36C3: Resource Exhaustion - Lightning Talks Day 2
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 254 | |
| Autor | ||
| Lizenz | CC-Namensnennung 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/53219 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
| |
| Schlagwörter |
00:00
FreewareComputersicherheitServerWeb logWeb-SeiteWort <Informatik>VersionsverwaltungOpen SourceRegulärer Ausdruck <Textverarbeitung>Regulärer GraphZeichenketteBitMultiplikationsoperatorComputersicherheitBenutzerbeteiligungServerElektronische PublikationSoftwareschwachstelleContent ManagementPhysikalisches SystemWeb-ApplikationWeb-SeiteHypermediaWikiFront-End <Software>PunktwolkeDatenverwaltungSystemverwaltungData MiningRegulärer GraphVersionsverwaltungInformationZeichenketteMengeEntscheidungstheorieGüte der AnpassungMatchingSoftwareDefaultVerzweigendes ProgrammFreewareSoftwareentwicklerArithmetischer AusdruckSchlüsselverwaltungRichtungLoginVariablePlastikkarteNP-hartes ProblemHardwareWort <Informatik>Lastp-BlockSprachsyntheseKartesische KoordinatenEindeutigkeitDatenreplikationWiederkehrender ZustandZweiPi <Zahl>TLSComputeranimationVorlesung/Konferenz
04:42
Offene MengeMobiles EndgerätHardwareComputerGoogolSoftwareFunktion <Mathematik>Mathematische LogikHilfesystemTouchscreenSoftwareentwicklerCASE <Informatik>SoftwareMathematische LogikPersönliche IdentifikationsnummerSmartphoneEinfach zusammenhängender RaumQuaderFamilie <Mathematik>HardwareTabelleComputerBitZweiOffene MengeWellenlehreLeistung <Physik>ProgrammSoftwaretestSchreib-Lese-KopfEinflussgrößeSchmelze <Betrieb>DifferenteMinkowski-MetrikOffice-PaketGamecontrollerDatensichtgerätComputeranimation
08:08
Meta-TagProtokoll <Datenverarbeitungssystem>DateiformatSyntaktische AnalyseMaßerweiterungServerFormation <Mathematik>InformationsspeicherungSynchronisierungStandardabweichungKonstanteE-MailRuhmasseClientSoftwareService providerProzess <Informatik>ProgrammbibliothekÄhnlichkeitsgeometrieE-MailClientMultiplikationsoperatorMengeProgrammbibliothekTelekommunikationCodeSynchronisierungVerschlingungServerFahne <Mathematik>Eigentliche AbbildungApp <Programm>Front-End <Software>SoftwareentwicklerProtokoll <Datenverarbeitungssystem>DatenstrukturDifferenteHumanoider RoboterEinfach zusammenhängender RaumÄußere Algebra eines ModulsLeistung <Physik>Serielle SchnittstelleGüte der AnpassungBitMaßerweiterungCASE <Informatik>PerspektiveSprachsyntheseEreignisdatenanalyseData MiningMAPDateiformatSchnitt <Mathematik>Dienst <Informatik>Office-PaketProzess <Informatik>MatchingKategorie <Mathematik>Projektive EbeneGeradeWellenpaketForcingRuhmasseFunktionalSystemaufrufMaschinenschreibenBenutzerschnittstellenverwaltungssystemImpulsComputeranimationVorlesung/Konferenz
13:35
Open SourceReverse EngineeringProjektive EbeneStapeldateiBitGüte der AnpassungComputervirusWeb logHackerApp <Programm>ServerFront-End <Software>Mixed RealityEin-AusgabeSystemaufrufOffene MengeVirtuelle MaschineOpen SourceHecke-OperatorUltraviolett-PhotoelektronenspektroskopieRechter WinkelVorlesung/KonferenzBesprechung/Interview
16:04
SinusfunktionOffene MengeSelbst organisierendes SystemOpen SourceSystemaufrufSoftwareHardwareHecke-OperatorApp <Programm>FreewareGemeinsamer SpeicherRichtungSoftwareentwicklerKontrollstrukturStapeldateiATMVorlesung/KonferenzComputeranimation
17:33
SoftwareentwicklerHardwareFirmwareOffene MengeEreignishorizontProjektive EbeneHardwareEin-AusgabeStapeldateiCodeWort <Informatik>MaschinenschreibenFächer <Mathematik>DifferenteCodierungOffene MengeSoftwareentwicklerRichtungSkriptspracheApp <Programm>GruppenoperationForcingComputeranimation
19:16
SoftwareschwachstelleBitKlasse <Mathematik>DifferenteHalbleiterspeicherVerzeichnisdienstProzess <Informatik>Programmfehlersinc-FunktionZahlenbereichCASE <Informatik>Kernel <Informatik>FunktionalMereologieSystemaufrufElektronische PublikationHook <Programmierung>Physikalisches SystemDateiverwaltungParametersystemZentrische StreckungWurzel <Mathematik>MultiplikationsoperatorRoutingRechter WinkelPunktSoundverarbeitungDisplacement MappingHoaxBitrateVorlesung/KonferenzBesprechung/InterviewComputeranimation
22:48
Funktion <Mathematik>Keller <Informatik>Ratsche <Physik>Chatten <Kommunikation>Operations ResearchSystemprogrammierungVerschlingungMessage-PassingGruppenoperationClientImplementierungFront-End <Software>MaschinenschreibenDatenbankChiffrierungSchreiben <Datenverarbeitung>Physikalisches SystemOffene MengeServerBildschirmmaskeOvalLastDatenverarbeitungssystemWindows InstallerMereologieIdentitätsverwaltungBeweistheorieSpezialrechnerGruppenkeimElektronische PublikationProgrammfehlerCASE <Informatik>SkriptspracheSoftwareschwachstelleProzess <Informatik>ParametersystemHauptidealringInhalt <Mathematik>ProgrammbibliothekNabel <Mathematik>MultiplikationsoperatorComputerspielPhysikalisches SystemZahlenbereichSuite <Programmpaket>Ordnung <Mathematik>MAPSoundverarbeitungMaschinenschreibenCodeChiffrierungMessage-PassingServerOffene MengeBildschirmfensterComputervirusApp <Programm>InformationsspeicherungHilfesystemFunktionalClientSoftwaretestDatenbankVerschlingungNichtlinearer OperatorSoftwareentwicklerProgrammÄußere Algebra eines ModulsExogene VariableHalbleiterspeicherSoftwarewartungGibbs-VerteilungBenutzeroberflächeFlächeninhaltSystemplattformMomentenproblemQuaderMechanismus-Design-TheorieMinimumOpen SourceAppletIdentitätsverwaltungPi <Zahl>DifferenteGeradeTouchscreenBrowserBildgebendes VerfahrenDebuggingBootenInterface <Schaltung>FreewareSoftwareDeskriptive StatistikUltraviolett-PhotoelektronenspektroskopieBitPortabilitätElektronische UnterschriftComputeranimation
29:45
Digital Object IdentifierEuler-Lagrange-GleichungBrowserEin-AusgabeMereologieArray <Informatik>MAPChaostheorieTwitter <Softwareplattform>MAPOpen SourceCracker <Computerkriminalität>Twitter <Softwareplattform>Bildgebendes VerfahrenBrowserVideokonferenzVerzerrungstensorNotebook-ComputerDigitaltechnikData MiningPuffer <Netzplantechnik>SoundverarbeitungFormation <Mathematik>Funktion <Mathematik>Ein-AusgabeBenutzerbeteiligungPunktEndliche ModelltheorieStichprobenumfangModul <Datentyp>RichtungVirtuelle MaschineKartesische KoordinatenWikiFontSystemaufrufBitVektorraumSchaltnetzMessage-PassingComputerspielWeb-SeiteSichtenkonzeptObjekt <Kategorie>BenutzerschnittstellenverwaltungssystemAbstimmung <Frequenz>StörungstheorieEntscheidungstheorieGeradeGruppenoperationFokalpunktTouchscreenSoftwaretestQuantenzustandMaschinenschreibenQuick-SortClient
33:47
Baum <Mathematik>Web SiteQuick-SortPotenz <Mathematik>Konfiguration <Informatik>ZweiMagnetbandkassetteVollständiger VerbandGüte der AnpassungPRINCE2Komplex <Algebra>Produkt <Mathematik>TUNIS <Programm>BenutzerschnittstellenverwaltungssystemQuantenzustandRechter WinkelOffice-PaketDigitale PhotographieSchießverfahrenMehrrechnersystemPunktOrtsoperatorBereichsschätzungQuaderTechnische OptikNeunzehnBildschirmsymbolBestimmtheitsmaßKontinuumshypotheseVorzeichen <Mathematik>SoftwareComputerMaschinenschreibenSchlussregelEreignishorizontTotal <Mathematik>MenütechnikARM <Computerarchitektur>Wort <Informatik>Objekt <Kategorie>Design by ContractSelbst organisierendes System
38:35
FreewareTURBO-PASCALZustandsdichteCompilerOpen SourceBinder <Informatik>AssemblerStichprobenfehlerBefehlsprozessorCodeFree PascalProgrammbibliothekAusnahmebehandlungCoprozessorSkriptspracheAppletPascal-ZahlendreieckARM <Computerarchitektur>Leistung <Physik>SystemprogrammierungOperations ResearchHardwareATMDatentypInformationDialektVirtuelle RealitätKlasse <Mathematik>Meta-TagProgrammierumgebungPascal-ZahlendreieckFreewareSoftwareentwicklerObject PASCALOpen SourceCompilerPortabilitätObjekt <Kategorie>BildschirmfensterHardwareBitTemplatePrimzahlzwillingeStrömungsrichtungNamensraumMultiplikationsoperatorHybridrechnerKlasse <Mathematik>ZustandsdichteProgrammierspracheTypentheorieDialektFormale SpracheOffene MengeBetriebssystemPhysikalisches SystemMobiles InternetBasis <Mathematik>IdentitätsverwaltungForcingHumanoider RoboterGraphfärbungComputerarchitekturPASS <Programm>RechenwerkBildschirmmaskeDienst <Informatik>SkriptspracheDifferenteURLMaßerweiterungProzess <Informatik>VerschlingungAusnahmebehandlungVersionsverwaltungKartesische KoordinatenSchätzfunktionCodeSystemplattformSpieltheorieProgrammbibliothekInformationKlassische PhysikPunktTermEinfügungsdämpfungGewicht <Ausgleichsrechnung>Objektorientierte ProgrammierspracheATMTragbarer PersonalcomputerÜbersetzer <Informatik>MikroarchitekturVarietät <Mathematik>Message-PassingBenutzerbeteiligungARM <Computerarchitektur>Abgeschlossene MengeAssemblerFront-End <Software>Leistung <Physik>Binder <Informatik>Nintendo Co. Ltd.GenerizitätProgrammierumgebungAppletLaufzeitfehlerMeterBesprechung/Interview
43:39
ComputervirusTelnetBeobachtungsstudieGruppenoperationEreignishorizontWort <Informatik>SoftwaretestMAPt-TestMessage-PassingOffene MengeGebäude <Mathematik>TopologieMereologieSchnelltasteDistributionenraumDatenfeldMomentenproblemTermComputerspielMultiplikationsoperatorSchnitt <Mathematik>Dienst <Informatik>CodecMinkowski-MetrikOrdnung <Mathematik>Metropolitan area networkOpen SourceÜberlagerung <Mathematik>KugelInverser LimesInformationsspeicherungBesprechung/InterviewComputeranimation
46:58
DigitalisierungElektronisches MarketingBildschirmmaskeMessage-PassingWeb SiteImplementierungAutomatische DifferentiationInternetworkingFacebookDreiecksfreier GraphZahlenbereichOffice-PaketUmwandlungsenthalpieSystemaufrufEreignishorizontSoundverarbeitungParametersystemE-MailGeradeSkriptsprachep-BlockPlastikkarteTypentheorieProgrammGoogolStabPASS <Programm>Snake <Bildverarbeitung>MengeEinflussgrößeNachbarschaft <Mathematik>KontrollstrukturBesprechung/InterviewComputeranimation
50:53
DatenbankBefehlsprozessorWurm <Informatik>Zellularer AutomatTelekommunikationChaostheorieEinfach zusammenhängender RaumVerbindungsloser ServerZeitreihenanalyseDatenbankMultiplikationsoperatorNabel <Mathematik>EinsSchlüsselverwaltungTermRelativitätstheorieMereologieEreignishorizontMessage-PassingCodePixelMatrizenrechnungInformationInternetworkingTaskBenutzerbeteiligungCASE <Informatik>ZweiStreaming <Kommunikationstechnik>ServerLeistung <Physik>Physikalisches SystemFuzzy-LogikParametersystemKreisflächeDifferenteRückkopplungTypentheorieBitGeradeMobiles InternetBus <Informatik>ZahlenbereichEinfache GenauigkeitDigitale PhotographieKlassische PhysikEnergiedichteMeterBildverstehenKontrast <Statistik>FitnessfunktionInhalt <Mathematik>VideokonferenzBesprechung/InterviewComputeranimation
55:36
ProgrammverifikationStochastische AbhängigkeitQuellcodeSchreiben <Datenverarbeitung>CodeTensorTexteditorPunktGruppenoperationFokalpunktResultanteStatistische HypotheseQuellcodeCodeImplementierungSchlussregelSchreiben <Datenverarbeitung>BildschirmmaskeMultiplikationsoperatorRuhmasseAutorisierungVirtuelle MaschineOpen SourceLesezeichen <Internet>TexteditorFramework <Informatik>ParametersystemSuchmaschineDatenflussZehnPunktMengeAlgorithmische LerntheorieMaschinenschreibenRechter WinkelDämpfungVorlesung/Konferenz
59:03
KraftProgrammschemaEreignishorizontKonstanteMaschinenschreibenTelekommunikationComputervirusEreignishorizontAbstimmung <Frequenz>SchedulingForcingInstantiierungVorzeichen <Mathematik>GruppenoperationBrennen <Datenverarbeitung>MomentenproblemDelay Tolerant NetworkPlastikkarteHochdruckAutomatische HandlungsplanungMAPMaschinenschreibenSimulationMultiplikationsoperatorInformationsüberlastungARM <Computerarchitektur>Laurent-ReiheArithmetisches MittelOrakel <Informatik>HyperbelverfahrenSchnitt <Mathematik>StabQuick-SortProzess <Informatik>LastVorhersagbarkeitBesprechung/InterviewComputeranimation
01:02:55
MereologieInklusion <Mathematik>InformationATMRechnernetzArchitektur <Informatik>Versionsverwaltungp-BlockZählenDelay Tolerant NetworkSoftwareInterface <Schaltung>RouterProgrammbibliothekRoutingSoftwareInternetworkingAlgorithmusRandwertPhysikalismusFaserbündelWurm <Informatik>Metadatenp-BlockDelay Tolerant NetworkInterface <Schaltung>Protokoll <Datenverarbeitungssystem>Komponente <Software>Vermaschtes NetzSatellitensystemImplementierungUniformer RaumZählenUnrundheitVersionsverwaltungInformationsspeicherungEinsMobiles InternetPlastikkarteGruppenoperationPartitionsfunktionBandmatrixMinkowski-MetrikKontrollstrukturVerschlingungEinfach zusammenhängender RaumDrahtloses lokales NetzDatentransferBitCASE <Informatik>ProgrammbibliothekPlotterRouterMathematikE-MailARM <Computerarchitektur>IntelComputerarchitekturPrimzahlzwillingeVererbungshierarchieSoftwaretestMengeForcingMultiplikationsoperatorEinflussgrößeMaschinenschreibenMereologieDifferenteFlächeninhaltWhiteboardGefangenendilemmaExogene VariableStrömungsrichtungComputerspielComputersicherheit
01:08:21
DatenmodellTwitter <Softwareplattform>Endliche ModelltheorieDatenmissbrauchMathematikEinflussgrößeInklusion <Mathematik>App <Programm>DifferenteBitParametersystemDatenmissbrauchRankingKontextbezogenes SystemIdentifizierbarkeitMultiplikationsoperatorURLGemeinsamer SpeicherEndliche ModelltheorieOrdnung <Mathematik>MomentenproblemSystemzusammenbruchLuenberger-BeobachterMAPSchlüsselverwaltungRechter WinkelRADAR <Automatisierungssystem>EnergiedichteComputersicherheitEindeutigkeitTelnetComputerServerWort <Informatik>SoftwaretestGewicht <Ausgleichsrechnung>SpieltheorieDienst <Informatik>Mobiles InternetComputeranimation
01:13:33
Open SourceAtomarität <Informatik>QuellcodeKonsistenz <Informatik>GruppenoperationFreewareDistributionenraumProdukt <Mathematik>SoftwareVersionsverwaltungProgrammbibliothekEllipseProzess <Informatik>E-MailFormale GrammatikOpen SourceSprachsyntheseComputervirusSoftwareWeb SiteGüte der AnpassungLie-GruppeBasis <Mathematik>FreewareOffene MengeProzess <Informatik>EntscheidungstheorieVersionsverwaltungQuellcodeMailing-ListeTabelleAdressraumE-MailOktaederMetropolitan area networkSichtenkonzeptComputerspielSelbst organisierendes SystemSpeicherabzugDigitalisierungVollständiger VerbandService providerTermDigitales ZertifikatRechter WinkelDistributionenraumBesprechung/InterviewVorlesung/Konferenz
01:17:24
HardwareOffene MengeTypentheorieHackerProgrammierungAuswahlaxiomt-TestFlächentheorieMereologieTotal <Mathematik>Formation <Mathematik>Machsches PrinzipMathematische LogikDigitalsignalField programmable gate arrayOpen SourceFlächeninhaltHardwareRechenschieberMixed RealitySoftware Development KitMinkowski-MetrikVorzeichen <Mathematik>AnalogieschlussDigitalisierungFlächentheorieZahlenbereichMultiplikationsoperatorProgrammDifferenteRichtungWeb SiteFormation <Mathematik>Rechter WinkelAkkumulator <Informatik>VideokonferenzCASE <Informatik>MomentenproblemSprachsyntheseInformationGebäude <Mathematik>Funktion <Mathematik>Ein-AusgabeMaterialisation <Physik>WikiBesprechung/InterviewComputeranimation
01:21:44
WhiteboardMobiles InternetVersionsverwaltungUbuntu <Programm>Jensen-MaßOffene MengeHardwareSoftwareService providerPhysikalisches SystemGraphische BenutzeroberflächeMaschinenschreibenSystemprogrammierungOpen SourceProjektive EbeneSoftwareentwicklerMixed RealityRechter WinkelKonfigurationsraumAnpassung <Mathematik>Installation <Informatik>Derivation <Algebra>Gibbs-VerteilungEinsMobiles InternetHardwareMaschinenschreibenFreewareDateiformatPhysikalisches SystemSoftwareMathematikBetriebssystemVersionsverwaltungÄußere Algebra eines ModulsPrototypingsinc-FunktionNotebook-ComputerDifferenteKlon <Mathematik>FokalpunktVerschlingungHumanoider RoboterATMMereologieVerkehrsinformationPi <Zahl>MultiplikationsoperatorAusnahmebehandlungBAYESFlächeninhaltDatenstrukturBesprechung/Interview
01:26:47
RuhmasseRotationsflächeOpen SourceTuring-TestProdukt <Mathematik>CodeHackerBitProjektive EbeneMathematikVisualisierungInternetworkingWeb SiteFreewareRechenwerkMarketinginformationssystemBrennen <Datenverarbeitung>EDV-BeratungSoundverarbeitungVirtuelle MaschineDesign by ContractSichtenkonzeptComputerspielEnergiedichteZweiOrtsoperatorDreiecksfreier GraphWiederkehrender ZustandBereichsschätzungFokalpunktBitratet-TestHinterlegungsverfahren <Kryptologie>HypermediaMinkowski-MetrikKonditionszahlBesprechung/Interview
01:30:51
SoftwareSinusfunktionSelbstrepräsentationt-TestTransportproblemDienst <Informatik>GruppoidOrdnungsreduktionSelbst organisierendes SystemInformationTwitter <Softwareplattform>DrucksondierungFreewareBetriebssystemNatürliche ZahlSprachsyntheseMultiplikationsoperatorsinc-FunktionProgrammProzess <Informatik>Rechter WinkelSoftwareentwicklerProjektive EbeneComputerspielComputerSelbst organisierendes SystemInformationDelisches ProblemSoftwareKategorizitätPhysikalisches SystemZentralisatorVersionsverwaltungDatenverarbeitungssystemDifferenteCodeEinsInternetworkingt-TestNichtlinearer OperatorÄhnlichkeitsgeometrieKlasse <Mathematik>KraftBitrateForcingRichtungDienst <Informatik>TransportproblemSummierbarkeitExogene VariableDatensatzMinkowski-MetrikWeb-SeiteWhiteboardSpannweite <Stochastik>SoundverarbeitungBesprechung/Interview
01:38:03
VersionsverwaltungPhysikalisches SystemGruppenoperationDienst <Informatik>Leistung <Physik>Minkowski-MetrikRechenschieberVollständiger VerbandPhysikalisches SystemVersionsverwaltungFreewareElektronisches ForumHackerLeistung <Physik>Umsetzung <Informatik>MusterspracheKategorie <Mathematik>ZweiMereologieGruppenoperationSchlussregelE-MailMultiplikationsoperatorCoxeter-GruppeOpen SourceEindringerkennungWhiteboardMinkowski-MetrikForcingGanze FunktionResultanteEntscheidungstheorieVorlesung/Konferenz
01:42:59
Offene MengeKonstantePhysikalisches SystemOpen SourceRPCGebäude <Mathematik>MultiplikationsoperatorHardwareTwitter <Softwareplattform>Ordnung <Mathematik>FlächeninhaltMereologieSoftwareRöhrenflächeMathematische LogikMomentenproblemDatentransferTypentheorieApp <Programm>Komponente <Software>SmartphoneMinimumTelekommunikationProgrammInhalt <Mathematik>TabelleSoundverarbeitungSystemaufrufDigitalisierungTopologieHecke-OperatorRobotikDokumentenserverRechter WinkelSpieltheoriePrototypingStreaming <Kommunikationstechnik>AnalysisHackerOffene MengeBinärcodeTrennschärfe <Statistik>Humanoider RoboterInternetworkingVorlesung/KonferenzBesprechung/Interview
01:49:00
TabelleInklusion <Mathematik>SystemverwaltungElektronische PublikationElektronischer ProgrammführerStichprobeRegulärer GraphRückkopplungBinärcodeDifferenteOpen SourceGruppenoperationSpeicherabzugDateiformatHumanoider RoboterSichtenkonzeptFunktionalTabelleTexteditorEindeutigkeitWechselsprungE-LearningHilfesystemFokalpunktWeb SiteElektronischer ProgrammführerWeb logMalwareSystemverwaltungTwitter <Softwareplattform>System FFormale SpracheRechter WinkelDokumentenverwaltungssystemTypentheorieTouchscreenStichprobenumfangVersionsverwaltungLoopBrowserMusterspracheUmwandlungsenthalpieAnalysisDatenstrukturMultiplikationBildschirmfensterBefehlsprozessorSystemplattformBildgebendes VerfahrenVarietät <Mathematik>DoS-AttackeMereologieRoboterFreewareRückkopplungFlächeninhaltSprachsyntheseDemoszene <Programmierung>GeradeVollständiger VerbandPlastikkarteÄhnlichkeitsgeometrieInverser LimesSkriptspracheAppletVideokonferenzCodeComputerarchitekturMAPCASE <Informatik>ProgrammierumgebungAssemblert-TestSchlussregelMessage-PassingDiskrete-Elemente-MethodeVorlesung/Konferenz
01:54:25
UnrundheitÜbersetzer <Informatik>DifferenteBesprechung/InterviewComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:23
So, let's go. Always leave the clicker here, please.
00:41
Just a minute. I can already start. There we go. So this is about a little tool that I have developed for quite a long time, but I haven't actually really advertised it a lot, and lately I've thought I should make it a bit more usable for more people and maybe make it a bit more well-known.
01:02
So the thing is, like, you have web applications, so maybe you run a personal web page or a company web page or whatever, a blog, with one of these popular content management systems or other web applications, and, yes, sometimes they have security vulnerabilities, and then
01:28
maybe you forgot to update them, and that's bad, and then you get hacked, and then, I don't know, then you have some JavaScript that's mining cryptocurrency, and you're sending spam and all these things, or maybe you're hosting phishing pages now which you don't
01:43
want. That's all quite annoying, and maybe your web host will then tell you that, I don't know, he will shut down your web page. So you should better update, or you should use WordPress. I'd like to say this, WordPress has kind of a bit of a bad reputation.
02:00
I think WordPress is definitely the most secure content management system you can get because it has automatic updates, but let's assume you run a server for other users, which I actually do, and you want to know if your users update their web applications because it's also annoying for you as a server admin if you send spam or whatever.
02:22
So you would like to check if your users actually update their web applications, and that's where you need free WVS, which is the tool I developed for this. So this is kind of how it works. So you run it and give it a path, and then it will tell you, oh, it seems there's a Joomla version 3911, and that has a known security vulnerability, and there's also
02:46
Next Cloud and the media wiki also with known security vulnerabilities. So that's kind of how it works in the backend. That's the data that it has in this example, media wiki.
03:00
So I maintain this myself. People often are curious, and yeah, I manually do it, but it's not as much work as people think. So it knows that there's a safe version, and there are some older branches that offers a safe version, there's a vulnerability, and then there's some information how to detect
03:21
the version. So if there's a file default settings PHP that contains a variable vg version, then that means there's a media wiki in that version. So it's actually 12 years old, so I've been doing this for quite some time. It's free software under CC0 license, which means you can do with it whatever you want.
03:43
It's written in Python, uses some string matching and regular expressions, which is a bit ugly, but there's no better way to do it, and then compares it to data about vulnerable versions, yeah. So please try it, and also, as I said, I tried to make it more usable.
04:03
You can now install it via pip, but there's also some design decisions where I'm not really sure how to do it yet, particularly about the data and how to update that. If you're good at Python and want to discuss how to best do that or discuss improvements, please come to me, talk to me, and please try it out, yeah.
04:21
Thanks. Thank you. So next up is Pocket Science Lab.
04:40
Hello, good morning. My name is Mark. I'm a software developer. I'm talking about hardware, which may sound a little bit strange, but I'll explain that in a few seconds. Pocket Science Lab is a little hardware which lets you measure all kinds of things, and why I like to use it, you see here, this is my set, little lab, which I have to get
05:06
out of the boxes in the evening, play around with my controllers, and put it back into the boxes again when I'm done, because this is also the table where my family eats breakfast, where my wife has a home office, where my son likes to play Legos, and where
05:23
I like to play with hardware. I don't have much room to have an oscilloscope or stuff like that, and that's why I'm happy to have found this Pocket Science Lab device thing.
05:40
You use it by connecting it to your computer or to your smartphone via USB. Wi-Fi connection is currently being developed. I hope to see that soon. You install software, I come to that later, and then you just connect things to the Pocket Science Lab with cables, with little pins, so if you like to play with Arduinos or
06:07
ESP32s or things like that, you stay in your little pins and cables world, and it all connects together quite nicely. The software has different screens for the different use cases.
06:22
It also has help screens, if you're clueless as me, you can just take a look at the help screen and it tells you how to connect things, how you can measure things, or just what you can do with the device. You can get the software from the website, pslab.io, but you can also get it, the
06:43
software for the phone, you can get it from Google Play Store or from F-Droid. What can you do with it? You can substitute an oscilloscope, multimeter, or logic analyser, maybe if you're like me, you don't have much space, you just need a small device, or you travel a lot,
07:03
and you don't want to carry a lot of things with you. Then you can create test data with a wave generator, you have a programmer power source, or you can just look at things by connecting sensors, and, yes, you can either display values from the sensors, or you can log it and analyse it later.
07:24
I forgot to say I'm not a developer of the device, I'm only a user, and I'm happy to have found it. So if you like the device, if it looks interesting, just come to the first Asia assembly, it's small too.
07:40
They have devices there, they have cables, they have sensors, and you can play around with it. You can buy it if you want, you can maybe get tips how to build it yourself, because it's open hardware, you can build it yourself, everything is free. They will be there until midnight, they told me. So if you like the device, or would like to take a look, just go there and have a
08:04
look. Thank you. Thank you. Next up is Jmap-LTT-RS.
08:24
Hi, I'm Daniel. So I originally got interested in this a couple of years back. I was trying to finally self-host my own email, and I was looking for an email client for Android that provided a similar user experience to Gmail, and I couldn't find any.
08:42
So I thought how hard can it be to write your own? That led me to look into email, which, in case you don't know, is the protocol most email clients use to fetch email from your server. So it turns out, IMAP is a little bit of a mess.
09:03
It's an extensible protocol, and you need a bunch of server-side extensions to provide a good user experience, but as a client, you're also expected to deal with servers that don't have those extensions, and that makes your client code quite bloated.
09:26
Furthermore, IMAP doesn't use any of the well-established serialization formats, like no XML, so you cannot even use the stock library to pass the wire from it, and even
09:44
if you get through all that mess, you still have to deal with MIME parsing, which is another complicated thing, and also, like, sending emails requires yet another protocol. So luckily, there's an alternative to that called JMap.
10:04
So what is JMap? JMap basically is IMAP with all the cool extensions, and it will also make the server deal with all the MIME parsing, so as a client, you basically get a JSON structure with the email data that is essentially ready to display to the user.
10:23
It's also stateless, and doesn't require persistent TCP connection, because you may hate that mobile phone vendors are preventing apps from keeping a persistent TCP connection in the background, but you just have to deal with that, and that's just how it is.
10:43
So from a client developer's perspective, JMap makes a lot of things a lot easier. However, it's fully compatible to IMAP, so it can operate in the same data structure on the server, and you can just as well use an IMAP client and a JMap client in parallel, and obviously, the server-to-server communication remains untouched as well.
11:05
So that was what got interested me in JMap, but it's not all what JMap is, so JMap really is a data synchronization protocol, more of a replacement for active sync than just for IMAP, and in the future, it will also be able to handle calendars and contacts
11:22
and so on. So what JMap isn't, you still have to deal with some of the legacy mess of IMAP and email, for example, like text emails with HTML emails. It won't provide a big noticeable difference for end users, because if you already have
11:41
a well-functional JMap client, you won't know the difference as a user, but from a client developer's perspective, it makes a lot of things a lot easier, and yes, that's what I did. I wrote a client that's really not a lot of code. It's based on a JMap library that I wrote as well, that essentially is a headless
12:06
email client, so it handles everything an email client would normally do except for the UI, like sending emails, archiving emails, marking something as red, or flagging, unflagging, and the app itself is really limited, like no frills, no settings, I'm
12:24
not planning to introduce any settings at all, because settings always invite feature creep, and I don't want that. It's heavily inspired by Gmail, the same backend in the end could potentially also power a command line client.
12:43
So yeah, what can you do with it? You can read text emails, you can process emails, like marking something as red or flagging or marking it as important. You can write emails, and there's some light responding, like you can respond to an email and it will match the proper email IDs, but it won't quote the email.
13:03
Unfortunately, the biggest hurdle, if you want to try it, the only server software that supports this is Cyrus, and only the unstable Git version, which I'm sure a lot of you are running is interested, but hasn't started the work on it, as we are running out of
13:20
time. I'm still looking for people to help me out with this project, and I'm available on Congress if you want to meet, and here are some links that you might want to check out. Thank you. Thank you.
13:41
Next up is Batch Magic. Hello. Okay, so this is really a great lightning talk session, because we are early, right? Awesome. Good job, guys. Thank you very much for giving me the opportunity here to share a few updates about our project
14:04
Batch Magic. So, right, it's a wireless project, and as we all know, wireless, that's magic. So you can magically create text and clip arts on LED name batches using Bluetooth. That's what we're doing with the batch here, okay? And yeah, you charge it through a battery, through USB, so it's a batch, and it can
14:27
be accessed through Bluetooth. What we are doing, developing an Android app, and also we are looking like to develop more and more apps on all the other clients, like desktop or iOS and so on.
14:42
So what's the story behind it? We found these cool batches everywhere, and everyone loves light and blinky things, and we see a lot of this here at the Congress, but we had this app here, and this app is mixed Chinese, it's colorful, even though the batch is just one color, and there are a lot of issues with this, and a lot of people wanted to do new things with it,
15:02
so we thought, how can we develop an open source app? And we have a large community, but it's often like front-end developers, or it's like people who know about server setups and so on, and not so many people who really like hack and decode things. But then we were really happy, because we found this guy here.
15:23
So on, yeah, on Hacker News and everywhere, so there was a guy who said, like, let's reverse engineer the LED name batches here using Bluetooth, and he really did it, he put up a blog post, and just like in the great hacker spirit, then also put it here online on GitHub and shared his work, right?
15:42
And as we often see here also at the Congress, there's so many cool ideas, but actually often, like a lot of hackers have this spirit, I hacked it, it's working for me, it's working on my machine, here's the code, do what you want, and they move on. But for us, it's also really nice, because we have conferences like the FOSSASIA summit or the Open Tech Summit in Berlin, and we want really, like, everyone to be able to
16:03
use these batches. So what we did now is we made a call in the community here that we're working with, for example, many years in Singapore and Vietnam, and we built this awesome community here around the FOSSASIA free and open source solutions, it's not just software, no, also hardware, and we said, hey, now we have this hack, let's make an app for
16:23
it. So we invited everyone, and people showed up, right? So we have this app now, and yesterday I had some comments here of people who said, oh, yeah, this is really polished, it looks really like a nice thing, and of course, it's on Android, it's on Play Store, we still like a lot of things to solve and make it smoother and so on, but like most of it works, and we also had it already
16:43
at the camp, and yeah, really nice, you can have clip arts, you can have different directions to show the text and so on, and yeah, do a lot of things, you can make it slower, you can make it faster, and write all kinds of text. So some developments have happened in the recent months, for example, let's say you
17:03
really make your batch and you create a lot, you make a clip art, and you know, you make it really nice and you want to share it with your partner or with your friends and so on, so we implemented now export batches to one device, share your configuration, why not? Import, export, and then also a nice thing is that the original app doesn't have is drawing
17:23
things, so you can now have a drawing mode where you draw on the batch and then you can have it as a batch kind of feature, and there can be a lot of more things that we can do here as well, and of course, like as you can imagine, we had crashes, so we fixed a lot of crashes, interestingly, like most of the developers who joined were
17:41
like from Vietnam and Malaysia and so on, and they don't use non-Latin scripts, yeah, so interestingly, it was a Chinese origin, but we didn't support non-Latin scripts, so we started to do that, we fixed a lot in this direction also, so adding more and more scripts, so get in touch with us here on GitHub, on the channel, or join our Code Heat contest,
18:04
which we have, this is how we also like invite more people to participate in our projects here at FOSSASIA, it's a coding contest where, for example, the winners could win a trip to the Singapore event in March every year, this is also like batch magic, we just added this project into this contest. Now the question is, what is next? Of course,
18:24
talk to us, we have like in Hall 2, in the decentralization cluster and assembly with FOSSASIA, and we want to do a lot more things, for example, what you see here, I hope you can recognize this, it's like this kind of small fan, and these fans can
18:41
have different words on it, why not do this as a next fan project, maybe even add it here into the app, where you can configure these fans, why not do iOS, I personally don't use iOS, but interestingly here at the Congress, so many people use iOS, so I think we should have an iOS app, and some people actually just started, so if you want to join, just join us as well, and of course we need the hardware to be open, we have a lot of open hardware
19:04
projects in FOSSASIA, with batch magic, some people say, oh that's too simple for me, I'm not interested, but maybe somebody is interested to join this, and let's make really the hardware itself also open, and that would be cool, thank you very much, join us in Hall 2. Thank you.
19:24
Next up is Path Auditor, there you go. Hi everyone, my name is Ciro, I usually like memory corruption bugs, but today in this talk I want to talk to you about something a little bit else, a different class of vulnerabilities
19:42
that I thought deserves a little bit more love, and show you how you can find them yourself, because in the end, as long as it gives you a shell, that's okay for us. So I will talk about privilege escalation bugs. So just imagine what happens if you have this, this is called run by some process,
20:01
which is running as root on your Linux box, and it's doing rename, 10-foot by X, 10-foot bar to 10-foot by X, so the first thing you might notice here is, well this doesn't make any sense, you can't move a directory into itself, like how is that supposed to happen, but the fun part about this, this is actually a privilege escalation vulnerability.
20:23
And to understand why, we will have to take a quick look at what the kernel's actually doing. So the kernel will get the syscall, it will take the first path argument first, and will resolve it, so it goes to slash, then temp, foo, bar, it takes a reference to this file, it could be a file or directory, the kernel doesn't know at this point,
20:41
and then it goes on to the second one, and that's the same thing again, right? So you just slash, temp, foo, but on Linux there are these things called symlinks, so what if a user can actually write to this directory and just replace this bar with a symlink at this point in time, then the kernel will follow it, go to etc for example, and move the file that it got before, and move it to a different directory.
21:04
So if this is running as root, this is bad, right? Because just imagine a user can mess with this and move an arbitrary file to etc cron for example, and get it executed later as root. So, there are two caveats to this that I want to mention, which is, number one,
21:22
rename only works with, if it's on the same file system, it will not move across file system boundaries, so if temp is just a regular directory, it will work, if it's a tempfs, this case will not work. The other thing is, temp is usually a sticky directory, and symlinks are a little bit special in sticky directories, but this doesn't apply since we're two directories deep.
21:45
In any case, you might wonder why I'm using such a complicated example, because this class of bug, there are such much better examples than this that are much easier to understand, but this was actually a real bug. There's a tool called temporary which is trying to delete all files in temp, and it was doing exactly this to find out if something is a mount point.
22:03
So now we want to find these kind of issues at scale to get them fixed, right? So there's a very simple idea that works surprisingly well in practice, which is, well, we can just hook all the functions. What if we can just install hooks on every process on the system running its route, take every function, open, rename, whatever it is, just hook the function, and whenever
22:25
you call it, you check the path, you try to figure out can this path be somehow messed with by a user because that might be unintended consequences, like there might be unintended side effects, of course, it depends a little bit how the value is used,
22:41
what the function call is in the end, but it's usually a bug if this happens. So we wrote this tool, me and a co-worker, Marta, and you can try it out. It works like this. You build this library, you can use LD preload, so the way it works is use LD preload.
23:04
This allows you to load the library into another process, and then we can override open, rename, and so on, and then just check if the path could have a vulnerability like this, and then afterwards, if it does, we just log it to syslog, and then you will have afterwards to check out the syslog, find all the alerts, and then look at them manually, but
23:25
usually these are very fun because they always have these tricky side effects, for example, there was one case where a shell script was trying to cut a PID file to check if the process is still alive and kill it, but then, if you cut an arbitrary file, you might
23:44
end up putting the content of the file into the arguments, and the arguments are visible by every other process on the system, so you would leak arbitrary files with this. So there are some really cool bugs in this. So long story short, you can find it on GitHub. If you have any questions, you can ping me on Twitter, or I will be at the CTF area most
24:04
of the time, and I'm really sorry, I just noticed the build is broken. I will try to fix it as soon as possible, but, in the meantime, just you have to fix up the includes like you see on the bottom. Just remove the third-party mention, and then everything should work out of the box.
24:21
If not, just let me know, and I can help you try to debug it. Thank you very much. Thank you. So, next up is this talk. I'm interested how they spell it. I'd say Arcelotl, but let's see.
24:45
Okay, my talk is about the Arcelotl. It's this small animal living in Mexico City, but it's nearly dying because of environmental issues. But Arcelotl is also the encryption mechanism that is used in the signal messenger.
25:05
It's actually renamed to double-rated at the moment. But Arcelotl is also the app I'm programming. It's a cross-platform signal client. It works on nearly all operation platforms. It's written in Golang with Vue.js, HATML, JavaScript, Frontend.
25:26
You can send message, link signal, desktop, create groups, send and receive attachments. Little history. It was developed by a developer that worked for Canonical during the Ubuntu Touch in Canonical.
25:51
It was difficult when I took on the maintenance of the app because it wasn't a documented build process.
26:00
And it wasn't also not supported by the standard way of writing apps for Ubuntu Touch. So, I took over. I included Golang support for Ubuntu Touch. I added database encryption, I added system notification.
26:26
I still had the problem that on the start of the app, the whole database was loaded in memory. So, it was really unresponsive when you have 10,000 messages that are loaded.
26:43
And also, we got in contact with Open Whisper to support the Ubuntu Touch, an alternative push client to get push messages. But unfortunately, they only support Google and Apple.
27:00
This summer, I decided to rewrite the Frontend. And rename it again. It improved a lot. We have a really responsive user interface now. But Open Whisper is still not interested in supporting alternative push clients.
27:26
But if someone is interested, we can do a merge request on the Signal server. GitHub, I think it's only a few hundred lines of code.
27:43
So, it would be possible to do it. Here are some screenshots. The first one is still a school app. This is how it works on Ubuntu Touch.
28:00
But I made it also working on Windows and on Raspberry Pi and everywhere. And you can register. And I still need some help because I want to package it and bring it to more people that you can use it.
28:21
I need also people for the different systems to test it. Because I don't use Windows, for example. So, it's always I'm missing some OSS for testing. And I also need help in some decryption functions that are only in the Java code of the Signal
28:43
app. I need to translate it to Golang to show, for example, profile images or prove the identity, the signal identity. That's it. You can try it. It's in the since some days it's in the Snap store.
29:03
So, you can install a Snap package. Or you can download it from the source as a user. Or I have also the Windows build on GitHub. Thanks a lot. Thank you.
29:22
Next up is Congress design on an oscilloscope. Yes. Hello. I'm Quentin, and I've brought our Congress design to an oscilloscope. So, what do we have? We have this wonderful Congress design with the cracking characters from Deep Trek.
29:41
And we have this Congress design generator, which is used to let these characters fall down and create cracks. And this is, you know, a model of the Congress and we saw this. And I saw these cracks and these sharp outlines would be perfect on a vector display. Each magnificent outline burned into phosphorus.
30:04
So, I decided to put it onto an oscilloscope. So, what I need for that? Well, I need the path data of the outline in XY samples. Because an oscilloscope uses simply an electron beam to burn images on phosphorus.
30:23
And you need an X axis to deflect the beam in the one direction and another axis for the other direction. And then I need a path to get this data out of the browser JavaScript into an oscilloscope. And not running on the same machine. So, paper JS library, which all this generator is built around.
30:46
It's very nice. It's featureful. Wonderful to create animations. And it was really easy. You just need a for loop and go along the path and get all the points you need along the path. So, I calculate. I need maybe a thousand points.
31:01
So, the path is so long, I go along and have an array of the points. So, in the audio part, I use an audio output to put it on the oscilloscope. And there is a full feature web audio API in JavaScript. You have modular routing, input output nodes, effect nodes. So, you can basically mix music in your browser while you're mining bitcoins.
31:24
And I doesn't notice it until now. But it's kind of great. But it's JavaScript. But we are at resource exhaustion. So, it's maybe okay. And, yes, it's very easy, actually. You create an audio buffer source.
31:42
Put in both channels. And then they will pop out of your headphone jack. All you need to do left is to connect your oscilloscope to your headphone jack. And you get an image.
32:01
You see on the left side my laptop and the right side the oscilloscope. I've created a small amplification circuit. Not that important. And I don't have a video now here. But it's live. So, you can look at the oscilloscope live where the characters are falling and breaking apart. And you also see some distortions in the oscilloscope image because I don't care about
32:25
the passes between the characters and all that like that. I will give another longer talk in German today at 945 at the stage. It's a nonrecording stage. So, be sure to come around if you want to. Have a bit more background.
32:41
I will explain how all these have a history. A bit more details in how you can implement it and give an outlook what you can do with this wonderful combination of paper JS and Web Audio API. So, today in 1945 in German, sadly.
33:01
And if you have any questions, ask me. I'm Quanton and you will find me at the car soon. Or you can ask me on Twitter at Quinton Quanton. Call me up. Or have a look at the Wiki page. I don't know how it's named. I think it's and you can also find everything you need to get in touch with me.
33:24
Thanks. Thank you. All right. Next up is are you ready to sustain it? This talk is going to be in German.
38:35
Thank you. Thank you. So, next up is Free Pascal.
38:51
Hello, together. My name is Pascal Dragan. I'm a developer of the Free Pascal compiler. And I would like to give you a quick overview of this open source cross-platform object Pascal compiler.
39:02
Quick history. It was originally started by Florian Klemfel on June 1993. Originally written in 2 Pascal and targeted the Go 32 version 1 DOS extender. It was a 16-bit application generating 32-bit code. In 1995, the compiler was able to compile itself.
39:22
Thus became a 30-bit application as well. Soon after, the first ports to other operating systems like Linux and OS2 as well as the first other CPU, the Motorola 68000 followed. In 2005, Free Pascal was the first open source compiler for Windows 64 because we had our own internal linker and assembler as the new tools weren't ready yet.
39:46
Free Pascal is an open source compiler. The compiler and the tools are licensed as GPL version 2 or newer, while the RTL and the code library is licensed as LGPL version 2 with a static linking exception. This allows closed source applications to statically link against the RTL and the code library
40:04
without violating the license. Free Pascal is a cross-platform compiler. We support various processor architectures. For example, x86 in 16, 32, and 64-bit flavours, ARM in 32 and 64-bit, power PC
40:21
in 32 and 64-bit, the Motorola 68000. Our youngest target is the RISC-V also with 32 and 64-bit support, and we also support AVR as an 8-bit target. And we also support the JVM as a back-end which includes Android, and we have a web
40:41
assembly back-end in development. And as a speciality, we have a Pascal to JavaScript transpiler in the form of the tool pass to JS. We also support a variety of operating systems. This includes the big Windows in 32 and 64-bit, Windows CE or formerly called Windows
41:01
Mobile, also Windows 3.11, we support various UNIX-like systems like Linux, Mac OS X, as well as free open net and Dragonfly BSD. We support the Amiga likes, Amiga 3.x on the Motorola 68000, Amiga 4.x on the power
41:22
PC, as well as Aaros. We also support various other operating systems like OS2, DOS, with and without a DOS extender, the Atari ST, Mac OS Classic, and various gaming platforms by Nintendo, namely Game Boy Advance, Nintendo DS, Nintendo Wii, and the Switch through a third-party developer.
41:44
And we also support developing on hardware which is mostly used for the IVR and Free Pascal is an object Pascal compiler. We support various existing language dialects through a mode concept which allows us to
42:00
select the language modes, parallel compilation unit. We cover various existing dialects as well as the two Pascal standards, we also have two custom dialects that are similar to the two Pascal and Delphi dialects but have
42:21
a few differences and restrictions. Free Pascal has a name-space module-like concept through units which allows for fast compilation, which is also what C++ developers wanted. As the name says, this is an object-oriented programming language. We have virtual methods, interfaces, a class meter type, something I really miss from
42:44
C++ sometimes. We have extensive runtime type information which is the basis for an IDE like Lazarus to retrieve information about the running code at runtime, and we also support generics which are a bit of a hybrid between C++ templates and C-sharp Java generics.
43:10
If I've made you curious, give it a try. The current release is 3.04, and you can download it at free Pascal.org for various platforms. I suggest you to use the Lazarus IDE in version 2.06 which you can get at Lazarus.org.
43:29
You can also, if you have questions, talk to me on the Congress. I should be recognised. But that's it. Thank you very much.
43:41
Thank you. Next up is the Telnet challenge, AKA Winkekatzen challenge. It's going to be a German talk. Hello. My name is Dario. We are in the Assembly.
44:01
You can't speak in German? Yeah, yeah. I'm not sure. We are in the Assembly. This is here at the Congress. We are in the Assembly. We have our first group of 30 people in the group. So let's start with the first group. And the third group is the Assembly.
44:21
So the community is going to talk about what we are doing. What we are doing is we are making stickers. They are very believed. And our stickers have the ability that they don't have any word for what they are doing. They are in HecarSpace and so on. And we are saying that Telnet is going to talk to us and we are going to talk about them.
45:11
We are also going to talk about what we are doing. So if there is a problem, we are going to have a motor and a GPI open and so on.
45:20
So that is going to be our message. We are also going to talk about some of the things we are going to talk about. We have a ton of clips. The Z is going to talk about it. And we are going to talk about how we are going to talk about it. And what is most interesting is that we are going to talk about a challenge. The first challenge is called the Winkekatzen Challenge. Today it is a Telnet challenge.
45:42
And we are going to talk about the winch, which is a T-shirt. For two years, the T-shirt was TelnetKlartex. The next one is the Unter. And this is what I am going to talk about. All of this in short. We are going to talk about it. We are going to talk about the winch.
46:02
We are going to talk about our stand-up. This is a spoiler for the first and the last stage. This is the first stage. This is the third stage of the winch. The last one is the Kätzler in Hintergrund. We are going to talk about the winch. And if we talk about the winch, then we are going to talk about the T-shirt. We are going to talk about financing the LSR.
46:21
You can also spend money on the T-shirt. We are going to talk about the winch challenge. I am going to talk about the winch. We are going to talk about the beta test. This is Sean Hinter and this is my guest. And with that, I want to introduce you to the live test. You have to come to the room. You can have your own group. I am a nonetheless with with one of my seven students.
46:43
Although this is not a big role, you can still play with a CTF of the T-shirt on. That's it for today. I hope you enjoyed today's event.
47:04
Next up is unconventional tactics for online campaigning. Hey there, my name is Lena Riga and I am digital campaigner and designer for non-profits across Europe.
47:24
My topic today is unconventional tactics for digital campaigning and to start with I just have a question for you. Did any one of you take an online petition within the last year? Okay, nice. That's quite some engagement because online petition may be the most important and most common tactic in online campaigning.
47:45
But my question is are there more ways to reach out to a target or maybe engage your supporter more? There are plenty of them and I'm just going to introduce a few of them today. So one thing you can do is to use localized data to personalize your issue more.
48:02
Let's take the example of cyclist safety. If I give you the number of cyclist accidents for the whole country, let's say Germany, you might not be able to relate to that number because it's just too big. But if I break that down to your city, your region, maybe your neighbourhood, you might be able to access this number and to relate to the topic.
48:23
A simple implementation of this could look like just a simple online form where the supporter types in his postcode. This form is connected to data about cyclist accidents. You provide the number of the accidents happening in the intermediate surrounding of the supporter.
48:41
And the supporter is able to relate to that number and engages with your topic. We love engaged supporters because we can ask them for more. You could, for example, ask them to block your target's phone lines. So this tactic works like this. You have an engaged supporter. Of course, you provide the number of your target's office.
49:02
Make sure that the target's office is staffed that day. And then you provide a phone script where you can list arguments your supporter could say to your target. Then you invite them to call your target's office. And, of course, this tactic is way more effort for your supporter but also the effect is so much higher than just writing an email or signing an online petition.
49:23
Because your office, the office of your target, has to answer directly to that call. Another tactic, ad busting your target's office. So ad busting works quite well at conferences or events where a very specific target audience is in one place.
49:41
So let's say you want to campaign for cycle safety at an automotive conference like ERR. What you do in advance, you prepare ads on Facebook and Google which are telling about your campaign, about your topic. And then you use IP targeting to show those measures, those ads only in the block where the conference or the event is happening.
50:05
So at the conference, for participants of the conference, it will look like these ads are all over the internet. And for you, it's a really cheap way to get a message across to a very specific target audience. So last one is a sneaky one. You could spoof your target's website.
50:21
This also works quite well with events and conferences because participants of conferences tend to Google the conference website to look at the program or to check the location. And with targeted ads and smart SEO, you can lead those participants to another website, your website, that might look similar but has your message and your campaign on it.
50:46
Yeah, of course, it makes sense to always check the legal risks with those tactics. And I'm very happy to talk about this. Thank you. All the speakers are on time and we have like six minutes right now of free time.
51:09
But we'll continue with the next talk, TSDB Mal Anders. It's going to be a German talk, I think.
51:21
Hi, my name is Sebastian. I'm going to talk about TSDB's time series database. It's relatively simple. It's a key value store. The key in the shell is in one's site. It's a very simple way to get a message. And to this way, or to that way, you need to find the information.
51:44
And most of the time, you need to stream it and then you need to log in. The last thing I want to talk about is monitoring. You can use web servers every second. Or you can use a system, CPU, RAM or fast platform, whatever you want to call it.
52:01
The first thing I want to talk about is the classic RID tool. You can see the graphics inside. You can see how many bits per second you can get.
53:14
You can start in 15 minutes in the next four hours. You can use the tool to get the graphics out. And in 15 years, you can see that in winter, you don't have to use it all the time.
53:25
And when you're ready, you can use the task to get the most out of it. We'll do a use case. As a relatively long time ago, we were talking about creativity.
53:41
We were talking about 4 and 3, 6, 3. And infrastructure review. This is the dashboard from NOC. This is the Internet traffic from 4 and 3, 6, 3. And NOC has something to say about what is happening. And this is a group of people.
54:01
This is Morse code. This is Morse code for 4 and 3, 6, 3. This is the two over here. This is the dashboard from the event phone from POC.
54:24
I'm not sure if you saw it in the magazine. This is the dashboard from the event phone. The way it works, it doesn't matter when you open the mouse. It's just a little bit. It's just a time series. We're going to talk about this. We're going to talk about how you can pass the matrix,
54:45
pass it to the user, pass it to the user. This is the first part of the talk. You can pass it to the user and pass it to the pixel. And this is the first part. You can pass the matrix to the user, pass it to the user,
55:02
and pass it to the user. And this is the first part. You can pass the code to the user, pass it to the user, pass it to the user, pass it to the user, and pass it to the user. And, yeah. I'm really happy when the event phone comes in.
55:22
It's really exciting. It's what the internet has to offer. And the way it works, this doesn't matter. Thank you. Let's go. Yeah. This year, I've worked on my master thesis,
55:41
and I came along a lot of problems. And, well, a lot of papers and articles focus on new results, but there's little reproduction. I had to reproduce something, but there was no source code. The technical details in the paper, let's say they were almost nonexistent.
56:01
And the framework that was used was kind of, it was a known one, but it was really complicated. So basically, I had to implement everything from scratch, which is not what should happen. So it cost me a lot of time. So what can be done better about it?
56:20
Well, first, if you do any research, release your source code. It isn't that difficult, and it helps everyone else a great way. Second, every little detail, like hyperparameters,
56:40
what other parameters are used, documented in the paper, and if that may be too long, then in the appendices, or some other way, but definitely documented, make it known to the people, because it shouldn't require month-long tries and writing to the author to get somehow understanding
57:00
what actually was done. It should be inferable from the paper itself. So that's all you need to know. Third, use a common machine learning framework, for example, TensorFlow 2.0. There are others, but don't invent your own one. Maybe that's more intellectually challenging,
57:22
but everyone else will hate you for it. So just don't do it, and save everyone a lot of trouble, and use a known one, so they can get to work and use your results faster. Fourth, write source code in package form. For example, in Python,
57:41
which is used very often in machine learning, it's very easy. There's like the Python package index, so just prepare your things for that, so you can upload it after you hand it in your publication, so others can simply install it and have all the required dependencies in one command and don't need to search around and try to find how this thing can be run.
58:03
So only the datasets which are too large to put in as dependencies have to be downloaded manually, but everything else will be ready. And five, follow clean code rules. So, I mean, we all know this thing. We write something in school, and then years later, we can't read it ourselves.
58:23
Well, in source code, while it's written with a machine, you can see the letters, but you don't necessarily understand them anymore, so just write cleanly, search in the favorite search engine, and just follow that. It isn't that difficult. And maybe follow a pledge.
58:42
Hold yourself and others to these five rules, and if you're a journal editor or know someone who is, maybe don't accept publications that don't fulfill these five points, and if enough journals would follow that, then it would be adopted en masse very fast. So I think that saves a lot of people a lot of time and doesn't take too much time from you.
59:02
Thank you. Thank you. So next up is accessibility for adult autistics and at larger events. So there we go.
59:25
Okay. Hello. So it's about accessibility for autistics at large events. Children are not my department, so it's only for adults. The first thing I would like to encourage... Oh, why do I need that? Maybe we don't have autistics.
59:41
You probably do. And considering accessibility helps everyone. Like, a person in a wheelchair needs an elevator to get to the third floor, but everybody is happy to get to the third floor with an elevator when they're sick, for instance. So we are all disabled sometimes, and it helps the quality of your event if you consider those things.
01:00:01
Tolerate odd behaviour, and make policies to tolerate odd behaviour. Just don't force people to be all the same, you know that, but make policies. Allow people to leave the room at any time. Some people want to smoke, some people want to pee, and some people want to be alone for a moment. Make it allowed.
01:00:21
Don't force people into the party. Often, autistics have trouble with sensory simulation and social situations, also they know what is best for them. It's good to give people a chance to be alone, but also to give people a chance to be in a group in a way that's not overstimulating.
01:00:42
For instance, here we have the quiet cube, which is like a quieter hug centre where people can participate in the congress, but not be too overwhelmed. Be predictable with your schedule. For instance, like this, indicate when there are the social times so people can plan their stay and leave when they need.
01:01:03
Autistics often really like to plan school year medical stuff. In a nutshell, problems with autistics is that they are overwhelmed, there is too much information, so that happens a lot to autistics, and quite intensely. Meltdowns mean to be very angry, like to appear in rage, and shutdowns mean to not
01:01:25
talk, to look unconscious or asleep. Those things happen. Don't unnecessarily touch people if you know that they are autistic, because touch can also be overwhelming and have a place where people can calm down.
01:01:43
This is a bonus level. If you want to be all creatures welcome event, you can print cards for people who cannot talk at the moment. It makes them feel more invited. Those cards might not fit everybody, but it's a good sign to tell them that they
01:02:01
are invited. If you want to talk more, you can contact C3 Auti or me, or come to the quiet cube and ask. We're happy to help. Thank you. Thank you. So, next up is going to be disruption-tolerant networking.
01:02:29
We are also disruption-tolerant here. Delay-tolerant especially. All right. Go ahead.
01:02:56
That's good. Okay. So, some delay. As for the topic.
01:03:00
So, today I'm going to give you a brief introduction into the world of delay or disruption-tolerant networking and put away all this with the DTM7 software or DTM7 Go to be precisely. Even today we have a lot of situation where you don't have some reliable uplink. For example, your internet access is blocked or you don't have any infrastructure, for
01:03:23
example, in disaster scenarios. Also you have transmissions from rural areas. For example, for your sensor network, or if you're at the digital somewhere in Brandenburg. Furthermore, perhaps you're somewhere in deep space so you can't plug in your internet. The typical solution is some wireless mesh networking.
01:03:42
But even nowadays, there are situations where your mesh network doesn't help you. So here we have the picture of a typical mesh network as in your community. So, if you want to establish a connection from the left to the right node, your routing
01:04:02
algorithm just determines the path, for example, the dotted one, and you can exchange packets. However, for TCP, for example, you need the round trip. So you have to send packets forth and back, forth and back. If your nodes are very far away from each other, this could take some time, for example,
01:04:23
because you have such low bandwidth. Furthermore, if your link breaks down, for example, like here, TCP doesn't work nicely anymore, because TCP isn't designed for partition networks, yes. In real life, you don't have those connected components.
01:04:42
For example, if you're in a disaster scenario, and you're somewhere outside with your smart phone, you're in your group, with your peer group, with your people, and you just have small mesh networks for yourself, but you cannot connect to the other ones. So it's always just small groups. Furthermore, people are switching between these groups, so you have some kind of mobility
01:05:05
in this. So we have some network where you don't want any end-to-end connection, you don't want extra network round trips or extra packets, and, well, it must also work if it's not
01:05:20
really connected, and the nodes are moving. So that's where we're coming to delay or disruption-tolerant networking. In DTN, packets are transmitted hop by hop in a store carry-forward manner. So they are exchanged from node to node when they're meeting, for example, opportunistically because they're just passing by or scheduled, for example, for satellites in space.
01:05:42
This looks like here in this example. We have these two groups as before, and the upper node wants to transmit some data to the lower one. Now the upper node creates a package, and it's like it owns this package now, it has it, and it will transmit it to its neighbouring nodes in the same component.
01:06:02
Now the node from the downer component moves up because it has some kind of mobility, gets a package, moves back, and now it's delivered. So this is not really possible with, like, the internal protocol and TCP, especially TCP, so the other protocols, for example, the boundary protocol, and there's currently an ITF draft, which describes such an architecture.
01:06:26
It aims to obsolete this old RC5050. So there you have the package looking like this one. You have a primary block with your metadata and your IP header, and then you have canonical other blocks. At the end, you have a payload block where your payload is there, obviously, in this
01:06:44
case, hello 3663, and you can have other blocks, for example, the hop count block, which is the same like a hop count in the current version of the internet protocol. So you can just extend your bundles of transport. All this is implemented in our software we're going to present here. It's CTN7 Go, and it's an, well, obviously, implementation of the networking with the
01:07:06
boundary protocol. It's also a router, and it has an interface to be programmed for or to be received packages. Those bundles, as shown earlier, like the packages, can be exchanged over different
01:07:20
protocols like TCP-based or the physical layer of LoRa, so we have small antennas where you can exchange the packets. Everything else is possible. We have an interface for this. Furthermore, before, I just saw a package exchange from node to node, but if you have a huge network, you want to have some kind of internet routing, so we have different
01:07:42
routing algorithms as shown there. Furthermore, you can create these packages with our API or just use our software as a library. That's it. Thanks. Thank you. Next up is Tesla Radar.
01:08:13
Hello, my name is Martin, and I'm talking about Tesla Radar in a very brief talk today. First a little bit of an introduction about myself.
01:08:23
My name is Martin, and I'm known for Bluetooth security research, and that is so long ago that I think most of you won't even remember. I'm having a hard time remembering this, too. And this is my 21st consecutive Congress, and, of course, I'm a Model 3 owner, and
01:08:42
that's why I came into this research. So what's the issue? Some Tesla models always transmit a unique ID via Bluetooth low energy. This is most known, the Model 3, and most likely also upcoming models like the Model
01:09:04
Y that implement the so-called phone key feature. This is a keyless technology that doesn't require a key fob but uses your own mobile in order to unlock the car and allows you to drive the car without a key.
01:09:23
And this ID that is transmitted continuously is required for this phone key feature. So the thing is that this ID does not change over time and you cannot turn it off, so it's a beacon you're driving around that everybody else is able to spot and can locate.
01:09:44
So anyone can track vehicles without effort, and this is, at least in Europe, a privacy issue. And that could facilitate car theft, car crashing, I don't know if you know what that is. A friend brought that up to me.
01:10:00
That's when people wait with their cars at intersections and wait for a well-insured car to come around the corner which has no right of way, and they just enter the intersection and the car crashes into their car and they make some money out of that. So that could be facilitated with that as well. Of course, speed measurement is something you can use it for, and worst of all is that
01:10:24
it facilitates automated personal observation. So the situation at the moment is I wrote a letter to Tesla and told them that I believe this is a privacy issue, and they replied back very friendly and very professionally
01:10:44
that they see that differently, and they say that because there are so many automated license plate readers around in the country anyways, so it doesn't really make a big difference if they would randomize any identifiers with their cars.
01:11:04
So ALPR, that's this license plate reader technology, that is an argument for the USA. It's a lazy excuse, some would say, but in Europe, there's at least the GDPR. So if only there was an app for that, I thought, and there was no app that helped addressing
01:11:25
this issue, so I did this Android app which is called Tesla Radar, and it's a little bit like Pokemon Go. It has the intention to raise awareness for the issue by spotting all these Teslas that
01:11:43
you find when you wander around with this app, and it transmits it back to the server where a heat map is generated out of the locations of the detected cars, and, of course, there's gamification in the app, and, of course, this should lead to a situation where
01:12:01
Tesla fixes the issue eventually. So please consider to install the app, share your data with the service, collect radar score, and enjoy gamification, and please, please pay attention to the ads.
01:12:21
It's a free app, but it's ad-supported, and you don't have to be really interested in anything you see. Just give it a try clicking on it. So if you're still not convinced that you should go for the app, you're in very good company. The guy you see there is Thomas from the Netherlands.
01:12:41
He's an electronics engineer, and he took it to the next level, in my opinion. He installed a Tesla radar station next to a highway in the Netherlands, and he's leading the rankings from then on, so he spotted by himself like 2,000 unique cars
01:13:00
in about one month's time. And finally, that's the thank you. You see it's already 16 different countries, 4,700 and a little bit different cars that have been spotted, and I would be really thankful if you joined in.
01:13:23
Find me afterwards. I have stickers, and I will most likely hang around at the telnet assembly, and if you want to talk to me, find me there. Thank you. Thank you. Next up is open source licenses.
01:14:05
Hello. My name is Hong Fu Teng. I'm speaking on behalf of the Open Source Initiative. So I thought I'd start with a very quick English version of Japanese, as I couldn't play last night. Approveation 1,000, OSI, what is Open Source Initiative?
01:14:26
OSD, what is Open Source definition? So Open Source Initiative is a global nonprofit organization that looks after the Open Source definition. We are also the community recognized body for reviewing and approving Open Source licenses.
01:14:49
Open Source definition. This is a document that published by us to determine whether a software license can be labeled as the Open Source certification mark, or we call it OSI-certified.
01:15:03
This Open Source definition was originally derived from the DBN free software guidelines. So Open Source doesn't just mean access to the source code, but also the distribution terms of Open Source software must comply with the following criteria that you can
01:15:24
find on our website, opensource.org. GPL, MIT, Apache license, Mozilla public license, these are very popular Open Source license, were approved by the OSI, but these are not all.
01:15:44
If you go to our website, you will find close to 100 other Open Source approved licenses. The core purpose of the license review process is to provide software freedom and to ensure that any approved Open Source license comply again with the Open Source definition.
01:16:05
Some interesting facts about the process. All the licenses must go through a public review process. There is a community discussion on every single license on a mailing list, and the
01:16:22
decision process normally takes up to 60 days, and an extra 30 days if there is a submission of a revised version. How to submit a request? You need to understand the Open Source definition and ensure that your license complies with it.
01:16:40
Identify the submission type, ensure you have an appropriate sending to submit a request, join the license review mailing list, and submit a formal request by just sending an email to that list. Go to opensource.org for all the details.
01:17:00
Or you can also find me at the end if you have questions. And I am at the digital digitalization where all the colorful Asian-looking tables are. Or you can also send me physical mails. I love them. And if you put on your address, I will reply within the Congress.
01:17:21
So that's it. Thank you very much. All right. Thank you. Next up is soldering workshops.
01:17:45
Okay. So my first slide is where the hardware hacking area is. It's basically across the hall. Right towards the bathroom on the left side if you go in the main door. So how do I switch slides? Okay.
01:18:00
So what is the hardware hacking area for? We basically have over a hundred soldering irons, 30 of which are just dedicated to people wanting to solder any time they want. You can bring whatever you want to solder. If you didn't bring anything to Congress that you want to solder, we also are selling kits mostly between about noon and five every day.
01:18:24
And I also made a badge this year that is in my pocket. Basically this little soldering kit, and it's by donation. And the donations will determine what my budget is next year. So if you think 600 isn't enough for Congress, donate more than what you think it's worth.
01:18:46
Because that will determine how many I get to make next year. Because I'm not rich. Okay. So I'm also teaching a number of workshops, and my workshop that I'm doing tonight, tomorrow, and the next day is an introduction to Arduino soldering and programming.
01:19:02
And it's basically one hour of soldering for surface mount and through-hole soldering, and then one hour of learning digital input, digital output, analog input, analog output, and my goal is to stay there until everybody's shield works. And you sign up between three and five today or tomorrow, I'll be at the hardware
01:19:21
hacking area. My other workshop that I'm doing tomorrow night is building this toy, which you can see what they're doing on the video. The one labeled recharge, you basically push it, and it's to recharge yourself, so to take a moment to just relax.
01:19:41
It was designed because a person in my hardware hacking space has a very anxious girlfriend who needs to constantly remember to just take a moment to calm down before giving a speech and so on. The other one is just a toy where if you push it with the right tempo, it will change directions or get brighter, and that's just to learn through-hole soldering, and that's
01:20:06
the slide in case the video didn't work. This is surface mount for terrified beginners. It's taught ten different times during Congress. There's a sign-up sheet at the end of the kit sales area and the hardware hacking area if you want to take that workshop.
01:20:22
There are still spaces left. This is sold out. There are still spaces for this workshop where you build an Arduino synth, so the first two workshops that I talked about with the recharge and the heart or the intro to Arduino. That's my workshop. The rest are just other people's.
01:20:41
This is where you build a music synthesizer, and there's still a few spots left. The Maker Bueno is sold out. I believe this one may have a couple spots left, and you basically you build your own Geiger counter. There's an air quality monitor workshop, and all of the information on how to sign up
01:21:02
for the workshops given by other people are on the hardware hacking area website Wiki and then follow all of their directions on how to get the kit and sign up. And then there's two FPGA workshops. One is to build a stopwatch, and I believe it is free, and it's tonight, and you borrow
01:21:24
the materials, which is how it can be free, because these are not cheap kits. If you want to buy the kit, you have to talk to the workshop giver. And then there's also this FPGA and your USB port workshop.
01:21:41
And that's all. Thank you. And next up is exciting developments around Linux on phones. Very tiny.
01:22:03
Thank you. So my name is Jan. I'm from the UbiPods project, so obviously I am not an independent source on this topic, but I wanted to use this opportunity to spread my propaganda anyways. So Linux on phones.
01:22:21
Why even bother? Yeah, because Android is not great. There's many other reasons. I talked about this last year, but this year I would just want to quickly remind you of some of the projects that are exciting right now. This is my personal opinion, so we won't target all the projects they are in this area, because there's a lot going on, actually.
01:22:42
But I just want to remind you of some of the things that are going to be interesting next year. First one, obviously, since I'm from UbiPods, is Ubuntu Touch. Ubuntu Touch started out as the official version for phones from Ubuntu, from Canonical. It was moved to a community project, which is UbiPods, two years ago.
01:23:07
And it's still going strong. And I think that's an exciting one to watch. Next one, obviously, you have to talk about KDE Plasma, which is an adaptation of, yeah, Plasma Mobile, which is an adaptation of KDE Plasma for mobile devices.
01:23:23
Very exciting. It's not entirely meant for daily use yet. But they are really getting there. It's really amazing what they are achieving in fairly short time. And it's going to be very, very interesting, I think. PostMarket OS is a little different. They have some different architectural approaches.
01:23:43
But they are truly amazing what they do. They really challenge what everybody is doing. And their focus is on improving the longevity of phones. So you can really use a phone that is 10 years old. And it runs just fine. It's based on Alpine Linux, which is very, very lightweight.
01:24:01
So it works amazingly on really old hardware as well. Also not meant for daily use yet. But we might see this change this year. Or at least in the next two years, maybe. So let's talk some hardware. Very exciting is the PinePhone. The PinePhone, Pine is a company that originally made kind of a Raspberry Pi clone.
01:24:24
But they then moved on and made a laptop and made a phone. Now I'm making a phone. And it's starting to ship now. It comes in at $150. It's free hardware. It's very exciting, I think. And it's actual Linux on there. And the software is provided by open source communities.
01:24:44
So it's very non-corporate, I think. As non-corporate as it gets. If you want corporate, this might also be something interesting for you. So this is an up-and-coming German startup. They are trying to make a phone entirely in the EU. I think mostly in Germany, actually.
01:25:00
And they are experimenting with different alternative mobile operating systems as well. So here you see Ubuntu Touch running on the prototype. So how do I install if I don't want to buy an expensive device? Because most of the supported ones are actually fairly old. So they are available on the cheap.
01:25:21
So this is the UbiPods installer. UbiPods fairly early on said, OK, we need to make it as easy as possible to install on third-party hardware. So you can just pick up a Nexus 5 used for, like, 50 euros on eBay, and then run the installer. So the installer tries to make it as easy as possible.
01:25:40
So your grandma could install Ubuntu Touch on her device. Herself, without you looking over her shoulder. That's the goal, really. And now we're working on getting other operating systems in there. So if there's someone in the audience who's maintaining any Android alternative, or even an Android derivative that
01:26:04
needs to be easier to install, hit me up, or go to github.com slash UbiPods slash UbiPods installer, and contribute your installation instructions there. We created a config file format to make it really easy to describe what needs to happen, what the installer needs to do to install on the device.
01:26:24
So you just have to activate developer mode, and the rest happens automatically, basically. So that's it. Here are the links that we talked about. On the other side, you see how to get in touch. Yeah, it's going to be really interesting to see what happens with all of this with Linux on mobile devices.
01:26:45
So yeah, take care. Thanks. Thanks. Thank you. All right, next up is Hacking Ecology.
01:27:01
Let's go. Yeah, hi, I'm Mario. And welcome to Hacking Ecology. Today is two. Today is a very exciting year, a talk from Theodore. He's going to talk a little bit about a talk he's had. And he's going to talk about how hackers and hackers can create a good project. And this year, he's going to talk about four concrete projects. The first is VLIT, that gives us an opportunity to visualize.
01:27:23
The first step is to create a free Internet for Super, which is from the NASA, from the World Bank, from the UN, from all of these things. But this is a very important step, because there are a lot of data formats, a lot of data banks, a lot of websites. And here, you can see that we have a good visualization tool in web-bound, with a lot of data being visualized
01:27:42
and being used. Then, of course, it's so that there are a lot of
01:28:49
things that we can do. The third project is called VOTC-RITZOTRON. This is my colleague and I. We are very excited to see what's going on. We are going to talk about V-Wax and V-RITZOTRON.
01:29:02
And we are going to talk about a big change in the world. And what we are going to do is VOTC-WAX to monitor. And what we are going to do is to make transparent words, a RITZOTRON, in the last few minutes. And then we are going to talk about scanner-like web-bound, which I already talked about. And then VOTC-WAX to monitor these words.
01:30:15
VOTC-WAX.
01:30:49
Thank you. Thank you. Next up is make peace time, make peace with accounting, make peace time with accounting.
01:31:05
Wait a minute, where is it? There we go. Make peace and time with accounting. Hello everyone. So my name is Louis and my day job is programming, but I'm tracking my finances with new cash since late 2016, and new cash is an accounting software that has been developed
01:31:26
since the late 90s, so it's pretty mature, and it's free as in free speech and free as in free beer, and it works in about any operating system. And for the accountants here, new cash uses double trade accounting, which I'm going to define a little bit next.
01:31:42
So accounting lets you track money movements across accounts, and accounts can be, for example, your bank account, your checking or savings account, or a retirement account if you're in the US, or life insurance if you're in France, and I'm sure Germany has something similar. Or an account can represent where money is coming from, for example, your salary,
01:32:02
or salaries if you work in different companies, or tips or wages, any kind of wages. And our accounts can represent where money is going to, for example, food, transportation, services, for example, your fund bills, internet bills, any kind of bills. Our accounts can also represent how much money you owe, so any kind of debt, a student
01:32:21
loan, or taxes you'll have to pay at a later date. And an accounting book is a collection of such accounts. So an accounting book centralizes all these accounts, and accounts lets you categorize your finances, and centralizing and categorizing your finances has a lot of benefits.
01:32:41
So for example, I think one of the most obvious ones is to be able to track how you're spending your money. For example, one thing I like to do is to sort recurring expenses from non-recurring expenses. So recurring expenses are going to be bills that are going to be likely paid automatically every month. For example, my fund bill, streaming services, internet bill, electricity, whatever, from
01:33:03
other expenses. For example, traveling to CCC is something I do, it's a one-off operation. And doing that may help you compress your budget, so you know how much money you're spending every month. By knowing how you're spending it, you can maybe spend less, or weigh, oh, I'm
01:33:21
spending this much for streaming, but do I really watch this many movies every month or something like this, right? Or do I need to pay this much for my fund bill? Doing accounting can also help you spot hidden fees. For example, banks, especially in the US, really like hidden fees. You pay for something, and they'll add up a fee on top of it, and they won't tell
01:33:43
you, right? And by doing accounting, you can spot that very easily. And something I like to do, for example, is at the end of the year, you go to your banker and tell him, oh, there is so much I spent as fees with your bank, can you do something about it? You know, it's like it gives you that power. Doing accounting also lets you catch mistakes very easily.
01:34:01
For example, that happened to me, I made a check, and six months later, it was cashed out for a completely different sum, a much bigger sum, and I would have never code that without doing accounting, because I would have forgot about it, and I would have said, oh, that must be the right amount. Or also, missed reimbursements, right? You loan some money to someone or something, but in accounting, you can remember, you
01:34:24
can see that you've given money out, or you can also do that to track how much money insurances are supposed to give you back. And overall, doing that can reduce anxiety about your financial situation, and that's why I'm saying you can make peace by doing accounting.
01:34:42
And a lot of things related to money can be very anxiety-inducing, for example, debt can create a lot of anxiety, taxes can create a lot of anxiety, and doing accounting really helps with that. Also, you can save time with accounting, because by having all your financial information categorized and centralized, you know any amount you might need for any kind of computation
01:35:06
or projection on your finances. For example, taxes are very complicated in the US, and knowing all your different kind of income, whether they're like a salary or interest or dividends or tips, that really helps you project and computer taxes, even though we have software to help
01:35:21
you with that. There are other benefits that are not coming from centralization or categorization. One thing that I like about accounting is, for example, you can actually make banks compete with each other. You don't have to trust, like what people usually do is they have one bank and that bank has some features to do that categorization thing.
01:35:43
By doing it yourself, you can really have banks compete with each other, if they have more interesting rates or fees. And you can also not trust a single entity with all your financial information. Once something that your bank cannot do is track your cash expenses, right?
01:36:00
You just get money from the ATM, spend it. The bank doesn't know how you're spending it. Cash is anonymous, and it's a really powerful thing. But you might want to track it with accounting. You can also track checks. Checks are still like, they're not really used anymore, but like, you know, oftentimes it happens. You have to use them. And it's really annoying when you make a check and then it's not cashed over for
01:36:21
six months. You can track that with accounting and you're not surprised when a check is being cashed out. Doing accounting is a great first step towards running personal or business finances. It's especially great for running nonprofit organizations or small businesses. It will also help you understand economy and politics.
01:36:40
It's a great step towards that. There is also a few bad reasons for like, I think, not doing it. One is that accounting only serves rich people. I don't think that's true. I think that middle-class people, people with less income will also benefit a lot from accounting and from being able to see how they're spending their money and can plan for future projects better. It's boring and takes so much time.
01:37:01
That's completely true, but I think you're going to get that time back by doing that, by having more money for projects. And I don't think I'm going to have time for the last one, but X does it for me. Maybe you want to reconsider that if X works for you, maybe you keep it, but you always have a conflict of interests with anyone handling your finances because they want your money, but you also want your money.
01:37:21
And doing accounting yourself helps you resolve that conflict of interest. No one can manage your money better than yourself. And that's it. I will help you set up new cash at Congress, so feel free to contact me and tomorrow I'll explain how development country works. Thank you. Thank you.
01:37:41
Yeah, as long as we are not over time, we can arrange something with the countdown. So next up is Duocracy Danwell.
01:38:03
So hi. I am Merlin, and I am a board member of Hackerspace Gant, and I am going to talk about how we manage our community. So the first version of Hackerspace Gant started 10 years ago, and we had only two rules.
01:38:20
Be excellent to each other and decide everything by consensus. We thought common sense would solve all other problems, but we were incredibly wrong. After four years, our Hackerspace was on the brink of destruction because of internal conflict. A lot of people were leaving for other Hackerspaces, and there were even talks about
01:38:42
forking the Hackerspace and stuff like that. So as a last-ditch effort, we started the Hackerspace workshops, basically workshops to create a system for our Hackerspace, for our community, that gets the best out of people.
01:39:00
So as a result, we created the Hackerspace blueprint. This is a small book that explains how our community works and how we solve problems. And it's available online for free. It's also open source. And I hope that if you're interested, that you go to the URL hackerspace.design, and
01:39:22
that you read it in and that you can maybe use some of the IDs to solve problems in your own communities. This is the most important slide in my entire presentation, hackerspace.design. Go there in your browser and read the book. So I'm now going to talk about, we've been using this system for six years, and what
01:39:41
are some of the lessons learned. The first thing is a duocracy. Specifically about a duocracy is that you do not need the opinion of everyone who is affected by your action. If you are the person who does something, then you are the person who decides how it should be done.
01:40:01
Even if you're not the most competent person, even if what you are going to do is not the best solution, you can still decide to do that without getting the opinion of everyone else. The second thing is interpersonal conflict. This is a big issue in communities. This is one of the main reasons why communities explode.
01:40:24
We as human beings have this natural tendency to try to ignore interpersonal conflict as long as it doesn't involve us ourselves, but this is a really bad thing because we hope that interpersonal conflict will solve itself, but it almost never does.
01:40:42
So how do you actually solve this? The first thing is that you have to have people responsible to monitor and solve interpersonal conflict. Literally assign people in our hackerspace. This is the role of the board. The second thing is that if interpersonal conflict happens, first use the private talk
01:41:03
pattern. Talk with the individuals privately and discuss the issues directly and without blame. And then after you've talked with everybody, put them together and have also a private conversation with all the involved parties and moderate it. We've been doing this for six years and every single time when we tried it, it actually
01:41:23
succeeded in solving the issues. But it's very important that you make people responsible to do this, otherwise nobody will. The second thing is rules and loopholes. So one of the issues with being a hacker is that you're incredibly good at finding loopholes,
01:41:40
so running a hacker community using rules is an incredibly bad idea. What's better is to actually motivate people to do the right thing. Create a culture where everybody works in the best interest of the hackerspace, not because they're forced to, but because they actually want to. If you see people who are not doing that, you can talk to them, you can coach them,
01:42:03
and if they refuse to actually do that, just kick them out. These kind of people, whatever they contribute to your hackerspace, they will take away more than they contribute. The third thing is meetings. Meetings is also a really big issue in a duocracy because meetings give power to
01:42:21
the people with opinions, and we do not want that. We want to give power to the people who actually do stuff. So the best meeting is no meeting. Do as little meetings as possible. Thanks. This is the second most important slide in my presentation because it has the URL again.
01:42:40
Go to hackerspace.design, send me an email. If you want to talk to me in person, you can also come to the HSBE assembly, and I think tomorrow I will do a much longer talk in the assembly to explain more parts of the hackerspace blueprint. Thank you. Thank you.
01:43:06
Next up is OpenLaserTag. Hi, I'm Florian. I'm Juhl.
01:43:20
I'm Juhl. We are building an open source laser tag system. For those of you who don't know what laser tag is, it's like catching each other but with light. It's the same technology like in your TV remote. After playing laser tag with some friends, we sat together in Berlin at the Spree
01:43:47
and thought, well, this can't be so hard to do this ourselves. Then we searched on the internet if other people already did it, and of course there were lots. Most of them did it in really complicated ways,
01:44:03
and so we thought, okay, this is too hard for us, so we have to do it simpler. So we went for the journey to build a simple open laser tag system. We got some ideas about our system, what we wanted to achieve. It should be cheap because we want to build a lot of taggers
01:44:25
and give them to our friends to play with them, and the technology should be accessible and flexible. That's the system design we came up with. Starting at the bottom, you see the tagger,
01:44:42
which is basically the infrared communications hardware. On top of the tagger, there is some Bluetooth. So the tagger is containing ESP32 and some infrared components, and they communicate via Bluetooth with your smartphone.
01:45:04
For now, we have an Android app only, so we need somebody to do iOS stuff. The app does most of the logic part, while the tagger is only basically a transmission layer.
01:45:21
On top of all of that, there is sitting the server, which is communicating between all the different players. That's how our first prototyping looked like. That's the ESP32 you see here. Only what you need for a tagger is this microcontroller,
01:45:44
and infrared LED, and an infrared receiver, and a lens to focus the infrared, because you don't want to have a widespread infrared beam like in your TV remote,
01:46:02
but you want a very focused light stream to make it harder, of course, to hit with your light. That was our next prototype built out of PVC tubes.
01:46:22
You see the lens on the right picture, and on top of this black thing is the infrared receiver. What I can say also about this, there is no PCB involved in this,
01:46:41
so you don't have to... You just can buy the components and put them together, and you have a tagger. Our newer designs of a tagger casing look like this, so they are 3D printed and more custom made.
01:47:01
That's where we are at the moment from the hardware side. The software side of the tagger is also pretty far, so you can actually tag someone, and he will get hit, and we will get a notification. That's how far we are today,
01:47:22
and now we can see where you can meet us. What is still missing is the game logic, so we can't play a game right now, but the technology works. If you want to contact us, there is our GitHub repository and our Twitter handles.
01:47:45
You can find us for the next half an hour outside of the Selecting Hall here at the LED Palm Tree. We will be waiting for the hackers who want to play laser tag. We actually have a pile of hardware and parts,
01:48:03
so we can actually build stuff today. We also asked for a workshop slot at the open hardware hacking area, but we didn't get a time slot yet, so we will maybe post it on Twitter.
01:48:20
If you are interested in building your own tagger, come to there or meet us in the next half an hour at the LED Palm Tree. Thank you.
01:48:40
Next up is the binary analysis course. Thank you. Today I would like to talk with you about a program I've been developing,
01:49:03
not in the sense of code, but as a course. So the table of contents, it has three topics. Who am I? Just a short introduction about myself. What is it and how can you access it? So first of all, something about myself. My name is Max Kerst. I go by the name of Libra as a nickname.
01:49:21
I'm the administrator, or one of the administrators of the malware research group on Telegram, on which I have a talk tomorrow. I'm currently working as a threat intelligence analyst. I previously worked as the Android malware analyst. I made some tooling for that, and I write blogs on my own website about which this talk is.
01:49:42
So what is this binary analysis course? So it's a free online course that uses free and open source tooling. Nowadays, you have a lot of guides and help lines, especially for paid tooling, which is perfectly fine in corporate environments, but especially if you're starting out as a student or you're just new to the field,
01:50:01
you don't want to spend so much money just to see if it fits you. There are great open source tools out there which work for free, and this course uses them and focuses on them, so you have a low-level entry. So it has a really heavy focus on the how and the why stuff works. It doesn't jump to conclusions.
01:50:21
You get explained every step of the way, and if you know something already, then you can just skip that part and move on. So the step-by-step approach is used in every article where you get a sense of how it works, why it works, meaning you can repeat experiments that are being done in the course
01:50:41
on other binaries you find yourself, CTF challenges you later on participate in, or anything else you want to put your hands on. So as a last kind of unique part of the course, it does not contain images. I think the images are great to use in some cases, but it focuses me to clearly explain everything I want to in text,
01:51:05
making it also easier for people to search back later on. Maybe you read an article and half a year later you think back, oh, I read about this on this site, and it was somewhere in this article. If you have stuff in images or in videos,
01:51:20
it's really hard to find something back, but if it's fully written out in text, you can use the search function of your browser or any text editor you loaded my website in, and you can find things back. So some of the topics that are covered, they start from the basics, starting from CPU architecture, how does it work, why does it work. Moving on to assembly language,
01:51:40
as it's a core concept you need to know. You will also learn how to write some assembly and compile that to get a different view of what is the difference between compiled and decompiled code, or disassembled, rather. You have multiple analysis methods for multiple file types. It ranges from a Linux DDoS bot that I analyzed to a browser plug-in to Magecart JavaScript.
01:52:06
So the malware analysis in there is also for a variety of platforms. Like I said, it's based for the browser for Linux. There's stuff for Windows coming on. But there's also more, because you can read my articles
01:52:22
and you can read the analysis, which I hope is really enjoyable. At least I think writing them is. But the question is, how do you continue then? Because I found some cool sample that I wrote about, but it's not as much fun to just keep on replicating the same sample.
01:52:41
So what is also focused within the course is how do you actually find new samples? Where do you find interesting samples? And if you're searching for something really specific, where do you find this? Let's say you want a really specific version of Mirai, then you need to search for this somewhere, somehow, and you want to find it.
01:53:02
And additionally, recognizing structures and patterns is really important, as they also come back into any language you use. If you have a specific type of obfuscation, you can view this in decompiled assembly code, like sudo C, or you can see it in JavaScript, in C sharp.
01:53:22
In any language you come back to, you'll see certain structures and patterns, like a for loop, a while loop. So they're also discussed in great detail. So how can you access it? Well, it's on my website, which is on the screen right now. You can take a picture, wait until the talk is uploaded,
01:53:41
or remember it. I do tend to publish roughly at least one article a month, based on how lengthy they are. I publish announcements on Twitter beforehand, and also when something new comes out. So if you follow me on Twitter, you'll also be up to date on that.
01:54:01
Additionally, if you have feedback, suggestions, or ideas, my Twitter DMs are always open. You can just send me a message, and we can discuss anything. After this, I'll also be somewhere around here in the area, probably just outside the exit of the boardroom. So feel free to hit me up.
01:54:22
All right, thank you. Thank you. So that concludes today's session. Please give a big round of applause for all of the speakers who were here on stage today. Also, for having to deal with 24 speakers from different countries,
01:54:44
give a big round of applause for the translation team, please.
Empfehlungen
Serie mit 254 Medien