compatible. And this PGP5 was plain proprietary, so it was open source, in this old standard of open source, you could look at it, but you were not allowed to modify this. Yeah, that was the reason that we need a free tool for this. So in December 1997, I released G10 as a free PGP2 replacement, which had no patented algorithms, and it was designed as a UNIX tool, so you could put it into a pipeline, and it doesn't need any temporary files for this, and so you could just pipe a lot of data through it and encrypt on the fly. G10 is a pun on the article of the German constitution, where article 10 says something about confidential of mail and telecommunications. The quote above is from the old version of our constitution in 1968. They added a second paragraph for this, which put a lot of possibilities to, yeah, don't adhere to this article anymore. So I thought, ah, it's a good name, and we need technical support for this article. By the way, I have also a little experimental tool called G13, which article 13 is about the privacy that you can live at your own home and that the state may not go into this. That's for disencryption, but that's only something to blame. Well, G10, so I asked the FSF because a PGP2 replacement was on the task list. I asked them whether they want to have my code, and I assigned copyright, and we changed the name to something cooler than G10 because that's basically only something a German could understand, or, well, Peter Goodman, and it was the first one to ask me whether this is about this article. So, yeah, we named it NUPPG. At the same time, so when I wrote this, the Open PGP Working Group was founded, but the development overlapped a bit because the first weeks I was not aware of this, so we later changed the protocol so I had my own additions to G10, to the new one from Open PGP. So, that was in spring 98, they were the new name, and I think in autumn 98, version one was released. So, the initial version of G10, NUPPG, or G10, used Elgal model encryption, which is a Diffie-Hellman algorithm, instead of RSA, and it used Blowfish, this famous algorithm back then because it was printed in Blue Schneier's applied cryptography. Yeah, and, well, there was an idea plug-in for PGP compatibility and RSA plug-in, which was taught on a Danish server then. It was basically a route at first just to test whether the rest of the format worked. But that's not angry. So, the Open PGP later in spring changed things, so we used DSA for signatures, and Elgal model for encryption. Then this was the introduction of the primary key and the sub-keys we have. So, we have, on our fingerprints, it's only about the primary key and the rest is the sub-key, and we changed the sub-key easily without breaking the web of trust, which is important for our Debian guys and many geeks. Well, the RSA patent expired at the end of 2000, but the company just released it in the public domain a couple of months before that. So, we added RSA in September and sometime after it, RSA turned to be the default algorithm for various reasons. The blowfish was not continued as summative algorithm back then, but we used Triple Desk, which is an old, old, but very well researched algorithm, and everybody has a lot of confidence in this algorithm. So, this was used and CAST 5, which is a more modern thing and faster, was used back then. Some may ask, what's the relationship between GNU PG and PGP cooperation? So, obviously, I never looked at PGP 5 code because it's proprietary. I couldn't do this and would taint the GNU PG code. But I worked with Hal Finney, who unfortunately died two years ago with a very great hacker, and John Callos. I worked with them to do interop testing, test new features, for example, the introduction of the two-fish algorithm, even before the before the AES winner was, we had the AES as winner then, so we assumed maybe it will be two-fish, so we added two-fish for the reason that it's a more modern algorithm and it has a larger block length, so for the state of the art. So we had quite a good relationship and that was it. So it turned out that people had a lot of interest in GPG. I thought, okay, so I stopped doing all this SGM, all data conversion stuff and whatever you do as freelancer then and I tried to do some support for GPG and work on new versions maybe. So I founded the company G10 Code in 2001 with the help of my brother, the other shareholder and we had, along with two partner companies, which is the innovation in Osnabrück and KDAB from KDE company, so in Matthias Kalle Dahleheimer. We offered Tham Singh and the BSI, which is the German Federal Security Office. They ordered this and what they wanted to have was SMIME, as free as a non-US implementation because they don't want to use the SMIME in Outlook or anything and they were on the way to change the internal stuff all from Windows to DBN and KDE. It might be an interesting story, so it wasn't clear whether this thing would be a GPG but our first try was to implement this as an extension to Mozilla. So before we offered this, we talked with Mozilla and the Mozilla Corporation and offered them, we do this for you, we changed your very basic SMIME implementation which wouldn't fit any or you couldn't be used in Germany for official encryption or we changed it and made it really good but for whatever reasons they rejected that. We won't use your code, we won't put it into what is called NSS I think so. So we gave up on this instead I to implement SMIME myself in GNU-PG which is not GPG but GPG SM. It was a lot of tasks but anyway this was also the opportunity to do something right and what I did was to split GPG from monolithic implementation into one, basically from two models, one is called the GPG agent who takes care of the private key and only like, similar like a smart card and GPG does a bulk encryption and all this web of trusts up and everything which is not that important, so important is that you can be sure that the secret key or the private key what it calls is secured with the idea that you can separate it on a different account or use it even on a different machine so it took long until this really was implemented last thing but the design was more long, more future proof. It also separated the low-level crypto stuff which was the birth of PhilipGCrypt because it could be used for other things too and it was easier and we introduced GPGME as a standard API for encryption. So now a Debian community so it might be interesting what's Debian to do with KnoopyG as you can see, two months after the very first release James uploaded the first thing still on the MG10 and well, yeah. In 2000 I was asked to implement a smaller tool and add it to GPG to make it easier to verify signatures so that the PKG can do a package, can verify the signatures of the package. So this was in 2000 but it took four more years until the release signing and it really worked and was integrated. Also in 2004 the first version of GPG2 was package and experimental. The thing in the next year it was also available in the next release. Yeah, you're probably not the right crowd for this but Windows is unfortunately important and the Debian installer also supports Windows. So I did in the next year I did an port to Windows of GPG very basic and then we had a new government that crypto will not be regulated because it's important for the economy that it's not regulated so no crypto wars, no export regulation, whatever and they gave a grant to do something to show this and this grant was used to finalize the port to Windows so port Sci-Feed which is predecessor or fork of Claus mail to Windows lots of other things like the GPA and all this stuff was done by this thing. We learned a lot from this very first public grant to write crypto free software even free software. Later this was very basic so later in 2006 we published an installer for GPG for Windows actually again ordered by the BSI they wanted to have that the citizens are able to send them stuff encrypted in OpenPGP and not SMIME because nobody wanted to use SMIME or the outlook stuff didn't work and you had to pay for your certificate and yeah GPG2 was actually not designed to report it but then a bit of time and was in need of a project and there was a health project here in the Mannheim Heidelberg area to do something and they ordered the port of GPG2 to Windows so it was quite interesting and yeah we did it then and yeah well we have a surprising high number of users of GPG on Windows probably I know all the debia alone and other Linux distributions use it but you don't notice it really but Windows is still the main operating system here now what's today first of all we have this GPG1 the old one and GPG2 the new one but in 2000 I changed a lot of things in GPG2 and worked on it and it took a long time until until last November when I released 2.1 so there have been a couple of better releases but not really tested by people so the idea was we release it 2.10 and then wait for the back reports to come in and then fix it 2.17 and there is now monthly release so we are adding the last features and DKG is actively putting it to an experimental and I think we are in a good way that 2.1 will eventually be standard GPG on DBM so all things we do is 2.1 which is labeled stable it's just in maintenance mode sometimes we pop things back there and fix things in particular to make it easier to migrate to 2.1 but there is not much what we can do there except of course for fixing bugs and critical bugs and sometimes crypto problems and there is of course PGP, no PG4.1 now 1.4 which is classic people really like this there are still people out there who like to use PGP2 encrypted files and since the exploration of the ASR algorithm and the idea algorithm it is actually possible to easily do this with 1.4 so they still want to do this instead of always carrying these old code with in 2.1 faster the decision was to do this only in 2.1.4 so we will maintain 1.4 in definitely probably for these old data and for systems where you can't build a GPG2 very rare things I think but it happens so in 2008 the working group for the OpenPGP was concluded because there was nothing to do anymore and we wanted to wait for the outcome of the shard 3 competition that happened sometime later and two months ago the working was reshardered to update OpenPGP things and our plan is to have a rough consensus on what we actually want to do it will be only a little update of this that will be an internet draft in February and we hope to have a final call which means it goes to the editor and then RFC will be released in a year so GKG for example is here yeah he's sharing the working group so the goals are we want to have new elliptic curves there the CFRG is discussing for close to two years now what new curves are to be used and not the NIST curves and there will be probably two or four curves which should be used by ITF protocols so we will see how to implement them in OpenPGP and then we will have master algorithm and another important thing is that we need authenticated encryption what we do this means that you can detect that the encrypted message has been tampered with so it's not about decrypting but tampering we have a protection against this which works which is good it works but it's not what cryptographers want because you run AES over it and again SHA1 and you can do it much faster and more safe so with modern algorithm modes that is something we want to discuss in this working group then of course we need to revise the which algorithm should be implemented which should not be implemented for example MD5 it's entirely broken so it should not be used and probably AES will replace Triple Desk because we have a lot of trust in these modern algorithms and well we need a new fingerprinting mechanism to be prepared for problems we will eventually see in SHA1 SHA1 is the current standard not anymore until a few years it was the current standard hash algorithm but it has shown weaknesses the weaknesses will just get worse and so we need to prepare for this and we want to have a new way to compute fingerprints so more safe main topic is of course elliptic curve cryptography which is a more elliptic curve cryptography it's a modern algorithm it's in RSA but a different problem and it has a nice property all our numbers you can reach the same security level as with a very large RSA key so it's it's really nice it doesn't need so long computations and so you want to have this there is RFC6637 which describes how to use open BGP and elliptic curves this defines NIST curves but it also allows to use other curves for example brain pool or recently implemented on this ground Curve25519 this RFC has been written by an employer of Symantec but on suggestion from Phil Simmerman the original inventor of PGP this is good we really want to have this and Andre implemented the code also in UPG we modified it later but the original code is from him and it's okay it's fine implementation it works well nice but NIST curves are people don't like it anymore probably for a good reason because algorithms curve selection has to do a lot with trust and if there is no transparency how the curves so the parameters how the actual shape is so it's a way of trust and nobody trusts the NIST anymore after the snow revelations and even not before so maybe there is nothing added so they're just fine but they're anyway hard to use correctly and so there are other other things we want to use and what we're using what we definitely want to support in UPG or we actually support 25519 in two variants these EDSA that's assigning with it that's implemented in 217 and 211 in all versions and you can actually use it after it tells you how it's not yet OpenPGP compatible because OpenPGP does not allow this but we have some gentlemen agreement that it will work and we can do this and Jebeson a few days ago he finally implemented 25519 for encryption there's only libgcrypt missing we have no release for libgcrypt 1.7 which has needed features for this so this will come shortly so basically we can use 25519 for now so just I won't tell you about one feature this is remote use of GPG and the idea is sometimes you have your server and you have a large file there for example a dvd image there and you want to sign it well practically what they do they just run SHA256 some on it put it that in the file and time that file so using this N direction that is what dvd does for package re-signing but that's a bit odd actually you could do it differently but you don't want to download the entire file for several gigs to your machine, sign it and upload it and that's not going to work and what you can also do is download the file on the server using your key on your own machine and your key on your own machine is safer, not on the server and it could also be a smart guard which is actually a little bit more safer than and that's a nice feature and with the release of OpenSSH 6.7 SSH allows re-direction of arbitrary local sockets we use this feature to put GPG agent on the one side and GPG on the other side and connect between them and so that is basically the same thing as a smart guard on your desktop it's separated your keys are saved there and on the other side is GPG and doing the bike decryption of the bike signing and this stuff which requires the private key so there will be a pop-up the spin entry thing where you enter your passphrase and if it's redirected it just displays that this request comes from a remote host this is what you see if you redirect the socket given with the GPG agent extra socket later I figured that it would be nice to do the same from a browser in case a browser implements in javascript for example GPG or an open-pgp decryption and it could just connect to a local socket, redirect it or to a thing called a browser socket and then GPG agent would do exactly the same only the stringers are the broader requested that this key should be used then I think this is a nice feature yeah back to non-technical things it's you have heard that I had some problems to pay my salary and make a life of it for a couple of years and I had to delay a lay of Markus Brinkmann who was with me here for more than 10 years so fortunately the Linux Foundation this year granted me $5,000 a month to work on GPG from the core infrastructure initiative because I feel it's an important thing I'm very glad about this then there came this ProPublica article in February which told the general public about this GPG thing and that is why he wants to give up on this because he has not enough money so in the end we received about 300 kilo euros under nation the accounts are full right now and very interesting the most interesting fact is that there's more than 200 200,000 euros from individual donations so people really care about this and I'm very glad that we received so much so many donations from individuals because this also means that there is no dependency on a large company for example there is also a stripe on Facebook which is granted $50,000 each which is good which is nice but it's also way out by individuals and so they can't turn us into a certain direction yeah but really nice it's again fun to work on GPG yeah you might have noticed there's no donation campaign no please donate right now there's a simple reason that we have enough money for this year and my company which handles this is a for profit company and we can't put all this money back for the next year to pay them so we have some tax issues there to solve and the solution will be that I turn my company into a non-profit so I make mine with GMBRR for the Germans here sorry it was in the US it's a big company so it's designed to make profit but take care of infrastructure things so also for other crypto projects maybe so I would say at this point that it would really really a lot of luck that about this for public article and this thing and that this open SSL problem two years ago raised the attention to the problems that we have with our infrastructure that it's rising to not enough people so that it's not financed properly so there are still a lot of other projects who really suffer and they work on things the whole day and in the evenings so there needs something to do the Alliance Foundation is doing something about this trying to do but it's a huge task to get these things so what to do with all this money I had a Neil Warfield a former Debian maintainer, he did a lot of work on the HurtPod along with Marcus and he finished his PhD recently and so he was glad to get a job working only on free software yeah so he's looking at the code asking questions about this and he's kind of doing an audit to get accustomed to the code so that there is real a second developer who can do everything what I can do right now so we can't rely on just one guy in case I'm hit by a bus that there is not a period of several months or over a year so until others can catch up with this thing so I think it's important so Niebesan is also here and for a couple of years he's working on the HPG in particular smart cards and he does very good work and so I really like this that I can just delegate all smart card stuff and all the ECC stuff so elliptic curve things to him so we agreed that he does some contractual work for this so he's living in Japan so there's no way to employ him yeah that's cool recently I have a guy called Kai Michaelis who helps the enigma team a part-time only so he has only not enough time so it's hard to find people who just want to work for money on a certain task enigma is very important because it's if you read about encryption they always say I stole from the bird and enigma and yeah but enigma the patrick from enigma he has actually no time he does really in his spare time and he has other things to do and they need all help they can get so Kai is working helping them a bit so maybe we can add more later on this and well yeah I also raised my salary so it's more acceptable from IT guy so my family is very glad about this you will see me more often going on vacation but special thanks so we have David Shaw David Shaw joined us after the export restriction in the U.S. were keysed so that was in 2001 and he could start work on group BG he mainly implemented the modern web of trust what we have in GPG and all kind of other stuff if he has time he works on this he is mainly responsible or responsible for GPG classic 1.4 because he knows it very well then we have Marcus Brinkman already told that he worked for 10 years on GPG or always things and you see recently jointed and looked at the G-crypt actually after I lifted the requirement for having a copyright assignment and he started to work on G-crypt and G-crypt is now very very fast faster than OpenSSL due to all the assembler stuff he did and yeah well really cool he already implemented SHA-3 really nice I hope I meet him sometime then as Andre Heilike who these days takes care of the Windows stuff GPG for Win and Cleopatra from KDE and these things and we have a lot of DBA and folks over the time worked on group BG packaging and filing bugs and nagging me to look at this bug report again and doing fixes and these things so many things of them and all the donors and viewers yeah what comes next we have this golden thing in 2013 which convinced me that I don't I should not give up on crypto stuff and just help people or the next generation to have at least some tools to protect them a bit but the problem we have with group BG is it's only for geeks it does not really work well in the web of trust try to explain it even to because how the web of trust really works, it's very very hard to do this so it is nothing we can use for a tool which should be available everywhere so it not good and these key signing parties are nice but it's not technically a good thing to do so because you can't join this so our new default focus will be I know that some people would like it but we have the NSA and the BND who else is just doing massive violence and we should give the people the power to counter this so massive violence is what we want to help against with GPG and not targeted attacks because targeted attacks is something different it does not suffice to just use GPG but you also have to secure your machine and then look at this and don't use Skype and take care if you install iSwizzle or certain versions and all these things to secure a machine that's so hard so I don't know only a few people can do this really good and we want to make it easy to use basically it should be mostly invisible but of course there is a huge community who uses GPG for serious for tasks which are dangerous and they really need very good and strong photography computer security and we definitely want to support them still the only question is what to do with the options and I think it's easier to tell the people who really are threatened by police they need to take care of many things so it's easier for them to just make sure that they change one option to turn it again in the extra paranoid secure mode to do this for all people I skipped this enable tool the GNU naming system is a good opportunity to do something new like the web of trust that it's something to do and very important is the trust on first use thing which is basically the secure shell trust model so if you ever had a connection once we remember this we only put a big warning up if this changes so if there's a man a little bit at that point and this is what should eventually be the default trust model in GPG so that it can be used by everyone and it's locally to whom you had contact and no need for web of trust explain anything it's better than not encrypting so it helps against massive violence it's a good way to use the GPG me thing so 2.0 will reach end of life properly in December two years because there won't be any back port of ECC to this and 2.1 will be released end of this year so 2.1 I'm doing a couple of releases now and then it will be declared as stable and maintained as 2.2 and new development in particular what the outcome of the OpenPGP working group will be implemented in a new thing like 2.3 and so we have 2.2 will soon be the standard version on Windows and hopefully also on Debian we have a very solid development team and our goal is to making massive violence really expensive for those who are doing this thank you I don't know whether there's time for questions probably if we have some a few times for questions if you want to ask questions please queue up at the microphone well do whatever you want so nobody has any questions well ok so I will be around the next until Wednesday I can break the ice it's always hard to start have you had a look at the LEAP project it's people working mainly it's a two part project and the first one was implementing OpenVPN easily like one button click and then it works with a VPN but they're working also for a complete GPG out of the box working so end user wouldn't have to touch all the details about it using tofu too so I don't know if you've looked at the proposals and the work you've done I know that there are a lot of projects doing things but frankly I don't have the real overview about this and I've not been approached directly and if you send me mails please make sure that there's no HTML in this mail also not alternative things regarding the trust from first use SSH is moving to SSHFP with the help of DNSSEC is there the same thing happening with GPG 2.3 maybe DNSSEC yeah well that's a different topic we have a lot of mechanisms on GPG already to retrieve the key and there's also this PKA system which can do basically the same what they can do so we're discovering things I know Daniel is strongly against using DNS for key look up but there are other opportunities to do this like using a web server all these things need to be discussed in the next time but I think tofu is something we really want to have because it keeps the decentralization of PGP and I say PGP because PGP was designed to be decentralized and we don't want to have any centralization again we have some kind of centralization we need our mail providers we need to get some mail addresses so yes but that's something we need to live with but from my point of view we should try to be mostly decentralized so that we don't rely on a single point of failure hi so I think I'm the Daniel he was referring to so just to be I want to clarify I actually have no objection with looking information up in the DNS I just don't want us to rely on centralized authority and additional corroborative authority I have no objection to that so I wanted to say thank you and that I really appreciate your focus both on the decentralization and the increasing focus on user experience I think those are really important things and what you've done in the past is really important and I'm looking forward to working with you more on the stuff that I think will continue to be important in the future so thank you you have a point with the DNS and it's an established replicated distributed database and so well it's easy to use and better than nothing thanks anyone else I stay here until Wednesday if there's somebody in the other room we can stream your questions so that also works just so you know okay so anyway you're all using the GPG user for a long time so thank you for attending again