 Hi, my name is Jan. I'm with NitroKey and going to give you a short overview of what we are doing. Our slogan is to secure your digital life. So we try to provide a digital latch key to your digital home, so to speak. Meaning provide you measures to encrypt data and to protect accounts. Physically, it's a physical device. That's the USB key. Actually, we have a couple of models and I give you an overview of what you can do with them. We started with providing a secure store for your cryptographic keys. Meaning your cryptographic keys are stored securely in the hardware. They can never be exported again. And you can use those keys for various cryptographic use cases, such as email encryption, or to encrypt your hard drive, save as Veracrypt, or do some VPN encryption, or basically everything where you have a cryptographic use case and can access keys stored in things like the NitroKey or other smart cards. Another use case is SSH, where I'm going to show you a short video, how this looks like, because it's so nice easily. So what I'm going to do here is I'll log in with SSH to a first server. And in this case, my SSH key is stored on the NitroKey, I enter the device pin and I'm logged in to the first server. So from now on, with an unlocked session, device session, I can log into any subsequent servers without entering the pin. So it's super easy. You have your SSH key always with you on the device. Also configuring it up on Windows or Linux or Mac is pretty easy. Another use case is encrypted must storage, which means you have a hardware encryption in the device and can store files to it. The access is protected with a pin, again with a device pin, so before you can access the files, you have to enter the pin. There may be one word for the hidden volume, that's a nice feature, so you can actually set up a couple of pins. And technically it's not possible to say whether those other pins are set up or not, and they are used to unlock other volumes. So you could, in theory, then create a couple of other volumes using dedicated pins for them and hide data on it, because nobody knows as long as they don't know the pin, whether those volumes exist or not. Another thing which is maybe good to show is two-factor authentication. We support one-time passwords that used to be kind of standard. Now the new one is FIDU2F. This short video is going to give you an overview. What I do here is I go to my settings, of course the next cloud. Go to security. Here I can add a FIDU2F device, which is plugged in already. Now the video is not moving. Here we go. I enter just the name. You can't see it here, I had to put my finger on the device because there's a button and now it's configured. So the next time I log into my next cloud is I still have to enter username and password as always, and now my second factor is the device. I put my finger on the device and I'm locked in. So it's super easy to use. I think there are no excuses anymore to have insecure accounts in next cloud at least anymore. What else can you do? In the future we hope to have passwordless authentication, also especially in next cloud enabled. This means the device is not only your second factor anymore but also you don't need passwords anymore. So please ask Frank when this is going to be implemented in next cloud. We have the device already. It's a FIDU2. We have an HSM hardware security model which is more for enterprise use cases to stock hundreds of cryptographic keys which you don't want to have unsecurely lying on your server to store them securely in a hardware module like the Nitroki HSM. I didn't mention it but it's important to ask all what we do is open source free software if possible and open hardware. So if you have any questions feel free to speak to me here at the table and thank you very much. Please come on stage. Then we start with all the other lightning talks. The only thing, be sure to access your presentation so the next person that has to actually come up on stage sees their name on top. Then I hand over to Stefan and Maurice. Is this working? Yeah. This one is working. Okay, I'll wait for Maurice to get wired up. I'll just run around. I'm Stefan Spirling. I'm a freelance open source developer involved in various projects, among them OpenBSD. And this is my friend Maurice. Hello. And we've been working on a project for a while now which started in January this year where we are building a laptop that Maurice can use and Maurice wants to use. So basically that's the backstory. Is this mic dropping out on purpose sometimes? I don't know. I'm changing the distance. Okay, I'll try to keep it steady. So Maurice approached me and he wanted something that looked like a Macintosh, but I don't do proprietary software so I wanted to help him with something else. And I got the idea that maybe we could try to have an OpenBSD machine that's adjusted towards his needs and that in particular adjusts towards Maurice instead of Maurice adjusting towards the machine. And to get to know why this is interesting, I'd like to have Maurice describe us what's in this picture. This is a picture of me in the wheelchair. I just came out of my wheelchair. I couldn't talk, but I could sing. So you were performing on stage? Yes. Okay. You're the person with the big fly, right? Yeah. So this is Maurice in the 70s in front of the Brandenburg Gate. I was studying in Eiffel, a year abroad in the Eiffel. And you like Berlin? You were studying a year abroad, but you like Berlin so much? I like West Berlin. And after graduation you moved back here? Yeah. In 1986, you had a special year? What happened? I had a brain image. And where? In the TU. In which building? In that building across the road. And you were at the gym, right? Yeah, I was at the gym. Exactly. That's the gym where I go today? I was terribly fit and then bang, I had a brain image. Seven days in coma. I couldn't talk, I couldn't walk, I couldn't think. And it was difficult to get it back. To remember things, especially. So what would you need a computer for? To communicate. You like communication? I like the BBC World Service. And you read things? I need a computer to log in. To talk to your friends? To keep in touch with people. Right. So we ended up with a laptop that now runs OpenBSD fairly well after we've done a lot of work on drivers and stuff. We ported some additional software and we fixed lots of bugs and things like GNOME, because for example it was crashing at login. Morris can use this computer without entering any password because he has a USB key as authenticator and he goes to the desktop from there. If you want the details, please check out our talk. There's a link to the guide that we published on how to set up this machine so other people can reproduce our results. And there's also links to the slides and videos of this BSD Can Talk. And now the link to NextCloud is that doing this BSD Can Talk we did actually do a live video conference bringing Morris from Berlin to Ottawa to talk to people there in the Q&A section. And this worked because NextLawTalk worked with RepRTC and Firefox and it worked really well and we used OpenBSD infrastructure for the whole thing. That was really nice. And I was trembling to see whether it would actually work but it actually did and it was a lot of fun. Now the next step that we wanted to do was to see whether Morris can use NextLawTalk as a Skype replacement or not. And I had the idea that perhaps he could use the shared link feature where he published a URL to people so that they could visit him and have a chat with him online through this NextLaw server that we set up. Because we can't run Skype on OpenBSD obviously. And he also needs an easy way to invite people that are in England or elsewhere that he wants to talk to. But there's a small problem. Can anybody tell me here who's maybe never seen this interface before or how to start a video call? Can anyone raise their hands if they know how to do that? Morris, do you remember how to do it? Um... No. There's a magic trick. There's a magic trick. If you know the magic trick... Yeah, so if you know the magic trick... Yeah, there's a blue button. Now you and your friends will know how to talk to each other, right? Yes, yes. When you see this, okay. But... The end... Don't know. Yeah, people don't know. And it's hard for you to explain to them. Even if you knew, it took me actually 50 minutes or so ahead of the talk in Ottawa to get the live call going. But another friend who was assisting Morris did it. So we have a comment and issue number 534. If any developer could respond there, we'd be very happy. And thank you. That was pretty much it. APPLAUSE And thank you. OK, so... Hi everyone. Thank you so much for inviting me. It's a pleasure to meet you all. My name is Mitzi Laszlo. My friends tend to say to me, oh, I knew Mitzi, she was a cat. I'm not a cat. I work at SOLID. My background is in neuroscience. I graduated from King's. Went on to work for a Brazilian epidemiology study funded by the Welcome Trust. My task there was really to look at decision-making and big data was fashionable. So I came back to Europe and worked on several initiatives, including as an independent advisor for the European Commission, both in finance and ethics. I worked for a time for a bank selling data. See how it works. And that frustration is what drove me to work on thinking about who controls what data and who decides what it's used for. So I started selling data. See how it works. And now I work as SOLID manager. So SOLID is an initiative started by Tim Berners-Lee, the inventor of the web. And his motivation when he invented the web was that many computers with different hardware and software could not exchange information. So there are some amount of rules for that information to be intropable. So you can imagine that it is frustrating to see that data is used as a bargaining chip to hold people to certain services. SOLID is a standard that describes how to build data storage and applications in such a way that users can conveniently switch between data storage providers and application providers and take the data generated along. Pods are where a user stores their data. Pods are always separate from apps. Pods can either be provided or users can self-host their own pod. One user can have multiple pods. Multiple apps can use the same data to load separately in a pod. And of course identity. Users can have more than one identity which can either be from an identity provider or from a domain that the user owns. Regardless of the identity provider users can share data with each other. So the SOLID specification is currently being worked on in a W3C community group. So if you're interested please let me know and I can guide you about how to go about that. You can find it in this link below. And it's still liquid. It's still very much being worked on. So if you're interested please do let me know. There are several companies implementing the specification. Predominantly Inrupt which is a company that Tim founded. There's also a French co-op called Starting Blocks Genera Digital also in America. Empathy in the Cocktail is Spanish and of course two academic institutions. Universidad de Oviedo and Gent. And the key to the SOLID vision is variety. So that's what I really wanted to come here for is to say it would not be successful if there was one solution. We need many pods to have that interoperability dream. We need many apps and for the user to bring the data along. So I'm very curious to hear what each of you are working on and see if there's some common ground where we can come to an agreement how the user can control their own data. Thank you. Sorry. Oh, next. So yeah, that's a coincidence. Everyone who has a lightning talk, please move to the next slide so we see who's next. That's a funny title. You might look at it and think, what is this? So I came across this interesting YouTube video where this usability expert and kitchen appliance designer thinks his name is Dan Formosa tests these kitchen gadgets. I personally think all these gadgets are trash, but one good part of the video is what he calls the left-handed oil test, where he basically this is a pineapple slicer. You screw it into the pineapple and then lift it out and then it's perfectly cut pineapple. So how he tests it, he wraps his hands in oil and then tries to use it with his right-handed person. So he does it with his left-hand and then tries the same. The results are interesting. Some of the things like slip out of his hand or it's like you can't have a proper grip. So this is an interesting concept that that's the short intro to the weird title. And this made me think about this campaign from the 90s, back in the 90s from Manch or back then it was specifically Action Grundgesetz. It says Behindert ist man nicht, Behindert wird man. And basically to kind of translate it as it means you are not disabled but you're being inconvenienced. You could say. So you're being actually inconvenienced by your environment, by everything that is in place, by steps here, by things like how the doors are built, by the inaccessible bathrooms, by the stairs or by the way the chairs are built. So I think this was like this campaign which really changed I think the minds of a lot of people because it's just like user-centered design where we keep on saying well it's not the user's fault, it's the software's fault. Just like here it's not the person who has a disability but it is but the environment is like why is the stair there, why is it not a slope or why is there even a step for example. And there's this concept called universal design so you can read more about it on the Wikipedia page for example that's basically the concept of designing things so that they're usable by everyone. No matter what you can do where you are in life and there's also a similar term called all which the European Commission describes technologies that are suitable for the elderly and people with disabilities as much as the teenage techno wizard. So yeah, that's a European Commission language I guess. And so here's a few examples. You're probably all familiar, I mean nowadays you're probably all familiar with what are called curb cuts. They're lower, like where pavement is made a bit lower, there's a small gap in them so that people in wheelchairs can go up and down. But the thing is there's also really practical if you're on a bike or if you're with a baby stroller or with a skateboard or if you're on your phone and you don't want to stumble over the pavement. So this is a thing that is originally designed for people with disabilities but it's really good for everyone. Subtitles. Used to be only for people hard of hearing or deaf but you're sitting in a crowded place or you kind of don't really understand the language, this helps a lot. Audiobooks is another thing. You have audio guides and museums like they're also really useful for everyone. And another example that I don't have in the slides, the other month or so I was in the Mozilla office in Berlin and they have four accessible unisex toilets with their own washbasin and that was the best bathroom experience ever. You can wash your hands in peace and it's spacious. If you need to change your shirt or whatever you can just do it and this is a super nice design for everyone. So coming into the software world, contrast for example we shouldn't only think about contrast as like oh yeah it has to be more readable of course but when you're outside on your mobile phone and the sun comes out and you're like oh I can't see anything right? Like this is what happens to you every day. You might not notice like you need to up the brightness of the display and this is from the material design usability or accessibility guidelines and this is good for everyone like the example on the right it looks like from a video game from a horror game where you adjust the slider to where you can barely see so you get I don't know jump scared or something and then the last example is touch targets so here also again from the material design guidelines is that all of these touch targets are bigger than they appear so the icons it's not only the icons you can click but also the room around them and this is not only for touch interfaces this is also for mouse interfaces like contrary to popular belief with a mouse you're not 100% exact and here also in this example it should actually extend to the side of the window so you can actually move your mouse there and just click so a lot of these things and there's way more examples so this is just to get you started so don't just develop for the teenage techno wizard next design and accessibility project.com is a really good resource for better accessibility thank you good afternoon everybody I'm excited to be here thanks for giving me the opportunity to talk to you one year ago I was sitting there exactly where you are and looking down and say hey these people down there they're talking about real cool stuff I hope you see the same after I finished so what I would like to talk to you is how we can retain our digital sovereignty or I call it the digital dignity in times where new powers come up on the horizon and I'm talking about quantum computers which will make all encryption we have not be encrypted anymore Frank has told my slide from yesterday and how are we going to do that so we take a very old idea of secret sharing so if you have a box of gold you hide it and you bury it somewhere and then you draw a map how to find it and then you tear it apart and then you give it to your friends and only you when you come together you can find the treasure again you cannot find each one of you and the same methodology we did is on the digital side so you have an image and with the algorithm we split up the information and encrypt the information to different pieces so at minimum 3 maximum 26 and the algorithm we developed together with the Austrian Institute of Technology with the data encryption department here and then you can store the information wherever you want even in places that are unsafe because with one information you cannot retain the whole place and you can choose you cannot get back the whole information if you have only one yours you either can do it on a server side in a data center or in different data centers or on your local USB stick or your local USB slide and what we did is we built a hardware around it so you have then the possibility to have this algorithm written in a box and then of course you see the poor guy is crying because he cannot get back the information there is also one thing in there which is different from the people who have the pieces of the map so you can retain the whole information also if you lost one or more of that information so in that case it's two out of three so you need two and it doesn't matter which one two data fractions and then you can get back the whole information so you can decide I want to have two out of three or I want to have four out of six or whatever so this is the box so you see the different models one with the different platforms with the different ethernet and then you have the other one and then you have these P sticks so there are different options you can select how does it work with next cloud so very simple you configure next cloud as in S3 and then you have your next cloud server running and have access to the box and then the data is quantum secure the last thing I wanted to mention that we are working with the European community to take that algorithm and give it on the phone so that everybody can then decide where the data stores where he or she stores the data on servers locations you don't trust so if you are interested I'm here, you can contact me I have also tons of brochures I don't want to have fired back so I'm happy to give you one thank you I forward here anyone? alright, hi everybody thank you very much for the opportunity to speak to you my name is Valentin Heidelberger I'm an open source software consultant and engineer at Univention and in this talk I would like to show you at Univention how we work together with NexCloud to bring great value to our users and customers and finally show you a cool solution which we've developed using NexCloud for a customer of ours at Univention we are building Univention Corporate Server, UCS which is an enterprise server software appliance with an intuitive web based management system it focuses on identity and access management and the integration of application into this identity management it comes with powerful APIs to enable you to integrate basically any application into the identity management and just make the most out of UCS in your specific scenario UCS is a scalable solution so from small to medium sized enterprises to large enterprises or organizations we've got everyone covered and UCS can be operated on premises in the cloud or even in hybrid scenarios at Univention we are fully committed to open source which is why UCS is also 100% open source if you want you can actually check out the source codes at GitHub now an integral part of the Univention ecosystem is the Univention App Center which is basically a marketplace for enterprise software and add-ons and it enables you to install and test and buy this software with one click it also provides you with a single point of administration for many apps through an automatic directory integration the App Center features apps such as active directory compatible services and integration groupware such as OpenExchange or Copano NextLoud of course online offices such as OnlyOffice or Colabora, Kanban solutions such as Wekan such as Barrios and many many others we currently have more than 6,000 active end user organizations starting at 3 users and currently ending at 30 million we also have many customers in education and research with currently 650,000 active students being provided with digital identities and services using UCS now as I mentioned before in the Univention App Center we have a NextCloud app for UCS which can be installed with one click it comes pre-configured with user and group management and authentication via the web-based identity management in UCS and it also enables you to use easy integration with desktop authentication and make use of technologies such as single sign-on, SSO and of course same users, same password, SUSP the app uses container technology to allow for simple and quick updates updating the app is literally one click just like the installation and of course if you want full support the NextCloud is also available in addition to the NextCloud app we've also developed the NextCloud appliance together with NextCloud the appliance is basically a ready-to-go UCS image with NextCloud already pre-installed and it's also available with pre-installed only-office and forer and it's really meant to get you started with NextCloud as quickly as possible and to also allow you to easily extend the functionality with other apps such as the aforementioned online offices now that you know what we're doing and how we work together with NextCloud I would like to show you a cool solution which we've built with NextCloud for a customer to really show you what interesting use cases are possible with the powers of Univention and NextCloud combined so let me set this up quickly for you the customer in this case is a school district administration so district administering in this case about 80 schools and providing them with digital identities and services using UCS they have central systems such as a domain controller, mail server groupware of course NextCloud and other services which are reachable outside from the internet and in addition to that they have UCS servers at the local schools which provide domain services such as authentication printing and also act as file servers now I've only shown at two schools in this picture but actually they are about 80 schools and these local servers are really essential for this setup because the schools need dedicated resources to be able to work even if there's an internet outage maybe or to work with a really bad upload bandwidth which is actually pretty common in Germany as some of you might know now we also have of course client devices at the schools and nowadays of course you can't only plan with devices under your control at the schools you also have to take user devices into the equation and as I mentioned before the users can already access the central services mail groupware NextCloud from outside using their own devices of course but what's missing here is access to the file server at the local school so maybe they've worked on a project in class save the file at the local file server they get home and yeah can't access it need to start a new or maybe use an USB drive that's actually not very convenient so we decided to use an amazing feature by NextCloud called external storages which enables us to mount external storages into NextCloud and present them to the user as if they were just another folder so we use this to mount in this case SMB storages from all these file servers into NextCloud and thus give the users really easy and quick access to their files on all these different file servers so what's the challenge here? we need to integrate thousands of these external storages into NextCloud we have 30,000 plus user home directories with thousands being added automatically every year and in addition to that about 3,000 group shares again hundreds being added automatically every year actually for every single user and group there's a new file share being added and as I mentioned before these file shares of course spend across 80 file servers for every single school so the goal is to make all these user and group shares automatically available in NextCloud and to accomplish this we used an interface provided by UCS called directory listener my won't get too technical here it's actually pretty simple the directory listener listens for changes in the identity management and acts upon these changes so for example the customer creates a new user or a new group the directory listener is notified of this change in the identity management and can act upon it it also has a plugin mechanism so you can plug in your own code and use this information to do pretty much whatever you want with it a capability that comes with UCS by default is the automatic creation of the file shares of the user or the external storage of the user or group and thus makes their file shares accessible via NextCloud so with this solution everything is automated the customer doesn't need to change their workflows or anything they just keep creating their new users their new groups they just keep creating their new users their new groups and they get new file shares automatically and also can immediately access them from outside using the Great NextCloud interface alright that's it for the cool solution and also for my talk if you're interested in anything related to identity management, UCS maybe other applications in the app center feel free to approach me or contact me via email also feel free to accessunimention.com all the information and if you're interested in the particular cool solution I presented feel free to check out the tiny URL you will also get all the technical details and documentation and can actually get started with your own UCS immediately thank you very much thank you so hi everybody, my name is Michal Hrushecki I'm from CZNIC and who we are we check top level domain registry and legally we are some association of companies but in fact we are run as a non-profit we do a lot of open source development you might know BERT BGPDmon or Knot DNS server and resolver and one thing that we do is also open source router called Therese this is how it looks like it's very powerful it has 2 gigs of RAM 8 gigs of EMMC it has USB3 and stuff and why we are doing routers and what's different about them is that we do them open source of course and we also focus on security a little bit well actually quite a bit we have automatic security updates because as you all know if you have a software it's never bug free so you need to release updates and you need to get these updates installed so we have an option to actually install them automatically and why we actually started with building the router was a security program where we are trying to collect data like firewall logs and run some kind of honeypots on the routers so we get the idea who is trying to attack our users and then we share all these data back with the routers so routers can block the attackers and we also publish those data via our Cset team or publicly as open data so let's work with Nexcloud and how is it connected well Nexcloud is for people who are interested in security and privacy and as we are also interested in security it's a kind of nice match we are installing Nexcloud because you want to have your data stored somewhere where you can trust it you want to have them under control and what's more under control than having it stored on your device that is in your living room so we thought about it that it might make sense to actually run your Nexcloud from your home because we have also some additional security features that might help protect you from attacks and because we have these automatic updates that will update your Nexcloud even if you look at the notification and don't click on updater it will still get updated automatically and of course our routers are open source you have a root account and stuff like that so we created an easy way how to install it this is our web user interface there is several options with additional software that you can install one of them is Nexcloud then we have a configuration option for storage where if you plug in USB hard drive or you put SSD inside our router that's one of the hardware options that we have you can format it you can actually enable some rate features as well and when you prepare the external storage you just enter your credentials click on setup and it will actually prepare the Nexcloud instance running on your router and the next time you will connect to your router you will be offered to go either to the administration interface or directly to the Nexcloud and we also created a smaller device that is not that starts as a small home server and doesn't have to be router but can be extended to be a router thank you and a little hack I submitted to Lightning talks and they are next to each other so who am I? My name is Mikhail Hrushevsky I'm from a company called CZepnik and we do cool routers and a lot of open source and I actually want to speak about another aspect of our routers as well you saw that you can install Nexcloud on it but we have also other interesting stuff so as I said we have open source you get the root account when you buy the router you can do plenty of stuff but as Uncle Ben said with great power comes great responsibility so plenty of our users are trying to do really crazy stuff and sometimes it's a little bit harder than they imagined and sometimes they are trying to do stuff they don't understand and sometimes they break stuff so we have to make sure that they can recover somehow so we have various ways how to recover how to say it in the correct word if you do something wrong so one of the cool stuff that we have is ButterFS we are running our routers on top of ButterFS and cool thing about ButterFS is that it has snapshots so every time we do updates we do snapshots periodically so just to make sure that people have something to return to if they somehow misconfigure their router they can roll back either using SSH and CLI or they can roll back even if they looked themselves from the router via reset button so where's the next cloud we created some tool to manage the snapshots we call it schnapps and it allows you to basically manage the snapshots list them, roll back them and compare them and stuff like that but then we found out that even having snapshots is not enough one of the rescue options that we have for people that experiment too much is that we have an option to refresh your router from USB drive because if you are a root you can damage your file system as well apart from that if you do a lot of crazy stuff and you backup a lot then 8 gigs of storage might not be enough to hold all your backups so it would be nice to actually backup somewhere else apart from your router and that's what we did we extended our tool that we call schnapps to actually support some remote storage so all the snapshots that you create on your router can be exported to your next cloud and you have them stored remotely you can synchronize the local snapshots with the remote ones and one of the key features that I spoke about already is that you can refresh your router from USB drive so we made it compatible so if you manage to destroy your file system and you want to restore your router and you have a backup on your next cloud then you can just download the image that is uploaded to your next cloud put it on flash drive insert it into your router refresh your router and you are good to go and you are back in the working state so thank you again and we just found a missing speaker so we're going to do some time travel back to the slides that we skipped earlier hi, yeah they found me and I'm going to talk about how we I'm Ben and I'm not going to talk about that so I'm going to talk about how we integrated next cloud with Solfer our end-to-end encrypted communication platform so basically just about Solfer's collaboration platform so we have messaging, screen sharing and so on and the focus is on security so we have every data that passes on the platform is end-to-end encrypted and also we're decentralized so that means whenever it's possible the clients talk directly to each other and exchange the data like that so we don't have a central application server and so traditional SaaS platforms work like this you send something to the cloud to some server in the cloud that does the processing the storing and also the network so it retransmits then that to other clients so in contrast we don't have this application server we send directly between the clients so we can't collect metadata or data or at least as little as possible so one of the Solfer's modern web technologies and that's also a bit the problem with next cloud that I come to if you're a pure client side app in the web then you will encounter some issues if you want to integrate for example next cloud and so the problem is what happens the recipient of a message is not online then I cannot directly send them a message or a file or whatever so I have to store it somewhere so that later when my partner comes online he can grab the data from there so like a mailbox system kind of so I send it to my cloud storage which every client can have his own cloud storage and then whenever the recipients are online they can grab the data from there it's all end-to-end encrypted of course so we support three different storage providers at the moment that's Google Drive, Dropbox and next cloud and so I'm going to talk about how we integrated it with next cloud and particularly how we coped with credentials and with cause so starting with credentials so what's the motivation you could use the main credentials that's like your main next cloud credentials but we don't want that to be stored in the client side app you don't want that because you don't want your credentials to be stored there also what if this is used in a single sign-on scenario like for example here to you your credentials could be much more powerful than only your next cloud access they could be used for distributing grades or setting grades or all the other stuff so instead you want to have per app credentials so that's transparent you see what apps did I give access to my next cloud and also you want to be easily it should be easy to revoke access so every app should have its own set of credentials next cloud supports that nicely and the question is how do you generate those app credentials and so next cloud introduce the login flow and for that so if you want to use it you register your custom handler for the NC scheme and then you open the login flow URL in a web view and user logs in and it's then redirected to NC login server where the password and username is so the handler that you registered before grabs the credentials and can then use them and that's the own set of credentials you have for that particular app so what's the issue if you're a web app you're restricted in what schemes you can register so you cannot go and say I want to register an NC scheme as a web app you can only register schemes that start with web plus and then your custom scheme or from a list of safe listed schemes so like mail to SMS and so on okay thank you I'll skip the second point so that's why next cloud introduced probably not the only reason introduced the login flow v2 here you post to a URL and you get you get data back where you can start polling an endpoint and then the user logs in on a different URL and once he has granted access there you can get the credentials from that poll endpoint so this works nicely also on the web and it will look something like this so the next problem which is a bigger problem for us is there are no cause headers for certain endpoints to be honest for most endpoints there's no cause so this means for example the login flow v2 DAF and OCS they don't have cause headers so from a web app different origin than your next cloud you cannot access those endpoints so you have to add that missing cause support in your reverse proxy or load balancer but in the end you can manage so for working with next cloud you use the login flow v2 you add those missing cause headers in your load balancer and then you have enter an encrypted communication with next cloud storage thank you hi everyone my name is Bernhard Stockmann this is Rikki Hierner and many of you know us as the developers of DAFx5 which is a Android open source tool to synchronize your contacts, calendars and tasks but today we don't want to talk about our main app we want to draw attention to another project and so the question is how did we come across this other project the most requested feature from our users for our app DAFx5 is to export and import the settings so they save time if they set up a new device and while considering the options we have we came across the Android backup but we found that every Android user is backing up their data to google drive so we thought yeah maybe this is a privacy and security question for many of us and wouldn't it be cool for Android users to have a web daf backend to save the data to so this does not exist yet as you know because everyone saves to google drive and what exactly is the Android backup it's a backup and restore feature it's a system function from Android and if a user is installing an app again on a new device the backup is cord and the app is restored with these settings so this has to be enabled by the user it's a system function as I said before Android 6 made it a lot easier for developers to use this backup tool and recently in Android 9 they offer client-side encryption also so in short the backup architecture it's pretty easy for developers to implement the backup API from Android and then once a day a backup is called by the Android backup service and which is connected to a certain backup transport yes at the moment there's only the google backup transport which saves to google drive it's used by almost everyone who activates the backup function and there's also a local port for testing backup and restore but it's aimed to developers so it's not very useful this was the situation until now but there's a new project we have recently discovered it it's open source you can find it on github under this link it provides the possibility to store the backups in a local zip file and it uses the documents provider API so the zip file doesn't have to be local it could even be on a webtof storage for instance on your next cloud and this would actually make it possible to store app settings on your next cloud what could be done on the next cloud side first I don't know whether the next cloud apps support the backup function to backup accounts which could be done and there's a pull request to enhance the documents provider so that the webtof function could actually work and this could establish next cloud as a private and secure storage for Android backups which could be interesting for private users but even more for organizations yes until now this is an early development this is a system app which would require backup permission and you can hack around and get it working somehow on some devices but of course not for end users so this would have to be done by vendors who like to support this for instance Fairphone lineage shift OS so if you know people from these systems please talk to them and so that this could be made possible in conclusion this would be very cool for users to enhance the privacy on Android and improve the whole ecosystem on Android for private users so please and help us and support this project as I mentioned it's not directly by us we have made a proof of concept already with the webtof backend and it's working but yeah help is welcome and make contributions and spread the word to the vendors thank you okay hi I'm Julius I work for next cloud and this is like a quick introduction for next cloud contributors app developers on how to get debugging issues a little bit nicer like the usual flow when you have a bug you observe it you try to fix it, you test it and then the whole cycle starts over again because probably your fix wasn't good enough it caused regressions and something like that and like when talking with community people or developers in general you often see people adding log statements for web apps for example like refreshing thousands of times to trigger the bug again and this is a very time consuming approach it can get annoying pretty quick and there's a solution for that because we actually have pretty advanced debugging tools for our software stack like for PHP and for javascript so just some basic wording debugger basically has the ability to execute your code and stop at a given point and this is done by setting breakpoints so you have your editor and you can set a breakpoint at a given line and if it's running it will just stop there and then you can basically inspect what current state of your code is which variable values are there and you can go through the code line by line and stopping at the next line for PHP this is like there's xdebug which is a PHP extension that is pretty easy to install on most distributions the configuration is also usually like free lines of configuration to be added to PHP.ini and there's a browser extension that I really recommend using so you don't have the debugger enabled by default but you can like if you need it you just click on the debug symbol in the browser and it will trigger then of course you need to have some IDE integration this is what it looks like in PHP storm so you can see the blue line on the top is the highlighted line where we currently paused the execution and on the bottom right you can see like the whole content of all variables and you can basically figure out what the current state of your application is and maybe investigate better that way what's going wrong there. There's of course PHP storm but also other plugins for other IDEs like Visual Studio Code you can also if you don't want to run it from the browser you can also trigger it from doing a call request but Xdebug can also do more there's a profiling option so you can for example do an HTTP request and record a profile of that and later on you can analyze which of your function calls takes like most of the time like this is a real world example where we analyzed the execution where versions are stored and we found out that there's a call when we fetch the actual file which takes like 86 seconds and this is like a really nice tool to figure out why your application doesn't perform very well. So we have the same for JavaScript as well there's not only as most web developers know the console and the web inspector but also a JavaScript debugger where you can go through your code and also a pretty advanced profiling sessions in both Chrome, Firefox basically in every browser and for Vue.js as this is the front-end framework we use more and more in Xcloud there's the Vue.js DevTools I really recommend you can inspect components pretty easily there you can watch which events are fired in the view stack and it also like the recently introduced some nice performance measurements where you can analyze how often your application re-renders the current view yeah, I encourage everyone to who develops to check this out and maybe try, maybe it will make your development life a bit easier thanks Okay, hi, here's Arthur again I'm going to talk about Fred's port for LDAP so why LDAP in general Lightweight Directory Access Protocol and abbreviation when you're self-host and you have a plan to use two or three applications where you need to have some logging in and then it already helps to not have every single account and every single application and there are many open source implementation out there that's all standardized, there's a ton of documentation of course and it's also quite flexible not only have users or groups stored in there but you can use it to power your blog for instance so what's new writing capabilities but how would we come there so we have the LDAP back ends in the very beginning and it's actually rich only there's just a set password opt in yeah but there were also requests for a long long long time to get some write support in and at some point of time there was also an initiative out of the community to build and plug in system so that so that a different app can extend it and actually the write stuff and this was done by an NGO from Brazil EITA and they just did it and it has been there for some time so now they have their own write implementation which was very strict to their organization and yeah this year there was a customer of ours who asked to also get some write support because they have some nice use case there and yes they also said yeah when you're doing this and make it also in such a way that it's yeah usable for everybody and not very specific to view it as a company so now we have in general purpose write capabilities that are integrated into their next cloud user management so it doesn't look much different there's just one change you already see which is optional and the upper left there so the user name feels great out and their random user ID can be created or yeah you just disable the option so this is one of the things and the only visible change so far in the user management so it works exactly with this with the provisioning API that's being called anyway by the user management and then the data is just there so it's kind of not a full blown manager for LDAP but it's possible to have also sub admins be able to create, modify and delete users there there are some options that you can set to kind of define the behavior a bit to your likings, to your needs and there's also an LDAP template that's LDAP specific thing this is how you define define a user record and here you already see some placeholders so since it is integrated into the user management we also kind of need to follow the possible API or the way how things are processed so when the user is created it goes step by step by step and that's why at the beginning not every detail is available for instance you can add of course an email address but it will be just added at the later step due to how the APIs are structured for the next cloud so that's why you have three placeholders you can use and anyway the email will be added later once the object is created and well you can use the default template which should be fit in most cases anyway or you have your specialized setup and use this yeah I'm already done thank you very much thank you very much excellent let me start this game it's counting seconds great cool so I'm sorry I wasn't here yesterday we had a conference clash with the LibreOffice conference anyhow we're here to make open source rock that's our mission some companies write their mission statement after they're going this is a random advert but I have a Oculus Quest here so if you haven't experienced the 3D wonder of the world and seen why we need free software solutions that aren't tied to Windows and hear what we're doing about that come and see me and play should be fun so I'd like to tell you about the things we've done in pretty much the last year and I'm sure you'll remember our online and the next cloud integration as well I feel slightly cheaty for that because many other people have done this work but I credit them there so we have worked a lot on making the mobile UX significantly better making shape editing nicer rename support a cleaner UI shape editing high DPI stuff but obviously this is not everything we need it's also vital to have blockchain integration so yeah thank you thank you yes I know I know yeah this is I'm glad this is appreciated so there's a company called for rain in Switzerland who are awesome led by an ex FSFE chairman anyway but so we've integrated with them one of the things I'd like to show you is some of the work we're doing on mobile so we are actually doing a whole lot of work with another a great collaborator and next cloud partner called ad finis in Switzerland and making tablets for school kids and so on but just making this look nice and prettier bringing the sidebar you can see some of that stuff there in test flight now and quite a story here you know we love to support our partners and customers so when they buy one thing which we can deliver perfectly and then it turns out they want something totally different that's extremely expensive to do often we end up you know by collaborate online get an iPad version thrown in free you know important to customers new spec and of course bringing that to android as well so lots of work going on there to make a pretty mobile UI and also a single hand use mobile UI so I'll talk about what we're doing for version 4.2 which will be out Q4 yes hopefully before Christmas that's the you know I don't know when it gets to the 1st of January you know midnight and everyone's trying to get the release out it's annoying so we're hoping to do this sooner rather than later but you know Q4 covers a multitude of good things but here are some of the things we have already that we're doing there so making the spreadsheet look more spreadsheety and pretty with nice fill downs that work properly that even fill with the right content resizing tables and table selection I think you've seen the sidebar there in writer just adding a lot of that rich functionality you expect from you know a collaborative office LibreOffice on the client to do all of those things you always wanted to do I don't know changing the transparency and contrast of your image and its brightness and color made and so on the contour you know you need to edit the contour of how the text wraps around stuff so that's obviously vital online widget theming so people come to me just to encourage me and they say your UI looks like windows 95 and you know that fair enough fair enough what can you do so so now we have a custom look and feel engine that then renders all of these widgets much more prettily and building on our existing native widget framework there to to make it look less like a squatting alien of course there are loads of pieces you can't see a lot of new apis people load time pdf rendering better code simplification infrastructure changes funny mine says four minutes but anyway let me move on copy and paste so you know instead of a CSV dialogue you know you can actually start to paste your rich content see it seems obvious doesn't it you know to go from here to here well let's try google docs in chrome and let's try office dot com for excel so you know kind of kind of not quite the same on each side performance wins you know threading file save continual interoperability improvement on top of our excellence there but next cloud integration wins let me show you easy sharing close by over here thumb nailing integration so just add it and suddenly all your thumb nails show up beautifully and you get these nice previews there highly secure document stuff don't let the document out of your site terrible pun but give you know a secure view here with watermark so you can be sure you know the pixels are going out if you let the pdfs out they should be watermark too you should be able to insert images directly from your next cloud play with it there are lots more features there we do this with code we broadly know what we need to do from an engineering perspective we have a lot of problems that are that easy to solve it's just a matter of time and actually getting time is the hard bit the commercial guys in next cloud and also are doing an amazing job providing money that funds the teams that do this and they're often the unsung heroes you know and the marketing people too I mean you know just the marketing and the sales putting those together are really really important and how that interacts with community is fun the LibreOffice community think that we should be telling people the truth that if you're downloading it for free from LibreOffice it's not supported and so we put this dialogue up saying to avoid the impression it's suitable for deployment in enterprises and that only shows up if you have an enterprise you know like more than 10 10 documents open 20 concurrent people using it so we love we love people to use it we love people to contribute it's very easy to turn this off but we need to make sales and marketing people's lives easy so they can help us make it all better and tastefully grow the ecosystem so that's it bingo thank you for your patience Nina can we connect to my notebook somehow here can we connect my notebook somehow to this device yeah okay so hello I'm Michael Schuster I can call you Michael I just joined NextCloud in August this year no no just booting I just multi-tasking you know have to get around my Linux and start this beloved Windows instance here I joined the desktop client team and one of the first thing I developed that NextCloud there was the lock-in-flow version 2 you've seen already Ben showed you so the technical part is already done and I wanted to take this opportunity to show you how it actually looks when you connect to desktop the desktop client to server instance of NextCloud you need at least version 16 of the server to have the new feature of lock-in-flow version 2 please don't mind my desktop this is actually a clean version I have systems with much more icons on it even don't remember I abandoned this laptop here also beforehand so I started Docker instance and then I can talk a little more okay actually I wanted to share also my story how I came to NextCloud because I always wanted to contribute to open source and I didn't really have an idea how and where to start and how to proceed also doubt in between if I may be good enough in coding to contribute to open source because I have strong demands to myself and I am teaching a class of elderly people for 13 years now have a loyal group of five and more and they all tend to use Windows tablets and they are smartphones and they also have cloud accounts because they are approaching the 80s and they just want to be online and connected they don't want to be hung up by us young people so and they are pretty cool and they tend to use OneCloud because they use Windows OneDrive I am confusing all the clouds OneDrive and then we thought could we not be independent of all this commercial stuff and these entities control the data and I am privacy concerned and so they are and then I said okay maybe I set up an own cloud instance and I switched to NextCloud recently because for obvious reasons and then I gave them access to this cloud they got printed clouds with the cloud 7 logo and password on it printed and here is the present you know 7GB and it's more 20GB now because they have demands they want to store all their photos and auto upload these things and so and two minutes left is crazy oh man stock are running yeah okay and yeah I talk about the old version of the desktop client and they also have they all have tablets with 30-bit windows on it it's very common even if it's abandoned in development 30-bit is common on cheap tablets or system installed even the processors are 64-bit capable and there was no client fitting our needs because only the old version 2.3 supported 30-bit support for Windows and we had issues with it and then I thought is no I installed it the folder was empty there were no 32-bit support inside a new version so I decided just okay now I go ahead myself I try to build this binary because C++ is not a scripted engine you have to build binaries to run it and yeah I built a 30-bit version published it lots of people over the world downloaded it this was pretty amazing and then I decided okay I go a step further I built the new build system for Windows you just run the best script and then you get the completely built desktop client in approximately 50 minutes on a normal machine and you have the windows built and modally installed for both platforms so the new and client also supports both platforms and if you have it installed like me here my Docker instance should be running maybe I can keep up with the time we have the new lock in flow version 2 here also I just try to connect to my local instance is this font large enough it could be larger it's not so important it's just a local IP address here no I think it's okay thank you so I have SSL self-signed certificate this is not so good but for testing it's absolutely fine and what's now happening the client is opening a browser window and is telling me that I should be aware of it very good very good oh one minute left no advanced yeah I accept everything I sell my soul to you I don't want it back and here we are check and log in it's actually Firefox running here it's not connected to this and the client is pulling constantly the endpoint and I think I have this fancy username here with a very secure password actually no it's not password no so and then sorry I try again this is so much for me no if I have internet I could do more okay then we do another one I escalate because the password is test one two three it's much more secure and then I grant access and just right now access connected hey that's pretty cool no thank you thank you I really like the original web flow when it's approached because you don't have to copy and paste app passwords they are cool better than storing your real credentials on the device lost is bad so but this is even better you don't have the connection with the web view embedded in this client is really time out yeah thank you so I just want to check I'm talking to the right audience so that's really good timing anyone here who bought a company recently no million dollar investments maybe so you're not professional investors okay maybe wrong audience then anyone who runs a company or owns one two three okay we're getting slightly warmer anyone sometimes shares a document you don't want to spread everywhere okay getting warmer getting warmer all right and you know getting warmer getting warmer alright anybody who pays taxes we all try to avoid it right yeah we're getting there we're getting there okay and I guess everybody has a bank account am I right very good all right I guess then we're close enough let's see how this goes so I have little story it's still about investment because that is just more fitting but there will be elements in here that are interesting I think for all of you so small company is looking for an investment and well they're found an investor who's interested in investing the company buying a part of it of course because essentially that's what you do right you sell a part of your company and well the investor of course wants to see what they buy which is fair enough but the investor might actually be a competitor that happens or maybe a potential partner either way you want to make sure that while they have to have a look at your books they don't get the full list of all your customers and walk away with all the proprietary information you have as a company I mean I'm hoping you as a company think that you have stuff that others don't have most companies think they're very special and of course they have things to protect and in many cases they're right so in the old days you would put all your important papers in a room everything you want to share you put in a room you invite a couple of people over from the other company you know their lawyer and you know the financial people and some others you let them in the room after you checked whether they brought any cameras you let them do their thing figure it out what they want and you know they can come out maybe with notes that you want to check and of course no papers but you know it's a little simple in 2019 we do this a little simpler these days we do with digital and you can't of course protect everything but the idea of a virtual data room is exactly the same thing you try and give people access to documents so they can look at it but you try to block downloading and you use for example digital watermarking to make sure that even if they take screenshots or pictures you at least can track what changed there so that's what we're talking about digital data room what happens you invite your investor you say okay you know there are six, seven people from the investor who want to look at your papers so you set up a virtual data room with NexCloud you give six or seven of your employees accounts they will handle the whole process they upload only the documents that you ever want to share and you create guest accounts for your guests which is pretty easy right you choose guest account give the email address of the other person and of course you want to make sure that the guest accounts from the investor are properly secured so you enforce two factor authentication and the first time they log in they have to set up a two factor authentication of choice for example a nice hardware security key or a TOTP or one of the other options after that you make sure that whenever they see a document it is watermarked and you can choose to only watermark documents that have specific tag like I do here with the confidential tag or you make sure that all the documents that are seen by guest user are automatically watermarked or you know there are lots of options here and at that point whenever they see a document that is shared with them you make sure there's no download button which is hidden you make sure that they can only see the document and the watermark is always there of course you also want to secure the communication now maybe you do maybe you don't trust the internet to deliver emails without anybody having a chance to look at them if you do trust the internet to do that you're well let's just say very optimistic so it might be a good idea to try and keep those emails under wraps as well now there's a cool feature secure mailbox that we have in our outlook add-in there's a little tick box there that I'm going to hit and if you click that it will essentially upload the content of the email to next cloud as well as the attachments and the email will just contain a stock text that the recipient then gets essentially information like hey you can find the email here now in this case we actually sent a share URL and of course you should take out the password and send that via let's say signal or sms but when the other user has a guest account on next cloud the outlook add-in detects this automatically and will instead make an internal share and just include a private share link which is of course even more secure but nobody will be able to see this email without actually going through two factor authentication and that way the recipient will see this the content of the email in next cloud and nothing else all the communication can go over next cloud so you can have video calls over next cloud you cannot chat so the whole process of reviewing documents discussing the whole process everything happens on this one virtual data room nothing leaks nowhere and that's of course why you did this in the first place now you can you have a lot of options you can for example still give them the ability to download but only via the client so you could say okay I want the guests to be able to use the desktop client or mobile clients that's possible you can then monitor the whole thing of course there's also an audit log but I don't show that because it doesn't have pretty grouse and I'm a very visual person and the guests they can only see the files you share with them they can only upload if you gave them a folder in which they can upload documents they can only edit files you gave added rights to and only see files and they're watermarked so you are completely in control and that's quite a nice feature and when you're all done you just wipe their devices remotely because hey new features for the win that's it I hope I explained a little bit why this is an interesting slash weird feature that we are introducing yes that's it as you can see this is also the end of at least the biggest part of the program of the conference sorry end of the program we still have a workshop and a movie and if you're interested in either of those you should definitely stick around the lounge room is still open where you can hang around and of course tomorrow there's both the enterprise day as well as continued hacking here so many of you will probably stay for the rest of the week until Thursday for those of you who don't thank you for coming here and all the speakers thanks for speaking I don't think the sponsors want me to do that alright so I have a few more thank yous first of all there are three people who decided to buy a supporter ticket I really appreciate that the first two I hope I pronounced the names properly because the first is Zaliko Fernesir I don't know if he or she is here but thank you for doing this and the second is Georg Dyle again I hope I pronounced it properly but thank you and the third I don't know I mean if you're here in the room just wave and we can thank you but we'll applaud you anyway I'm just happy I don't have to pronounce a difficult name awesome thank you and of course a thank you to the TU Berlin Thomas is still here hi Thomas thanks a lot it's really awesome that you know I think this is the seventh year in a row that I'm organizing this even joined so that's really cool you guys are still not sick and tired of us that's awesome Sponsors Opensuzus sponsored us I know Doug already left but thank you anyway that's really cool Univention right here I mean we had a lightning talk thanks for sponsoring support in the conference Tuxedo computers I mean we used their laptops the whole time also at registration really cool Thurus Tuxedo for the stuff that you do and for the support we got and Niteruki thanks a lot I mean we've seen the talk from them so thank you applause for all our friends that's it from my side if you have something to share then indeed you forgot someone I forgot all the volunteers it's horrible let's first thank the volunteers can all the volunteers come on stage please come on now they shouldn't be working all the volunteers if you have a volunteer sticker on your badge please come here so what I wanted actually so what I actually wanted to say because you stole the microphone back from me it was actually to thanks all the volunteers but also including you of course including yours so not a clever thing yes also for me a big thanks to everybody for coming to make this event happen I mean we all make this event happen here together it's a community event so thanks a lot and it's a really blast and I think it's another milestone which is like cooler and more fun and bigger and nicer than the year before and I'm really happy that we are evolving our event and our community together and for me it's a real blast to be here every year and yeah I hope you still have a good time here the next few days and hope to see all of you and even more people next year of course thanks a lot also thanks to Nina and Marie I thought you were oh yeah and oh yeah and the video team thank you video and streaming and everyone of you for coming everyone of you who gave a talk listening everyone who will give a talk next year awesome and we'll have what time is it now actually okay no I just wanted you to hold the microphone right yeah okay so basically now we will I guess take a short break so if you want to grab a coffee and then those interested in the workshop which is turning your app to Vue.js yeah well basically it's your app in Vue.js you can all gather in this room and at in like 10 minutes like yeah a half past four I guess and then we have the Africa Hack Trip that will be at I guess one hour later so it should be like 5.30 so I mean if you want to then one of those gathering let's say like that it's so 4.30 and 5.50 thank you very much