 All right everybody we are About to start the lightning talks We have I think we have 12 Maybe 13 of them depending on or less depending on who actually shows up So whoa, okay, we got loud These are going to be five minutes apiece and we're going to be really really strict on the time because We have 60 minutes total and 12 times 5 is 60 so The first up is Rocky Bernstein who's going to talk about the emacs debugger interface rewrite Yeah, okay, that's great What it what I was hoping to do Well that let's say I'm really bad at giving extemporaneous talks. I was going to just I Made a screen case cast special for this And let me let me stop this right here The most important thing is I wanted to actually thank Two people here Yara here, and I see Clint who's not just Okay, Clint Adams who so I apologize for not putting Clint's package there Which is zsh db. I'm not a debbie and package here. I am Trout spawn or what you call upstream? So I just write code Okay So so let's go This thing so so This is playing. Can we can we see that that's playing? What this one is it going? Oh Okay, cool, okay, sorry so packages that you can install are up there and Pretend that bash db it says the shtb because Clint isn't the audience. He's not just and I'm rewriting the gdb debugger GUD the gradient find debugger. So this is all gonna be about that. Here's how to install It's not a package yet, but I hope somebody will do that Right that's links for installing Okay to load it you do load like so once you once you've installed it which is kind of arduous You do load library get so now you have access to a bunch of commands that start db gr dash and There most of the commands start db gr dash, but a couple debuggers start Don't don't start like that and what I'm going to show is the Python a new Python debugger that I've been working on Because I knew that there were there might be two Python people here and I even forgot about Clint so you do that a Meta x py bdb gr. Okay, and then This is a prior indication, but what's going? But The way it figures out the gcd 3 5 that's how it got that but it'll it'll look at the buffer if your buffer is Python Buffer it'll use that and then a look at other buffers in your emacs And it'll also look in files in a file system. Okay, so this is this is now what the interface looks like Once you start so there's a when the top is a command Buffer and the bottom is a source code Buffer there's this little arrow here in both places that shows you before the statement before which you're going to execute Okay, and when you step those two things get updated automatically. So they're they're up in the top. I'm typing step Do it I'm sorry what okay And so so source code up updated There's this little gray thing that you might be able to see up there and there And that's the prior location And if I do another step, you'll see there's two levels of gray shading in the fringe area and here you don't see it Because the sources is sort of up there off the screen So but you can move move back and forth by hitting meta up arrow and that's what I did here And I think down the bottom it even tells you you know What were you on the history there and meta down arrow moves down? Okay, and I think the next thing I'm showing Is that so I've been running the commands out of this command window, but I can run it up in the source So there's a minor mode here. That's that's set down here where you can type single key strokes to To run debugger commands. So that's coming up net that so it's meta X debugger short key mode Okay, and now you see this this short keys is in the indicator and also right here The the file is now read only because when I've toggled that mode Right, so that shows that and that shows that it says buffers read read only Okay, now in this mode when I hit the space bar, I do a step Yeah, okay, and step over in gdb lingo is called and when down at the bottom It shows you what what what the command that was actually run And gdb lingo next is is step over Okay, and then the last thing here that I show is what a breakpoint How to set a breakpoint Do it? Okay, so I'll find a line that I want to set breakpoint at like that one and If I type the letter B a breakpoint is now set and break I think and then I And then I type C and I continue to that. Okay, so I can stop here. How am I for time? Okay, so there's so in another minute some buzz of time in both Ruby and Python you don't debug From the outset like I did but instead you you add a call in inside the source code that calls a debugger That's a common idiom you constantly done in in the POSIX shells, too But anyway, so here's how you do that in this new Python debugger that I'm writing Okay, and so what I'm going to do now is go into a regular comment shell And now I'm just running Python in the comment shell. Okay, but what's not going to happen? automatically Is because that's just a comment shell it doesn't know to associate a debugger so do it so that so I Need to run a command here that says it'll see it's debugger track mode The first time you do it it'll prompt you for which which flavor of debugger you want because there are about five or six of them and then after that You'll see the source screen being synchronized and oh, so here we go debugger track mode enabled There's there's where it is and then the last thing there should be Hi there This is gonna be very quick hands up anybody that's still confused about why we're wearing kilts around here anybody yeah Stand up stand up. Yeah, that explains a lot I The only reason I ask is because pretty much every day and sometimes twice a day people have been walking out to me and going So what is with the kilts? Anyway, we do have some more tartan left if Anyway, he's interested in joining this mad band of lunatics We've got about 20 yards which is enough Probably four kilts and some tires and stuff We have tires They're not actually brilliant tires because they're way too thick, but you can make a knot out of them if you're careful And they're very nicely made We have you can get just the cloths and do other stuff with it If people order enough of it, eventually the weavers will start keeping a stock of this stuff So I don't have to go through this pain whenever it happens And that would be nice I think that's it. I can do the explanation of the tartan if you like which is that it's Morse code goes dash dot dot which is D Dot is E Dash dot dot dot is B dot dot is I dot dash is a dash dot is in and That's why it's that pattern. It's red because of the swirl. It's black and white and yellow for tucks It's blue because I like blue And because of captain blue eye and it's actually electric blue, which seems kind of appropriate I think that's my lot really So if you yeah, if you want to actually order some you go to blog dot hands comm and go down a couple of posts there's something about releasing Debbie and Tom 2.0 and There's this is the last bit that sold but we can do we're making some more tires So if you get put yourself on the the wiki that that points to Which is actually the dev comp 7 wiki. There's a second order table for Kills and the like and there's a table below that for tires if you stick your name on there and send me an email I'll sort out next week or the week after and that's that Cheers except Luciano and After Luciano is Daniel DKG So my talk it's about documenting internal workflows in an updatable way I don't know even if updatable. It's a word in English, but you know, you understand me It's a long title for a short talk So let's say that you are in a team now you are new in a team in my case I'm new in the security team And you just want to know about a deep detail or an obscure Part of the process So the people said you that you need to read the documentation. Yep. I mean the documentation Because sometimes the documentation is huge I include a wire reference Marga says in her top that the NM Documentation include the autobook so sometimes it's something we are Sometimes the documentation are not even in a single place it can be In the people's heads for example And in some cases there are contradiction between between parts of the commentations Also happened that many parts of documentation It's already known for you And the parts that are not new for you for you. Well, that's the part that adds that are outdated. So It's it's really frustrating So because we have too many places to put our documentation is hard to keep updated And if you see something outdated you put it in a new place So it's we have many places to put our documentation. So So the fact is that we are a really bad documenting yeah, most of our intention is document workflows a workflow is a second of Connected steps, but in devian process that can be quite hard because we have a lot of branches in our in our process So let's let's imagine the ultimate weight of documenting. Yeah, let's say of For a list I would like a system or a way to see documentation in a big picture So I can see the complete process and I would like to to have a way to zoom in a little part of the process So in short words, I would like to see something like that. I mean something where I can see the complete Process and let's for example, I want to know more about this arrow The the arrow that goes from the devian maintainer to the incoming queue. So In that case I need to refer to this part of the devian reference So what I do It's great It's great this format Of a file, you know, it's a height to two style file the control file. It has this style Which generates something like this Yes, for example, this is one of the of the of the process of the Security testing. So if you I want more if I want to know more about how a Mitra entry becomes a to-do item And it's just to click in the arrow and then I have a micro documentation about this part In this way the the big picture Works as an index of little micro documents where it can be a reference to other big documents if you want more detail So we have only a single entry point to the complete documentation the green arrows means that that these transitions are made by a Scripts know by people. So if you if you see in the format For example these transitions mitra for to-do list I'll do it by a CBE polar script. Yeah And that's a description a description a Can be parsable in a moin moin wiki format so you can put funds the things. Yeah, the script maybe are Ten lanes of Python so you can have your idea to collaborate with it So that is no time for your your comments. So I put your comments for you. Yeah But I would like to I Could like to know more opinions so send me an email Next up is DKG or stop using passwords after that will be That said after me will be make-up before it squealed so I have no slides My talk is called stop using passwords Wow, that's a tough crowd Maybe I'm done. I know so So, okay, when I say stop using passwords There obviously are some places where passwords are reasonable and I'm not going to spend my time here Enumerating all of the exceptions. There aren't that many So I'm just gonna give a brief example of the exceptions and you can extrapolate from there The exceptions are when you have physical control over the entire system that deals with the password itself So that is if you are directly logging into your laptop, which is on your lap Then that's a reasonable place to have a password anything other than where you have physical control is not a reasonable place and is a an opportunity for a series of security flaws that We are all exposed to every day and that the rest of the network is even more exposed to So we need to be advancing the state of the art in making sure that there are systems in place That do not use passwords that do not force people to rely on passwords. So why is that? passwords are designed for humans and humans suck at them Humans are really bad at remembering reasonably complex passwords machines are really good at generating Password dictionaries and attacking human memorizable passwords as a result Either a human uses an easily crackable password In which case they're screwed or a human uses a very complex password, which they then transcribe into some flaky Technology Which is often a piece of paper taped to their monitor or taped to the wall or they email it to themselves or whatever in which case they're also screwed or They pick one password and they work really really hard and they're very diligent and they've figured out what that secure password is And then they use it everywhere because it's so secure Right now. That's a problem because passwords are replayable And so even if you don't have the dictionary attack capability because the user has really worked at it is really figured out How to remember this really strong password They use it for a bunch of different services that they don't physically control and any one of those services can take that password and impersonate them to any of those other services, so If you find yourself using a password in a situation where you do not have full physical control Something's wrong. So what do you do? You should let the person who maintains the service know that you would prefer to authenticate to that service using something other than a password Work with the person or people who maintain that service to find a way to do that most of our technology that we have today We actually are capable of doing authentication without passwords as Debian or as a bunch of developers people tend to have open PGP keys those are available. There are other mechanisms that avoid Typing your password into untrusted boxes People also like to say okay. Well, we've got single sign-on so that solves a bunch of the problems of the password scenario But in reality the replay the replay problem is still present for single sign-on approaches With with a very few exceptions. So for example if you use a Kerber as domain Each individual host doesn't know the password of every user because it's all handed off to a domain controller But if your users are using Kerberos to connect to one system and then they get Kerberos tickets on that system by using K in it They type their password into that system if that system is compromised their password is compromised now everything associated with them in that domain is Compromised now. I know that's not the way you're supposed to use Kerberos But if you have your Kerberos setup configured that way, it's likely that people are using it like that. So So I'm saying don't use passwords. I'm saying don't use passwords for pseudo on remote machines I know that there's some controversy about how should we get Elevated privileges. What's the best way to do that if you use passwords for pseudo on remote machines? What you are asking for is you are asking for someone to install a keylogger in a compromised account and capture that password If those passwords are all different you're asking for your users to keep some sort of crafty database of passwords around maybe in a text file On there in it. All right So so don't use passwords for pseudo think about other ways to do that Don't use passwords for HTTP basic off because of the same replayable problem There are other ways to authenticate users on on web browsers. Don't use passwords for email I know how could we possibly not use passwords to check our email, right? There are techniques that are available for that that avoid the user actually having to transmit the password To the service. I saw a hand raised Chris Um The question was do I have any success stories of convincing organizations to not use passwords? I think that Debian is on the way towards being able to do that We certainly have the infrastructure to be possible where we can where we can make that as a demonstration and I think that So no, I don't have a full like complete success story where I can say oh, yeah, this this stuff worked out, but Time's up. Okay We don't have time for questions. Sorry people If you want to ask questions find the person afterwards and then ask them We're Makos not gonna be next actually if Jamie Rollins if you're ready. Can you do it now? Jamie Rollins is gonna do a lightning talk on run it and His name who just spoke was DKG or Daniel So Jamie you ready to go. Yes. All right do it. Yes Run it Everybody hates it. Nobody knows why That's my claim. So for those of you who knows what run it is Who's used run it? Who thinks run it is cool? Oh Come on. So I think that people hate run it because they hate Dan Bernstein, but I think that's not a good reason to hate run it. So run it is a remake of Damon tools, which was djb's Original idea it was made by Garrett Pape who if people know him. He's a pretty awesome DD he maintains run it he maintains get he maintains a bunch of good packages It's a super simple system for maintaining services and it does this one thing really really really well So it's it's a little bit weird to configure because it's not configured in the way that people are used to configuring things But once you get over that hurdle of configuring services to run under run it It is really really great. It handles it makes Making a service really easy because all you need to do is have your service run in the foreground and Put its log to standard out everything else is handled by run it starting the service stopping the service restarting the service logging log rotation Everything is handled by run it if you so It's a good thing to use I would like to encourage more people in Debbie and to think about using it and in ways that we can enable people to use it easily one thing I would suggest is if package maintainers will allow people to Contribute run it service directories for their services. It is really easy to write a service directory for Pretty much any service you can think of that hasn't been corrupted by sys via knit So or sys 5 in it or however you call it So most services just require a simple like three or four line script to run under run it And it makes running the service really easy I maintain multiple machines where run it is the knit is process number one and it's they've run impeccably well, and it's they're really easy to Monitor the really easy to administer the the run it process Spawns the child process, which is the service if that process dies the run it process Automatically restarts it so the the run it process all of the services are just children of the run it processes So you have a very clean process tree you have Really easy to figure out the state of your service Look at the logs Etc. So anyway, that's about it. Don't hate run it. It's very cool. Give it a try And if you have questions about it, I will be happy to answer them later. That's it. Thanks Jamie Up next is Hans Hans Are you gonna do it Hans? Okay, Hans is turning down his like Gunnar. Are you ready after Gunnar will be wookie? Sorry, I should give you a little more heads up Okay, so well this is a Very easy and fast thing We as the key ring masters are trying to encourage people to Start well, we just finished getting rid of the old PGP keys and Yeah Well, thanks to Jonathan because he's the guy who's been pushing for it and it was not easy and he was extremely patient he was Well chasing people chasing people chasing people until well We have to agree to just drop those who didn't want to be updated anymore Well, the thing is we don't have PGP keys anymore and we want to Start switching to stronger keys for GPG As a first step, well, we have not yet publicly announced it. So so this is it For people entering NM or DM. Yeah We are only going to take a keys 496 are with a shadow capabilities from now on people All of you who still have older Less secure keys can still use them but are encouraged to first make them a Well-connected get the many signatures and then Get them updated with us. So well It's a public call and at some point in the future We will start being more bitchy and more aggressive, but that's for now. That's just the announcement Next up is a wookie about scraper wiki and Thanks to those who took less than five minutes wiki gets a little chance to set up Before having to spend his five minutes Are you may need to press the LCD at the front? Hold on a sec Ready so This is nothing to do with Debian at all But it's quite cool and a friend of mine was saying you should tell everyone about this They might like it and it came up in the bugs thing this morning. It's So there is the general problem of information which is on websites scattered about the world And the only way to get it is to scrape it and scraping is really tedious and difficult fiddly And people tend to do it once and then they lose the scripts. They did to do it So it's not a sustainable thing. So scraper wiki is an attempt to organize all the world scraping so I Even better than that they got money So channel four paid them several tens of thousands of pounds so they could actually spend three months making all this stuff work So it's basically done it. It's there so There's two parts to this you got a lot of distributed information a good example was the bugs we were talking about this morning There might be a whole lot of different bug trackers each of which needs a different scraper script to scrape And then in order to have an overview of that you need another script to Use the database you generated from the set of scrapers to present information in whatever form you want So obviously the net never worked in here So I just got a few screens to show you the general kind of idea So this is a typical this is Lambeth County Council's licensing website for license applications for pubs and bars and so on Which is a list of PDFs absolutely marvelous just what you wanted to be a nice data source And in fact, they're scanned PDFs just for perfect perfect ease of use but in fact, there's a trivial little scraper which is about that long and Outputs a nice little map with Google blobs and if you click on each one It shows you who the licensee is and where the data came from and some details. So That's quite cool. You can do offshore. Well, as you can wander around this website He's full of useless information like the the toe ways in Lube Arna and you know Really marvelous stuff. So You can look at the notes about it. There's a sort of chat, you know comments on the on the data You get a history now if I do this There we are So you get history showing you that the scripts ran and how long they took and if we scroll down a bit You'll find that after a bit It stopped working Down the bottom and then someone edits the scraper again because the other problem is that people change their websites all the time Your scrapers die. So obviously having the old scraper, which just needs a little tweak so that it works again. It's really useful There's an API so that you can get the data that you generated out in Jason and Yammel and XML and CSV files And whatever the hell else you want and there's actually a built-in IDE in the system So this is it if you edit a scraper This shows you about how easy it is use this marvelous thing called beautiful soup So you just import the whole page into a great pile of tags And then if you just want to pull out all the data which is in TDs, you just that's it. That's the whole thing And then down the bottom here if there was some internet I could click on the run button And it would run it here and showing what works and I edit it and run it again. So it's you know idiots can write Scrapers that's basically it. It's it's pretty neat. If you have any scraping needs. This is the place to go and do it Thanks, Wookie. Up next is a Christian Peierre who will be speaking about cheese and wine over the years Yeah, we'll try to go through Five years of cheese and wine in five minutes And I tried to break the record of the number of slides in a key lightning talk with the 38 slides So let's go So this cheese and wine stuff how it all started well It started back in 2005 in Helsinki and a few pioneers among who were We see Matt Zimmerman Wanted to just to share some cheese with friends and all all of these pioneers where cheese amateur you can recognize Matt Mako, Anna, Moray And finally we ended up with ten different cheese a few one bottles and seven people actually those who were here Remember that there were many more people at the end and of course we had quite a long night so then we moved to Wartepeke and then to Mexico for the French cheese cabal was a little bit bigger at the time so we were like seven of us bringing some cheese and we have like five kilograms of cheese and some very very good stuff such as the Italian motadella and We have the huge crowd Two few tables. It was a very very big mess for those of you remember and of course it was great fun and We had a long night Then not at Depcon we had an internet in Extremadura. We improvised a small cheese party in an IATN meeting in Casa de Caceres This is the opportunity for me to introduce Nicola Francois, my cheese assistant. He's not here this year unfortunately We had the highest ratio of cheese per participant with cut four kilograms for 20 people Which was a little bit too much for our friend from India. I'm afraid and of course we had a very long night Then we moved to Scotland In Edinburgh, so it was a very messy cheese party because the speed place was very small It was the first cheese party with kilts We had too little space and of course we had a lot of fun But we organize ourselves. We bought bread actually we bought the entire stock of French baguette in the local supermarket And of course we had a very long night Then we moved to Argentina that that was a challenge moving to Depcon 8 in Argentina The place was quite nice. The venue was very well suited for cheese party The challenge was bringing such perishable material of a very very long trip But we managed to do it thanks to wonderful boxes and various tricks to transport cheese over a day The wine was well apparently excellent as far as I can see we had many good wine in Argentina And of course it was very long night Or then last year last year in Casares we had this very very famous local cheese named tolta del casar Very nice place too in a garden outside We had great fun with some nice things from Venezuela as you can see about 10 kilograms cheese which is really great Or the first cheese party with tea too. So that was fun also thanks to Andrew And of course we had a very long night That was the day you should have hijacked the python So the challenge the challenge this year was to answer this question Here are cheese and USA fit together Well the pioneers were back. So that was a good sign Finally we had we are met again with Anna and Matt that's all My estimated amount of cheese for these years was 15 kilograms which is huge We had a very very nice venue apparently it was quite fun And of course we had a very long night I guess some of you tried this cheese from Kazakhstan which is the one Exact one minute remaining and of course The challenge now is to see you in banyaruka have some good cheese over there And if you need to buy some good cheese, I suggest you try running this command line on your current laptop That should give you good hints for good cheese, and I hope you enjoyed these cheese parties. Thank you I just forgot something I would like to thank the people who helped organize this cheese party this year and particularly michelle I don't know if she's standing around here. I asked her to come but she's probably too shy So a big round of applause for michelle will help me a lot Thank you Thank you. Next up, uh, do we have dr. Dub in the house? No, well, let's uh quick announcement from daniel uh, hey, so, uh This whole conference has been helped out tremendously by uh, the columbia computing science research facility um, in particular, uh, their staff has just made Uh, all the things work here. Um, so we actually have a big sheet of paper for you people to just go There's a marker on it. It's in the cs In the the inner hack lab there. It's on the table that has t-shirts and and these badges I invite you to just go there and sign your name and say thanks And i'll be Making sure that that goes along with the the group photo to the cs departments that they have A memento of the time so if you have a chance over the next like in the next few hours Pop over to the cs hack lab and uh and sign that Sorry, uh, no Yeah Okay, uh, next up. We have uh, entwarn Who will do something about hyger? Do you need slides? I don't have any slides prepared, but I have a computer to do a Demo that will probably fail Can we do that? In five minutes you will have it set up right, okay So i'm just going to talk about it. Um Basically the while we can try to set it up while I talk but I'm not sure it's really relevant. Uh, basically the hyger project what it is It's a drupal website to manage a bunch of drupals right now. That's the first objective The reason what i'm talking about this right now is that we have another objective for the hyger project Which is which is to go beyond that Because basically hosting Drupals with drupals is is what we call, you know being an application service provider Software as a service or whatever Uh, for us that's only a small step what we want to do with with the project In the long term we want to rewrite our current hosting control panel software with it. So that means email support Jabber SIP connections, whatever, uh, and the reason why I bring this up here is that we've been talking about freedom box for a week And one of the things that's missing right now in the stack is glue to You know connect asterisk and jabber and email and all this stuff together and in my mind hyger is probably the right Project for that because first it's based on an existing cms. So there's already a lot of work done We don't need to rewrite user management and all this stuff. It's already all in place Second there's a huge community behind hyger because there's a huge community behind drupal Drupal is probably one of the most popular Free software cms out there and san francisco About six months ago. There were 4 000 people at Drupal con. So it's really huge. There's about 4 000 modules and It happens to be there happens to be a facebook module and they're also if you want to try it out I will never play with that crap, but some people like that um What else is there? Uh, yeah, so right now we have basically drupal support That's the first focus of the project so we can you know install drupals You can automatically maintain them upgrade them so that people don't have to do upgrades themselves. So people are secure We support multiple servers too So you can have your development environment and migrate your sites to your production servers or have multiple servers organized in the cluster for load balancing purposes We support of the apache Web server, but also engine x We have dns support. That's underway and I'm supposed to be Doing right now So it's almost ready So that means bind support but also dns mask And we also have my scale support and all this is abstracted to two layers So we have the drupal front end which is all modular bunch of modules that talks to a separate back end instead of giving all permissions to the web server so that You can write files and all this stuff. We keep Privilege separation so that there is a user a unix user A eager unix user that's separate from the web server that does the privilege operations Like writing the apache configurations files writing the bind configuration files and restarting the demons doing all this stuff So for me, it's an ideal Target for the freedom box And one of the reason the other reason why I mention it here is that I need help in packaging this thing I am the maintainer of the drush package, which is the drupal shell Which is a command line interface for a drupal which you can use to install modules and do stuff like that That's that was the easy part Eager is based on on drush. So that's the command line the back end part of eager is based on drush The stack above that is a bit more complicated because I need to package drupal Which is already packaged for debian, but It's not exactly the same thing. Anyways, you need basically To be able to install a bunch of drupals because the way we do upgrades and eager is that we Copy a site over then upgrade it so we can roll back Which means that you have multiple copies of the source code minute remaining. All right So and as per debian policy, I think it's kind of voodoo forbidden to do things like copies of source code So I wouldn't welcome any input on that Unfortunately the maintainer of the drupal project the drupal package is not here the conference, but if anybody has Ideas and how to resolve that I'd be really happy to help And if there are any questions regarding the eager project you can come and see me after or right now So I call it eager I pronounce it eager There are various pronunciations out there and french. I call it a geo, but it spell it a e g i r A e g i r. It's the Norse god of oceans because drupal is dropping water and it's the Next up we have uh, paolo dr. Dubb and Do you need any slides? Okay grab the microphone from anton. Thanks anton After dr. Dubb, we will have uh, meiko Hello, so this is a project We'll be starting next year with a colleague of mine in argentina the idea is Work a little bit in automatic reverse engineering So if you are an expert in automatic reverse engineer can help us because we are experts on natural language processing So imagine you get people who know computational linguistics and try to do reverse engineer for device drivers And it's all gonna end up in tears But the the idea we want to try to explore is in clean room reverse engineer You have two teams of people in clean room reverse engineer refer to the fact that you want to Build a device driver out of a proprietary driver without claiming that you have Disassembled and copy the binary code that is inside the device driver So for to do that you assemble two teams of people that they Don't spend time together in the same computers, but they communicate through documentation So the first team has access to the binary driver and runs a proprietary operating systems And then Look how the driver behaves runs nifers over the stream between the driver and the card And then write a whole specification about how this particular piece of hardware is supposed to behave And state machines, etc So we want to automate that part my my field of expertise is natural language generation That means having computers to automatically write text And my friend has it works on a grammar induction that might help for this stuff But if you have use cases, if you have some device that you would like to use and they're the vn Ping me on on on not yet see i'm dr. Dab There and The other thing is that last night I was reading a paper on this stuff that was published this year from switzerland If you want to read something about that that paper is really fascinating It's uh, they wrote something that automatically reverts engineer device drivers for network cards is Rev nick just search on google re v n i c What they do is they run a windows instance in a vm heavily modify vm And they have no hardware on the vm They just trap all the accesses to the hardware and they build a whole symbolic representation and from there they produce c code Of course, that's not clean room reverse engineer. That's akin to disassembling it But there seems to be a fair amount of progress on on on this stuff And last but not least people who came to my talk know i'm will be teaching a natural language processing online course for free software contributors If you are interested Look for me in irc. I'm hoping to start out on october and I'm You know two three people so far have had one and even with one I most probably teach it anyway, so thank you very much Thank you Pablo Again meco is next He's giving his lightning talk Okay, let's see. All right, so i'm gonna talk a little bit about lightning Um So as anyone here knows who's uh been in a lightning storm at lightning lightning is just sort of atmospheric discharge of electricity often accompanied by thunder Very quick travels at 60 60,000 meters per second and very hot over 30,000 degrees celsius now There's a little picture of lightning up here Which people should know so it turns out that a lot of people want to take pictures of lightning And that it's a little bit hard to do for a few reasons One is that it's kind of hard to predict when lightning is going to happen We may know that lightning will happen in a very short period of time like like tonight There'll be a lot of lightning, but we don't know exactly when it also Gets over and done pretty quickly and the other problem is is that um, we can take if we take a camera out there to Do it it tends to rain a lot with lightning and the cameras get tend to get wet as it turns out free software has uh Presented a little bit of a solution to this problem. Um through the cannon hackers dev kit, which is a Basically a piece of free software firmware add-on to existing cannon cameras Especially cheap cannon cameras the kind that maybe cost a hundred dollars or even fifty dollars if you get them on ebay and that that We don't mind when they get wet because we can always just get a new one There are basically two ways that people have been taking photographs of lightning using chdk The first way was sort of a simple wait and hope method The basic idea was to take lots of pictures over an hour for example Long exposure cameras and wait to hope that it'll work and the newer way Which has actually had some pretty cool results is using motion detection So the wait and hope method basically uses an intervalometer That is to say taking pictures sort of repeatedly by taking long pictures and with a reasonably fast idea SD card we can take Really have the the you know one second exposures or even you know two or three second exposures Which turns out to be about right we can have the shutter open Between 80 and 95 percent of the time so we can have a huge amount of Photographs and if we're looking at the sky we're pretty likely to capture a lightning shot Of course you have this problem that with very long exposures, especially with cheap cameras You end up with a lot of noise. So there's a method called dark frame subtraction All of this stuff happens automatically using chdk Tends to work poorly during the day with those very long exposure lights The new method is using motion detection written by a user A contributor in chdk, which basically uses variance and luminance on the camera sensor to Find lead strikes as it turns out the way lightning works is that there's almost always a A little lightning strike first and then right after it then the big one comes So it turns out that if you can capture that first one that that the that the hardware in the cameras Which normally we don't have access to but with with chdk. We now have the ability to manipulate. Thanks free software We can actually take we can take a really great lightning photography Using very cheap cameras and in fact Better lightning photography that we can take other ways and every photo because it uses this intervalometer And if you're pointing it at the dark sky, we'll actually have you can just sit it out in the field Maybe underneath an umbrella and every photograph that you take will have a lightning strike on it It also works in daylight Even holding with your hand The pretty cool stuff Here are some examples of lightning photography that have been taken with chdk Um, there's another one. It's pretty cool We check out that one pretty awesome, right taken just out of some guys window people of people have showed up on the forums being like There's a big lightning storm coming tonight. I really need to get this set up. Can someone help me? Um, uh, uh, this is one taken not a great photograph But this is actually it's hard to see with the light up here But it's actually taken um, uh taken with someone's uh taken in someone's hand Here's a again pretty hard to see. Is there a way to turn off the lights up here? Oh, yeah So so what's cool about so so this is the uh, yeah, check that out This is this is one that's hand not that great but hand done first first ever hand shot lightning What's cool about this one is that this is actually using hdr as well So you can take multiple um, you can take multiple photographs or photographs of the night sky immediately afterwards It turns out that there are scripts available. You can just get them online free software Put them on your camera and you can take photographs like here Here's another hdr One minute remaining taken in in in in remedy Uh, well, that's my uh, that's my lightning talk. Um, uh, but I encourage everyone to sort of get involved and do this Um, yeah, you can you can get some pretty great, uh photographs of lightning and so great There's one other thing that i'll say One other thing i'll say is that one of the problems with many of these photographs is because they're taken at night They're often very dark So sometimes you need to do a little bit of lightning and if i'd had a little bit of uh extra time I might have shown you how to do the lightning in gimp Thank you mako mako is uh Not only was his talk about lightning at a lightning talk and it was actually five minutes long But he also made all his slides in about five minutes in the hallway. So he's like meta mako If someone can grab the lights Maybe, um Next is going to be each other Well, there yes, i'm going to uh talk about the debian port to minix um For those who don't know, uh minix is uh academic operating system. It was designed to be uh taught as part of an operating systems course and it's actually uh, uh quite Has quite a long pedigree But mainly it's been languishing in the university world. In fact, uh linux basically exists because Linus was frustrated with not getting patches into minix because they wanted it to keep it simple for uh teaching purposes, but uh lately The development of minix it's minix three now, which is a slightly newer version of it has accelerated And it has a lot of more modern features And it's interesting in itself because it's a microkernel based operating system With all the things that You know academic types think they should be in an operating system You may know that there was a famous spat between andrew tannenbaum the author of minix and linus about how Olden obsolete and out of date the design of linux is But uh that that that that was mainly a theoretical kind of discussion of course linux one and minix didn't but I got interested in this about uh three years ago The only problem was that I wrote about it on my blog. So most people assumed it was some kind of arcane joke Which for some reason tends to happen to things I write about on my blog But I have actually been Noodling away at this for this time. I had like a disc crash and other kind of dead ends and so on and lost interest for a while and came back to it But in the last I would say month or two Things have started accelerating on the on the debian front as well The big problem I have is that uh one. I'm actually mainly a pearl guy I really don't know very much I took a course in operating systems in college, but I think I must have basically Dozed through it because I can't for the life of me remember that much about what we actually did but You know, I've been just learning as I go and trying out things and Porting things bit by bit Like I said, minix is developing very fast as well. So Every like a couple of weeks. I have to go back and review all my patches and redo them for things that have been added and taken away Mainly, I just wanted to say uh what the state state is so far. I was actually hoping to have Deep package working and deb's built during debconf You can actually run deep package right now, but it will immediately sag fall So it's not entirely usable right now But uh Well gdb also has not been ported or s trace or anything beyond like sticking printfs in the code everywhere Which is how I've been debugging things so far but There's some I've been working with the minix developers that hopefully will make some Changes to libc that I need and and that thing will go away soon um I am going to work next on porting the One minute being utils gcc and so on to get them up to squeeze versions And then hopefully soon after that, I will actually have something that I can pass around and get some more interest in that And I'll take questions later about in the limited time I'm remaining. I just wanted to share one other piece of Completely unrelated good news There's a mini debconf going on in india right now in the city of puna And they had capacity for 50 people. They were expecting about like 20 30 30 people to show up. They got like I think close to 200 people registering so About uh You know not all of those 200 attended by about 140 to 150 they're saying And they're doing uh bug squashing key signing t-shirts and tutorials and all that stuff So hopefully by the next debconf we might be seeing a lot more faces from india Thank you. Thank you Just one last thing. Uh, card thick mystery who's a devian developer will it was the organizer and i'm sure he'll be blogging more details about that Thank you. Jaller Thanks, uh, everybody. This is the end of the lightning talks. Thank you everybody who presented and sorry if Some people couldn't do it, but we're out of time. We're gonna have about uh, well big round of applause for everybody who did a lightning talk We're gonna take a a five minute break and then we're gonna do the closing plenary and that will be the last thing at debconf so