 French citizen, computer science engineer with 15 years of experience as a web artisan, and also a lot of experience as an online militant activist with big French associations, and also maybe the one you know, la quadrature du net during five years I've been making the press review of la quadrature du net and during this time I dreamt about a tool that could save me 80% of my work clicking back and forth from the newspapers to the press review and I did not find this tool existing I complained a lot about this tool not existing and after some years I finally I finally had the idea to just make it that's how it started so it's a press engine it's a search engine looks like every regular search engine you put your terms you click on the bottom and the results are it's in fact a meta search engine so it's very easy to understand you put your request and the tool will fetch results from now more than 500 newspaper online using their own internal search feature for this to work in a web in a web context I needed to shape it as a web extension to gain more privilege and be able to fetch online content from something else that your own URL and to present it to you on your on your web browser so here are some use cases why you do need a search engine to look into newspapers into online newspapers you can be making a press review but you could also be monitoring a scientific area there are more than 10 sources of meta press among the 500 I already spoke about 10 sources that are scientific editors with online presence but everything you would do with Google news you can do with meta press because meta press is a kind of a hack of Google by the outside and it provides comparable results but without the servers and without the monitoring of everyone the tool is already able to fetch quite impressive quantities of results and it takes not so longer not so long to do and it provides more than just what Google news is offering you because you can custom the searches you can select in which sources you will in which newspaper you will search you can select them by group or one by one and so you know where it has been searching for and where it was not searched while with the Google news you should believe that they search everywhere and you can't check it the tool also lets you reschedule something that was a good search you click on the bottom and you decide if the search should pop up on your web browser every day every week when you want for the accredited unit for me to continue my work at the press review I have just four of them when I arrive at 9 in the morning and just at 11 30 before the break and I have four in the day I'm sure I won't miss any news any result so the main advantage is is that you win all the time that you should spend to query all the newspaper one by one your computer juice does this and it does this very fast there's no private life threats because you can check what the tool does it's a free software you can check what are the queries just looking at the death tool of your web browser you can see that the tool is only querying the newspapers you want and I present this tool presents you the results without loading any side content no tracking no advertisement no pixel hidden it's like the nl net said it's help you to escape the swamps of third parties also if you do twice the same search hopefully you will obtain twice the same results and in the same order and unfortunately it's not the case with all the other main commercial tool to do this they want to trick the order they want to decide what's on the first page and what's not they want to put some ads between it's not the case with this tool your phone if you run the software on your phone will be powerful enough to sort all the results in chronological order if that's what computers are doing the best it's the point that works in French because in French we don't do computer it's not computing machine it's ordering machine with we said ordinateur so it's a lot customizable and sure it's fully decentralized architecture architecture it's your computer that works when you install meta-press your computer suddenly learn how to query all these newspapers nothing is going to meta-press servers there is no meta-press servers it's easy to check no need to come by me to check what the servers are doing there's no servers you are sure to be protected also it means that there won't be easy sensor censorship on the tool it's globally impossible to censor because you you can block one newspaper in one country but you won't block all the things it also means that if tomorrow all even if now all of you are trying to download the thing and install it I won't sleep bad because it's your computer that works and my servers won't be on the knees because four million people start to use it from one day to another this decentralized architecture means that the more people use it the more computer are running it and it needs no new equipment on the network I I don't need to put more servers and more and more servers and to put my data centers on the arctic polar circle like Google there's no servers it's existing machine that just learn to do new things so how to get it it's a web extension for Firefox so just add on to addons.mozilla.org and click the add to Firefox button this one my favorite it will ask you two questions it will wait for a few seconds and then it will ask you if you really want to install it just click yes and then after very important it will it will ask you if you want to run it in private mode my first move would be I don't know what it is I click no and I will see later but unfortunately if you take the problem from another side you're just going through the preferences of Firefox and you see always use private mode why not I want to have some private life so I click on this button and it ends up with you installing something that won't show up because you clicked not in should I you allow it to run in private mode that's that's the only thing that can go wrong and people say I install it and nothing happened bad news but not it's not exactly my fault you should see a new icon in your toolbar with a nice butterfly net catching falling stars it's the news in the newspaper the falling stars and and meta presses the fly net it works also very good in in inter browser if you don't have this icon either you did not allow it in private mode or it's behind the smaller sandwich things like burger icon but the icon is somewhere I just click on the icon and it will open the press the third and you've seen to finish some limits it's it's not the cyber blade that will do everything I try hard but I can only add sources to the tool if the sources provide a meaningful date on each results it means two things a newspaper that would use a search engine that not that is not printing the date of an article in the results the page of the results of the search engine I could not integrate this because I don't have the dates and I can I cannot search it also means that an online agenda for instance a militant agenda that say there will be protest there and over there and this like mobility zone the tool from from a soft can be used and can be integrated and where read with this tool because the results will be sorted by chronological order it works so you can query with this tool the 30 instances of the demo sphere.org online militant agenda and it's the only way on earth to do this it's not very useful because the different instances are for different areas but still if you want to search something it's possible I need a date on the results I only can search through known sources currently there are 538 sources that you can query with the tool only this one can be queried because it requires to produce a set of this some description of the two of the source for meta-press to know how to fetch the results from it so that's a limitation we will need more volunteers to help us to map the world to discover all the newspapers of the world because it's the aim currently there are newspapers from 50 countries 59 languages because I had first for the newspaper of records found in the corresponding Wikipedia page and then I am doing French things because I am French people but for instance the Egyptian newspapers I'm sure there are some great of them but I can't just understand what I see on the on the main page so we need to instruct meta-press about new new sources I also currently can't fetch old archives scientists for instance they would like to be able to deep dive into a subject and to fetch old results and for the moment the tool is only capable of fetching the results of the first page of the search engine and maybe maybe one day the tool will improve but it's not planned yet it's a meta-search engine so the search are taking quite some time in fact you see the first result coming in the first millisecond so you don't see that it's long but to comply completely the search will take about 20 seconds it's still not long enough to print your keyboard in your face like neo in matrix it's not a website should have been should have been better if it have been a website but I need the special privilege and there's no email notification but you have in browser notifications do you have any questions yes I can move yeah so for people with questions there are microphones along the line so Simon can stay up here thank you for the beautiful talk Simon and if anyone has questions the microphones in the middle are available for questions and then Simon can stay up here and answer them very brief one there are journals with behind the paywall like New York Times how do you get in do I get through the paywalls no I am not giving you access to the content of the article I am just giving you access to the knowledge of the existence of the article there exist tools to go through paywalls but my aim is to reinforce the freedom of press my aim is to get the journalist a living and there I don't want to circumvent their business models behind the paywalls it's not a web the web anymore but you know it's exist and you you might just reach the guy and ask for the content or something that's a great question and a great answer the next one hi my question is do you have a lot of problems with the sources changing the way they sent you data back that's a great question and it's sure a weakness of my model the short answer is no it moves slowly from time to time one newspaper is changing is is appearance but they might just change the CSS and not the structure and that would be great for me it happens but it's not the threat for the project another answer is that a lot of newspapers are providing their results on the RSS format you can query it and register for the RSS field a lot of newspapers it's not something good from them because they thought about us it's just because by default in WordPress you get the feature and hundreds and hundreds are using WordPress by default with this feature even if they are not displaying it I check will it pop up how it gets and up next thank you okay well thank you can we have a big applause for Simon come back on Monday 10 a.m. here for the long presentation yes so if you want to know more he's giving another talk on Monday here how what time 10 a.m. 10 a.m. okay so that was beautiful the next speaker can already stand there while I do my little announcements so who's the next speaker okay so I just want to let you know we are doing something about the heat there are people working to get the tent open to get ventilation because it is way too hot in there so don't forget to drink water put on sunscreen even though it's we're in a tent and then for the next speaker his name is Yap van Tiel and he's going to give you a I imagine a really nice talk have fun good afternoon ladies and gentlemen I have ten minutes to save the world so I will be fast and not use the I don't have slides because I was invited yesterday to do this and I can do it from is it can you hear the okay the title is the Liby law method to build networks and you will say the Liby method whatever is that I will explain well first the problem we are going to solve together I hope is caused by a massive interconnection of everything we have built in the world there is appearing a lot of complexity everything is interrelated it's it's our fault also because we have connected all these things but so if there is a single issue a crisis a lot of other fields are involved and should be involved too second thing is it most of these crisis like energy climate migration etc etc are a worldwide issue I have big respect for the people of some groups who agitate against the big companies spoiling our nature but the the jurisdiction is still national and that's silly because it is it should be a planetary issue and we have to approach it in a planetary way now since hackers know what they are talking about learn very fast together and get things working yeah it's very positive usually they can make they they know what you're talking about they can if they combine their efforts can repair and improve things so after the apocalypse which is now yeah and if you look at the meaning of apocalypse means revelation it's not only a disaster it is there are revelations coming I hope I give you one today is we have to take action we have to do certain things and how do we do that with the Liebig law method mr. justus Liebig von Liebig was a German chemical man in 1850 I think everybody in the world was asking how can we improve crop yield because there are famines and some people said more sunlight more water more fertilizers more working at the soil and he said yes it's all of them are right but there's always one factor which inhibits everything it's like if you are in a congestion in the road the first car in the in the congestion this defines the speed of the congestion so politicians shouldn't make all kinds of fantastic measures which work the other way around in sometimes the opposite results from complex systems they should go from one bottleneck to the other and take away bottlenecks take away obstructions that's what we do in networks something is always stopping the traffic and we have to find those spots where it is congested do something about it or bypass it or tunnel it a lot of talks you will hear this week or these days are about such measures to zoom into obstructions but there's one downside if you take away one obstruction the obstruction will move to another place the car which is was keeping the flow from moving if you take that if they can go faster there's another car which takes over the silly role of looking at the traffic blah blah blah and everybody's waiting behind them so it is you have to continue looking at obstructions where they occur zoom in and together with a lot of hackers help it flow again help it to move and that's a very positive activity with that we can construct worldwide collective intelligence with the central authority to act so it is no longer a central complex system with one government or one group of managers who control everything now we see these people having enormous attacks of control hollocks they want to have everything under control which is fiction so you have permission to help build the global brain from such a construction with a lot of people who work together to get things moving and then we will have to get more than 10 to the power 10 it's 10 billion connected people on this planet which form a global brain and our planet will wake up it's Gaia is going to move and it's about now with it 10 billion people bacteria already have more than a trillion bacteria they also exhibit this collective intelligence so our brains contain brain cells which is much more than 10 billion so the puzzle how we can get conscious is at a certain threshold of that number of connected things so let's help to connect the world and people on this planet and just disregard what managers and governments say thank you well thank you for that beautiful talk I'd never heard of that before if there are any questions we have mics in the lane in the middle so if you have a question just walk up to there and then I think Jan can answer it also the next speaker can already stand up and go attach their laptop or anything I write about these things in my blog which is called the connectivist at wordpress.com so please read my blog and then you get it explained in length thank you please pose your question sir thank you thank you for your talk I've got a question regarding how complex systems actually work given that these kinds of systems do require information exchange between agents your proposal is the following that every agent at some point will gain the whole knowledge about the system otherwise we won't be able to control the whole system do you believe it's not a dystopian vision then well the the point is that you can build collective intelligence for instance in our brain it is a miracle that we can see very clear pictures because the lenses are not in our eyes the watery balls lenses are in our brain it's processed it's well you can store certain things in a if you make transforms of it and you can also do correlations a matching so we are looking very carefully at how brains are concerned we don't know very much about it people have been either looking at those consertion have and having it's image processing it's senses combined combine information from various sources which has to be in a in a group and there are all kinds of dangers that there are also fascists can organize themselves in that way and we have already seen some examples of being very well organized right-wing people for instance but they usually have people who are very loyal to the leader and are not selected for the abilities while we as hackers select people on their abilities on their if they are competent in all these political parties there are very incompetent people at the top and that is not a very durable solution even presidents who have been incompetent and maybe the financial rich people have controlled that but now again the Tories in England have selected a lady who is really has a peanut for brains I mean sorry that I'm a bit rude but I'm from the Netherlands and we we are not polite sorry I will not add more to this disastrous discussion but we have to work together with people who are really competent who really know how computers work really can network and connect to each other and work together to build this global brain well I think that's a great message to end it with could we get another applause yeah so the next person I'm going to introduce is Max and he is going to give a very interesting talk on a topic I cannot explain the title of because I physically can't pronounce the words but I'm sure he can so before I repeat drink your water and we're trying to do something about the heat he is going to give a beautiful talk on it have an applause for Max I think I have some technical issues somehow going away in a second I think yeah and would you like me to remind you of how long you've taken or how long you still have left? I think I would be quite nice. Okay we are still working on the issue of getting the laptop but in the meantime to sign up as an angel there I go I turned it off myself so while there are some technical things happening I don't know too much about don't forget to sign up as an angel if you still want to you get a beautiful water bottle I left up my chair and a lovely t-shirt also if you do decide to do trash or parking shifts which they're really nice you get a gorgeous gorgeous batch that you can adhere to pants or vest and they're really pretty so don't forget to do that now we're still not ready okay um don't worry that is a great idea all right is that okay with you yeah well come up who are you well Michiel and what are you giving a talk about? I'm going to talk about stickers and the Nelnet that's saving the internet so it's actually a great combination of things yeah well good luck a applause for Michiel okay so I work for a charity my name is Michiel Lénax I work for a charity called Nelnet Foundation so this year we celebrate 40 years of trying to save the internet so we first introduced it in Europe back in the day actually it's a bit of a fuck-up and so we want to fix it why we're still alive and so one of the things that we do we're an unbeat a public benefit organization so we give money to people that develop open source software and these people actually so first of all maybe you are one of such persons August 1st you can again ask us for money if you work in an open source project just like Simon who presented earlier as one of our projects but there are actually quite a few of them over here at the at the mch choose a better life than working for a corporate overlord work on free open source free and open source software as much as you like to code your heart out and get paid for it basically that's the formula but of course when people do a project they start making stickers and you've seen many of the stickers in a live there's there's whole tables of stickers and at a certain point in time your laptop fills up and this is this is ordered relatively neatly but this is as much as it can take now a couple of years ago smart people came up with an idea why don't we standardize the stickers so I present you hexagon stickers and just just just to make sure that we're not bullshitting we brought about 50 or 60 different designs of hex stickers to the conference you can get them at the Dutch hacker hacker spaces space and you can start your instant collection and the cool thing about this is you can actually if a project becomes uncool they go close source they have Nazis in their team or they don't have Nazis in your team whatever your thing is you can actually rip and replace it and add cool new things that you want which you couldn't possibly do with these 15 layers of stickers that keep getting your laptop heavier so the mission in short is if you're a coder come and work for the internet ask us at nl net dot nl nl net dot nl if you need a job we're looking for a rust coder a communications person and we're also looking for a project manager get a job there as well and get as much stickers as you can and please use this the hex the hex standard for stickers two inch wide the tip at the top if you're looking for it on the internet you will find the spec and it's so much better that's it's a prettier and better world so that's basically it are we are we there yet okay okay yes well the interesting thing about let's not do that you can talk to me the Dutch hacker space is village there's like a big tent there and you can get unlimited supplies of stickers and get your instant like take them for your kids take them for your friends make better and prettier laptops much that was amazing the next person up with tech with everything working again is max right and he is going to talk about fuzzing of cryptographic protocols so a big applause for him so I will be talking about fuzzing of cryptographic protocols today so I'm max this project originally started in France actually at Inria Loria in North Sea so this was kind of my topic for my master thesis and right now I'm continuing this project at trail of bits which is an awesome security company so what's the deal actually so in our modern world we have we already had several security issues in our worldwide web these security standards are usually defined in what we call our seas so there are a lot of specifications out there so for example there's RC 5246 so there already have been a lot of proposals before that and also after that that happens to be the specification for TLS which is basically the protocol which makes our internet secure but just having a specification is not enough you need to have an implementation something you run something which runs on your phone on your on your laptop and this process is quite error-prone so by going from specification to an implementation developers make mistakes and they will continue to make mistakes unless we let machines do their implementation I think so they have been already quite a few security vulnerabilities which occurred during this path so what actually is fuzzing fuzzing is a method for testing implementations so basically what you're doing is you're feeding just random data to programs and see how they react see if they are crashing see if they reach invalid states so this is called black box fuzzing if you if you're just doing random inputs if you're making it a little bit more intelligent then you let your fuzzer learn to generate intelligent inputs by using some feedback from the implementation you're testing so this is very nice for testing simple tools like just a linux command line tools for example but it gets very difficult when when fuzzing or testing cryptographic protocols because protocols they don't just expect a single input they expect a sequence of messages so it's not just plain binary data which they expect so the challenges are that previous cryptographic messages are important for the later steps no protocol later messages no protocol depend on earlier ones and also you're usually not only looking for crashes but you're also looking for whether there are any logical bugs for example if an attacker somehow managed to bypass authentication or downgrade the security of the protocol an example protocol I've been working on is TLS which is quite old already the earlier versions are very bad and right now we are using two modern ones which are both quite secure even though TLS 1.3 is recommended so the big picture in the fuzzer is that the fuzzer generates some input and with this fuzzer you don't generate just stupid random data but you generate some structured data so for example here we have a client hello server hello message those are two kinds of messages which I use no protocol and you're already sending structured data and for example here to open SSL and then we are watching open SSL closely what is it doing did any security violations occur did some attacker bypass the security of the protocol and all of this is inspired by more formal protocol verification I cannot sadly I cannot go very deep into this but basically the idea is to formally model what is the protocol what messages exist and in this model basically the attacker is the network so you're covering all the man in the middle attack scenarios so the attacker is able to inject messages intercept messages manipulate messages so just like in real life conclusions are so this fuzzer is actually able to generate a mess a series of messages we can concretize these symbolic representations these more high-level representations to inputs which open SSL can understand for example that way for example the fuzzer is able to decrypt messages so if you would task a fuzzer to decrypt messages this is kind of not possible with traditional fuzzing and the fuzzer is also able to detect and also that way rediscover previous vulnerabilities so thanks for your time any questions so can you can you actually so there's a tool called very spell which is a symbolic verification tool which is used being used to model TLS 1.2 TLS 1.3 can you actually use the these models to as input because they're formalized and very structured so you mentioned pro-bearer right yeah it's a tool laid on top of it to simplify development but essentially so it's actually the lab which I participated in did develop pro-bearer for was developed there I did take a look at these models in the very beginning and what you kind of pointed out is like the grand plan which Liza had several years in the future so right now it's a lot of work to get to the point where you can execute all of those tracers tracers or messages but in the end we kind of want to have a fully automated tool which just takes some specification for example in pro bearer and then does it met does it's magic and finds all of the vulnerabilities in it okay august first just just apply for a project then if it's a multi-year project yeah all right then thank you very much for a very interesting talk and well then we come right to our next speaker and yeah I actually have to take over from the Herald because she was running out of time and just in case wondering all right so I have no slides just some reminders of what I'm going to discuss with you so my name is Peter van Eyck I have a couple of jobs they're mainly focused on instructing cloud security and cybersecurity so who of you is involved in cybersecurity education in one way or another okay cool I need Dutch people among that okay even cooler so here's the thing that I'm working on together with a couple of people and the purpose of this short presentation is to see how we can work together to create an even better situation now I don't think that I need to explain to this audience the importance of cybersecurity education there's a growing demand growing workforce and if you have any data that's to the contrary I definitely want to know I am one of my jobs is working as a hope to send at a high school Utrecht and I'm responsible for the cybersecurity and cloud education there now what we find is that in a formal education program even in a formal education program a gamified learning works really well and many of you know that as a capture the flag and what we are starting to do together with a couple of hoax hole in the Netherlands is to build a common platform to run that on the the challenge is that an individual school don't doesn't have the resources to do that either to run the platform or to generate another learning content for that so we're working on what we call the joint cyber range dot an L and you can actually look it up it's alive as a bit of a pun to the joint strike fighter of course and the it's it's in development we're actually working with the surf and a couple of other interested collaborators to work on that what I wanted to point out I have a few notes here I think I don't really need to explain to you how that is going to work because who works for CTF and who has CTF experience right and who basically knows what a capture the flag competition is I guess most of you yeah I see most of hands right okay now what we find surprisingly hard to run that ourselves or to run that in a school environment you can have commercial or a non-profit solutions for that but they don't really interface with student systems they they don't allow for proper curation of the of the content from the perspective of teachers and and universities so that's what we're working on and we're not rebuilding everything ourselves or our current prototype is actually based on CTF D running in a Q&A cluster very cool but we would willing to ditch that if there's a better solution and we're working on that as well so wrapping this up you all have other talks to go to if you are just a little bit interested in moving cybersecurity education specifically higher education but also primary and other levels of education ahead either in the Netherlands or in Western Europe or in Europe then come talk to me because we can definitely work together if you want to contribute content that's also something that I really would be interested in figuring this out and with that are there any questions oh that's really first thank you and big round of applause for our speaker here and yeah are there any questions for him there are microphones in the middle just walk up there if not I don't think we actually have another speaker now