/299$36c3-talk-10526

Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!

Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles.
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!

========================================================================

[Music]
the first talk for today is am I in incognito yeah all right all right hi I'm tonight boys my twitter is the noise and this is a small project that I was doing on privacy and it's titled am i incognito oh you have a present yeah all right so a quick shout out for this project there's one lightning talk given at balcan by Brian do definitely check out my own booth that's behind this hall it was a nice starting point for me to be interested over privacy or naps and also to a guy named Smith who basically spoon-fed me the idea whenever stuck at a point so the talk by Brian talked about how you could use tinder and Tinder's api's to basically do mapping and as well as poly trilateration poly relation to identify users location it was pretty interesting talk you should definitely catch up with them if you want to know more about this and okay so when I was doing my privacy exercise of course a lot of times I started opening Google Maps and I kept checking how you could plot data over Google Maps and how you can actually figure out people's information of people via Google map one thing that always caught me is when I open Google map and stated for about a few seconds it automatically resolved my location approximate location and you could see in some coordinates being upended on Google Maps in itself which was a bit confusing for me for which I approached Google and told them how are you storing my data and what is giving my coordinates away and Google replies with the definition of IP address for people who do not know what is an IP address you can definitely look at this definition beautifully explained by Google and then I asked Google hey can you stop sharing my approximate IP address and they were like well she say stop sharing my sumit location coordinates then they were like okay we are not sharing your approximate location address we're just getting it from your IP address now location via IP address this is my location where you can see the red mark is basicall
y somewhere I stay at the block where I stay and of course I am from Emirates and I looked at my IP address and the IP address location of the ISP is somewhere about four blocks away from my home and this is generally for our entire city most of the times however in this case Abu Dhabi if you have SSL connection you would find your location to be this point which is marked on the maps which is significantly farther away from my location now of course there in chrome there is a setting called location services which was blocked for my website this because all my tests wire chrome was done while my website over there or free hosted web site over there and this is something called is Google location services via which you can do API calls and you can identify your approximate location by the API services which generally you opt in to block and the browser would not be able to identify a location anymore so launching this API call via the browser I got my approximate location to be somewhere close to the area what was more interesting was when I found these things out I was kind of curious about what is going on I approached one guy called Smith and he was like hey why don't you look at Google's geo allocate API and he definitely mentioned few web sites using this and collecting information from users so it was interesting so I go on to the geolocation documentation and I find out that you know you need to supply it with your Wi-Fi or cell tower data and it will give you a location based on that and if you are not able to supply a Wi-Fi address or cell tower address it gives you your location based on your IP this was interesting because it responds with the latitude/longitude and the accuracy of the location coordinates that has been provided so of course when this kind of an API exists you can script out eazy XM xhr request acquiring the google api services and host it on any website and what you actually get is nothing but the location coordinates even when you have
blocked your location like you can see in the location services on the top that I have blocked it from the websites execution you can get the coordinates on the website execution so on the left side is basically the code that executed on the website that I have on my domain and on the right side is the plot for those coordinates you can see the accuracy is also mentioned that's around 1,400 meters that's 1.4 kilometers that's decently close however quite a wide range you can see it's still away from my block so yeah yeah when you however turn off your Google GPS spoofer and things like that since I am a modern-day tinfoil hat guy you can geo locate yourself wire into your block so I don't allow Google or any services by spoofing my GPS and you can geo locate yourself into it as well as very sorry five for free
[Applause]
next up is learn OS good morning Congress when I miss Simon I'm located at the center tantrum podcasting assembly and I want to make a short pitch for systemic lifelong learning Lana is a term it's a verb it's coming from Esperanto the artificial language and it's the future tense of learning so it means we will learn or I will learn and I will talk a little bit about how I think how we can hack our own lifelong learning system the problem that I see is that in more and more knowledge domains the half-life of knowledge gets shorter and shorter it's not so much the fact if we talk about knowledge that you acquire at school about history things like that but if you think about especially technology and IT knowledge the half life gets shorter and shorter this means that we have to learn on an ongoing basis and also in a systematic way second problem that I see is that our education systems are not prepared at all for teaching us these lifelong learning mechanisms when you think about school we send our children to school it's a very formal approach with the fixed curriculum and fixed teaching methods we don't really teach them how to learn in the self-organized way I think same counts for the higher education in terms of the bachelor and master processes we apply more and more methods that we have in elementary schools also in higher education and I think it gets even worse if we have a look at the working environments where a lot of people think that when you start working learning ends because learning was in school and now you have to work and every day that we spent on learning and trying out new things it's a waste of money and time so the idea of this learners learning hack so to say is to put four ingredients together which are well-known methods in the business domain I think and also in the IT domaine which consists of our four methods one is scrum the HR project management approach one idea is to have so-called LAN us or learning sprints of 13 weeks to give
yourself a cadence for your learning process think of it like having school years or half years in university or in school where the education system or a teacher provides you with material and learning goals and a curriculum if this formal education ends then you have to do that on your own so if you do four Sprint's a year with a classical planning like planning off the goals a learning process and a retro way at the end you would do for learning Sprint's a year for example of course you can adapt it to your needs in terms of goals we try to use a method called OKR it was developed by or at Intel in the 80s already made famous at the end of the 90s at Google so it's sort of the strategic management system at Google where you try to manage the goals over the levels of the whole corporation the individual teams and the individuals and you just set a moonshot objective a very ambitious goal for one sprint and half in half three so called Rickey results that you can measure what you have at the end of the Sprint's so for example here at the Congress we try to develop a guide where you can learn how to podcast and use podcasting as a knowledge sharing tool over one sprint to get the learning process managed we use a very old self-organization master that called getting things done by David Ellen which kind of replaces the job of the teacher you organize I organize your learning tasks on your own put your tasks in a Kanban board we also have or working on pre-prep pre-prepared boards that can use for the learning process to manage the troduce and of course if we did something we should share what we learned and what we did and then we use an approach called working out loud defined as making your work except observable a lot of you I think do that by putting stuff on github or publishing presentations like we do here but also narrating you worked about your work talk about lessons learned what worked what didn't work that's where podcasts come in for example we can talk
about what what worked and what did not I put you in a presentation more food for thought for all of the four approaches there are a lot of sources like the YouTube video by reclad from Google Ventures for example or the podcast with David Allen talking about getting things done and the the idea in the end is that you learn lifelong from now onwards until the end of your life so to say the analysis is a project that lasts for six years we are in the middle of it so there are three years to go if you want to there are some addresses where you can join the community of the Twitter account no matter if you learn with LAN Oso take another approach I would like to motivate you to keep calm and learn on thanks thank you next up is SMS for you hey good hey good morning I'm Felix and I want to bring SMS for you I think it's a valid question why do we still need as a mess in 2020 that is because not everybody wants to have a smart phone we have certain services think about banks that use SMS for verification in terms of mobile Stan will buy a ton for gram verification sometimes only GSM is available and so SMS is the only thing we can send and at the end with all the mass of messengers and gated communities it is still the least common denominator for text messaging why not use an SMS in the phone I think there's a lot of reasons one is because you're progressive and you want to use other means of communication maybe you're traveling and in some countries you use a different SIM card and you would still like to be able to receive the messages or in my case I don't want to carry a register Ching SIM card on my own and carry it with me and yeah get into the whole trekking worldwide movement profiles and so on the opposite use case is also valid maybe you only have a dumb phone and you're somewhere and you want to send a message to somebody who is not on your SMS network or and you want to maybe use email or SMPP so SMS for you to the rescue its it started as a little script w
e are now two persons this is actually talk because I'm looking for more people that are interested in that and want maybe to to jump on and use it it's a gateway between short messages and other means of communication currently we are supporting email yes it's a heck but it's it works and XMPP which is like the more solid approach to it you need basically a modem GSM LTE modem whatever you connect it to the Raspberry Pi or either come in a computer and it would receive them SMS send out an email to you you can respond to this email it would send out the SMS back and the same thing with XMPP so no matter where you are no matter whether you have two SIM card with you you will receive still those kind of old messages you can find it on get lap it's ATPL so we are here on the free side of the nice things thank you and check it out thank you next up is very spare you just open it there you go hello I'm going to talk about this cool project called very pal so you guys use signal right to use TLS use whatsapp all of these things are called cryptographic protocols and cryptographic protocols are the systems that are tasked with assuring certain security guarantees like confidentiality for the communications or authentication and so on so people designed these security protocols and they tend to be really complicated for example sophisticated relatively protocol like signal has to ensure certain cryptographic properties like forward secrecy and so it does this thing where it generates new encryption keys all the time between every message other protocols like that RTP have to have certain considerations because they're dealing with voice chat like encrypted phone calls etc and so designing these protocols is really hard and like for example TLS went through many revisions like 1.1 1.2 1.3 and 1.3 was the very first revision of TLS that was designed while actually working together with people who were formally verifying the design of the protocol so what does formal verifica
tion mean formal verification is basically a you can basically prove certain things or get assurances about the security guarantees of protocols you know are they resistant to an active attacker or do they really achieve their security guarantees so generally speaking formal verification is kind of an academic thing and you can see you know people use maybe this a3 theorem prover there's interesting high assurance programming frameworks like F star that allow you to write formally verified cryptographic primitives and recently other protocols as well there's also modeling frameworks like probe arif and tamarind that allow you to illustrate a model of a protocol like for example a model of Alice and Bob speaking over signal and then you can ask questions like okay this is a model of signal can an active attacker decrypt Alice's first message to Bob can an active attacker impersonate Bob to Alice and so you can sort of get a lot of interesting analysis based on the questions that you ask and the models that you make now many papers have been published on this and so on but it's not really used a lot so why is that well it's because it's complicated unless you're a specialist in cryptography it's unlikely that you will be able to really delve into how tamarin and Provera fork so I am working on very pal and so very foul is also allows you to model and analyze and reason about protocols but it's really friendly so it has an intuitive new language for easily describing what Alice and Bob are doing it has a modeling framework an engine that avoids user error and is easier to use it even has an user manual that comes with a manga about formal verification and it's really nice so please check it out it can reason about advanced protocols even though it's really easy to use it has some advanced features as well so try it out you don't have to be a professional or a super EXTREME advanced person to try it out everyone can learn how these systems work and reason about them the
y definitely look at the instruction manual as well the user manual I mean it's really friendly and accessible I strongly recommend that you read it very foul is free open source software it's very new I only released it a few like two months ago and it's still under development but it's really interesting to use I hope it's free and open-source software under the GPL version 3 so please check it out at verify I'll calm you can download it for Windows Linux and Mac OS today and try it out thank you very much thank you
[Applause]
next up is crazy sequential representations today I'm going to tell something about the crazy sequence of appreciations or CSR in short so these are basically mathematical expressions in which all ditches occur in order and this can either be in decreasing order from 91 or in increasing order for one to nine digits maybe using separate numbers with digits may also be concatenated into larger numbers and there are basically five operations that you are allowed to use which are addition subtraction multiplication division and exponentiation in addition parentheses may be used the finally numbers may also be negated in other words numbers may be used in a positive form when numbers may also be used in a negative form on the internet there is a large list risk is increasing CSR and decreasing CSR for all numbers from 0 up to 11111 and for all these numbers and C's RS be found except for the number ten thousand nine hundred fifty eight so I thought maybe I can identify this number myself by doing some kind of brute-force search so let's say we want to iterate over all crazies kinds of representations which have three operations in them then first we need to go over old operations which would look somewhat like this then in the next step we need to go over the different ways numbers can be concatenated and we need to do this for the increasing order but we also need to do this for the decreasing order after this we need to go over the different parentheses or at least the meaningful combination of parentheses now finally the different ways in which negations can be applied and instead of doing this horsies are just three operations we actually need to do this for CSR with one operation in them if to see sorry of eight operations in them because if nine digits eight operations in between this case is about seven and twenty five billion different expressions to be evaluated Alfred are quite some optimizations that one can do for example in many cases parentheses make no di
fferences so you can just skip them and in many cases and the cases tend to cancel each other out so also need to evaluate these so we already had our list from zero to 11,000 which was now extended to about two billion which is the upper limit of the 32-bit signed integer in increasing series we found 931 the leaves found the seeds are four 930,000 integers and in the decreasing series they found CSR for about 1.3 million the different integers however for the number ten thousand nine hundred fifty-eight no CSR was found only sees are that approximate value so some really close but none of this is our evaluate to the exact number or the exact integer ten thousand nine hundred fifty eight we have found many seeds always have the same length so all these equations evaluate to the same number and have the same length for many numbers we found expressions without using specific operations for example CSR without using subtraction without using division without using exponentiation or without using concatenation of numbers for many numbers we found expressions in which specific operations occurred specific indexes I'd like to conclude with the fact that these are basically a proof-of-work because if you have an list of numbers it is really hard to get your series are but once you have them it is really easy to confirm that they are correct sees our new value a two specific numbers all this work is available online and if you have any questions we send an email thank you next up is how to become an Estonian a resident so good morning everybody my name is Marcus normally working for a great lightning company and today I want to share my experience to become an e resident two questions to the audience who has been to Estonia before there are some hands maybe ten and who is an e resident already great okay Estonia is one of the Baltic countries in Northern Europe has only 1.3 million inhabitants it's quite fairly the size size of the Netherlands and I want to share with you
why thing about a residency and how to become a resident what is the number and facts of a resident and at the end maybe how to sign digitally with this so one question could be to escape from Norland because Estonia is far ahead in the digital world but the reason is to be part of the state of the art online community so since 2000 Estonians have arrived to access Internet not the possibility but the right to do it since 2002 they have digital ID cards you heard from the Switzerland that they are thinking about 20 years later to be and make this ID cards electronically so they are far ahead and Estonians can wrote online since 2007 and the e residency started in 2014 and with this you can establish and manage and use you company online and by the way the text declaration is fairly simple and done in some minutes so it's a quite good advantage so number of facts we have about 60,000 residents worldwide in 160 countries and they build it roughly 10,000 companies already which pulled for revenue of 30 million euros to Estonia already now so how to become an e resident first you have to apply online leave your ID information your address and kind of motivation which can be fairly simple next step is to pay one hundred and euros so do it today or tomorrow because it will rise 220 next year and for a win-win situation you can use the referral code of me and the bottom two and then we can win both because it's possible to win a trip to Estonia the third step is to identify yourself in the Ambassador this was the one in Berlin for me so you have to go there pick up your card and and show your identity leave your fingerprints and finally receive your ID card in this embassy with your name we should digital ID so if you have this ID card in your hand you get also in card reader it's in this small envelope and you can now install this card the card reader software which of course works on every system you sync so they are our head I told you you plug in the the card in your
computer and attach to your your card so then you are able to authenticate yourself with the pin 1 so a four digit PIN and if you sign documents you use the pin 2 which is 55 digits and with this digits always it's out identification you can sign documents for getting an domain in Estonia or to establish your company when you want to do so is there anyone who I have convinced to become an in resident now one two yeah three that's good thanks mission completed and for the rest who don't want to be in Estonian IRA's it and I have another idea visit Estonia it's quite an interesting country you can learn a lot and the basic words you need need artery I care mega missed and Travis X so if you have further questions feel free to ask me via Twitter email LinkedIn or whatever you like or later on in this conference here thanks for your attention thank you
[Applause]
next up is the infrastructure event village hello everybody I hope you're having a fantastic experience in the gauss's here and let me give you my briefing for an idea that I'm having for next year and to have an assembly and infrastructure villas and let's see if there is info if there is interest for that and if you're interested to help me run this assembly so let me start it 50 years ago I think was practically requiring just a few buttons with the correct tones or some kind of basic electronics in order to start hiking into telephone systems the years went ahead and the computers what you were really needed we're just a few hours on a computer and then we were going to having computers at home and nowadays we can even have CPUs with like 64 cores and stuff like that but actually the reality is that we use a tone of course in our day-to-day life even not directly let's say graphics cards have like even a couple thousand of course routers have a ton of ASIC and other very fast CPUs and processing units so this is what gave me the idea to create this assembly about well whatever you can technically stock even if this is raspberry PI's smart devices for whatever reason bananas why not FPGAs or even just old-school x86 64 computers aligning with the CCC spirit all architectures are beautiful it doesn't matter what you can do a ton of crazy stuff no matter what what are the use cases who may be interested in something like that well of course self-hosting is one very easy example where you do not need clustering per se but you just delegate different tasks different systems of NSA proofing can be something very inspiring as well and can create a nice form around this topic and of course red teaming and blue teaming can be very into this kind of stuff as an example you can have some systems for awesome gathering and processing scanning for vulnerabilities different systems orchestrating your non-consensual clouds of malware or some like that processing some rainbow t
ables cloud in the middle deploying honey pots detecting intrusions or even some dev cycles for fancy business oriented people so if this is something that you're interested in reached out to me I'm going to have up this website infrastructure villas calm very soon you can find me also on IRC on hacking with Honda's abacus and there is my phone number for the Congress for a few more hours here thank you very much thank you next up is how to run a bit awareness campaign hello my name is Preston close initial exactly on the managed awareness campaign a lighted which is let's do it so nice they're small versus awareness field from Atkins village a London suspense appear aims and from security does listen on Titan from a Tibetan batula shooters phone information in happen algorithms that's your place listen Dimitar Berbatov is forehead in zone one resilient romaji uncertain their social engineering my stairs tango status is as relative which the ignition rotation she shows muslims who drive from the name of dimensions of xuan we have on does can see at my own brain on martin managed listed company expressions of at zealand so mine déméter better english Martin finished zone D of the IT Director as a especially struggle on the phone we also do born with us meta better mixed abelian ohms add some strips as a vegan Vedas cancer and escaped yet Nguyen's company to found she consented image obviously shellfish in campania here owned just cancer start my best an estimate a mindset meta better than physical fish economy debater happen ji kanika Farid ephemera education is a silicon scooters cancer so off to burn dose parameter beta and lassen convenes each lesson the fungus cancer damnit on the stairs concerns including Jewish with Russian Dimity better than ham the cannon was positive there isn't a fault right here on Zimmerman snitch as we'll see lines answer field they start endorsement Masson fishing fish fishing and best indirect iron loading deserving emails from the ins
ide point and condition turn on upstream does not consolations cancel fault - well he met another hidden instead even with offerings of science which vinegar the situation a lot to think about the land of infinite survivors ever for diverse animals devant Leon Duncan vanillish enviable in terms of admin power not significant a 15-10 mail server not an order M perfect group out fishing companion startin would emit a better kind election also have civic mr. Aiken a full gym does the the mining Center ski itz complete fine lingual own Kings the average inflation tacit EIT outside iam Hamza Kinshasa to consider can land in special niche visas Panama and refers ahead in Trenton the current position specific on my first crowd even via emails fondling my colleagues and know the English him sook name of ten limbs of us we HCL's very much my name oblique often contain any effect on the still be under the law to British flag inherits his house versus Tolosa spider Universal kaput much better bit of info on blog leash I'll finish lashed owned bhavani Sheba CSI had an Austrian Jewish Wendy was frightened and won't even be asked me if he knows via satellite no the Englishman then mrs. Anastasio swatch kamikaze was Miss visas in extensive conservation current busy Bhavya and drive and mystified Nam and questioned of Herodotus ill-advised meet a violinist it's believed in electric company fan tillage commandos Argentine applied women a Goethe feared chefs consumers in up gander media file vanity Lord Nikita's Bible involved get him on the gametophyte Iran TIG Allison team we evolved to Zondervan awareness oil filmer this is a would connect us cancer an but at momentous he unfound is dynamometer by the EVF I guess enters user was for hub fish this savage nature statistic arbor Vince's is filed for heightened in insist have an Audubon unclean de Gong Savalas mittens Mohan Zavala non-stop I have any famous or should one season expression miss our voyage must converse and fishing zone
get off spearfishing we are enjoy for years she contrived as an email and other the exact is airbase album ideas are shaking the enemy to the mail to individual inside punk non-english and questioned hop tada whoever saucy even matter Eitan event 2ml supervision on either can Liam its infertility $11 after someone shouldn't even show up done Zoltan manually finished cannons and lifers I named violent graphic aside a small as a revolver which technique a Ted is there as man you think for now Informer Jones's an inspiration bring two sneaks when you have a completed Minecraft and sets well you can't affirm a ultimately a long drive for a strong gun Black Tie inspiration tall station agra mine as a darkness each tioman wish many movies a coffins on a you mean the can't let see to manage design a bill for housemother English's damn it Marshall Rama Tibetan is our but since Lazarus finish often dish can idea give it up sender inter-gang bazooms resolved or owned and questioned clear to the FIFA had an augment enlightened by this issue is to fire what's wrong in our demo meta name is fresh frightened glance appear get out of a skip diverse unbeatable English is all infant or a DFA language in twenty business month looms also Hotel finish fighting with anger to have the damage contract involves and you know my Twitter and email on time tank valve of Maxim thank you soon
[Applause]
so next up this the work quantum or the live quantum I don't really work quantum are you here are you in the room who wants to give this talk so no it's it's actually okay I think we have some people from the waiting list here but we just continue with the next talk now and yeah we we see I'll call him up eventually maybe oh and actually that's the last talk before the break right does anyone have a schedule okay then where are the people from the waiting list are you here no but nobody showed up okay so then that's a bit sad because we have so much time now no he's he left actually so I'm leave all right then yeah we are gonna have a break until 12:30 right now um actually I don't have the slides for the people who which starts do you mean oh yeah yeah he was here yesterday but but you can yeah yeah it's it's it's a lot no work I mean I told the waiting list people to come here 15 minutes before the break and it's still not 15 minutes before the break so I don't know maybe we wait a little and whistle the jeopardy melody or something yes some I don't know you're the first one after the break okay and I mean we can just take your talk and do it right now all right then thank you alright then we'll just continue with the first talk after the break because the break is important to align all the other talks in the other halls then let's go hi everyone my name is Julie latsko and I'm an artist and researcher who is focused on subversion and critical stances on the technological and media landscape and in this in this endeavor I wrote a doctoral degree on the intersections between Hecker culture especially activism and arts in terms of historical view and contemporary arts and it's a little part of my upcoming book this presentation and it's really hard for me to dance it into such a short time so please feel free to find me after this talk or after the lightning talk session in kimono if you don't then probably fish me out of the bubble bath in order to in order to ex
amine the intersections between the historical avant-garde art which includes all the isms from the from after the First World War including Dadaism surrealism and so on I looked at different definitions of hacking and this is very chilly site so okay so I probably don't have to define hacking for you in my research I use definition from Tim Jordan whereas hacking produces new meta realities that define new ways of interacting with technology I also probably don't have to define what the zero dares or social engineering is so I just move on to the second slide where I started to examine the similarities between the avant-garde art movements and hacker culture especially activism and within the avant-garde I mostly looked at data ISM and it's very apparent from the first moment that there's a lot of similarities in terms of order violation practice ISM practices manifestos which which try to aim for a future utopia new composition between society a new company like a new like a kind of aim to recompose societal factors there's there's a kind of need for an existing Canon in both of these paradigms to build on and to interfere with in a revolutionary way and in order to better understand what is really going on in the similarities I looked at some some traditions to interpret avant-garde art works and some traditions to interpret hacking gestures and I try to crossbreed them so in the next slide we see some avant-garde artworks contextualized by Jordan's hacking topology you see Duchamp's LaFontaine as a zero-day whereas the zero day exhibits the biggest amount of creativity and innovation that has never been done before so it exploits and yet unknown vulnerability whereas every other ready-made after elefanten would be a zero plus one day as vulnerabilities to a present but it already has a smaller smaller amount of innovation and appreciation from the community social engineering is really really big in the avant-garde especially when it comes to performance there's
a picture from the 1993 in the sadaqa flight and it's it's there was a reading the last locker room where the idea was to provoke the audience into a chaotic mess which the data is happily achieved and script creedy's in the in terms of data is artwork recombination would be like commercially aimed reconstructions of of Dadaist artworks and you also see the motivational basis of hacking by Tim Jordan there there as most of the original and appreciated avant-garde art works are more aiming for social societal change whereas for instance a t-shirt that you buy in a in a Swiss souvenir shop would be aimed at personal game they gain from who released it which might be a myth new for you is very try to examine Hecker culture in the context of the owner already available interpretational framework of avant-garde artworks one - panache has a really interesting book which looks at of anger artworks as processes instead of instead of artworks in the classical object definition like an object as this he looks at the process right so in in terms of this analysis code panache points out that the avant-garde artwork tries to deconstruct the work of art and in order to understand it we have to focus on the process how it's made so he refers to abstraction in avant-garde artwork as in order to get to get rid of representation action as in activism aimed at to change in society and and the art in order to create novelty which funnily as paradox the paradox of success gets canonized quite fast afterwards and he defines six characteristics of of this process based Annalise's ephemeris in this regard will be that a lot of avant-garde artworks are just there for a very short time you don't have really an object that you could like buy and sell which is a sort of hacking the art market we also see that a lot of the hacking gestures are very short-lived in nature but that doesn't make their achievement less community Oracle as in a vanguard process can be interpreted mostly in for two f
ree Libre open source software and git repositories various yeah I'm sorry we have to take the break we have we have a contacts light or something in the last light you would like to show yeah as a finishing sentence I'd like to say that one other one parallel is that not nor the avant-garde nor hacktivism or hacker culture really destructed the institutions that they wanted to reform or heck or revolutionize but the interventions that they created changed those institutions forever all right thank you
[Applause]
blockchain aetherium cringe pad cool yes um there's the clicker right so I subtitle my talk often but not only a vehicle for fraud since I don't think there's any really getting away from the fact that is the first thing you'll see if you google for it but I'm you know it's it's worth having a Google there are some really funny ones so I would say that when people talk about blockchain and I do also cringe when I say that word people are generally talking about a system that does three things the system where everything is signed so potentially you can know where everything's come from it can happen own origin they have some sort of common logic usually refer to a small contracts although that's a bad name really they should be dumb scripts but at least you have a way of saying a and B happens and they always mean C you also have a root fair and reliable or during events so you can say that for example house moved from A to B before B tried to sell it to C and that's very important that last bit the ordering is the only bit that actually uses a blockchain and if your threat model is difference you can just use an append on the cryptographic log there was a talk on that yesterday so looking at this a little bit more detail the signing bit tends to be done with what we would call wallets some of them are done with Hardware most of them are mobile phones the common interpretation is done using some sort of heuristic program the important thing is it's deterministic it always has to give the same results otherwise being a network data structure the whole thing breaks down and then the last bit is some sort of robust consensus mechanism generally the one that people talk about is nakamoto consensus where you run a lot of computers wasting electricity but that's far from the only way of doing it so in summary the real general purpose of having some stopwatch changes you have a very slow but honest and transparent computer that nobody owns and everyone can accept the resu
lts as being fair obvious that's not all that you need so generally blockchain projects tend to have what in the theorem world which as you can see is my preferred platform we call the Holy Trinity so some sorts of messaging some sort of distributed storage that relies on nodes across the internet rather than just one central server and then the blockchain itself is just for consensus you know you it's essentially a very slow reliable computer but you don't want to use a computer that takes 15 seconds to respond very much in your system if you can avoid it but you very often have to the Holy Trinity phrase is very much in the etherium thing if you talk to Bitcoin maximalists they would say the only purpose of this is currency I disagree but you have to admit their system is very successful and systems like this are grateful finance there's a lot of interesting products around borrowing lending mostly cryptocurrencies but hopefully real things as well there are a lot of interesting projects around registering property assets etc and these centralized naming systems trust games around finding the truth of various statements and Ponzi schemes which is sort of inevitable side-effects it's it's a vehicle for social coordination so here are some interesting projects Eunice WAP is for trading things you port is a great system for finding proving things about your identity so you can assemble identity of different statements different people made about you there's a kickback which is a great event organizing software that we have that she was very often for a theorem events and I would recommend it and material who doing very ambitious stuff on coding legal contracts and ownership on the blockchain which is very useful for transnational kraid where a lot of parties simply don't trust each other there's also quite a lot frauds and although I'd like to say that some people might recognize the bit connect guy I think he's been convicted so hopefully I'll get away with the fact
that that isn't Creative Commons it's worth it's worth a Google I'd say don't let it define your notion of the space but it's really worth of Google and the bit connect guys hilarious and some of the SEC stuff is really thought-provoking so in summary the next time you try to kill Facebook do remember us most the fraud didn't involve any developers it's a very separate community and there's a great conference in Vienna I'd like to emphasize the unique ones thank you all right and then next up is owning our own Medicare data there you go okay I'm Reza you can find me on github as fish man I saw some interesting talks the other day here about the electronic health record in Germany so I spent three years in the health care system in the government in Germany I most recently built a earthquake detection system for big mine in the world and basically the summary of the talk is if we want to own our data the only way we can do it is if we build the infrastructure ourselves so we do have a need for medical data stored somewhere we can improve care we can we can improve preventive care we can you know improve the speed of medical improvements we can replace radiologists to some extent and right now the access model is you go to the doctor you fill out the form at least in Germany and then you give wildcard access to everything and there's no real way to revoke it especially since you don't really remember who you gave it to so some of the good ideas of the EPA is like you can give fine-grained access except they already wrote back on that so that's probably not gonna happen so the bad parts of it all of your data is stored in a central location all of the decryption keys because it's symmetric is stored in another central location and if you have a breach everyone's data is gone and there's nothing really you can do about it so what can we do about it is we store our own data we build a federated API that gives third party EHRs access to our data and then of course the en
cryption skin keys are not stored on the mobile device or whatever this is just one of the ideas so I welcome people to to actually give like maybe better ideas on how we could do it and it would allow us to actually share the data we want with the people we want so I mean like a lot of the threat stuff that they say what the EPA of course we know is not true we know that the moment the data goes on the end device you can store it unless you control the entire ecosystem which is unrealistic because all the health record management systems by the doctors um most of them are running on Windows so the moment that goes on there the guarantee of expiry is kind of not there so I would I would like keep it out of the threat mode but at least if we leak data it leaks from some devices not all the medical data so basically it's more of a call to action so we would have to build a POC we would have to like think about the correct cryptographic solution to this and then the the real places and that's the thing we probably cannot expect the government to use this but we can expect third parties if our API is are better than what the government does which is actually really easy then there is a chance that people would actually use that instead or at least give us the choice of also using them so I set up a github account which doesn't have anything here because I was engineering and like sleeping a little so I might fill this in the next couple of weeks but yeah feel free to help out all right thank you I think the previously missing speaker just showed up there is all right then we will take this talk over here all right sorry about that that's sorry that's perfect because you're invited to disagree with these statements so a little audience participation so there are let's look at the top three statements values is not price values is not violence values is not greed so without defining values I invite you to put your hands fate palms face up on on somewhere where you you you
can remember them so like your like your lab so you keep it like that and this side over here if you would put your hands like this on your on just on your on your net legs like rest them on your on your lap yeah because it gives your gonna turn them around maybe let's take values is not price like well like that couldn't me to say like values are not for sale the question I ask you is if you think that is a value turn over your right hand okay on this side you can put you can put your hands just like this on yeah and if you think that is not a value turn over your left hand and right here the same thing you can put your hands just on your lap and if you not sure don't do anything and if you think it's both raise both your hands and now everyone up you with your hands what do you got okay we've got like confusion and we've got two hands there shouldn't be any two hands here you're only invited if okay so here's the problem right everyone wants to like say their own opinion and they're like huh but I didn't agree to this values like I didn't think that that's that the point is is that some people will think that's a value some people will think that's not a value and it's the real question isn't like can we can I represent my own values it's about can we bring people together to talk about them so that's the question so proof of human corrupt collaboration whenever humans have a moment together they have an opportunity to give what's called a compliment which comes from the Latin with let's see what was it with oh I I had it I had it there somewhere but it essentially means that you give that you give someone a value that you owe you yourself hold dear you wouldn't tell someone's kind if you hadn't heard yourself that you had been kind and so that's the basis for this ayah this general discussion so yeah we tried we tried representing our values and kind of got nowhere which which I think which I also has trouble with this like I'm just discovering values for myself
the main difference is that we're talking about we that were coming from a culture where it's really easy to like have one value right price it's really easy to know what is more valuable in terms of price it's really easy to know like what if someone is a fascist it's really easy to know what they're like main values are some all lists of values held dearly without the ability to consider them in the context of others so that algorithm there was a is essentially one way that you can see how good other niss value has there's a lot of depth to this to this subject when I talk about work quanta and healing quanta everything that I'm in that this this project imagines as successful comes in the in the context of healing every if we design our work to make up for what it takes from the human and from the environment then we're on the right track and so by sharing by federating overvalues a federation in this system is any to any objects with shared values that's human if that's an institution if you have two values in common your federated this is what what we have we have we have a word for this yet but this is a way of describing human values in a context those are consensus rings and they've shared compliments over a group of values and those red lines of the values that they have in common this is essentially because we live because we live in an owned power situation rather than a shared power situation it's good to keep people in their own value structures rather than in a structure of discourse and development and exchange of what could be free next money thank you right so next up is DNS query filtering and with that we are back on track the x s in the schedule again there you go hello I'm here Peter and I'm going to talk about DNS query filtering or how to increase your performance and accidentally block users so the problem we had was that we have an authoritative nameserver which is actually two name servers one is a recursive name server that's not our solu
tion and there is a solution that's ours and it's written by us but it had it has to be complemented with a real and feature complete records in DNS server but because we are using recursing server that means we serve everything and because we serve everything that's a great UDP amplification vector and the problem is that we had no time to fix it nicely as we were notified by the provider our cloud provider that we either fix this or we are going to be blocked and we don't like being blocked so possible solutions fixing it nicely this takes long both on the side where we are fixing our custom solution because it takes development time a lot of the lot of or we could use different records in DNS server that allows us to filter which zones we serve for example hours and nothing else or we could use IP tables rate limiting which means we serve less junk but we still serve it and we serve less of our values errs or we could create content filtering and that takes some development and it would be nice but we don't have time so nope IP tables so we are going to use string matching to be specific hex string matching but this sounds very very expensive in the kernel space so we asked our thirst it we did hack string filtering like this if you want to filter events that cccd on UDP port 53 then you can do it like this and this blocks it around TCP almost the same but this is blocked listing not whitelisting we try the text string and the overhead is very low our original set up could serve 50 60 thousand queries per second from our zone from one node obviously and less than five thousand queries per second recursive queries so with hex string we could drop two hundred and forty thousand queries per second of recursive queries queries which is very nice and it took only 1% CPU time which is a great and low overhead solution and we could still serve near the origin are 60,000 queries per second from our zone but the problem is that we wrongly filter all TCP traffic which is l
ess than 0.1% of our trap traffic and wrongly dropped all works 20 queries which is around 2% bit less TCP filtering is not that easy if you think about it because the free because the streams can be fragmented and you can string match packet by packet it's quite obvious although every guy tells you every guide tells you to do it like you do on UDP but that only works because they blow please not whitelist so it doesn't work for us and on TCP we don't have a UDP amplification vector so why do it anyway Oh X xx is a security feature so if you rank and code random bit as lowercase uppercase then you can be kind of sure that you get a valid answer events that CCC becomes lower case e upper case ve lower case and upper case T lowercase s and so on we like memes but not in our DNS queries however this is a quite easy problem because you can solve it with keys in sensitive matching and it's not a problem anymore in conclusion it was fun to try it out and I blocked two to three percent of our users which was less fun takeaway is the premise test more thoroughly if you introduce stricter iptables rules you can do that by inserting it before the existing one do some logging whatever we want thank you for your attention and major props to mocks my colleague who recommended hex filter and thanks to vista from nock who helped me prepare all right thank you and next up is writing drivers in high-level languages hi I'm Paul and I'm going to talk about writing drivers in high-level languages again so this is a talk that I've given quite a few times now and a lot of people have contributed to that and I've also bought a lot of slides so I'll just skip over a lot of things here good news is there's a long version of that talk available on media dot CC CDE if you just search for something with drivers and high-level languages ok of course drivers operating systems and so on usually written in C because C is such an awesome language it's nice low level have and Polk was point us and m
emory and do weird stuff everyone can read and write see and if you try really really hard then you can even write safe and secure cotton see at least some people think they can I don't think they can but well so if you look at security box in this is CBS new Linux kernel over the years there are a lot of security issues but of course not all of them can be attributed to the security language but some of them can there have been studies for example in 2017 61% of the code execution type lunar abilities and the Linux kernel would have been prevented if it was a memory safe language that was in use for the kernel that would be used after flee and missing bounced checks and so on and we took this this data from this studiers link down below and looked at where these bugs actually occurred and well out of the 40 bucks that could have been prevented with a better language 39 of them were and drivers and then doing like a group by by vendor whose the vendors the most bucks well certain run Qualcomm drivers was really really surprising eSATA has really high-quality drivers but yeah so fortunate can you write drivers in a better language yeah it's a little bit complicated to get a Haskell driver upstream in Linux and also to even get something other than C running inside the kernel but the good news is that for many devices you don't actually need a kernel driver you can write user space drivers in any languages questioners then of course all languages an equally good choice some languages better suited for writing drivers what are the trade-offs what about having a JIT compiler or garbage collector and a driver is that even a good idea so we looked at network drivers in particular because we happen to know a lot about Network drivers and also user space network drivers like DP decay or snap and so on also really common in the high-speed or high-performance world so what I did two years ago is I wrote a user space network driver well in that was a talk here two years ago an
d this kind of simply driver easy to understand because it just does only their very basic things there's only a thousand lines of code and next idea was tend to write that in a better language of course wanted to write it in all the languages but turns out that's a lot of work and I don't speak all the languages good thing is I work at a university so I can just grab a bunch of students and tell them to write drivers in their favorite languages then we had in the end nine driver implementations in these languages he must go see shops with Haskell or caramel Tyson Oh tab is not up to date there's also Java driver nowadays as well and then we compare them by various criteria like which safety properties are being offered by the language under which scenarios which constrains and yeah just going to skip over these suicides because not much time here then implementation size you might think si is very nice because it's just some terse code full of pointer metric but other languages can be short as well sure si is still shortest counted by by lines of code but other languages can be even shorter than measuring the size as in how many bytes are in the source code of the driver because some languages just like lots of short lines like Haskell last yeah next question is it is it fast is the good idea well turns out C is still the fastest language for this kind of job and but rust comes pretty close and also surprisingly fast for these low-level driver stuff this is a simple benchmark where we just accept packets on a dual port and drilling minimum sized packets forwarding back on the other link like a bi-directional follower the simplest case you can imagine for a network driver and surprisingly fast go C sharp and well for us it's not surprising that as fast then performance is always two things next one is latency but this graph is too complicated to explain basically garbage collector means high tail latency no garbage collector is as fast the lines for C and rust direc
tly on top of each other there's no latency penalty for using last of a C but the latency penalties for languages JIT compilers and garbage collectors however the go and Java garbage collectors are surprisingly well done at least it goes by default well done Java the new used Anusha nando a garbage collector then it's relatively fast we can get 10 agencies below 50 microseconds which is acceptable for most applications final site there is a github repository with links to these slides to recordings of old versions of the talks and to all the code thank you
[Applause]
next up is toward the rebel yeah hello people everybody welcome thank you for being here now you see a logo over there and I suggest that we're gonna start to play a game because the logo has been transformed the past few days my cousin has helped me to transform the logo because it's tuturro Belle is related to extinction rebellion but it's not the extinction rebellion to on bike so let's play a game because I expected to be I didn't know in which room I would be so I didn't know that I would be speaking in such a huge audience over here I thought it would be something like the nutshell and I'm here with my powerpoint presentation anti-technology but there are a lot of those Flyers hanging around and there's a QR code in which you can find much more information and hopefully some are enthusiastic about the project after my short presentation of five minutes and would like to join an introduction presentation online in the next few weeks but what is the tuturro bell and that's what I'm going to explain now but yeah if anybody can see this maybe zoom in with your good cameras on the QR code I don't know whether that's possible so to turrible the world's largest moving climate camp on bike around the world so everybody now sees a pink elephant in front of your eyes like okay moving climate camp so now I'm trying to wipe away those clouds in front of the tuturro Bell and try to explain the vision of the people I met the past two month which I was encountering during my cycling tour around well I was also cycling around the globe but I mean I was not coming further than the Netherlands and Germany but I started at least so to rebell what I'm presenting now to you is not my idea but a collection of the ideas of many people I met the past two month it started with an idea okay I want to slow travel I want to make sustainable traveling just much more nice because it's such an experience to cycle this the stage between Hamburg and Bremen for example which have been one hou
r of train or one hour by car for me the past few years and now I did this within one week with couple of other people and it was just such an amazing adventure to get in touch with nature again and to slow travel through the world however slow travelling is only one aim of the Tour de Rebelle and experience ending adventure because it's far more than just cycling around the globe because everybody apparently is currently doing that if you look on Instagram you find pet of the world and all the other people it's nothing nothing really special and connecting and I want to do something with the other people I'm cycling around to do something which is connecting movements who are trying to change the system with each other so the second aim of the to rebel has tried to form a network of a platform for people to meet each other imagine a few hundred people cycling together from Bremen - let's say Berlin and on the way from Bremen to Berlin they meet a lot of people from different organizations they network with each other they exchange experiences and they exchange skills and knowledge and that is something which is lacking from my point of view within organizations but also between organizations so the tutor Abell tries to be a platform for networking and I already mentioned the first aim or the the last aim of the three aims which is skill sharing and information spreading so if you imagine a climate camp cycling around the globe and you arrive at least for example I arrived with five people together in a small village of 200 people nobody noticed but if you arrived with 200 people in 200 village - on a person village it will be noticed it will be the event of the year so a climate camp / justice social justice camp is an attention point if you go by bicycle around the globe everybody wants to be there at least hopefully everybody hoop on for future I don't need those people but at least the rest of the population is interested so still what is it now how to how can I
join or be part of it scan the QR code because it's not only about cycling I started cycling the past two month and many people joined we were about 50 people cycling in total from point to point and in the end many people also took background organization stuff like filming and stuff so what is needed now is an organizational team and building a platform and if you want to join clapping thank you very much and yeah lay the game and search for the QR codes of the tool thank you you can put it in front of the stage sorry you can put the QR code in front of the stage so everybody who wants can scan it yeah just somewhere somewhere there so the next talk is going to be listing an open source web app so hi everyone my name is Sven and today I want to talk shortly to you about the need for low threshold collaboration in safe organized groups so let's start by imagining or picturing ourselves in a safe organized group like a group read that's based on voluntary work like an activist group or a civic group you know and in those groups we have people with different backgrounds and that also means people with different IT skills and often those groups features an open participation model so you can easily join but that also means you can easily leave and often you have fluctuating members so for now let's imagine we have our little group with Alice and Bob long-standing members and then there's this newcomer eager to join so what are the challenges they face for online collaboration so if the group uses multiple online tools for collaboration you will have this scenario where they tell the newcomer ok look we have a shared task list and we use this please install it and then we have a poll please use this website and register and also we have a wiki and we will make you an account and the newcomers like oh okay I install five EPS and what was my password for the first one okay this can get quite overwhelming so some groups then say okay let's use just one software a group w
here and this is we are cool but it also has a steeper learning curve so what that's not a problem when we have an enterprise environment where you have one week of onboarding time but in a voluntary setting this is really off-putting for newcomers and also many groups don't have at the resources to feature like to set up a group where and so what I see often when I'm active in activist groups is that we use other pad or spreadsheets I collab your collaborative documents and they are fine if you want to do collaborative text work but if you use them for other use cases and people often do like let's say a to-do list then we are in a text document it's already a pain to move items around and if you have a spreadsheet it's like okay I have all the cells and buttons and then I formulas and formatting options okay no so all in all I would say this creates something like a collaboration barrier and what I see very often in those groups is that only a small minority of people are amused those online collaboration tools and then we have something like okay then let's just do everything over email or let's do everything in a telegram Channel and that can be quite messy so what can we do about that one night I had this idea what if we would have a collaborative document but with a bit more structure better fitting to typical use cases of self-organized groups and what about lists so it turns out that groups often need lists that to-do list is obvious but the wiki could also be a list of small a small list of notes and appall it's all just a list of options where you can vote and if you have a meeting again that this is also a list and so on and so on and so on so in 2018 I sat down and said okay I'm going to make listening and listening is a service to make and edit collaborative lists I am its online you can use it and it has no registration whatsoever you just create a list and share the link it's free for use and it has a focus on a simple UI of course it's open source an
d you can hack it and contribute if you want so now this would be the time for a demo but actually what is the presentation a presentation is just a list of slides so I thought well then I do it listening and that's what you saw now nevertheless yeah thank you
[Applause]
nevertheless I have some screenshots for you you can not only do presentations and you can also do like in the middle you see some lists have different features in the middle you see a task list where you can assign people or check items or whatever and on the right side you see an example pause so you can add options and vote for them actually I was quite fast nice so that's it you can you can try it online on listing dot-org if you have any ideas the ideas of future requests I would love to hear them and you can contribute github and if you want to get in touch if you have any questions we have a gated community you can find me on Twitter and also you can talk to me right there after all the other lightning talks are over so in the name of Ellis pop in the new comer thank you thank you next up is unary yet another jelly sheet for your hacker space yep good morning I'm Johannes and I'm gonna talk about something that's at the heart of every heckler or makerspace today it's consuming beverages and keep working based on the beverages you consume and everybody needs to tell you shit for whether you know to keep track record of who's consuming what and so the use case here is very simple version of this just a datasheet but in an electronic system so it's such as the system that have so uses to keep track of their balance and the security model here is trust so if you have physical edges access to the fridge you can compromise the system so there's lots of solutions obviously because every hackerspace needs something like this and all of these solutions typically are sexy hiking projects because was so much fun to develop some custom hardware to make it run on some vintage stuff you know have a barcode scanner things like that that's very sexy for hacking but actually is often it's not so sexy for maintaining and also the usability is not the greatest you can have typically so that's why I'm developed yet another of these systems and my system is boring so the idea is
to have very boring solution very simple solution that's still nice and usability and for this I just use off-the-shelf components I just use modern web frameworks and I also use just an old Android tablet you know one of these old tablets but you're not fun to use anymore you can just use it for this system because each tablet comes with high-resolution touchscreen and that's really great for usability so here's how it looks like you can see you know we have a screen where you can pick your account based on the color you picked or based on some I can easily identifiable you can filter for users and then after you picked your account you can pick the beverage you would like to consume you get visual feedback when you buy it and you have features like adding deposits cash deposits or also looking at your recent actions and reverting wrong transactions things like that many more features but the idea here is that it's not about features about how simply the system really is so looking at the software side of things you can see that on the server we just deliver one single HTML page which is web web application and then we continue handling requests and mentioning the database and probably need less than 300 lines of code actually on the server side and python on the client side we use where you chase framework which is very nice because we can embed with variables and logic into the HTML code and when we have the reactive nature of this framework which makes it easy to just keep the state in the JavaScript object services that javascript object is only 150 lines of code and the rest is just how UI elements are supposed to look like and behave it's a very simple system and it's also very simply because we use WebSockets for communication WebSockets allow us to send simple messages and the socket IO library also persists they come the connection between the server and the client so it's also very low latency and very robust and using this we also take note of this reac
tive component of UJ so what we do is when meant for example you buy a product the client doesn't update its state if a client just gets a visual feedback form for successful buying the product with balance is updated by the server and the server pushes the state to the client constantly so that's also saving us a lot of logic on both sides for the deployment still boring we just have it in Fryeburg running for this year now just an old Sony Tablet and the whole system is actually contained in the tablet there's no other server or any other system or hardware needed to consume beverages in the FRA lab and this is made possible because the Thermomix environment many people think charmix is just a terminal application but actually it's providing a full based food loaned distro and you can install all these packages and you can actually run these server components with a startup script on the tablet it says so it doesn't even need internet connection or anything to work the user just sees the browser and the browser is put into full-screen mode so the user doesn't actually see the browser it only sees our interfaces or the screenshots but this is obviously not be only there you can do it right so if you want to you can still put the server component on some other machine and have multiple clients and actually WebSockets and chase no libraries that you can find in every language or environment so in fact this system already runs for quite almost a year with no complaints it's only thousand lines of code so it's not much what can go wrong but it's still in that works for me State so I'm very happy to put this to the next level and I'm very happy to get future requests people who would like to employ us two or also change it and make it more you might want to look at it thank you thank you next up this natural language processing is harder than you think alright hi my name is Ingo and I'm going to talk about why NLP is despite things like Bert and GPG - not solved yet and
it's really harder than most people think so have you ever been disappointed by an NLP system like your Alexa or your car or some other thing you use I am daley and I work on these type of things which is a sad state but why is that that is because language is hard and language is ambiguous and languages complex and languages fluid it changes people use more than one language usually and generally speaking we don't really know how language works so let's exemplify that this is some fairly easy sentence they saw a bet with a telescope now first of all they could be singular it could be plural we don't really know a vet could be a veterinarian a doctor or it could be a veteran a soldier for example or a pirate I don't know so what could we do here well it could be that they saw a vet with the telescope the vet owns the telescope could also beam that they saw that vet with their own telescope and finally it could also be that they saw a vet they went with doctor's office and apparently that doctor had a telescope so okay try to parse that it's pretty tricky for humans it's fairly easy if you have enough context so let's look at some more challenges that we have to face in doing an LP languages matter most people speak more than one language and not many people speak only their standard variety people mix and match languages every on every day basis and we have to consider that context matters if we see that vet we know whether it's a soldier better it's a doctor or whether it's something completely different data matters both in terms of privacy and in terms of the data that we use and the corporate if you use for NLP and we need to be very aware of the fact that the data that we use to train our systems has an impact on what we are able to do and also on the results that we get and finally hidden biases matter and that could be a translation system that judges gender based on job titles that could be a sentiment analysis system that judges sentiment based on names an
d has maybe a racial stereotype inbuilt and these are all things that we see in these systems that we have available currently so if you have all of these issues what could be potential challenges well first of all it could be just bad user experience you talk to your Alexa Alexa doesn't understand you because you are not a old white men on which the data has been trained right that could be a case but it could also be that the assistants generate false and potentially dangerous results and conclusions and that could be an actual problem maybe just for business cases but essentially also from an ethical standpoint this could be really a really big issue also we have a marginalization of languages and speakers because for some reason we still equate natural language with English in most models that we have our English some were German and depending on how many speakers of language has but rather on how much money the speakers of that language have the models are better or worse that's a sad state in which we are in and lastly many of these models are reproducing and reinforcing social norms and stereotypes and we have to be extremely aware that this is half and that this could be or is an actual issue that we are facing an everyday basis so what can we do well we should at least consider these things and we should try to build language models that are aware of these issues and we should try to think back to include context into our models and we should be aware of the fact that there is not just English but there are many languages and that most people speak more than one language and we have to consider that and then it's maybe unfair for someone to force them to just use one language instead of all the languages that they have available and that's basically that a call to action solutions are very hard but language is very hard and we have to embrace that complexity if we really want to do natural language processing in a way that is not just future-proof but that
is also fair in terms of stereotypes and it is fair in terms of treating people as who they are and as in terms of the languages that they speak and in terms of the languages that they want to speak thank you thank you next up this rebuild heck a better probing programming language so hi yeah we heard a lot of languages now so if we want to build drivers or process natural languages I think programming with programming languages are serving us very well and the more and more become a tool so we not only instruct computers what they have to do but we also express our ideas and understandings of the world in programming languages so I think even though languages are good we can do much better so that the rebuild language project we want to hack a better programming language and so what's our goal it has to be at least as fast a seed we want to have fun so we skip all the legacy and one of the major goals is we want to make it more accessible so we want to include everybody want to make them able to hack and what are the concepts now so I cannot express or convince you in five minutes what the programming language or what the project is about we have a lot of ideas we have very high motivation and the only good thing is we have persistence so we keep on so what I don't want to do is I want to set a hackable programming language in contrast to commercial programming languages and also academic languages so they have a certain valid concept but I think getting a hacker perspective into that language realm is really important so we have to use our weaknesses as strengths and keep it stupid simple that's the main Hecker cultural thing and we also keep it hackable so hackable really means for example we want to have translatable error messages or Diagnostics there are not only processed by humans but also by tools so it is very easy to do but almost no programming language to be used today das said now to one of the more involved concepts I am experimenting with today so th
e main concept now is to use compile time code execution as a main driver for the language so if we have said when we can basically replace everything else for example we can skip all the keywords so we can make the program language more accessible because everybody can place their own keywords however they wanted in the language they need the language they know so it's more accessible for people who don't speak English or kids who cannot speak English yet so they want to learn programming and learn new concepts so the other thing is when you have no keywords how do we do anything in the language then so the main idea right now is to have an interactive compiler API so what you do basically is when the program compiles you talk to your compiler please do declare a variable create a function make it class whatever there is need to communicate to the compiler so instead of using a keyboard for that you just call an API at compile time and the compiler does what you request them to do so these are main ideas I'm experimenting right now but they're a lot more involved so my ideas we I want to explore and that's basically the call to action here help me help hackers created more accessible programming image thank you for your attention you can find the experiments at github and I was also created an hour C repository where request for comments I try to write down ideas and then explore them in the real compiler and if you don't want contribute and code or ideas then you can at least follow our github or Twitter account we build lang and thank you for your attention thank you alright then next up this open cultural data is out there hello it's been here oh it's mine the guys honk mine enthusiast most people of Nakuru Otterton MIT euch to tie an unnoticed Fela I'm such taking mateesah pacaya strong feeling for noise Estill district and does Museum periodic achiever vet vite yo Sam Lowman in walk validate on sister Marta Shin hos mum Fang digital easy on when feel attuned u
s all thus the same sky flesh on a mouth - nish dishearten na cannot straighten curtain de Becque its nation-building newer Ong Mira can also a signature dish land cotton tougher fluke parts - sets tri-dimensional object from scoop - on moons and own so vital hunch lift your window they are thousand the idea midfield for shittin in heightened the house coveted friends window seat off spec stems I was giving a test we hadn't curtain listen to audio video material in truvizion shaft is improvisation 9 tens film verse of Emma and Visigoths iron shots verse one decent cool and wish to Minh how bout on the right which don't feel it - Cindy signing outside no ahsoka masters this baton in digit on vitrine dog estate Wharton demon or uncountable soon iam and I saw that these are iron rich woman a PE super freak instead evil demon the tartan - conversion candy Totten often chosen men for up I think inhibitors Metropolitan Museum of New York or the Rijksmuseum in Amsterdam Stan I can RPS provide evil demon demon Sam lumen complete a father Monmouth diagnosed software for Abidin can Fela anti-english - Manabe sets in our institution Ganesha RPE sign it was also obvious and attacked us in the over EPM - each turn order si UD no of XML HTTP posse on madonna by sri spices international image interoperability framework triple ifs of jason jason a deeper wood as well as this link data alice Iseman kindness of the equipment and on dark van info been don't bring a node is a tartan benign and often etson everybody now speed the table i FG mukesh kites debated and direction amish up to Fargas mission model completing horse and builder to the scenes on on somebody's an ikemen web and vendor and new house network line out of a high intensity shown in builds of on detect scene second script on irish feel the venom internet on sharp minor present at zone and recent so of cobalt tascioni link some long is indecent some indicia chasm to vet the cuatro tartan he nine short he washe was wise a
nd power and fangs links Amish multiply F to be shifting on the others internet archive the system initial filtration albumin fended as evil different tests over can perturb YF of up key fact we hadn't went through terrible in our scriptures of either footprint whispers voiceover piano or the literature digital people you take it and no Enma of victims people - tour even the thought and Dimetrodon days are long and ratio pound amoeba IP is archived former mosque animation cartoon pharmacist consign father thus direct after handling the vieja natural teeth on iphone android sighing or invito superzoom Martin man Canova oh no tools reacts are from kunst past year and also Koontz had sustained order designs to interfere from the artisan carving G after Heidegger mind files in order some innocence creative comments let sincere to dart and provide Castelli ardent Sabha and and also good karma naturally artificial intelligence method and machine learning event on Noah Const technician Ariane so lassen wits again random insertion and staffed we were fucking Heights infamy and I just can't man with isn't that mathematician Jetson point and Goethe merkulov kite of yours into must be decoding da Vinci hackathons decide Anakin's that fin Kudo English German Spanish will say shoot is a hackathon startin the height and our Tower huffed and into a theater mentioned the chef's dream it isn't art and shaft nor an vendôme and earned kunst and when doin sinful eating Ashfield of us of a moment i Mattoon can in him to some hang the anguish mystery of Maxim kite Shaw feelings cannot go from where nonsense can thank you
[Applause]
so if you want your slides to be available for the speakers please upload them in the submission system as a resource then everybody can see them they are public and can be downloaded so we're gonna have our last talk for this session I'm sorry for the waiting list people we are back on time and don't really have space for another talk so I'm sorry but maybe see you next year so this is the last talk kaboom accrual but fair minesweeper I want to talk about a really cool project that I did recently and really enjoy it so this is a minesweeper game you've probably all played minesweeper but just to remind you so this is a game where there's a number and this and this is a number of jacent cells with minds you have to uncover the cells without minds if you hit in mind you die and of course as you know well you can play this game using logic or you can guess and sometimes you even are forced to guess because well because there's like two different possibilities and you cannot just reason about which one is correct so this sucks a bit I would say so recently I had an idea so what if the computer cheated so you might not know this but the default Windows minesweeper already cheats so you know how it's never the first mind the first score is never a mind so if you play somewhere and it would be a mind that the computer moves the mind around and basically invents a new placement for you so what if there was never any placement in the first place so there nothing is predefined and when you play we just invent a maximally inconvenient placement for you so basically if a square can contain in mind it will contain you ma mi so you have to be really careful use logic reason and basically prove that a square doesn't contain a mind before playing in a sense you could say that this minesweeper is a full information game that you play against the computer it's like a test for instance so this is how it looks like you have to so on the left you see the cells and you can see that som
e cells are safe these are the dots some are dangerous basically they are guaranteed to contain the mind that's these are exclamation mark and some are question marks so they could there could be in mind there could be there could be empty and you have to play a safe cell if you play the question mark then magically a mind will appear there just because it can and the one exception is that well sometimes you are forced to guess because nothing is safe and then we allow you a guess and basically you can influence your future because wherever you will play whichever question mark you'll play then you will you will uncover an empty square so the implementation looks like this basically we have to consider only the boundary of the revealed cells the outside is not important other than also this total number of my minds much much and at this boundary we just compute all the possibilities using a box rocky Calgary - and combine them so you can see on the right-hand side that some of the squares are guaranteed to have a mind and some kind some a guaranteed empty and some are neither so this was my first implementation but unfortunately it was too slow and yeah this this way you can basically fill up 12 gigabytes of memory and even though the arrangement is supposed to be pretty simple so probably we need something better because as you can see actually the the situation on the board is not so complicated as if you are a human you could probably say a lot about the situation so I decided to use a Sat solver which is basically a tool for mathematically checking is a form if if mathematical formula can be satisfied so on the right you can see such a formula you have three squares there could be 0 or 1 and this sums have too much and basically all our board is a set of formulas that say that well exactly this and of surrounding fields have to be mines or in total there has to be exactly n mines and basically now we can prove things mathematically about the game and I still nee
d to do some tricks to cache the results but overall it's pretty fast it's pretty P playable it will not hunger on you and that's basically is here you can see the game it should work on a computer and also on a mobile system you can enter you can go through this link or even just Google for it the name is kaboom and you can also read a blog post because this is a pretty short talk but actually I had a ton of different adventures developing this game and it was a pretty deep rabbit hole so thank you very much happy playing and I would appreciate any feedback about this thank you all right so this concludes this year's lightning talk sessions thank you all for being here please give a big round of applause for all of the speakers who participated
[Applause]
[Music]