 All right, so I got a little quiz for you on the on the top. What do you see? What kind of connector is that house that called? So and what's the thing below that and together that's Louder Lightning talks. Yeah, right. So you'll have to you'll have to do a bit better because we need some some involvement of the of the of the Auditorium here during the lightning talks. I'll explain why so the lightning talks the first session today on day two Lightning talks are basically short talks that each congress participant may give if you register for one soon enough and You basically get five minutes to Tell us something about a project you're doing or tell us about your assembly or something And sometimes you also have three minutes, but these are only some of the talks to make sure that every talker Uses his five minutes his or hers five minutes. We have the timekeeper this nifty device by Alex We'll give a short demonstration So would you like to say something about your yes This device should make sure this the lightning talks are really lightning fast last year We got complaints you shouldn't hurry people so much give them more time And I don't think this is the spirit of the lightning talks, you know the spirit of the lightning talks is To make things fast to make things enjoyable to get your concepts to the core and to entertain your audience and therefore we will keep the time with this timekeeper and When I start as you'll see a green LED column rising up Where in the first four minutes you have five minutes after all in the first four minutes everything is green Then the column will be rising this way for maybe not that fast. This is a demo mode and When you're forming it when four minutes are up everything The green light will be on top and when the green light is on top This means you have about One minute left This is the time when you have one minute left and then it starts with yellow in the next 30 seconds everything is going to be Yellow and when you have 30 seconds left the red column start is to rise and this means you should come to an end and now you have about 20 seconds and when it's About this way we will do this sign with both hands. It means you have 10 seconds and then it's your part Can can we have a little bit of training? Yeah, we will practice nine eight seven six five four three two one Marvelous, I don't think we need to train this again. I think I think it works. Yeah, so everybody knows what to do Wait, the speakers don't know what to do so if you're a speaker and you forgot your time slot you can still check it on the Mirror wiki because that one isn't down So for day two, there's the list with all the talkers and if you know when your time slot is you should Yeah before before the talk in front of you You should go to the front row and wait there then get up as soon as you see your slides coming up Come up here where I'm standing take this clicker from the previous talker Don't let the previous talker run away with this because it's mine and And then just talking to the microphone. That's also very important You can see your slides down on this monitor. You don't have to turn around and You see what happens if you turn around to look at the slides up there Then most of the time you can't understand me because I'm too far away from the microphone so please just talk into the microphone look into the crowd or look on to the monitor and Just click left right for the slides Then one final announcement. There's also translation available or the English talks will be translated into German and the German talks will be translated into English on The usual number decked 8014 for Zalji That's it. Let's have a great session and start right away Hello everyone and It's really awful. We have to talk about configuration management If you don't know it that means that you have a some form I'll throw this away apparently That you have some form of text file or code file that Documents the state of your systems configuration and that's really great when you have thousands of servers You can have all of them in the same skate and there's no confusion around there and of course The tools that exist for configuration management are optimized for these huge systems So they become huge systems themselves. This is for example from the documentation for chef I didn't find a diagram that shows all of their concepts It's like 46 on this introduction page. It's really awful. Maybe it's some iteration of Conway's law and My use case is quite small. I have my notebook and I want to document the configuration I want to know how to how I set up the palm detection years ago So I want some kind of minimalistic configuration management. Does it click? And My idea was to use the package manager. We have all we need in there We can just build a configuration package and ship the configuration files as part of that package and Install all the applications that we need as dependencies to that package So I just install that package during setup time and everything is configured automatically if I have anything else I want to set up like users or groups. I can use this post install scripts that most packaging managers support But of course, there's some limitations to this For example, when someone changes it stuff afterwards, I cannot simply rerun this post install script it's hidden inside the package and the file If I want to install a configuration file like in this diagram I might get a conflict when the application has a default configuration shipped in its package so there are some problems with that approach and We can solve all these and that's what holo does what I've been working on the last few months and what I've also using productively on my systems For example, this file conflict is really easy to resolve. We just drop the default configuration and install our custom configuration That's an easy part. For example, we can also ship a script With the configuration package that modifies this default configuration So if the application developers later choose to change the default configuration, we automatically benefit from this We can just run holo apply again When this happens and I can also provision any other kinds of entities by putting a source file Into the configuration package that is then also processed with holo apply and Now I have my source file So there's some source of truth about how the system is configured. So if someone changes it later on for example here, I Changed my SSHD config and that's bad, but I can detect it with holo diff and I can apply some dash dash force to fix this later on and That's the end already here are some links for you to check this out and I also listed some Contribution opportunities if you like you can build packages for holo. I did packages for arch Linux It's that's what I'm using but if you are using another distribution I would really like you to build packages and Use holo for yourself and also there is a plug-in system available So you can teach holo to provision new kinds of stuff for example databases or what you what you whatever you want Okay, thanks Thank you very much So this talk is going to involve some hardware demo Hi, I'm Swally and I code demos. I've brought with me today Something which I call a demo blaster. That's just a ghetto blaster for playing demos self-coded stuff and The clicker isn't working Slide could Could you do slide please clicker isn't working? No, no, it's So Slight please Okay, but but but please reset the timer I'll exchange the batteries right away Okay slide, please So it's this whole project started with a failure I wanted to build something with LEDs and use LED stripes with a connection board for a Raspberry Pi or an Arduino Neither work though the LEDs were okay that would be proven I wasted a couple of day and threw this whole stuff away once the next approach work slide, please The hardware is this is the next approach the hardware is a translucent briefcase I bought it on eBay the manager factory itself is specialized in creating blister wrappings, which was a bit odd for me slide, please We have got 32 by 16 LED, so I've got half a K of LEDs The grid that separates the color is done by a CNC maling cutter And the wood was taken from the backside of an old closet, which I had in my basement slide, please The holds LEDs are driven by a so-called fake candy microcontroller. This is a teensy three base designs with just the output pins Solder differently slide, please The whole stuff then is connected to a Raspberry Pi 2 that drives the animation slide, please I've got for the sound a pair of standard USB speakers or USB power speakers for for a laptop or a PC stuff like that slide, please and For debugging or working on the hardware. I've got extended the USB port and HDMI port and the LAN port So I could use something like the laptop for connecting the stuff we're using as a remote console slide, please And I've got a huge power supply is needed So there's no solution for using batteries right now slide, please and I've included a minion just because they are cute I like them slide, please And The software is also all almost also also available and I'm using the fate candy server this is in github project. I've Slightly modified the official Open pixel control protocol library So that I could use a different graphics library for sending my data They are also client libraries available for C++ Python pearl the protocol is really simple You can do it in anything that can write binary data over TCP IP slide, please So how do they get the stuff done? We've got the LEDs with the appropriate tarry bus slide, please and they are connected to the fate candy Microcontroller which itself provides USB. Yes slide, please. Thanks This is connected to the fate candy server. This is connected via TCP IP to slide, please my client application And the client application in itself and is also Done by of the chef components only the green parts. This is something that I've needed to code myself Everything else is out of the box. It's already working So a slide, please and the fun part about it since it's TCP IP you can also do it from a development machine You don't have to do it on the Raspberry Pi 2 you can use your normal notebook for Development and don't have to go for the embedded system slide, please so my conclusion Building this stuff is done using out of the shelf component They are they're almost no soldering and needed only to sort of the power supply all of the stuff is just putting stuff together It's working perfectly The complete software stack is available and since fate candy is a USB device. You can you connect it to almost anything They are also already binaries available for Mac OS X Windows and Source code is available. You can put it and anything that can go can compile or something for Linux will work and Two small hints for myself Don't drive the LEDs up to the maximum. What you see right now is about 50% Because they tend to break if you really drive them up to the limit in my case I think it's because they are getting heat and This breaks them and for software hints if you want to do nice animations use over sampling So create a picture. That's something like four times as big and then scale it down just right before you want to display it and And for an impression use the movement use movement Yeah, and if you want to see demos you can visit us at tonight at 2200 and hall F and then we are going to do two hours of Self of demos showing demos. Thank you Thanks a lot I'm terribly sorry about the clicker right now. It seems to have been the batteries Yeah, okay Can you put up a slides, please? Let's go Ehrlich and unscrupulous She's still on right and gesetz halten No, no, no eheleute Keinen aufruhr mehr von irgendwelchen benachteiligten noch bevor sich irgendwelcher protest von mir sind schon alle railsführer verhaftet Das heißt zufriedene begnügsame empfänger von harz 4 selbst wenn wir den satz halbieren Und wenn wir wieder einmal krieg führen müssen gegen die feine der überwachten freiheit wenn wir wieder einmal Entfernen ölreichen ländern unsere werte verteidigen müssen dann können wir sicher sein das ist zu hause nicht zu gefährlichen Deustrussartigen Friedensdemonstrationen kommen wird der liebe freunde es ist jetzt die zeit in der sich entscheidet ob wir zukünftig noch in einer demokratie leben werden oder unter einem geheimniz regime Momentan wird jeder terror anstack als anlass genommen den unkontrollierbaren geheimnizten noch weitergehende befugnisse zuzugeben In deutschland gibt es sogar schon einen eine gesetzlich zusicherte straffreiheit für verbrechen vom inlands geheimnizt natürlich nur zu unserer sicherheit Und mit der vorratssatenspeicherung wird das überwachungsasenal weiter ausgebaut und es wird immer einfacher Oppositionsverwägungen zu unterdrücken und whistleblower rechtzeitig aus im verkehr zu ziehen noch bevor sie ihren skandal an die öffentliche Gebracht haben Überwachung ist unvereinbar mit volksouveränität und zerstört das fundament der demokratie Unsere fastung es sieht zum glück noch eine letzte instanz vor die uns vor dieser entwicklung schützen kann Die sind stanz ist die mächtigste überhaupt das problem ist die ist unheimlich träge und schwerfällig Und ihr wisst schon von was ich spreche die instanz die ist Unser hindern und den gilt es jetzt hoch zu kriegen und für eine starke öffentliche Meinung gegen überwachung zu sorgen Und das ist auch das anliegen der plattform gegen überwachung die plattform ist eine website die soll mithelfen die bewegung gegen überwachung zu vernetzen stärker zu machen und diesen unmut der schweigenen mehrheit zu transformieren in öffentlich wahrnehmbaren protest und dafür enthält die plattform gegen überwachung eine liste von lokalen gruppen die sich gegen überwachung engagieren und wer sich auch engagieren möchte der findet über diese landkarte eine gruppe in seiner nähe Wo er mit sich anschließen kann und mithelfen kann und ihr seht schon es gibt Große flächen die noch unbesetzt sind deswegen mein appell an jeden von euch wo auch immer hier herkommt wo es noch keine lokale gruppe gibt Tragt euch ein in diese liste auch wenn ihr allein seid tragt einen gruppen gründung und dann finden euch andere in der region die auch mit arbeiten wollen und dann könnt ihr gemeinsam größeres auf die beine stellen Das kann ganz einfach losgehen mit einem info stand oder einen vortrag den organisiert oder eine aktionen eine kreative oder eine demonstration Was auch immer ihr vor habt was ihr als geeignet betrachtet das thema in die öffentlichkeit zu bringen Veranstaltet es und tragt es ein in den kalender gegen überwachung auch auf dieser plattform Da stehen sämtliche sämtliche veranstaltungen die sich zum thema überwachung Richten und wo ihr dann mithelfen können wo ihr die an veranstaltungen verbreiten könnt und werbung machen können Ja und wem das alles viel zu aufwändig ist Für denen gibt es noch das logo gegen überwachung das könnte dann auf der website platzieren oder auf als auflieber auf irgendein fester Und damit einen wenn auch kleinen beitrag zu öffnen in meines bildungen leisten Ich werde die website weiterentwickeln nach und nach und freue mich über anregungen kritik oder mithelfen vielen dank Okay next talk please fair alerted Okay, there's the speaker So for the following speakers if you see that the speaker before you is coming to an end or during his talk Please come to the podium so we can switch quickly go ahead Okay, hi, I'm Sebastian and I'm going to talk about fair hardware In order to explain what fair hardware is I'm specifically Going to talk about tin Tin is a metal that is an every electronics product Because we need it in order to stick electronic components together So why should I be talking about tin? We have clicker problems again could also be that your slides have very high resolution images, so it takes a while for my There are a number of problems with tin mining one of them is that a lot of it is conducted informally Which basically means that people dig the tin out of the ground by themselves That doesn't really provide them with a stable income, but it also leads to To other related problems such as child labor Or frequent injuries or in even death because of the lack of safety measures additionally As another problem mining is frequently environmentally devastating and Leaves behind moon late moon landscapes such as this Where it takes decades in order to be able to grow anything again? So this is a kind of a dirty but open secret of our own gated community here That all of the hardware that we love to play with is affected by Social problems such as the one I just sketched out So what should we do about it? Well, I'm here representing a small nonprofit called fair looted And I'd like to tell you a little bit about how we got started so One day last year we found ourselves brainstorming with another person who had a fair hardware project who was making a fair computer mouse in order to find out what what a good project would be to start and And She said that tin was kind of a blind spot in her own supply chain So we thought well, it shouldn't be too hard to swap it out for recycled tin in order to break this link to these destructive mining conditions So the first thing we did was choose a catchy name, of course, and we told the world Okay, we're going to do this and that was good because it also helped us to get Press coverage very early on And that in turn helped us I got to get into contact with With a large maker of soldering products Okay press coverage soldering products so over a year Over a year we talked back and forth with them You know, what does the word fair mean to us? What technical possibilities are there and one year later? Tadah Here we have our first recycled soldering wire, which is camera shy So I'm not telling you to this to brag about it. Here it is I'm not telling you this to brag about it, but I want to share this lesson that we learned in the process Which is even though the state of the electronic industry as a whole is pretty bad when it You know comes to labor and human rights issues and so on there are lots of companies usually Not the huge companies involved who actually have a conscience and who want to be on the right side and Who recognize that they are responsible for what is in the supply chain? so it might be enough to Basically plant this idea into their head that they should care more about where their resources come from for example And they might go a long way a long part of the way on their own So here's something I would like more people here to do one is talk to some company and You know get them on the right side You know, maybe you just need to talk to them and they'll Sort of see see the value if you work at such a company Why not start an initiative in your company if you make hardware? Try to document your supply chain find out what is in there? What processing steps what resources and let people know because transparency is always the first step So if this got you interested we would like to meet you. We're organizing a meetup. Can I have the next slide, please? Where we're organizing a meetup tomorrow at 315 Can I have the slide please? Yeah, it should come Okay, so we're organizing a meetup tomorrow at 315 at our assembly between the knock-out desk and And the sender syndrome so meet us meet us there any other time contact us electronically. Thank you Thanks So some of the talks seem to progress rather slow. That's usually the case with PDFs that are like 10 MB plus Because there are such high-rate illusion images in there that I don't know my think best is more far too slow for this Okay, next talk, please Hello, everyone. I would like to present a project that is the outcome of my PhD research on patents and makers It's a proposal of a new legal framework a solution that would free makers and making from blocking effects of patents on its Implementation I work with a friend Paweł Alex Honacki who helps me with technical aspects and with my talk I would like to encourage you to support us with your ideas and knowledge For time limits, I don't have much time to talk about all critical points of the patent system But I would like to highlight one very important my opinion for makers. It's called. Well, I called it over patentization Patenting nowadays follow paradigm the more the better the more patents in your portfolio the better for your business strategies And that leads to a situation that more and more Technology fields are packed with patents and it makes very troublesome for an individual to find out whether he or she makes on patented components And as good a good illustration of the situation is a smartphone as Estimated by Samsung lawyers in the notorious battle Samsung versus Apple. They estimated that one smartphone covers 250,000 patents so Automatically you may ask yourself about the quality of such patented solutions and of course not all patented solutions are of great quality and Interestingly enough even great big companies for example Google admits that they portfolios are not free from from weak patents So in this problematic context, I I wanted to answer a question whether patents and patent law creates beneficial conditions for makers to make freely free from Patent troubles and I focused on public and non-commercial making and as a legal object I took under scrutiny patent exceptions. These are a legal instruments that That limits patent exclusivity and allows third parties to work to make on patented Solutions without the permission authorization of a patent holder. I can imagine that majority of you heard about private and non-commercial use or experimental use and in my research I I Reach rather negative conclusion for for patents and for the whole system because current legal exceptions patent exceptions are insufficient with an incompatible with making and They are granted very narrow scope of application Unfortunately, we can observe very strong pro patent mindset and all Proposal of limiting patent exclusivity are not welcome in patent community. Nevertheless, I I decided to try with my proposal and Green light is designed to keep public and non-commercial making free from all possible patent threats It's intended to keep first of all sharing of information instruction sharing free from Possible patent infringement and accusation of patent infringement It's designed as a blanket solution. So you don't need to ask for a permission from a patent holder and it's a green light framework is composed of of green light legal solution and a green base Which is now a very important for the whole project. It constitutes a central point and The green base not only facilitates to accumulate all makers and makers ideas in one central base To for green light protection, but with all it would also help us to create a maker driven prior art source for patent examination for patent offices So advantages of green light first of all makers will have free space from patents Owners will have we can boost their patent and portfolios with new improvements and most importantly I think you'd be very good argument in discussion They can also see which solution are very easily Remakeable so they can if they see it they can abandon such Patent patents and save money with this and patent offices. They they have new source of prior art We see a lot of threads and have questions. We ask ourselves how to What kind of form should be given to such patent? Yeah, okay. Okay. So now you if you have you'd like to support our project Please contact us at contact green light for me Thank you So next talk, please Hi Good morning. So here for talking about digital stalking response protocol Which let's see if the slides work. Yeah I've recently been involved in two cases of stalking not personally Dealing with victims of stalking cases which have had a digital element and it's been it's estimated that between in 50 and 80 percent of Stalking cases that there is a digital element within this The cases I've been involved with know we're in two different EU countries and I've also been doing research in a third EU country So what I've discovered through this is that in each of these countries the the information and the way to deal with the Digital elements of stalking cases are completely different So I kind of boiled it down into these different areas Which is the important areas forensics illegal police social workers psychologist and victim support Forensics is really important in the sense that obviously nobody can do anything legally about in a digital stalking case without some sort of Forensic element forensic documentation of this and who can do this varies from country to country So for example in some countries you need somebody that's specifically Licensed to do kind of digital forensics in other places in other countries in other jurisdictions You have people that just have to be part of an organization, but have no speciality in this They're just somebody that does a kind of computer computer stuff and is involved in some sort of organization So it's really difficult to find the people that can do this and to know who to look for The legal aspect of this there's two legal aspects one is that the the Judiciary the judges magistrates and people have no idea what is going on when there's a digital element in stalking They probably don't have much of an idea generally in any normal stalking case But in in the case when there's any kind of digital element involved they have no idea about this So that's one group of people that need to be Reached the other group of people who need to be reached there's also people lawyers, etc. That might be helping a victim They also have no idea about the kind of technical aspects of the stalking case So it's another group that needs to be reached the police themselves again The police will deal with stalking cases if you can go along to them and say Under this law and a subsection this under this element of the computer misuse act for example in the UK this but The typical response that I've seen when I've been doing research in this is that you know if a person goes into the police station and says Here's my computer. I'm being stalked. There's this digital element The first case I was involved with of these case I was talking about was in the UK and the police told the person to take their computer to PC world which is a computer shop in the UK and they would find whatever was going on with what was the problem with it So again, even even when the police do have an interest they they also don't know how to deal with this deal with these kind of elements Social workers are again people who will deal with victims people are dealing with people who are Coming to them in in the stalking case again another group of people that have no kind of background or knowledge about the technical elements That might be involved in this but also social workers are a really important group of people because they are the people They can do outreach that can get information out to people that are potentially in a in a in a risk situation Etc. They're people that are in the community. They know what's going on It's very difficult for like, you know geeks and stuff to get out to these guys to people There might be in these very isolated cases. They might be in a very isolated situation. They might be victims of abuse already so it's a very Important group of people and again psychologists and victim support people that are working this when From the cases I've been involved in in just doing research people once there's a digital element to a stalking thing This is a very very big psychological thing because you don't trust technology. You can't trust your networks You can't trust anybody but again the people that are helping trying to help you deal with this again They have no background in this they have no background in networks in digital stuff or whatever We need to look at tools for this and we certainly need to do a lot of awareness raising and training for all these different groups of people This afternoon. I've organized a session Three o'clock which is on the first floor downstairs And basically the idea is if anybody in this room has any knowledge about those different areas in their respective countries If they can come along You know or we can begin working on this and get kind of a knowledge base and work on some practical things Please come along to that. Thank you Thank you Cutie pass Where's the talker? There he comes So a public service announcement to all speakers please come in front to the stage before your talk starts So these are old slides because this wasn't actually my talk I'm doing it for someone who couldn't be here and it's about a password manager called cutie pass Passwords are a problem. Please talk into the mic. You can see the slides down there passwords are a problem We all probably have issues with them. So There's a nice password manager called pass which is in every distribution and it lets you use GPG Gits and tree and PW gen to manage your passwords But it doesn't really work with people who aren't terminal aware. So we built a GUI for it and This lets you use all the bits of pass on OS X on Linux and on Windows and Let's you manage your passwords also in a team We have about 20 contributors at the moment and about seven languages and Basically for each set of passwords you can decide which people can read them So you can store your passwords in a git repository encrypted with GPG With a number of other folders and each folder you can say I want this person to read it I want that person to read it. These people shouldn't And the advantages that it uses GPG which is something you should be probably using anyway And we have tons of options Which are a bit complicated So if anyone can help us with design and UX, that would be awesome But basically you can use git or you cannot use git so you can use password generation or you cannot you can Yeah, have auto clears and clipboard hiding and you can also have Templates so if you want a consistent Layout for all your passwords then you can make sure everyone uses the same template and then it feels like a regular password manager That's the edit screen it has password generation from PW Gen or a password manager a password generator of your choice So the interesting thing was that people came with ideas like hey, I'd like this. Hey, I'd like that and What we tried to do was to tell them hey Well, this is how you do it So this guy came and said I want a new option for auto clearing. I think it was hiding content So we wrote back to him or any undead saying well, this is how you'd probably do it and the next day He did it So that's a nice way to engage people who are interested in your project and get them to start committing because They can if you explain to them how to do it. It's not always that hard Yeah, it's a Qt pass dog. It's in Debian. It's getting into gen two now We're looking for people to package it for other distributions. So if you can do that, that would be amazing We have I think seven languages including simplified Chinese now and we're always looking for languages It's really easy to translate. Just come find me. I'm at the neuro hacking assembly That's the Debian bit and I went way too fast That's no problem Let me just take your Your time to announce again that I know you're excited when you're standing up on that stage But please try to Talk into the microphone and do not turn your head around Look at the slides because you can really trust the monitor down there. It shows exactly the same thing Which is up there So let's get ready for the next talk NFC gate And go ahead, please Okay. Hi everyone. I'm max. I was working with a few friends from Darmstadt on NFC gate and Before we get to that just a few basics on NFC NFC is near field communication. It's a wireless communication standard for basically smart cards and You have a reader. You have a smart card You put the smart card on top of the reader and then they do some magic and communication happens and There are also NFC chips in many Android phones. So we thought well that looks like a great combination Especially when we saw that with Android 4.4 NFC emulation capabilities were added to Android So you could not only read out tags with Android, but you could also tell your phone to act like a tag So we thought well that looks like a great thing where you could basically do a Relay attack if the slides load well going to come up eventually and You would have two Android devices one smart card and one reader And you would put one device to the smart card one device to the reader the two Android devices would communicate with each other and Well in the end it would be a great relay attack You could read everything you change the communication and Basically do a security analysis In practice it was well Android really doesn't want you to do that It hides the functionality behind a bunch of gates and there are also a bunch of bugs So it was really nasty but Well with a lot of time a lot of cursing and a lot of coffee we in the end managed to circumvent all of those problems and Yeah managed to build a wrap Quick look at two of the problems we had encountered the first problem was that Android only supports a specific set of instructions for the emulation capabilities, which is the specific ISO standards and Many other cards use a proprietary protocol, which does not conform to that standard. So you couldn't emulate it and We ended up just patching the HCE code. So the host card emulation codes and NFC library on the Android device Using exposed so you can still use it on a stock Android as long as you have exposed installed And so we can emulate basically any NFC card Except my faculty because that's not supported but my faculty is boring because it's been broken for like three years The second problem was that there is each card has a unique identifier and this unique identifier cannot be Emulated using the stock Android features But we found in the NFC libraries Used by Broadcom chips that there is basically an undocumented function Which you could call to basically set an arbitrary unique identifier and all the other values you need So now we can emulate any unique identifier So if your door lock uses only the unique identifier, you now have a small problem and you should probably use a better door lock If you want to run it you need a device running Android 4.4 or upwards You need at least one device with a Broadcom NFC chip for example nexus 4 or nexus 5 The nexus 6 has an XP apparently You need the exposed framework installed on that device You also need a server to run our server application on and you obviously need an NFC system So while we're releasing it it's dangerous right well Kirkhof has something to say about using obscurity to secure your system So please secure your system even if people are listening to your communication or people are going to break it So we don't feel bad about this at all fix your systems So you can get the app at NFC dot WTF you can get a pre-compiled APK file to just install on your devices You can get the full source code. It's licensed to patchy and yeah, have fun break stuff send patches You can reach us at gate at NFC dot WTF or you can call me at Congress at The extension six three to four which stands for NFC G Thank you Thank you very much So the next talk called impact Actually has to has been moved to day four at 1425 Because well, I got a call one hour ago from the cash desk. There was a person who said I'm supposed to give a lightning talk But I don't have a ticket so If you look at the lightning talk description page, there's a sentence the first sentence actually on the page Says something like lightning talks are short talks that every Congress participant may give so You already have to be able to get to the Congress to give this lightning talk It does not guarantee you entrance into this building just to have a lightning talk So that just comes with yeah, you're here anyway, and you give a lightning talk You don't give a lightning talk to get to the Congress So day four 1425 This means we'll have to continue with with another talk I think Alex wanted to say something about that six FW by Dan RL their pronounces right Dan RL. Yes. Yeah, and with this talk We try our lightning talk super fast mode on request of the speaker You only wanted three minutes. Do you still want only three minutes? Or do you want four minutes? I try I try three. Okay. I tried three and we gave you an additional minute if you need it So you have two minutes of green and the last minute as usual. Okay. Thanks Let me say some words about six FW my latest project I evaluated small office and home office firewalls as well as enterprise equipment. It often works It is but it's not scalable. It has problems and it often does not feel right when it comes to IPv6 Usually existing products with IPv6 added. I Have some experience with IPv6. I wrote the book. I printed some stickers, but I'm still not satisfied as Also not satisfied with the speed of the slide And I have a vision please Please you have lots of time no problem But can you say what you used to make the slides? Keynote. Okay. I think I see a correlation there. Say something about the picture this picture I took this picture when I looked out of my living room window. This is my neighbor trying to fix fixing his roof Always fun. Everything went well. Okay. I try to remember what I wrote on his slides I wore my vision is to have a reliable firewall that things IPv6 first. I want the working sane configuration to start with and And for example powering up the device get an unique local address Serve to the site and configure the firewall as well. It's the same as you do with open WRT or anything else But they use IPv4 for for standard So what I want to build is a proof of concept where we do first IPv6 and then may later add IPv4 support. I Decided to use the PC engines APU which is very popular among open source projects I'd like to put open BSD on it because it's considered very secure and also the PF packet filter is very powerful And has net six four built in I want to build the web GUI or a CLI I'm not sure yet And I'd like to use git as a configuration storage so that you can do easy rollbacks of configuration I'm looking for ideas gathering interesting people tried one to improve the concept and Eventually make it happen You can find me on the Twitter's you can write me an email or you find me the assembly non-attach network. Thank you Nicely done in three minutes. Yeah, I'm sorry about the slides So today I learned that keynote PDF export somehow doesn't scale down the image resolution and then Linux PDF presenters have problems rendering the images Well next talk would be next month. Are you here already? Yeah, nice Hello, my name is Daniel. I want to talk about a project which is part of my master thesis Matthea Schultz is my supervisor for this thesis first of all We call this project next month and it basically enables the monitor mode for an Nexus 5 device Yeah, the slice says is already. Please don't see us. I know Reverse engineering is kind of hot topic. So please just don't What do we need for monitor mode we need the management and control frames on the 802.11 layer and We also know it needs the promiscuous mode. So we don't want to Not only get our frames, which are supposed that we get we also want to get all other frames on the on the easter So we basically want to move to get Wifi hacking to the smartphone. I think it's far more convenient even for cats So there were also some other projects which enabled the monitor mode for a few older devices For example, DBC one project enabled the monitor motors for the Nexus S and we want to enable the monitor motors for the Nexus 5 So what do we have to do to in order to enable the monitor motors? So the the chip runs Which with basically two parts? For the code so it gets a wrong part and a ramp art the ramp art It's pretty easy to get. So you have a file on the Android The file system and you can just read it and it gets loaded from with the driver Onto the chip when the interface goes up and you can use the same method basically to get the wrong part So in the end we got both parts and we could start reverse engineering So the next step was how did we find out how the frames were? Used in the firmware, so we have to find out the RX path and We already knew from the PC mon project that the WLC be make receive function is pretty essential And if we got that function we can basically directly send out the raw frames from the firmware to the driver So in the end we needed to patch two Functions the aforementioned WLC be make receive function in order to send out our our raw frames to get the management and control frames and on the other hand the WLC core init function to enable the promiscuous mode Oh, I forgot to patch these things We could just patch the RAM file on the Android file system and then it gets loaded on to the Chip when the interface goes up So in the end we were able to write these patches in C This is just a backbone example for the WLC be make receive function which we override and You can see it's just a pretty Small code and yep So in the end we were able to for example run Aero Dump from the air craigsuit on the Nexus 5 we needed a few tweaks for the driver in order to manage this and For the future work we plan to add injection support. This is what you need for the real fun stuff We need to fix some radio tap header things and we need to improve this ability So if you want to know more visit us on in on next month dog We already pre-built a boot ROM. You can just use this to Put your Android device with it and if you don't like it, you can just reboot it Don't stay there. You can also read our Technical report you can also find it on the next month on that page Or you can just talk to me here and the Congress or write us an email That's it. Thanks Wait a minute we are we still have lots of time. Would you like to answer some questions? Maybe no, he's he's gone already Would you would you like to I mean we still have time due to the cancelled talk Is there a question? Is there a question regarding next month? Okay Okay, no the happy cat doesn't work Okay, thank you. So Yeah, we still have like eight minutes before the break. So does anybody have a workshop he wants to introduce Have some really spontaneous lightning talk without slides or want to sing something or some lyrics Maybe okay now well then maybe you can just go into the break so have fun and see you in 20 minutes at two o'clock we will return So we are still in the break But we will use the break to give a short reminder to all our speakers if your speaker Please come to the front row take a seat in the front row You can like look look up if you're lucky you can look up You're a speaker position in the wiki and if you see that you are the next speaker Please already stand beside the podium beside the speakers there so we can switch very fast and Also a reminder to the speaker you really really have five minutes We give you all those five minutes who don't need to talk so fast that nobody can understand you and Just calm down relax. Nobody will kill you on stage. Maybe afterwards. I don't know but no I don't think this will happen. So you have all the time in the world for your speak you don't need to rush it and just relax a bit and One important thing always talk to the microphone if you stop talking to the microphone if you go away from the microphone, no one will hear you and So I think you will continue here in a minute But the next talk Yeah, I think we we can actually start With a German talk Technische Aufklärung We also have translation. So I'll just say it again decked number 80 14 foreign German to English translation and English to German translation for all the talks So please if you need them just call the number and I think these translations are really marvelous So to give a big round of applause to all our translators over there Okay, then let's go with technical of clearing Then hello and welcome my name is Felix Bezin and I'm one of two podcasters from podcast technische Aufklärung and the lecture is today about Yeah, the podcast and out of the end of the year research exhibition, but I don't want to talk about the exhibition at all That could be much better than the celli for example yesterday in Saal 1 Or also yesterday with us in a live show in the center of the show, but I actually wanted to tell you How to get out of the Bundestag to start a podcast right now especially as a journalist and Click me here just once through We all know the topic snow in the hill, the German Bundestag is the only Worldwide the only world-wide parliament that said we look at our secret services that actually really do So the only exhibition that exists for this topic and it is public, you can go in there And we found it exciting, we got informed and at some point you think okay So much time reading and all the blogs and then the live protocol of non-political orc super service But I read it in the evening for hours no longer through I was already a podcaster and I thought we have to do something here. That's an extension of our live protocol So then you can get through it if you like and I felt like I was not really informed and also the newspaper reports from the individual media They are sometimes only a part of the aspect where I also wonder how it was today Three witnesses should have been there. How is that place? What was the mood for that? And if you already have a podcast then you say okay cool, I want to hear a new podcast do it yourself. Okay, how does it go? How do you come to the Bundestag to podcast? You just sign up. That's the calendar for two fifteen The lila colored ones are open. These are the sitting weeks. So the Bundestag does not every week But now a sitting week and always in the sitting week on Thursday there is an extension You sign up, write a very simple email, name, birth date and then you are reported Go there and sit in there. We are not in the Reichstag building, but here That is the band of the federal right of the two buildings and we are a little bit left over the ship. There is such a round hall There actually comes the next picture Just a little bit The clicker clicks in the right direction. I have to go to you. Yes, okay, exactly. So we are sitting up there Where the chalices are down there is the canteen And So concept and format I'll talk a little bit about that. There are slides from another lecture So the one who doesn't want to Can you just click on it? One more Exactly, so that's all from inside Here in the front of the picture when you know the people with the bright t-shirt or the bright shirt in the backpack That's time online, on the left next to the ARD, there is Golem sitting in front of it And we just said, cool, let's just sit down with our podcast equipment It's a little bit locked up. We thought, how are we going to send us away? We don't have a press release We only have such strange visitor releases, but totally relaxed. There is no reason for it Because there are no real journalists, you can do it with it. And then we started Exactly here to introduce ourselves with it. I stand there a little bit in the back with a small zoom h1 in the Opposite and just started to cut the statements with it Just already inside, you can't cut it with it, there is a recording prohibition But at some point, there are these statements, I cut it with it and in the end I don't know if you click here or something Okay, great, thank you, I'll just keep going And you get, if you just ask, direct interviews with the people in the audience. That's the Concentrate of Notts, of the Greens Super active member inside And yes, if you don't want to be the mega specialist yourself, but you want to have such a great format You just have to have people who have the idea. On the right we see our former Mutual country speaker André Meister, who is covering the issue of day one. Yes, you get the people He writes about it and before he can post a report Yes, podcast with us. That's information, skin-close and what he can do He can arrange everything in context, with his knowledge. We didn't have that either And in the end a great format comes out And everything he did, he went to the public seat Everyone can do it Talk to the right people, have the idea And there will be a podcast out And I'm sure there are a lot of listeners there Thank you for your support Otherwise, a technical clarification.com Subscribes to the podcast and maybe it will be released soon Thank you So let's continue with an English talk about coffee Coffee, coffee, coffee Coffee Let me just shortly try the clicker myself Yeah Actually, could you trigger slides for me? Yeah, let me just I will need both hands Oh, you need both hands, so just say next slide and then Yeah, definitely easy I wanted to do this talk with Neun and Halfo, but said that they couldn't be here Because one of them spent too much time managing the log And has been ordered to sleep And the other one has to be with his family right now So I'm going to talk about this alone Yeah, we want to infuse coffee Because brewing coffee actually makes no sense If you think about it later on that More on that And we are using easy whipping siphon It's actually a pretty simple tool you can buy for about 90 euros And you need those N2O capsules to charge it And just a regular coffee filter Next slide, please Yeah What you actually want to do is brew it cold And you want to pre-cool the container So just put it in the fridge or an ice box For about 5 to 15 minutes Next slide, please And then you need coffee beans, obviously And you want really a strong character And a lot of acidity Because when you bring coffee this way You will not get much bitters And you will get a lot of character And so you can just experiment with Very interesting, very strange coffees Next slide, please Yeah I use like 60 to 75 grams per 800 milliliters of water That's for a 1 liter siphon And do it as fine as possible Because you will get much more surface area And much more aroma But filtration can get really, really... Yeah It can take a long time up to 2 or 3 hours So I settled for about a setting of 15 on our mill Next slide, please And then you just add water And just tilt like this Because you don't want to put it on its head Because the valve gets clogged up with the coffee powder And we had that happen You have to unscrew it and unscrew it And then the coffee sprays everywhere And your whole kitchen is ruined Next slide, please Yeah, and then you charge it It was 2, 1 or 2 I usually use 2 capsules of N2O And it's where you get 20 to 30 bars You can overcharge it with 3 It's not recommended, but it worked fine And you get different results And then you want to mix the coffee and the water a bit So the gas can get everywhere Next slide, please And then you put it in the fridge for about 45 minutes And you wait Next slide, please Yeah, and then you depressurize Unscrew it And then you filter the coffee Yeah Next slide, please This was a session of, I think, 3 hours And we used 3 stages of filtering And yeah, but this way you get the best results Yeah, and then you can enjoy your coffee Next slide, please Yeah, a few short comparisons Between irregular cold brew and pressure cold brew Pressure cold brew is much faster And you get much better aroma, less bitters Next slide, please There is more You can do more than coffee Like pressure-infused vanilla whipped cream Just put vanilla in there and whipped cream And it works really well Next slide, please Or use coffee to infuse whipped cream And this stuff is highly addictive I'm sitting on the couch just eating it And I felt that I had overdose of coffee And I felt really bad, but it was so good I had to just eat more It's really, really nice stuff Next slide, please Yeah, you can... We thought maybe coffee and cacao Would be a good idea It turns out it's not You either get the full coffee flavor And no cacao flavor Or the whole cacao flavor And almost no coffee flavor And filtration is a pain in the ass Because the cacao flavor is really, really fine And it clogs up all the filters Next slide, please Yeah, and because filtering is such a hassle We thought about vacuum filtration And that's probably the next step we will take Just use a Büchner flask, Büchner funnel And a water pump to create a vacuum And then maybe three to five stages of filtering So this whole thing can get faster Maybe we could actually give coffee To the next GPN in Karlsruhe Thanks, drink no coffee Thanks a lot Next talk is going to be primer Yes Primer? Are you there? Yeah, that's me Oh, that's you Oh, sorry Yeah, I remember We got hacked With a speaker with a double identity Really? So, let's go Next slide, please Okay, so yeah This is about the primer A story-based teching challenge I wrote for a friend And the idea was just to make something That's not very complicated It's just fun to do And laid back, engaging And I quickly ended on a story-driven approach And it quickly turned out That's not only just fun It's also a good way to get people into the scene And to make them curious about it So, yeah The first thing I found out After seven years of not writing anything web-based Was that writing bad code has become a lot harder I actually had to, I think Do an hour of research to manufacture SQL query that's actually Where you can actually perform an injection Because all the tutorials I found were pretty secure And that was not the case when I started out I tried to create an increasing difficulty curve So this is just plain text JavaScript That's pretty easy if you just look at the source code But that was also the goal Just to get people to look at the source code And make them realize that you can actually Understand a bit of it And you don't need to understand everything But you can get an idea of what's happening Yeah, if you want to play it There will be some spoilers What's happening? So this is basically the progression It starts with an SQL injection And just a user agent check Where you just have to change the string A cookie check Then there's something hidden in the robots.txt Then there's an obfuscated JavaScript login Then you have to do some social engineering Decode and encode some messages And do some hash cracking to get to the latest stage And the last three stages are all based on the terminal That's emulated in the browser And I played a lot around with hints Like hidden in a CSS file And hidden in JavaScript Just to urge you to look at the source code So if you only know how to use a browser Then this is already a nice step To get people into just looking at that stuff And make them curious And even the obfuscated JavaScript Obviously you don't want to de-obfuscate that stuff It's just dirty But you might find some hints in the source code If you just take a look And the basic approach is just to give you A small excerpt of the story To lure you with the story To make you interesting Make you interested in it And then you have to solve the challenge To get to the next part It's written in a classic cyberpunk style Like Neil Stephenson and William Gibson There are some climaxes and cliffhangers Like suddenly you get presented with a terminal And you have to navigate around some servers And there are things happening And AIs running rapids And yeah, it's all about the fun, right? I also wanted to try to teach something about ethics That exploits aren't only fun But if you do them in a real world They might have consequences And I think I failed at that part I didn't manage to get to actually achieve that So if you have some ideas How to achieve that and how to do it Please come and talk to me I will be available on deck at CHSA CouchSofa And because I want to write a second part And maybe do something with hardware Also with a friend And yeah, you can find the primer at It's good Slashprimer And yeah, I want to thank Moby Dick I'm by Sarah Mosley and Nolik Spief Because they helped me a lot with this project Thanks Thanks a lot So the next talk is going to use a video Let me see if I can handle this I think we already hear something We also see something Hi guys Thanks I'd like to present to you a new instrument A new musical instrument And I want to invite you to play it This instrument is a computer program That you can download for all major operating systems And it comes pre-installed on Raspberry Pi And it's designed for kids It is called Sonic Pi And Sonic Pi can be used by 10 year olds After a first simple lesson in school And then they can start to make music And they can make music that is satisfying to them That sounds, well, not quiet like Deft Punk Or Depeche Mode But at least it's using the same technology behind it And as we all know, pop music is repetitive What it is using in the background Is a secret to the kids Because when you give it to the kids and tell them This is how you can music This is how you can make music with it Then you don't tell them that what they are using Is a programming language And while they are making music What they are doing is learning how to program And what they are doing is They are learning the basic concepts of computer science And we aren't telling them in advance They are having fun What they are doing They are learning things like data structures Erases, synchronicity All the basic concepts of computer science And while they are playing with it And we don't tell them that there is a right Or a wrong solution to what they are doing They can decide themselves What they hear is okay or not And if they can change it They can change it to whatever they like And it's not like what I did in school Where we were taught how to write a sorting algorithm And if the sorting algorithm was right Then it was the right solution I can just decide what sounds cool And what does not sound cool The thing is this is so simple That kids in primary school can use it But it's so complicated that grown-ups Can have fun with it too So I invite you to try this I will also do this at the primary school Of my daughter with kids in third and fourth class And I'm really looking forward to do that I asked a teacher about it If he thinks that this is okay for small kids In primary school Because the language that they have to use Is English And he asked what are the commands That they have to use And I said, well, the major commands That they need to learn are play and sleep And he said, well, those are the words That they learn in English in first class And then I showed him Well, what you can do with Sonic Pi Is you can teach the kids Hair programming Because what you can do is You can give them an audio splitter And the teacher told me Well, we know an audio splitter In the computer room of our school And we call it the fun duplicator Because they give it to kids And then they put two kids in front of the computer And then they can take turns while programming Hey, I made a cool rhythm Now you make the rhythm You make the melody And these Now I'm out of words Anyway This is a very simple computer program It runs on really shitty hardware It comes pre-installed on Raspberry Pi You can run it in any computer school In any computer room of any school And so I invite you to have fun with it It runs on any computer Just download and try it Thank you Thanks a lot There's the clicker All right Okay, we can start with robust IRC Can we have the slides please? Thank you very much Hello everyone, my name is Michael I'll be talking about robust IRC Or IRC without net splits Now, what's the motivation For doing anything in the IRC space at all? IRC is still very widely used Among hackers and open source people And every once in a while we looked around And evaluated alternatives And none of them really convinced us And then we thought Okay, what actually is the biggest problem That we have with IRC as it is And we identified the lack of stability As the biggest problem As you all know If you have a TCP disconnect In an IRC network What will happen is that the network will split If you have a disconnect between you And the server Then you can't chat anymore But if you have a disconnect Between two servers inside the network Then entire portions of the network Will be unable to talk to each other And this puts a really strange incentive In place Because it means that you get rewarded For not doing software updates For not doing restarts into a new kernel For not doing anything to your computers Because that's the only way You can avoid net splits, right? So we thought That's not very satisfying We want to do something about it So we had two ideas The first idea is That we use a tunnel protocol To gloss over the TCP disconnects And the second idea is That we looked around And saw that there are Highly available databases So we used these as a model And then built an IRC network On top of a distributed Library called Raft So we have a distributed system That's using that library And this is how it works So you have a number of servers And they make up one virtual IRC server Typically you run a network With like three servers Or five servers And at any given point in time The minority of these servers Can fail And that's perfectly okay The network will just continue to run So in an example with like three servers One of them can fail But if you have five servers Two of them can fail at the same time And nobody will even notice In order to communicate With such a network You would be using the robust session protocol Which is the tunnel protocol That I just mentioned And to do that We have a tiny program Which is called the bridge And it just tunnels IRC Over the robust session protocol How does it work? Every incoming IRC command That the network gets Will be persisted using Raft So it will be distributed across Our network of servers And once the majority of servers Has acknowledged the message It will be processed The servers themselves Are implemented as state machines So that means that when they Get the same input They will generate the same output So that means if a server of yours Goes down A client can just connect To a different server And say hey I was at this position In the stream And just continue reading the stream Seamlessly So you will not see a disconnect And it also means that If your IRC server process dies For some reason Because maybe you're doing a Software upgrade Or you're rebooting your machine Or it crashes Whatever happens As soon as it started up It will process the same input It will generate the same output It will be synchronized With all of the other servers The fine print What isn't so good Is the IRC latency Because it's determined By the median latency Of all the servers Because they all need to Acknowledge your messages That typically is not a problem In practice though Because the latency Is so small That you can't perceive it anyway If you want to have a really Robust network You will have to have access To at least three different Failure domains So that means You can't just put Three robust IRC servers Onto the same machine And expect it to be reliable If that machine dies Then your whole network dies So put them Into different data centers Different providers Different machines Do it as differently as possible And then last but not least The throughput that we can Achieve with robust IRC As it stands today Is at about a thousand messages Per second Which is plenty okay For most of the IRC networks But it would not be high enough To replace the biggest IRC networks That are out there In order to connect To a network If you're using Debian Arch Linux Or any of the other Popular distributions You can just install The robust IRC bridge And then go ahead If you are not using One of these distributions You can just install Go You run that commands On the slide To download the code Of the bridge Start the bridge And then connect With your favorite IRC client You can also use A hosted version Of the bridge That we run at An address called Legacy IRC dot And then the network name That obviously isn't as good Because if your connection To that bridge dies You're still host right So we urge you To run your own bridges That's the end Of the lightning talk But at robustirc.net You can read Much more about it We have an extensive Administrator's guide If you want to Set up your own network And there's also 40-minute tech talk That's the end of the This conference So please talk to me If you have any questions Thank you very much Thank you Next talk Is going to be Nordlicht You can go ahead Yeah So hi everyone I'm Linui And here's The best idea Oh yeah That's one of those 9.7 MPPDS Yeah, lots of Large pictures so Okay, so you take Frames from a video At regular intervals Scale them to a width Of one pixel And append them And what you get Is In picture Which Gives you an idea Of the color Development of the video Over time So Here are some More examples So at the top For finding Nembo For example You see Scenes Which are An open water right In the middle There's the jellyfish scene Which is pink If you know The Lion King At the end There's this fire scene Right, so you can See that And there are also scenes With Sky at the top Where the upper half Was blue And Titanic Yeah Starts with light colors And it was A lot of dark water So And in all of these You can see Oops Oh my In all of these You can see The title And the credits And you can also see Hidden scenes After the credits For example And It's possible to Recognize Different scenes Of the movie So my hypothesis Is that you Can use this To speed up Your navigation Of a video Or Put differently Why do we use This If we could have This Right So I implemented this At the Shared Sea library Called Borealis This is the minimal Usage example You would specify Your video And your desired Size and pixels You would generate it You can also Access the Buffer while it's generating And then you write it To a PNG And you're done Based on this Library There is a Command Line tool Which you can use Where you can Also specify with And also some Multiple styles So the first one Is the Horizontal style The default To a vertical style Where you don't Compress Your frames To Columns But to rows And then rotate them And depend them And there's some Experimental style Called Spectrogram Which gives you A spectrogram Of the audio track I did some Integrations Into video player Which are Highly Experimental So I have Integration For VLC Which you just saw And integration On mPlayer Yeah That's the VLC one This is How to look At the end It's not really Usable yet And I'm Also working On a YouTube integration In the form Of a Grease monkey script Which Injects The Nordlicht Into the HTML5 Player On the YouTube website So some ideas For the future You could Embed these Codes As a Subtitle Track Maybe I don't know Nordlicht As a service Is what The YouTube Integration Already uses So You can Request YouTube Video ID Plus PNG From some RP And you Get the Nordlicht As a result And you Could also Think In the start Of the Debian package And you Can also Integrate these Into your Favorite Video player Yep Here's the Homepage Here's the Source code And that's it Thanks Thanks Okay Next talk Where did We lose That's You Okay The clicker Has been Exchanged So Like it Or not Everybody who grew up In what we call The West That's The US Western Europe We have been Touched by The light of This flame So to speak You could call It the American dream You could call A lot of things But it's basically This belief That freedom And justice And equality Are not Just quaint Fashionable Social appendages Like jewelry That wealthy States can afford To have Economic progress Is based And What's important About this Is to know That this is not A universally Accepted fact In China And Singapore For example This is not Part of the Political philosophy But What happened In recent years It seems Like every day The things That we were Raised to believe In have begun To come under Attack Either by The terrorists From abroad Were originally Sworn to defend them And if you Look around you There aren't any In my opinion There aren't any Really serious Progressive movements Anymore. There's mostly Just conservatives Arguing against Ultra-conservatives. And when I Looked at The Muslim terrorists And you know That actually Only 20% Of them Were raised As Muslim And I look At the mass Shooters Especially in The United States The white terrorists And I look At the people Who are backing The likes Of Donald Trump And I see A common thread Here. Each of this Groups has Its own Very different Political memes But beneath it all What I see Is hopelessness And I think A desire to die. Campaign rhetoric Tells you Almost nothing About what A politician Will actually Do But it tells You everything About the psychology Of a nation It's very Interesting because It's not something That should seriously Inspire anyone. There really Isn't any new deal. It's not even A new deal that I dislike. It's just that There isn't any New deal. He's offering nothing. What is there And what I think no Trump follower Wants to admit Is I think That the Psychology of A violent Suicidal. This sort Of belief That the world Is broken In western Massachusetts And I used to Walk through the woods To visit my neighbors And in the woods Somewhere there Was a clearing And there was this Old shack And some memorabilia Strewing around it And the locals Used to call it The hippie camp And that camp Represented something It represented The dream The equality The liberation The living together Off the grid Without the state Turn on Tune in Drop out Do as you like Damn it, They dared to try. Now, I want you to have a dream. This is the best picture I could have For a dream. Now, You don't have to live it. But just try, Just try writing it. Just try to imagine What the world ought to be like And try to describe The big things Like how We would decide On law And how we would Prevent crime And how we would Make the economy work. But also I want you to describe How the children Grow up And what people Do for fun And how men And women Aught to interact And what are People's hopes And their fears But most importantly I want you to think About optimum Inequality. Inequality Is something That almost nobody Thinks about Rationally. Communists Say that Everyone ought to Have the same Wealth No matter How much They contribute To society And capitalists Caring none At all For the level Of equality As long as This thing called The market Has made that decision. Now When you give up On ideologies And I want you To give up On these ideologies I want you To describe What a humane World would look like And if you Can describe What it should Look like In terms of How much inequality Then I think that We can work Backward And figure out Between the talks So the room Is getting pretty crowded Back there So we Have to play Our favorite game Again Everybody Especially on the Left side Please Yeah Just move Closer Towards the Middle of the room So that the People who Have to stand Right now Can get a seat At the Edges of the Rose There are also Three seats In front Of me Right behind Back there Just come up here At least nine Ten Twelve seats People Twelve seats Come over here There's Lots of free space We also Still have a minute Before the next Talk comes on So Take the chance To get A seat somewhere Even the People who Just came in Here are some Seats over there Just in front Lots of room Here Also at the edge So you Yeah Nice Good work Very good You're great So Next talk It's called Cider CI I don't know If it has Something to do With alcohol Will you see Hi I'm going to Talk to you About Cider CI A Open source Free software System to Running integration Tests That's really A goal of mine To inspire you all To think about The products You produce And how well They are tested I think the world Is greatly under tested Because it's very Very hard to Set up tests Where you have More than one Software which You have to Install, run And then test Against each other The problem With traditional CI systems Is that They think In terms of A single build Or a single script And maybe They give you Some hooks around That script To run before Or after But inside That script You're on your own It's very hard to Make that Even work To set it up And manage this complexity And also very Hard to make it Faster By paralyzing it Cider CI Is a system Which also Has a kind of Explicit And complex Configuration But it Has declarative Dependencies It doesn't Even think About you Running a test Maybe it's Something else It's just Scripts That makes it Very hackable It also Means that Simple cases Are relatively verbose But we're not Interested in Simple cases Quick overview We have Projects Which have One Git Repository Only Git is Supported Every repository Has all The configuration Inside This distinction Is because The task can run in Parallel They're Not dependent On each other And in turn One task Has one or more More or less shell Scripts That run In order And The scripts Depend on each other That's how This order Is specified Graphical overview Here's the URL for Much more Details If you're Interested So this is An example Of a Runch called Staging Then we run The test If it's Run Then we Deploy Two staging Server This How this Configuration would Look in Yammel You can also Write it in Jason If you're Interested The point Is it's Always next To your Code So it Will fit Into your Code It knows About the branch And the commits And also The tree ID That's the hash Of just The content So we can Find when Something broke This is How a job Looks with All the tasks They run in Parallel Task Actually runs As a trial Because Things always Can go wrong It's not About Unit tests They should Be too They run All the scripts In the Order Like Specified And we Also Can Generate a Graph Which This is A very, Very simple Web application For more Complex cases This Graph just Shows you That you Don't want to Manage this State in Your head Or in Some shell script So Different Jobs And Most importantly It's very Flexible Because it's All free Software and not As a service Some people Run in One instance For the whole Organization Some run One instance Per project We Reuse Our existing Computing Infrastructure Other people Just run it On Amazon In the Cloud On Demand Machines Running it Anyhow This is One more Example Of how you could Set up Things This is Just one Graph Where it Gets more Complicated As a C.I. Running Itself And testing Itself Just One Little Feature The More features You would Expect That I Set up Some instance Here to play around At the conference And You can Contact me If you want to Try something out I'm Especially Interested In testing Hardware Like For example Fly From crouters Because That's something You can do With your own Infrastructure Thanks Thank you Next Is going to Be So Have fun Okay So Yeah We can Just exchange Your slides No problem So The talk is actually Not called art on your screen But Apps Kunstwerke It's going to be A German talk There has been Some confusion Because The speaker Also has a talk Tomorrow And we mix that up Ethnic Far would say The fail Never ends Okay German Talk English translation On 8014 Yeah So my name is Obelix and Or Christian For those who don't know me As Obelix And I want To introduce you A new art form I Apps as Kunstwerke Then You have to First question Can An App Be art? I mean Most people Probably know Art in the form Of paintings Maybe Performance art But There are also New platforms Now under the mobile And there is actually No reason Why one Also on mobile devices On smartphones On tablets Or Maybe even Variables So Like a smartwatch Also art Could And There I want A small project Or The experiences That we did In the ZKM Karlsruhe That's a big museum And We have a project That's called App Art Award We award Every year Art apps Later More But now I want to Think about What experiences We did So Every year We wrote Categories There are Of course Like In the Classical painting There are Various Techniques Like painting With sculptures There are Painters Or Techniques To show a picture And There are Various Categories Like art On a mobile device Or Like art Can create art That's the first That's Just a few Of many categories There is Sound art It's about The tablet Can play sound How Can you For example The movements With Can you With Touchscreen To Create More Exactly The tablet Of course Always with Everyone has a tablet With Probably Everyone has one Or a smartphone Of course The question Can you With art In this example For example The App And It's about That Just In the city Where The cyclists On the wall With chalk There is There are There are Many other For example Music together The apps talk Play Sound Then Sound From the audience That's Actually Very nice That's One of the Possible art forms And Of course Game art That's There are Computer games Certainly Can Have How do you present An app in the museum Can you Or How does it look We have A picture like this We In Karlsruhe Have developed Where The users Can Touch these apps The tablets Are also If you Want to move them So If you Haven't seen How to Show Apps That's We had In 2015 120 Enrichments The prices are Good Dots So If you win a prize Then you can With the money Make a lot of cool Projects Yes And Other things So Most things Are Somehow iOS That Are Enriched Android Always More And So And Every year There is always A thematic exhibition With several enrichments So If you go to Karlsruhe You can definitely Look past Exactly That's A picture About the price Then The apps And Firely Almost Yes And That's Maybe If someone Has a short question Can you still If not Who With Of course I am With the 3D print assembly Or you have All contact data Or If you have More information About the project Would Okay Thank you It goes on With 16 to 9 So the next talk It's called Emergence of Computerized Healthcare Surveillance Systems Okay Go ahead Hello Willkommen I Promise Some of The Candies But I was ticketed By the German police For not having A proper subway pass So Fuck the police Okay So I'm just Going to Kind of Roll these slides along Please Kind of Look at them I'm interested In collaborating With you And Having this Be interactive And also Maybe Drawing your Attention To Important ideas That we could All work on So I'm from the Medical field I give chemotherapy Okay So There are A lot of different Ways that Our medical System Is vulnerable There's A lot of information That Can be Gleaned From our medical records A lot of stuff That we wish But Whether we're women Or people suffering With disease Like HIV And what not Even Embarrassing Herpes You know it happens So But More and more Because I really Still consider this Emerging We're not Having a lot of Bioethical Discussions About Medical devices And their Vulnerabilities And what that Could mean for us So a lot of Medical devices Will have Some information Such as The following Height Weight Sometimes it's Just the drug Sometimes it's More patient data Sometimes Medical devices Will be connected To physicians So We have to think About Ways that People could be Hacked Potentially And Right now Some of the Leading Companies That are Making medical devices Are like Haspera And General Electric Things you'd think Would be A little bit more Progressive But recently In September There was an article Written And It Said like A group of Hackers Was Black Hackers Was put together In a room And They were Really Floored Because All the devices In the hospital Were able to Be Hacked So there's Like A fine balance We want The device To work We want You know Your average Nurse To be able to Program The device Right We want The patient To be able to Circumnavigate When it's Beeping What's going on We want If the patient Becomes Unconscious We want The patient To be able to You know When they Can't Communicate We want The rescuers To be able To figure Out Maybe what's Going on But As of Now It does There is The potential For malicious Attacks So it's A fine balance A lot Of The devices Will They will Go back To like Default Passwords Things That You and I could Not With Very Much Difficulty My talk Is just about Done I thank you But I hope to Work With you In the future On making These devices More secure Thank you Thanks a lot So the last Talk for today Take my punchline Yeah This actually Went Do I Start Yeah This one Viral Amongst My friends And I kind of Want to use it On terror And you know The usual kind of Quiz Image Format You have Like a picture Of a beard And you have to guess You know Is it a Muslim Or a Jew In this case It's a good Muslim Boy Another one You know Ooh Can we tell Can we tell It's actually An orthodox Jew And in this one Can anyone Want to hazard A guess Maybe And His action Bronson You know A rapper If some of you guys Might know him It's actually He's all three Because his father Is Albanian And ortho You know Like a religious Muslim Albanian His mom is Jewish And you know He's a dirty hipster Like the rest of us Sorry Please talk into the mic You can see Your slides Down on the monitor Oh sure I'm sorry about that Now I know And actually The thing is It's so complicated Of a thing That there is some sort Of truth to it But it's so complicated That from visual cues Alone you can't tell That much For instance This person Some people would assume That he comes from Saudi Arabia Or like Somewhere in the Gulf Like the part Of the world I'm from But actually He's from Africa Born and raised In Zimbabwe So these are Kind of African Religious figures But his origins Are actually from South Asia So you'd expect He's the Grand Mufti Of Saudi Arabia Because he is The Grand Mufti Of Zimbabwe And these things Are in a sense Have to do With the power And prestige That These nations Exercise On religious Thought And the reason For that is Very contingent On history These are the guys Who actually fought Lawrence of Arabia And because They control The two holy shrines Of Mecca And Medina So in many ways People have posited The Gulf state And it's so complicated And the history Is convoluted But it has to do With figures Like Minladin Who truly was A revolutionary figure In the visual Culture of Islam And particularly In the 90s When he rebelled against The Saudi state He started donning The turban And wearing The camouflage Of the Afghan warrior Yeah And if we Want to say The difference For gamers Within a gamers Language Like Al Qaeda And ISIS Al Qaeda used In a sense Modern versions Of modern warfare Of call of duty ISIS is more Grand Theft Auto And there is a lot Of truth to this So this is Jihadi John The main Speakers of For ISIS Especially in English And he was Born as a Stateless person In Kuwait And grew up in England And the reason The cell was called The terrorist cell Was a part of They noticed They had these thick British accents So they called them The Beatles And hence He's John Lennon Of The Beatles And here he is This college Resistration Just like a Dorky kid Like anyone else And this is Documentation from Kuwait So he kind of Traverses Both worlds And this is His colleague As it were In terror Jihadi George And he was A failed Rapper To rap Run deep The I think the More important visual Accused I really won't Went through A lot of slides The more Important visual Accused Isn't necessarily The Islamic ones In my opinion It has to do With the war on terror As a whole And here You have The ISIS Execution video With people Wearing Obviously the Gitmo jumpsuits And this is How they trim Their mustache The length of their beard How scraggly their beard Are Because like Our life stories Facial hair is complicated But things like this In a sense Shows you that The production values And the level of detail This actually shows you How they're actually CGI screened And it makes us wonder In the current Surveillance system That How do they move All this gear How do they get To a point Where they can set That up When anyone like me Wants to report Just because I like You know Looks scraggly Okay Thank you everyone For your time And I hope People heard me Thanks Thank you We are right on time So this concludes Today's Thanks a lot Yeah Very nice This concludes Today's Lightning talk session