 Okay, so let's begin with the lightning talk session on day four. So I would really like to explain how this works for the audience and the speakers. First of all, for the speakers, please sit in one of the front rows so we can get up on stage quickly and deliver your talk. Delivering your talk is pretty easy. You just have to talk into the microphone. Please don't turn around because we can't pick you up then because, yeah, you see what I mean. You can see the slides down on this monitor here, you don't need to check out the slides on the big screen. Stay calm, talk loud and clearly, finish on time, get your applause and leave the stage. Thank you. I'm not going to leave yet. I say the same things in every session, never mind. For the audience, how to listen to lightning talks, please be excellent to each other and watch the timekeeper because, yeah, we would like to make sure that every speaker is in time. So how do you read the timekeeper? How do you process the information that's displayed by this column here or the column on the big screen? Alex, would you like to explain that? We need some audio for the podium table. Good morning. Hello. Hello. Yeah, you have to talk a little bit louder, I think. We have no audio here. Maybe you, ah, hello. Good morning, everybody. Most of you should know by now how the timekeeper works as long as the timekeeper shows the green light. If you see the green rising column like this, you're in the first four minutes of your talk so you have plenty of time. If it starts to turn yellow at the bottom like this, you're nearing the end of the talk. You'll still have at this moment about 30 seconds left and the last 30 seconds will be shown in red. And due to our new policy to be more speaker-friendly, we don't use the buzzer anymore. So if the speaker nears the end of its talk, you go, please, five, four, three, two, one. All right, I think that works. At least it works for me. So we initiated the countdown, we practiced that. There are translations available so all the English talks are going to be translated into German. The German talks are going to be translated into English. And, yeah, to see the details, how to listen to these translated streams, check out c3lingo.org. And please give a big hand for the translation team again. Okay, that's it. Let's start with the first speaker. Okay. So thank you very much for this nice introduction. My name is Kassen and I want to talk about a web application which I'm currently developed and its aim is to facilitate the more constructive and less frustrating digital discussions. And the motivation for this is that there's an increasing world population and technological development and the world is getting more complex and this results in an increasing necessity for communication and coordination. And this is often very cumbersome. And then we have misunderstanding, emotionalization, reinforcing feedback and often communication breaks down. And from my point of view, this is a big threat for the whole civilization. There are examples on many scales. For example, on a global scale, we have climate politics where we have like two camps which cannot even talk to each other on a national scale. The German one of you might probably notice there's a very emotional debate on how to use or whether to use at all gender sensible language. I wrote on an example here. And even on the local scale, there's example of how communication can fail, which I want to detail in this slide. At my local Hexbase, there's a mailing list and about a year ago they break up a discussion of when to start the regular meeting. And at the second email, there was a proposal to start at half past 7 p.m. And 15 emails later, the same person stated that I don't understand the whole discussion. I'm really annoyed. Soon I will quit. And then you can all organize it by yourself again. So this is an example of a quite simple topic which led to complete breakdown of or almost complete breakdown of communication. So even in small homogeneous groups, there's the risk of escalation. And my solution proposal is that we should use better tools. And this is motivated by the difference between a usual forum and this platform Stack Overflow, which you probably know. I think this drastically improved communication, at least for this one use case programming questions. And I know there are other very similar platforms for other topics. But I think we need something for usual or for regular discussion set. And the key points which made this successful is that the content is not ordered by chronology but by quality. And we have avoidance of redundancy and a better focus on the topic. And as I already said, we need similar features for normal discussions. There are already examples for this. Like, I don't know whether you know this, this is brable. And there are other pages and they use formalization to display contra versus pro arguments. And they have ratings for the quality of the arguments. But there are drawbacks because this is somehow superficial, you cannot go into the depth. And it's not free and open source software. So I thought, let's do it by myself. And I wrote and web application, which is available at your sober minus arguments.net. And it has some features, which I think are suitable for this whole process. So first of all, there's a strong formalization of discussions. You have some, which I call bricks. So elements of discussions or atoms of discussions. And yeah, these types of bricks are thesis pro argument, contra argument, question and improvement suggestion. And they are somehow highlighted by these different colors. And then you can go into the depth. This means you can add in contra argument to another argument and so have some kind of argument trees. And there's an explicit field for references. So every author of an argument should have the urge to add some references. And it's open source software. The main drawback is that in early alpha stage, and that I'm not a really good web developer and even worse designer. So you can see it's kind of ugly, but the aim is just to develop a proof of concept. So why could this be useful? It could help small groups in opinion forming. And it could help individuals to get an overview of discussions. And if you're interested, you can visit either the GitHub page or the URL of the project. Thank you. So good morning. Good morning, everybody. Refreshing memories. So let me ask you a question at this morning. Who remembers the Homebrew Computer Club? A few hands going up. The Homebrew Computer Club officially started in 1975. And people didn't know much about computer at the time. Meet together, exchange, knowledge, did projects together, hardware and software projects, and really tried to bring the technology into the hands of the people. And if you dig deeper, you find that behind that is a movement that was started by Stuart Brandt, because he already wrote an article three years earlier in 1972 about the hackers community. And Stuart Brandt, to give you the link, is the founder of the Whole Earth Catalog and the Long Now Foundation. And his community is still active in these days. And one of the guys started DIY Robocars to bring technology of autonomous driving into the hands of the people. So in a way, we have a similar situation compared to the PC area in 1975 to autonomous driving in 2018. And what you see here is one of the guys going very fast with an open CV based technology. They recognize the tracks. And what they do is they autonomously drive and try to be the best human. So if you're located in the Bay Area, that's the way to go. You find all the details there, all the procedures to build up your own car. So there are other groups like our friends in Ann Arbor and in Detroit. And they only they even go further and they set up an application of a robot that can drive autonomously in a greenhouse and detect plant diseases of tomato plants. So if you're located in Ann Arbor or Detroit, that's the way to go. How did I myself became interested in self-driving cars? I was so lucky to be part of the of the first team to finish the self-driving car engineer at Udacity. And what you see here is one of our first try that we ever made the car move. That was quite difficult. And you see it's still very buggy. And that was a really a fun project with a great team working together at the final project. And that made me started a meetup. We have in Stuttgart now connected autonomous driving. And you see two projects we already built. One is in the car, a life detection of other cars and pedestrians and some very, very small examples of getting a small robot that you can build within an hour driving around a track. So the hurdle is not that high. You can very easily start yourself. We're currently in the process of setting up a track and building up our own cars. So that's in the track space in Stuttgart. It's the car of Alexander Kolbai, who's very active in the community as well. And the opportunity for you all who are interested in this kind of technology is quite amazing because you can learn about computer vision. You can learn about behavioral cloning together with training neural nets. You can learn about path planning. Some of you may have seen the talk about the mass rover. So a lot of what has been discussed there about path planning, you can directly learn here in these kind of projects. And then you can learn about sensor fusion as well. So if you're interested, come and join us at Connected Autonomous Mobility. We're here at the assembly together with our friends from the Automotive Security Research Group. And there's one thing I would like to add. We just only talked about single cars and single robots. And the title is about Connected. So imagine in the PC area, 1975, we only have the PC and only a few networks. Imagine what is possible if we link all those robots together in a manner that is really helpful for people. So if you're interested, come and join us and have fun. Thank you very much. Hi. Yeah, thanks so much for the opportunity. So I'll briefly talk about smart contract security in particular Ethereum smart contract security and our tool called Securify. So given that not all of you might be familiar what the hell is even a smart contract? Well, a smart contract is a very simple program running on the blockchain, Hype Alert. And mostly the most used blockchain is Ethereum. And why is smart contract security maybe a little bit different from, let's say, web security? What's special about it? Well, what's special about it is that the code is public, the state of the contract is public, and everyone can take the contract. So in a way, there's a lot of transparency, which is nice, but which also makes security harder because it's relatively easy for the attacker. And finally, these handle a lot of funds. So they, once you have a bug, you can typically easily monetize your bug. So is this a real problem or am I making this up? They have been sufficiently many big hacks. These numbers used to be a lot bigger. But now that the conversion rates dropped a little bit, the numbers don't look as impressive anymore, but you can definitely make some money if you know how to hack some smart contracts. So what can we do about it? At ETH Zurich, in cooperation with Chain Security, we built this new tool, which is called Securify. And first I will give a simple intuition into what it does. Basically, it provides some basic checks for your smart contract that you always want to have, like when your doctor comes with the status scope and does some basic checks on you. And if you are not so much into security, maybe you still have heard of Metasploit. So it's kind of like a Metasploit for smart contracts. It scans for basic things that you always want to scan for. But now for those people who know a bit more about security and smart contracts, what's the more complex explanation of what's going on? Well, basically we built a dependency graph of the instructions inside and the variables and how the variables depend on each other and on the instructions and so on. And then we have certain patterns, security patterns. Some we'll see later. And for these, we check for compliance and for violations. So in some situations we can say that things are definitely fine. In some situations we can say that things are most likely not fine at all. So what are these patterns? Oh, sorry. So one of them is the re-entrancy, which you might have heard about because it's what caused the famous Dow bug, which I listed one slide earlier. And another one is, for example, missing authorization, which is a very common problem in smart contracts. Because as I said, everyone can interact with the smart contract. So by default, this kind of everyone is the same to the smart contract. So you need to add a proper authorization feature system to the smart contract to ensure security. So really we encourage all of you to try it out. It's fairly simple. You just put your code here and press scan now and that's it. Yeah, so please try it out. Yes, you find it under securified.ch. And as I said, it's free. It's a one click analysis. You can either paste your code inside. You can upload a zip or you can clone a git. The git clone feature in particular is a bit experimental at the moment. Definitely let us know if you if you see some issues with that. In general, we are super happy about feedback. And so if you want to learn more about what's going on behind the scenes, then you can read the academic paper that's been published that is letting you know more about what's happening there. It's all of this is open source. So you can go on GitHub, check it out. You can contribute. You can suggest new features. We are very happy for suggestions. You can of course report bugs. We are also very grateful if you do that. And I would like to take the opportunity to thank the Ethereum Foundation, which is making this possible. Finally, we have a discord where you can contact us. We have a Twitter and more features are coming soon. And lastly, let me say if you're the guy scanning 4,000 contracts in the last few days, contact us. There's probably a better way for doing what you're doing. Thanks. Okay. Hello, everyone. My name is Robert. I'm a software developer and I love to develop free and open source software. And I want to tell you how you can find contributors for your open source project. So this is not the slides that were updated. Can you please go? Can you maybe go to the C3LT? I'm sorry for that. Because then your hands leave the podium, the microphone virtually will switch off. All right. Yes, that's it. Okay. So let's say you started your open source project and it usually looks like this. You're the lonely hacker who is sitting alone in the basement, working all alone, probably spending a lot of time. And I would say this is a problem because it's not very sustainable. And instead, I want to suggest to you that you should join an online learner community. Very simple online learning community match people who want to learn programming with those who are looking for contributors. If you want to know what learner community I am in, that's agile ventures. You can go to their website. Pretty simple. There are probably more like that out there. How does it work? We have, for example, regular meetings. This is a screenshot. We can hang out with each other and say hello to each other. And you can also work together and screen share with your peer programmings. And for example, I'm always trying to teach some basic knowledge about programming. Of course answering questions, onboarding people as good as you can. All right. So I'm going to tell you in four steps what you can do. If you consider to do that also, the first thing that you should do is to set up a group chat. So since we are agile ventures, we're using their Slack. You can choose whatever group you like. But it's cool because they have about 3,000 members. There's always someone new joining. If you want to sign up, there's also a link on the right side that will bring you to the sign up page. And then as a next step, you should set up a weekly meeting. And you should also consider the schedule. So our meeting takes place on Wednesday, 7 p.m. Central European time. And this is perfect for people from Europe and Africa. This is also good for people from North or South America. Although there, it's a little bit early. And if people are in their working times, they probably cannot join. For Asia and Australia, this is not so good because it's at nighttime. So we don't have people from there. So just consider that. The third thing that you should do, don't make your code one way. People are joining your project because they're interested into a certain technology or framework. So if you should definitely use popular frameworks, because that will be one of the most important reasons why people want to join you. And as a last step, embrace non-code contributions. What you can see here is a chart of GitHub block from 2016 called the shape of open source. And you see on the x-axis the number of contributors. And the more contributors you have, the non-code contributions increase. Right? So the ratio goes over to the non-code contributions. And that's good, right? Because if you have more people, more people will comment, more people will create issues, more people will do pull request reviews. That's something that you would not do if you work alone. And so you should be very thankful for everything that people give to you, including translations, documentation. You should have a really good read me by the way. So this is the last slide. I say spread the love. Everything will come back to you. Also consider if you have, for example, some degree in computer science, just consider that not everyone on this planet has access to public education. So you're really helping people if you join online learning communities and some places on the earth, this is the only thing that they have. Online courses, learner communities. If you want to see our peer programings, there's a link to my YouTube channel where we put on, put all the recordings of the peer programings. This is all I have. Thank you very much. So now next up is Santa's elf fingerprinting. Hi guys. So in light of recent Christmas, so let's talk a bit about elves. So I'm Gili. I'm a security researcher and co-founder of Kernel TLV, which is a kernel meetup in TLV in Israel. We talk, we discuss about deep Linux kernel things and apart from that, if anyone wants after the convention, we can run a DND shot, a one shot. So we all know what elves are, right? There are these one executables that we run in the Linux kernel or any Nix-based operating system. And yeah, they're standard and it's really good document. You can see it right here. But why should we dissect these elves? What do you want from them? When I'm getting a new elf, I want to research it because I know when I want to attack it, I will not want to know what I'm facing. For example, do I have staconaries, do I have a salah? What will I face when I found my vulnerability? So it basically maps our attack surface and see what our competitors are doing, what our idol vendors are doing. So we built an inspect elf. Inspect elf is an open source on Github. You'll have the link soon enough. What we do, we want to detect everything that's related to compiler flags in Linux, in the elves. So for example, once you just run it, you can get whatever you want about position independent code or whether this elf is staconary based or if it's stripped or virus other heuristics like whether it uses Google's ace and address sanitizers or get all the dependencies listings. You can find it here on Github. Among other things. And there are some additional research about inspecting all the libraries and everything that you search through. So you can find additional versioning between different libraries and different elves. So for example, if you have one vulnerability in one version, you can find similarities within different version of the same elf. And the library does exactly that. It just matches according to this very nice research about how similar libraries are and how elves are similar to each other. And everything is compiled eventually to this one larger system. We call it a lib search. If you have a nicer name, come up to me and give it to me. Basically what we're doing here is we're mapping a lot of APKs and binaries so we can finally reverse search between them. So for example, if you have an APK, you can run it through our system and then get all the information that there is like permissions, intense libraries, compile flags, versioning. And once you find a vulnerability you want to research, then you can find it here and reverse search all the firmware and APKs that includes them. If you have any further questions, find me now later and thank you very much. Next up is an alternative keyboard. Layouts. All right, so hi everyone. I'm at underscore so hot on Twitter or there's also my web page. Welcome to my talk on alternative keyboard layouts. First up, a little bit of history because keyboards didn't always look the way we're used to. This, for example, is an old telegraph keyboard. But our Quartz keyboard, as we know it dates back to mechanical typewriters. These typewriters used levers to imprint the characters on the paper. And these levers would get stuck if you press keys that are close to each other at the same time. So that's why when designing Quarty they put keys or letters which are likely to appear after each added in the English language as far apart as possible to prevent these levers from jamming. In a way you can say Quarty was designed to be as inefficient as possible. With technological advancements those such as the IBM typewall, Selectric or now modern computers, we don't have these levers anymore. So no risk of jamming. But still the layout mostly stuck around because people were already familiar with it. But let's actually look at some alternative layouts because people still came up with alternatives. One even dates back to the time of mechanical typewriters. This patent is from the late 19th century and shows an alternative layout. But we're more interested in stuff that people still actually use today. So this for example is Dwarak. We also have Colmec or my personal favorite Neo2 which is optimized for the German language because I'm German. What all of these have in common is that you can see that the most used keys such as the Wawels and the most used consonants and RTD and so on are placed center. So they're easy to reach and like directly under your fingers in the resting position. What's cool in addition about Neo is that it has multiple layers. And for example on layer three you have all your parents brackets, braces, neatly arranged in pairs which is super convenient for programming. So but we can not only look if you want to learn a new layout I can recommend a type trainer like K-Touch it's free and open source but we can not only look at the arrangement of the letters on the keyboard but also the physical layout of the keys. Here are some proprietary keyboards. What they all have in common more or less is that they're symmetric because if you think about it your hands are symmetric and also some of them have the keys arranged in straight columns because after all your fingers are also straight and not bent in some weird way. These are all proprietary so you can just buy them but everything is closed source. They're also open source models. The top two have fully open hardware and software so you can build the whole thing yourself. The bottom two you have to buy but you can change the firmware and everything is open source there. I have an address with me if you want to try it out come and find me later. There are still more crazy things such as corded keyboards where you would press multiple keys at the same time to produce a single keystroke or interesting touch keyboards and if you want to find out more the desk authority and geek hack forums provide all kinds of information and also there's the Bill Boxing collection which has a crazy collection of input devices not only keyboards the slides are online and the links like those are all links that are clickable so yeah if you want to find me I'm mostly around the NYXS assembly thank you all very much. I'll just escape from my browser again. All right next up is RevFS the reverse SSHFS So hello so if you're like me you're working on a laptop like most people travel around and have their data with me so I have this problem I can maintain stuff and speak at conferences and organize stuff and if you're looking for a challenge you'll try to have all your data with you because at some point you're offline you're in a tunnel or whatever so I made this project and brilliant as I am I started at CCC because that's where you have the most time to implement stuff so here's the goal I don't want to have an SSH server running on my laptop and then break through some firewalls back into my machine I want to have one folder can expose on the remote end and have an interactive session and maybe have session resumptions if I fall out of a VPN or any other network so as usual when you're under pressure you start developing and you start like oh I have this libSSH2 system CLI can also copy stuff then you'll think about practical problems while developing like you have to copy over your binary because yeah you have development and protocol changes and then you realize stuff oh the Linux file system basically relies on iNodes and you would get translations so you need that as well and that's where I took a step back and said okay I kind of failed at this rushing in so to be able to reach my future goals I would have to stop and redesign and also talk to people and say hey I messed up this time what would you do different and especially for advanced features like remote disk cache where you have a server with not that much RAM or just processed terabytes of data you might not want to have it go back and forth all the time so we made a new design first of all we used Rust and not any scripting language and split up the process into two binaries the exporter which is where you initiate your mount reverse mount and the mount which is running on the server side so the mounter does not have any configuration it only started and possibly uniquely started every time interactive mode is something that some people like and some people hate one of the designs is that we use fuse on the remote end which allows you to export your file system from windows to linux so you can use linux strength without without having to very very coming from because the client binary runs on every major platform and we also want to have a soft timeout on the server so that the server binary if it loses connection for like a minute or two it says okay this probably failed let's clean up all the stuff okay so if you're interested in this project please follow the source code if you want to help please do and if you're just interested and say oh yeah I can use that you can also write me an email and say hey I would like to use it for this case I would like to have this and that feature and uh yeah keeps me motivated to see people actually wanting to have the this project oh uh by the way I have one giveaway it's the plushie it's ferris it's the mascot of rust so if anybody wants it just raise your hands and I will throw it in the general direction okay see you there we'll see oh sorry fight no no be kind thank you very much and next up is uh Rattenscheid Darmstadt and as far as I can see the next five talks are going to be in German so check out c3lingo.org for a translation and the instructions how to listen to the translations I took it to the start and did something this year I come from Darmstadt and there will be a problem like in many German cities there it is that the wheel drive is not safe and unfortunately the wheel drive is the only modality that is not safe no one who drove in the car died no one who used public traffic was lucky no one who was on foot only the wheel drive had four dead victims in the last 12 months demanded we then started to stop the Mahnwachen and to say we as a civil society we no longer accept that people who only want to come from A to B are in danger of death we did that to talk about the remaining courage and to make ourselves aware that we have to do something now so we thought about seven goals how can we make our city better and especially looked at the points where it really hakes on the main streets on the crosses how can it be safer and we formulated goals that are both qualitative so how exactly looks like a safe cross can be read in our inscriptions as well as many crossings should be designed so that city administration politics under measurable pressure are certainly more time-consuming to deliver a lot our formula for success it has crystallized itself as courage unwillingness and network sometimes you have to have a little courage to go out then also comes against wind and you have to stop that and not be blunt but be smart and say we still continue and network such friends family NGOs associations but also over 70 individual dealers and individual dealers have supported us on the way have put out inscriptions lists then we went out have collected for our goals inscriptions for a citizen to go we have demonstrated on the street with young families children have given him once a day the possibility to be unwavering to be mobile on their bicycles without fear have to have to have and to show is not alone we change something then we gave up we have collected 11,000 inscriptions in three months for a former citizen to go that are 11,000 inscriptions compare with the voices that, for example, the green ones along the Darmstadt that the large factions we will be a party we are actually a faction in the parliament and it has, of course, respect for those involved who have been in the last seven years where the green ones with the CDU together rule and the green ones from the U-Bürgermeister places that now finally what has to happen that from warm words nothing will get better on this the government 4 million euros per year has created four new places in the case of hybrid mobility that means that there next to the wheel traffic this year first of all I named and three employees from 2019 four more work these four these in total now eight people are not able to only make plans you can also advertising media you can the projects lead and can finally the promise also implement at the same time we deal with the city administration with the wheel traffic orders descendants with the U-Bürgermeister about how we can implement our goals can since they our goals in memory for not bad at all keep and also I was afraid have but they our citizens we would like also for to keep against we complain because we believe that the the foundation the city sector be empty our requirements are not implementable simply not to be taken and that's why we change that now if you compare before where were we at the level like Hamburg, Cologne, Munich they are almost no longer visible small that was three euros per inhabitant and yes some say also five that's normal in Germany more we do not for a safer wheel traffic or for wheel traffic in general then the frontrunner in international view Amsterdam Copenhagen which are like to be mentioned which today so between 11 and 36 euros out and suddenly we could our city international comparable set we are not alone we are part of a international movement in excursions which in Berlin there was this year the mobility law also left on the pressure of the civil society then in Bamberg now Darmstadt and after us followed Frankfurt Kassel Stuttgart we also on the congress with many people talked others want to do that also do comes to us we help we explain what we did right what we did wrong and then we get better cities healthier more life safer easier and in the end children like old people be independent mobile parents or services can their goals reach and we believe that it can all progress can then podcasterin.org good morning together I want to today the project podcasterin.org introduce what I together with Nehler Heise and Michael Heller on the way brought up with us so I am only a part of a specific podcast bubble and with us it's still called so podcast are white and male and it's only over technology talked and then you have to ask yourself how do you come at all on this idea I have a symbol image brought from a event and it's just so there are many panels that are so busy five men or six men in this case talk about podcasting mostly my reaction on it rather a curse or sad be and we think how come the women not to word on the 27th 3rd this year it changed but the feeling and I suddenly had a unbending anger in me and I know that's why so good that it was the 27th 3rd because I was on the 28th 3rd the or the domain podcaster in point org bought and then with me together and started in Heise have just the website to build we are now since the 23rd 12th online and of course have different users groups that we want to talk about on the one we want the podcast producer and not like your podcast person to us profile in a firm team together podcast on the other side uses the year all nothing profiles are arranged if anyone on the website come and there search so of course we hope on the event of panels work lectures and workshops also on the website come and to the podcaster search our goal is simply that we such all mail panels not more so often have to see like so far I want on one point a bit closer go that are the category they have we have listed and nela heiser has the women's voice in the network list once evaluated and said worded and on that we have started firm texts for our website to use but for us there is exactly one category under health that deals with sexuality deals with and all podcasts that in any form deals with with sexuality deals with must in this one category we now have 174 firm texts decide and 12 of them deals with sexuality and partnership so can be for example also podcaster the over bisexuality or over queerness talks use this word and can so much better found will be in contrast but you from the 67 categories eight categories that only deals with religion deals with it is okay if every religion has a own word or a own category but I ask we have asked why for sexuality then everything under a category must there is still a further example what I even more interesting found and that that also technology somehow a huge collection is we now have 16 texts that deal with technology deals for example also with net culture net policy programming and we just hope that many different women and podcast persons somewhere find and if they do not find there we are also happy about every idea it came now a few more categories would be missing and you we have now meanwhile reworked I think we have now 177 texts in total our wish is of course that such tweets no longer so often come that is also again a tweet from many the podcaster say we want yes we would like to often women with our podcast but unfortunately none at all and that's why we would of course be happy when many of us report and many of the podcasts and special topics have just to us come and also afterwards thank you very much then comes open legal data okay hello I am Saskia I am co-founder of the initiative open legal data and we want to with open data make the justice more transparent and that in which we free access to legal data laws but also especially want to make decisions want the main is is that we legal data with technical means process analyze and therefore above all not legal also to bring more legal topics so activists journalists and scientists as I said the main items are first namely components now how do I get it no now well one too far exactly our main items are decisions because although decisions in the name of the people are going that is even legally normative while these not free access not made to so that to concretize and to visualize we have the court negotiations this public we have the court announcement this public but in the end the court will often not public so you can the after so to say not see that is also problematic for journalists there for example when journalists over a case reported and he will then with the court to discuss then he is either on the press point pointed then actually the court from second hand or can but the release of the court to demand what with a lot of connection is and takes a lot of time and takes a lot of time and takes a lot of time the public practice in Germany is at the moment very dissatisfied legally one percent 1.4 percent the judgment will be published and although it is even customer-acquainted is that there is a duty give judgment to publish what even the federal court so sees will just in that sense not come only then when a judgment would be would be is can the court decide of itself whether it will be published or also not published also not always that is then also immediately free accessible is so in the sense of open data but that the judgment in commercial databases are offered which also of course bring costs with them these costs are usually jurists but not necessarily the ortho-normal users journalists yes so everyone what do we want so why free access to legal data we want to make the right-wing transparent in which also a sub-objective right-wing feel by objective judgment data can explain without of course the view for the individual to lose and want because the right-wing right-wing an elementary part of the right-wing is also is this visible make we are in view the official works like judgment not in the hands private companies belong but after the basic set public money public data should be available for the right-wing should be available for the right-wing should be available for the right-wing and and what we already is that we already public judgment collect and also not public judgment at the courts request what also with the application is and above also with costs costs that means we are on your help have been collected judgment with she sends us to ask at courts and public judgment at and with open data platform in the source code that you have and and then I thank you just for your attention so then comes video surveillance in the wardrobe good morning I grew up on the country in the middle of nowhere there is in between fast internet but since april also a few lemma so in between larger wardrobe and yes because somehow a bit I'm a bit home-connected and I'm still there at least at least at least at the weekend I thought I would somehow keep this sheep a little in my eyes keep it and well then I got I have a bilo iquina webcam clicked because for the beginning it is as a student the most cheapest means of choice that he can not much but she can turn what she in the internet makes have I so far I know largest cases below bound I then in the wardrobe hanging that was that was pretty easy because the wardrobe is right next to the house building and I could over over internet I also put a few birds directly on top of it and lived the whole thing. But then I realized, okay, the sheep are quite little in the sheepfold, especially in summer, then no more. So you had to get it out somehow. Now, in such a house practically, a satellite key has been attached from somewhere. It doesn't work, but you can bring more of it under the other direction. And I did that. It now leads to the 150m away sheepfold in the middle of the forest. And there I can now watch over the sheep. The sheep are quite independent animals. That's why they didn't organize themselves in a workshop or something related to data protection. Then I hung the webcam in. First with a power bank. But that only lasted for a short time. We were too few at some point. So I put the whole thing on solar. The whole thing is now running through this one solar panel. It was somewhere else. I don't know who it was. A solar charger for 12-13 euros. And a couple of cables. The camera worked wonderfully in summer and autumn. In winter it was a bit more critical. The reception was broken a bit, but there was also a solution. It actually works. Yes, and I found the whole thing now as a fun project for myself. And I want to continue with it. goals for 2019 are therefore, among other things, the construction of wind power. So I would like to combine solar and wind power. Because, among other things, the temperatures and the little light in autumn and winter months lead to the fact that the camera is then mostly offline, which is of course a pity. There is a great project for a self-pressing wind turbine. That's where Patrick loves me a lot. He has already printed a large part of the parts. And I will now put the winter on it and put the whole thing together. If there should be a bit of energy in the overflow, then I would like to connect the whole thing to the thermal. That's a problem in winter, of course. When the water freezes out, then the shelves have nothing to drink and it has to be changed every day. It's just a job relief. And yes, several camera perspectives. Why not? There is a nice, simple solution with the Raspberry Pi, for example. I will try a little and play. And if the whole thing works and if the whole thing works then I would also like to prepare the Sharpie Cam as a sleeping aid. Then you, who may be at home and have no sheep, can relax and count sheep at night. Whether the whole thing works will be shown in the course of the next year. I would like to report about it at the next congress. If someone can offer help in the direction of solar, wind power, combination, the whole thing and so on, then you like to report. Or if you have scurril ideas how to expand the whole thing. So thank you very much. Thank you very much. Then ChaosBots is coming. Are we both going? Yes, hello. My name is Watz. I am Mr. Gruncher. And we both ... We would like to refer to the ChaosBots. And if you have any in mind to meet a chaos or to establish a chaos group with you, because you have fallen so great, but you really have no idea how to do it or what to do and you just want to inform you and you are looking for a connection or whatever, you have questions and want to get them answered. Then there is the ChaosBots for it. The spot is not for robots, but actually for ambassadors. And what do you do there? Where do you get them? How do you find them? This is the CTC site, which is called Regional. And there you can find a list of the local erphers and the corresponding ChaosBots. And that's what it looks like at the moment. That's really good, but there you can see that there are different kinds of spots on the map and then you can do something against the company and then you meet ChaosBots or something like that. And you can also see if there is a ChaosBots meeting and then you can just ask them and say how do I get there like in the founding sun or how do I get there like a cheap mate? Then there should actually be a ChaosBots and if that is too complicated you can also do the following. You subscribe to the ChaosBots mailing list. That's actually pretty easy if you follow these three rules you first send a mail to ChaosBots. You get a confirmation mail and there is in a small number that you should send a reply to the email and otherwise nothing will change. If you do that right then you are on ChaosBots. And then you can just send an email and then you can actually meet all of them and then you can ask them like for example where is the next ChaosBots meeting or someone with whom you can chat about the CTC. Good, what else? We have an IRC channel which is called Rautirigio in Hackint. You can also join there. Hackint has a web IRC interface which means you can then go to hackint.org and you don't need a client or something like that in the browser and enter the channel radio and then you should be there. Otherwise Cruncher will inform you a little bit what such a ChaosBot actually does and you will find out. Yes, but... Yes, so who was too boring because you already have your own ChaosBots and would like to be a ChaosBot. We are currently taking care of it especially with a list in the doko wiki where you can enter if something is missing or if you are already in it you can also find some ChaosBots there. And where that is very nice if you have already interpreted it in your IRC then you might have once a month you go to a different city to meet a small ChaosBot or there is nothing there then you can offer help to see if they can get to the IRC they know each other with Chaos and how can you connect them with the whole Chaos in Germany then there is this one list in wiki and also in wiki you can find under... This is doko.ccde Yes, and under doko.ccde ChaosBots you can find more information what you can do as a ChaosBot should be or how to find the best one. You will find that a password will come the password for the doko wiki of course you will get from the colleagues. Yes, that's it. Thank you. We continue with the next talk ForceAja the 10 year journey. Yes, hi everyone so... Alright, thanks. So yes, hi everyone I'm Moetat, I'm from Singapore I'll be taking place at Hong Phuk She had a very exciting past three days so she's slightly sick because she's living over her. So ForceAja is founded in 2009 so we have actually been contributing to a lot of open source projects creating and things like this. So, yes these are some of our contributors so the community is very big consists of international communities places from Singapore, India and so on and we also collaborate with maker spaces and these are some of our projects one of it is a personal assistant Suzy, so it's on my hand right now, I can pass this around later on so it's built with it's a very straightforward open source assistance. We have projects like the PS Lab I.O which we will talk about later on and yes so these are some of our events upcoming events, one of it is our main largest event which is held in Singapore Open Tech Summit so these are some of what we do to spread actually open source throughout the whole community the entire world, especially in Asia as well if you're interested you can actually just come along and see the website So, yes, 2009 was the first GNOME meetup so this was it's held in Kendo one of the cities in Mekong region 2010 we had the first mini meetup 2011 we had the first bar camp in Mekong as well so this was held in Kendo as well 2012 we built our first hotel, this is an open source hotel everything is built from scratch with solar power internet, everything is open source we use open source technology to run the internet and 2013 we have a more science hack days in schools and university across Vietnam this is to actually teach them more about open source and of course hack the way through and 2014 we actually had our first this is one of the partnerships we've written this is one of the earlier versions of PS Labs in the next talk so that was the birth of PS Lab 2015 we shifted the signature event from Vietnam to Singapore which is held early actually the upcoming one so this is actually a gathering of international community speakers to share about their insights of open source so in 2016 we had our code heat program to let high school students to actually get touch of coding and have professional mentors who are experienced developers to guide students through and we also have events in India like this hack day so you can see people actually trying out different stuff electronics, soldering and we have also open source laser cutter we actually went to the critical decentralization cluster you will see this as well open source laser cutter you can try it out you can know more about it and 2017 was the last year this was the CCC last year that we attended you can see that we actually quite actively in the open source community and the maker community as well and Pocket Science Lab this is like one of the projects that we actually that was well developed with the community so it's actually out in the market right now we just got it out this year a few months ago so what it does is actually it makes all these scientific instruments that you can find in Science Labs within one device it's just a very simple plug and go on your android phone and of course we have a Linux desktop app as well and of course these are some of the upcoming events that we will be attending we will be glad that you will join us as well yeah first of all most of these days the upcoming one which is in February and a bigger one will be in March which is in Singapore, the 4th century summit and yeah so with that I end yeah about 4th century 10th anniversary thank you alright I've seen this somewhere okay thank you very much I'm really honored to talk about the PS Lab specifically so my name is Mario I'm also like based a lot of my time in Asia and so we're cooperating on the Pocket Science Lab with the community around the world the Pocket Science Lab is a USB powered smartphone extension open hardware device so every layer must be open science well I'm always a bit confused about science as open science because science should always be open entirely so what is it it's a hardware and it has an array of useful control and measurement tools so it can be accessed through the phone but actually we also have a desktop app that is in python or you can just build your own apps you can connect to the device using the UART USB standard so that's all possible then there are different pins that you can connect to and make any kinds of measurements so here is a picture for example with our smartphone app that's connected through the USB and it also powers the device this is an earlier version for example and on the left hand side you see how the app looks like so here are a few details so for example in oscilloscope we have a power source component we have a multimeter logic analyzer wave generator but we're adding more instruments also some instruments can access for example the sensors of the phone like a lux meter and if you would like to have any more instruments implemented or any other ideas please talk to us and we'll do it very quickly so we're releasing usually around every one to two weeks a new version so development is really active so there's a lot of development the project has been developed for three years and we had different form factors we thought like the best one is the Arduino Mega and the last Arduino Mega like size kind of form factor and the latest version supports bluetooth supports ESP also there are many small gadgets some information for newbies and we added more digital pins this is how the desktop app looks like has like more than 50 scientific experiments that you can run through as well so goal for the future is also to make it easier to install right now it's like gear towards linux desktops I saw some people like running it on windows but it's not so easy to set up so this is something we want to make easy in future unfortunately still a lot of schools run with windows on the desktop machines so this is something we unfortunately cannot change ourselves within the project so as the background you just heard the talk about first Asia so it's developed with the first Asia community together this project but also we have developers in Germany and in the US so yeah a lot of people from all over the world and these are similar slides but like we have also partners in the more commercially focused background for example the Fraunhofer Institute here in Germany they have the startup factory because like it's not just a community project you actually need to produce the hardware you need to come up with money with funding you need to send somebody to deal with the manufacturer so yeah and that is an advantage for us as we have many members in Asia so it's also easier to communicate with us with like manufacturers in Asia for example but like here in Germany we have the support of the Fraunhofer Institute and they helped us a lot to improve the device for example to extend the longevity of the device so that for example it doesn't work only for two years it could work maybe up to 10 years so it's also better for the environment Witte was in Shenzhen and took care of the production there there are a lot of lessons learned and I can't go into detail but I will share the slides so anyone who would like to produce their own hardware please come to us we are also like very actively sharing with like famous open hardware guys in the community Mitch Altman is a mentor in the community Bani Hoang gave us a lot of good feedback and yeah a lot of learnings we had ourselves here and yeah please come to us for example here's a small picture of like if you get reals to produce something so you really need to check that all components are fine and yeah lots of lessons learned to be shared I'm at the end of the talk we have a roadmap which means like we also want to have a web app for example so that's something we do in future we do workshop, tutorial, education and please talk to us about how we can collaborate or what you want to do or build your own apps and yeah use it we have a few devices here at the workshop at the first age of booth so please come to us and yeah start to work together thank you very much next up is software accessibility what could possibly go wrong just as a little heads up this is actually going to be a German talk so I'm very sorry if you don't understand this is a translation ok we have to talk about software accessibility and what could go wrong because as a computer and sometimes I use screen again and often hit on different mistakes that implement different projects that doesn't have to be that's why I'm going to introduce you to 5 things that I personally want to start with screen description if you search for pictures on the internet it's a rarity that the pictures are actually described and if they're described you often find irrelevant information or information that isn't actually on these pictures it's very important that you just just list these things that are actually on the screen and also the most important things on this picture as the first thing to be mentioned because screen reader users always go one step forward in the UI ok let's go on with one step forward it's important for the next picture because this UI has to be built behind the scenes so that it makes logical sense you can't just jump from one context into a completely different one and it's important to simply look at it and if you look at the interface then you should also locate this label because otherwise you have a mix of languages and it's actually very very confusing please also, if the user makes an action changes the focus if something happens and the user is not in the app in a completely different context the label should make sense at the mirror you have the hamburger icon it has a Wikipedia application but it's not understandable for the autonormal user and please don't celebrate showing your job for accessibility testing that's not good then social media social media networks often have the option of understanding image description these image descriptions help understand what you see on your image that you post but unfortunately, for example, on Twitter these functions are hidden they are hidden in accessibility menus that means autonormal users will never find these options because they just think that they are not really relevant for them on Twitter it's the same the whole thing is deactivated please don't do that but give the users the opportunity to see the image description if you want to build accessibility features for your app please make sure that you first look into the operating system and see if it's implemented and see if you can pull the settings somewhere about this redundant information that's quite common in the mirror in the middle you can see it the image of the article has exactly the same text please avoid that take the image out of the focus content that's not relevant if we hear the same thing twice like we said we can only hear one thing at the same time and this one thing we don't want to hear twice if we skip it and please make sure that we can achieve everything relevant for the app because it could happen in the end it will be useless that's also important if you build communication services with communication people communities can exchange and it happened to me personally that it happened to me personally that communities in which I was part are switched to such platforms and you feel quite excluded if you don't take into account who can use this community who can use this platform for example with Telegram Telegram is very known in many parts of the world and very widely spread please make sure that people can use it not only screen users are affected but also people who use switch controls who can't use touch screens or traditional peripherals so please make sure that it is accessible please contact me via email or over deck if you have questions, thank you next up is how to generate insight using text network analysis hello everyone my name is Dimitri, I'm from Nondus Labs and I'm going to talk about how to generate insight using text network analysis first I'm going to explain how it works and then I'm going to show you what you can do with it everything that I'm going to show today is made using Infranodus app it's available online, it's open source it's on GitHub, so if you find the subject interesting and you want to contribute in developing it, please let me know so everything I'm going to say today is going to be visualized on the graph I didn't yet find a way to embed it into PDFs so I just made slides with it how it would work naturally every word can be represented as a node and every co-occurrence of words is a connection between them once you have several words and they form sentences, a more complex structure starts to appear in order to make this structure more readable, we can apply four subtlas layout which pushes the most connected nodes away from each other while pulling together the nodes that tend to be connected to them we can also apply community detection algorithm which will indicate which nodes or words are densely connected together then with the rest of the network so we can show each community with a distinct color using this information I can already see that there are some main clusters of topics inside and how they're connected so it's like an advanced version of TechCloud but the one where you can not only see the most influential words but also the context where they appear I can also zoom in and learn more about a certain topic I can also click on certain words and nodes and see which statements or context they appear in so it becomes like a very useful tool for non-linear reading you can also do it with videos for example use the tool to visualize a subtitled video and then quickly zoom into the part of the video that you're interested in so you don't have to watch the whole thing and then switch to another video maybe which has a similar constellation of topics I didn't mention it yet but the nodes or words that are bigger on the graph are the ones that have the higher between a centrality measure so these are the nodes that appear most often on shortest path between any two randomly chosen nodes in the network so for example the word mention was not mentioned so often but it's quite prominent in the graph because it connects different communities together and you have to go through this word in order to understand what the discourse is about so it's like a junction of meaning inside the text and you can see it using the text network analysis as well also what we can see from the structure of the text is the general network structure of the discourse and that allows you to see for example how diversified, biased or how dispersed it is in this case you can see the analytics pane on the right it shows that the discourse structure is diversified so it means that there are several different topics which are distinct from one another but are still connected if you put in for example a poetry inside the tool it's going to be much more dispersed and this is what poetry often is it just presents us ideas for us to fill in the gaps and it's nice that you can see it using these kind of tools as well another thing that you can do is to generate insight from text network structure so you identify two communities that are not so well connected together and you find a structural gap between them and then you ask a question that would allow you to link them together so for example in this case it would be how the notion of four structure layout connects to the idea of topical clusters and then hopefully it can help you generate new ideas and think of something you haven't thought of before so structural gaps are new ideas finally what you can also do with the tool is just to create a nice abstract visualization of your thought so I like it because it's kind of like showing you how thinking something is just creating constellations and throwing them out in space for others to connect with so it can also be like a nice visual tool to show how thinking discourse and yeah thought works I will have a session today at 310 it's at M1 not at M3 I made a mistake in the slide if you want to talk more about this tool and if you want to discuss in general cognitive stimulation interface the software that stimulates your imagination yes thank you I hope that I will see you again thank you so it's M1 not M3 next up is hackers against climate change full screen go hello climate change is real and sometimes when we communicate to others we need to have a certain concrete arguments because hey there are many very sensible feedback loops and if we do not act now the compound effects will effectively create an escape velocity just like longevity escape velocity where every year your expected lifespan is increasing more than a year there are many sensitive mechanisms such as white polar cups they are reflecting heat and the dark ocean water absorbs the heat these are natural gases in Siberia the natural methane because the permanent frost is melting the gas is released to the atmosphere this is the ocean acidification very sensitive mechanism we have forest fires more CO2 and less forests this is also the forestation which means there is less water in the soil there is less food produced so people cut more forest to get more food this is a vicious circle these are just a few examples the RLSE, the Chad Lake 2014 was the hottest year 2015 was the hottest 2016 was the hottest year again and again 2017 wasn't the hottest it was like a top 3 2018 is also top 3 but it is a complete mess complete disaster what I am trying to say is the climate change is real and it is affecting everyone across the planet and us as hackers we need to collaborate together with decision makers and politicians and when we talk with anyone we should have this arsenal of points it is affecting everyone islands on the pacific Bangladesh which is situated very poor country in the river delta only a few meters above the sea level the hurricanes on the Atlantic ocean which is a pure physics there is so much heat so much energy accumulated in the water and the hurricane happens when there is a difference in pressures it is just the basic physics global warming means more fierce natural disasters of course Africa drought not enough water and the very recent example with Syrian refugees which was also created by the climate change people migrated to cities there was not enough jobs they were struggling this whole migrant crisis is triggered by the global warming and even if you are not directly affected by it Sweden because Sweden is far in the north they are not affected but you are affected indirectly because of the waves of refugees I just said that you are not affected directly but actually you are affected directly as well because these heat waves etc etc etc there are people organizing together the grassroots movements the extension rebellion we try to influence politicians but maybe we can actually become politicians ourselves we can vote we can go to European parliament this is a very notable example president of the young pirates of Europe and I believe that hackers and pirates we should act together we should help our people get into the parliament and hey if we want to change the democracy and open source why not just go to the government and us becoming the government us becoming the government us going to the parliament us pushing this open source privacy free software movement and we can implement the democracy we can just use the technology and today there is a session there is a session hackers against climate change on day 1, on day 2, on day 3 and in my country if you want to say if you want someone to do something you need to say to them you cannot do this it's too late to change anything I cannot do anything about it so these are not the true statements I invite you to go to this session hackers against climate change there is a hashtag please climate change is for real and it's affecting everyone thank you next up is really long title open hardware and free software camera for long-range 3D perception enhanced by neural network powerpoint karaoke it's a weird channel it's a lot of pictures at least yeah okay obviously the talker didn't show up so we will just continue with the next talk which is going to be GNU linux why we need GNU linux on mobile devices I'm just right now noticing that this is just a single slide I think you sent me an update right yeah okay let's see very unprofessional of me but something needs to go wrong at least once a congress let me just check my mail so did you upload it in the system ah okay that's a lot faster then so maybe I can show it on the big screen the lightning talks I mean I have 5 minutes now because the previous talk I didn't so we have C3LT.DE where you can check out all the talks that were submitted here and scheduled we have a conference schedule because we are basically a small conference here and so now we have open hardware and free software camera we use this one no we don't use this one because he didn't show up and we take this one I'll get this looking I've seen all the talks here in the system and it's a tremendous amount of work just preparing those talks so please give a big round of applause to get sick so for the consultants it's called a single point of failure alright now there we have it okay thank you let's talk GNU linux on mobile devices and why we knew it more than ever so this is the mobile operating system market right now depending who you ask we have 10 to 20% of iOS and the rest of course is dominated by android other players don't have a significant role in the market right now so let's just skip iOS entirely but android you might say okay of course we like fos and android is fos right well it's not that easy and let's look why android is not an option for us so in recent development in android we see more and more crucial features being moved to google mobile services which is proprietary and increasingly this includes security features another big problem in android is that every device has its own patch linux kernel and for older devices also you have an entirely modified android open source project so all the open source components are different on every device as well as many devices are very very locked down so you can't just install any android ROM you want it has to be ported to the device specifically and at this day we don't have a single fully functional android device that doesn't have any proprietary software in it so you always have some proprietary components or you have to skip some functionality so you don't have wifi for example and another very very big problem with android is that it's owned by google of course i don't want to be that strict about it google is not per se evil but google is a very powerful company and what we see what we learned in 2016 is that google is working on a new operating system called fuchsia and they have a new kernel for it called the zircon kernel and it's potentially very dangerous to the way mobile operating systems are operating right now because the zircon kernel is not GPLL licensed it's permissively licensed so a hardware vendor could just adapt the kernel to its device and ship it and just not publish its changes so you would end up without any knowledge of how the kernel was changed with android devices we have the kernel so we can look at what was changed to enable this device it's a great help to get a third party operating system on that device so let's think about that what would happen if we had a permissively licensed kernel and it provided to userland on phones does that sound familiar yeah that's exactly what iOS is so fuchsia could in fact could be potentially very dangerous so where do we go from here obviously we have to get rid of android we have to replace it with what we know and love on the desktop and that is linux with new components so let's look at some interesting projects that could help us on this path to new linux or mobile devices one interesting one is anbox it's android in a box it allows you to run android apps on new linux without any performance overhead so you have many many great free and open source android apps and of course you don't want to lose them so anbox is a project that would allow you to continue to use these apps and not lose all the hours that were invested there another one that will allow us to use android hardware with new linux and the halium project what the halium project does is it creates a unified hardware abstraction layer for new linux operating systems to run with android drivers so android doesn't use the glibc library we use on new linux it uses the bionic library and halium bridges this gap and allows you to use a normal new linux distribution on some android devices and it's a collaborative approach for multiple operating systems to work on android devices these are two operating systems in development right now traditional new linux operating systems that already work on phones you won't touch in fact you can already use as a daily driver of course you have to have to be you have to like suffering a little but it is possible to use it as a daily driver plus my mobile but it's getting there these are two commercial devices in development right now purism is a company that's focused on making an entire leaf an open source phone and pine is originally a raspberry pi like device that is going also to be made into a phone so these are some domains some URLs of some projects that could help us in this way so please if you have time to spare go to these projects and contribute because fuchsia is potentially very very dangerous to our way of life next up is not this one but women in cyber security community Amsterdam hi everybody so I'm here to give you a short introduction about wake up women in cyber security community Amsterdam and this is a new dutch initiative to create a women only infosec group so this is what I'm going to cover in the next five minutes who, what, where, why and I'm going to start with the why because why not so basically so obviously there is this lack of representation or female representation in the infosec community and in tech in general but this is not there is actually a few weeks ago I was at a women only tech event in Brussels and it was just something completely different than what I'm used to because to hacker conferences it's mostly male and here I was surrounded by fellow techie ladies making geeky jokes and everything and it just felt really nice it was just something different, a completely different vibe and this is basically what inspired me to look for women only infosec groups in the Netherlands so I asked twitter and I asked friends around me to tell me if they knew any groups of hacker ladies and basically there was nothing there used to be one group in the Netherlands but it's no longer active unfortunately so I was like okay what am I going to do now well why don't I just create my own and this is how Wika was born and basically this is our meet-up page so we started this with a friend of mine and we want to do monthly meet-ups where women will get together and talk about infosec so who are we who's in with me on this so Andra Ashtera she's a security consultant at Deloitte and she basically does security assessments, pen testing and I work as an ethical hacker for KPN the Royal Dutch Telecom and I do also pen testing little bit of red teaming and yeah basically that so now what is our goal as Wika so like I said before we're just a circle for ladies in infosec in the Netherlands and we want to create a safe space for women to meet and learn with each other and discuss basically all things infosec and because we love to make bad crypto jokes and geeky jokes every month and also one thing I would like to add is that while this is the audience the target audience is women we also want to say that we welcome anybody who feels the need for a safe space away from the majority so that is transgender women non-binary and others who are welcome as well so this is our first meet-up 31st of January we're going to be talking about the machine learning challenges in incident detection and Andrea is going to present on Osint on the dark web she did some really cool stuff so if you are ever in Amsterdam or in the Netherlands and you want to and Wika has something for you then please join us and present your research or make bad unix jokes so thank you this was actually really short if you have any suggestions contact us on twitter or on the meet-up page and I hope that this speaks to you thank you let's move that browser away because I don't want it I want you to see my bookmarks alright then next up is OpenID authentication using OpenID Connect yeah, good day everybody my name is Benny Botz I would like to introduce you to authentication using OpenID Connect and hope to encourage you to try it on your own afterwards yeah, let's start yeah, how does authentication especially web authentication works nowadays so you might know that so you try to protect your application using a VROS proxy and yeah, this is an authenticating VROS proxies in charge to authenticate your users and permit them to or grant them to access their application yeah this has some drawbacks you have some kind of tight coupling and your developers must have let's say knowledge of your security infrastructure which could be a problem for you if it comes to let's say these privileges yeah, and for that reason I would like to introduce you a little bit into OpenID Connect it's an authorization framework based of known technologies OpenID LSOS 2 and JWT it's using Western JSON flows to ensure you can provide a secure way to identify your users and yeah, at the end of the day you're receiving some kind of signed token which is yeah, identifying your users yeah, you can see you can find also some specifications well, how does it work what level diagram in how it works usually your identity provider is in charge to authenticate the user on the other side you have the application or the source provider and this is serving the service and the user would like to access the application then the application sees okay, you're not authenticated by now I don't know you, so you're getting redirected back to the identity provider on the right and there is the user authenticating if he has passed in his credentials and it's also successful he's getting back using so called authorization code with that is the application able to fetch, let's say fetch or issue the token that's one simple example but let's go a little bit more in detail what it said talking about yeah, usually the tokens are transmitted using HTTP and encoded using base 64 and if you like to decode that you can do it online or using some, let's say, libraries and at the end of the day you will receive some kind of JSON which a normal web application is able to pass and then you are able to fetch let's say email and whatever information you need for your application that's more or less what is about that token and why do you need that it's mobile friendly very easy to integrate it's also offering user info service for example, if you need to fetch more information from that identity system from that user you are able to do so and you also have a consent so you know that very likely if you are using some web apps online or you are able to grant the application to use the information from the identity provider and with that you are supporting developers to create applications which are annoying the end user credentials which is also really nice I guess and how do you use that you can install that on your own there are several projects online let's have three of them here key clock, DEX or Hydra just following the getting started guides that's really a recommendation from me to set it up and then on your application site so you have a lot of choices every programming language you can use for example Go IDC or Pi IDC or use some kind of let's say reverse proxy for example KDJWT or a key clock gatekeeper and if you would like to do that try at least I right now how it feels just try that simple web app now it's using Google's identity provider as an example let's be a little bit concise what you are doing but you can try that and a little bit source code you also can find there thanks for that and enjoy thank you next talk is mathematicians plus ethics equals error 404 thank you so my name is Maurice Kjordal I'm a postdoctoral researcher in mathematics at Cambridge I work on algebra and logic and in my spare time I try and tell mathematicians that they should probably behave so what do I mean by this well mathematicians play a crucial role in designing the key processes behind the operation of the following fairly large and important organizations so if you think about Google which decides what you see on the internet Cambridge and Laudica we've heard some talks about at CCC already who influence how you vote Tinder who decides who you well yeah Amazon decides what you buy your bank decides on your loan the NSA sees everything about you and Facebook that knows everything about you and there is a difference there yet even with all of this influence mathematicians receive no ethical training they have vast amounts of influence on the way the world is working that's increasing by the day but no one ever tells them they should think about the impact of the mathematical work so do you see a problem so how do mathematicians react to this well I'd like to tell you that they're engaging with this taking it on board realizing that their work has serious impact and trying to come up with ways to figure out how to assess that and talk to each other about it but that's not what's really happening their actual response is something closer to this which is they don't want to hear it they don't want to know it go away don't talk to me see a problem well I did so what do I mean by sticking your head in the sand or here are two examples firstly mathematicians don't always appreciate or care about the impact of their work they like to think and believe that well I just do the math this stuff's not my problem I've even asked a mathematician I spoke to a postdoc in math and I asked him if you found a fast factorization algorithm would you publish it and his response was well yes of course immediately and I said well you do realize the damage that this would do if you published it without warning and his response was quite remarkable he said it's my right to publish any work I do it's their fault for using RSA it's not my problem perhaps not quite realizing that's publishing fast factorization just like that would pretty much disrupt the entire food supply chain in the world see a problem this is a community that doesn't really have an appreciation or understanding that it's work can and often does cause real harm let me show a big example of this Cambridge Analytica a few months ago populated by data scientists many of whom are mathematicians so let's look at some academics so they simply don't care about this they see it as a waste of their time and I've spoken to some academics and said well I'll ask one in particular do you think you should teach ethics to mathematicians your response is quite clear well no one else is doing it so why should I anyway it's a matter of opinion we can't teach ethics to mathematicians because it's not a formula it's an axiom it's just an opinion we're mathematicians we don't do opinions we do exact truth so I said okay well do you think I should teach ethics to mathematicians the response was quite clearly your time will be better spent on your research so this is a community that doesn't want to hear about it doesn't want to know about it doesn't want to speak about it and doesn't encourage anyone else to speak about it see a problem if you do see a problem and you want to help on this sort of project please get in touch I've been working with a small number of collaborators in mathematics a very small number because the community doesn't really want to hear it we're organizing meetings, writing discussion papers guiding a student society investigating case studies giving talks and developing teaching resources because at the moment if you try and look up teaching resources for ethics in math there is practically nothing the field doesn't exist other disciplines that exist in community science law, medicine, understanding of ethics is quite present because they realize that their professions can have serious impact on the world mathematics hasn't been done yet but this stuff is not enough I need a lot more help to get the mathematics community to engage with ethics more help from people like yourselves who do have an understanding that's technical work even though it seems abstract can have a real impact on society so please do get in touch we have a student society in Cambridge that's working on this and also a centrally funded university project to develop teaching resources and other ideas on this so if this is of interest to you please get in touch thank you next up is sailing to the new paradigm hello my name is Liam from Astral Ship and I'm going to talk about the project I've been working on for the last sort of eight years it's taking shape and it's basically a kind of accelerator for alternative projects and a way to create an alternative world that I think is possible in 2010 I bought a chapel in Wales for £75,000 and the same year I also went sailing, sailed to Ireland and the sailing experience really gave me a sense of what it means to have sovereignty and what perhaps pirates as we call them maybe felt when they own their own ship and were free to go wherever they wanted on the seas pirates historically are quite interesting I think they're probably quite appealing to people here and they brought a lot of innovations there's a guy who wrote a book recently called Be More Pirate that's kind of circulating a bit in the more corporate world and he gives a lot of arguments for why pirates are good role models in our current kind of time when we're facing existential crisis and in order to have your own freedom as a pirate you had to own your own boat and a vast majority of sailors didn't own their own boat and if you're a pirate you owned the boat you sailed on and so in today's world if you're a techie for example you maybe want to own your own property if you want to own your own company or house then as a techie you end up working in the corporate world where you maybe live in a major city and prices of real estate are very expensive so you kind of have to have a high salary to pay for that this is a farm in Italy that I recently looked at that's potentially available for free this is a palace in India that I went to visit where there's not really a lot of interest in it it's just kind of sitting in their dormant and the owner would really like some innovators to come and do some cool stuff there and India is particularly interesting because it has a large number of young people that are sort of disaffected by the corporate world and looking for something more interesting to do this is the chapel that I bought in Wales in 2010 and this is some images inside how it's looking fairly recently this is the some work going on in progress and this is a upper deck and basically building it out as a kind of residential accelerator space where people can live and work and in this kind of remote location the economic costs of supporting a team are more or less negligible so I guess if one techie was to work in a corporate job at full salary they could probably afford to keep a team of say 10 living very nicely in a rural location with healthy food and optimised environment flow states this kind of stuff this is our kitchen, we have some volunteers helping and that's the view from the main chapel window so in the 1800s you had to get your own ship and today it certainly helps if you can get your own building but it's really great if you can make your own money and make your own economic system that allows you to get your building so this is what I'm working on and really looking for ideas and support and broad invitation for open collaboration on how to design the token economics know that crypto token schemes seem to not be very popular around here but they're definitely, I think they have a lot of merit so if you take a building that some of them may be available for free they generally need a lot of work and you need a huge range of skills to turn a project into a world changing innovation but there are a lot of people who are quite disaffected by the current paradigm would like to see our planet as one that we can sustainably live on as human beings in the future and willing to commit time and effort into making it work so I think crypto tokens give us the possibility of decentralising the trust in terms of the reward for what happens when we have built a network of bases okay next up is oh let me check first so did you show up last call open hardware and free software camera no okay then we go on with the last talk which is in German which is about lightning talks I think I have to go over there and last year Getsick and I talked about things he had and how he had this talk could be so beautiful when and then we thought about this when we will do another lightning talk I will say something too I am Getsick, thanks for the introduction I started with the lightning talks in 30c3 at that time Nick had given the stack of wood we were sitting next to him And from this team, this little team with Alex and me was developed. And back then, such a reference would have been very useful for beginners. In the meantime, there are also many smaller chaos events in other cities that do lightning talks. And there is simply a lot to learn. I want to bring this whole experience a little bit to the outside. Accordingly, I will continue briefly. In principle, you organize a small day here. We now have here in Congress, for example, 60 to 70 predecessors. This is an effort that you should not underestimate. Because you have a lot of mail traffic with the people who want to hold a talk here. That's why you have to think about your processes. That you find an efficient development for the whole story. Because that's not only important for the orga, but also for the speakers. Because then you can take care of yourself better. The most important thing is that you support work. We did it with the Wiki. That went well, but there is a grant unification of information to the Congress with pre-talks or the FRAP. Then it is also important that you explain the essential rules beforehand, so that you don't have to answer all the emails that want to clarify open questions. And actually, it is an important point to share the work and to be a little embarrassed. I have already said that this is not so successful yet. I am also grateful for suggestions. You can contact the organization team there. And that was already related to the organization. I would like to talk a little bit about what I experienced. If you make a lightning talk, you might want to imagine a project. The question is, who should make this talk? My suggestion is, if you are new to it, who just wants to get really enthusiastic, take this one. Because he has fun on the subject, he also wants to have fun with it, like I do. It's really just fun on the lightning talks. If your English is not the best, do it in German. This is also the example that I want to show, that it makes sense to make a lecture in German and to rely on the wonderful C3 lingo team. And if you have a small problem, if you don't get this one sheet in English properly, ask them, they will help you. The last sheet is always useful for using contact information. You should also keep an eye on it, so that people can at least roughly understand it. It is also very practical to find a place for a congressman. Maybe a QR code to scan the other typical things, whatever. The most important thing is to practice the lecture. Loud and with a stopwatch. The tip that I also give at the beginning, is to put the stopwatch as far as possible outside the field of view. If it is a mobile phone, just turn it around so that you can see it. With a lot of information on the essential limits, you can have a little more on the phone. And start slowly with the stopwatch. I started teaching guitar lessons at the age of 39, and my guitar teacher always tells me, practice slowly, faster, you will be alone if you can. And the same applies to Lightning Talks. If you really have time to do this Lightning Talk, I usually do all the things a little more on the edge, maybe over Christmas, then if I'm really good at it, maybe on a congress first. When you come to the congress with a finished talk, you have more fun there. This time I really did it again. I made the last little things in the hotel in the morning, and here I really relaxed to give myself to other things. For example, a poetry slam where I took part. So it makes it all more pleasant. Also, it is worth it to look at some Lightning Talks from the last year. To see what happened, what is fun for me to watch. I think it would be great if all of a sudden, from these abstract comic books, maybe figures from South Park, or something else, something like that. Look at what was fun for me, what could I maybe do similar? I don't want to take South Park, I want to take Peanut, something like that in this direction. That's really worth it. That's really doing it all better. As a request from the organ team, you need as much as possible robust universal data formats. PDF with fonts embedded, there is just an export function, ISO something, PDF1-1a, where the ISO font is, I also have my own font. And with export, with Keynote, you have to pay attention to the image resolution. Of course, you have the disadvantage when you are standing here, you only have your own photo, if you are going to have a nice presentation, you still have your own notes that you can have, or you can see the next slide. But with your own notes, there is a really cool, old workaround, it's called a note set. I have one here too. And again, practice. When you meet people here and they ask you, what are you doing here? Yes, I'm doing a lightning talk tomorrow, and if you don't run away, then you have a audience where you can practice. Use it, because practice makes perfect, that's true, just practice helps, and you really have fun with what you do here. And in this sense, I thank you for your attention and I thank you in advance for the people who might be inspired by it and the great lectures next year. I couldn't watch everything live this year, but I will watch everything, because where I saw it live, there were a few things there, because they really changed me, it was really fun to watch it. And these five minutes per piece, you're welcome. Thank you very much. Thank you very much. Thank you very much.