 So, for those of you who weren't here yesterday, which were also quite a lot, lightning talks are basically five minute talks that basically every congress attendant can give if he manages to register soon enough. And sometimes also three minutes, we'll have two short talks of three minutes in this session. And to make sure that all the talkers keep their time, we have this so-called timekeeper, a nifty device developed by Alex. Alex, would you like to introduce your timekeeper? Of course, I would like to introduce it again. But everybody was here and has seen how it works. It's quite simple. If your time, if your talking time starts, then just a minute, it should go green. Yes. No. It's still in demo mode. Intermittent failures for some reason. We try to fix it. I explain it now. And if your talk starts, OK, we have no network. Or maybe I explain it and you fix it. So normally this shows a green column that goes up to the top within four minutes. So you're still in a safe range if this goes all the way green. And then for the last minute, it turns, ah, there it comes. So that's what you see in the first four minutes. It slowly fills up. And at this point, you're close to four minutes. You don't need to hurry. You were talking so fast last day. And if everything is green, you have still more than one minute. Only in the last minute you have things start to turn a bit yellow. And for the last 30 seconds, you see the yellow signal going up to the top. And now you still have 30 seconds. And only when the red bar is on the top, then your time will for sure be up. And I think the funny thing on the Lightning Talks is that things are fast. Speakers have to keep to their time. And so except they ask for another one or two minutes and you give them the one or two minutes, they will now have five seconds. And if they have five seconds left, I make this sign. And you know what you do when I make this sign, five seconds. Five, four, three, two, one, ah. We have to try this again, I think. OK, just one more time because we don't have so much time. Five, four, three, two, one, ah. Marvelous. OK, very nice. So that's how we keep the time. If you lost, if you don't know when your time slot is as a speaker, then you can recheck this on the wiki mirror because I think the wiki is down right now. So just look at the start page. There should be the Lightning Talk, a link to the Lightning Talk schedules. The schedule for day four is obsolete. We don't have a current schedule somewhere in the web. Right now I will try to upload a schedule for tomorrow somewhere. So don't look at this page for day four. As a speaker now, you should sit in front if you know that your talk comes up soon. Then as soon as the previous talk has finished, you should quickly get up and get to the stage. Exchange the clicker so you can advance the slides. And remember to talk into the microphone. You can see your slides down here on the monitor. You don't have to turn around to look at the slides up there because then people can't hear you and you won't get your message across. The clicker should work now. We optimized the radio setup here. It was probably the range. And if you have big photographs on your pages, they might load a bit slowly. I think I checked it this time. So all the slides should advance quickly. There's a translation available for every talk. So English talks get translated to German. German talks get translated to English. Just dial the deck number 8014 for this room. Now let's have a great session and start with the first talk. Hello. We have... Functioned? Okay. We would like to introduce you to our project. Netentum XM. We have two scientific employees. Stefan and Johannes. I am Johannes. And this year we have thought a little bit more about our basic computer network. The basic computer network has been with IPv6 since 2015. There are about 700 students. That means that we have really tried out your goals and are not any fantasies. Overall we had 1,125 clauses. Plus, of course, about half of them for students who have not come and still have a car test print. We saw the whole thing with a few QR codes, carried out a correction, scanned all the things and in the end the results automatically came out. How does the clause work now? We have clauses, according to who wants to look at the whole thing, because also a scientific employee is coming. Every single clause is individual. Eventually they can also contain individual content. And every single page is numbered. That means that if we scan the whole thing and the pages can come together, we can assign each page accordingly. Of course, you need a lot of meaningful pressure so that you can print out 700 clauses in a single variant. Of course, the whole thing is kind of latex, mopedics, tics and a bit of make and a lot of sleepless nights. And the question is, if we now have the clauses, a problem is that we can't partially read the names or articles. And of course it is very sad if a student has written a clause with it. It's all stressful and you can't assign the results. That's why we have now the names on the clauses also rationalized and replace the whole thing through stickers with QR codes so that we can assign it. And that's what really happens in Hörsal. And only then is the clause assigned to a student. And it only needs a letter that can also be rationalized. So, after the clause, when we collect, we correct it normally. It looks a bit like this. The student writes into the mailboxes. And the special thing is that we make our correction notes into these small boxes here. So we cross the assigned points. Left split is first correction. Right split is second correction. And if we cross it, it can happen. So we have to fill out a little field here. Then we can cross it again. If you cross it again, that is, if you want to go back to the initial calculation, then we have correction stickers that you can glue over it. So everything is solved somehow. In the barcode, if you ask yourself that, there are only partial tasks, tasks and maximum target points encoded so that we can assign all the details to the image recognition. Anyway, after the correction, we cut the clauses here at the back of the barcode, just cut them with a stabler. Let them go through a large scanner and then make accordingly an image recognition, an evaluation, especially of these small points boxes. We can no longer count ourselves with it. It is also somehow stressful, at least, I always get headaches when I have to count points together with the correction. After that, we have a single sequence of individual results. We can bind the whole thing as a PDF. We can set up the view without presence. We can set it up online. And maybe we can somehow activate it digitally, as far as the right distribution is concerned. Here we now see an evaluation again. This one side here is then generated. That comes out of technology again. Here we see the individual results, for example, here in the repetition test, what the member had with him in some assignments, the total number, the achieved note, the note interval in which it is located, so that we know how many points we might need until we get to a better note. And even if there were any mistakes with the image recognition or with the view, then we do it down here. It also happens digitally, so that the student can see what happened, whether there were changes or whatever. For the future, we are still planning a graphic surface. At the moment it is all a script collection, i.e. only for nerds. We also want to program a smartphone app, so that we can actually digitize the application and control it, so that we know how many clauses we currently have when collecting, so that we don't have to count at the end. And who wants to take a look at the whole thing, you can find us down in the hall, behind this little wooden house. Thanks a lot. Next talk. EasyRPG. Hello everybody, I'm Gabriel and I will talk today about the project where I'm involved in since five years called EasyRPG. This is an open source re-implementation of the RPG Maker 2000 and 2003 engine. If you've never heard about this engine, it's basically providing a toolset which provides an editor with a user-friendly interface to create your own RPG games which are in the style of Final Fantasy games from the NES and Super Nintendo era and, of course, an engine to play it. And there are many games created with this engine, some popular ones, especially in Germany, for example, a vampire story if you're a bit older, you have already heard about them because they were shipped many years ago on Bravo's green fun CDs like, for example, IV, Watanohara and Humaniki. Yeah, first a bit about the history. So the original engine was, of course, released in 2000 by a company called Eski Corporation in Japan only. And then it was illegally translated to English by a Russian guy called Don Miguel. I have no idea how this guy looks like, but he shipped a sample game with his illegal translation and he chose this avatar of himself. So you play himself in this game. And this fact means basically all games that were created with this engine outside of Japan are illegal. So... Well, but there was something really unexpected for us. In mid-2015, there was an official English release. So it was really shocked for us. So Eski means, oh, was our project for its completely useless, but no, the official company lost their source code. So they also can't extend their own engine. Were we lucky for us? So what is our motivation? Well, we're using Windows only, so we want to try two different operating systems, so it's also cool to play it on mobile devices. Yeah, then the original engine was engineered by some people and they added assembler hacks and patches to extend the functionality a bit. There's really a pain for us because we can't really emulate this, but there are only a small amount of patches, so we can at least simulate a few of them. Yeah, another issue is that this program is from Windows 98 times, so it's not supporting Unicode. So it basically means when you create a game here in Germany, a guy in Japan can probably not play it because it's a different code page and you also can't play Japanese games in Europe. So here's a screenshot of one game on the right side. You can see the correct Japanese name, but when you want to play this game on your German Windows, you have to use the final name on the left. So some random mochi bake. And of course, resolve this problem and of course, we also plan to extend the engine later maybe with additional functionality instead of sticking to unofficial hacks and patches. Oh, and there's also one interesting thing. When you look at Japanese games, they always use great games only by using the functionality of the original engine. These patches are only used in Europe and US, so different culture. So what do we need? Of course we need some users to play with our engine. We don't really collect any statistics or we don't know how many use it, but we also have it in Google Play Store and Google is so friendly to provide all the data to us. And so we know that most of the users are from Japan. 50% of the users are from Japanese and it would be nice to have some shift to other countries. And of course, we also need developers for the player and for the editor. The editor is basically currently on hold because we have no developers for it. And there's also now this official release which you can usually get in the Steam Summer Sale for five euros, so there's not much motivation anymore for the editor currently. And we also need artists to replace the so-called runtime package. They provide default assets that are shipped with all games and we want to replace them with three relative common ones. The cross-platform, we are known basically all systems besides the standard ones, also Android, V, the 3DS port is currently working progress, but we come someday. Yeah, and you can of course also play it with our ASM.js Compile version now directly in your browser. So if you have a laptop with you, just visit iseasy-rpg.org. Yeah, then you can play directly our test game in your browser. It runs best with Chrome and if you use Windows 10 with Edge browser, it has a slight audio delay, so it's not as nice. Yeah, so I will keep it open for a few more seconds, so you can type in the URL. Okay, yeah, so if you have any questions, just talk to me or write us an email or easy RPG at Freenote. Thank you. Thanks. Okay, we'll continue right away with the next talk. Do I have to click myself? No. Very nice. Hello. For original legal reasons, only parts of the broadcast are included in the podcast. Of course, it's not for this lecture here, but it concerns itself that when you listen to podcasts on public and legal radio stations, you will probably have seen this text earlier or later. I got annoyed about that. I would have liked to have the broadcasts on the Bavarian radio station, for example, or on the German radio station. It's a bit easier. Or on a Munich student center. I would have liked to have the broadcasts one-to-one, which I choose as a podcast, which I would like to subscribe to as an RSS feed. And I would also like to have the metadata of these broadcasts as open data, for example, in a few years to research how often the provider, who has the network, in the tomorrow's broadcasts is interviewed on the topic of network strikes, lock-finger strikes, and then to see that it is always active over several years. Now there are, the radio stations have huge budgets and huge organizations with billions of budgets. With huge right-wing departments, with huge IT departments, they can react not so fast. They can do a few things very well. They produce content, they do that very well. In addition, they can send every mouse hole to the province. But what they can't do, is already sending it to reliable podcasts. As I said, the data for the broadcasts is given as open data and the podcasts are kept without there being a lock-finger strike and the broadcasts disappear or they are quickly removed from the podcast. But what everyone can do is to buy a Raspberry for a few euros, install the radio recorder from me, then you have to choose a domain name because RSS feeds want to know where they are, so that you can call them and a user name and a password for the mp3 when you put it into the network because private copy can only be distributed, and not very often. And then you can do something like that in the TV, I can't do anything about it, but then you can record radio broadcasts as a podcast, listen to it permanently, with music, as it was completely sent. And the broadcasts remain permanently available and will not be removed after a few weeks when the radio transmitter is funny or when something happens but they are there and they remain there to pay for the end. The whole thing is running in my network server. It was developed on a Raspberry and runs on a Raspberry. There are now 700,000 transmissions of metadata lying around. There are about 7,000 recordings that were made during the time and then of course thrown away again but just as I want that I want to send it. And there are currently only 11 transmissions that are the ones I listen to myself. You have to write a scraper for that because you have to distill the program information from the HTML. The transmissions don't offer any open-data formats. And the thing is going on for a few years, wonderful. I would be interested to simplify it a little in the course of time. It's a wild technology mix that I developed and experiences that others do with it. Maybe it's interesting for journalists who want to observe the media what was sent where, your own archive. You don't want to be on someone else's own archive I thank you for your attention and wish you a nice congress. Thank you. Next talk is going to be in English again. Panopticon Hi, good morning. I wanted to introduce you to Panopticon a game of data and control. A couple of years ago I was organizing Brighton Crypto Festival and we were trying to think about ways in which we could involve kids more and stuff. It was kind of a crypto party with talks and other things but we wanted to introduce kids. So we came up with the idea of making a board game based on kind of loosely based on the idea of Panopticon. Everybody here know what a Panopticon is? So the original idea of the Panopticon was actually a prison and the idea is that there's this central point in the prison, this tower a control tower from where the guards in the control tower can see everybody in the prison everybody around in the cells. And the point is that it could be that the guard was watching you or they weren't and you didn't know in this illustration it's one of the original illustrations you can see the guard but the idea is that maybe you're being watched or maybe you're not but the point in the central idea is this tower which can control the zone that it's involved in. So talking to a colleague Mafje Alvarez who worked on some games things we came up with the idea of a board game and as we were making it up as we went along we decided to what do we have at home, everybody has Lego so we decided to build this game based around Lego. We created as you can see we've got a scrabble board we turned upside down there we created some basic characters again in this hexagonal form in the form of the Panopticon and the basic idea is that the blue crystals you can see is a person's life on the internet or on the web each player gets a card which is defining the part they have to play in the game and the idea is to accumulate as much data as possible as you accumulate data your tower rises and you become more powerful by and your reach extends you can see further you can get pieces from further each of the different colored Lego blocks are pieces of data and if you can get the crystal you win the game at the end of the game the person with the highest tower has the most power so we decided that it's an open source game it's under creative commons license and we put it on github so you can fork it, you can take the game you can do what you want with it we just developed it at this time for this specific purpose you can take for example the character cards you can make your own character cards you can redesign them into whatever you want to use it for all of the development we've done actually of the game has been by playing it at different events and things this was again in Brighton a theatre company that wanted to work on some ideas about data and control and things so we actually took it to this theatre company played it with those people developed it there this was the first prototype we just accumulate any bits of Lego we could steal from our kids and gave different characteristics to them power ups etc etc again another viewpoint of the more developed viewpoint of the game I guess you all know that saying we decided early on that within the game we weren't going to make it so that you could only win by being good if you want to be an asshole you could win the game and accumulate and get as much data as possible from the others you didn't have to be good or bad because as we know technology is neither good nor bad nor is it neutral the information for the game is as I say it's on the github page I'll like the last guy I shall leave this up for a long time so you can get that down you can contact me if you want but you can just take the game run with it develop your own versions of it use it for whatever you want, translate it if you do anything please ping me and tell me what you're doing with it and what's going on, how you're using it I'll be thrilled to know that and I'll put it up on the site as well so thank you thank you now I think the next talk is going to be 16-9 Geocoding I think it also has 3 minutes so let's go Hi, I'm Thomas I'm doing stuff with OpenStreetMap Geocoding is a very complex topic in geoinformatics and geo stuff in general and that's basically the process of transforming an address into or a description of a place into a coordinate so you type in like your street in your city and you get like a coordinate on a map and it sounds pretty easy but it is not because the general approach that nerds take is look at the technical aspects of this stuff so they think let's do some elastic search and some string matching look a bit on the string and then we're going to be fine and we're going to find the right place and normally it doesn't work properly because this is not a technical problem this is a cultural problem because yeah because you have things like ranking so you can mean something different than the computer is thinking so you type in building and the computer thinks oh there's a restaurant called building but you mean the city and there's a whole set of cultural problems because we know addresses in a different kind than people in Japan for example there are no streets or like blocks and so on and we need to understand the cultural problem of noting addresses and of this whole structure worldwide and I want to kick off some intercultural collaboration for that so I want to have some approach for that where we take together all the data from worldwide how we note addresses and put it together in like one one collection of information of knowledge about that topic I started with a small Git repository I have some technical problems with the pointer where we when or where I want to define queries conventions and limitations of addresses with people around the world so people from other regions from the world can collaborate and add the data and describe how addresses are noted how places are described in the place and yeah I started with the German specification more or less where I wrote down how addresses are normally noted how postal codes look like how streets look like and how people normally note addresses and I want you to collaborate and I ask you to add your data especially from another country in Germany tell the world how addresses are used in your country yeah look how we can have a better geocoding in the future thanks thanks so I'm sorry video people it was actually four to three so false alarm okay hi I'm Janosch and I'm doing some research for my master thesis at Technician University at München and it's a cooperation with Hochschule Rotterdam and the Weitenschapelleck Untersuch and Dokumentarzeitzentrum so it's the scientific research and documentation center of the Dutch Ministry of Justice and they have this idea of a cybersecurity dashboard they are monitoring some cybersecurity state of the Netherlands and they want to have their governmental infrastructure and also the critical infrastructure of the country to be secure so there shouldn't be any threats and if there are some threats they want to know about it and they have this they have this idea of this dashboard that could probably help search to give some knowledge about it but the problem is what should be visualized in that dashboard and in which way and for which people what I was thinking how do those people especially inside the government think about cybersecurity what does that mean to them and how are they differences and I did interviews with seven people from Dutch governmental institutions and I grouped those people into operations, analytical and management people and my assumption beforehand was that if you want to try to build a dashboard for so many people there will be problems because I think especially management people have a different understanding than the others so one question that I gave them in the interviews was there is Alice who works for a bank and she regularly accesses data on an application system and the system is in the internet Mallory does not like the bank and how can he steal data from the system and then I asked the experts to explain to me how this attack from Mallory could work and this is now an analyst who described to me Mallory sent an email to Alice this email looks identical to the one from bank and it says your account has been hacked we have taken measures to secure it but you need to log in and make sure everything is secure when she clicks on a link she doesn't go to the bank she actually goes to his Mallory's malicious system which looks identical to the bank as she fills in her password and username the password and username is sent back to Alice so this explanation goes a bit further it was a bit more detailed but overall he described so this analyst described a phishing attack very detailed and also made a nice drawing for that so there is the phishing email to Alice and then she accesses his server it forwards the request and so on and when I gave the same question to a manager this is his answer Mallory would give some input to the malicious system to start the attack then the system would try to hack or break into the application system of course disguised so Alice sees something but does not realize that it's a malicious attack or it's a malicious question or a malicious query she then gives some input to the application system to send out information which would get back to the malicious system then I asked okay what kind of attack would this be so if we think back at the question how can Mallory steal data from the application system I think a DDoS attack would not be the best for that and especially the DDoS attack the target's the application system and then still Alice is doing something on the server is kind of strange so those two are just examples that I got from those seven people in general what I've seen is that the management people were less able to really nicely describe an attack they were mixing the steps in the attacks they were less fluent with the language so DDoS attack for stealing data I'm not exactly sure if he really didn't know the understanding or he was just mixing up some stuff and the descriptions were less detailed and more important details of that so for me that's a sign that those management people have a less or a more superficial mental knowledge of these attacks and therefore they probably need different information in a different dashboard I've also some more data on what questions what data they need for the dashboard and that's my next step how to use this information to design a nice cybersecurity dashboard ideas just contact me the email is on the slides thanks thanks next talk cloud fleet also three minutes express round please go behind the mic I want to present our project cloud fleet it's a private data center we want to distribute the data center as well as apple distributed to users okay so the problem is that cloud servers are not secure if you don't pay for the product you are the product so companies use your data basically to make profit of it the solution that you maintain your own server is a pain and takes a lot of time and effort so we propose a solution to make it easy for people to host their own private data center it will be thanks to Moore's law it can be pretty small and everyone should have their own private data center at their home so to make it possible for everybody to have privacy and not only for the people that are technically adept we want to have a very easy setup process so basically you pick your domain the data center under you get sent the device and you plug it into router and it's done you have a global access to it under blimp.theDomain you select it and you have a replacement for Gmail and Dropbox just at your fingertips so the services that we will provide in our project we will register the domain you have a zero-knowledge backup that is encrypted on the device there will be security updates there will be a transparent HTTPS proxy that you can access the device from anywhere and we will also take care of the HTTPS certificate signing so you have a valid certificate for an end-to-end encryption from the browser to the server all data on the device will be encrypted there will be a full disk encryption for the data even we will not be able to access the data that's the most important part you want to have full control over your data you don't want to have full control over the algorithms of your data that's why everything on the device will be open source and we also will have an API for packaging your own services that use this as a data backend as a storage backend for your data we don't want to create another secure mail client just another file sync thing so we will use existing projects we work together for example with the people from MailPile who created a great client that makes it easy to send PHP encrypted emails we will use the open sourced Ubuntu file sync server and we just aim to package the best projects to create a whole new level of a distribution that makes it easy for people to replace cloud services with a private data center so today just now we started the crowdfunding campaign for the first people that want to have privacy really at home at their fingertips you get 50% off and if you back us on the first day we will also ship it to you for free and also this evening we will have a party at the boat in the harbor that we are talking actually and if you back us today you will also get a free drink at our party there is also free food so this is our home page cloudfleet.io you can go there back us on Indiegogo it is possible to really distribute privacy to make it possible not for people like us who are able to set up their own server but also for everyone to have an easy workflow to basically erase blankets by taking the data back to the people giving the control over data back to the people that own them that's our page thank you very much sorry for the mix up you actually had 5 minutes I guess people noticed that so next up is OpenH and Kevin I am still looking for the slides I seem to have misplaced them here you sent me an update right? yeah yesterday I mean I got them at some point but they are not in the folder where they are supposed to be of course that does not go out of your time right now I think I have to check my mail yeah okay can you just tell me the URL yeah everybody whistle the jeopardy melody please almost almost so yeah we have to wait for the wifi so as always we obviously submitted one minute before the deadline no oh jeez yeah slow the wifi is slow it is not our fault please switch off your wifi actually it is totally my fault I am very sorry for this maybe we can just switch no no so you get tells me come on let me thank you okay then what talk is next session is over this will take 5 minutes according to wget maybe we should switch talks right now and you come after the next talk I am really sorry guys for the mix up oh jeez something has to go wrong after so we can talk about Balkon now there you are very nice okay can I start slides please what is Balkon Balkon is Balkon computer conference it is we replaced in 9, 10, 11 September Novi side in Serbia you can find here our website and this year the new thing we have the badge included in the ticket price so what is Balkon Balkon is international hacking conference organized by linux user group of Novi side and Valhalla foundation it is a fourth time that we organized Balkon conference and until now we are very satisfied you can find on our website all the media from the last three congresses it is included it consists from the workshops, lectures and different presentations so if you have some interesting talk interesting presentation we are invited to send us your submission our CFP our goal is to gather a community on southeast Europe because the economic situation that part of Europe not so good as in the rest of part young people cannot so much travel to different conferences hacker conferences especially so we want to organize for that people something similar the CCC or other hacker conferences in Serbia and Novi side so they can come there join us play with us, hack together exchange knowledge get to know each other so we are a central hacker community in that part of the Europe so important dates until first of July our CFP will be open it will be open from end of the January I think so and the final will be 15 July and in September there is a conference so sorry we have a lot of questions from our website or information or if you have some questions you can send us on our email you can also follow us on Twitter and you can find us also on your channel on free note so if you are interesting if you have something to talk with us you have some interesting topic please send submission to other communities with other groups of hackers so please join us and I hope you will see you in September in Novi side thank you so I'm still downloading with 25k per second it's really slow still takes 5 minutes so we take another talk in front of that don't worry guys you will still get your time useless bandwidth so next talk is going to be breaking RSA are you there yeah there you are so my name is Jan Ruger and I will tell you how to break RSA by using software defined radio so this is a tech set of that I've used so on the left we've got the device that we're going to be a tech and the electric magnetic emanations of this device is going to be picked up by the antenna on the top and then digitized by the str receiver in the middle and this will then be analyzed by the laptop on the right and usually the side channel effects are located at frequencies lower than for megahertz so for most str receivers you will also need an additional up converter so if you start a program on the device on a test you get a spectrum that looks like the one on the top so as the program is executed and your carrier frequencies are appearing so what you can do is an amplitude modulation to get an indication when the device is performing computations so this can be used for example for alignment and if you have a closer look on the test program that we've used you see we've got three lines the first and the third one are just dummy operations and in the middle we've got an open SSL exponentiation routine and if you compare it to the spectrum you can see that as the exponentiation routine is executed we've got very much noise on the frequency axis so this is also an indication for that that this carriers are holding frequency modulated side channel information so you can use GINradio to demodulate those signals and what you get is a spectrum that looks like this and again here we can clearly distinguish between dummy operations and open SSL exponentiation and so what we now need is a way to get information from those spectrograms and one way to do so is to use differential power analysis that was first introduced by Paul Kochar and the cool thing about this is that you can also apply it to spectrograms so you're choosing two arguments and performing repeatedly measurements with both arguments and then you can compute the difference of the side channel effects and this will show you basically a DPA spectrum that shows you when and time and frequency domain both values are causing different side channel effects if you compare it with SSL exponentiation and we choose one argument lower than the module and one argument greater than the module you get a spectrogram that looks like the one on the top so you can see great differences in the side channel effects if both arguments are lower than the module and you only get noise so what you can do now is you can distinguish if the input to the exponentiation routine is the module this is interesting because RSA by using the Chinese root minor theory uses the secret prime as the module for the exponentiation so conclusion we can do basically a binary search by using the side channel effects on the secret prime and in practice we roughly needed 120 traces to distinguish both cases and we were able to extract one bit within 27 seconds so in practice this isn't that easy great countermeasure is blinding that is enabled by GNU-PG and OpenSSL by default and it will basically randomize the input to the RSA decryption so this attack isn't possible in practice but very interesting from a technical point of view yeah, GNU-Ray is awesome on the bottom you've got the link to the source code if you've got an SCR with you you can clone it and play around with this, have fun and thanks thanks a lot so now OpenH and Kevin can we can start with these two projects so these are actually two talks consecutive talks one is three minutes and one is five minutes which one is going to start? okay then let's go with OpenH so hello this is and this is and as last year already we are still developing free open source engine for Age of Empires 2 called OpenH now we have a really cool logo yeah where is the presenter here very good we still require original assets and try to do a very good gameplay clone with optional goodies and the main focus is actually on the modability because you want to extend that stuff this brings us to unlimited possibilities so you can probably implement a zombie survivor will defend your fortress map some day with more than 8 players an infinite minecraft like map with sane networking that doesn't work all the time have over 9000 units better team interaction like map painting and stuff, weather, fire and in the long run we are planning to have competitive matches with matchmaking and stuff okay so we have noticed there is a lot of similar projects that are doing the same thing for other games so maybe there should be some sort of open game clone alliance thingy just thinking so our basic technologies are C++ and Python and humans maybe who are trying to mix up all that stuff into a game and we have prepared some screenshots to get your view of what it looks like right now like this is live game engine output and the new things we are currently working on and will be there is OpenGL 3 renderer Vulkan as well we are trying to use Qt5 for GUI implement Nyan as a content description format alternative to Yamle and use some really cool pathfinder technology that has probably never been used in RTS so far the more bigger to-dos are of course AI, networking multiplier, tarot elevations is the thing we haven't done yet and also the whole tech industry stuff which is really complicated if you have a look at it we are still developing this on GitHub and it's a spare time project with no deadlines obviously so we are trying to do this thing in the right way and this also contains an infrastructure optimal infrastructure goals which contains lots of style checks, a same build system tests etc etc which is driven by continuous integration but we figured that our current system Travis is actually pretty sucky because the build takes no no no the talks are consecutive the Travis system is pretty sucky and takes a long time to build our stuff and this is why we decided to develop a new system called Kevin which pretty much works in the same way as Travis but is hosted on your own machines next slide previous slide so Kevin contains several components that are interacting with each other, they can be hosted on different machines the core control component is called Kevin it receives it receives a notification from GitHub and then it requests a new new VM from Falk and Kevin launches a component that clones the project, executes the project and reports results back to Kevin which then posts them to GitHub, to IOC wherever you want the control file is as with Travis within your project and looks like a make file this time not YAML so you have steps that are executed top-down which may depend on each other you can configure all kinds of stuff and all these steps are then reported in live in real-time back to GitHub in practice this looks like the following so I'm submitting some pull requests there and GitHub shows me that Kevin is now cloning the repo the steps are received back and then executed and we see one of those steps failed and the others can't be executed now because the dependency somehow messed up you can look at the actual output that happened in the VM by Kerl currently and see that we messed up in the answer part and missed to include OS so we patched that and then after we fixed it we run that thing again VM is booting steps are executed the parts are run all checks are passed and we can now merge that request and all this happens in real-time so you can really see how the things pop up the VM is deleted and all user input is discarded right so that's what we are currently at of course we are planning to add some additional features but there is not really much to do actually like we want to have a batch which you can include in readme.md we want to be able to run the whole thing on the local machine so you can check whether it will run even before actually submitting the pull request we want to automatically parse the compiler warnings and make Kevin post comments and a proper code lines of the pull request which is a really cool feature you can comment each line of code individually and of course there is a web front and Mandy which doesn't exist yet so right now the only way to get feedback from the build is either you can watch the live curl output or you can just watch the stuff that Kevin posts in GitHub so yeah we can only encourage you to ditch the cloud and maybe try a self-hosted service buildbot and Jenkins and stuff but yeah it's Python 2 we of course use Python 3 and buildbot is now kind of complicated to set up because there are not many templates and stuff and the GitHub integration is not as cool as ours and live and of course this is also a part in a site project of OpenH so we can enhance the experience for you the developers that hopefully help us create a really cool game that does not exist yet so if you have any short questions now I think we have even time for that questions no? So if there's no questions there's one thing that we totally forgot to mention earlier of course we want to thank our OpenH community the developers community they have made some awesome contributions like most of the actually visible features are not made by us but by our internet community thanks you guys, you're really great they are out there watching us now so hi thanks so now last talk before the break Strichliste 16 to 9 I think and then we thought about what we need for that of course open source because not only we want to use it we want to use it a lot it should run on every platform should be well documented and everything should be separated by the rest API and it should not become a business system it should mainly go around books the server that is written in Node.js the unit tested currently uses SQLite as a database it is planned to use multiple or different to use and provides an API with which you can make transactions can look at overviews but also can see statistics how much was used currently there is a web client that is written in Angular.js and every browser works is the layout responsive and only uses the rest API the servers currently there are also different languages German, English, French, Portuguese and Turkish that's what the interface looks like typically a tablet on the bar you can simply click on the user and see his overview currently has the 3 minus you can see through which transactions came to stand you can then book the contract the overview time goes back that means you can look at all his transactions there are still a lot of features that are planned for among others that you can directly do the translations from one customer to another split calculation in the form of someone cooked and would like to share it on various meals but only as a mapping for prices that you can use a barcode scanner a pin protection was asked for accounts for people who do not want to book other contracts email instructions for calculations monthly, weekly, as always and much more we want even more developers who do it, there are already some spaces that use the whole and also contribute to it the whole thing is on github you can look at the website of the line you can see everything there there is also a demo I am here from the business assembly and ask me any questions thank you thanks a lot we are right on time for the break we managed to not do any overtime here so we will see you in 15 minutes at 2 o'clock then the second part continues are the integrate people around All right, let me just say it again. So if you come up to deliver your talk, please remember to talk into the microphone. The people on the streams can't hear you if you turn away from the mic. So trust the monitor on the floor. It really shows the same thing that's up there. And yeah, the mic is your friend. So let's start with the second part of this session. The next talk is going to be check my HTTPS. As I said, talk into the mic, please. So hello, everybody. My name is Raphael Pion, and he's my friend, Hugo Medzany. So we are two students from France at the EACIA. It's a graduate school of engineering, specialized in IT security. So we are working on a project for the operational cryptology and virology laboratory, which started six months ago. The original idea comes from Rexie, a researcher belonging to this laboratory. So when you're browsing on the HTTPS connection, someone could probably decrypt your connection to steal a bank account or any interesting data. So the website server certificate seen by the clients will change. And this will involve an alert. You could accept this new certificate, but we not recommend you to do this because you will accept a man in the middle attack. But sometimes, this alert is not always present. So for example, a company network firewall can offer options going against the privacy of its employees, especially SSL inspection, which decrypt their HTTPS traffic. The firewall manufacturers justify the addition of these features for security reasons. Indeed, encrypted traffic could be used to bring malware or viruses into the company network. So a SSL inspection works the same way as an SSL man in the middle attack. The firewall spoofed the identity of the consulted website by forging its own certificate. But in addition, the IT team can easily upload the company CA certificate on all the equipment. So when an SSL inspection is enabled, nothing can detect it for a new me. So you go. Hi. So to reveal that kind of malicious practice, we developed a very, very user-friendly add-on for Firefox called Check My HTTPS. It will compare the server certificate viewed by the clients who is using our add-on than the server certificate viewed by the server of Check My HTTPS. It's very simply. It's an open SSL command which calculates a fingerprint of the certificate of each side of our system. So if they are the same, you're safe. But if they're not the same, you're probably intercepted by an attacker who performed an SSL man in the middle or an SSL proxy installed on your network. We designed this add-on to make it very easy to use. As you can see, you can get it on our website, CheckMyHttps.net. We find all the sources on GitHub. And learn more about SSL inspection. And you will find some very famous software like Avast or Kaspersky, which performs that kind of practice, so SSL description. So you can download it on your computer, and try it at home during the travel when you are using an intensely public within network, which can be very dangerous if you are checking your bank account or in your company. It will reveal if someone or something applied any certificate to decipher your SSL traffic just by showing you a very big red lock on the right of your web browser. The main goal of CheckMyHttps, our add-on, is to protect your privacy by showing you the state of your SSL connection. We are developing a second version of our add-on. It will be faster than the first one in the future. On Google Chrome, you can get it. Voila. Thank you very much. Next talk, let's get leaving the geeks then and entering the internet governance world. Hi, everyone. My name is Fariz Anabedi, and I'm going to encourage you to enter into internet governance world, hopefully, effectively. So I'm going to use some terms. One, geeks stand for the coders and technical community in general that work the internet. And the internet governance world stands for policy-making fora or forums that talk about policies such as internet corporation for assigned names and numbers, or internet governance forum. So why should you come to the internet governance world to interact with two species? One is the politicians and the other is civil society. And why? So politicians take bad decisions due to lack of knowledge, and geeks don't know the avenue in which they can talk to them, or geeks don't want to talk to them. And the result is silly policies that do not make sense and can be harmful. So with civil society, they might be clueless about the technical aspect, and they might be shouting about something that they don't know how technically it works. And they also might not know how geeks can easily overcome the problem, and knowing the alternative can actually help them with their cause. But while geeks don't know about them or don't take them seriously, so what? So you first need to care and believe that politicians and civil society actually can and do make decisions that can affect us. And then you need to find the avenues to talk to them and participate in policy-making. And so which avenues? I'm going to make only two examples. These are examples, and there are many more. And that's just because it's in the field of my expertise, I'm saying it. So in Internet Governance Forum, there are politicians and civil society. And you might say, oh, they're too junior, or this is like non-binding policy, just merely talk shows. However, there are many decisions that, at the core, are made by junior people. And so you listen to this boring talk from the UN Banky Moon is saying something. You really think Banky sat down and wrote that speech? Well, no, it was by some junior staff. And they put ideas in the brain of the decision-makers. And then I can't. I can't, this is where real policy-making takes place. And civil society does get involved with the process and makes policies. And you might say, oh, I don't care about the name system. But you might care about freedom of expression or security and other things. And you can help civil society by getting involved with these policy-making and hold ICANN accountable. So be a part of policy-making. So this was just to nag and drag you guys out of your den and ask you to join us. Because, well, we need you because it's fun to correct people when they talk out of there. And then because you can be effective in making policies that are sane. Thanks a lot. Next talk is going to be OMIMO, or OMEMO. You probably pronounces correctly now. So my name is Andy, and I built OMIMO, which is an end-to-end encryption protocol for XMPP. And I will present it to you today. But first, let's talk about some history. So I've been using XMPP for a long time now. And I was always a big proponent of using OTR to protect your messages. But I wasn't really happy with it because there wasn't a good Android client for XMPP. So I was stuck using like WhatsApp or Hangouts or whatever. But then my friend Daniel came along and he said, well, if nobody else is going to do it, then I will. And he built Conversations, which is a great open source XMPP client. You can get it right now. It's awesome. But then so everything was happy, kind of, but not really. Because then a new problem came up, which is that OTR kind of isn't built for a multi-client world. And let's look at that in more detail. So let's say you have two people that want to communicate. One of them is using Conversations. One of them is on Pigeon right now. But they both have several clients. So they can just talk. And it's encrypted. Everything is fine. But now what happens if this one person goes offline and maybe moves to a different client? Well, it kind of depends. But in the end, the connection will break down, because OTR just doesn't work that way. The left guy is super confused because he doesn't know if you want to send another message now. What other client is he directed to? Or maybe he will come back online. He just doesn't know. So he basically can't send another message until the other guy comes back online. And the other guy is super pissed off because his message history is not synchronized. Everything's kind of annoying right now. So let me take a moment here to say that I'm not saying OTR sucks. I'm saying OTR is actually really good at what it does. But it just so happens that what it does is not really what people want anymore. So something had to be done. So I enrolled in the Google Summer of Code and basically built a new protocol, designed it, and implemented it. And let's look at some of the requirements we came up with. So the big ones are history synchronization and the ability to reach offline contacts. So you can just send messages and it'll just work. And now you might say, well, that already works if you're using PGP. But we also want forward secrecy, which is especially important in instant messaging, in my opinion. And also it has to be easy to use, which PGP definitely isn't, unfortunately. So we built this new thing. And it should just work. You should just be able to turn it on and basically forget it's even turned on. It should just work as before. So a little caveat. Crypto is hard. So I intentionally didn't want to design from scratch my own crypto system. So luckily, the guys at Open Whisper Systems built Axolotl for tech secure, their encryption for tech secure. And it's actually great for us. So I just reused that because it was originally built for SMS. So it's asynchronous by nature. So it works with offline contacts and it basically solves a lot of problems for us. So I'm using this protocol as a key delivery mechanism, which we will look at right now. So let's say there's two people now. They're both on conversation, which has had the support for a couple of months now. And a new gadget plug-in just came out. So they both have it installed on their gadget plug-in. But they don't know those clients yet. So they don't know the fingerprints. And now the left guy wants to send a message. Now he first has to fetch a pre-key just like in regular tech secure from the other, from his contact server, which will basically tell him about the key of this new, new thing. And then he can say, I want to trust it or I don't. And then he can just send one message. And this message, each message is encrypted with a new, fresh, random key. And then we basically use long-standing sessions with those contacts, which you can see there, with colored by those different locks, to basically encrypt the payload key. So it's kind of like PGP in that sense. And now if the other guy wants to respond, even though this other gadget guy is offline right now, that doesn't matter. He can just fetch the pre-key and use that to build the session, even though he has never seen this thing before, like trust the key or not, and then send a message. And it's, again, one message that is sent out, and it's mirrored by the server using carbons and message archive management, XMPP extensions, to all the relevant parties in that communication. So it just works. You just turn it on once. You have to trust the key once, and then you can just use it. So I encourage you to try it. You can read more if you want more, no more technical details. Find me after the talk or check out the top link there that's the specification we wrote for it, which is currently in possibly being adopted. Buy it on the Play Store. Please support Daniel. He's done awesome work. And it's all open source, so you can check the implementations as well. And if you want to know more, find me after the talk. My extension is 2644. Thanks. Thanks a lot. Next talk is going to be Elisa Ork. So where are you? There you are. All speakers, all coming up, speakers, please keep in mind. Go to the front if your talk is next. If you see that your talk is next, so we can keep things flowing. OK, can I start? Yeah, start. OK. Hi, everyone. I'm Philip. I'm with elisa.org, and I just want to tell you a little bit about what we do, what we've been doing, and what it is we're trying to achieve, and that we need as many of you as we can get to join us. So our mission is to let people solve global issues by finding solutions for them together on one platform, which sounds very much like something like Stack Overflow, but this is meant for big issues in the real world related to refugee crisis, world hunger, and those kinds of things. And for that, we built the website, which is currently in very early beta phase, but you can already check it out at elisa.org. So what does that look like in practice, or what can you do on Elisa? You can search for issues. So if you're in Germany right now, you might want to get involved in solving the refugee crisis somehow, or at least helping with it. You could do that on elisa.org. If you are an NGO or if you're an active helper or something like that, you can use the site to share your knowledge and share best practices about what you've tried, what worked, and what hasn't worked. And if you're just a passive observer, you can go on the site and kind of comment on ideas, upvote or downvote them maybe, and kind of get involved in the discussion and contribute in other ways. So our first use case at the moment is actually the refugee crisis, and that's the only real content we currently have on the site, but we're looking to expand to all kinds of different things in the future. So that might look like this. So someone wants to help refugees find the job, and they go on elisa.org. And there, someone else has already written an article about how they did it in their city, and then this other person can go ahead and edit that article, maybe even add a translation to German, English, or Arabic, or some other language so it can help more people. Or maybe you're a refugee yourself, and you want to figure out, OK, how can I easily learn German now that I'm here? And someone, and this is actually also a real article we have on the site, wrote about their experience when they came to Germany, what the easiest way for them to kind of do that was. So that's how that can look in practice, and those are things that you could do on the site right now. Like I said, it's still pretty early on in development, so don't expect everything to work super smoothly, but the basic gist of it is already working. So yeah, our vision is to then, after we kind of nail the first bit of it, go on to include content from other issues. So this example was someone in Mexico seeing that unemployment is a big problem, and someone in Zimbabwe was saying, well, it's also a problem here, and here's a program we've tried to implement, and this has helped some people. So what does our organization look like? We have EFAU in Germany founded recently. The whole thing came out of a one-week hackathon, kind of, with Lynn Kaiser, who is, yeah, he basically runs his own NGO, and he kind of figured that there's a lot of problems in this area, and so he wanted to help. And the way we're organized is basically four different teams, but if you want to get involved, you can do basically anything that you feel like you could contribute with. I'm personally in the development team. We also have content team, which currently has the job of writing articles, but ideally, down the road, they should just kind of advertise other people to write articles. We have a community outreach team, which kind of tries to get in contact with NGOs and things like that. We have basic just marketing kind of, which I mean, all these things overlap a lot, but the point is, no matter what you do, there's probably a way for you to get involved in this, if you find it interesting. So yeah, and our outlook as an organization is kind of to build a base of content, so the site is already useful for people right now, and then gain some momentum, maybe partner up with something like the UN, because they actually have the problem of not being able to share the best practices that their involved organizations develop over the years. They have some programs for this, or some software for this on their site, but it's really not used and not very usable. And down the road, we really hope that this can make a difference in many issues. So yeah, that's basically it. If you want to get involved, find me after the talk. I'm sitting right over there. Unfortunately, I don't have an extension. You can just visit alaysa.org, or you can email me at that address if you can remember it that quickly. My name's Philip with one L and two P's, and my last name is like bowling with a D. So yeah, thanks a lot, and I hope some of you will join us. Thank you. So an information for the video team, the next two talks are going to be widescreen as well, so don't switch back. So, next talk. Hi everybody. Hi, can I start? My name is Tamir Bachar. I'm a reverse engineer, and I created IDWATI who, if you're a reverse engineer, is going to be your new best friend. So, when I was a kid, they used to use Microsoft Office a lot, great, cool presentations and stuff, and I had a really good friend, Clippy, the annoying little thing that kept popping up and telling, well, they want to create a document, they want to do something. It was pretty useless, but a lot of fun. Then in 2007, Microsoft killed it, and my friend was lost, I didn't know what to do. I felt really lonely, I was sure that it was going to be forever alone, but after some time and effort, I found out about the Emacs doctor, and, well, I have someone to talk to on the computer. It's great, but it's not annoying enough. I mean, I always know what it's going to say, it's not bugging me at all. It's only when I want to talk to it, it never pops up and bugs me. So, I went to some human friends, but again, they were too helpful to be considered as good as Clippy, because you go to them, you ask them something, and they actually try and help you. So, it was not a good solution as well. So, after some time, and you know, we started reverse engineering and scripting and stuff like that, so I said, well, most of my time, I use Ida, so why not have a new friend there? So, I created IdaBuddy. IdaBuddy is basically a new drop-in replacement for Clippy. It pops up whenever you don't want it to show up, and says something completely useless. Either, like, directing you to a point, it can direct you to a new, completely useless address, it can tell you to give up, and basically do anything that doesn't help you. More than that, it's completely open source, so no one is going to take it away from you, you're going to have it forever. And it's configurable, so if it's not annoying enough, you can always make it more annoying or show different annoying images. So, basically, it's your new best friend, it's friendly, it's, well, that's a line, the slides, it's not helpful at all. And it's a lot of fun when it pops up and says, well, maybe you want to try this address or just, you know, give up because you're not doing any good. And that's all I did, you can find it on my GitHub. And, well, and have fun with it. Now, obviously, it has a pretty limited vocabulary and dictionary so far, so it says only a little bit of annoying stuff. You're welcome to donate to it and, you know, make it be more and more annoying. Thank you. Thanks a lot. The next talk is going to be art on your screen, this time for real. So, let's move on to talk of Deutsch. Art on your screen. I was here yesterday and talked about the app art word. Just to remind you, there was a new art format that you can see art in an app. Art on your screen is, you know, you can say a little bit of friendship with it. That's about art in the browser. You know art in different forms. You know art as painting, art as music, sculpture, performance, all kinds of things. But of course, there's art on the internet. So, that's the question, how do you present art on the internet and what kind of opportunities do you have there to show and promote art. I'm, among other things, from the ZKM Karlsruhe. That's a great museum, which I take care of in Karlsruhe about the subject of art and media technology and deal with it. And we have a format designed that's called Art on your Screen or something that can be unspeakable, A-H-O-E-S, if you abbreviate it. Now everyone only says A-H-O-E-S. So, I don't know, I always get confused. In any case, it's about art in the connected world. How can you use the connected internet, the whole communication possibilities, and implement art or promote art? There are different approaches. In principle, we always see that the browser is the canvas, the browser is your surface and everything happens in the browser. The browser is always there, the browser is always available, even after 3 p.m., even in the hotel in Jamaica. It's not connected to places, not connected to time. Art can be observed at any time and looked at. In any case, we offer a platform. We always set up a planet of art works. So you can also participate if you have an idea. You can also enrich them. And we always do such exhibitions. What does it actually look like? This is, for example, the current page. This is from an artist. The different works are a bit like the internet networked with lines. You can slide through there, look at the individual works and switch them around a bit. Depending on what the artists do, there are different possibilities. One of them is the connection of the online and online world. You know it. You buy online and digital on Amazon. But it comes in physical at home, for example. This is an effect that you can create artistically. We had a work, that was a lamp. That was very funny. You could only switch on the internet and switch off on the spot. It was in the public space. And whenever there were evening exhibitions, the lamp turned on at some point. And it was a little webcam. You could go there, look at the internet, and click on it if you want to. And it always made such a great noise. In any case, this is, for example, one of the possibilities of how you can make art. This is a work that you have to live in both dimensions, both in the real and in the virtual dimension, so that it is complete. Exactly. This is the principle of it. You can also find something new. This is still a bit fresh, if you have an idea. I think a lot of what some people can program on the internet can be seen as art. They just don't know. So think about it, what you are doing. It's always cool. Exactly. This is Art on your Screen. You can also have a part. If you have contact information, you can either get it via the web, or directly from me. There is a tip error in the phone number. My phone number is 6259 or OBLX. Exactly. Have fun discovering it, or join us. Thank you. So again, an information for the video team. We are now switching back to old school, four to three ratio. I think, yes, we do. Pin magic. 32C3. Usually, I start these talks with, my name is Clinton Tollet. I'm from Opelab Oxbook, and I do free software stuff. Today it's a bit different, but more for that later. I will introduce you to pin magic. Pin magic is the maker's scratch part, as you can see. And I have a little story. I once went to school. I'm sure some of you did too. And at some point in their educational career, they did a topic of learning about digital circuitry, digital logics. And in my school, we had a logic simulator that had, like, a static one line and a static zero line, and then you could click some gates together, and then there was some output. But most of the friends that I did this with found this really boring. I found this kind of fascinating, and today we live in a world where we have a recipe, we have Arduino, and we can actually let those logic simulators talk to the real world. So, my project is pin magic, and what it does is pretty simple. You have an UI. You click together some logic gates, you assemble a circuit, then pin magic will compile everything down to Python, and then you can do a Python file on your Raspberry Pi, and the Raspberry Pi will execute the design circuit with its GPIO pins, and you can talk to it through the GPIO pins of your Raspberry Pi to the outside world. Usually, people who know me know that I like to do live demos, but in this format, unfortunately, this isn't possible, so I brought a screenshot. I've built a prototype, and this is it. On the left screen side, you see an input node. You see the pin headers of the GPIO pins. In the middle, you see some logic gates, and gates to be precise, and on the left side, you see the outputs, so you can model a circuit from input to output, and the recipe will then actually do it. I've built this prototype, and in the course of the next nine months, I want to build a full version of this. Currently, there are only end gates and one more magic demo gate that I will present at our assembly that no one has seen before. You will be the first to see it. And to make this real, I started a Kickstarter campaign. This was one too much. I started a Kickstarter campaign, and there you will find a detailed description of what will be happening and what will be able to do. I hope for your all support, and please spread the word. If you know recipe enthusiasts, or you are recipe enthusiasts yourself, please stop by at our assembly, or if I'm not there, call me at DECT 8081, and I will show you the prototype. You can see the... You will be able to see if the campaign succeeds the prototype and the development of the project in an open fashion on Github at the address here. You can email me at grimthal.starve.org, or you can write me in Jebra if you want to. Thanks for your... Thanks a lot. Have a nice congress. So next talk is going to be circled. And all speakers have fade in the monitor. It's right in front of you. Don't need to look up here. It's all in front of you. Right. Let me just put on your slides. There it is. Right. So the next talk will be about circles and more specifically about the universal basic income. I hope a lot of you have heard of this concept and are already familiar with it. I will not explain it, I will just already assume that we all want it. And circles is about implementing it right into our money system. So we have the option to take our current money system, let's say the euro, build something on top, for example call it government, they collect tax and they pay out the basic income. But there might be a more efficient way, a way to do it now, a way to do it without borders and maybe even without governments. So we have the option to build a basic income directly into our monetary system, directly into our money. A short quote from Bernadette Lietar basically says money is an agreement and we have choices and we have the choice to build a basic income into our money system. I argue the decentralized economy needs a decentralized money. And I am not sure what the current currency is like Bitcoin or Ether, but from a global perspective they are not decentralized. They are mainly speculative, but the technology is awesome, the blockchain and it would allow currency like circles. The core idea is money is distributed and it gets its basic income and it's constantly just create, new money is constantly created. The technical problem is how to solve a civil attack problem in a decentralized way, so we don't want one single entity that says you're a valid person in a decentralized way and the solution I can only give a short idea of it. The idea would be that in the first place everyone starts with its own personal currency and you can create as much as you want, but it only gains in value as soon as you connect to other people and connecting to other people would mean you set your currency and the currency of others would be at a one-to-one exchange rate and you build your circles. You build circles of people that share and accept each other currencies and therefore provide each other basic income. This approach combines the resilience of local currencies, there have been interesting concepts of local currencies but it combines it with efficiency of a global currency and that's possible with a blockchain, so in short for those who are more involved in cryptocurrencies it's basically Ripple plus universal basic income is Circle, it's a money creation process that serves people, everyone and not banks so credit is approved based on the idea of a basic income and not on a credit rating system that does not need to be paid back and we would implement basic income directly into the money system. The current implementation is on Ethereum Ethereum allows exactly this and it allows to build huge social contracts and that's essentially what money is in a decentralized way. I would be very happy to talk more about the real technical stuff and the code and we will have two sessions tonight at five and at seven at the Bitcoin assembly, it's in the room next to the gate at the entrance I would be happy to see you there, thank you very much. Thanks a lot. So we are staying in the cryptocurrency field right now with the next talk called Althea. Hello, I'm Johan Trembach, I'm going to tell you about Althea which is an incentivized mesh routing system I'm working on. So what is incentivized mesh? Incentivized mesh is an idea that I've had and other people have had for creating internet access and instead of ISPs collecting subscription fees and making peering deals the network hardware is paid for by the network itself. So if you're familiar with mesh networking like Fryfunk or there's also ones in US as well these use self configuring routing protocols which lets anybody set up a router on their roof or whatever and the protocol figures out how to route packets. So I'm trying to create a payment layer as well so the protocol also figures out how much each router should be paid so the idea is that people can set up hardware people can set up uplinks to the greater internet and the packets get routed over cheap reliable routes and people get paid without there being a business network. So this is a way of collecting the fees and owning hardware. So this is using two technologies first payment channels it's like the lightning network in bitcoin if you've heard of it but it's a way of sending payments with a very low overhead and then also Babel which is one of the better mesh routing protocols and I figured out some modifications to that so why I'll just go through this quickly basically to have a more efficient marketplace so that you don't have a local monopoly of a last mile ISP to hopefully bring down prices and so basically nodes pay each other to forward packets you don't pay for download access you just pay for upload so if you're trying to get packets from somewhere then you have to pay the source of the packets they push through the network and then it's propagated by Babel in the same way that propagates link quality data so I'll show you how that works so here's how Babel works right now and the links are rated with a metric you see these numbers on links and higher is worse and so they exchange information about all of their links with the other nodes and then the information is added together to figure out which the best paths are so for instance for I to get to D you can see going through B it would cost 9 but going through C it would cost 7 and so I then chooses to go through C and then propagates that information on further to other nodes that are connected to it so I'm adding distance vector plus cost and so each node has a cost as well they're choosing to charge and this is also added in in the other column here and so as you can see going through B, B is slightly worse quality but it's also it costs less so as you can see I has now chosen to go through B instead it's made the trade off based on balancing quality plus cost so that's the basic principle of the system I'm just starting to implement it now but there is Babel is easy to extend there are already other extensions to Babel that incorporate for example latency Babel basically uses reliability but there's also extensions to latency so I think using a similar mechanism I can also put monetary costs into it and I actually have another lightning talk right after this and I'll show you how the payment system will work to allow the low overhead payments then also there's the glue software just to have nodes charge each other and all the stuff hooking everything together I guess I have a little more time other projects are researched a lot of these I couldn't reach the creators they seem a little bit they don't seem to be really being maintained there's open LibreNet and it is based on Netsu Kuku which is a routing protocol I tried to email them, haven't heard back they're watching it and it would be great if you could touch and also Hocknet seems similar they have a subreddit and both of these projects are kind of based on this global mesh they have routing protocols that should work on a global scale but mine uses Babel so it's just for last mile providers so with autonomous systems you need a subnet for your local city or whatever so that's it okay thank you the next talk okay so universal payment channels this is the payment system that I have come up with to allow this incentivized mesh system to work so you need something where people can pay each other with very low overhead because nodes will be paying each other many times not per packet necessarily but close to that so this is inspired by the Lightning Network in Bitcoin however it is simpler and more flexible it won't work on Bitcoin but it will work on Turing complete cryptocurrency such as Ethereum so it could possibly be made to work for example with circles and it will also work with real money provided that banks are running a certain software on their systems real money I mean national currencies of course Bitcoin also real money so it uses escrow provided by the bank or blockchain nodes can pay each other by exchanging signed notes or messages and per payment the bank or blockchain is not involved and that's what makes it scalable payments can also be locked up with smart conditions so a certain condition needs to be met some code is evaluated by the bank or blockchain and it is not released if it doesn't return true and then the smart conditions also allow the channels to be combined into multi-hot payments so that nodes don't have to have channels but I'll show you how it works so Alice and Bob want to open a channel so they deposit money with a bank $100 a piece and they sign a contract with a bank that says return this money to us when you received a message signed by both of us and change the amounts that you return to us so then Alice sends a message to Bob and she adjusts her balance to $95 and Bob's to $105 and she signs it and so this is basically like Alice is giving Bob $5 so Bob gives that to the bank the bank gives oh in this last step you see the bank or blockchain is not involved whatsoever Alice could send an infinite number of these doesn't matter and it could be a very small amount of data really so Bob gives this to the bank and he signs it and gives it to the bank and he sends it out so of course Bob could cheat he could keep an old one and give that to the bank and get some money he's not supposed to have so we put a sequence number in a hold period and so this says now the bank needs to wait for the hold period before returning the money and if somebody during that time gives them a sequence another note with a higher sequence number they honor that note instead if somebody checks with the bank and Alice and Bob check with the bank every hold period or two days in this example they can stop each other from cheating and still instantaneously exchange payments so if they don't want to wait if they both agree they want to close the channel and get their money out they can set the hold period to none and then it will pay out immediately so it's adjustable then I'll see if I have enough time to go through this there's also the smart conditions that you have to evaluate this code and only pay out if it returns true so this is a hash lock smart condition this is also something that comes from the Lightning Network basically if it says you have to get a string that hashes to this specific cash before paying the money out and so if Alice wants to pay Charlie but she doesn't have a channel open with him she goes through Bob and she makes a hash locked payment to Bob and she gives Charlie the secret and then Bob makes a hash lock payment to Charlie and locked with the same hash and so Charlie can reveal that to Bob and the bank or just Bob and get the money have the channel adjusted to the new balances and then Bob uses that secret to get his money from Alice and so nobody really has to trust each other here the only party that's being trusted is the bank or the blockchain so people have to have faith about the blockchain or the bank reliable oh sorry this is showing the unlocking process here you see the secret goes the money comes also the channels they just need to be hash locked with the same hash they don't need to be with the same bank or the same blockchain or the same currency even so you can see Alice wants to get to Doris here she goes through Bart and Conrad who have a Dogecoin channel open and this works fine right now I've just got some very beginning implementations of it but I have a paper and you know an easy blog article you can check out the websites it's altheamesh.com and if you want to contact me I forgot to put that on but it's at the bottom of that website thanks right on time so there's going to be a small deviation from the schedule the next talk is cancelled and instead we're going to have two, I'd call them last minute talks right now one is called Integrate which is coming up next and after that we'll have something I guess you can call Internet of Pokémon but first of all we'll continue with Integrate okay hello everybody this is Bengi and my name is Sven thank you for enabling this talk basically this talk is going to be a call for developers and an invitation for city administrations and governments to use the software we are building first let's show you the software or the project our goal is to establish a system where cities, governments and large organizations can provide information for refugees in Germany or not especially in Germany every country or every city can use it and we will provide the system for free everybody can but we do not have to pay for using it and city governments and organizations can put their information into a content management system which is built on WordPress and translate the information into several languages and this information is then available in an app which is caching the information offline so you don't need to have internet connection to get information as I said before this system is free you just have to contact us and talk to us about using it the primary goal is for the whole system or the program to be multi language and easy to use so it should be easy for government of city governments to input their information then we cannot do a live presentation but we got some screenshots of the app if you start the app you get the screen where you can choose your location currently we got several cities in the app already if you select the city for example Augsburg then you get the selection of languages currently for Augsburg there is for example Arabic, Farsi, English, German and French available and then you get the content so the content management is not a wiki system so not everybody can contribute content it's more an editorial system but city government for example has to confirm content but we need developers for okay that's how it looks when you got the selected German content and you can select for every article you are and you can directly select another language for example Arabic and someone next to you speaking Farsi you can read the article in your language and select the other language and give the smartphone to your neighbor okay currently we are working on parting the whole project to Xamarin and therefore we need developers we also need new templates and designs for WordPress we also have a large list of issues we have to solve and we need to get the content and the front end so if you have spare time you are welcome to help us developing this project I think it's pretty good it's open source as well so you can use it on your own but we are providing free hosting for cities so if you like you can just use it and contact us and again please help us contact us and you can contact us at integrateapp.de email address info at integrateapp thank you thanks so now the last talk for today TC Pokey TC Poke your slides should come up in a minute there they are so I decided yesterday evening that I wanted to talk about this thing I made it's basically a product that mixes together all these ingredients and I hope you know some of them and you can find about the others that you don't know so basically it's like connecting Gameboy to the internet so the Gameboy uses this game link cable that is a lot like SPI it has a clock but the difference is that it can be driven by both ends and who drives the clock so it's kind of flexible but also kind of tricky to work with so I decided to hook this up to a teensy and the hardware is really simple just connect the resistors to avoid shorting everything when two things talk to each other at the same time looks like this when you build it it's not like a new thing and the hardware is pretty simple but the software for actually talking across the internet being able to play games across the internet is kind of impossible because internet is not synchronous and SPI is kind of like the master clocks these bytes and then it responds instantaneously and there's too much latency to make it work so it's not really possible in general but the first thing that you can do is just terminate with Arduino directly so there's this assembly of Pokemon game and I took some code and reimplemented some other parts as an Arduino sketch and you can use this to trade with your Arduino with your Game Boy and evolve your graphics into a Golem and hack some crazy glitch Pokemon into your Game Boy whatever you want but I kept thinking about this internet connected part and actually I found a trick for Pokemon specifically because as a slave the Game Boy waits for data so if you can trick both games boys at both ends into being slaves the teensy can set the rate at which data is transferred and latency is not really a problem so I made this program that specifically does this for Pokemon red and blue and yellow so it emulates the handshake with the teensy as the master and then it waits for bytes from the slaves to start sending and then it just goes back and forth translating the slave data and I made a Chrome app that interfaces over WebRTC and USB across the internet so you can actually trade Pokemon across the internet and speed is not great but it works and you can go to this address and find all the code and all the schematics and all the videos and install it and build it and contact me and or even adjust this for other games that you want to play across the internet on your Game Boy and I hope you enjoy the fun thank you thank you very much so just a short announcement as I said we what? so we don't have a schedule for tomorrow in the wiki not in the mirror wiki and not in the current wiki if it's on or not so I'm going to publish the schedule somewhere and if you want to know where that is you should look at the c3 lightning talk twitter account just show it try to show it on the big screen here can you turn back on my that's it so there you can see that's the account and the news where I published the schedule for tomorrow should be there this afternoon so this session is over right now we finished on time even though we had some problems in the middle and had some last minute talks thank you for your attendance and I hope to see you all tomorrow also furthermore again a big round of applause for the translation team I'm sorry about the last minute talks you didn't get the slides for that so please give them a warm round of applause thank you