 Good morning everyone. Hi, welcome to the Lightning Talks on day two, so the first session in this Congress. Who of you is the first time here in the Lightning Talks in the audience at least? That's quite a lot. Regarding the speakers, whose first time, whose first talk is this? Quite a lot. That's great because I have a short introduction presentation right now to tell you how this session works. So for all the speakers please sit in the front rows. Get on the stage quickly when your talk is coming up. I will announce every talk with the title and then simply deliver your talk. How to deliver your talk? First of all, most important, talk into the microphone. Don't go away from the microphone so as soon as your hands leave the podium, you can no longer hear me. Don't turn around to look at your slides up there because most of the time you can't hear what is being said. You have a monitor down here where you can see the slides and no need to turn around. Then use the clicker to advance the slides. The clicker is here. Find it here and leave it here after you are ready. And stay calm, talk loud and clearly. Finish on time, which is very important. Get your applause and leave the stage. Thank you. I'm not going to leave the stage right now because I still have something to tell for the audience. How to listen to lightning talks. It's pretty simple. Be excellent to each other and watch the timekeeper. The timekeeper is this device here which was constructed, created by big Alex over there who is operating it right now and he will briefly explain how this thing works. Yeah, most of you should know, hello, welcome everybody at first. Most of you should know how the timekeeper works by now. It signals you the remaining time for your talk. You have five minutes as long as it's green. You are in the first four minutes of your talk and then it goes up like this. And if it's in this position you still have about one minute left and the next 30 seconds will be yellow and the last 30 seconds will be somewhere in this red area and when it's about this I need your support. I think you know how this works. It's five, four, three, two, one. I think this worked well. Do we need to try it again? Yeah, just one more time. For old time's sake. Okay, let's try it again. Yeah, okay. Five, four, three, two, one. If you want to survey now I think. Fair enough. All right, anything else? There are translations available, c3lingo.org for information on how to listen to the translations. And then, well, let's have a great session. So first up is Mailman. Let me just start it. There you go. So this is about surveillance. This talk will be about the door opening system. So at my apartment I have one of those systems where I can see someone who rings the doorbell in a video camera system and I wanted to grab that video because, well, you never know maybe the mailman rings. Of course, this never happens. Maybe burglar's ring the doorbell while I'm not at home or unicorns. That's probably the most likely event. And yeah, so I tried this at home. What I have at home is an Elkom system. They are very popular and they are advertised to be very secure and safe. My solution was just buying another adapter from Elkom and then another USB video adapter and then I can run this on Linux and grab the video. Pretty easy, pretty cheap. And then I have some solution with ffmpeg encoder just to check if the video is there, if it's just a gray image. And some more magic going on to send a notification to my smartphone and also to get the last image so that I see who was ringing the doorbell. That worked well. And five minutes after installing I get the first notification saying someone rang the doorbell. I was like, ooh, did I script something wrong? Check all the scripts. No. Check the last image. There is an image. It's a person I don't know. What is going on? Well, what is going on? I see my videos but I also see the videos of all neighbors and we are 19 parties living there. So it works well but not as I wanted to use it. And then I ask to support, of course, like did I do something wrong? Is this how it should be? Do I need to couple it to my doorbell signal to just grab my video or how does it work? And I said, yeah, that's how it works. It's a feature. So the legal implications are a bit funny, so to say, because so I just saw that the videos they always last three and a half minutes. So even if I hang up the doorbell then I will always still get a long video. So even if you don't see the video, it's still recorded or at least streamed and can be recorded. What I didn't try so far is faking a signal of ringing a doorbell. So if I would ring a door that doesn't exist, for example, I might be able to just ring without really ringing somewhere and then recording forever and then it would really be a surveillance camera. And in German law it's a bit different. So the current legal implication would be it should just be one minute and so on and people should be aware if they are recorded. So it's really strange. This should not be happening and should really consider that these cameras are surveillance cameras even if they are not supposed to be. If you like this talk and want to see more about security, I also have a talk on day four about Bluetooth firmware security. And do you have any questions about this talk here? Okay, then one brief question to you. Who of you has a door opening system with a camera at home? Yes, yes, yes. Oh, yeah, that's really a few. That's great. Yeah. Then who is the next speaker? Thank you. Next up is Kidspace. Can you press F? Can you press F? Yeah, there you go. My name is Kasper and I'm presenting kidspace.org. It's a website to share electronics projects. So the way electronics are assembled, the way electronics are put together is you have a printed circuit board and you have components that you sold onto the printed circuit board. You have through-hole components where the legs of the components go through the printed circuit board and you sold one side of them. You have surface mount components where they sit on top of the printed circuit board and you solder them onto the board with careful application of heat. You can do this by hand like in this little video or you can, if you have a lot of components and tiny pitch components, you probably want to have some sort of reflow process and use a solder paste. You can do this with a hacked toaster oven and it really saves a lot of time and effort to do it that way. If you want to know more about how to do that, just check out your local Hacker space. Check out, obviously loads of workshops here at 35C3. Yeah, if they're interested you should do that. The ways printed circuit boards are designed is you normally have a schematic layout tool and a schematic entry tool and a PCB layout tool so you enter the, you kind of define all the connections that you want to make on one side and then you go into your layout tool and then kind of connect them up on a physical model of your board. So people do this and they share them online freely so there's more and more electronics projects that you can make use of that people are putting up. I kind of do this in formal survey normally every year when I give some talks at FOSDEM or at other conferences. I don't know what happened to the get up numbers there. They seem to go down. I don't know if that has anything to do with the Microsoft acquisition but I think it's more likely that they change the way they index their boards but on the whole obviously it's cumulative, there's more and more electronics projects up online that you can make use of and there's obviously loads of different ways that people share these projects. The problem with it is that everyone has their kind of own way of designing things, putting things together, putting it up on their blog, putting it on get up, all these different ways of doing things and it's often kind of hard to see, to get to the point where the designer was and replicate the project that they created and the kind of the solution that I'm, it's largely me, it's an open source project but it's largely me and the idea is to take all these different ways of doing things and sort of introduce a minimal standard so that we can get what we want which is obviously the printed circuit board and the parts so that we can also replicate this project. So the way I'm going about this is kind of in two parts, there's the one click bill of materials browser extension and the kitspace.org project sharing website. So the browser extension, it automates purchasing by replicating the web request that I sent when you use retailer sites. There's a little video of it here. Maybe, I don't know, seem to be running out of time but it adds things to retailer shopping carts by replicating these requests. You can just, you have different ways of adding your bill of materials to it. So the other part of it is kitspace.org which is a project sharing website where we can combine the printed circuit board with the bill of materials together with some information and read me and an easy way to buy the printed circuit board and an easy way to buy the parts that you need to do it. So the idea of it really is this virtual kit that the designer doesn't have to bag components and put everything together and send it to you but you can yourself have the agency to buy everything you need to replicate a project. I'm working on tools to make it easier to document projects and put the bills of materials together because that's really a challenge to get designers to put that effort in to make it documented in a way that's replicable. So I have a bill of materials tool that I'm working on, it's kind of still in development but it's usable, has some edge cases. There's a lot of libraries that go into making this a nice user experience for people. Thank you. Thank you. Thank you. Next up is hacking climate change. Don't worry, I still have to work out this complicated slide change. Jesus. Okay, there we go. One, two, three, one, two, three. Okay, there you go. One, two, three, one, two, three, hi. Very recently I've been part of the hackathon called Hack for Climate. Last year we were in Bonn at the United Nations Climate Change Conference and we were running a hackathon on a boat. This is our boat, 100 people from all over the planet and it was a very empowering experience because I could understand how this politics works. Like we are hackers, makers, duocracy, we are using our tools and these guys they are mostly talking. And that was, I just realized, ooh la la, there is zero. There is absolutely zero chance for these guys to reach an agreement across 190, 200 countries, different political fractions. It is just not going to happen. This is me at this large, large room. This is a young girl from Sweden who organized the protest. Her speech is very emotional. It has only three minutes long. I encourage you to watch this girl speak because she is really, really special. These are just some few pointers for you that ExxonMobile was founding climate change studies but they were denying it. This is some article from more than 100 years ago that scientists were aware of climate change. This is the lake chat in Africa that is drastically reducing the surface area. This is the RLC and one of these islands, this was the biological weapons playground. And now you can just go there by land. And if you happen to be in Kazakhstan, this is the only nuclear weapons testing site. So just a little tangent. Anyway, I just want to tell you that the climate change is for real. There are multiple feedback loops and tipping points that this is a very unstable and fragile organism. And there are different, I would say, civil disobedience, non-violent direct action, extinction rebellion, which originated in the UK and it's now international movement. And also in France we have the Yellow Vests movement who are a little bit more violent. So I was just thinking rather than trying to influence the government, rather than telling the government, hey, can you please do this? Can you please do that? I was thinking about us becoming the government because at Congress we are able to organize 10, 12, 15,000 people. This building has a capacity to sustain a civilization. Imagine the hydroponic vertical gardens in this glass building in the middle. We can have one hall dedicated for, I don't know, sleep, rest, recovery. And I think that we should think about tools, how we can organize ourselves to be more active on the political scene. This is the session that I'm organizing in about one hour. It is not shutting down the Internet, because shutting down the Internet would be a very dangerous thing, but we are thinking how to make this protest in the online space. How can we send the message to the government to actually, hey guys, you need to get your act together, otherwise it will be us who will be in parliament, it will be us who will vote for our own president. So this is, you know, you can take a QR code, this is, this room is far away, but if you want to contribute, you will always find the way. And who? This is the timer, okay. I've run very quickly through the slides, but basically what I want to say is that these politicians, these United Nations, it's very difficult to reach a consensus, because it is a consensus thing, and it is enough for one country to block any proposal, and then, ooh, there is no consensus. So when you have 200 countries with so many different political implications and so many different things, it is unlikely to happen. And yeah, I'm inviting you to join this session planning how we can protest, how we can organize, what can we do to act together? Five, four, three, two, one. Thank you. Thank you. Next up is body-mind operating systems. Hello everyone. My name is Dimitri from Nodus Labs, and I want to talk about body-mind operating systems. We all know what operating systems are, we use them on a daily basis. However, what I want to propose today is to think of an operating system as a metaphor. So what kind of software, what kind of operating system we run as human beings. We have a lot of inspiration to choose from, starting from religions to different spiritual practices, ideologies, divinational systems, implicit value systems, organizational operating systems such as holocracy, political ones. Hip-hop can also be seen as an operating system in terms of an attitude that it proposes scientific operating systems. So we have a lot and what I want to put out there is that I think just like it's important to look into the code of the software and hardware that we use, it's also important to look at the behavior patterns that we have at our habits, at what we learn through our culture, through education, and to question it, to find the code, to reverse engineer it, and to change it to keep the stuff that we like and to get rid of the stuff that we don't like. This is the first thing I want to put out there, to think of the software that we run as human beings. The second thing is a kind of use case, an operating system that we developed that's called A2S, that I also propose you to try in the context of this congress. It's happening today at five and tomorrow at two. It's like a physical practice workshop actually. One of the features that is very important about this operating system A2S is that it's based on learning through the body, not only the mind, because a lot of times we learn about very abstract concepts through our mind, but as soon as we get them through our body, we get a really direct understanding of the patterns that we're working with so that they get ingrained into us on the level of reflexes and it becomes a much more efficient way of learning. It's also inspired by complex system science and also different body practices, so it has this theoretical aspect as well as the pragmatic and practical one, and another important feature is that it looks for universal applications in other contexts. So we practice through the body, but that is only to learn how we can apply the principles that we learn somewhere else outside, maybe in work and life when we work on systems and so on. So for example, one of the things we work on here are some images from the practice sessions that we have. People apply A2S in different contexts, starting from art to music to science to work and so on. I'm just going to explain some of the principles, maybe only one, because there's not enough time to do all of them. One of the principles we work with is that of assimilative adaptivity. So normally when something happens in life, like tension or some problem or conflict, we tend to respond to it with tension, and that leads to escalation. So the more tension we experience, the more tension we give back, and this leads to a very inefficient waste of energy. So what we propose is to think of it as something that you can assimilate and embrace into your system to understand it better through your body and to then find a way to respond to it in a more interesting, in a more efficient way, working with the idea of confluence, flow, wave, dynamics and so on. I will just fast forward to the slide that has information about the sessions that are going to happen today at M3 at 5 o'clock and at 2 it's just over there on the left. I invite you to come and to try it out. We will work a lot with the concepts that are also used in hacking, such as resilience, adaptation, infiltration, but when we use them as words, they are very abstract. As soon as we try them out through the body, they become very concrete. So this is an interesting way to also break your day that you have here where you work with your minds and to get into your body and to try things out to see how it works, and just like with any software, try it out in your system. If you like it, then you keep it. If you don't, then you don't. It's open source, so that means you can go back and reverse engineer it. So thank you very much. Come and join. You will be very welcome and you will enjoy. Thanks. Thank you. Okay, the cheapest power side channels. The cheapest power side channels. And this is some work we've been organizing with Alyssa Milburn. So what are these side channels? Well, if you have a microprocessor, maybe it has a secret key inside and you want the secret key. So you can send it some inputs, maybe you can see some outputs, but you can certainly monitor the power usage. And if you can do this, hopefully you can recover the key. So these side channels are great. You measure the power and you get cryptographic keys. But we are cheap and lazy. We don't want to buy an oscilloscope. And all this analog stuff is complicated. And it's a lot of maths. We just want the keys. So these oscilloscopes are expensive and people have tried to make them cheaper. But at the end of the day, this is still a lot of beer. Therefore, we've built the horoscope. It's approximately five euros. It's basically an X-Mega 32 breakout board. And this X-Mega has a 12-bit ADC, which works at two megabits. Also, it does glitching. So we have an oscilloscope, but now we need the targets. So we've decided to use the Arduino Nano. It's cheap and familiar. Everyone knows it. And it's totally not secure. And we've also downloaded some AESs from the internet to use as targets. Okay. So what do we have? We have our target. We have an oscilloscope. What's left? Some challenges. We have an oscilloscope. What's left? Some challenges. So it turns out we're actually sampling well below the Nyquist frequency. The Arduino runs at 16 MHz. We're sampling it too. And people have told us this doesn't work. Also, we don't have an analog front-end. We don't have an amplifier. And we're not going to bother. Also, we have these other sources of noise and problems. So, you know, noise. So even if we have all this noise and I had all this noise because I didn't configure the ADC properly, you know, that's not too much of a problem. You just take 100 of these measurements, you average them, and certainly an AES appears. What will be even better is if you don't misconfigure the ADC like we did here. And as you can see, we can actually have a very nice power trace. And we can actually also we also have some we also have a nice GUI, so we can pretend we have a real oscilloscope. And then the next step we'll be actually recovering the key. And this would be a call to join us for the workshop, but sadly, they're all full. So please talk to us maybe in the break, maybe afterwards, maybe talk to Alyssa on Twitter. And that's it. All right, thank you. So next up is we need to do better than Cyberpunk, I think, because I just closed my window where I have all the slides. I'm opening it right now. And here we go. So hello, my name is ALXD and I wanted to talk about stories. And especially about hacker stories, because for the last two years, I've been researching hacker values in popular culture and the types of stories we tell. Because as hackers, we have a lot to say. We have a lot of proposals on how technology should work in the society. How we want to avoid all the dangers we can see that others cannot see. But we do a very, very bad job at communicating it. Whatever we try to talk about neutrality, about free software, people see us like black hats, like conflict mongers that are there to only smash the system, to destroy their bank accounts and to basically bring trouble. And the problem is that we need to tell stories not only produce white papers, because most of the people, most of the general public will read the white papers. They want to hear stories and they need to have in mind that there may be problems if somebody uses only closed solutions. There may be problems if somebody basically buys only closed corporate stocks and is totally dependent on closed social media. The cyberpunk genre started as a warning. But sadly, it became our default future. And if you talk to a lot of non-technical people, you can see that they see cyberpunk as basically the future. If they see some new piece of technology, they don't say, oh, it's so futuristic. They say, oh, it's so cyberpunk. And especially outside of Europe, outside of the US, you can see a lot of makers, a lot of people that are actually wishing for a cyberpunk future because they wish for better technology, integration of technology with our bodies. Completely ignoring the fact that cyberpunk actually proposes a lot more. That cyberpunk introduces the constant surveillance, the megacorporations and total lack of power among the regular people. And this all comes in a bundle. So whatever people dream of cyberpunk future, we actually normalize those things. And it's much easier to accept surveillance. It's much easier not to rebel against corporations, against a lot of solutions that are bad for society if we see it constantly. The stories that we tell as hackers are usually stories of rebellion against that. And hackers are again seen as some exceptional individuals that are fighting the system and is always fighting the system. There are very, very, very few works that actually tell about our values, about free software, about technological neutrality that are accessible to regular people that can talk about the whole society. And sadly, with those we only strengthen dystopias because we agree to actually be written in the cyberpunk narrative as those fighters that are the element of the cyberpunk. And also we alienate ourselves farther from the society and people in governments, people in different councils are much less likely to talk to us when it comes to giving any advice because we are the conflict mongers. There is an alternative. That's a chance that we can take. There is a new general that is being created right now. The name is Solarpunk and it's supposed to be an alternative to the cyberpunk future. Solarpunk is utopia or at least a hopeful future. It's a future that is available for everybody, not for only exceptional individuals which is very green and eco-friendly where everything is designed to be as green as possible where there are horizontal power structures. So the things that we know from our hacker spaces, the things that we know from the anarchism that is all around us at CCC they propose it for the whole society so that every school teacher, every baker, every regular person is able to take part in that and this is a great platform for us to tell the actual hacker stories, to tell about our adventures, our problems that we have as society within our groups and platform to tell about distributed technology and open source and free software. So I want to tell about hacker spaces in this way, this is an art that was created by Mike Luzi and please contact me on my email or mastodon if you would like to discuss this topic. Thank you. Thank you. Thank you very much. The next talk you are going to listen is Event Power Plan by TBSRPRS Here he comes and here are the slides. Hello everyone. Nice to see you, thank you for coming. Quick show of hands who does not use a smartphone. What I really want to ask is like, who knows somebody who doesn't use a smartphone? Yeah. Okay, that's a lot. Sorry for you, this is about smartphones and actually it's about android smartphones. I hope those iPhone users stay around. Most of the talk also applies for iPhones although this is about the event schedule. So, my name is Tobias and I'm maintaining this app for a while and I want to tell you about it. I hope it's not too boring because most of you maybe know the app but I start with the basics because there are newcomers here so it looks like this what actually brought me to this app is actually this grid view where you can compare things on the same level. You see what happens at the same time. I hope you also rotate your phone because the same as possible on the phone if you don't use a tablet and that's like the selling feature for me but there's of course more. The basic stuff is you can select your favorites watch them, delete them you can export them I don't know if many people found that because the app does not use any tracking so I'm totally blind of what you do or what you don't there's this share button to export favorites and you can kind of change the style how the favorites are visualized in the grid view alarms you can set up alarms for talks so you're reminded upfront so you can go to a talk that is like far away on the other side and inspect the list of alarms and also customize things about the alarms so the default timing and like the tone there's schedule updates which are pretty recent here on congress because there's so many stages and everyone changes things now and then and so you get a lot of notifications that you can mute if you want so you can disable the updates in total and just press the refresh button or you can go into the android settings and mute the channel for those updates that's something you can do there's more things so you can put the events into your personal calendar on the phone share them on twitter or whatever you can vote and I encourage to do that like all the talks have a voting back end which I redirect to and then you can give feedback to the speakers there's like stars but you can also write a text and that's very valuable so people know how they performed last but not least there's an integration with the navigation app the C3 enough project very good project to get you around the building there's an extra app you have to install otherwise it redirects you to the website short introduction to the back end what basically happens in the background is that there's a lot of stages like this and they all have their own system to organize talks they're running pre talks and there's this big system which have been used for years called FRAP and that's for the main stages and the VOC team collects all the data and aggregates into one file and what the schedule app basically does is just fetching an XML file and that comes with advantages and disadvantages because there's different systems and different formats time stamps, time zones things can happen, things can go wrong but now it looks quite stable this talk is titled one app to serve you all and what happens here is congress gives you this app and but there's more during the year I deploy this app for other conferences c-conferences and even more the last year was a lot of work there were a couple of conferences where this app came into play and was used by several user and as you can see there's a lot actually it was 14 apps and I had 56 releases over the time and then back in 2017 the same thing happened and it all started with TuxMobile who actually created this project I joined the project like 5 years ago and it's open source and the problem is there's many people using but there's just one developer and I'm very kind thankful for all the feedback and for the bugs and for the participation and there's many things you can do and there's a lot of things even if you're not programming that you can help with and I encourage you to reach out and help with the project because this is totally wrong at the moment one developer won't survive and Alex do you know what's up next I think it's next how to code with dip switches by Swally so this one is in the browser as well there you go hi I'm Swally and I code demos my project started with a question what's the minimum size of a demo you can do on Atari 2600 I came up to the conclusion that it was something like 32 bytes because I needed some routines some basic routines to get things done but to me there was something missing to show how minimal and hardcore this is something that shows a real programmer as defined by XKCD the discussion about this is what is the real hardcore user interface you use can use to code but I don't even need that needle I just use dip switches to come up with something that looks like this so what I've got there is a board that has a 5 bit address decoder that selects one out of the 32 dip switches 8 bit these 8 bit data are written on the data bus if the ship select signal has been enabled diodes make sure that there's no short circuit this also means that no cheating is possible because there are no programmer components used it also means that I've been using much less space than the address space is the 32 bytes I'm going to use are mirrored 128 times and this will become very handy later on the demo I coded is used for NTSC because in this context it's much easier for me to code 262 video lines or NTSC than 312 for PAL this is what the opcodes that the CPU knows and these are the only ones that are really useful in a 32 byte demo so I need to give a bit of a background when the CPU starts there are two special memory addresses that I use there are two others that I use as an interrupt vector so when the system is initialized I have to do it myself so I need to write something like the first 43 bytes of data I'm going to go out myself now let's take a look on how that can be achieved this is a very minimum reset routine I'm using an undocumented opcode to set two registers at once then I'm going to write in a loop the zero that I've got there 256 times because it doesn't matter if I write more than the 43 bytes but this can be optimized I can go more minimum so the trick there is that I'm not carrying what inside my accumulator is I'm just shifting it out and writing it backwards by using by pushing it on the stack the stack is also mirrored by hardware at the same address then the I.O. and RAM area and I'm just checking there if the stack has been if I have cleared out all the stack in this loop this also comes in very handy because this code can be entered at all the first three opcodes it doesn't matter which one I use so now remember the mirroring remember that the routine can be entered in different points now I'm going to want to use the interrupt vectors and the reset vector for using with code since the ROM is mapped in as f 0 0 0 to f f f the hybrid should be in fx and now I'm going to show you what I did this is what the code looks like and I'm now searching for an f something in there I found one there and I tried to use this one as my reset vector so I'm going to move it around the code at this address now the red line is used as the not only as data for the reset vector but also as the code that you see in there and this reset vector now points to the green line so this is where the reset starts and as I told the reset routine can be entered at any of these 3 addresses so this reset routine will still clear out and do what I intended it to do and the code on the bottom wraps around to the next mirror window that I've got in there so everything is working just fine by rotating the code this is what this demo looks like when it's running and this is what it looks like when I change the code so if you want to know about more in detail you can meet me at the retro area in hall 2 there also is you can see it online at the website implemented and since I've got a short time I want with this one a first prize at the demo competition and the most reponse I've got in there is this is great but you're nuts thank you thank you yes I want to close all my tips alright the next step is make automotive grade again alright it works can you hear me? no you have to stay closer to the mic more close? hello? you can also adjust it if you if you take your hands from the lecture thingy or the microphone stops to work ok let's try this so hello I'm talking about automotive grade software who here in this hall is using a car or interacting with cars in any way so some people are still awake so I've got bad news for you unfortunately so the bad news is there's lots of computers in cars nowadays so probably you know this already I've put some asterisks in there computers are stored normally most of these computers actually are of no big concern so there are small computers they basically help you with driving they're safety related so they can kill you probably but they're done by cool people that know what they're doing and they're really small and so the complexity is manageable so you really know how these things interact and then there's one other big computer that's the infotainment system and nobody cares about the infotainment system because that's just some kind of mobile phone that you use for showing navigation and you can firewall it off and the problem now is that in the automotive industry there's hypes and the current type is autonomous driving and for network pictures for all these computers in cars we see that somehow blue boxes pop up nowadays and if you look at them more closely these blue boxes are some kind of central computing clusters that are connected to everything inside the car because what they need to do is they need to get data from every sensor in that car they need to do some kind of sensor fusion so they need to steer the brakes and it's not only from inside the car it's also from the outside so you can see that there's a connection from that cloud giving data to that central computing cluster that then uses this data to steer your braking in the car and this is fine so what we did is we now connected all these nice little stars in my mini to the internet of hate and it's a bit complicated because that's something new for the automotive industry so we now have highly complex systems high performance processes that need safety and security we don't know what security is we don't know how safety works in these kinds of systems what we do now is we need to go there fast because Tesla and Google and Uber already do something like this so every car maker wants to have their own solution for that and what do you do as a company if you don't know how to go there so basically what you do is you ask around and then you buy knowledge so every major car maker nowadays bought a hypervisor startup, a cloud startup, a blockchain startup a machine learning startup and two or three cyber startups because you can't have enough cyber in your systems and the problem now is they still don't understand and there are big corporations that did things for decades and they really need to understand security that's obvious, I won't talk about security much longer they also need to understand open source because that industry is an industry fueled by NDAs fueled by not invented here so they are really trying to keep things secret and we need to make them clear that on some parts of the systems especially when it comes to safety and security it might be a good idea to actually collaborate and do things in the open and how do you do that in a big organization so consulting doesn't work what I really want to achieve is that the cars stay as nice as my mini so we won't have any skynet and we won't have any big hacking going on with the cars and my proposal is to change the automotive industry from the inside so what I actually want is I want you to join the automotive industry and to try to teach them how to build secure systems and they are actually looking for you and they know that they need that knowledge but it's really tricky getting there because they are discouraging they are big corporations and they are slow and they don't know how software acts so really we need to break that loop get in there, change them that's it thank you next up is Strokes helping you learn Chinese characters just a moment please there you go hello can you hear me alright yeah a bit closer I think alright so here's a too long in the watch version of this presentation so I started learning Chinese and I found that basically writing learning how to write Chinese characters is pretty difficult and I found an Android app it's definitely super cool but I decided to use it based on it and I'm going to show it and invite you to collaborate actually that was meant to be an animation ok so I started learning Chinese about a year ago and I found this application called Inkstone which I definitely recommend it's an Android application that is meant to teach you how to write characters you basically learn stroke by stroke how to write the characters that you choose and the thing that I didn't like about it was that it's not really in paper so you don't really get the feedback if you get anything wrong and because of that I decided to write something else, something of my own so here's a quick fact about the Chinese characters so basically they are made of strokes which is basically like a couple of lines and the characters are mostly made of sub characters and the stroke order is important so it's very important to learn how to actually write the characters in the correct order and the regular Chinese way of learning that, the one that I heard about is to just repeat a thousand times each character and you're going to learn how to write it I don't really think this is the right way so I'm basically looking for something else some other way to get there so the one that I found, the android one was built on something called make me a handsy which is basically a database of SVG graphics describing each of the characters split stroke by stroke and given this database I decided to write an application that basically gives this kind of output so here we are learning four characters and you can see that it's split into groups and for each of the characters there is like four groups of four tiles stroke by stroke you are learning first the new stroke, then all strokes of far, then all the strokes in context and then you are supposed to learn the geometry by putting it with no aids with no help and then once you learn the characters you are expected to recall them from memory which is what the empty tiles are meant for and in the current form it's hosted on strokes.ovh but I would expect it to go down in a couple of minutes given the volume of the amount of people here so basically here are a couple of links explaining the logic the reasoning that I basically made reasoning behind the application how I chose the design so far and given that I expect the server to go down here is the way to actually run it locally and here are the ways you could help me so first of all I made a list of GitHub issues, you could basically just take a look at this and see if there's anything you could help me with most preferably it would be best if I could find somebody that is fluent with Flask some way to actually make the user experience more reasonable than it is right now because I can see many many modes of learning but it's not really the application isn't there yet in this particular regard I could definitely use some feedback so if you know some kind of Chinese teacher that would basically that is willing to try it out in a classroom that would be great if I could find out it's already working for them or if there's something that could change and I guess that's it so my name is Dita and my email is basically my username at gmail.com and at the top right piece of the screen you can see the length of the presentation thank you thank you next up is dissolving GAFAM a bit at a time I'm too tiny for this preview screen hello congress wash your hands and who knows what GAFAM is that's an abbreviation meaning Google, Android, Facebook, Amazon and Microsoft so these are the IT emulties this talk is a little bit a sequel or continued talk to what I said last year about self-hosted micro-blogging so dissolving GAFAM a bit at a time Tim Berners-Lee keeps saying we need to decentralise the internet he's saying this for years now how's the clicker and what is the current situation we have very few really large huge monopolies dominating the internet and at the same time the complexity and the bloat around us is also growing most people on the internet are rather clueless about what they are doing and there are very few decision makers and very many people by those decisions which have close to no voice so what are the problems that come from that or what's the problem about this situation those huge corporations are very unlike you all so their goals are very unlike your goals and by participating and using their services you are taking part in a huge behavioural study where a monotone dependent applicant like a testing person the services are volatile and you have no demanding right you cannot demand the responsibility or the existence of the service tomorrow or the week after tomorrow there's been numerous services being shut down almost overnight and that's not a nice situation to live in and minorities are marginalised and near to invisible because to these huge organisations those minorities there's just too many of them so Conway's law says a system resembles and mirrors the organisation that builds it so what would you expect what systems would you expect from those huge organisations on top comes that technologists are proud in finding technological solutions to problems that's not necessarily the easy or the simple ones that's the complex and those solutions the experts can be proud of this is probably not what we need what we need is reliable services for one's own so I think a response to those huge companies and their huge services is to self host to do it yourself to use materials from other small entities and keep away from the big brands the indie web with their posse idea post on your own server syndicate elsewhere is a good idea to feed the big services and still be the one in the driver's seat by publishing on your server first then it is very important to learn about the mechanics of the services of the internals not in depth of detail maybe and to tell others about it to spread the word so I want you to reconsider using those great services less and have a look into how could you use small services and promote them thank you thank you next up is a German talk open source after this talk we are going to have a 15 minute break until 1250 so if you want to change rooms because you want to see another talk then you can do it after this talk and we just go ahead right now Hello everyone, my name is Christoph Müller I am a lawyer and I use a little bit closer to the microphone Hello everyone my name is Christoph Müller I am a lawyer and I use JLawyer.org I have my complete SLI on Hinox running which is a little bit elaborate and especially in the system in which I don't really fit in as a lawyer I have to deal with the electronic traffic the so-called ERV that means the justice uses certain protocols to communicate with each other especially courts but also other participants in the electronic traffic are in front of you for me as a lawyer it is important that I have a connection to the courts the legal rights the courts and if it works well I can put in my mandate what it brings to me is that I can somehow bring these points under a hood a large part of my colleagues as well as I use a corresponding software a SLI software that is a problem because these SLI software are pre-properly proprietary so we have dependencies from our suppliers we have the problem that I have conditions from my suppliers for my SLI software how I have to work and of course I also have the problem that I don't get out because I have put my whole system in doubt I don't get out like everywhere in the digital world open source could offer this problem to be solved in a different way the advantages are that I have a long-term archiving with open formats that means I don't have the problem that I will be dependent on certain programs or documents and with that I may not be able to come up with an archiving that I need the advantage is that I can adapt certain things and have my own needs calculated in addition that if you get involved you can control the further development and not be dependent on the ideas and ideas of the software suppliers that often have their customers and their thoughts will come up for me, open source is also interesting because as a linux user I would like to have a program that works without a virtual Windows machine that's why I decided to work with the J-Law at the end an address and file management is of course the RVG, the law of law has just been implemented in the future that's why there are more things in the financial administration in particular bookkeeping, accounting and so on and then there is the biggest problem the well-known BEA that was here last year in Alamunde it is the way that the adjustment for the first quarter of 2019 is planned but BEA is high-grade proprietary and the cooperation with suppliers especially the law firm that provides it and the local service suppliers is not the easiest so that this is a big challenge especially for a relatively small project like the J-Law where should the journey go? of course we want to continue to promote the open source in the administration council not only me but also many other colleagues who are already there and are trying to bring it forward of course we have the problem that we have conditions namely certain things like using BEA so that we have to adapt a big advantage is that we can move forward so I would be very happy if all of my colleagues and all software developers would support us and bring the J-Law to a good alternative to the proprietary models thank you we are here in 15 minutes at 12.50 where we continue with the next half of this session alright we are going to continue now with the second part of the lightning talk session the next talk is going to be gender and IOT one announcement I was told I have to make is that please don't sit on the tables you find here we have lots of chairs don't sit on any tables those tables are very dedicated creatures and let's continue with the talks gender and IOT can you put up the slides video team can you put up the slides from the presentation notebook there you go thanks thank you very much and good afternoon my name is Leonie Tancer I'm lecturer in international security and emerging technologies from UCL and I'm also principal investigator of a research project called gender and IOT which I'd like to present to you today and kind of use this as an opportunity for a call for action now the title of the talk and also our research project already encompasses the buzzword IOT and I'm sure some of you probably rolled their eyes and think oh my god what is she talking about well ultimately the IOT is here and it's an umbrella term comprising a lot of different systems from tiny sensors to gadgets that you might have found on your Christmas tree that you might already have hacked to larger cyber physical systems such as connected autonomous vehicle and what really is important for them is that they have smart capabilities and that ultimately means the systems that we used to have like previously offline we're connecting to a network and while this is all kind of both scary and perhaps also daunting these things are here to stay and what we realize in our research group is we are increasing over the next years and we probably should think thoroughly about what these systems are going to be doing how they are designed and how they are being used so here just some stats they are pure estimates we have probably no clear vision of what the world will look like in 2030 but nevertheless we do expect that they increase over the next year now there's a lot of risk, uncertainties and opportunities but one thing that most people don't really look at especially when it comes to research of how these systems affect some of the most vulnerable groups in our society the majority of research currently thinks more about the technical aspects around security safety or about the economic incentives that these systems provide but less and less people focus on the aspects of how these systems can be abused and that's actually a really fundamental question we should ask before we put those systems out into the wild and to put that into context technology facilitated abuse that ranges from cyber stalking which was a subject of certain talks over the last days but also aspects such as online harassment are issues that we already face now where we just have a lot of systems that are like tablets, laptops and smartphones so for example here's a statistic from one organization in the UK called Refuge just from January to August 2018 so this year there were 920 recorded survivors from technology facilitated abuse now this is a really big category that ranges from kind of online banking that was abused to text messages that people have received but what our project really tries to do is move away from these kind of conventional cyber risks to thinking more about what the future will look like and if you haven't had the chance to watch Demon Seeds I highly recommend this film it's from 1977 and it basically looks at aspects that we have to focus on with regards to IoT systems now we are a project team of computer scientists and HCI research and social scientists and we try to basically produce something called which we like to say action research we don't just go off into the lab test systems and then go back and say ta-da that's the solution but rather we work with stakeholder groups such as the London violence against women and girls consortium which are basically 29 refuges and women organization in London and our aim is basically to think about the role impact but also the risk trajectories and the awareness that currently support services have when it comes to IoT and I will tell you like there's little awareness on these issues as of now and what we've done so far is we work with these communities that like provide support for victims and survivors we run workshops we do interviews we even run a crypto party for the support services because we think that they need to have more capabilities to tackle these issues and know better how to deal with them but also we currently are conducting a technical analysis of kind of common gadgets that people have in their smart home and the insights that we have found so far are pretty daunting and that's also why I'm standing here today because the support services that basically are there to help victims and survivors often really lacking awareness of what systems are being used and abused and also the police is often pretty unaware of what IoT systems capabilities are and so what we're doing currently is not just conducting research trying to understand the phenomena but also like providing services such as information leaflets and others so I think there's a lot of responsibility here and I hope that for example the hacker community would be interested in talking more about like with support services to deal with that emerging risk including industry politics and society so I hope if you're interested in that topic would like to learn more and perhaps get involved I'd love to hear from you That's it, thank you Alright, thank you Next up is chiptunes on AT Tiny4 Hi I'm here to talk to you about my little side project you can see the chip on a one cent coin below it's at most smallest microcontroller they offer both in size and on program memory it's 2.9 by 1.6 millimetres inspiration for this project came from this computer file video you might have seen of Rob Miles and of Dojo's noise plug which uses the AT Tiny9 which is one size up here you can see the development board I brought with me the AT Tiny4 has 512 bytes of ROM 32 bytes of ROM and 16 registers and one timer on the right my setup is using only open source software so they knew AVR toolchain and the USB AVR programmer since this is such a small microcontroller I went to the route of hand transcribing Rob's original C program into assembler and for this I something I call fake assembler which is just a bunch of C macros that implements a subset of the assembler macros to do a change I run it through this little shell pipeline which checks if the output is still the same and then automatically commits there are about 150 commits that are all labored new version in the end of course removing those idiosyncrasies and implementing the initializing stuff and that's about it the AT Tiny4 again very small program memory it was one of the adjectives up to down to 1.8 volts which works perfect with a coin cell battery and of course it should play a recognizable version of the tune the first two were pretty easy on the last one I kind of ran out of debugging time but you'll see that challenges were of course multiplication and division it's pretty limited in space and time because of the four megahertz so I went to the route of pretty much coding everything I can and because I only needed very few parameters also I never worked on the AT Tiny4 before it's very small again and doesn't have anything internal for debugging AdMap provides a simulator but that's proprietary and Windows only so that was out of the question and the open source simulators don't have support for this AT Tiny10 core so all I had was my oscilloscope and a lot of trial and error finally I want to show you listen to a few samples well get in touch if you want to help me with debugging the final of the four voices I'm also the hackaday assembly where you can have a closer look at the board on the left you see a QR code for this project on the right I've got a second project check it out if you want thanks thank you sorry I just went ahead in time of course the talk that was going to be was rabbit control are you here I'm very sorry alright let's go then hello we are Jorek and Ingo our background is probably speaking creative coding and setting up interactive installations where we often face situations like this we are setting up installation and then last minute need to control one of the parameters a couple of the parameters of the installation like say the brightness of an animation or something or the volume of the sound and we've done this a couple of times everyone probably has done this a couple of times you have an application you open up a UDP port or a web socket port define a little protocol and then create a little UI interface maybe web interface and send values back to your application and this is a very cumbersome thing that we've done a couple of times so we wanted to optimize this situation we've come up with rabbit control so rabbit control is a protocol which is made for UI control as Jorek said already one thing we really emphasize here is that you have like one client which can be used with many applications with your application it can be written in different languages and what it basically does the client is asking for a list of exposed parameters let's say the volume or the brightness and then knows how to draw user interface elements for each of the parameters and then you can send back control values to the host application and therefore control the application this is a very small example how you would use the server you instantiate a server, you use a web sockets transport in this case the protocol itself is transport agnostic so you can use more than one transport to it then you expose in this case a float parameter and set it a value and that is all you have to do so features of the protocol and apis it's an open protocol we have defined many types with it so you don't only have control for float and control colors and vectors and matrices most important for me is that we have one generic client possibly that connects to a myriad of any application that you define and expose parameters with so we are solving this problem once and for all to control applications remotely the protocol is transport agnostic at the moment we have web socket transport but it's easy to add say serial transport or udp or whatever one might need what we have so far the protocol is specified it's a binary protocol it's up for rfc on github we'll show later we have many implementations already in different stages for these languages and at the moment we have two clients as we said this web client written in react type script and Xamarin mobile cross platform client we have in the works so with some open source projects it always needs people contributing what we really want would like to have at the moment is users people who think it's useful for the projects use it give feedback test it therefore also and give feedback report but also developers who can contribute to implement the protocol in different languages tool makers of frameworks to embed it in the framework to just use it out of the box and if you want to get in touch with the project here you have the contacts for it github page code is there open source as said already and if you want to meet us we at 16 o'clock at tbase assembly we will be there we will answer questions if you're interested and want to know more about it because obviously such talk without a live demo is a bit stupid of such a system would be easily demoed live so would be happy to show everyone contact us and we are around for two more days so we would be happy to show you how easy it is to use and hopefully you will use it for your future projects thanks thank you so then next up is IP over web avian carrier alright there you go I'm sorry for the mix up after this talk everything should be on track again good morning I'd like to talk, propose a protocol IP over web avian carrier and I use a lot of IP over avian carriers as specified in rfc 1149 and later extensions of the protocol and how that works is that I have my IP datagram I write it on a scroll of paper put that on a lack of a homing pigeon I own a couple of them and then send it away and the homing pigeon finds the destination and then you can read the IP datagram again some limitations of the protocol the MTU the maximum transmission unit depends on the carrier strength and the length of the of the pigeon however climate change changes our weather and when the weather changes homing pigeons get into trouble and I had a lot of reliability issues lately storms and raptors are haunting my pigeons and those harming my datagram transmission in general IP over avian carriers is not really up to the task for today's challenges so we have a limited bandwidth we have high latency so I was looking for a solution to that problem and the solution is web avian carriers and I figured out there the perfect medium for IP datagram transmissions so IP over web avian carrier is a link layer protocol that fits nicely into the stack we don't have to change many things there are some a little bit about the medium it has medium properties that are advantageous to us and there are some challenges in the medium let's talk first about the good parts the medium has relaying it's technically not necessary but it adds a certain weight to certain IP datagrams and it's basically that the link layer has a hive mind and can mark messages that are very important to more nodes in the network by relaying them some nodes in the network also strive for authentication actively giving up their anonymity and this is what we call node verification and this is marked on the link layer with a blue check mark there are some challenges to that medium one very annoying is automatic error connection some nodes engage heavily in error correction activities error correcting datagram messages usually start with yes but or well actually and are often not very politely formulated error correction then activity is believed to correlate with having little or no meaningful relationships with other humans this applies to the humans running those error correcting nodes in general the link layer medium suffers from Godwin's laws that applies addressing on the medium is super easy or we just take the layer three addresses and convert them to so-called hashtags dividing each octet by an underscore and adding the prefix length format is also very simple it is not binary save that medium so we have to base 64 encode the AP datagrams and then add the address to the end via a hashtag so does it really work yes it does better than my slides of scaling this is the world's first IP over web every and carry up transmission which took only something below 12 seconds which is a huge improvement for me compared to my homing pigeons which sometimes take weeks or days here is a pcap of that transmission you can see the echo request and the echo reply you could desgramble them if you like the full specification and the reference implementation is available on my blog there is also a video of the world's first IP over web every and data transmission check it out it's a link layer medium of the future my name is Dan, have a great congress thank you next up is feminism matters there we go yes yes, Moin I'm sorry this talk will be in German but you can read everything in English now it's German my name is Lena Simon I am a web philosopher and IT consultant I'm going to talk a little bit about feminism with you and I'm going to talk about it in relation to many other events here at the congress it's actually pretty good so don't get annoyed when I say things it's not always here but also for us here is another way to take a step on this path here we go yes we have linked a lot of sources the recommendation is just get them in the wiki and click them through women can also do math but they are much less represented in the high-paid mathematical informatics jobs they earn less they are more often alone they take care of disabled disabled they have less time and money and these are both factors which are relatively important for democratic participation in this we see a certain problem another problem oh I see folias here that's great another problem is that women can't see the folias that's a great example for other centrism the man is made to norm and the woman is disabled that can have very fatal consequences in the moment where I have medical explanations a heart attack for example we all know how it looks with men and women it looks different and therefore he will be life-threatening but it also happens in the game scene for example that a lot of different male characters are present who all have different characters one plays football, the other likes to read and then there is a female character and that shows that he is female and maybe a bit tussy that's stupid what we unfortunately don't have stupid questions how did you come to technology what kind of question is that or if someone wants to explain how I only hang out it's all stories androcentrism, difficult opportunity the consequences women are bad presented in the parliament in the medicine it looks terrible look at the situation with the yeast menstruation products the drugs are controlled the pills are badly explained what consequences it can have and by the way medicine tests are often tested on men again in the care work we can't do that right too much leads to that the job chances are too low but it's also not good then we are the ugly slave mothers and so on we have disadvantages in settings both I maybe got it when a code of women if it doesn't stand by who how bad the person has written it it's better rated we are exhausted at many places where we open the mouth to uncomfortable topics that's not nice statistically we should be afraid of our partner because in the relationship or ex-partner we have a lot of violence we are also forced with fear constant fear that sexual harassment could be a topic accordingly we also like to adjust our behavior for example only in certain cars in the U-Bahn and that's somehow ugly and cuts the freedom I have we have a few texts here that you can have a look they give that very beautifully together and next also from the witches Pico and Wiebke and tell you what we witches have thought about to change a few things thank you so next up the witches also this talk will be held in German also now in German we are the witches we are defined as hackers that can label themselves as a female that means cis women, trans women and non-minories that can take the label woman for themselves we are very diverse similar to CCC we are students we are artists, programmers ITs other sciences and also opera singers we see ourselves as a de-central chaos meeting that means part of the CCC mostly in Germany we are more than 150 members we meet approximately 40 are on the 35C3 we meet usually on the 35C3 this year a very nice assembly in Halle 2 we have in many German cities in recent years often newly founded local groups where you can just come by and we were founded in 1988 that means this year we have our 30 year old what are the specific problems we are addressing that was already heard by Lena women are told you can't do that don't do that technology don't do that and develop that on many women a so called imposter syndrome that means they don't trust certain things or say maybe someone will find out that I can't do that that's unfair and that's why we use skill discovery what did you do last year or what do you do for projects and there are so many great things that come out that you think why aren't you more self-confident and show it to you it's just great what happens often what happens in local chaos when you meet men women feel like the odd one out they go there and they don't see someone who is the same and that's why they have the problem that they don't feel welcome and that's where we want to help network, network, network women can get jobs and they like to learn what do we do here at 35C3 now the Hexen Breakfast is running here at Hexen Breakfast you can meet us in the assembly space at 2 o'clock on the Chaos West stage a panel we have several workshops look at Hexen.org and tomorrow is a happy hour also in the Chaos West next year we will do a gig again this year this was the first time and here are a few things projects self-organized workshops everyone brings something with them we plan the next congress and as I said today the introduction to the panel will be over at 2 o'clock and this year on the congress we have the big cry project for remarkable women for important women in the mental professions made cries from many assemblies we have organized this and you can find them everywhere on the 35C3 and you can still participate by painting a poster you can also have a poster here at the assembly a poster for a woman whom you would like to report painting and which simply depends on your assembly or where you find a good place we like to help you that was it, thank you then comes what now? BNLI we will go back to English now again my name is Melzi actually and since I made the slides most of them I forgot to add my name on them which is a very smart thing to do what now? now you have heard a lot about feminism and about the Hexen but this doesn't mean that anything changes for you so first of all if you define yourself as female somehow you can join the Hexen so you can meet up at the congress write us an email or meet us in our local groups even though we have around 5 local groups there even more Hexen around in the area around Germany so mail us and we will find one for you but most of you do not even in a slightly bit may identify themselves as female or can label themselves as female and then the audience and watching these talks and also listen to the Me Too movement you think what can I do you can read up sadly you cannot join the Hexen and we don't have an additional part for you to join in but instead you can vote properly for reproductive rights equal pay high female representation and high representation of any minority in the parliament which is very important so please read the party programs and do a wise choice the second step you can do is read up unconscious bias read up about diversity read up about creating a positive environment and about cooperation and conflict solving the good thing about this actually in the last years the congress has made a lot of reports about mediating conflicts so we have people on site that know how positive environment works and how positive conflict solving works so that in the end everybody is happy with the situation and there will be a conflict solving workshop I think tomorrow afternoon in example by the Hexen and I think I've seen other workshops as well and the good thing is you don't even have only women you have every introvert and every person who is trained has the opinion to themselves so you make this environment better for everybody around you if you try it and the most difficult thing about this diversity movement is probably that you need to try it out this means you need to make mistakes and we at the Hexen we don't think that mistakes are in generally a bad thing even though trying out feminism and being four equal rights is a very difficult task still try it out but please don't repeat the same mistake again that's the deal right never try it out the second time read up, listen and just try out a different thing that would be okay to help you again we have given some more resources for you there are some women in tech annual reports where they have asked the women who are working in the UIS about their problems and about their situations etc and you can start reading there after that you can go most probably if you're a person in power you can look into mentoring how and why mentoring women there's a book out there which is written by two American army profs it's very short and it's very on the point and it's fully packed of resources it's not a self-help feel better book but it's really basically a scientific manual very short but readable for normal humans and it has a very weird undertone you feel like a marine when you read that book but after that you know what you should do and you know where the pitfalls are and you are way more collected about the situation so and there's also some more materials about how being an ally which means you cannot be female because you haven't decided to be female but you can be an ally to all the minorities we found one home page where there's a lot of resources and where the voice and the opinion is very well thought maybe there is not any every link we agree with we don't know you will find more probably something but this is the point where you start to think and you try it out and you don't repeat the same mistake again and after that you can also read about an example because this is always helpful and we have recently seen the Hubble committee publishing two reports about 2014 and 2018 and in 2014 they have tried a lot of things to counter bias in giving Hubble telescope time to also female lead groups and only in 2018 where they introduced a double blind review process they were able to succeed anything else didn't work so maybe this is a suggestion for the future probably for the congress and today hey come on as we say I told you we have a panel at two o'clock tomorrow evening it's the Hexen and Friends party so you can join in too and we have a German bass set playing there so have fun see you around thank you so the next five talks according to our records are going to be in German so you might want to check out c3lingo.org for translations next up is Fere Elektronik ah no need to hurry we are still good in time hallo ok my name is Verena Kaiser I work for Naga IT a company that has since 2009 made a fair computer mouse and with the talk I want to briefly focus on the industry the all the things that we use here to make our life better and with which it's so much fun to play around ok for many probably nothing new I still travel briefly in the IT industry we have to do it with a lot of human rights violations most of the time it starts with the raw material about the wide processing to divide up to the end assembly people are simply exploited and have to work partly under life-threatening conditions and in the IT industry with all the electrical devices it's unfortunately not like at café where we now have fair alternatives and that's why the founder of Naga IT Susanne Jordan finally decided to bring a product to the market that was made for fairs she chose the mouse and looked into it and found that there aren't that many things it will be possible this is the picture of our delivery chain from the beginning and it's always kept transparent and shows everything in our mouse we buy the components and let them be assembled at a company in Ringsburg exactly we see that we have a lot of actors here and every box is an employer but also a seamstress because we come from above and we have to buy the products many of us are small and medium-sized companies in Germany and Europe who produce components themselves and we ask them where do they come from as far as they know there are seamstresses and we are always aware that people give out information and also have interest that the products you buy are fair produced because we are just a small shop of about 5-7 employees and the small and medium-sized companies with whom we work together are much bigger than we are but they are much smaller than the suppliers with whom you work together and because that's the case I have an announcement we still see on the national map that there are very few initiatives that try to produce electric devices so there is not all close to IT there is also a term there is still the far-reaching and that's what it sounds like because the others are much bigger and have much more influence we thought it would be cool to turn these wagons around and continue to work on it so we get more influence and that's why we are looking and there may be some of you we need people who want to produce other IT products that are as fair as possible people who want to help us for example we are often asked why don't you make an ergonomic mouse or why don't you have a gaming mouse you can develop a case if you want or put a fair keyboard or ask as you ask us why don't you make a gaming mouse ask the big ones why they don't want to create a mouse that's our approach for people who don't want to be in the maker scene we would be happy if for this demand campaigns are set up no postcards campaigns on all important actors in the IT industry to focus on this topic and if you don't have time it's important to keep this topic it's cool to have this product and no one says that we shouldn't use it but it's important to keep people in the back who work on it that we have this product thank you thank you then we will continue with qr codes offline qr generator yes hello introduce yourself to the next situation now you are in the browser on the desktop or on the laptop and you want to bring your website or something on your phone or even a password on your phone and then you want to think that a qr code is a good means of transportation you scan it directly and actually no problem sounds easy then you will find this javascript qr code generator named javascript qr code and looks promising has javascript names probably runs locally it says it's written in pure javascript so even stronger it says it's a mini javascript library to generate the famous qr codes and it also has quite a lot of users with almost 5000 and good ratings ok so I looked at it downloaded the qr code and looked in it came out google hello yes the qr code just sent to google yes that's the adon has the javascript task of sending a qr, a string to google yes and I don't want to say that it's the only adon no, there are these cases often here it's a bit more transparent here it's opened with chart.google apis also quite funny but yes, it's too private you don't want that you can see it in the qr code and that's why I thought I developed my own adon my own browser adon and that's called offline qr code generator and that generated as the name already says offline and private, that's the side the adon side and it also has a few usability features added that I didn't find at the adon you can do it directly with right click or in the qr code context choose the qr code, create the qr code the same with the text selection or you save the qr code that's no problem it can also change sizes the qr code is changeable that you can save it in different sizes or just draw it bigger you have a few options svg or canvass and a few options that you can choose and if you want to have it then just download it currently available for firefox under the link I accept but of course I also like pull requests if you want to add other false support I had already looked at chromium sometimes it's a bit difficult because there are a few APIs that don't fit for a few features that I use but I definitely accept pull requests download it it's 200 kilobytes and quite lightweight you can find me under the given adress whoops without the given adress and we have or I had put value to it that the permissions that you have with the adons I don't need to ask without additional permissions that's with other qr code generators they just want to grab all the tabs I just grab the active tab and that's it all features are in that's no problem and it's also my first bigger open source project and there are some contributors in the hackathon there were some that I really liked thank you for watching and and yes, pull requests will be accepted and thank you for your attention thank you then digitalization in the medicine that would be the 8th that would be the 8th you sorry, now we are in the beginning now my name is Stefan Streit I am a doctor, I speak as a news reporter from the doctor's practice medical care is located in a highly regulated city and here the authorities and politicians regulate the game the IHELS law says please close yourself to the internet so that you can use the telematics and the national data agency the NRW says, no doctors close yourself to the game because it destroys the rules the DSGVO says for every medical data transmission from one doctor to another is a complete obligation until such a constellation can come maybe this statement of the president of the BSI is clear at the end of the day digitalized data in a network can not be protected technologically data as a matter can be considered digitalized in medicine in the following context white data that is all we have raised these data in the speech hour the purpose of which has been raised is illegal in the end of the sanctions and very difficult gray data is all that has been suppressed by pre-ordered application or what has become unannounced is unregulated and on a special legal black data is illegal but attractive and not regulated digitalization in medicine looks like this I always wanted to see this on a big line how can it go so the bio-psychosocial information almost data as part of health what disease biological disease is somehow clear psychological disease would be fear social disease would be poverty and information disease would be a damaged data cloud that always when what others know about me damages me then I am informationally sick the bio-psychosocial health term is an established long-term concept in medicine if you add it to the information unforeseen bio-psychosocial health term that I have discussed the concept was well thought out and is published on the home page of the Institute for Social Strategy if you accept this health term then you quickly realize that health data are not just things but personal parts and personal parts they are inseparable from the person they are protective and unforeseeable that means a trade with it is completely unthinkable and parallel to all these things there is an organ donation discussion there are incredibly important parallels that will be discussed in the future do you take the third aspect that comes from the DSG-RVO or the connection you will never take it seriously then data from the medical speaking can only be used for medical speaking and for no other purpose everyone who wants to use this data has to show that there is a provenance or the data is new then it is okay if you would bring these three things into action then we have a DSG-VOO-conformity situation the telematics infrastructure to implement a digital health act it was already a topic yesterday it would be completely unthinkable and the DSG-VOO would actually protect people from the data and we would have such a situation white data usage would be legal, legal and comfortable grey data usage would be limited because it would be highly regulated and there would be sanctions and black data usage would be as much as possible but much more unattractive because in the end the market of grey data usage would be dried out digitalisation in medicine and in the doctor's practice it goes back to these three points this is the only practical and well-known approach how you can implement digitalisation in medicine what we have to achieve is the digitalisation of our society we have to adapt context factors to the concept of health and the concept of the digital reality if we have achieved that then digitalisation will be not only technological but also social potential thank you next up is or as not the talk media competence you can't download hello my name is Jens Möller today I'm talking about why you can't download media competence and here I also connect technical competence with one but what do I actually mean two components competence in the process can I use media and technology am I able to choose the appropriate for me for example can I set the offer in question and can I see alternative possibilities and also use the critical component is missing I'm only a consumer I'm either satisfied with the offer or I adapt I notice the difference the design is different and we know enough people who don't need it so it's important a clarification the critical component but how is it always about let's refresh our memory in the 80s and 90s computers were not accessible for all people there was a rise you had to adapt yourself and explore similarities the message of clarification was fun on the device creative transition with technology testing limits but also social implications with and before thinking a lot of work today the situation is completely different a huge technical market almost no entry threshold for the use of every person is affected the design of the company how do we reach people we also lower the threshold for the clarification after the motto everyone can be creative cyclists who are easy to understand designed accordingly and toys, Raspberry Pi, Arduino with endless accessories instead of a lot of work we have quick results and with that we really reach a lot of people which is really good but the simplicity also has a price to follow instructions it is a bit like painting after numbers the awareness training and the border crossing it is more in the background and we are in danger that we do not support critical awareness but that the clarified action is delayed what does that mean for us I say awareness training is a social task that we cannot technically manage we have to ask our training as a general question with the goal that people do not rely on what is offered to them as consumers that they have the ability and also the responsibility to create the world a really high goal but we do not have to find the advice completely new let's refresh our memory about 50 years ago a pedagogue from South America dealt with this topic and delivered answers with the pedagogical liberation from Paulo Freire people can see that the reality that their reality is accessible for change and can come out of the passivity there is a lot to do more in the morning because we need your ideas and experiences if you are active in the education or if you are just talking to yourself tomorrow at 7 o'clock C.C.L room 1415 and then we will exchange how critical awareness can be targeted and which methods can help us I am also looking forward to email or directly next to the stage here thank you thank you then comes a really cool start-up this is time critical that's why I load it as soon as everyone is there yes, it's a bit difficult with the skates not at all, not at all not at all, not at all I am Pére Aron de Loun my friends call me Pa de Loun but I always have to go with a wrong name and get the advantages I will try a new format you have a start-up because you want to make a lot of coal or you want to improve the world a little bit and you hardly hate yourself when you try to explain what you actually do because no one asks the right questions you try to keep cinema in the family circle with glowing eyes on the demand where you live soon the business angel will come and this business angel will ask you for the assets that you have to offer you are jamming in the choir with the old government that the founders in Germany will make everything so difficult you are jamming the most difficult code you are jamming here and there free software that is only open source soon you will have a mock-up your wonderful foo yes the insta-button it already works and the facebook-log and the database it already works somehow that is all really cool foo the funds will be downloaded by google thanks for the java-cryptin your harmonious surface feeds hundreds if not thousands of tracking pages but it looks so cool and you can drink mate thanks and you have the damn sin that no one is honest to you but you are very fond of when you show your foo because your foo is actually shit then you will need it and you will fall for it but you didn't do anything other than a data dump the the organized digital crime you want only the small dealers on the village streets the digital diasporas the one for the mafia shit, shit digital fascism i think there was a shot but you are nothing and every time when someone attacks you that we need a german google and that you haven't made and you in the back this stupid sentence your big brain is broken you will be smaller and smaller and your only hope is to marry a teacher to get over the rounds because there is no need for a german google and you have to start-ups are not easy on the contrary it is hard for you to find out what you really can and most of all you will find out what you can't look for people who can do that what you can't or the one who works for someone who takes over the leadership since Alice to take up the lecture get into your control because a business is only meaningful if you pay controls learn the rules otherwise they will kick you away as soon as your business starts to run don't get mad don't listen to the fuss names Dorothee Beer and Altmaier and above all do something stupid don't just think of something stupid stop it to do the right thing look what you really need I can count hundreds and thousands of applications and services that you really need some of the free software projects in German only the right head is missing take a look at this congress take a look at where people really great tools for living together and working in a society conceiving and on the lack of resources and lay an egg build with your tools decentralized structures support free formats give the code free fives on the investors who didn't listen to the shots and want to see assets get into meaningful projects and plan holidays and vacation with above all, don't give personal data if you don't use your own code write your own software on strange connections and don't go to the Republic of the cursed character because you are attached to your beliefs and you are 100% sure that your business will never get a big plus award thank you thank you alright, thank you so this is the end of the first lightning talk session we will see you tomorrow, same place, same time