added Tom Marble's slides

[lp17-speaker-slides.git] / Tom-Marble / Fixing-trust-on-the-Internet.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--[if lt IE 7]> <html class='no-js ie6' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]-->
<!--[if IE 7]> <html class='no-js ie7' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]-->
<!--[if IE 8]> <html class='no-js ie8' lang='en' xmlns='http://www.w3.org/1999/xhtml'> <![endif]-->
<!--[if gt IE 8]><!--> <html  lang='en' xmlns='http://www.w3.org/1999/xhtml'> <!--<![endif]-->
<head>
<title>Fixing trust on the Internet</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
<meta name='generator' content='Org-mode'/>
<meta name='author' content='Tom Marble'/>

<link rel='stylesheet' href='deck.js/core/deck.core.css' type='text/css' />
<link rel='stylesheet' href='deck.js/extensions/goto/deck.goto.css' type='text/css' />
<link rel='stylesheet' href='deck.js/extensions/menu/deck.menu.css' type='text/css' />
<link rel='stylesheet' href='deck.js/extensions/navigation/deck.navigation.css' type='text/css' />
<link rel='stylesheet' href='deck.js/extensions/onepage/deck.onepage.css' type='text/css' />
<link rel='stylesheet' href='deck.js/extensions/scale/deck.scale.css' type='text/css' />
<link rel='stylesheet' href='deck.js/extensions/status/deck.status.css' type='text/css' />
<link rel='stylesheet' href='deck.js/themes/style/neon.css' type='text/css' />
<link rel='stylesheet' href='deck.js/themes/transition/fade.css' type='text/css' />
<script src='deck.js/jquery.min.js' type='text/javascript'></script>
<script src='deck.js/core/deck.core.js' type='text/javascript'></script>
<script src='deck.js/modernizr.custom.js' type='text/javascript'></script>
<script src='deck.js/extensions/goto/deck.goto.js' type='text/javascript'></script>
<script src='deck.js/extensions/menu/deck.menu.js' type='text/javascript'></script>
<script src='deck.js/extensions/navigation/deck.navigation.js' type='text/javascript'></script>
<script src='deck.js/extensions/onepage/deck.onepage.js' type='text/javascript'></script>
<script src='deck.js/extensions/scale/deck.scale.js' type='text/javascript'></script>
<script src='deck.js/extensions/status/deck.status.js' type='text/javascript'></script>

<script type='text/javascript'>
  $(document).ready(function () { $.deck('.slide'); });
</script>

<style type='text/css'>
#table-of-contents a {color: inherit;}
#table-of-contents ul {margin-bottom: 0;}
#table-of-contents li {padding: 0;}

#preamble, #postamble {left: 5px; width: 100%;}
#preamble {position: absolute; top: 10px;}
#postamble {}

#title-slide h1 {
    position: static; padding: 0;
    margin-top: 10%;
    -webkit-transform: none;
    -moz-transform: none;
    -ms-transform: none;
    -o-transform: none;
    transform: none;
    font-size: 2em;
}
#title-slide h2 {
    text-align: center;
    border:none;
    padding: 0;
    margin: 5em;
    font-size: 1.2em;
}
.fullscreen {
    position: absolute;
    left: 0px;
    top: 0px;
    width: 100%;
    height: auto;
}
.pad-right {
    margin-right: 1em;
}
.pad-bottom {
    margin-bottom: 3em;
    background: white;
}
.z0 { z-index: 0; }
.z10 { z-index: 10; }
.z20 { z-index: 20; }
table.myable {
  background-color: #ffffff;
  border-collapse: collapse;
  border-width: 2px;
  border-color: #ffcc00;
  border-style: solid;
  color: blue;
}
table.mytable td, table.mytable th {
  border-width: 2px;
  border-color: #ffcc00;
  border-style: solid;
  padding: 3px;
}
table.mytable thead {
  background-color: #ffcc00;
}
table.quiettable, table.quiettable colgroup, table.quiettable tbody, table.quiettable > th, table.quiettable > tr {
  border-style: none;
}
table.quiettable td {
  border-style: none;
  padding: 0 1em;
}
table.quiettable thead {
  border-style: none;
}


</style>
</head>
<body>
<div id='content' class='deck-container'>

<div id='title-slide' class='slide'>
<h1>Fixing trust on the Internet</h1>
<h2>Tom Marble &lt;<a href="mailto:tmarble@info9.net">tmarble@info9.net</a>&gt;</h2>
</div>


<div id="slide-1" class="outline-2  slide">
<h2 id="sec-1">Meta</h2>
<div class="outline-text-2" id="text-1">
</div><div id="slide-1-1" class="outline-3">
<h3 id="sec-1-1">This presentation is <i>already</i> online!</h3>
<div class="outline-text-3" id="text-1-1">
</div><div id="slide-1-1-1" class="outline-4">
<h4 id="sec-1-1-1"><a href="https://info9.net/trust">https://info9.net/trust</a></h4>
<div class="outline-text-4" id="text-1-1-1">
</div><ul class="org-ul"><li><a id="sec-1-1-1-1" name="sec-1-1-1-1"></a>Navigation<br  /><ul class="org-ul"><li><a id="sec-1-1-1-1-1" name="sec-1-1-1-1-1"></a><b>→</b> = forward (swipe right)<br  /></li>
<li><a id="sec-1-1-1-1-2" name="sec-1-1-1-1-2"></a><b>←</b> = back (swipe left)<br  /></li>
<li><a id="sec-1-1-1-1-3" name="sec-1-1-1-1-3"></a><b>g</b> = goto slide<br  /></li>
<li><a id="sec-1-1-1-1-4" name="sec-1-1-1-1-4"></a><b>m</b> = menu of all slides (tap)<br  /></li>
<li><a id="sec-1-1-1-1-5" name="sec-1-1-1-1-5"></a><b>o</b> = one page<br  /></li>
<li><a id="sec-1-1-1-1-6" name="sec-1-1-1-1-6"></a><b>s</b> = scrollbars<br  /></li></ul>
</li>
<li><a id="sec-1-1-1-2" name="sec-1-1-1-2"></a>Source (<a href="https://github.com/cybercode/org-slides">org-mode</a>): <a href="Fixing-trust-on-the-Internet.tar.xz">Fixing-trust-on-the-Internet.tar.xz</a><br  /></li>
<li><a id="sec-1-1-1-3" name="sec-1-1-1-3"></a>Copyright © 2017 Tom Marble<br  /><div class="outline-text-5" id="text-1-1-1-3">
<p>
Licensed under { <a href="https://www.gnu.org/licenses/gpl-3.0.html">GPLv3+</a> | <a href="http://creativecommons.org/licenses/by-sa/4.0/">CC-by-sa 4.0</a> | <a href="https://github.com/copyleft-next/copyleft-next">copyleft-next</a> }
</p>
<table border="none" cellspacing="0" cellpadding="6" rules="groups" frame="hsides" class="quiettable">


<colgroup>
<col  class="left" />

<col  class="left" />

<col  class="left" />
</colgroup>
<tbody>
<tr>
<td class="left"><img src="./images/gplv3-127x51.png" alt="gplv3-127x51.png" /></td>
<td class="left"><img src="./images/CC-by-sa.png" alt="CC-by-sa.png" /></td>
<td class="left"><img src="./images/copyleft-next.png" alt="copyleft-next.png" /></td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
</div>
</div>

<div id="slide-2" class="outline-2  slide">
<h2 id="sec-2">Software Freedom &amp; Trust</h2>
<div class="outline-text-2" id="text-2">
<p>
Software Freedom is essential to trust the core infrastructure
that supports our health, safety, and democracy.
</p>
</div>

<div id="slide-2-1" class="outline-3">
<h3 id="sec-2-1">"We need to have confidence in our software, be able to audit it and be able to repair it when we detect vulnerabilities or unwanted functionality like surveillance."</h3>
<div class="outline-text-3" id="text-2-1">
<p>
&#x2013; Karen Sandler <sup><a id="fnr.1" name="fnr.1" class="footref" href="#references">1</a></sup>
</p>
</div>
</div>
</div>

<div id="slide-3" class="outline-2  slide">
<h2 id="sec-3">Evolution of using software</h2>
<div class="outline-text-2" id="text-3">
</div><div id="slide-3-1" class="outline-3">
<h3 id="sec-3-1">When we gave each computer a name</h3>
<div class="outline-text-3" id="text-3-1">
<p>
$ tar zxf code.tar.gz &amp;&amp; ./configure &amp;&amp; make install
</p>
</div>
</div>
<div id="slide-3-2" class="outline-3">
<h3 id="sec-3-2">When we configured computers automatically</h3>
<div class="outline-text-3" id="text-3-2">
<p>
PXE boot, puppet, apt-get install my-favorite-package
</p>
</div>
</div>
<div id="slide-3-3" class="outline-3">
<h3 id="sec-3-3">When we moved to the cloud</h3>
<div class="outline-text-3" id="text-3-3">
<p>
Use this prebuilt image
</p>
</div>
</div>
<div id="slide-3-4" class="outline-3">
<h3 id="sec-3-4">When we started using containers</h3>
<div class="outline-text-3" id="text-3-4">
<p>
Make slight modifications to a prebuilt image
</p>
</div>
</div>
<div id="slide-3-5" class="outline-3">
<h3 id="sec-3-5">Now we are considering lambda functions</h3>
<div class="outline-text-3" id="text-3-5">
<p>
There isn't an OS image anymore: just a function
</p>
</div>
</div>
<div id="slide-3-6" class="outline-3">
<h3 id="sec-3-6">Most software is installed from the app store</h3>
<div class="outline-text-3" id="text-3-6">
<p>
Just accept the EULA and device permissions
</p>
</div>
</div>
</div>

<div id="slide-4" class="outline-2  slide">
<h2 id="sec-4">Copyleft isn't enough</h2>
<div class="outline-text-2" id="text-4">
</div><div id="slide-4-1" class="outline-3">
<h3 id="sec-4-1">Network services software is not conveyed</h3>
<div class="outline-text-3" id="text-4-1">
<p>
Our FLOSS licenses (including copyleft licenses) depend on conveyance.
</p>
</div>
<div id="slide-4-1-1" class="outline-4">
<h4 id="sec-4-1-1">AGPL</h4>
<div class="outline-text-4" id="text-4-1-1">
<p>
AGPL "fixes" this network loophole, but hasn't been adopted
for wide use in practice other than proprietary relicensing.
</p>
</div>
</div>
</div>
<div id="slide-4-2" class="outline-3">
<h3 id="sec-4-2">What about AI "algorithms"?</h3>
<div class="outline-text-3" id="text-4-2">
<p>
What is the preferred form of modification when software is derived from data (e.g. machine learning)?
</p>
</div>
</div>
<div id="slide-4-3" class="outline-3">
<h3 id="sec-4-3">No one picks a license anyway</h3>
<div class="outline-text-3" id="text-4-3">
<p>
We haven't taught developers to care <sup><a id="fnr.2" name="fnr.2" class="footref" href="#references">2</a></sup>
</p>
</div>
</div>
<div id="slide-4-4" class="outline-3">
<h3 id="sec-4-4">Most software is installed from the app store</h3>
<div class="outline-text-3" id="text-4-4">
<p>
We haven't taught end users to care
</p>
</div>
</div>
</div>

<div id="slide-5" class="outline-2  slide">
<h2 id="sec-5">The fifth freedom</h2>
<div class="outline-text-2" id="text-5">
<p>
Freedom 4: The right to deploy your software on someone else's server
</p>
</div>

<div id="slide-5-1" class="outline-3">
<h3 id="sec-5-1">"Even if you had the source code today you don't know how to increase other people's freedoms by letting them modify your website at runtime. All you have is a bag of tricks that let's people modify your source code and gives them no way to deploy it on your infrastructure."</h3>
<div class="outline-text-3" id="text-5-1">
<p>
&#x2013; r0ml's LCA keynote <sup><a id="fnr.3" name="fnr.3" class="footref" href="#references">3</a></sup>
</p>
</div>
</div>
</div>

<div id="slide-6" class="outline-2  slide">
<h2 id="sec-6">Essential infrastructure requirements</h2>
<div class="outline-text-2" id="text-6">
</div><div id="slide-6-1" class="outline-3">
<h3 id="sec-6-1">Energy</h3>
<div class="outline-text-3" id="text-6-1">
</div><ul class="org-ul"><li><a id="sec-6-1-0-1" name="sec-6-1-0-1"></a>We need energy for computing, yet energy is centralized.<br  /></li>
<li><a id="sec-6-1-0-2" name="sec-6-1-0-2"></a>Smart meters have an API for the utility, not for end users<br  /></li></ul>
</div>
<div id="slide-6-2" class="outline-3">
<h3 id="sec-6-2">Communications</h3>
<div class="outline-text-3" id="text-6-2">
</div><ul class="org-ul"><li><a id="sec-6-2-0-1" name="sec-6-2-0-1"></a>Why isn't there a free phone? It's the proprietary baseband processor.<br  /></li>
<li><a id="sec-6-2-0-2" name="sec-6-2-0-2"></a>Potential in unlicensed spectrum, Software Defined Radio, Cognitive Radio<br  /></li></ul>
</div>
<div id="slide-6-3" class="outline-3">
<h3 id="sec-6-3">Money</h3>
<div class="outline-text-3" id="text-6-3">
</div><ul class="org-ul"><li><a id="sec-6-3-0-1" name="sec-6-3-0-1"></a>Digital forms of money (often) have surveillance opportunities<br  /></li>
<li><a id="sec-6-3-0-2" name="sec-6-3-0-2"></a>Anonymous transactions (e.g. cash) are increasingly difficult<br  /><div class="outline-text-5" id="text-6-3-0-2">
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
</div>
</li></ul>
</div>
</div>
<div id="slide-7" class="outline-2  slide">
<h2 id="sec-7">Peer to peer energy <sup><a id="fnr.4" name="fnr.4" class="footref" href="#references">4</a></sup></h2>
<div class="outline-text-2" id="text-7">

<div class="figure">
<p><img src="./images/nyt-p2p.jpg" alt="p2p" align="center" />
</p>
</div>
</div>
</div>

<div id="slide-8" class="outline-2  slide">
<h2 id="sec-8">Mobile apps</h2>
<div class="outline-text-2" id="text-8">
<p>
<img src="./images/Dont-trust-your-apps.jpg" alt="Dont-trust-your-apps.jpg" class="pad-right" align="left" /> <sup><a id="fnr.5" name="fnr.5" class="footref" href="#references">5</a></sup>
</p>
</div>
</div>

<div id="slide-9" class="outline-2  slide">
<h2 id="sec-9">Where is trust now?</h2>
<div class="outline-text-2" id="text-9">
<p>
<img src="./images/centralized.jpg" alt="centralized.jpg" class="pad-right" align="left" /> <sup><a id="fnr.6" name="fnr.6" class="footref" href="#references">6</a></sup>
</p>
</div>

<ul class="org-ul"><li><a id="sec-9-0-0-1" name="sec-9-0-0-1"></a>Credit Bureaus<br  /></li>
<li><a id="sec-9-0-0-2" name="sec-9-0-0-2"></a>eBay (reputation)<br  /></li>
<li><a id="sec-9-0-0-3" name="sec-9-0-0-3"></a>other walled gardens<br  /><div class="outline-text-5" id="text-9-0-0-3">
<p>
&#x2026;
</p>

<p>
Closed and centralized
</p>
</div>
</li></ul>
</div>

<div id="slide-10" class="outline-2  slide">
<h2 id="sec-10">Shape of the solution (part 1/2)</h2>
<div class="outline-text-2" id="text-10">
<p>
Network service trust API
</p>
</div>

<div id="slide-10-1" class="outline-3">
<h3 id="sec-10-1">☙ Federated corroboration of assertions</h3>
<div class="outline-text-3" id="text-10-1">
<p>
Harder to corrupt
</p>
</div>
</div>
<div id="slide-10-2" class="outline-3">
<h3 id="sec-10-2">☙ Make and query assertions at the app level</h3>
<div class="outline-text-3" id="text-10-2">
<p>
libtrust.so, libtrust.js
</p>
</div>
</div>
<div id="slide-10-3" class="outline-3">
<h3 id="sec-10-3">☙ Transitive with personal vantage point</h3>
<div class="outline-text-3" id="text-10-3">
</div><ul class="org-ul"><li><a id="sec-10-3-0-1" name="sec-10-3-0-1"></a>Deb asserts the software is Free and reproducible<br  /></li>
<li><a id="sec-10-3-0-2" name="sec-10-3-0-2"></a>Chris trusts Deb to certify software<br  /></li>
<li><a id="sec-10-3-0-3" name="sec-10-3-0-3"></a>I trust Chris' software certification assessments<br  /></li>
<li><a id="sec-10-3-0-4" name="sec-10-3-0-4"></a>⇒ I am comfortable installing this software<br  /></li></ul>
</div>
<div id="slide-10-4" class="outline-3">
<h3 id="sec-10-4">☙ Quick transactions</h3>
</div>
</div>

<div id="slide-11" class="outline-2  slide">
<h2 id="sec-11">You think you know what I'm going to say now&#x2026;</h2>
</div>

<div id="slide-12" class="outline-2  slide">
<h2 id="sec-12">13</h2>
<div class="outline-text-2" id="text-12">

<div class="figure">
<p><img src="./images/tm13.png" alt="tm13.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-13" class="outline-2  slide">
<h2 id="sec-13">12</h2>
<div class="outline-text-2" id="text-13">

<div class="figure">
<p><img src="./images/tm12.png" alt="tm12.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-14" class="outline-2  slide">
<h2 id="sec-14">11</h2>
<div class="outline-text-2" id="text-14">

<div class="figure">
<p><img src="./images/tm11.png" alt="tm11.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-15" class="outline-2  slide">
<h2 id="sec-15">10</h2>
<div class="outline-text-2" id="text-15">

<div class="figure">
<p><img src="./images/tm10.png" alt="tm10.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-16" class="outline-2  slide">
<h2 id="sec-16">9</h2>
<div class="outline-text-2" id="text-16">

<div class="figure">
<p><img src="./images/tm09.png" alt="tm09.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-17" class="outline-2  slide">
<h2 id="sec-17">8</h2>
<div class="outline-text-2" id="text-17">

<div class="figure">
<p><img src="./images/tm08.png" alt="tm08.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-18" class="outline-2  slide">
<h2 id="sec-18">7</h2>
<div class="outline-text-2" id="text-18">

<div class="figure">
<p><img src="./images/tm07.png" alt="tm07.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-19" class="outline-2  slide">
<h2 id="sec-19">6</h2>
<div class="outline-text-2" id="text-19">

<div class="figure">
<p><img src="./images/tm06.png" alt="tm06.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-20" class="outline-2  slide">
<h2 id="sec-20">5</h2>
<div class="outline-text-2" id="text-20">

<div class="figure">
<p><img src="./images/tm05.png" alt="tm05.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-21" class="outline-2  slide">
<h2 id="sec-21">4</h2>
<div class="outline-text-2" id="text-21">

<div class="figure">
<p><img src="./images/tm04.png" alt="tm04.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-22" class="outline-2  slide">
<h2 id="sec-22">3</h2>
<div class="outline-text-2" id="text-22">

<div class="figure">
<p><img src="./images/tm03.png" alt="tm03.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-23" class="outline-2  slide">
<h2 id="sec-23">2</h2>
<div class="outline-text-2" id="text-23">

<div class="figure">
<p><img src="./images/tm02.png" alt="tm02.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-24" class="outline-2  slide">
<h2 id="sec-24">1</h2>
<div class="outline-text-2" id="text-24">

<div class="figure">
<p><img src="./images/tm01.png" alt="tm01.png" class="fullscreen" />
</p>
</div>
</div>
</div>
<div id="slide-25" class="outline-2  slide">
<h2 id="sec-25">GPG WoT</h2>
<div class="outline-text-2" id="text-25">
<p>
nah :(
</p>
</div>

<div id="slide-25-1" class="outline-3">
<h3 id="sec-25-1">The GPG Web of Trust asserts identity</h3>
<div class="outline-text-3" id="text-25-1">
</div><ul class="org-ul"><li><a id="sec-25-1-0-1" name="sec-25-1-0-1"></a>The trustdb is private<br  /></li>
<li><a id="sec-25-1-0-2" name="sec-25-1-0-2"></a>Keyservers are not designed for other data<br  /></li></ul>
</div>
<div id="slide-25-2" class="outline-3">
<h3 id="sec-25-2">Using PGP is tricky for us</h3>
<div class="outline-text-3" id="text-25-2">
</div><ul class="org-ul"><li><a id="sec-25-2-0-1" name="sec-25-2-0-1"></a>Choosing algos and signature strengths<br  /></li>
<li><a id="sec-25-2-0-2" name="sec-25-2-0-2"></a>Protecting key material<br  /></li>
<li><a id="sec-25-2-0-3" name="sec-25-2-0-3"></a>Not getting fooled by EVIL-32 <sup><a id="fnr.7" name="fnr.7" class="footref" href="#references">7</a></sup><br  /></li></ul>
</div>
<div id="slide-25-3" class="outline-3">
<h3 id="sec-25-3">Impossibly difficult for end users</h3>
<div class="outline-text-3" id="text-25-3">
</div><ul class="org-ul"><li><a id="sec-25-3-0-1" name="sec-25-3-0-1"></a>Sharing public keys<br  /></li>
<li><a id="sec-25-3-0-2" name="sec-25-3-0-2"></a>Configuring applications properly<br  /></li></ul>
</div>
</div>

<div id="slide-26" class="outline-2  slide">
<h2 id="sec-26">You think you know what I'm going to say NOW&#x2026;</h2>
</div>

<div id="slide-27" class="outline-2  slide">
<h2 id="sec-27">Bitcoin</h2>
<div class="outline-text-2" id="text-27">

<div class="figure">
<p><img src="./images/bitcoin.svg" alt="bitcoin.svg" class="pad-bottom" height="300px" />
</p>
</div>

<p>
In Satoshi Nakamoto we trust! <sup><a id="fnr.8" name="fnr.8" class="footref" href="#references">8</a></sup>
</p>
</div>
</div>

<div id="slide-28" class="outline-2  slide">
<h2 id="sec-28">Hyperledger</h2>
<div class="outline-text-2" id="text-28">

<div class="figure">
<p><img src="./images/logo_hl_new.png" alt="logo_hl_new.png" class="pad-bottom" />
</p>
</div>

<p>
It's hosted by the Linux Foundation. That means it's community friendly&#x2026; rite? <sup><a id="fnr.9" name="fnr.9" class="footref" href="#references">9</a></sup>
</p>
</div>
</div>

<div id="slide-29" class="outline-2  slide">
<h2 id="sec-29">Ethereum</h2>
<div class="outline-text-2" id="text-29">

<div class="figure">
<p><img src="./images/ethereum.png" alt="ethereum.png" class="pad-bottom" />
</p>
</div>

<p>
Companies use it for smart contracts! <sup><a id="fnr.10" name="fnr.10" class="footref" href="#references">10</a></sup>
</p>
</div>
</div>

<div id="slide-30" class="outline-2  slide">
<h2 id="sec-30">Zcash</h2>
<div class="outline-text-2" id="text-30">

<div class="figure">
<p><img src="./images/zcash-logo-gold.png" alt="zcash-logo-gold.png" class="pad-bottom" />
</p>
</div>

<p>
Zooko and Matthew Green <sup><a id="fnr.11" name="fnr.11" class="footref" href="#references">11</a></sup>
</p>
</div>
</div>

<div id="slide-31" class="outline-2  slide">
<h2 id="sec-31">DogeCoin</h2>
<div class="outline-text-2" id="text-31">

<div class="figure">
<p><img src="./images/dogecoin.png" alt="dogecoin.png" class="pad-bottom" />
</p>
</div>

<p>
That's the MEME! <sup><a id="fnr.12" name="fnr.12" class="footref" href="#references">12</a></sup>
</p>
</div>
</div>

<div id="slide-32" class="outline-2  slide">
<h2 id="sec-32">nah :(</h2>
<div class="outline-text-2" id="text-32">
<p>
Wait, why NOT blockchain tech?
</p>
</div>
<div id="slide-32-1" class="outline-3">
<h3 id="sec-32-1">centralized &#x2013; in effect</h3>
<div class="outline-text-3" id="text-32-1">
<p>
Domination by huge mining pools
</p>
</div>
</div>
<div id="slide-32-2" class="outline-3">
<h3 id="sec-32-2">bandwidth limited</h3>
<div class="outline-text-3" id="text-32-2">
<p>
Time to process transactions long and variable
</p>
</div>
</div>
<div id="slide-32-3" class="outline-3">
<h3 id="sec-32-3">transaction fees</h3>
<div class="outline-text-3" id="text-32-3">
<p>
Start to look like PayPal fees
</p>
</div>
</div>
<div id="slide-32-4" class="outline-3">
<h3 id="sec-32-4">a waste of energy</h3>
<div class="outline-text-3" id="text-32-4">
<p>
Brute forcing hashes is bad <sup><a id="fnr.13" name="fnr.13" class="footref" href="#references">13</a></sup> for the environment <sup><a id="fnr.14" name="fnr.14" class="footref" href="#references">14</a></sup>
</p>
</div>
</div>
</div>

<div id="slide-33" class="outline-2  slide">
<h2 id="sec-33">Great barrier reef</h2>
<div class="outline-text-2" id="text-33">
<table border="none" cellspacing="0" cellpadding="6" rules="groups" frame="hsides" class="quiettable">


<colgroup>
<col  class="left" />

<col  class="left" />

<col  class="left" />
</colgroup>
<tbody>
<tr>
<td class="left">not fake news</td>
<td class="left"><img src="./images/reef-death.jpg" alt="reef-death.jpg" /></td>
<td class="left"><sup><a id="fnr.15" name="fnr.15" class="footref" href="#references">15</a></sup></td>
</tr>
</tbody>
</table>
</div>
</div>

<div id="slide-34" class="outline-2  slide">
<h2 id="sec-34">What we need is..</h2>
<div class="outline-text-2" id="text-34">
<p>
What's the essential thing the blockchain solves
</p>
</div>

<div id="slide-34-1" class="outline-3">
<h3 id="sec-34-1">non-repudiation</h3>
</div>
</div>

<div id="slide-35" class="outline-2  slide">
<h2 id="sec-35">Learn by example</h2>
<div class="outline-text-2" id="text-35">

<div class="figure">
<p><img src="./images/mall_logo1_medium-300x286.png" alt="mall_logo1_medium-300x286.png" class="pad-right" align="left" />
</p>
</div>
</div>

<ul class="org-ul"><li><a id="sec-35-0-0-1" name="sec-35-0-0-1"></a>The tire fire that is X.509 <sup><a id="fnr.16" name="fnr.16" class="footref" href="#references">16</a></sup><br  /></li>
<li><a id="sec-35-0-0-2" name="sec-35-0-0-2"></a>MiTM on the internet <sup><a id="fnr.17" name="fnr.17" class="footref" href="#references">17</a></sup><br  /><ul class="org-ul"><li><a id="sec-35-0-0-2-1" name="sec-35-0-0-2-1"></a>4.0% of Firefox update connections<br  /></li>
<li><a id="sec-35-0-0-2-2" name="sec-35-0-0-2-2"></a>6.2% of e-commerce connections<br  /></li>
<li><a id="sec-35-0-0-2-3" name="sec-35-0-0-2-3"></a>10.9% of U.S. Cloudflare connections<br  /></li></ul>
</li></ul>
</div>

<div id="slide-36" class="outline-2  slide">
<h2 id="sec-36">Certificate Transparency</h2>
<div class="outline-text-2" id="text-36">
</div><div id="slide-36-1" class="outline-3">
<h3 id="sec-36-1">Use append-only logs to record certificate signatures <sup><a id="fnr.18" name="fnr.18" class="footref" href="#references">18</a></sup></h3>
<div class="outline-text-3" id="text-36-1">
</div><ul class="org-ul"><li><a id="sec-36-1-0-1" name="sec-36-1-0-1"></a>Early detection of misissued certificates, malicious certificates, and rogue CAs.<br  /></li>
<li><a id="sec-36-1-0-2" name="sec-36-1-0-2"></a>Faster mitigation after suspect certificates or CAs are detected.<br  /></li>
<li><a id="sec-36-1-0-3" name="sec-36-1-0-3"></a>Better oversight of the entire TLS/SSL system.<br  /></li></ul>
</div>
<div id="slide-36-2" class="outline-3">
<h3 id="sec-36-2">Browser support</h3>
<div class="outline-text-3" id="text-36-2">
</div><ul class="org-ul"><li><a id="sec-36-2-0-1" name="sec-36-2-0-1"></a>Chrome <sup><a id="fnr.19" name="fnr.19" class="footref" href="#references">19</a></sup><br  /></li>
<li><a id="sec-36-2-0-2" name="sec-36-2-0-2"></a>Firefox <sup><a id="fnr.20" name="fnr.20" class="footref" href="#references">20</a></sup><br  /></li></ul>
</div>
<div id="slide-36-3" class="outline-3">
<h3 id="sec-36-3">Ongoing concerns and discussion <sup><a id="fnr.21" name="fnr.21" class="footref" href="#references">21</a></sup></h3>
<div class="outline-text-3" id="text-36-3">
</div><ul class="org-ul"><li><a id="sec-36-3-0-1" name="sec-36-3-0-1"></a>RFC 6962 <sup><a id="fnr.22" name="fnr.22" class="footref" href="#references">22</a></sup><br  /></li></ul>
</div>
</div>

<div id="slide-37" class="outline-2  slide">
<h2 id="sec-37">Append-only logs</h2>
<div class="outline-text-2" id="text-37">
</div><div id="slide-37-1" class="outline-3">
<h3 id="sec-37-1">Merkle Trees <sup><a id="fnr.23" name="fnr.23" class="footref" href="#references">23</a></sup></h3>
<div class="outline-text-3" id="text-37-1">
<p>
Tree of hashes, provides log(n) performance
</p>
</div>
</div>
<div id="slide-37-2" class="outline-3">
<h3 id="sec-37-2">eXtended Merkle Signature Scheme (XMSS) <sup><a id="fnr.24" name="fnr.24" class="footref" href="#references">24</a></sup></h3>
<div class="outline-text-3" id="text-37-2">
<p>
Requires maintaining state (not portable)
</p>
</div>
</div>
<div id="slide-37-3" class="outline-3">
<h3 id="sec-37-3">SPHINCS <sup><a id="fnr.25" name="fnr.25" class="footref" href="#references">25</a></sup></h3>
<div class="outline-text-3" id="text-37-3">
<p>
Stateless <sup><a id="fnr.26" name="fnr.26" class="footref" href="#references">26</a></sup>
</p>
</div>
</div>
</div>

<div id="slide-38" class="outline-2  slide">
<h2 id="sec-38">Generic use of append-only logs</h2>
<div class="outline-text-2" id="text-38">
</div><div id="slide-38-1" class="outline-3">
<h3 id="sec-38-1">Trillian <sup><a id="fnr.27" name="fnr.27" class="footref" href="#references">27</a></sup></h3>
<div class="outline-text-3" id="text-38-1">
<p>
Merkle tree based
</p>
</div>
</div>
<div id="slide-38-2" class="outline-3">
<h3 id="sec-38-2">Cothority <sup><a id="fnr.28" name="fnr.28" class="footref" href="#references">28</a></sup></h3>
<div class="outline-text-3" id="text-38-2">
<p>
Multi-party cryptographic signatures to avoid backdoors
</p>
</div>
</div>
<div id="slide-38-3" class="outline-3">
<h3 id="sec-38-3">Codehash <sup><a id="fnr.29" name="fnr.29" class="footref" href="#references">29</a></sup></h3>
<div class="outline-text-3" id="text-38-3">
<p>
A simple oracle that answers a simple question: is this software safe to install and run? <sup><a id="fnr.30" name="fnr.30" class="footref" href="#references">30</a></sup>
</p>
</div>
</div>
</div>

<div id="slide-39" class="outline-2  slide">
<h2 id="sec-39">Challenges</h2>
<div class="outline-text-2" id="text-39">
</div><div id="slide-39-1" class="outline-3">
<h3 id="sec-39-1">Toxic Data</h3>
<div class="outline-text-3" id="text-39-1">
</div><ul class="org-ul"><li><a id="sec-39-1-0-1" name="sec-39-1-0-1"></a>Allow deletion? Possible vulnerabilities in allowing log altering<br  /></li>
<li><a id="sec-39-1-0-2" name="sec-39-1-0-2"></a>Prohibit deletion? Permanent toxicity: no way to be forgotten<br  /></li></ul>
</div>
<div id="slide-39-2" class="outline-3">
<h3 id="sec-39-2">Spam</h3>
<div class="outline-text-3" id="text-39-2">
</div><ul class="org-ul"><li><a id="sec-39-2-0-1" name="sec-39-2-0-1"></a>Open log with arbitrary input data?<br  /></li>
<li><a id="sec-39-2-0-2" name="sec-39-2-0-2"></a>vs. CT only allowing root authorities?<br  /></li></ul>
</div>
<div id="slide-39-3" class="outline-3">
<h3 id="sec-39-3">Astroturfing</h3>
<div class="outline-text-3" id="text-39-3">
</div><ul class="org-ul"><li><a id="sec-39-3-0-1" name="sec-39-3-0-1"></a>Can the network be overwhelmed?<br  /></li>
<li><a id="sec-39-3-0-2" name="sec-39-3-0-2"></a>vs. Is the personal vantage point immune?<br  /></li></ul>
</div>
<div id="slide-39-4" class="outline-3">
<h3 id="sec-39-4">Writing crypto safe code is difficult</h3>
</div>
</div>

<div id="slide-40" class="outline-2  slide">
<h2 id="sec-40">Best Practices</h2>
<div class="outline-text-2" id="text-40">
</div><div id="slide-40-1" class="outline-3">
<h3 id="sec-40-1">Free Software with Complete and Corresponding Source</h3>
</div>
<div id="slide-40-2" class="outline-3">
<h3 id="sec-40-2">Code review</h3>
<div class="outline-text-3" id="text-40-2">
</div><ul class="org-ul"><li><a id="sec-40-2-0-1" name="sec-40-2-0-1"></a>Avoid the OpenSSL problem<br  /></li></ul>
</div>
<div id="slide-40-3" class="outline-3">
<h3 id="sec-40-3">Reproducible builds</h3>
</div>
<div id="slide-40-4" class="outline-3">
<h3 id="sec-40-4">Automated, Continuous integration</h3>
<div class="outline-text-3" id="text-40-4">
</div><ul class="org-ul"><li><a id="sec-40-4-0-1" name="sec-40-4-0-1"></a>static analysis (ASAN)<br  /></li>
<li><a id="sec-40-4-0-2" name="sec-40-4-0-2"></a>coverage<br  /></li>
<li><a id="sec-40-4-0-3" name="sec-40-4-0-3"></a>fuzzing<br  /></li>
<li><a id="sec-40-4-0-4" name="sec-40-4-0-4"></a>tests against threats<br  /></li></ul>
</div>
<div id="slide-40-5" class="outline-3">
<h3 id="sec-40-5">As a developer you do NOT want to be a target</h3>
<div class="outline-text-3" id="text-40-5">
</div><ul class="org-ul"><li><a id="sec-40-5-0-1" name="sec-40-5-0-1"></a>want to do be right by your users<br  /></li>
<li><a id="sec-40-5-0-2" name="sec-40-5-0-2"></a>the checks &amp; balances keep developers from being vulnerable<br  /></li></ul>
</div>
</div>

<div id="slide-41" class="outline-2  slide">
<h2 id="sec-41">Shape of the solution (part 2/2)</h2>
<div class="outline-text-2" id="text-41">
</div><div id="slide-41-1" class="outline-3">
<h3 id="sec-41-1">Research similar work</h3>
<div class="outline-text-3" id="text-41-1">
</div><ul class="org-ul"><li><a id="sec-41-1-0-1" name="sec-41-1-0-1"></a>append-only log alternatives<br  /></li>
<li><a id="sec-41-1-0-2" name="sec-41-1-0-2"></a>Application Transparency<br  /></li>
<li><a id="sec-41-1-0-3" name="sec-41-1-0-3"></a>Binary Transparency <sup><a id="fnr.31" name="fnr.31" class="footref" href="#references">31</a></sup><br  /></li></ul>
</div>
<div id="slide-41-2" class="outline-3">
<h3 id="sec-41-2">Address the Challenges</h3>
</div>
<div id="slide-41-3" class="outline-3">
<h3 id="sec-41-3">Use Best Practices</h3>
</div>
<div id="slide-41-4" class="outline-3">
<h3 id="sec-41-4">Under the umbrella of a fiscal sponsorship organization</h3>
<div class="outline-text-3" id="text-41-4">
</div><ul class="org-ul"><li><a id="sec-41-4-0-1" name="sec-41-4-0-1"></a>Governance review<br  /></li></ul>
</div>
</div>

<div id="slide-42" class="outline-2  slide">
<h2 id="sec-42">Software Freedom Conservancy</h2>
<div class="outline-text-2" id="text-42">
<p>
Why you should support Conservancy:
</p>
</div>

<div id="slide-42-1" class="outline-3">
<h3 id="sec-42-1">🌲 supports diversity and is home to Outreachy <sup><a id="fnr.32" name="fnr.32" class="footref" href="#references">32</a></sup></h3>
</div>
<div id="slide-42-2" class="outline-3">
<h3 id="sec-42-2">🌲 helps hackers: ContractPatch <sup><a id="fnr.33" name="fnr.33" class="footref" href="#references">33</a></sup></h3>
</div>
<div id="slide-42-3" class="outline-3">
<h3 id="sec-42-3">🌲 is a 501(c)3 charity supported by individuals <sup><a id="fnr.34" name="fnr.34" class="footref" href="#references">34</a></sup></h3>
<div class="outline-text-3" id="text-42-3">
</div><div id="slide-42-3-1" class="outline-4">
<h4 id="sec-42-3-1">Please join today!</h4>
<div class="outline-text-4" id="text-42-3-1">
<p>
<a href="https://sfconservancy.org/">https://sfconservancy.org/</a>
</p>

<p>
<b>disclaimer: I'm on the Conservancy Evaluation Committee</b>
</p>
</div>
</div>
</div>
</div>

<div id="slide-43" class="outline-2  slide">
<h2 id="sec-43">Possible first use case: Debian</h2>
<div class="outline-text-2" id="text-43">
<p>
Protect against compromised repositories
</p>
</div>

<div id="slide-43-1" class="outline-3">
<h3 id="sec-43-1">On package publication (by the Debian project)</h3>
<div class="outline-text-3" id="text-43-1">
</div><ul class="org-ul"><li><a id="sec-43-1-0-1" name="sec-43-1-0-1"></a>put package signature into an append-only log<br  /></li></ul>
</div>
<div id="slide-43-2" class="outline-3">
<h3 id="sec-43-2">On package installation (by the user, via apt-get plugin)</h3>
<div class="outline-text-3" id="text-43-2">
</div><ul class="org-ul"><li><a id="sec-43-2-0-1" name="sec-43-2-0-1"></a>verify package signatures with the log<br  /></li>
<li><a id="sec-43-2-0-2" name="sec-43-2-0-2"></a>publish suspicious checksum to an auditor<br  /></li>
<li><a id="sec-43-2-0-3" name="sec-43-2-0-3"></a>option to not install mismatched packages<br  /></li></ul>
</div>
</div>

<div id="slide-44" class="outline-2  slide">
<h2 id="sec-44">Why talk trust at LibrePlanet?</h2>
<div class="outline-text-2" id="text-44">
</div><div id="slide-44-1" class="outline-3">
<h3 id="sec-44-1">Because of the people in this room!</h3>
<div class="outline-text-3" id="text-44-1">
</div><ul class="org-ul"><li><a id="sec-44-1-0-1" name="sec-44-1-0-1"></a>We understand the tech<br  /></li>
<li><a id="sec-44-1-0-2" name="sec-44-1-0-2"></a>We understand why trust matters to end users<br  /></li>
<li><a id="sec-44-1-0-3" name="sec-44-1-0-3"></a>We are the peer reviewers<br  /></li></ul>
</div>
<div id="slide-44-2" class="outline-3">
<h3 id="sec-44-2">Need to reach more than just developers&#x2026;</h3>
<div class="outline-text-3" id="text-44-2">
</div><ul class="org-ul"><li><a id="sec-44-2-0-1" name="sec-44-2-0-1"></a>User experience experts<br  /></li>
<li><a id="sec-44-2-0-2" name="sec-44-2-0-2"></a>Lawyers: How to reprise the "hack on copyright" to protect network services<br  /></li>
<li><a id="sec-44-2-0-3" name="sec-44-2-0-3"></a>Activists: Help end users understand and care!<br  /></li></ul>
</div>
</div>

<div id="slide-45" class="outline-2  slide">
<h2 id="sec-45">Q/A &amp; Where we go from here</h2>
<div class="outline-text-2" id="text-45">
</div><div id="slide-45-1" class="outline-3">
<h3 id="sec-45-1">Call to action: Join the [trust-api] mailing list</h3>
<div class="outline-text-3" id="text-45-1">
<p>
<a href="http://lists.info9.net/mailman/listinfo/trust-api">http://lists.info9.net/mailman/listinfo/trust-api</a>
</p>
</div>
</div>
<div id="slide-45-2" class="outline-3">
<h3 id="sec-45-2">Cuddles asks a question??? <sup><a id="fnr.35" name="fnr.35" class="footref" href="#references">35</a></sup></h3>
<div class="outline-text-3" id="text-45-2">

<div class="figure">
<p><img src="./images/cuddles-qa.jpg" alt="Cuddles" align="center" />
</p>
</div>
</div>
</div>
</div>

<div id="references" class="outline-2  slide">
<h2 id="sec-46">References</h2>
<div class="outline-text-2" id="text-46">
<p>
Footnote references (press 's' for scrollbars)
</p>
<input type="button" value="◁" onclick="window.history.back()"/>
<ol>

<li id="fn:1"> <a href="https://sfconservancy.org/blog/2016/dec/29/software-freedom-after-trump/">https://sfconservancy.org/blog/2016/dec/29/software-freedom-after-trump/</a>

<li id="fn:2"> See 48:35 in r0ml's talk on how the minority of GitHub projects actually have a license:
<a href="https://www.youtube.com/watch?v=i3nJR7PNgI4&feature=youtu.be&t=2915">https://www.youtube.com/watch?v=i3nJR7PNgI4&feature=youtu.be&t=2915</a>

<li id="fn:3"> <a href="https://www.youtube.com/watch?v=i3nJR7PNgI4">https://www.youtube.com/watch?v=i3nJR7PNgI4</a>

<li id="fn:4"> <a href="https://www.nytimes.com/2017/03/13/business/energy-environment/brooklyn-solar-grid-energy-trading.html">https://www.nytimes.com/2017/03/13/business/energy-environment/brooklyn-solar-grid-energy-trading.html</a>

<li id="fn:5"> <a href="http://www.usatoday.com/story/tech/news/2017/03/06/mapping-software-routing-waze-google-traffic-calming-algorithmsi/98588980/">http://www.usatoday.com/story/tech/news/2017/03/06/mapping-software-routing-waze-google-traffic-calming-algorithmsi/98588980/</a>

<li id="fn:6"> <a href="https://archive.fosdem.org/2014/schedule/event/network_freedom/">https://archive.fosdem.org/2014/schedule/event/network_freedom/</a>

<li id="fn:7"> <a href="https://evil32.com/">https://evil32.com/</a>

<li id="fn:8"> <a href="https://bitcoin.org/en/">https://bitcoin.org/en/</a>

<li id="fn:9"> <a href="https://www.hyperledger.org/">https://www.hyperledger.org/</a>

<li id="fn:10"> <a href="https://www.ethereum.org/">https://www.ethereum.org/</a>

<li id="fn:11"> <a href="https://z.cash/">https://z.cash/</a>

<li id="fn:12"> <a href="http://dogecoin.com/">http://dogecoin.com/</a>

<li id="fn:13"> <a href="http://www.abc.net.au/news/2015-10-06/quiggin-bitcoins-are-a-waste-of-energy/6827940">http://www.abc.net.au/news/2015-10-06/quiggin-bitcoins-are-a-waste-of-energy/6827940</a>

<li id="fn:14"> <a href="https://www.bitcoinmining.com/is-bitcoin-mining-waste-electricity/">https://www.bitcoinmining.com/is-bitcoin-mining-waste-electricity/</a>

<li id="fn:15"> <a href="http://www.news.com.au/technology/environment/natural-wonders/before-and-after-great-barrier-reef-photos-expose-shocking-realities-of-coral-bleaching/news-story/527d7599f160532474b27f1ca26fdbfc">http://www.news.com.au/technology/environment/natural-wonders/before-and-after-great-barrier-reef-photos-expose-shocking-realities-of-coral-bleaching/news-story/527d7599f160532474b27f1ca26fdbfc</a>

<li id="fn:16"> Security Now, Epsiode #599
<a href="https://www.grc.com/securitynow.htm">https://www.grc.com/securitynow.htm</a>

<li id="fn:17"> <a href="https://jhalderm.com/pub/papers/interception-ndss17.pdf">https://jhalderm.com/pub/papers/interception-ndss17.pdf</a>

<li id="fn:18"> <a href="https://www.certificate-transparency.org/">https://www.certificate-transparency.org/</a>

<li id="fn:19"> <a href="https://www.thesslstore.com/blog/google-chrome-certificate-transparency-2017/">https://www.thesslstore.com/blog/google-chrome-certificate-transparency-2017/</a>

<li id="fn:20"> <a href="https://www.thesslstore.com/blog/firefox-certificate-transparency/">https://www.thesslstore.com/blog/firefox-certificate-transparency/</a>

<li id="fn:21"> <a href="https://www.ietf.org/mailman/listinfo/trans">https://www.ietf.org/mailman/listinfo/trans</a>

<li id="fn:22"> <a href="https://datatracker.ietf.org/doc/rfc6962/">https://datatracker.ietf.org/doc/rfc6962/</a>

<li id="fn:23"> <a href="https://en.wikipedia.org/wiki/Merkle_tree">https://en.wikipedia.org/wiki/Merkle_tree</a>

<li id="fn:24"> <a href="https://eprint.iacr.org/2011/484.pdf">https://eprint.iacr.org/2011/484.pdf</a>

<li id="fn:25"> <a href="https://sphincs.cr.yp.to/">https://sphincs.cr.yp.to/</a>

<li id="fn:26"> <a href="https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html">https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html</a>

<li id="fn:27"> <a href="https://github.com/google/trillian">https://github.com/google/trillian</a>

<li id="fn:28"> <a href="https://boingboing.net/2016/03/10/using-distributed-code-signatu.html">https://boingboing.net/2016/03/10/using-distributed-code-signatu.html</a>

<li id="fn:29"> <a href="https://github.com/rootkovska/codehash.db">https://github.com/rootkovska/codehash.db</a>

<li id="fn:30"> <a href="https://secure-os.org/pipermail/desktops/2016-November/000143.html">https://secure-os.org/pipermail/desktops/2016-November/000143.html</a>

<li id="fn:31"> <a href="https://github.com/FreeBSDFoundation/binary-transparency-notes">https://github.com/FreeBSDFoundation/binary-transparency-notes</a>

<li id="fn:32"> <a href="https://www.gnome.org/outreachy/">https://www.gnome.org/outreachy/</a>

<li id="fn:33"> <a href="https://sfconservancy.org/blog/?tag=ContractPatch">https://sfconservancy.org/blog/?tag=ContractPatch</a>

<li id="fn:34"> <a href="https://sfconservancy.org/supporter/">https://sfconservancy.org/supporter/</a>

<li id="fn:35"> cuddles: Copyright © 2017 Tom Marble, CC-by-sa 4.0</ol>
</div>
</div>


<!-- Place the following snippet at the bottom of the deck container. -->
<p class="deck-status" aria-role="status">
  <span class="deck-status-current"></span>
  /
  <span class="deck-status-total"></span>
</p>

<!-- Place the following snippet at the bottom of the deck container. -->
<div aria-role="navigation">
  <a href="#" class="deck-prev-link" title="Previous">&#8592;</a>
  <a href="#" class="deck-next-link" title="Next">&#8594;</a>
</div>

<!-- Place the following snippet at the bottom of the deck container. -->
<form action="." method="get" class="goto-form">
  <label for="goto-slide">Go to slide:</label>
  <input type="text" name="slidenum" id="goto-slide" list="goto-datalist">
  <datalist id="goto-datalist"></datalist>
  <input type="submit" value="Go">
</form>

</div>
</body>
</html>