 It is about robust IRC and Yeah, have fun Thanks, can everyone hear me? Please be be as close as possible to the microphone and and twist things if they do not fit because when you take your microphone away You will not hear the speaker anymore. So please as close as possible, right? All right. That sounds better Okay. Hello everyone. My name is Michael. I'll be talking about robust RC or RC without net splits next slide, please The motivation to do anything in the IRC space really is that IRC is still widely used among free software and hacker circles And we looked around and we didn't find a convincing alternative We then thought about what are our problems with RC actually and the biggest problem that we saw is the lack of stability in terms of TCP disconnects as you know whenever you have a TCP disconnect between the client and the server The client will just not be part of the chat anymore But if you have a TCP disconnect between two servers, that means that entire parts of the network cannot talk to each other anymore This gives you a perverse incentive of never upgrading software Don't doing kernel upgrades not rebooting your machines, etc. Because all of that causes net splits, which you want to avoid, right? Next slide, please So we had two ideas to fix this the first idea is that we came up with a tunnel protocol To get rid of the disconnects being a factor at all And the second idea is that we looked around and saw that there are highly available databases So why not look at that use it as a model and then design an IRC network as a distributed system on top of a library called Raft Next slide, please So in a robust RC network, you have a number of servers and they make up one single virtual IRC server at any given point in time the minority of these servers can fail and it's not a problem For example, if you have a network consisting of three servers, one of them can fail if you have five servers, two of them can fail For communication between the client i.e. you or your RC client and the robust RC network We're using a protocol called robust session. It's based on HTTP and JSON so they can be implemented very easily in clients There's a very tiny program called the bridge which tunnels RC over robust session So you run that program and then you connect your RC client to it and you're in the RC network next slide, please So how does it work every incoming RC command that we get we persist using Raft So that means it will be distributed among all of our servers and only when the majority of service has acknowledged it received the message It will be processed the service themselves are implemented as state machines Which means that when they face the same input, they will generate the same state So that means whenever a client loses connection to any given server They can just fail over to a different server and continue reading the stream of messages It also means that whenever your server process dies because you're doing a reboot or whatever It can just reprocess the state it already has and then be in sync with all of the other computers again next slide, please The fine print is that the RC latency i.e. the latency between you sending a message and other people receiving it will be determined by the Median latency of all the servers just because the message needs to be distributed Also, if you want to have a really really robust network You will have to have access to at least three different failure domains Meaning if you put three different robust RC servers on the same machine if the machine dies You're still host right and last but not least the throughput that we get of around a thousand messages It's not yet high enough to replace the RC software in the biggest RC networks like free note or RC net next slide, please So in order to connect you can just install the robust RC bridge Which might be in your distribution for example if you're using Debian or Arch Linux You can just install it if not you can just install go and then you use these commands shown on the slide You set up a go environment you download and install our code you run it And then you can connect your favorite RC client to local house and you're in you could also use a bridge That we provide which is called legacy RC dot and then the network name It's not as good in the sense that it will only guard against net splits between the servers But obviously not between the connection between you and the bridge right next slide, please This is the end of the lightning talk, but there's more if you want to know more check out robust RC net There's an admin guide if you want to set up your own network There's also a 40 minute tech talk if you want to learn more about the details and also I'm at this conference So please do feel free to grab me any time and talk to me. I'd love to discuss this further with you Okay, that's all. Thank you for your attention You have still a minute left for questions. You were much much too fast. Are there any questions? No, no, no, I don't see any so please the next speaker come up Okay Yeah, hi, I'm max and I will show you a project which I worked on with a few friends from Darmstadt and It's NFC gate Breaking NFC for fun and obviously security next slide, please a Quick NFC primer you probably all know NFC near field communication It's a wireless protocol runs at around 13.56 megahertz It uses smart cards which are powered by the reader. It's used for payments public transport ID documents and There are NFC chips in almost every Android telephone next slide, please So when we saw that there is a new feature with Android 4.4, which is called host card emulation we were pretty excited because that meant that you can actually use an Android phone and Ambulate an NFC card to a reader next slide, please So in theory you just need a card you need two Android phones You need a reader and you can just relay all the traffic and have fun inspected the whole shebang So in practice next slide, please We found that Android really doesn't want you to do that So it puts up a lot of walls and then there are also a number of bugs So it was a quite a bit of pain involved next slide, please But with a lot of time a lot of cursing and a lot of coffee in the end We managed to circumvent all those problems and we're going to tell you about it now next slide, please the first problem was that Android only supports a specific ISO standards for HCE and Many systems do not use this ISO standard. So you could not emulate them We solved this problem by going into the Android HCE code and the NFC native code libraries and just remove all those checks and we did this in a way Which allows you to run our code without patching your Android So you can just take your stock Android install exposed install our app and it'll work So now we can emulate pretty much all popular NFC cards except for my fact classic But my fact classic has been broken for years. So who cares next slide, please The second problem is that Android has no API which allows you to set the unique identifier of the card You are emulating so it'll always use a random unique identifier And this is annoying because this is usually used as least in some part of your authentication protocol We fixed that by finding an undocumented function in the lib NFC which allowed us to pass a byte stream to the NFC chip and With that byte stream we could set an arbitrary UID and some other values, which are also relevant to NFC We can thus now emulate any arbitrary UID So if your door lock only uses a UID to authenticate the card you now have a problem next slide, please Requirements for running our code is a device running Android 4.4 or upwards You need at least one device with a Broadcom NFC chip because the NXP chips do not have the specific set config function But for example Nexus 4 will work just fine You need the exposed framework installed You need a server to run the relay server on we will probably implement some sort of direct connection at some point And you need an NFC system to test obviously next slide, please So why are we releasing it this stuff is dangerous, right? Well for us, it's basically a Kerkhoff So if you're the security of your system relies on Well confidentiality of the data you're sending you're probably doing something wrong So fix your shitty security or people are going to break your stuff next slide, please So you can get the code at NFC dot WTF You can get a pre-compiled APK you can get the full source code. It's licensed Apache and Yeah, have fun break stuff send patches if you want and you can reach us at gate at NFC dot WTF or talk to me at the camp any questions No, great. Thank you very much Hello, my name is Katie and I work at the British Library and You might be thinking what on earth is a librarian doing here talking about labs You know, there's a one librarian in the room who's excited I hope to convince some of you that actually there's a lot more to libraries these days than dead trees And that's not to say we don't have quite a lot of dead trees The British library's got a hundred and fifty million books and manuscripts and sound recordings maps You name it and we also have an archive of the entire UK internet domain So we're a bit more digital than we might first seem when you think about us in terms of rows of books But the British Library labs project is about looking at what we can do with our digital and our digitized collections Because like every library, we're digitizing a lot of our material But we believe that that's just the beginning you can pump out content, but it's what people do with it that really matters So what is labs and how does it work and fundamentally what it's about is two things It's about people with interesting ideas and it's about data and the people with interesting ideas can be anybody They could be you they could be somebody in an academic job They could be somebody who works for a tech startup who sees our data as useful and It's sometimes us as well We sometimes have ideas for what we might be able to do with a bit of know-how and some experimentation So you can see on the diagram here that there's a sort of stage where we sort of work out What the best ideas are and some of that stage happens without any involvement from the library at all What we love best is when people come up with ideas that we hadn't even begun to think of But there's a team in the library that support working with our data that help people access data and work with it in whatever way they want to next slide and There's two main things that might be of interest to people here One is the competition which is if you do something cool with the data that we're making available Tell us about it and there are prizes and the other is if you have a really good idea There are awards which can help fund the development of a really interesting idea based on our data Next please So speaking of this data, it's very old, but I've brought a hard drive with me There's nearly two terabytes of data on this thing I haven't been organized enough to put it up anywhere online, but it's yours for the taking if you want it Not the hard drive, but the data on here. There's something like A million images or so 70,000 of them tagged. There's OCR data There's all sorts of things to play with all released public domain for anything you like next And it's a messy set of data I don't make any claims to this being easy or you know neatly set out, but there's masses here to play with And one more thing I just wanted to suggest perhaps which is a challenge that we're facing in the library at the moment Just to throw out there really to see if anybody here fancies taking it on as a challenge And that is we still have tens of thousands of books Maybe even hundreds of thousands catalogs on old catalog cards like this which every librarian knows and hates And we've got a crowdsourcing site where people are gradually converting those two electronic records for us But that still involves people and these are cards which have a standard layout and standard information on them And so we think there might be a way of using a kind of combination of machine learning computer vision to do this Automatically so I'd be really excited to talk to anybody who thinks they can do that excellent and Whether or not you fancy talking to me about it all the data from that crowdsourcing experiment is available for download for free on the website So have a play around with that if it's your kind of thing So this last slide is really To end by saying see you next time not here obviously not next year because this isn't happening But I'll be at EMF camp in the UK and I'd love to see some of you there with crazy things You've made with the British libraries data what you're seeing on the slide is an art piece that was at Burning Man last year Done by an American artist who used some of the images that are on this hard drive to create this big art piece It's a illuminated piece and we loved it so much It's now on display at the British library in London on the roof of the storage building where the books It was digitized from our housed Thank you Are there any questions where the library nerd or otherwise? Sorry The question is the website seems to be offline. When will it be online again? I'll investigate it shouldn't be offline, but I'll get onto the IT guys after I get off stage. Thank you Next up is Rka talking about Saft on Sunday in Berlin Now to switch to German because it's a problem in Berlin, but you can also use it for the English version Where are you going in Berlin? There are spades, there is fuel, especially for hackers Club mates are available there, but more and more because they are not allowed to open on Sunday There was also a discussion Or a petition that was started Which is also very supportive, but I doubt that The Politicians and my colleagues there actually for a change also In a law-like way, although it is also difficult because there was a corresponding judgment from The Federal Court of Justice which is a liberal Loan opening law in Berlin, which also allowed Sunday opening and said that That's why I asked myself why should it be late, it's actually not what the gas station should be I looked into the law, Berlin's loan opening law, it says in it must be Sales of fuel I thought more about which fuel can sell a spade, mate doesn't count for that There are no vehicles that drive with it yet, however, there can be electricity, with electricity vehicles and everyone has electricity In this respect, there is actually the possibility that Spades electricity as fuel There was actually also a judgment in Dresden from 2001 where there was a similar situation That there were four power plants opened in 1999 There was a total of 21 electric vehicles that were supposed to be tanked and operated The biggest customer had the power plants, but because of their travel needs And because they were allowed to sell them on Sundays That's why my project is actually to ensure that late operators To give them an easy opportunity to supply fuel, for example also for pedalex, e-bikes, etc. This is possible with a very simple solution, namely a charging device for an e-bike or a pedalec Up to a multifunctional charging device, as it is offered to tourist e-bikes and pedalex routes Which every model can charge And I would be happy if one or the other person from Berlin finds out Who wants to support the project and is interested in making it as easy as possible for the late operators To be able to open the clock around the clock on Sundays So far it is, as I said, due to the law and that there are no official gas stations Not possible Then I think I still have time for questions. Maybe there is one or the other? Screaming or to the microphone? I don't see that You definitely find me here in Wiki under RKA Where there are also the current ones Unfortunately you haven't made it to the ring And you can reach me under the deck 2287 I believe there is a question there in the audience There is a policeman in Neukölln who plays relatively sharp there And, so to speak, there are many processes in progress That's why the relationship is particularly affected In other relationships there are some block guards or others who have a problem there I think that every late operator who wants to decide for himself when to operate his business If he is allowed to operate tanks and large chains Yes, we have still time for one more question, I think Well, if you actually offer the tank possibility in the shop Then it can't be that you either put the battery back in Or that you actually have a small corner for a bicycle Where you put it off for example Of course it is always different from the surrounding environment But I find the solution the most interesting Where you don't have to apply special roads or anything Good, thank you Thank you very much Next up will be a 3DS man talking about open embroiderer And just one thing before you start to talk If you get questions to every speaker, please try to repeat them Unfortunately we have no microphone angels and no signal angels for the stock And so people in the stream also want to hear the questions So please leave us time to repeat the question or repeat the question yourself Thank you Hi everybody I'm Sebastian from Electrolab, a French-backed space near Paris And I would like to introduce you to our project of open source embroidery machine We would like to make a cheap, simple and non-destructive machine Okay, so for that we would like to make it easy to set up and reverse to be acceptable for most people The most embroidery machine are very expensive 1,000 euros And sewing machine are only 100 euros Before to start this project we are looking for other solutions So there's not very much solution There's only 6 embroidery machines we found on the internet And only 2 documented Next There's a lot of software but from vendors And what the difference between a sewing machine and a embroidery machine? Next There's an XY table, a needle position sensor to know whenever we can move And a speed control So we're gonna must emulate it The XY table work, needle position we have But the speed control we can't emulate it for the moment but we are working on So the software There's some solution but not open source so we must made our own Today we have this machine that work pretty well There's some sample we did yesterday With it, here And we are working on the software Because there are a lot of work And we are working on a new foot to hold the fabric during the process That's gonna improve the result So if you want to see the machine in work You can come to French Embassy tonight at 8pm We're gonna make a little demo Any questions? I don't see any then Thank you very much Next up is VP Wreck Talking about Neo 900 Good afternoon, my name is Wen Almesweg I'm presenting on behalf of the Neo 900 project And I'm going to talk about modem security From a hardware point of view What can be improved So this shows what your modem looks like What your system looks like on your smartphone On one side you have your application processor Which typically runs Linux It's nice and open, something you can trust On the other side you have the world of the telephony protocols Your modem, where everything is closed Even required by regulation to be closed And you cannot quite trust it to do what you actually wanted to do But still this looks kind of reasonable I mean the good things on one side The bad things, the potentially bad things on the other side Next slide please Unfortunately in reality it's a bit different Because the modem side grabs deeply into the application processor side So there can be for instance shared memory There can be binary drivers that are required To operate your telephony part and so on So in reality you're not really safe From what's going on on the telephony side Now we can of course recreate the separation We can put the modem into a separate part of the circuit And let it talk to your main CPU Only over USB for instance Or some other serial interface And supply it with power and then again Then nicely separate it, right? Next please Unfortunately, let's have a first look at What your modem looks like I mean it's not just a modem It has sensors, for instance a microphone And it also has the radio interface It has an antenna Next please Now with this of course it can autonomously Establish a communication link It can listen and send it out And it doesn't have to tell the CPU Anything about this because the CPU Is not involved in this Next please So this means that your CPU First of all your modem can do this Behind your back And the CPU has no means of even detecting That it is doing something behind your back Now this is bad Next please Fortunately we can do something about this We can for instance move the modem on the other side Move it to the CPU So that when the modem wants to listen It has to ask the CPU for permission To get the data stream So this is nice But we can do better Next please We can observe what the modem is doing So we can basically start watching the watchers We can monitor what current it is consuming We can monitor when it is emitting a clock For getting audio data We can monitor what is going on On the antenna interface If there is a signal or not So there we can detect When the modem is doing something And then we can see Does it make sense for the modem To be doing something at the moment For instance if it is receiving a call Then you would expect to see some activity And shortly thereafter it would be a call Now if there is activity and nothing Maybe you were just being served A silent SMS But with this kind of things For profiling and detect this kind of stuff But sometimes this is not enough You are not happy with just detecting When bad things happen Though sometimes it's the right thing Because you might respond in a different way to this For example if you are going to a Conspirative meeting So when you detect Oh they are tracking me Then you say Oh no I am not going to the Conspirative meeting I will go to the supermarket But you do nothing suspicious But sometimes you just want to turn it off Next please And so we can also just cut power Now of course there is a lot more to To a smart phone Next please And here you can see some more details And in the Neuron 100 project We are building a smart phone That has these security features on the modem side Plus all the rest you see in here Next please And if you want to know more You can come over to our village Which is just in this direction Across the street The Neo village Or you can also come to a longer talk That is tomorrow at 15 o'clock At sea based workspace tent Okay I still have time for questions If there are any No questions And thank you very much Thank you The next talk There is currently no speaker behind here So to all speakers come in front Look up and evict you When it's your time to talk And just be right here Before the talk starts So who is the next speaker? The next speaker should be RFDS labs talking about Mimosa write router A feature in Cisco routers Are you here please Come up and speak Has anyone seen RFDS labs If no Okay I don't see anybody Then we'll skip that one Go over to the next one I think And until he or she is ready I will have to do a short announcement Okay so who is next? It's a sprudel From the Hobelschlunzen village Talking about speed data and she is already there But you can make your announcement I got a short message from the third And I will repeat this message also After the talks because it's concerning Your safety and security So it's a public service amount And I will do it in German in English And The third wants to Keep you informed that Weather forecast indicates Thunderstorm starting Tonight or tomorrow noon Somewhere in between Weather forecast And it will probably be In this region I don't know how severe it will be But anyway please make sure That your tents are properly fixed That they are not blown around And hurt people or get damaged Or something like this And all your cables And though the people providing power Will be very happy if they do not Have to come to your place To fix your cable And anyway Please keep also all Pathways, all exits And so on Clear of strings and cables So if people want to move Or if there's something happening So that nobody Will trip over a cable Or something like this Please also close your tents To avoid damage So it might or might not be A thunderstorm between Tomorrow Between tonight and tomorrow noon And this is in German A public service announcement Also Third wants to Keep you informed That there will be a thunderstorm In the region Tomorrow morning Please take a look That your tents are properly Closed That everything is closed That nothing flies through the area That all cables Are fixed That your socket can't be filled So that there is no short circuit And that everything is dry And rain is definitely lying Please keep all paths free So take a look at all public paths And the same that there are no cables Or the same where you could die If you have to Somewhere fast So that you won't be swamped by mud And no danger And close your tents So that you can sleep in the dry And now to the next speaker please Thank you for your public safety announcement And the next lightning speaker Will be Sprudel from the Hobelschlunzen Village talking about Speed dating Hello everyone Plum plum plum plum Invented a different kind of speed dating Next please So usually When you do speed dating You do it for reasons such as Finding a romantic partner or sometimes Even to get a job But the problem is that One half of the participants Dates the other half For example all the straight men Date all the straight women Or all the employers date the employees They're boring. If you put in the effort Why not do some more Do it less hierarchical And give more than One possibility to the people Who meet each other next So this is what we try to do We try to improve it And we made up an algorithm By which every participant Meets every participant So no two groups But everyone gets to meet everyone And also there are more possibilities How to How to Talk with each other after The actual speed dating Next please What happens at our speed dating sessions Is that you will meet in groups of two After five minutes You move to the next spot Make your notes on What you want to do with a person next And then you repeat these steps Until you have met everyone Then you hang out a bit Next So this is one of the forms That participants get It is made up with software That you can see on the bottom How to get it And we come up with it Depending on the numbers of participants They have instructions Which you don't see here But which I told you And there you have the ratings Where you can say if you want to work With a person you just met Or you can just work together You can say That you want to get to know each other better That you want to cuddle with each other And this is an interesting thing Sorry, if you are a bit sensitive To sex and sexuality Maybe you want to Step outside Because you can also Of course cross out That you might want to Do sexual stuff with each other And then we also have this wild card That is the last one Where you can just put in a message That will be delivered The four things beforehand Will only be communicated if they are mutual So only if I want to work with you And you want to work with me We will actually know it Next please This is a form That is supposed to tell us How the people are actually moving Because this is a bit more complicated In order to move everyone around Have everyone meet exactly one time We need this form If you are really good in maths You can help us make this better Because what you see here Sadly is wrong Next please This is an evaluation form That we use to note down the mutual interests One horizontal strip Will be cut out And will be given to the person with the number Next please So what could possibly go wrong As you have seen on the forms There are only numbers We optimized right now For maximum paranoia of participants So maximum privacy If you forget your number Well, that's a problem For example But this is supposed to help With shyness Also Next please We would like to Identify bigger groups Than just pairs of people who share Interests, so we call it Orgy identification If we have four people That all would like to work with each other Or cuddle with each other, whatever Then we would like to tell them But the way we are doing it right now We can, so if you want to help us Please do Next please This is where you can do it We have passed three Yesterday we had 10 participants Today it was 20 So let's see if we can get 40 tomorrow Yes If you would like to help us Also organize it because it's growing We are very helpful And grateful Any questions? Just ask your question and we'll repeat it What you saw was From top to bottom Was just the number You could meet, so the forms I showed you Were for a group of six participants And in the horizontal line There are the possibilities You may choose from, and of course You may also choose everyone If you find someone to work with Get to know better, cuddle with And have sex with, go ahead Cross it out and then Peel Matt Thank you very much And I'd like to repeat an announcement for all the future lightning When you get asked questions in the end Please either repeat the question Yourself, so that the people Who watch the stream can hear it Or let us repeat the question Thank you for that Okay, next up will be Metaplenius, that is you Talking about mechanical logic gates Okay Electronical logic gates are found In many places today, I hope you know them Because I won't have time to expand here But the question is Can you also build Can you also build logic gates out of Mechanical elements? Next slide The concept that I'll be showing you was invented In the 1930s By the engineer Konrad Zuse Next slide Who wanted to build a kind of Automated calculating machine And he decided to build it Out of Cut-out sheet metal So that's at a time when no computer had been Built yet, and the result looked like This, next slide, thank you It said irons, and you might call it One of the first computers to be ever built And it was completely mechanical Except for the motor So when you want to build a Mechanical computer, you need mechanical Gates, and so So how you do that On the screen you can see On the right side Left side A green clock input gate And a blue output gate And when I push In the clock input Because they are Connected by a black pin The output gets Pushed out as well Or goes to one, whatever terminology You want to do If I do not want to Get the output pushed out when I push In the clock, I can add a little cut-out Next slide And so this time when I push in The output will stay zero I want to make sure that The output doesn't move I can add a red ground plane That fixes the output So basically The idea behind this is I get the right output When I push in the clock The first one was one, the second one was zero So now for a gate, I want to be able To do two We extend this into another dimension The pin can now have two positions Zero and one, if it's in zero And I do the clock, you've seen it Nothing happens to the output If it's in the one state You can see I have cut out the ground plane here So this time when I push in The output Goes to one as well So if you know Gates, that's basically a buffer We want to do something more complicated For an AND gate So a gate that is Outputs only one of both Sorry, I forgot this slide So to move the pin We can add this orange input gate And that basically Copies the movement of the clock Pushed in as one and pulled out as zero So for an AND gate We have two inputs And only if both are one The output is one too So let's start with the second input We know if that's zero, the output can't be one So we can tie it straight to ground Here, if it is one It all depends on the first input So we add this blue intermediary plate So we add this blue intermediary plate And That depends on the first input So when the second one is one And the first one is zero The output will be zero So it shouldn't move And when the first input is one And the second input is one The output should be one as I just said So it should move So what we need to the left there Is another buffer I think I'm pretty close to the end now So if you want to look at this again I've uploaded these slides in SVG format So you can play around with that I've also built a physical version Which I don't have enough time To say more about here But I've put up the files for that If you want to build that yourself To read more about that Next slide The Z1 So the first computer that you saw Backcode information comes from SUSE's autobiography That is written there Next slide The technical information is from SUSE's patents for the Z1 I have a few ones, I have a link there And also a paper that describes The Z1's computer architecture And gives also an English description Of the gate functioning Yeah, okay, I'm done So Thank you, Metaplenius Next up will be Hannu talking about Safer C With address He'll tell you Hello Yeah A lot of the code we use Each day is written in C And that's basically not good Because C is full of security Vulnerabilities But there are some things we can do To make it a bit better Next page Here's a bit of code I hope everyone sees the flaw in it We have an array with two elements And we're accessing element 2 That doesn't exist Because C starts counting by 0 So there's an element 0 and an element 1 But an element 2 that doesn't exist But the problem is this code Will usually just run And it's hard to find these kinds of bugs Next page And there's a very nice feature That's called address sanitizer It's part of GCC and C-Lang And everyone who is writing any code In C, I mean you shouldn't write code in C But if you do it anyway You can just test your code And you can use it for fuzzing But also just test the normal operation Of your code For example I tested the Compiling bash with address sanitizer And just by running it and using it It found bugs in it Where it was accessing invalid memory Next The problem is I cannot read that So I have to guess what's on the slide Yeah So you can find Bugs like use after free Or buffer overflows That very often don't crash your application If you compile it normally And address sanitizer will give you A very nice error message What went wrong and why it has Accessed any wrong memory I think next page And what I tried to do was Building a complete Linux system With address sanitizer based on Gen2 But it's basically just Gen2 Because I'm used to it You can do this with any system And why would you want to do that Just doing that will Uncover a lot of bugs But you could also imagine using this In production to say I want a really safe version of a Linux system And then build everything with address sanitizer Probably And next slide It has performance costs Which is about 50 to 100% So this is a lot A lot slower, but it's still much better Than everything alike that we Had before It's an amazing tool. I want more people To use it. If you're interested In this stuff or interested in fuzzing Like I do a lot of fuzzing right now Then come to me Talk to me I want to create safer More secure free Software operating systems Any questions? I don't see any Thank you very much, Hanu Thank you So before we come to the next speaker We have just a minute here Unfortunately We cannot bring the monitor closer To you to the speaker But however if you cannot read Your own slides from this distance Your audience also might Have some problems reading the slides So If you are a speaker and want to Have your lightning talk tomorrow Or on day four We still have slots left I think Prepare your slides in a way That yourself can read it from About this distance So also your audience will be able To read them I'll repeat the announcement For the new audience If you like what you see Or if you don't like what you see Please still submit lightning talks We have a lot of free slots to mow It's really easy, you just need to hand In a PDF of your slides Send it to us You will find all the instructions on the wiki Just look for a search for lightning talks And we Like to have talks about What you're doing at your headspace What you're doing at home What you're doing in politics Any kind of small project that you want to pitch To a large audience in five minutes Please submit a talk about it And if you play a musical instrument All you need is just one slide This is the absolute minimum you have to have You have one slide, one image here To show for you And then you can do whatever you want You can talk freely You can play any instrument you like We had some people last year at the congress Doing some music here It was quite amazing Poetry, everything is possible And next up is Something else that's obviously a possibility Namely you talking about tails Yeah, so hi I work on tails Like many other people do Especially in the WN community And I want to hear Debunk some myths and Ask for some help Because we really need a lot of help To make tails as safe as possible Next slide please So yeah, we have to debunk some myths Because there's been things written about tails That are not exactly true Next slide please So for example, we are totally not NSA proof I don't know why people think this But we want to say that we are not Just to kind of like get this out of The community at all Tails actually needs a lot of hardening work Especially WN as well In order to be a lot safer And in order to make it a lot more cost effective For the NSA to Or other 5 eye partners for example To try to exploit tails And this is something That is going to take a lot of years And a lot of hard work from A lot of community members Next slide please And also, we are really real people Some people think that we are all anonymous But there's a bunch of people Of us here right now At the CCCAMP So if you ever have any questions About tails that you would really like to get answered Whether that's technical Or whether you just want to ask questions Or how you can contribute in any way Please find me after the talk And I'm available to answer any question possible As best as I can answer Next slide please So in addition to that We really need your help With lots of very stuff So if you at some point Maybe even want to get paid To do some stuff for tails That is possible We have a diverse range of things That we really like to get fixed So examples of those are For example, if you are really good In security stuff And know your way around a Linux system Especially Debian We could really use some eyes On some hardening stuff That we could use For example, for Debian packages Especially Some things that we ship At the moment And also if you contribute to tails You contribute to Debian In one go Excellent. So in addition to that If you're really good with other things We could also really use your help If you're really good in translations Especially in languages like Spanish Portuguese Or some other languages That you would really like to see That we are going to support Please help us out If you really are good In programming on Windows Or on Mac Multi-platform installer So we could make it super easy For journalists to start using tails Especially on Mac and on Windows That would be super great And you would get a lot of love From a lot of different persons around the world In addition to that Reproducible builds in Debian If we get to that At some point which we are getting Really close to or it's already done Then we do the same thing for tails Which is excellent If you want to build tails using Geo security for the kernel Please make it happen Please package this for Debian Please start a team in Debian To maintain this kernel And you will get a lot of love From a lot of people around the world Especially here And then next to us If you want to get stuff implemented Within tails For example Tejo laughs Or some other crazy security Everything is going to be better And everyone is going to be saver around the world With that next slide please If you are here And you want to talk to us about tails We are here for the next of the event If you want to Know more about the roadmap That we have for next year Please come to the session tomorrow Which you can find on the wiki I think it starts at six o'clock And it's in the hack center number one And we can talk About the roadmap that we have for next year We could really use your input about this stuff So we can make tails better And greater And things like that Thank you We still might have time for one question A question for Tails developer So the question is Are there any Things to integrate the mempo kernel If you want to make that possible Please come talk to us after Thank you very much Next up We'll be Talking about Something with cookies and phone numbers Hello everybody Thanks Maybe somebody of you Know about US spying About Your mobile phone Or something that Can help people To trace you When you visit their websites Electronic Frontier foundation made a lot Of Web pages speaking about that Unfortunately We have almost the same problem in Italy And might be also in your country Next slide Please So the We have the problem that when you Use your mobile phone using Italian mobile operator Your mobile Operator Will send also your number To the websites Not to all the websites but only Few that have partnered With mobile operators And basically Next slide please Nobody Is aware Of that or at least to my knowledge In their privacy Policy there is nothing Explained about this So I think that this is a problem Next slide please Is a problem about Net neutrality because Somebody's Maybe doing something with your connection Is a problem About privacy because your phone Number is something like a super Cookie And I see no awareness of this Problem so Next slide please We are Going to Have a session About this problem tomorrow At la quadrature du net And if you think that this is a problem You know that something is happening Like this in your country Please join us And let's talk about this Thank you Speak up and then They will repeat You can opt out if you want to Just to repeat Switzerland does the same thing But you can opt out But it's The awareness of this Or just because you are a tech You know that I only know it because a colleague Of mine noticed that the header was Sent out in an HTTP request So they don't openly talk about it Another question No Thank you very much Next up Will be Anus talking about QtPath Well first apologies Because I was Campus way too exciting to make slides So I didn't really make slides Anyway passwords Everybody uses passwords For every server site whatever A different complex password People use password managers Most people have asked QtPath or QtPath Well last pass is In the cloud so who knows QtPath uses single Master key so when you Share your password you have big problems Like corruption one single Master password Sucks All the other people who say they don't Use password managers most of them are lying Or just forgot that they actually Save their stuff in the browser So Mozilla, Google whatever You can't do that with teams It doesn't work So a solution Pass, the standard Unix password manager It's just a bunch of bash scripts Using GPG, Tree, PWGN And Git And it's Pretty nice you have a tree of your Projects Services whatever And can store These passwords GPG encrypted Very nice You can use Git to Backup to share You can set for whom to Encrypt per project per folder Very nice Only problem CLI It only works in the terminal So managers can't use it So I was working with a company Last year Just over a year ago And it was a design company Branding company And for many many different Clients So we had this folder structure On a samba share with passwords Included So you have your designs You have your contracts And your passwords in a samba share Can't go that way So in comes pass Developers love it Everybody loves it but managers Can't work in the CLI So I was thinking Let's fix this So I took QT Which is a nice GUI framework And in C++ I coded a simple app Called QT pass Which was read only, can you go next slide Anyways So It was read only at first And I sent on August First last year an email to The password store.org mailing list And I thought that was it Then all of a sudden up comes Easter I get some pull requests Someone editing And very rudimentary Basic user configuration Per folder Next slide please So That was pretty nice And I got excited again Did some polishing like filtering Search Templating With that enthusiasm Let's do a release party This year We had a release party During that release party Some people did German translation Hungarian translation Simplified Chinese translation And That makes QT pass one of the Easiest and fully Multi-platform systems Because pass doesn't work on Windows Yeah it might with SIG win And QT pass does all the stuff That pass itself does In a basic way In the GUI And you have a Multi-platform Unix standards Password manager Any questions No questions Then thank you very much There, okay Sorry, yes it does It works on the Mego It works on Android but the interface Needs a lot of love So if anyone wants to help It's on github Github.com slash IHAC slash QT pass Can also be found on qtpass.org The interface needs a bit of love But it works on iOS and Android Mego And I think also But not tested On Sylvish Another question Yes, there behind GPG The password generation function It has a fullback If you don't have PWGEN That's just a string you can enter In the configuration screen with the Different letters So we have ABC capitals And small Numbers and symbols And it just takes the Random one for the length you want The system's random function So meh Thank you Anus Next up will be Mitro Talking about having Too many projects Hi everyone I'm Tim Next slide And I have too many Projects and You've kind of gone to the next slide Too fast You also have an old version of my slides This is going to be interesting There are a lot of Things that I do And I would like help on them Because I need to sleep Next slide The first thing is Yes, you have a very old Version of my slides The first thing is I do a lot of AV stuff And everybody seems to make the same With their slides So I created a tool to help you It doesn't help you with the content But at least it will help you Make your slides better Next slide There's a command line interface It looks like your standard lint tool Next slide There's also a website Which you can go to Next slide It has a Generation Help out These are the websites If you go to GitHub, Tim Slide lint, that will get you Next slide These are some of the things Where you could use help with Next slide Tim's video is a Overview project that Has Multiple different things to do with AV Involved with it You can get to it by going to Videos to us Next slide This is a diagram of what it takes To do live event streaming At something like The CCC We're trying to make it so that Anybody can do this without being As smart and awesome as the CCC guys are Next slide So the first part of this is We are trying to build a Capture hardware And the commercial solutions Aren't very good and we can't fix them Because they're all proprietary So we developed this thing called HDMI to USB Which you can get at HDMI to usb.tv Next slide It's based around FPGA and has a VHDL verilog Based firmware but we also have a new Firmware based on the stuff The milky mist guys Next slide There should be a bunch of stuff Announcing about the fact that We have some new hardware available That you can buy now Called the Opsis If you go to bit.ly Opsis OPSIS You can find It there The complete schematic PCB Design issues Are all there on github It's got 2 HDMI inputs 2 HDMI outputs In the spay port out It's kind of the ideal capture solution We want For doing conferences Once you've got that You then need a mixing system So that's GST switch It's a software based HD mixer Based on G streamer We're looking at maybe We're working with The C3 guys here To replace it with VoctoMix Next slide We also have a streaming system Which is Python and Django And based around FluMotion Next slide That also needs help Next slide There are other important projects That you should know about That aren't related to video streaming Next slide You should be using my Python date time tz module Because you'll get time zones right then Rather than Getting it wrong all the time I'd highly recommend you Use this Next slide Well, my slides are kind of broken There's also a project called Q Q is quick and easy debugging It's really, really horrible hack But it allows you to import Q And then you put Q Where you want to print something And it writes to the log file You add Q a Function And it will log the decorators You add Q a class And it will log all the function calls Very easy way to Debug it when it's 2am in the morning And you don't want to Get out real tools Anyway, that is a bunch of my projects Thank you for listening Thank you, Tim Next up will be Christians talking about Z-Wave Whatever that might be Hello I would like to Tell you a few words about Z-Wave So Next slide please Z-Wave is a home automation protocol It is made to control Lights, thermostats And door locks And you can send information from sensors So it can make your Home smart And technically It is a wireless protocol In ISM band 868, 869 Megahertz And it's frequency shift modulation And non-return to zero encoding Different channels etc And The Z-Wave protocol is defined From the very bottom physical layer Application layer So it's defined in all 7 layers And Out of the box you get a 2-way communication And the mesh networking That means that different devices can help Other devices in your network To road The packet if you cannot get it In direct range And also There is a security encryption Pretty strong encryption that Makes your life secure The most important For You is that 2 bottom layers Of physical and mac of that Specification is even open And it's defined by ITU G9959 It's written on The slide And you can get it from ITU website And it's designed to run In a system on a chip Environment And basically You can run it With software defined radio Next slide please What Z-Wave is commercial It's one of about 30 different Smart home wireless solutions Commonly used According to black hat It's about In 2013 it was about 80% of the Market of residential smart homes So it's pretty famous And there are more than 400 devices Manufactured Different types of devices Existing worldwide And more than 300 Manufacturers Doing all these devices from US To China And there are Huge vendors using Z-Wave Protocol in their devices like Denfus, Honeywell And there are solutions from AT&T And smaller Z-Borrow and even Samsung smart Things Next slide please So To play a little bit with Z-Wave Z-Wave is a complete solution So you can just go to the shop And buy some devices But you also want to play with it So there are several Possibilities to play First of all you want to make a controller That controls different devices in your network You can start with using Every project like a controller There is a link on the On the slide that allows you to Customize your controller Make your own UI, control different devices And make some logics You can also create your own devices If you are not satisfied with those On the market And for this you can go with A special development board that looks Pretty like Arduino where you can Make your own device, program them And include them in the network Finally you all have a radio batch I forgot mine And you can control From that radio batch You can reprogram it to use the Software defined radio to control Z-Wave devices directly from your Badge, this is probably the most Interesting challenge you should accept Next please So Where to find more information Where in the works Workshop center number two Where we can help you to get Introduced in Z-Wave and SDR And The tent, the white tent nearby Is 24x7 available So just come and Ask questions, thank you Thank you very much, Christian Any questions for him? Yes please We have two audience microphones If you could just step out and go to the microphone And repeat your question, that would be Very cool Thank you Excuse me, what is the state Of the open source implementation For Z-Wave? Unfortunately there are no Open source implementation of Z-Wave But you can contribute to make your own Z-Wave it's open In the lowest layer Mac and Fi and there are some Implementation of upper layer But in the middle the road and all that stuff Is still closed, so we need to contribute To make it open Thank you very much Now we have two more lightning talks coming up The first was going to be a musical piece Played on No, I just been told There's no musical piece today So there's only one more thing coming And that will be Carl Voigt Talking about Emacs Is he here? Are you? Just connect his computer Don't run away Wim users It's for you That looks like Emacs, great I have a word beforehand This is not my hardware, this is not my keyboard shortcut So Don't be too angry If I do something wrong Okay Is this fullscreen? Is this fullscreen? Okay So this is a talk about Emacs Especially Emacs org mode Which is an extension of the Emacs editor So just ignore that Emacs is an editor Because it isn't It's an operating system And that's not the joke So I use Emacs org mode To organize my life, my digital life Very, very, very intense I care about personal information management And this is just a short example How I do things I try to come up with an example You see it here As a trip to the CCC camp 2015 And here you see Oh, I have to say All you see is text It's just text So the color And underlining and whatsoever Is added by interpretation Of Emacs is just highlighting Syntax highlighting So I've got Five headings here The first one is Heading to pack things And you notice that I can Expand it So I see into the pack Things heading And you see it's a list Oops It's a simple list And With the keyboard shortcut I can mark it Mark lines as done Not as done You see When any sub items get Marked as done Then the previous heading Marks as done as well Here as well I can change the order By keyboard shortcuts You see I can Move this item Or I can move this in and out And so forth So it's pretty easy to do stuff with this When I finish packing things This is done And because I Have some rules in there For example the trigger Line to Mildenberg It's another ID That gets marked as to do So Then I have To load the car I mark this as done as well Then Let's drive to Mildenberg Oops Done as well So you see You can define dependencies So when I have here A dependency for example Loading the car Is blocked by packing stuff So as long as I did not Finish packing things I cannot finish load car And this is quite especially Because when I schedule To-dos They don't appear on my calendar As long as they are blocked So my calendar is called Agenda My agenda is only full With items I can do now And whenever I Accomplish a heading And mark it as done Other items get as marked as To be done and unblocked And they appear on my calendar as well On my agenda So it's quite handy And this was the killer feature Of course I can only show here A tiny, tiny, tiny Small fraction of what Orc mode Can do for you But I guess to-do list is very basic So anybody of you Can do to-do lists with it Okay The next one is quite special And administration is Quite time consuming When you have to lock The stuff you're doing I want to show is you can Integrate program code Into Emacs Orc mode Here is an example where I Integrated a shell script Let's delete this here I integrated a shell script Which is just a one-liner Disk-free And when I execute it Haha, okay, sorry Not my system If I would have executed it On my computer This is the result of my computer And you see It recognizes the output as a table And then if I want to I can use columns Or even single Values of this Table to produce Other stuff So I can use this table as an input For a Perl script For a Python script I can do our visualization Here I Don't want to execute it Because it's not my setup And therefore it breaks I use the output Of a disk use command With a grep, you see Up there And I generate a table And I'm so afraid I cannot do this I generate a pie chart Of my disk usage In the next step Obviously I cannot execute it With R and Emacs Okay, so you might get A small, small, small impression Of how capable this stuff is Going to be. So for example If you're an administration Of a number of Linux systems You can use sessions So you define a session To a remote computer You execute commands You get the results, the standard output If you want the standard area as well The documentation right there You can add documentation in between And then the next block You can use the previous environment To send another command And so forth So it's very, very awesome So next thing The org mode is capable of Is full-blown spreadsheets So this is an example Where I collect some Expanses of this trip You see I took the train From Berlin to Mildenburg Yesterday and About 23 euro And I did some groceries And as you see At the end of this line There is a sum, so you can All sorts of computation You can do statistical analysis Whatever And in the next table You see Two families joining here at the camp The Smiths and the Petersons The Smiths are two persons The Petersons are three persons And I calculated the expense Per person And as you can see In the formula below There is a reference to another table Which gets the total number Of euros which were being spent And then calculates the amount Of euros per person and so forth So it's just a very, very simple Small example I think you get the idea On bonus topics There is really, really Millions, millions of cool features I tend to Express Org Mode like this It's a very, very, very big box Of Lego bricks, you know The stuff the kids used to play And whatever you Bricks you take out of the box And however You are combining those bricks Org Mode is a great tool for you It's of course open source Very, very nice community A very active community And most requirements Are already been done Or were already been done Within this project So for example You can use tags Org Mode to clock your business hours And there will be Calculations Depending on your client and so forth You can integrate of course All kinds of scripting languages Use this output For another input For another scripting language So you can integrate Perl with Perl with Python With R, with whatever you like Researching is quite cool With it I did some work on this as well So for reproducibility You can for example Have three CVS files Data from an experiment Then you have one single Org Mode file And when you compile this Org Mode file To a PDF I cannot show you the PDF export here In this setup unfortunately But just a keyboard shortcut And you see the PDF version of this file Of course nicely linked And so forth I have a couple more minutes More than the others because it's not my machine Yeah Please come to a conclusion soon Yeah, I'm already at the end So One Org Mode file You can ask for an extension You can ask the audience for an extension Do you want to give them an extension Of two minutes? Okay I hope you sit well Because it's mind blowing Three raw data files One text file One Org Mode file Documentation with comments With of course Scripts like this with Python With R whatever you like And one single Keyboard shortcut and you get the full Blown ACM format PDF file out of it And it's completely clear What the author did with the raw data Until the final product Including diagrams whatsoever So it's really, really Really amazing For yourself because you don't forget How you generated this or that Diagram And if the basic data changes You just have to type one single Keyboard shortcut and the whole paper And every derived data Is recalculated again So you can of course use it for Project management You can export gents, charts And much, much more Unfortunately I have only very short time Here There is a lot of folks out there Doing Emacs Org Mode The Emacs Org Mode URL Is Above there So org.org Easy to remember And if you want to follow me Because I'm very, very fanatic Freak about personal information management Not only Emacs Org Mode related You find me on Twitter I've got a blog Written blog directly from Org Mode To my website I have all my source code Published at Github Including many, many extensions For Emacs Org Mode Because I'm not My brain is incompatible with Emacs Lisp I had to do it with Python So if you're not a Lisp person No worries Emacs is right the tool for you Okay And if I get requests And Github repository as well It's just a text file Okay Are there any questions Where is the WIM I'm a WIM user I'm a Everyday WIM user So I write my emails with WIM I write configuration files With WIM So I know WIM very well But when I saw Org Mode Right from the start I started again And began to learn Org Mode So you can still use WIM Wherever and whatever And for whatever you want But please use Emacs Org Mode To organize your digital life Because there is nothing better Than this And trust me I've tried everything Thank you very much for your Very enthusiastic talk about Emacs Org Mode