#### The treasure trove of NGI Zero Michiel Leenaars, [NLnet Foundation](https://nlnet.nl) · **36c3** · Leipzig · 2019-12-30 ## Sixty years ago Edsger Dijkstra did his PhD "Communication with an Automatic Computer" at a small math instute in Amsterdam, now called [CWI](https://cwi.nl). ACM: no other individual has had a larger influence on research in principles of distributed computing. ## Thirty years ago ... Stichting NLnet (where I work) formally became a legal entity (a foundation), in an effort to scale up the adoption of the early internet in Europe - after 7 years of informal operations at [CWI](https://cwi.nl) and the [Netherlands Unix User Group](https://nluug.nl). ... scientists and engineers like [Teus Hagen](/people/TeusHagen), [Ted Lindgreen](/people/TedLindgreen), [Jaap Akkerhuis](/people/JaapAkkerhuis) and many volunteers and counterparts from the European UNIX user groups (like Peter Collinson and Keld Simonsen) together built the grass roots computer networks that grew into the European internet. ## At that time ... the world wide web was still a "vague but interesting" proposal inside CERN to manage information If you think surfing hypertext is cool, that's because you haven't tried writing it Tim Berners-Lee Unfortunately, an alternative future unfolded From utopia to dystopia in just 29 [30] short years - (Turing Lecture TBL) Photo  - (Turing Lecture TBL)of Tim Berners-Lee Creative Commons JwsLubbock https://upload.wikimedia.org/wikipedia/commons/d/d6/At_the_Science_Museum_for_the_Web%4030_event%2C_March_2019_23.jpg Photo of Tim Berners-Lee We demonstrated that the Web had failed instead of served humanity, as it was supposed to have done, and failed in many places. The increasing centralization of the Web ended up producing — with no deliberate action of the people who designed the platform — a large-scale emergent phenomenon which is anti-human. I think we can safely assume **"Dijkstra would not have liked this"** # Slight rewind to 1997 As an outsider in a fast growing industry, NLnet Foundation sold all its operations. And dedicated the proceeds to a healthy and open information society. ## The board of the foundation establishes ### a small but global fund for people with great ideas that can improve the internet # Microgrants that allows independent researchers and developers to work on the internet ("for the internet") in the public interest

(always with open standards, open source and open hardware).

Terms of Service Didn't Read


### ...but obviously spending money with no income ends somewhere As an independent grantmaker NLnet needs fresh 'fuel' to continue its work. ### Pay it forward Luckily doing good slowly starts to pays off. For instance, the fine people at security company [Radically Open Security](https://radicallyopensecurity.com) have committed to donating at least 90% of their profits to NLnet - this year 140k, the [single largest donation](/press/20190613-ROS-donation.html) we received ever! So, who knows! Perhaps more people and organisations follow that example... #### Next Generation Internet initiative A major windfall for us was the start of an initiative from the European Commission called the [Next Generation Internet](https://ngi.eu). Next we were lucky enough to be awarded two subgranting programmes (so called Research and Innovation Actions) that let us do what we love most: **support projects** #### We brought along a number of amazing partners And some of the spectacular work (currently over 150 projects, and new ones being added every two months!) we are funding with that is what I'm here to present. ## What is on the menu? ### Apologies upfront I won't be able to cover all of the projects or even do them proper justice - I believe each project would deserve a talk of its own, but you can find more information about all of the projects at [/discovery](/discovery) and [/PET](/PET). Oh, and I will skip extremely cool projects like WireGuard which I presume you already know.

ActivityPub is a decentralized social networking protocol based on the ActivityStreams 2.0 data format. ActivityPub is an official W3C recommended standard published by the W3C Social Web Working Group. It provides a client to server API for creating, updating and deleting content, as well as a federated server to server API for delivering notifications and subscribing to content.

#### ActivityPub in NGI Zero PixelFed is an open source ethical photosharing application. Funkwhale is a personal music server. Spritely is a distributed social network. XWiki will be the first ActivityPub-enabled federating wiki. openEngiadina is a platform for creating, publishing and using open local knowledge. Discourse is a modern open source discussion platform. Librecast wants to enable multicast livestreaming. Beeld en Geluid will contribute to PeerTube to support the availability of large-scale public media collections. Forgefed wants to design a protocol on top of ActivityPub to federate software repositories, issue trackers etc. Fediverse.space lets you know where in the Fediverse you want to be. ### Search Searx is a metasearch engine that will soon have the ability to integrate your own private search domains. Mailpile will integrate your private email search into that, and so will Nextcloud. WebXRay will tell you everything about the trackers you would meet, before you click on search results. The Green Web Foundation will make it possible to elevate search results from ecofriendly hosters.
#### Search ### new stuff ipfs-search.com is a search engine for directories, documents, videos, music on the Interplanetary Filesystem (IPFS). The DAT Foundation is building an accessible set of tools for creating secure community-run and private file storage on the DAT protocol. Sonar is a project to research and build a toolkit for decentralized search on top of the DAT stack. Next Browser is creating a programmable browser with advanced integrated search, also capable of working with DAT, IPFS and ZeroNet.
IPFS Search logo
Dat foundation logo
Next logo
#### More private search and search privacy Transparency Toolkit is data collection, archiving, and analytics software for journalists, activists, and human rights researchers. minedive is an experimental P2P privacy conscious distributed search engine embedden in a browser extension OpenFoodFacts will enable personalised search on top of open data about hundreds of thousands of food products with ingredients, allergens, nutrition facts etc. P2P search pioneer YaCy now aims to create document crawling indexing functionality for everyone, to create equality of arms. NextApps, creators of flexsearch are experimenting with new ranking algorithms in Tantum Search
OpenFoodFacts logo
YaCy logo
flexsearch logo
### Applications and services ## Sylkserver

Sylkserver is an open source conferencing server that can unite different real-time communication protocols: SIP, XMPP and WebRTC. It has ZRTP encryption, in-session uploads, screen sharing and chat too.

Etesync is an end-to-end encrypted, and privacy respecting sync solution for contacts, calendars and tasks with more data types planned for the future.

CryptPad is a secure and encrypted open-source collaboration platform, that allows people to work together online on documents, spreadsheets and other types of documents. ### Cool fundamental stuff ##### Verifpal From the creator of Noise Explorer comes Verifpal, a new approach to making symbolic formal verification of cryptographic protocols something normal people can realistically undertake. Verifpal is intuitive enough to allow students, hackers and engineers to break and make better protocols .

// SPDX-FileCopyrightText: © 2019-2020 Nadim Kobeissi 
// SPDX-License-Identifier: GPL-3.0-only

attacker[active]                               principal Bob[                  
                                               	knows private psk
principal Alice[]                              	knows public c0
principal Protonmail[]                         	knows public null
principal Microsoft[]                          	generates m2
principal Bob[]                                	generates b
                                               	gb = G^b
principal Alice[                               	gab = ga^b
	knows private psk                          	m1b = AEAD_DEC(psk, em1, null)?
	knows public c0                            	em2 = AEAD_ENC(gab, m2, null)
	knows public null                          ]
	generates a
	generates m1                               Bob -> Protonmail: em2, gb
	ga = G^a                                   Protonmail -> Alice: em2, gb
	em1 = AEAD_ENC(psk, m1, null)
]                                              principal Alice[
                                               	gba = gb^a
Alice -> Protonmail: ga, em1                   	m2a = AEAD_DEC(gba, em2, null)?
principal Protonmail[
	knows private j                            queries[
]                                              	confidentiality? m1
                                               	confidentiality? m2
Protonmail -> Microsoft: j, ga, em1            ]

Microsoft -> Bob: j, ga, em1
Reowolf (from CWI!) wants to finally deprecate the insecure BSD-style socket mechanism. OPAQUE Sphinx implements a password Store that Perfectly Hides from Itself (No Xaggeration) and wants to finally get passwords of the wire by combining it with OPAQUE; Androsphinx is creating a mobile app to go with that. GNU Mes is creating a full source bootstrap for any interested UNIX-like operating system, to not have to depend on any large "binary blob" for bootstrapping a system. Robur develops a robust DHCP server and DNS resolver as a MirageOS unikernel, while DHCPCanon is implementing RFC7844 (DHCP Anonymity Profiles).
Reowolf logo
A sphinx
## ARPA2 Middleware may not exite everyone, but the ARPA2 project is trying to tackle some key problems that need an internet-wide solution. Tools include: TLS-KDH meaning TLS enhanced with Kerberos and Diffie-Hellmann. Specifications for HTTP SASL, SXOVER and its Diameter relay. Privacy enhancing middleware for LDAP (LEAF), which allows to do attribute filtering and selectively transforming of LDAP. SteamWorks, which allows for responsive large scale configuration and trust delegation. Lillydap, a library that can be used to easily add LDAP to any application. Advanced Access Control mechanisms that are pseudonym-friendly. And more... ## Autocrypt Autocrypt is a new specification that significantly simplifies key management for end-to-end-encryption of e-mails. In various projects we support new e-mail applications to take onboard this non-obtrusive automatic negotiation of encryption capabilities.
##### Identity Based Encryption + IRMA I Reveal My Attributes make attribute-based credential schemes usable in the real world, allowing users to only disclose a minimum of information you want to share. With Identity Based Encryption you can reliably encrypt a message to someone that does not even know she or he needs a cryptographic key. The combination is of course very interesting. #### Mobile operating systems Replicant is a fully free Android distribution running on several devices, a free software mobile operating system putting the emphasis on freedom and privacy/security.
#### Maemo Leste Maemo Leste is a free Debian/Devuan based GNU/Linux hacker distribution for smartphones and tablets. MEGAphone wants to create a mobile phone simple enough to understand, in order to be rationally **trustworthy**. And fun.
Mobile NixOS aims to get a NixOS system running on mobile devices, e.g. commodity phones. We are also support some GUIX development, but not yet mobile ### Open Hardware Nitrokey is an open source hardware USB key for data encryption and two-factor authentication with FIDO. # Balthazar

Open hardware laptop. RISC-V / OpenPower. Secure, fast, inexpensive, open, robust, upgradeable and sustainable. All of that.

A secure device for your day to day communications. A joint open hardware effort by Bunnie Huang, Sean "xobs" Cross, Tom Marble and others. Featuring a new lean Rust-based OS called Xous, internationalised input and a Matrix client for testing.

## Libre RISC-V System-on-Chip The Libre RISC-V aims to provide a fully libre and open design of mobile-class processor, where not only the source code of the BIOS, bootloader, kernel and Operating System are entirely available, the *hardware defintion* (HDL) source code will be entirely available as well. That includes the GPU (for 3D Graphics), and the VPU (for video decode), as well as full libre-licensed source code for the 3D and VPU drivers. And just for the record, it is also open to OpenPower and MIPS #### Add streaming to Wishbone Systems like the Libre RISC-V System-on-Chip need a ommercial grade System-on-Chip (SoC) bus infrastructure is needed. The main non-encumbered contender, Wishbone, does not currently have a "streaming" capability, which is typically needed for high-throughput data pathes and interfaces, e.g. for video applications and High-Performance Computing (HPC). ## Chips4Makers Chips4Makers aims to develop ASIC production flows compatible with strong libre/reciprocal licensed blocks and using a libre licensed software flow all accessible by consumers without the need of NDA (non-disclosure agreement) or other fine print. ## LibreSilicon

Make full custom ASIC design available to anyone, even private persons without corporate or academic access to IC foundries.

Create a **standard cell library** that can be used, instead of proprietary designs that are only available under NDA. **LibreSilicon Compiler** (LSC) is a place + route suite for silicon, that can produce efficient silicon layouts from digital netlists (e. g. BLIF, EDIF). **Coriolis2** (LSC) is another set of tools for vlsi backend, featuring an analytic placer, a router for digital designs. And fast prototyping capabilities and layout procedural description in Python. And to come back on the pillars of NGI: ### Langsec in Pectore Technology is embedded in concrete, circling in space and is increasingly entering the intimacy of our human bodies. Little did we know that people would be crazy and committed enough to want to design an open hardware **cardiac pacemaker circuit** with an analog/mixed-signal CMOS ASIC, based on a description of the device functionality as formal grammar/automaton based on language security (langsec) design principles. And if you attended Ross Anderson's talk, you know that there have already been recalls for hundreds of thousands of untrustworthy pacemakers ## And a lot more You can find all of the projects and more info at [/discovery](/discovery) and [/PET](/PET).
A big thank you to the European Commission/DG CNECT, who are fueling us for doing these projects. Without their support, we might very well not exist now. NGI Zero is funded through grant agreements No 825310 and 825322 ### And remember All of the projects can use your # HELP Fixing the internet is a huge collaborative effort with loads of interdependencies, and good brains are a critical resource. Quoting Dijkstra: The art of programming is the art of organizing complexity. And there is a lot of complexity to deal with, so come and help out Core work but also bug triaging, packaging, design, usability, advocacy, fundraising, build communities, documentation, translation, etc Most will have opportunities for internships as well as very senior tasks ... ... and lots of ideas for follow up projects ###### And who knows Maybe next year you are together here on stage? # So do you have a great idea or do you know someone who has? Have a look at our open call Go to [/propose](/propose) Let's re-invent Internet to reach the full human potential, for all generations. The tools we use have a profound and devious influence on our thinking habits, and therefore on our thinking abilities. - Edsger Dijkstra And also have a look at the rest of the Next Generation Internet initiative at NGI.eu (but keep uMatrix or similar on) And before Jan 4th, help NGI DAPSI to get on the right track by filling out the survey on https://www.surveymonkey.de/r/32B87HJ # Questions? Spend some money at /donate. Or maybe you want to help with just five minutes of your time? Go to: /help [Español] [English] [Nederlands]