 Hello everybody today is are we nearly there yet? I'm just going to declare it three o'clock. Hello everybody welcome to the final Lightning Talk session of Decon 15. We have eight or possibly nine if we're running early speakers today and the first person here is DKG talking about working at the ACLU as a public interest technologist. Take it away. Hi I'm DKG. I work for the ACLU which is the American Civil Liberties Union which is a US nonprofit organization and I'm a Debian developer. So let me I want to tell you a little bit about what the ACLU is and why I'm there and I want to encourage you to think about if you have ideas about ways to do similar sorts of things I want more people doing this kind of work. So I'm explaining what what I'm doing because I want more people to be doing it and this is a crowd full of folks who I think get it and could could do more. So what's the ACLU? My slides are in the wrong order so sorry about that. Okay so the ACLU we are a civil liberties organization in the United States. We are interested in all different kinds of civil liberties concerns. So I don't know if you can see this from the back there but all different kinds of stuff capital punishment, LGBTQ issues, freedom of speech, privacy, racial justice, all sorts of stuff, national security and there's a section within the ACLU that's focused specifically on privacy and technology. So we're active in looking at policy issues around surveillance and around the way that technology influences the other civil liberties. So while there is a section here the ACLU actually also gets that privacy has an implication in all these other things as well reproductive freedom, voting rights, women's rights, all different kinds of stuff, the technology actually plays a role and so as a technologist I'm there at the organization and I'm often helping them with their legal struggles. So legally they're interested in some interesting stuff like suing the New York Police Department because the New York Police Department is surveilling pretty much every mosque in the New York City area. There's informers and signants surveilling everyone who's Muslim in New York City which is a pretty egregious violation of their civil liberties and our civil liberties in general as New Yorkers. We're also involved in helping lovely organizations like Wikipedia or Wikimedia rather suing the NSA for the surveillance. We're on the side of Wikipedia in this particular conflict just to be clear. So the ACLU does this legal and policy and legislative work and I as a technologist I'm working there to help them understand the tech and make sure that they get the tech right in their in their work. However they also get the technology itself has to do with civil liberties and so my work is not just on the legal pieces but my work is also in groups like standards bodies. So I work with the IETF I communicate with folks within the W3C. I'm involved with industry consortia. I'm involved with anarchist tech collectives. I'm involved in crazy free operating systems like this one and the ACLU sees that and understands that that is part of what we need to have civil liberties in society today. So ACLU is not alone in organizations doing this. There's a small handful of civil society organizations that are hiring technologists specifically not just to run the mail server and in fact I don't run any mail servers which is kind of a first for me job wise but the but hiring technologists to actually understand the technology and try to make sure that the civil society goals that we have play out in the technical realm and that the civil society changes that we try to make make sense from a technical perspective so that you know we're not asking for magical ponies we're just asking for the realistic ponies that we all deserve. So I want to encourage everybody here who is already I'm sure as a Debian developer thinking about the social implications of technology to consider the work that you're doing right now you know some work will just pay the bills and other work can pay the bills and potentially also help influence the society as well and if you have organizations that should understand this and don't yet I would love to help you talk to them and help them see how having a technologist who's associated with their policy goals with their social goals can help them achieve them but with technologists as allies in in whatever the particular social struggle is that they're working on. So this is an ongoing thing you know if you think about 40 years ago or maybe a hundred years ago in the United States there really were no public interest lawyers there were no lawyers in the U.S. who were who were you know there wasn't a class of lawyers who were doing public advocacy work lawyers work privately they worked on stuff and there are now organizations within the U.S. and their organizations around the world that have lawyers whose job specifically is to figure out how to make the world better technologists can be in that same boat and we're not there yet we're seen as the folks who are just like making sure that the wheels turn and we should be in there at a policy level as well and we should be helping make sure that our tech reflects the social goals that we have so I want to encourage everybody to do that email me if you have questions about it and I'm just DKG at Debian.org or DKG at ACLU.org come find me talk to me and make the world a better place. Thank you the next speaker is Christian Hamsus prison. Talking about SSH agent filter for login and pseudo. Actually Timo will do the first part because there's two protocols two things involved in here. So while you're set up I will shortly introduce what this is about. We all use SSH agent probably many of us don't like to use SSH of forward agent forwarding because it's kind of unsafe and there's a program that can fix this written by Timo and he'll explain what it doesn't house use. OK. Yeah. OK. So please replace local host in your minds with real hosts. You can log into another host and execute a command there. That's easy. You can log into another host log in to yet another host. Execute a command there. Oh no you can't. You don't have your keys there. But you can forward your agent connection and it works. But all your keys from agent are available there and the bad admin of that host can use your agent connection to log in somewhere else as you. So the solution is to do agent filtered SSH. You tell it which identity you want to have forwarded and it does that and the command runs. If you don't know what to forward you can just leave out the SSH agent filter options and it will present you with a menu. You can click any of these you want even multiple ones and it works and better yet you can have confirmation for key accesses but only for the forwarded connections. So now that we have confirmations that are not a little more configurable enter another tool that that's useful as agent and that's now sudo. So what's the typical configuration of sudo in remote setups? Either you have a password which you then enter into your unprivileged and potentially compromised you never account or have no password at all because things just work. But then again why not use that filtered SSH agent connection. There is a module called lip-pump SSH agent off which will just use the SSH agent the key that you're forwarding for authentication. The nice thing is not only does this check back with us it also tells us precisely what is going to be authenticated with PUM that is which user this is using what command he's running where sudo unboundary start what we are about to do so with unbound we will probably allow that then again if someone were to do this with DD sudo DD I don't need any password at all I just need my key ring and if I see this although I entered something else here it says I'm not sure you can read it sudo DD to HTA1 I'll probably not allow that and it falls back to password authentication or whichever other PUM thing there is. It has other nice uses as well for example if you don't have if you have a set up without passwords you can use CH shell as well and for the rest you can ask us later. Thank you. I think that was that was cutting it the finest yet. We had one second to go. Okay next up is Cyril Brelevoir talking telling us what does a DI release managers toolbox look like. There you go. Hello. So I would like to present some bits of my personal or not so personal toolbox which basically is di.dbian.org which is a machine administered by DSA where we've got a few scripts running and also we are storing here the the daily builds we do for the DI images. Basically before we were running on buildys and it wasn't really cool because the build scripts were running as route and you needed some buildy maintainer to actually fix stuff when stuff break. Thankfully that wasn't possible anymore with Jesse. So we had Aurelian and Hector help move that to portal boxes which means that I as a regular DD can actually fix stuff instead of annoying people to actually do that. So it's more secure. It's actually running as a user no longer as route and we can actually fix and improve and whatever we need. So that's that was really nice already. During the pump we had right before that some mipcell which was the last buildy we were which was being used. We placed now by Eda. Basically once you once the builds are okay the results so the images are uploaded to di.dbian.org but it wasn't exactly obvious whether the builds were successful or maybe only partially successful or maybe missing. We had some scripts but I tried to improve them to have some nice graphs and so some summary. So we have arch with some missing builds. Basically that means that the quanta that should have been running a few hours ago didn't run or didn't succeed in uploading results even failures but also arch with failing builds that mean that at least one target didn't succeed. Looking a bit closer on some graph we see that Armour has been struggling a bit because basically all right areas are days where there were no no builds. Basically there were some five system issues and so on. When everything is green that means that all targets succeeded and when everything is red all failed. Usually that might be kernel, ABI bump or broken network or whatever. And I'm not sure it's okay with the contrast but here on Armour HF you can see that only one target was failing. I believe that was some intermittent network failure so nothing wave. And sometimes we have both issues like the last build failing and then no build after that. So that's the kind of thing we need to notice as soon as possible to look into it and then fix the AI if needed or fix the portal boxes set up. I've got some kernel summary to make sure to track what's happening with the kernel builds. It's not really easy to read but there are some orange and red parts. Basically orange is all packages, all ABIs that need to be decrypted at some point and the red ones are missing builds because there was a failure to build or it's still waiting to be actually tried. So that's not totally interesting. We've got some Git setters to see what needs to be uploaded based on the Git commits that are above the last tag. We've got some dependency to checking. So basically testing is quite okay. Not so much in particular because of KFABZ and HURT. And we've got some nice graphs to actually figure out what's really bothering us like KROG object here with GTK3 which I mentioned in my previous work. So that's about it. Thanks. Thank you very much. Next is Andre Suri talking about OpenWRT, OpenHardware and other things. Okay, hello. This is a project we started at CZNIC two years ago and as a security research project, we gave away, well, we wanted to do research on the home devices and we found out there's nothing powerful enough to do real time analysis of incoming traffic. So we built a new home gateway which is completely built from scratch and it's open design, open hardware, all the hardware design can be found on our website and we distributed 2,000 pieces to volunteers in Czech Republic in exchange that we can monitor their incoming traffic. We don't look inside, we don't care about inside. So to use the experience we got in this project, we are right now working on design for something we call Tourist Light, which is actually more powerful because of the shift in two years in CPUs and also we learned a lot and it should be able to not take at gigabit speeds, it's open source, it's OpenWRT based in OpenHardware and it's auto updates. It also has some IoT capabilities which is so modern. It runs something we call TouristOS which is based on OpenWRT. It has automatic updates and users can install other packages there. It can also run Debian in a container. So I will show you a video we have of the, which is very short, you just need to know how to type. Meanwhile, the current design is based on Marvel Armada ARM chip. It's a system on chip and the motherboard looks like this. It has one gig of RAM, four gig of EMC memory and eight megabits of NOR memory. It has five plus one one gigabit port plus SFP cage. I think it's SFP password. It doesn't really matter. It has two USB ports and it has dimmable RGB status LED. You can configure light. It's a killer feature of the box. It also has three mini PCI express and one with M-SATA function. What's more, there's real-time clock chip and crypto chip for better random generator. If you want to know more, visit light.tourist.cz where you can find more information. We already have a design and right now we are looking away how to fund the production of the boxes because we are finding the development of the board and development of the OS because it's part of our mission but we really cannot donate more money to produce the hardware. We will give away to people. If you are interested in the box, feel free to enter your email and we will spam you forever from now. Not really but the end price should be something like around 200 USD. It's quite powerful box and we would really like to see it happen. If you have ideas how to mass produce the stuff then we would be certainly happy to talk to you as well. Thank you. Thank you. Our next speaker is Luca Bruno speaking about Rust in Debian. Okay. Hello. This talk is about Rust which is yet another language in Debian. First, I'm Luca. I'm also an IRC. My main role in Debian is annoying people like Enrico for corner cases like this. There are two Luca Bruno in Debian so please beware. Outside of Debian, I'm a security engineer. This is a good description of what I do. In general, I really, really love free software, Linux. I'm a back end and system programmer and this talk is about my love story. This love story is with languages for system programming. It first started with C. I mean, C is beautiful. A language where you can mix a while loop with a switch case and get something useful which also has a Wikipedia page. That's wonderful. But this story got a bit more mature. At some points, I realized that maybe it was like not a really safe relationship. So I started looking for something else and somebody suggested me C++ which is well great but sometimes it is a bit too chatty like the grand C++ explosion with one line you can get like a multiplier for 600 millions lines of error. It's like maybe too much for me. So I keep looking and looking and looking and at the end of the tunnel I saw a light. This light was Rust which is a new language which is being developed and sponsored by the Mozilla Foundation. This talk is about me trying to convince you why Rust is important and nice. So why? First because it is natively compiled. You don't need to carry around virtual machines which are basically eating all your memory and all your resources and it's based on LLVM so you get all the optimization that are already in LLVM for free. Then it is memory safe like many other high-level languages but it doesn't require garbage collection. I actually found this really nice picture which is both a good description for garbage collection and buffer overflow. It's a brilliant point. Then another point it has static as strong typing and the compiler is helping you with full type inference as you can imagine I'm not a great fan of duck typing. Then really nice we don't have all these object-oriented madness around. I mean if you love abstract singleton proxy factory bin that's fine but your kiki is not my king. Then another really nice feature of Rust is that the runtime is optional so if you want to write, I don't know, a kernel, okay if you want to write some library for another language you can do it. It's FFI for your other language. If you want to if you want to write something that runs directly in bare metal like on this board you can do that and we have much much more actually. It's too long to describe here. Bonus point we have it in Dibian. We have the compiler it's in seed. We have something which is called cargo which basically take care of managing all the dependency for you which is now sitting in you. I'm a FTP master and so please join us. Sometimes I have cookie for you maybe not now but that's our wikipage and we encourage you in joining us. Thank you. Sound. Hello sound. Okay so the group photo how hard can it really be? I mean really. I've been to DevCon for a long time. I just remember that I actually have been to DevCon 3 but my first four in the group photos was in Mexico. Yeah that's DevCon 6. It was pretty good. You can even zoom in and see individual people. You can really recognize some faces. But then that was just an accident. It was just an accident. It was a good but I know it now because with experience you actually know things how to do them right. So I'll tell you how to do them right and in the process what did I do this week. So you have to choose a location that is before the whole the group photo you need to measure the location. Just assume one step is one person. One step deep one line. That's perfectly fine and that's the maximum number of people you can you can fit into that location. You need sufficient size. You need a location that people can actually find because if you just describe something there around the corner nobody will be there. You need a high camera location. We'll get back to why that is quite important really soon and you need amazing light because otherwise it will be either blurry or unfocused which is another kind of blurry. So if you don't have enough of a height you might get to this kind of problem which you zoom in and you see that some people don't have too much space for their heads. The higher the camera is the more there is vertical space per person at the same density of people standing. So you need to have a quite a high angle. Another thing that is kind of a know-how for really large group photos is designated herders of people. So you see the venue you see how the people move you find out how different channels of people moving from where they are typically to the where the location is. You make one person per channel the person you can recognize and remember instruct them to herd people, instruct them to be last in the herd so that everybody is in front of them and instruct them to say to you yeah I'm here everybody from my side of the channel is here that's the job of the herder. Yeah you need to arrive at the photo place early and paradoxically often because you need to be there on the previous days at the same time to see how the sun falls. So you don't get some weird effects of very harsh light which we will see soon. You need to set up the camera I'll probably skip this part because it's quite technical and it's on the slide so people will understand but the most important things is sharp lens is the most important thing and a flash will not help you at all. After you've gotten all the people in the in the place you need to shape them. You must remember that people actually don't see where you're pointing at in a large group so you need to do them in a big wavy motion so that people can understand in a huge waves and only you can point to people when you say you you in a red shirt then they can understand. Make sure you see everybody faces and make sure there are no ugly holes which I usually fail. And that's what happens when you fail you get a very very weird shape. Also in addition in this particular case we also get some people in the sun which well you can see is quite quite weird getting because one side of the face is very light another side is quite dark and I had to really work hard to have this actually visible. Take the shots keep in mind you try to painting the whole crowd and not moving no not more than one frame half a frame. In the total this year I took 190 pictures from the roof 1.4 gigabytes then for each burst I found the sharpest picture 61 photos remaining. I used a hug in a quick preview to minimally overlapping set of images 16 photos but if you if you feed too much information to hugging it just gets confused. In summary you gimp the rest in after the hugging complete but basically what the basic process is you find the buggy faces you fix them with hugging masks you render you repeat you wait 16 minutes for it to render and try again because it shifts the line where it tries to render the images making this kind of artifacts where it renders the line or this thing which is just a wonderful face people move that kind of thing happens as well so you get this kind of result you fill in the blanks you fill in the rough spots if you have a very rough corner in in multiple places you put the next year's logo as well and put yourself in as well don't don't finish that that's very important part so that's that's the result that we can get into the end and time to make three hours in preparation six hours of post-processing thank you very much next up is Stefan Weil talking about Palma in Debian in Mannheim Bay thanks hello and welcome everybody my name is Stefan Weil and I'm going to tell you about a deep and based free development at Mannheim University Library large parts of our library are located in Mannheim Palace and where we transformed a former reading room into a modern learning center which opened in spring last year this learning center provides different kinds of places for working in groups and most of them have a large monitor where the group members can share their presentations and any documents students bring their own devices laptops smartphones or tablet computers they should be able to use these the team monitors by wireless LAN without any cables existing solutions did not match our requirements so we wrapped existing technology in a new web application which we called Palma the team monitor shows some short instructions how to use Palma which is an abbreviation of present and learn in Mannheim other libraries which adopted Palma later have chosen a different name like sprint which stands for study and present in teams as soon as the user connects to the Palma URL he or she gets a web interface which controls all aspects of Palma this is what the user sees in the browser and in the upper right corner you will see the connected group members then the user can show web pages in the left lower corner on the team monitor it he can upload different kinds of files also in the left corner for display on the team monitor or he can use screen mirroring of the local display on the screen monitor on the team monitor the team monitor can show up to four different windows at a time by changing the screen layout you see this in the left part there are five different screen layouts each window supports scrolling and zooming and other operations via the web interface the web interface is available in several languages most of them were contributed by students of our university each Palma monitor is controlled by a Deepian GNU Linux system running a display server the window manager web server and different kinds of fewer applications which are started on demand the user runs a web browser and optionally a vnc server for screen mirroring today Palma is usable in a trusted environment like university a private network at least seven libraries currently use it for group working places nevertheless we believe that Palma can be improved further and that there are more useful applications for Palma you can find more information on our website and also on github and i'd be happy to get your feedback or new contributions for Palma maybe there are also Deepian developers who are willing to support special software for libraries in any case just drop me an email thanks for your attention talking about convenient network setup for laptops this may be something that everyone has or actually not really a new thing but it may be what i used to do when connecting to networks especially wi-fi i used to run the EF done EF app commands pretty regularly to do that and i i do not really like graphical like instruments do this so what i did is yeah just a sec so i wanted something very simple and easy from the user perspective and i had a vps application set up previously i used it already but my missing piece was that there was no way to automatically get and update the ip addresses with dhcp then i found dhcpcd5 which is in the dbn it's already picking it in the bn so it sets up if i have a connection and my laptop is in an area where there is wi-fi available and i have the setup in the vps applicant it connects automatically and whereas the network link is up so it's associated it will automatically get an ip address for me and if i connect it with like utp cable to internet or i use my phone for tutoring it will get a second ip address on that interface and it will also set up a second default route with different routing metric so the the wired network will be will be more preferable that's what it will use to route my outside connection but if i also like if i i in the wired network i also connected to some local machine or something like that i can also use that connection as well so in this page i described uh this is my this is the url the this is cs tamas.hu there is a blog post there which you can find and the setup is described there the only i created a system d unit 5 file for for better integration i diverted the age client because i didn't find the efficient way to to remove that i use this and this is how vps applicant configured and all the thing i do after boot up is that i bring the interfaces up with and then everything happens like automatically uh this is how this seems uh with vpa vpa cli i can manually select networks if i want to i do not usually do that but if some network is preferable there are multiple level label i can manually choose them this is like a window i have it opened as the route user and yeah i think this is what i really wanted to say yeah i think if someone has questions like you know can can we or sorry yes uh just a sec i will try to set this bigger okay okay okay control pass that control pass doesn't work but okay c s t a m a s dot h u thank you very much we're going to just slip in two bonus very quick presentations um one from yarislav helchenko i have no idea what he's talking about but go ahead uh what do you want to hear about uh how many people are related to academia or research okay so i know what i'll talk about one russian dot com yo one and do this here we go you so and there is a problem in academia that much of um papers which we publish to describe some methods right they are often not um what is it they're not referenced in the publications because let's say your library is used somewhere under uh the hood of the application yes and where's your mode where's full page presentation here we go here we go so no logo yet and i want to present you do credit project which we started just a few months ago and there is no logo if you are keen on art we have ideas but we have no implementation and the problems i am trying to solve or we are with matel is not inadequate references of core libraries and data sets which are used in our research and that leads to the fostering of prima ballerina projects you would better start a new project instead of contributing to the existing one which is bad right um not all together but quite often so what we want to achieve is that to make it really easy to collect specific referencing four methods and software you use specifically for your analysis so not all together like what i have installed right but for this particular analysis what have i used and the idea is if you have something like this this is a simple script which uses psychics learn and sci-pi specific functions so what you will get if you run python-m due credit does activating due credit and we injected few references citations for some functions you'll get this report so you use sci-pi this version you've used this methodology which is referenced by those papers and a little bit more elaborate maybe example from our pymvpa toolbox where we already provided in citations for more functions so i've just ran a unit test which tests different classifiers and some algorithms like search light so it invokes them as a result i'm not getting all citations for what we implemented in the pymvpa but those specific units and then you could format it differently you could format that as bip tag and plug it in into your publication so how you could use it you could use that stop pi so which provides api so you save to put it in your code and start using those putting those citations in your code or you could add injections so if you have some software which you maintain and you want to have those citations provided for specific methods or you know that your method is implemented somewhere in python add us those injections then we could automatically provide those references for your papers and also we would love to have support for other languages we are already discussing matlab and octave and if r is big on scientific computing so that would be useful and cc plus plus there are ways also how to deal with this so thank you very much thank you now on to our thank you very much now on to the very last presentation it is valesio talking about debian art dot org are you ready um oh dear hi okay i don't speak english very well but uh i make this slide one moment okay okay um i make uh okay my name is valesio i make art to work for debian community for debcoff many years in 2007 i make this platform debian art dot org uh this is platform uh have uh one two zero zero uses you want that two gigabyte files that work for any team projects uh related uh of debian community uh make your papers website is a splash okay uh this is platform oh sorry okay sorry uh this is platform using php old version big version three years not to predate very books many problems in this debcoff i working with uh larissa haze jago ribeiro and emigrate this is platform to collab debian dot net this is collab debian dot net this is platform for no develops debian collaborations uh users and the collaboration community for debian artwork music design uh anything uh this is platform using nosferro uh ruban rayos postgres existing packages for debian my time be the zero developer you thank you that thank you the zero and seeing up this is platform as uh using callis design uh the same website uh you join and existing papers uh immigration debian art dot org to this platform existing view one two zero zero users exist the community also only uh exist two two three communities but okay uh exist it's possible uh events in the world of debian and articles uh anything uh images a dog dox no odf and and example uh julieta this is a user uh many collaboration collaboration for debian art uh juliet make this uh jazz artwork uh this is artwork now this jazz release made by juliet this is gallery julieta from debian art immigrated to collab debian dot not thank you thank you all very much for attending the next lightning talk session will be sometime in july 2016 in capetown