Chaos Computer Club - archive feed

A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabilize the grid, it can potentially also be abused to destabilize it by remotely toggling energy loads and power plants. In this talk, we will dive into radio ripple control technology, analyze the protocols in use, and discuss whether its weaknesses could potentially be leveraged to cause a blackout, or – more positively – to create a city-wide Blinkenlights-inspired art installation. With three broadcasting towers and over 1.3 million receivers, the radio ripple control system by *EFR (Europäische Funk-Rundsteuerung) GmbH* is responsible for controlling various types of loads (street lamps, heating systems, wall boxes, …) as well as multiple gigawatts of renewable power generation (solar, wind, biogas, …) in Germany, Austria, Czechia, Hungary and Slovakia. The used radio protocols Versacom and Semagyr, which carry time and control signals, are partially proprietary but completely unencrypted and unauthenticated, leaving the door open for abuse. This talk will cover: - An introduction to radio ripple control - Detailed analysis of transmitted radio messages, protocols, addressing schemes, and their inherent weaknesses - Hardware hacking and reversing - Implementation of sending devices and attack PoCs - (Live) demonstrations of attacks - Evaluation of the abuse potential - The way forward Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/blinkencity-radio-controlling-street-lamps-and-power-plants/

Seit einigen Jahren hat Stefan von etwa vierzig regulären deutschen (Pop-)Radiosendern die Playlisten gespeichert. Welche Meta-Informationen sich daraus ergeben und welche Abhängigkeiten von Jahreszeiten, Charts und Ereignissen sich abzeichnen, wird in einem unterhaltsamen Vortrag zum Besten gegeben. Große Radiosender stellen die von Ihnen gespielten Lieder zum Nachlesen auf ihrer Homepage bereit. Der Hintergrund dafür ist, dass man leicht sein neues Lieblingsstück, welches man auf dem Weg zur Arbeit gehört hat, wiederfinden kann. Bei näherer Betrachtung werfen diese Playlisten etliche Fragestellungen auf. Werden zum Beispiel den ganzen Tag immer wieder dieselben Lieder gespielt? Spielen alle Radiosender die gleichen Stücke? Was ist der zeitliche Mindestabstand eines Musikstücks, bevor es erneut gespielt wird? Und müssen wir Last Christmas auch in Zukunft ertragen? In dem Vortrag wird auch die Beziehung zwischen den "Charts" und den Playlisten der Radiosender geprüft. Dabei hat sich auch gezeigt, dass die Charts selbst ein spannendes Analysefeld sind. In die Chartberechnungen wurden MP3-Downloads und später Streams aufgenommen und haben dadurch altbewährte Konzepte verändert. Neben diesen Fragestellungen werden von Stefan auch technische Dinge beleuchtet. Die Herausforderungen des Scrapings, das Einfügen in eine geeignete Datenbank, die Auswertung selbst (und mit welchen Tools) sowie die Visualisierung von Ergebnissen werden anschaulich präsentiert. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/radiomining-playlist-scraping-und-analyse/

One of the basic ways we navigate the world is through ‘feelings of structure’ -- our experience of the inner logic of a system or a situation as a tone, a vibe, a mood. I argue that building a technical analogy between ‘feelings of structures’ and autoencoder neural networks lets us construct a kind of theory of vibe: a theory that lets us see how sets of material (/digital) objects express a worldview and vice versa, and that can explain the deep role art plays in expressing, developing, and challenging our understanding of the world. The story I’m hoping to tell builds up to an account of how the aesthetic unity or ‘vibe’ of an artistic work can model the causal-material structure of a lifeworld. On this account, the meaning of an artistic work lies partly in a dense vibe we can sense when we take in the imaginative landscape of the work -- a dense vibe that acts as a structural representation of a looser, weaker vibe present in the real world and teaches us how to feel it. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/feelings-of-structure-in-life-art-and-neural-nets/

Is it possible to do research on health data without violating the privacy of the entire population? The European Health Data Space is on the horizon, and it doesn't look like we can be satisfied with its implementation for now. Health data of all European insurance holders will be collected and retended not only for individual medical care, but also for scientific use. The so-called *secondary use* explicitly refers not only to academic research, but also to for-profit organizations. Not only universities will be able to access the data, but also, for example, the pharma industry and the big data companies such as Apple and Google. Claiming to improve the user experience of their proprietary health apps (anticipatory conjecture by the speakers), the most personal of all data will be placed in hands where it really does not belong to. So are we doomed? We say no! In this presentation, we will show how *probabilistic data structures* can be used to process personal data without compromising the privacy of individuals. We will show the results of a case study with exemplary health data. With this presentation, we want to point out that it is quite possible to give third parties certain access to health data, while preserving privacy for individuals. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/privacy-preserving-health-data-processing-is-possible/

Mit unseren Gästen sprechen wir über Podcasts in der Wissen{schaft}skommunikation, über Ziele und Kriterien – und darüber wieso Reichweite alleine nicht glücklich macht! Melanie Bartos und Bernd Rupp blicken zurück auf das wissenschaftspodcasts.de-Jahr 2024 und sprechen über die Perspektiven, die sich für das Wissenschaftspodcast-Jahr 2025 bereits abzeichnen. Dabei beleuchten wir die Herausforderungen bei der Kuration, die Anmeldezahlen neuer Wissenschaftspodcasts, die Weiterentwicklung der Website sowie den Aufbau und die Betreuung der WissPod-Community. Diese umfasst inzwischen rund 370 Wissenschaftspodcasts mit insgesamt über 28.000 Episoden. Wie immer zeigen wir, wie neue Wissenschaftspodcasts in die Kuration aufgenommen werden, was sie während des Kurationsprozesses erwartet. Wir möchten darüber diskutieren, welche Rolle Reichweite noch spielt und wie sinnvoll es ist, sie als zentrale Größe zu betrachten. Das möchten wir entlang zweier Aspekte tun: Einerseits das Hosting und die langfristige Archivierung von Podcasts, andererseits die Kommunikationswege mit unseren Hörer:innen, wie sie beispielsweise das Fediverse eröffnet. Gemeinsam mit unseren Gästen und dem Publikum vor Ort wollen wir diesen vieldiskutieren Fragestellungen mit der Podcast-Brille etwas auf den Grund gehen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/wisspod-jahresrckblick-2024-oder-reichweite-my-ass/

Geostationäre Satelliten können ein spannendes Hobby sein, von Satellitenpiraterie über Amateurfunksatelliten bis hin zum digitalen Satellitenrundfunk finden sich viele Betätigungsfelder. Was sind geostationäre Satelliten, was macht man damit, und warum hört man auf US-Militärsatelliten auch mal Leute Portugisisch sprechen oder Songs von den Bangles? Das sind nur einige Fragen die ich in diesem kleinen Ritt durch die Nachrichtentechnik der Fernmeldesatelliten beantworten werde. Das ganze mit Illustrationen und realen Beispielen sichtbar gemacht, sowie Praxistipps wie man diese Satelliten auch selbst nutzen kann. Der Vortrag versucht für ein breites Publikum verständlich zu sein und dabei eine Balance zwischen didaktischer Vereinfachung und der korrekten Darstellung von Technologien und Verfahren. Es häufig gezeigt wohin man gehen kann, wenn man mehr wissen will. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/geostationre-satelliten-als-hobby/

The talk introduces technology-driven urban art projects that emphasize public participation and creativity. Each project employs a DIY machine to transform public spaces and create art collaboratively. How were these machines built? How do ideas evolve, and how can creative machines foster community connections? Find the answers and get some inspirations in this entertaining and insightful talk by Niklas a.k.a. royrobotiks. In his talk, Niklas will highlight some of his latest projects that use DIY machines to involve communities in creating art together. From a graffiti robot to a giant mosaic that was designed by an entire neighborhood with the help of a mobile arcade machine, he’ll share the stories behind his inventions. He will discuss his sources of inspiration, the creative process and thoughts about inclusiveness guiding the development of the machines, and the joy of watching diverse people interact with and contribute to these unconventional art pieces. Join Niklas for an insightful journey into how inventiveness can transform urban environments, while also bringing people together through creativity and play. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/vectors-pixels-plotters-and-public-participation/

A trip into party drug trends: Seeking insight among poorly formatted data, media misinformation, repressive laws and risky chemicals Berlin recently launched a public drug checking service — an admirable first for Germany. What can the data unveil? This talk aims to elevate your mental state towards clarity over party drug trends in 2024 by serving a mix of Berlin’s drug testing data – both public and unpublished – with a few potent adulterants: Snazzy info graphics, shoddy code and a bunch of original research. Observe badly copy-pasted tag soup transform into beautiful and impactful open-eye visuals. Watch sales terms purportedly specifying precise chemical formulas exposed as mere smoke and mirrors, and find even names derived from each other labeling vastly different things. See patterns revealed and dots connected, like how an international interplay of both draconian and liberal legal frameworks created a perfect storm of unintended, risky consequences – or on the other hand, how the absence of reliable data creates a breeding ground for the viral spread of irrational fears. See through falsehoods regularly published on these topics in the press. Before this risks turning into a bad trip, find zen with some practical risk management tips and pointers to helpful support services. In less poetic terms, I’ll be covering recent trends regarding these psychoactive substances: Ecstasy & “blue punishers”, cocaine, fentanyl, mephedrone, 3-MMC, 2C-B, “tusi”, “monkey dust” and more. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/binging-on-drug-checking-data/

Du bestellst im Internet? Natürlich bestellst Du im Internet. Aber dieses Mal wird Deine Ware nicht geliefert. Stattdessen sind Dein Geld und Deine Kreditkartendaten nun in China. Das ist BogusBazaar. Wir teilen unsere Einblicke in die Arbeitsweise dieser Bande. In den vergangenen drei Jahren hat allein diese eine kriminelle Organisation, die wir BogusBazaar nennen, auf mehr als 75.000 Domains gefälschte Markenshops aufgesetzt und damit eine Million Bestellungen mit einem Auftragsvolumen von mehr als 50 Millionen USD abgewickelt. Ein ausgeklügeltes und über die Jahre gewachsenes Setup ermöglicht einen reibungslosen Prozess vom Kopieren der originalen Markenläden, über das Aufsetzen gefälschter Webshops und dem Konfigurieren der Produkte, bis hin zum Orchestrieren der Zahlungsinfrastruktur. Wir hatten einen einmaligen Einblick in dieses Setup und in die Arbeitsweise dieser Bande. Neben Kundendaten und Quellcode konnten wir auch Verträge und Dokumentation studieren und mit den Opfern über ihre Erfahrungen sprechen. In diesem Talk berichten wir über die Hintergründe unserer Recherche. [Die Zeit](https://www.zeit.de/2024/21/gefaelschte-online-shops-fake-shops-betrug-china), [The Guardian](https://www.theguardian.com/money/article/2024/may/08/chinese-network-behind-one-of-worlds-largest-online-scams) und [Le Monde](https://www.lemonde.fr/en/pixels/article/2024/05/08/online-scams-behind-the-scenes-of-the-world-s-largest-network-of-fake-online-retailers_6670775_13.html) berichteten. Der Vortrag ist ein Spin-Off aus der Reihe „[Hirne Hacken](https://media.ccc.de/v/36c3-11175-hirne_hacken)" (36C3), „[Hirne Hacken - Hackback Edition](https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edition)“ (37C3) und „[Disclosure, Hack und Back](https://media.ccc.de/v/camp2023-57272-disclosure_hack_and_back)“ (Chaos Communication Camp '23) und will Einblicke in das Handeln von Kriminellen geben, die auch weiterhin aktiv sind. Damit Ihr nicht auf sie hereinfallt. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fake-shops-von-der-stange-bogusbazaar/

Millions of internet users around the world rely on Tor to protect themselves from surveillance and censorship. While Tor-powered applications and the Tor protocol are widely known, the community behind it much less so. This talk will highlight the efforts to maintain a healthy and resilient Tor network, emphasizing the crucial role of a diverse, engaged community of relay operators. We’ll discuss some recent news, the current state of the network, how we determine its health, and the strategies to strengthen its resilience, addressing challenges around sustainability and governance. If you're interested in understanding the inner workings of the Tor network, this talk is for you. This talk is designed to give an overview of Tor's 'new and not-so-new' network health initiatives in response to some of the pressing questions that emerged from the recent reporting about Tor in Germany. After a brief introduction to "Tor," we will primarily focus on issues relating to the Tor network and its community, underscoring the critical importance of distributed trust, transparency, and engagement in maintaining a robust and healthy ecosystem. We will provide a short overview of the fundamental components of the Tor network, detailing the different types of relays that constitute its infrastructure and the role these can have through their lifetime. We will emphasize that the network operates independently of the Tor Project, sustained by a decentralized, global community of contributors. By analyzing network metrics—such as relay distribution across countries and Autonomous Systems (AS)—we will highlight the current state of the network and identify opportunities for increasing geographic and technical diversity. This is followed by an introduction to the concept of network health. We will define the term, assess the current condition of the Tor network, and showcase the different modes of participation. We will primarily consider this through the lens of an 'alleged' over-reliance on relay concentration in specific regions, such as Europe and the United States. These insights will inform a discussion on how a more geographically distributed network could improve resilience, enhance security, and increase overall functionality. The talk will also address the primary challenges facing the Tor network: Sustainability remains a central concern, particularly with regard to maintaining a stable, secure, and decentralized network over time. Additionally, ensuring trust within the community is essential, especially in the face of potential misuse by malicious actors. We will explore the need for incentive structures that encourage the operation of relays while preserving the network’s independence and autonomy. We will review and debate initiatives the Tor Project has proposed to support a decentralized network without imposing centralized control. In response to these challenges, we will propose several potential solutions. Expanding outreach efforts to regions outside the Global North could promote greater diversity in the relay community, thereby strengthening the network’s ability to resist censorship and external threats. We will also examine existing incentive frameworks that support relay operators. Furthermore, we will discuss the success of Snowflake proxies—widely adopted in regions with restrictive internet environments—and how it demonstrates how lowering the barrier to entry for running nodes can encourage broader participation from the community. Finally, we will outline our strategy for ensuring the long-term health of the Tor network, focusing on governance, community engagement, and sustaining the network’s decentralized nature. We will conclude with a call to action, inviting participants to contribute to the continued sustainability and development of the Tor network. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/guardians-of-the-onion-ensuring-the-health-and-resilience-of-the-tor-network/

Erklärung von Amateurfunk und der neuen Prüfung für Neulinge Im Amateurfunk kann ich weltweit und über Satelliten kostenlos Gespräche führen. Dazu darf ich sogar selbstgebaute Empfänger und Sender benutzen. Oder auch einen Computer zur Kommunikation einsetzen. Damit das funktioniert, gibt es ein paar Regeln, die gelernt werden müssen und für die es eine Prüfung gibt. Seit diesem Sommer gibt es für den Amateurfunk in Deutschland eine Prüfung für eine Einstiegs-Klasse. Ich zeige dir, was du für die Prüfung lernen musst. Und was du nach bestandener Prüfung für Neulinge machen darfst, damit du am weltweiten Amateurfunk teilnehmen kannst. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/einstieg-in-den-amateurfunk/

Wir, Steffen & Olli, besprechen in unserem Podcast alles was die Große und Kleine Fliegerei angeht. Wir sind ein aktiver und ein Verkehrspilot im Ruhestand. Hauptthemen: update zu GPS-Spoofing, Flugstrecken in Zeiten von Krisen und Auswirkungen auf die Sicherheit. Ausserdem geht es um aktuelle Vorfälle in der großen und kleinen Luftfahrt. Trotz des vermeintlich ernsten Themas sind wir immer mit Humor dabei! Podcast Webseite: www.comeflywithus.de Wenn ihr Fragen zu dem Thema oder der Sendung habt, gerne platzieren, am besten schon vorab. Uns wird man kurz vorher antreffen können und wir werden nicht zu übersehen sein! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/comeflywithus-podcast/

In 2013, the satellite BEESAT-1 started returning invalid telemetry, rendering it effectively unusable. Because it is projected to remain in orbit for at least another 20 years, recovering the satellite and updating the flight software would enable new experiments on the existing hardware. However, in addition to no access to telemetry, the satellite also has no functional software update feature. This talk will tell the story of how by combining space and computer security mindsets, the fault was correctly diagnosed without telemetry, software update features were implemented without having them to begin with, and the satellite was recovered in September of 2024. In 2009, BEESAT-1 was launched into low earth orbit as the first 1U CubeSat of Technische Universität Berlin. In 2011, the satellite started returning invalid telemetry data. After a short amount of time spent diagnosing the issue, operators switched to the redundant on-board computer, which initially resolved the issue. However in 2013 the issue reoccurred on the second computer. With no other on-board computer available to switch to, operations largely ceased besides occasional checks every few years to see whether the satellite was still responding to commands at all. A recovery of BEESAT-1 back into an operational state was made particularly attractive considering that due to its higher orbit, it is currently estimated to remain in space for another 20 years or more, while many of the other spacecraft of the BEESAT series have since burned up in the atmosphere. Additionally, the spacecraft is equipped with a number of sensors and actuators which were not fully utilized during the primary mission and could be used in an extended mission. However, to fully utilize all the available hardware on the spacecraft, a software update is required. Unfortunately, the software update functionality was not completed at the time of launch and as a consequence is in a nonfunctional state. An alternate solution must be devised. Following an extensive effort that diagnosed the telemetry problem, developed a solution that would remedy both the telemetry problem and allow the upload of new flight software, and implemented this solution on the actual spacecraft in orbit, the satellite was finally recovered into an operational state with the ability to perform a software update in September 2024. This talk will cover the recovery process from beginning to end, including: - A brief overview of how BEESAT-1 works and is operated - Diagnosing the loss of telemetry without access to said telemetry - Engineering a solution to the diagnosed issue, including: - figuring out how to upload new software without a feature intended for that task - establishing a development and testing setup for flight software development years after the original setup was dismantled - developing a patch to enable returning the satellite to an operational state and establish the ability to upload new flight software, while under the constraints posed by the lack of a proper upload method and without compromising the safety of the spacecraft - Implementing this solution on the actual spacecraft in space - A brief look at the current state of the spacecraft and remaining future tasks Along the way, some of the fun and unexpected moments experienced while working with the 15 year old software and hardware will be shared. The talk is likely to be a mix of technical and non-technical. I hope to provide enough context so that you can follow without a background in space systems or computer security. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hacking-yourself-a-satellite-recovering-beesat-1/

Die mittlerweile zerbrochene „Fortschrittskoalition“ hat zuletzt mit dem Bohrhammer Grundrechte abgetragen, als gäbe es einen Preis zu gewinnen. Wer als nächstes das Land regiert, ist offen. Aber progressiver wird es wohl kaum. Warum das keine plötzliche Entwicklung ist und was wir jetzt dagegen tun müssen. Was die Ampel-Koalition kurz vor ihrem Ende noch mit dem sogenannten „Sicherheitspaket“ einführte, davon hätte ein CSU-Hardliner wie Horst Seehofer vor einigen Jahren nur träumen können: Geflüchteten die Sozialleistungen streichen, biometrische Datenbanken anlegen, alle möglichen Datentöpfe zusammenrühren und analysieren. Ein Teil des Pakets scheiterte am Bundesrat - aber nur, weil es den meisten Ländern nicht weit genug ging. So etwas galt noch vor wenigen Monaten als tabu. In einer offenen Demokratie, dachte man, wird so etwas nicht kommen. Doch der autoritäre Überbietungswettbewerb im Namen der Sicherheit ist spätestens seit dem Anschlag von Solingen in vollem Gang. Politiker:innen konnten ein mutmaßlich islamistisches Attentat und Migration miteinander verrühren, als gäbe es da einen logischen Zusammenhang. Im Sturm der rassistischen Hetze und Kontroll-Fantasien waren Stimmen für Freiheits- und Menschenrechte kaum mehr zu hören. Jetzt, wo die Bundestagswahl früher kommt als geplant, ist das besonders fatal. Wir zeigen in unserem Vortrag, dass diese autoritäre Wende nicht plötzlich gekommen ist. Die jüngst geplanten Maßnahmen sind der Tiefpunkt einer Entwicklung, die schon seit Jahren von der Ampel vorangetrieben wurde. Und sie sind der Höhepunkt der Desillusionierung mit einer Regierung, die einst als „Fortschrittskoalition“ angetreten ist. Wir zeigen auch, dass es Zeit ist für radikalere Widerworte. Denn wir müssen unsere Freiheit heute dafür nutzen, dass auch morgen noch etwas davon bleibt. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/autoritre-zeitenwende-im-zeitraffer/

Ever wondered how Cellebrite and law enforcement gain access to encrypted devices without knowing the password? In this talk, we’ll demonstrate how to bypass BitLocker encryption on a fully up-to-date Windows 11 system using Secure Boot. We’ll leverage a little-known software vulnerability that Microsoft has been unable to patch since 2022: bitpixie (CVE-2023-21563). We'll live-demo the exploit, and will walk through the entire process—from the prerequisites and inner workings of the exploit to why Microsoft has struggled to address this flaw. We'll also discuss how to protect yourself from this and similar vulnerabilities. BitLocker is Microsoft’s implementation of full-volume encryption. It offers several modes of operation, but the most widely used is Secure Boot-based encryption. Many consumer and corporate clients use it, and it’s starting to be enabled by default under "Device Encryption" on newer Windows 11 installations. In this mode, the harddrive is encrypted at rest but is automatically unsealed when a legit windows boots, meaning users don't need a separate decryption password. They just have to sign in with their usual user account. Unfortunately, this configuration has been broken for quite a while. Hardware attacks against a dTPM are widely known, but software attacks are possible as well, at least since 2022, when Rairii discovered the bitpixie bug (CVE-2023-21563). While this bug is 'fixed' since Nov. 2022 and publically known since 2023, we can still use it today with a downgrade attack to decrypt BitLocker. In this talk, we'll dive into: - How does Secure Boot work, and what role does the TPM play? - How can Bitlocker leverage the TPM? - How does the bitpixie exploit work? What are PXE boot and BCD? - What are the prerequisites for running this exploit? - How can you protect yourself against it? - Why is it so challenging for Microsoft to fully fix this? - How does this affect Linux secure boot? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/windows-bitlocker-screwed-without-a-screwdriver/

This is the story of the HDCP master key that we derived back in 2010. This is the story of the HDCP master key. How in 2010 we derived it from various public sources and from a bunch of cheapish hardware (and how we made money in the process!), and then published it on pastebin. After that it was just wait-and-see what Intel and the rest of the world would do. With the master key anyone can make source and sink keys that interoperate with any HDCP device. Oh, and how I learnt how to spell "forty". HDCP MASTER KEY (MIRROR THIS TEXT!) This is a forty times forty element matrix of fifty-six bit hexadecimal numbers. To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV. Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key. To generate a sink key, do the same, but with the transposed matrix. 6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9 82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6 1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39 b3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e 2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378 672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d 07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63 1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70 Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/the-master-key/

How can we spark children's interest in coding and tinkering. In this talk we will present the ongoing activities of the Free Software Foundation Europe to get the next generation of Haecksen and Hackers interested in tech, with a focus on diversity. Today it is impossible to imagine daily life without software. The majority of us can’t spend a single day without using it. People use software in the workplace, on laptops, and on mobile phones. Software is also found in less obvious places however: in trains, cars, televisions, washing-machines, fridges, and many other devices. None of these devices could function without software. Without software we couldn’t write e-mails, make phone calls, go shopping, or travel as we are accustomed to. Software is our society’s central tool. How do we ensure that the next generation is motivated and capable of shaping technology for society’s benefits? The Free Software Foundation Europe’s volunteers and staff have interacted with over 1700 children between 6 to 10 years in the past months. Children, especially girls, afterwards were motivated to start experimenting with hardware and software. In the discussions we saw that they realise how crucial technology will be for them. The story of Ada made it into a war hospital with children with disability that felt identified with it as one of the book characters has a 3D printed leg. Furthermore with the FSFE’s coding competition “Youth Hacking 4 Freedom” we gathered experiences working with teenagers who program, tinker, and have fun with software. YH4F has also been a place for diversity during its first three editions. Learn more about the experiences how the FSFE sparks children’s and teenagers interest to tinker, experiment and program. Furthermore you will see how fulfilling those activities can be for yourself. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/let-s-spark-children-s-interest-in-coding/

Der heise security Podcast traut sich raus aus dem gemütlichen Redaktionsstudio und sendet vom 38C3. Zur diesjährigen Congress-Ausgabe hat sich Host Christopher ein paar spannende Themen herausgesucht. Seinen ersten C3 seit zweiundzwanzig Jahren wird er sicher auch mit seinen verklärtern Erinnerungen vergleichen: Wo sind die Wäscheklammern? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/passwort-der-heise-security-podcast-auf-dem-38c3/

Das Lavender-KI-Zielsystem zeigt gut, wie Kriegsautomatisierung aktuell aussieht und was daran falsch läuft. Das Thema „KI in der Militärtechnik“ und die Beziehung zwischen Mensch und Maschine ist seit Jahrzehnten ein theoretisches Thema in der Philosophie, den Sozialwissenschaften und den kritischen Algorithmus-Studien. Doch in den letzten Jahren wurden Waffensysteme mit KI-Komponenten entwickelt und jüngst in bewaffneten Konflikten praktisch eingesetzt. Am Beispiel des KI-gestützten Zielwahlsystem Lavender, das vom israelischen Militär IDF im derzeit laufenden Gaza-Krieg eingesetzt wird, werden die aktuellen Entwicklungen aufgezeigt und in den historisch-technischen Kontext der „Signature Strikes“ der USA in Waziristan (Pakistan) oder Afghanistan gesetzt, sowie konkrete technische Designentscheidungen vorgestellt und kritisch diskutiert. Dabei entstehen auch Fragen von Verantwortungsverlagerung und Rechtsumgehung. Die hier vorgestellten Erkenntnisse beruhen auf einer gemeinsamen Analyse von Expert:innen des Forums InformatikerInnen für Frieden und Gesellschaftliche Verantwortung (FIfF e.V.) zusammen mit der Informationsstelle Militarisierung (IMI e.V.) und der Arbeitskreis gegen bewaffnete Drohnen e.V., die die Praxis der KI-basierten „gezielten Tötung“ wie etwa durch Lavender als Kriegsverbrechen zu ächten sucht. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/der-mythos-der-gezielten-ttung-zur-verantwortung-von-ki-gesttzten-zielsystemen-am-beispiel-lavender/

The global chip shortage during the COVID-19 pandemic brought semiconductor production into focus, sparking accelerated efforts to meet the surging demand for digital infrastructure. This phenomenon not only expanded AI capabilities but also introduced unexpected computational artifacts. One such artifact is the word “arafed”, a term absent from any dictionary yet mysteriously appears across contexts from image prompts to Amazon product descriptions. Such unintended linguistic artifacts, born from transformer-based AI models, exemplify how digital artifacts emerge into realities with which we cohabitate. The talk investigates how supply-chains break and AI-words spread from an artistic research perspective. Mapping both the abstract landscapes of embedding spaces, that are filled with emergent words and images, and the tangible, geopolitical realities of global semiconductor supply chains. The accelerating pace of generative AI has put a strain on the interconnected software and hardware systems necessary for generative AI. The artist duo explores the media specificity of generative artificial intelligence. The talk consists of two parts: The material aspects of AI, specifically the story of semiconductor and chip shortage. And the spread of hallucinations like terms that escaped their embedding space into language. The working of LLMs is often limited by computational power. These obstacles tethered abstract computation to the physical world, exposing how materiality plays a critical role in the implementation of AI. The investigation begins by examining the causes of the chip shortage — a disruption that brought the semiconductor industry and its surrounding geopolitical tensions into discourse. On the hardware level, NVIDIA’s A100 chips, produced using Taiwan’s TSMC 7nm process, exemplify this intersection, providing the power to expand large language models (LLMs) and image generators. On the software level, the increasing demand for ai-as-service accelerates the use of models with complex pipelines. This interconnected use of models, in turn, leads to the emergence of unexpected artifacts that are morphing back into everyday reality. While browsing AI-generated images on social media, one might come across the word "arafed" in image descriptions, such as, "an arafed man in a white robe riding on top of a blue car.". Yet, a dictionary definition is nowhere to be found. An image search for "arafed" reveals something striking: all resulting images appear AI-generated, spread across various image-sharing and stock photography platforms. The term "arafed" seems to lack a clear origin, but a few posts attribute it to the BLIP-2 model, an image-captioning system that generates descriptive text from image inputs. However, the BLIP-2 paper doesn't mention "arafed" but running BLIP-2 clearly produces descriptions containing this artifact-like word, as if "arafed" has embedded itself in the model's vocabulary. Through the widespread and often unintentional use of BLIP-2 in libraries, extensions, and services, the interconnected nature of software has spread the word into research papers, Amazon descriptions, and even other datasets, further revealing the brittle infrastructure generative-ai systems are built upon. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/arafed-futures-an-artist-dialogue-on-chip-storage-and-ai-accelerationism/

Modern high-performance networking APIs on Linux - beyond the classic BSD sockets API. For many decades, application software programmers have been using the venerable BSD sockets API to make their applications communicate over (at least IP based) networks. Linux has supported TCP/UDP sockets ever since it had a network stack back in the 1990s. While those socket system call APIs are simple and straight-forward, they were designed at a time when internet access happened over dial-up modems and LANs had no more than 10 MBit/s, if at all. With today's Multi-Gigabit speeds even in consumer equipment and 40GE/100GE network interface cards for servers being a reality, using those 1980s BSD/POSIX socket interfaces comes with a huge performance penalty. Some specific use cases like single-flow high-throughput TCP on an end-node have seen optimizations that are transparent to the user (TCP segmentation offloading). But there's only so far you can go with that. Parts of the industry have proposed user-space network stacks built on DPDK - but then basically you do no longer use the Linux kernel network stack at all, and subsequently have none of its features. Yes, that can be fast, but Linux becomes nothing but a bootloader, and you have to implement everything from Ethernet to ARP and IP+TCP in your application. The answer of the Linux kernel community over the last 5+ years has been various new mechanisms and interfaces in the Linux kernel that revolutionize the way how applications can achieve higher network I/O throughput - whether an end host (server/client) or a packet-forwarding router/bridge/firewall. This talk provides a brief but deeply technical introduction into the problem space, the new mechanisms and their use cases. While the talk discusses features of the Linux kernel, we do not discuss their internals; the focus is on how those mechanisms can be used by applications. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/iouring-ebpf-xdp-and-afxdp/

After more than 7 years, a small team of hackers and designers in Berlin are about to release the third generation of their Open Hardware laptop family: MNT Reform Next. Here, Lukas "minute" Hartmann will discuss why we need Open Hardware computers, what we learned through trial, error and hardship of designing and hand-assembling over 1000 of them by hand, and how you can claw back some autonomy over your hardware from Big Computer. The talk will illustrate, with many pictures and without holding back, interesting problems and solutions we encountered while creating 3 laptops on shoestring budgets. Aiming to inspire more people to take custom hardware into their own hands, I will quickly walk through the essential tools and methods that you can use to create your own Open Source Hardware computing devices or modifying existing ones, like: - How and why I choose chips and components - How to get them into KiCAD for electronics, and get boards made - Use FreeCAD and OpenSCAD for 3D modeling, and get enclosures made, also from unorthodox materials - Cables, connectors and screws considerations - Firmware and Kernel troubles (designing Hardware for Linux) - Our basics of community participation (GitLab, IRC, Discourse) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/7-years-later-why-and-how-to-make-portable-open-hardware-computers/

Artificial Intelligence is not just an engineering discipline, but also the most fascinating and important philosophical project ever attempted: the explanation of the mind, by recreating it. This part of the series "From Computation to Consciousness" focuses on the nature of the self, agency and identity. When we recognize the paradigm of Artificial Intelligence as a philosophical and scientific framework for understanding the nature of minds like ours, we may begin with an essential question: What does it mean for a machine to feel? How do emotions arise at the intersection between a self and its world—or more precisely, within an a reflexive self model, in response to being dynamically reconfigured by a motivational system, in response to shifts in its alignment to a model of its environment, all within the same mind? This inquiry takes us to the core of our own psychological architecture. Who are we when our self-perception alters? What does it mean to depersonalize, to dissolve the boundaries of the self? Can we reverse engineer, debug and reconstruct our identities to become who we want to be? Is there free will? Is it possible to recreate self and sentience in nonbiological substrates? Can AI be conscious? Could we perhaps even extend our own self to non biological substrates? This presentation is part of the philosophical series “From Computation to Consciousness,” which draws on insights from AI and cognitive science to explore the nature of intelligence, consciousness, and their realization in the physical universe. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/self-models-of-loving-grace/

How is 3DS preservation faring 10 years after the release of the first emulator? What technical obstacles have we overcome, which ones remain? What hidden gems have we discovered beyond games? Join us on a journey through the struggles, the successes, and the future of 3DS emulation! The 3DS marks a key point in the evolution of handheld consoles from embedded systems to more powerful PC-like architectures, which makes it particularly interesting as a target for emulation: We'll look at the technical challenges presented by its unique hardware components and the custom microkernel-based software stack built on top of it, the various approaches taken to emulate them (low-level vs. high-level), and the trends we're seeing for the future. These technical challenges are put into historical context by looking at the emulator Citra, its initial way to success, the interplay between emulator developers and console hackers, and the impact of a prominent lawsuit that ultimately led to Citra's shutdown. Additionally we'll highlight broader community efforts like Pretendo that help preserve the platform beyond emulation. Finally we'll provide a status update for our ongoing emulation project Mikage and discuss the future outlook of 3DS preservation. This talk will be accessible to a technical audience and gaming enthusiasts alike. We particularly hope to spark new interest in preserving the 3DS legacy and foster new ideas for pushing the boundaries of emulation technology. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/10-years-of-emulating-the-nintendo-3ds-a-tale-of-ninjas-lemons-and-pandas/

Wir geben einen Überblick über die Themen, die den Chaos Computer Club 2024 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte und anstehende Diskussionen reden. Von der Ampel über den epa bis zur Chatkontrolle, welche Themen haben den CCC in 2024 auf Trab gehalten? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/der-ccc-jahresrckblick/

Im vergangenen Jahr wurden von uns in fünf kritische Schwachstellen in Endpoint Protection Software entdeckt, die es uns ermöglichen, auf Basis von COM-Hijacking unsere Privilegien auf Windows-Endpunkten zu erweitern. In diesem Vortrag demonstrieren wir, wie COM-Hijacking genutzt werden kann, um Code im Kontext geschützter Frontend-Prozesse auszuführen. Zudem zeigen wir auf, wie COM Hijacking das Vertrauensverhältnis zwischen geschützten Frontend-Prozessen und Backend-Diensten aushebelt um höhere Privilegien (Local Privilege Escalation) auf Systemen zu erhalten. Des Weiteren erklären wir unsere Methodik und Vorgehensweise um solche Schwachstellen zu finden und auszunutzen. Abschließend enthüllen wir Details zu den von uns gefundenen Schwachstellen und diskutieren mögliche Gegenmaßnahmen. COM-Hijacking ist vor allem als Technik bekannt, um auf Windows-Endpunkten Persistenz zu erreichen. In diesem Vortrag stellen wir jedoch eine weniger bekannte, aber äußerst wirkungsvolle Anwendung vor: Wir haben COM-Hijacking eingesetzt, um Code in die geschützten Frontend-Prozesse von Sicherheitsprodukten einzuschleusen. Dadurch konnten wir die Vertrauensbeziehung zwischen diesen Prozessen und den privilegierten Backends ausnutzen und hohe Privilegien auf dem Endpunkt erlangen. In unserem Vortrag erläutern wir detailliert unsere Vorgehensweise zur Identifikation dieser Schwachstellen und stellen die technischen Aspekte der von uns entdeckten Lücken im Detail vor. Im ersten Teil des Vortrags zeigen wir, wie wir mittels COM-Hijacking in der Lage waren, Code im Kontext der geschützten Frontend-Prozesse auszuführen. Im zweiten Teil analysieren wir die Kommunikationsmechanismen zwischen Frontend und Backend und legen offen, wie wir diese Vertrauensverbindung kompromittieren konnten. Abschließend erklären wir verschiedene Techniken, die es uns ermöglichte, unsere Privilegien auf Systemebene erfolgreich zu erweitern und diskutieren Gegenmaßnahmen die ähnliche Schwachstellen verhindern könnten. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs/

Schon die neue Bahncard in der App integriert und dabei erfolglos versucht, dem Tracking auszuweichen? Digitalzwang kostet: Und zwar uns, den Nutzer:innen von Diensten von Unternehmen, Behörden, oder anderen Anbietern (auch du, Deutsche Bahn!). Dabei ist es weniger ein Problem, ob digitalisiert wird, sondern wie. Ich argumentiere, dass mit der fortschreitenden Digitalisierung eine Bringschuld von Anbietern auf die einzelnen Verbraucher:innen übertragen wird. Betroffene von Digitalzwang erfahren dabei höhere Kosten in ihrem Alltag: Sie müssen mehr Geld ausgeben, um einer Datenabgabe zu entkommen, oder brauchen mehr Zeit für Dienstleistungen, weil diese sie ausschließen. Dabei reicht der Rahmen über die vermeintlich Technik-feindlichen Senioren weit hinaus, und betrifft arme, körperlich behinderte, oder Datenschutz-affine Menschen genau so. Digitalcourage hat bereits beim Fireshonks 2022 ein Best-Off ihres Digitalzwangmelders vorgestellt. Ich habe jetzt eine Übersicht aufgebaut, um das Problem zu visualisieren. Durch die Analyse von Forschungsinterviews mit Betroffenen zeige ich, wer von Digitalzwang betroffen ist, in welchen Formen Digitalzwang auftritt, und welche Auswirkungen er auf ihr Leben hat. Dabei zeige ich, dass der Digitalzwang in seinen verschiedenen Facetten mehr ist als nur „unangenehm“: Er wirkt als Brennglas für bestehende Probleme und führt zu Ausgrenzungen und Einschränkungen. Computer können das Leben verbessern. Digitalisierung macht viele Prozesse schneller und leichter umsetzbar, zumindest in der Theorie. Was aber, wenn man gar keinen Zugang zu digitalen Angeboten hat, oder ihn aus Sorge von Datenmissbrauch ausschließen muss? Armut, Behinderung, fehlende Umgangserfahrung oder eine hohe Datenhygiene führen dazu, dass Menschen sich im Alltag einschränken müssen, weil ihnen der Zugang zu einem Gut nicht offen steht. Das geht los bei Rabattaktionen im Supermarkt und geht bis zu Einschränkungen in der Mobilität – die Deutsch Bahn lässt grüßen. Ich zeige, in welchen Bereichen des Lebens Digitalzwang auftritt und wie vielseitig er sich gestaltet. Hierfür habe ich Forschungsinterviews mit Menschen geführt, die sich von Digitalzwang betroffen sehen. Im Gespräch habe ich erfahren, mit welchen Formen des Zwangs sie konfrontiert waren und wie schwer diese Eingriffe waren. Dabei zeigt sich, dass Digitalzwang zwar ein Problem für sich ist, jedoch oft intersektionell wirkt: Armut, Behinderung oder fehlende Bildung werden durch eine exklusive Digitalisierung noch verstärkt. Digitalzwang ist damit nicht nur unangenehm, sondern wird in vielen Fällen zu einem Human Security-Problem. Dieses Konzept geht davon aus, dass Sicherheit nicht nur die Abwesenheit von Gewalt ist, sondern ein Zustand, indem sich Menschen frei entwickeln können. Ein Ausschluss aus einer Gesellschaft oder eine Beschränkung im eigenen Leben wirken diesem Zustand entgegen. Anhand der Beispiele, die ich durch die Interviews gesammelt habe, zeige ich, wie die Auswirkungen von Digitalzwang diese Probleme erzeugen können. Dabei müssen wir uns die Frage stellen, wie wir mit der Digitalisierung umgehen wollen. Um dabei nicht ganz im Pessimismus zu versinken, gehe ich auch auf positive Beispiele ein: Wo wird gut und nutzerfreundlich digitalisiert? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fehlercode-406-request-not-acceptable-digitalzwang-als-human-security-problem/

Navigating The Gray; Hacker's Compass. In an expanding digital world, the lines quickly blur between what's good and what is bad (ethical and not) Without using big complicated words, Ethics are a reference for our action to know good from bad. In this talk we go over a framework of ethics to help predetermine which direction our actions would lead us. This is not a code of ethics saying what is good and what is bad, after all life is somewhere in between, and you do you. This is a more of a measurement tool, like a compass. A hacker's compass, a pocket sized framework of three ethics to triangulate where we are on the gray, and where our actions would take us. Prepared time for Q&A and little discussion after the talk. I would be happy to learn more from other people's experiences and Ideas on this topic. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/navigating-the-grey/

The digital arms race between activists and government spies continues to shift and evolve. Through a series of cases studies, researchers from Amnesty International's Security Lab will share surveillance wins, the ongoing challenges, and the new threats on the digital horizon. Drawing on research by Amnesty International and partners over the past year, we will examine how the digital threats facing activists and journalists continue to evolve and adapt. Progress has been made in reigning in abuses from highly invasive spyware, with vendors going out of business and others being hit by lawsuits and sanctions. The technical arms race between defenders and the exploit industry also shows signs for cautious optimism. However notorious spyware companies, occasionally with active government protection, continue taking steps to block much needed accountability efforts. Amnesty International will also the findings of a brand new investigation into the misuse of surveillance technology. The work for civil society to defend against these threats remains challenging. Surveillance vendors continue to deploy increasing murky webs of brokers and complex corporate structures to hide their activities, although we will show tactics that can be used to map these. The emerging surveillance threats at the intersection of mass surveillance, ad tech, and artificial intelligence are becoming all too real, and surveillance tactics continues to unequally and dangerously impact already marginalized people including woman and LGBTQI activists. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/state-of-surveillance-a-year-of-digital-threats-to-civil-society/

Specifications are enough, they say… 10 years after 31c3's "Funky File Formats" … Have things improved? With so many open-source parsers being tested and fuzzed, and widely available specs, what could go wrong with file formats nowadays ? Nothing to fear, right? Let's explore even darker corners of their landscape! Even extreme simplicity can misleadingly lead to unexpected challenges. And at the other end of the spectrum, new complex constructs appeared over the years: near-polyglots, timecryption, hashquines … Even AI is an element of the game now. Let's play FileCraft, and enjoy the ride! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fearsome-file-formats/

User location information is inherently privacy sensitive as it reveals a lot about us: Where do we work and live? Which cities, organizations & institutions do we visit? How does our weekly routine look like? When are we on a vacation and not at home? MacOS has introduced multiple layers of security mitigations to protect sensitive user location information from attackers and malicious applications over the years — but are these enough? ­­­­­­In this talk, we dive into how attackers could have exploited multiple design flaws, information disclosures and logic vulnerabilities spread all across the macOS stack, leading to all kinds of ways to bypass the macOS TCC Location Services privacy protection and precisely localize the user without consent. We will show how attackers could have retrieved precise real time & historical geographic user locations hiding in various components of the persistence layer, within application state restoration files and error log messages that could be triggered via reliably exploitable HTTP response callback race conditions. Digging deeper, we find that the precise user location can be reconstructed with lossless precision by combining various sources of metadata, which were accessible through different pathways and quirks of the operating system, such as: Access point SSID’s + signal strength data, Apple Maps location query data caches, custom application binary plists and even Find My widget UI structure metadata enabling to precisely reconstruct the victims AirTag locations. These issues have been responsibly reported in the scope of the Apple Security Research program and resulted in 24 CVE entries in Apple’s security advisories for macOS. We will finish of by investigating how we can prevent such issues in the future: Extended automated privacy focused integration testing, shifting responsibility of privacy preservation from developers to the system framework level and a more privacy focused API architecture of localization relevant frameworks. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/macos-location-privacy-red-pill-a-rabbit-hole-resulting-in-24-cves/

Look behind the scenes with filmmaker, inventor, and former Mythbuster Davis DeWitt and learn how Hollywood hackers combine prototyping and art to bring movie magic to life! Through real-world examples, this talk will explore the unique challenges of creating builds for the entertainment industry, from designing prototypes to filming the final sequence and everything in between. Have you ever been asked to build a smoke grenade or blow up a car? With over 8 years of experience in the film industry, Davis is one of the hackers with the skills to accommodate these unusual requests. In this talk, we'll explore several of his favorite builds to highlight how anyone can get started combining art and hardware hacking on their own. From CAD, to 3D printing, microcontroller programming, painting, weathering, cinematography, and more, discover how multiple disciplines blend together to create hacker movie magic! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/prototypes-to-props-how-to-build-and-hack-in-the-film-tv-industry/

We've all heard how important digital accessibility is, at this point. But how does one get started with this complex topic? Let's cover all the techy basics! Software accessibility is important, we all know that by now. In the past years while working as an accessibility consultant, many people have asked me the very same question: How do I get started with this? I'm overwhelmed by all the different resources! Heck, I can't find anything useful! In all fairness, I get you. There's so much fuzz surrounding this. Social workers will feel right at home because of this, but frankly, for us techies, it just doesn't work that way. We would like to know what to do precisely, or at least dive deeper into a topic on our own terms. In this talk, I would like to give a brief overview over what's important only for programmers and where you can educate yourself further. We can do this together! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/software-accessibility-without-the-fuzz/

Gut 1 Mrd. Datenpunkte zu Zugfahrten, wie kann man damit das Zugfahren verbessern? Wir versuchen, die Zuverlässigkeit von Zugverbindungen vor der Buchung zu prognostizieren. Um allen Bahnfahrenden zu helfen, wollen wir auf Basis eines Kriesel-Artigen Datensatz vorhersagen, welche Anschlusszug verpasst wird und welcher nicht. Dafür schauen wir uns die Verspätungsdaten ganz genau an, um prädiktive Faktoren für Verspätungsvorhersagen zu finden. Wir schauen uns ein paar Techniken für kategorische Datentypen an, bauen ein Machine-Learning-Modell und werden dann nachweisen, ob dieses etwas taugt. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/wann-klappt-der-anschluss-wann-nicht-und-wie-sagt-man-chaos-vorher/

An increasing number of countries is implementing algorithmic decision-making and fraud detection systems within their social benefits system. Instead of improving decision fairness and ensuring effective procedures, these systems often reinforce preexisting discriminations and injustices. The talk presents case studies of automation in the welfare systems of the Netherlands, India, Serbia and Denmark, based on research by Amnesty International. Social security benefits provide a safety net for those who are dependent on support in order to make a living. Poverty and other forms of discrimination often come together for those affected. But what happens, when states decide to use Social Benefit Systems as a playground for automated decision making? Promising more fair and effective public services, a closer investigation reveals reinforcements of discriminations due to the kind of algorithms and quality of the input data on the one hand and a large-scale use of mass surveillance techniques in order to generate data to feed the systems with on the other hand. Amnesty International has conducted case studies in the Netherlands, India, Serbia and, most recently, Denmark. In the Netherlands, the fraud detection algorithm under investigation in 2021 was found to be clearly discriminatory. The algorithm uses nationality as a risk factor, and the automated decisions went largely unchallenged by the authorities, leading to severe and unjustified subsidy cuts for many families. The more recent Danish system takes a more holistic approach, taking into account a huge amount of private data and some dozens of algorithms, resulting in a system that could well fall under the EU's own AI law definition of a social scoring system, which is prohibited. In the cases of India and Serbia, intransparency, problems with data integrity, automation bias and increased surveillance have also led to severe human rights violations. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/automated-malfare-discriminatory-effects-of-welfare-automation/

This lecture follows the path of an ex-ballerina through fluid computers, handmade semiconductors, and cosmetic synthesisers. We will tackle the seductive side and hidden narratives of circuitry to natural systems, salty fluids, and minerals and discuss the importance of alternative hardware morphologies. Pirouette Machines. Fluid Components embarks on an intimate visual essay on an alternative history of computer hardware in which minerals, cosmetics and fluids mingle in tactile experiments. A lipstick converted into a strident sound generator resonates through toxic entanglements with one of its main historical ingredients: lead. Following a radioactive decay chain, lead ore or galena is found on our lips and in our early 20th-century technologies such as crystal radio demodulation frenzy. This talk draws parallels between different types of hardware materialities and personal stories surrounding computing components in their use. Starting with the beauty industry, the talk serpents amongst toxic concoctions filled with heavy metals oscillating to become predecessors to the first transistors and their alternative fluidic siblings that use air and water instead of electricity. Fluidics is a technology lost in history. To operate, it requires only simple fluid matter guided by natural phenomena. Much like its mineral counterpart: electronics, fluidics builds circuits for computing. This talk concludes by following the seductive forms that fluidic circuits assume, forms, that can reimagine the morphologies of our current electronic machines. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/pirouette-machines-fluid-components/

My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024. The talk will start with an analysis how exploits, infection vectors and methods of commercial spyware on iOS have changed over time. The second section of the talk is all about advances in detection methods and the forensic sources which are available to discover commercial spyware. This talk will also include a Case Study about the discovery and analysis of BlastPass (one of the latest NSO Exploits). The third part will discuss technical challenges and limitations of the detections methods and data sources. Finally, I will conclude the talk with open research topics and suggestions what Apple or we could technically do to make the detection of commercial spyware better. The commercial spyware landscape on iOS has evolved significantly since the discovery of Pegasus in 2016. In this talk, we’ll explore that evolution through four main areas: 1. Spyware Evolution (2016-2024): By analyzing key exploits, tactics, techniques, and procedures (TTPs), infection vectors, and indicators of compromise (IOCs), we’ll trace how spyware has advanced in sophistication, highlighting changes that have led to today’s complex threats. 2. Advancements in Detection: As spyware has grown more sophisticated, so too have detection capabilities. We’ll review the main actors, public organizations and tools that have shaped spyware detection. This part will also include a case study on my discovery and analysis of a sample NSO‘s BlastPass Exploit chain. 3. Current and Future Challenges: Looking forward, we’ll examine the pressing challenges in spyware detection and speculate on how commercial spyware might evolve in response to new security measures and technologies. 4. Recommendations for Research and Detections: Finally, I’ll offer recommendations for advancing research and detection methods and capabilities to combat commercial spyware. Attendees will gain a comprehensive view of the past, present, and future of spyware on iOS, along with actionable strategies for future research and collaboration. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios/

Manchmal sind es tausende, manchmal sind es zehntausende von Euros, um die vor allem junge Männer aus Deutschland bei Onlinescams betrogen werden. Die Scham ist zu groß, um darüber zu sprechen, schließlich ist „Mann“ selbst schuld daran. Es geht um Erpressung mit Nacktfotos, Liebes-Fallen und zweifelhafte Investments, die auf dem Vormarsch sind. Der Vortrag folgt den Spuren der Täter:innen und enthüllt eine prosperierende Scam-Industrie in Asien, fest in den Händen der chinesischen Mafia. Aus Scham wollte er eigentlich gar nicht darüber sprechen. Sebastian (26 Jahre) flirtet mit einer Unbekannten aus dem Internet, sie schickt ihm Nacktfotos, fragt, ob auch er sich vor der Kamera für sie auszieht. Er fühlt sich geschmeichelt, sie verabreden sich zum Videocall, er masturbiert vor laufender Kamera. Davon werden Screenshots erstellt und eine Männerstimme fordert ihn auf 2.000 Dollar zu bezahlen, sonst würden die Bilder an all seine Instagram Freunde gehen. „Ich habe zu leichtsinnig im Internet vertraut“, sagt er rückblickend. Für viele Betroffene folgen neben der Scham und dem finanziellen Verlust Angstzuständen und Depressionen, immer gepaart mit dem Gefühl großer Hilflosigkeit, weil sich die Spuren im Netz verlieren. Ausgehend von den Opfern folgen wir den Spuren von Onlineverbrechern, bei denen vor allem (junge) Männer ausgenommen werden. Es gelingt uns Kontakt aufzubauen, zu einem der selbst Täter war. „Neo“ nennt er sich: Der junge Chinese war auf ein verlockend klingendes Jobangebot als englisch Übersetzer eingegangen, wurde gekidnapped und in eine sogenannte Betrugsfabrik verschleppt. Er berichtet und belegt mit Fotos sowie zahlreichen Unterlagen, wie in Myanmar entlang der Grenze von Thailand hunderttausende Menschen gefangen gehalten und ausgebeutet werden. Der junge Chinese erzählt von Folter und davon, wie sie dort hunderte Menschen im Internet und am Telefon pro Tag abzocken mussten. „Wer nicht gehorchte, bekam Schläge“, sagt er. NGOs und andere Überlebende berichten von Elektroschocks und einem ausgeklügelten System von Menschenhandel und Ausbeutung. Interpol spricht inzwischen von einer aufsteigenden Industrie, die in der gesamten Region Südostasien an Umsatz inzwischen den Drogenhandel abgelöst hat. Rasante technische Entwicklungen, wie Übersetzungsprogramme, Bots und mit KI generierte Fotos und Videos sorgen dafür, dass sich der Betrug immer weiter globalisiert und nach Deutschland strahlt. "Neo" gelingt es schließlich zu fliehen und hunderte interne Dokumente und Fotos aus der "Betrugsfabrik" heraus zu schmuggeln. Der Talk gibt einen Einblick in diese verborgene Welt. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/erpressung-aus-dem-internet-auf-den-spuren-der-cybermafia/

Eine Vorstellung der Hackspaces Eine Vorstellung der Hackspaces organisiert via wiki at https://events.ccc.de/congress/2024/hub/de/wiki/hackspace-vorstellungen/ Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hackspace-vorstellungen/

Unabhängige Apps für den öffentlichen Nahverkehr stehen häufig vor dem Problem, dass sie durch die vielen separaten APIs der Verkehrsbetriebe eingeschränkt sind, die oft nicht über die vollständigen Daten der anderen Betreiber verfügen. Dies macht es unmöglich, vollständige Routen zu erhalten. In Städten wie Paris ist z.B. die Kenntnis der örtlichen Metro erforderlich, da die verschiedenen Bahnhöfe nicht direkt miteinander verbunden sind. Transitous will dieses Problem auf der Grundlage öffentlich zugänglicher Fahrplandaten lösen. Bestehende Routing-Lösungen aus der Community waren nur für Fahrräder, Autos oder Fußgänger verfügbar. Dadurch blieb den Apps für den öffentlichen Verkehr nur die Möglichkeit, viele verschiedene Betreiber-APIs mit begrenzten Daten zu verwenden. Einige überließen die Wahl der besten API der Nutzer*in oder versuchten, die beste API auf der Grundlage der regionalen Abdeckung automatisch auszuwählen. Dies verhinderte, Verbindungen über größere Entfernungen einschließlich des Nahverkehrs mit einer einzelnen Anfrage finden zu können. Mit neueren freien und quelloffenen intermodalen Routing-Engines wie MOTIS und der zunehmenden Verfügbarkeit von Fahrplänen der öffentlichen Verkehrsmittel im GTFS- und GTFS-RT-Format im Internet wurde es möglich, dieses Problem zu lösen. In diesem Talk wird vorgestellt, was wir bisher erreicht haben und wie das Projekt weiterentwickelt und genutzt werden kann. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/transitous-offener-routingdienst-fr-ffentliche-verkehrsmittel/

Fünf Prozent der Bevölkerung im Alter von 16 bis 74 Jahren in Deutschland sind offline. Dafür gibt es verschiedenen Gründe: Manche wollen nicht ins Netz und manche können nicht. Dennoch gibt es zunehmend auch öffentliche Dienstleistungen nur noch digital. Das wäre kein Problem, wenn gewährleistet wäre, dass alle Zugang zu Geräte, zum Netz und die nötige Unterstützung haben, um die Angebote nutzen zu können. Und wenn wir darauf vertrauen könnten, dass unsere Daten dort sicher sind. Solange beides nicht gegeben ist, darf niemand ausgeschlossen werden, weil der Zugang fehlt. Menschen, die noch immer nicht online sind, sind älter, arm, häufig weiblich, manchmal behindert, sind keine Akademiker*innen oder arbeiten in Jobs, bei denen sie nicht vor Computern sitzen. Aber auch durchaus IT-affine Menschen geraten mal ins Straucheln, wenn der Akku vom Gerät mit dem digitalen Ticket nicht mehr mitmacht oder das Funkloch verhindert, dass die digitale Bahncard aktualisiert werden kann, wenn die Kontrolle kommt. Statt dafür zu sorgen, dass die nötige Infrastruktur läuft und alle die Unterstützung bekommen, die sie brauchen, um die immer anders aussehenden digitalen Behördengänge erledigen zu können, setzt die Bundesregierung auf Zuckerbrot und Peitsche. Es gab Geschenke wie den Kulturpass für 18-Jährige oder eine 200-Euro-Einmalzahlung für Studierende, aber die gab es nur für die, die sie online beantragten. Es wird akzeptiert, dass Post- und Bankfilialen durch Online-Angebote ersetzt werden. Alle, die damit nicht klarkommen, werden höchstens belächelt. Aber das betrifft nicht wenige Menschen, die angesichts dieser Digitalisierung mit der Brechstange im Regen stehen. Sie sind oft so schon auf die eine oder andere Weise benachteiligt und nun durch rein digitale Angebote noch weiter abgehängt. Im Idealfall sollte Digitalisierung das Leben vereinfachen. Tatsächlich trägt diese Digitalisierung zu noch mehr gesellschaftlicher Spaltung bei. Dieser Talk beleuchtet, wen das betrifft und warum, und zeigt Beispiele für Dienstleistungen und Angebote, die nur online zu haben sind – und für die, die keine Skrupel haben angesichts der häufig wenig vertrauenserweckenden Umsetzung. Schließlich wird es auch darum gehen, was nötig wäre, um diese Situation zu ändern. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/digitalisierung-mit-der-brechstange/

Trainierte KI-Modelle sind mächtige Werkzeuge, die in Wissenschaft und Forschung oft für gute Zwecke gebaut werden. Aber wie alle Werkzeuge können sie auch zweckentfremdet werden – in Bereichen, für die sie nicht gedacht waren, in denen sie profitgierigen Interessen dienen und gesellschaftlichen Schaden anrichten. Vor dem Hintergrund des Trends von "open source" AI ist die Gefahr der unkontrollierten Zweckentfremdung von KI-Modellen enorm gestiegen. Wir zeigen: Das Risiko einer missbräuchlichen Sekundärnutzung von für Forschungszwecke trainierten KIs ist aktuell die größte regulatorische Lücke, trotz DSGVO und AI-Act. Zugleich ermöglicht das Zweckentfremden von Modellen die immer weiter wachsende Machtposition von Big Tech. Um das Problem zu bekämpfen, muss das Prinzip "Zweckbindung" für das Zeitalter der KI geupdated werden. Skandale wie die Weitergabe von Forschungsdaten der UK Biobank an Versicherungsunternehmen zeigen ein typisches, aber oft übersehenes Risiko im Zusammenhang mit KI: Modelle und Trainingsdaten, die eigentlich dem Gemeinwohl dienen sollten, werden im Schatten der öffentlichen Aufmerksamkeit, jedoch ohne geltendes Recht zu verletzen, für diskriminierende, manipulative und profitorientierte Zwecke zweitverwendet. Wer etwa in der medizinischen Forschung ein Modell zur Erkennung von psychischen Krankheiten anhand von Audiodaten (Stimmaufzeichnung) baut, kann dieses Modell auch außerhalb des medizinischen Kontexts auf beliebige Individuen anwenden – und zum Beispiel bei Video-Bewerbungsgesprächen ein automatisiertes Risiko Scoring damit machen (unsere Beispiele zeigen, dass daran gerade großes Interesse besteht). Der Besitz trainierter KI-Modelle stellt eine enorme Konzentration von Informationsmacht dar – und mit dieser Macht geht ein Missbrauchspotenzial einher, wenn die Tools z.B. in einen kommerziellen Kontext übertragen werden. Zum Schutz unserer Gesellschaft vor Missbrauch KI-basierter Forschung müssen wir deshalb die Zirkulation trainierter KI-Modelle und anonymisierter Trainingsdaten unter demokratische Kontrolle stellen. Wir brauchen ein Regulierungskonzept, das offene Forschungszwecke ermöglicht und gleichzeitig kommerziellen Missbrauch verhindert. Modelle mit allgemeinem Verwendungszweck wie sie die KI-VO legitimiert, sollte es nicht geben. Als Lösung holen wir das alte, bei der Industrie verhasste und in der Politik fast schon vergessene Datenschutzprinzip der Zweckbindung aus der Mottenkiste und aktualisieren es für die Kontrolle von KI. Unser Regulierungsvorschlag einer "Zweckbindung für KI-Modelle" beruht auf unserer mehrjährigen interdisziplinären Forschung zwischen Ethik, Rechtswissenschaft und Informatik. Background Readings und weitere Infos: <a href="https://purposelimitation.ai">https://purposelimitation.ai</a> Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/gemeinwohlorientierte-forschung-mit-ki-missbrauch-eindmmen-durch-zweckbindung-fr-ki-modelle/

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! 11:00 Opening Lightningtalks 11:05 400kWp Eigenbau-PV als Genossenschaft,mherweg 11:10 The Shadow Life of Endless Pots.Jakob Kilian 11:15 Chaos Sticker Collection,mwarning 11:20 Eurobox,Ledge 11:25 Midimaxe,polygon 11:30 Hamburg Werbefrei - auf zum Volksbegehren!,N. E. Flick 11:35 Reliable Radio Communications,Bernerd DO3RB 11:40 "The Sound Of Data - Turning planets, DNA and stock prices into music",Jonas Scholten 11:45 "Moderne Landwirtschaft ist kaputt, oder?",twe 11:50 Old-School Demo-Effekte mit pyxel,Marco Bakera 11:55 RegretBlocker,Andreas Haupt 12:00 "Satzungsänderung unter Zuhilfenahme von ReStructuredText, Git und Python",adnidor 12:05 Pfandgeben die Plattform zum Pfandspenden,Chris 12:10 GLED,René 12:15 From Pixels to Procedures: An Open Source Design Suite for 2025,Dennis Kobert 12:20 Das bisschen Haushalt - lässt sich nicht gut verteilen,Rici 12:25 Freie Software in Organisationen - Das geht!,Leonard Marschke 12:30 Inside a modern groovebox,dena 12:35 GNU Boot,Denis 'GNUtoo' Carikli 12:40 Functional Safety over Industrial Ethernet - Broken by Design,Nick Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/lightning-talks-day-2/

Windows 10 security updates end on 14 October 2025, KDE's 29th birthday and also, ironically, International E-Waste Day [1] (you cannot make these things up!). Hundreds of millions of functioning devices [2] will become e-waste. This means manufacturing and transporting new ones, which is perhaps the biggest waste of all: hardware production alone can account for over 75% of a device's CO2 emissions over its lifespan. Free Software is a solution, today, and if we work together Windows 10 could truly be the last version of Windows users ever use! In this talk I will present the issue of e-waste and the importance of right-to-repair software, and invite the audience to participate in coordinating a global, unified Free Software campaign over the next year to raise awareness about the environmental harm of software-driven hardware obsolescence, while promoting upgrading users from Windows 10 to GNU/Linux directly. Extending hardware's operating life with Free Software is good for users, and better for the environment. Let's think big and act boldly as a unified community! [0] https://arstechnica.com/gadgets/2024/10/lots-of-pcs-are-poised-to-fall-off-the-windows-10-update-cliff-one-year-from-today/ [1] https://weee-forum.org/iewd-about/ [2] https://www.canalys.com/insights/end-of-windows-10-support-could-turn-240-million-pcs-into-e-waste This is a talk about digital sustainability and the role software plays in hardware longevity. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/opt-green-coordinating-a-windows-10-to-linux-upcycling-campaign-across-free-software-communities-worldwide/

In this talk, an advocate of (un)making, Yoshinari Nishiki, dives into the historical foundation of the concept. Starting from the Maker movement, transitioning to Critical Making, evolving into unmaking, and culminating in (un)making, Yoshinari emphasizes a process defined by the deliberate absence of production, where (un)making itself embodies the act of not producing. Unmaking is a newly emerged term in the fields of HCI and design that references the idea of unlearning. In unmaking, researchers have explored the realms of making beyond the pursuit of plastic perfection: one prominent study investigated the aesthetics found in the processes of decay in 3D-printed objects. In (un)making, however—a variant of unmaking—Yoshinari attempts to step away from production itself while still generating monetary value. As profit-making entities increasingly face pressure to claim—whether superficially or substantially—that they are reducing their environmental impact, the overall trend of relentless production remains largely unchanged and unchallenged. This raises a critical question: can we ever truly stop making? One reason we find it nearly impossible to stop is that the urge to make is deeply ingrained in our nervous systems. While pioneering researchers have begun to explore this issue by moving beyond unlearning to the concept of unmaking, little insight has emerged regarding the dilemma of value creation. Put simply, people cannot stop making things because they need to keep earning. Universal Basic Income (UBI) is not a straightforward solution, as it could further reinforce the monetary logic of resource acquisition. Instead, we need to (re)develop skills to derive benefits from our surroundings with minimal effort. This is precisely what Yoshinari Nishiki is exploring in his engineering PhD on (un)making. However, to address the historical complexities of production, it is essential to revisit the evolution of our modes of making. In this talk, Yoshinari carefully traces the origins of (un)making, from the Maker movement and Critical Making to the emerging concepts of unmaking and (un)making. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/from-critical-making-via-unmaking-towards-un-making/

Zu unserer Freude haben sich in den letzten Jahren immer mehr Junghacker:innen auf dem Congress eingefunden. Daher bieten wir auch diesmal, wie schon in den Vorjahren, einen speziell auf Kinder und Jugendliche zugeschnittenen Junghacker:innentag an. Am zweiten Congresstag, dem 28. Dezember 2024, organisieren Freiwillige aus vielen Assemblies von etwa 10 bis 17 Uhr ein vielseitiges Workshop-Programm für angehende Hacker:innen. Weitere Informationen siehe [https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/](https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/junghacker-innentag-einfhrung/

Simulating the photovoltaic potential of roofs and facades with WebGL and OpenData in real time This talk is a deep dive into the open-source website [openpv.de](https://www.openpv.de/) - prepare yourself for lots of open geodata, physics-based solar irradiance simulation, some shady WebGL code, and insights on how to get funding from the German government for your open-source project. We will look at the available open data of 3D buildings, laser scans, and elevation models from Germany and how we navigated through the jungle of governmental open datasets. Having these valuable datasets allows us to do fancy things - like building a browser-based tool for solar potential simulation. This includes the task of performing physics-based simulation in WebGL, a nice problem we planned to solve in one afternoon but that ended up taking several weekends. In the talk, we also share about the evolution of our project and our experience along the way. We started as a simple free-time project, but evolved and even received public funding from the German Prototype Fund in the end. Come and listen to our talk if you 1. think about installing your own PV system, 2. love open geodata, 3. want to see some fancy 3D simulations in the browser. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/openpv-calculate-the-solar-potential-of-your-building/

Wir zeigen euch die Fnords in den Nachrichten des Jahres. Endlich wieder ein normaler Ausklang fürs Jahr! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fnord-nachrichtenrckblick-2024/

Reticulum is a cryptography-based networking stack for building local and wide-area networks with readily available hardware. Reticulum can continue to operate even in adverse conditions with very high latency and extremely low bandwidth. The vision of Reticulum is to allow anyone to operate their own sovereign communication networks, and to make it cheap and easy to cover vast areas with a myriad of independent, interconnectable and autonomous networks. On this talk we shall present Reticulum, a highly resilient cryptography-based networking stack, that you can use to get out of the shackles of surveillance corporate networks. Reticulum is a tool for building networks. Networks without kill-switches, surveillance, censorship and control. Networks that can freely interoperate, associate and disassociate with each other. Reticulum is Networks for Human Beings. It solves the same problem that any network stack does, namely to get data reliably from one point to another over a number of intermediaries. But it does so in a way that is very different from other networking technologies: - Reticulum does not use source addresses. No packets transmitted include information about the address, place, machine or person they originated from. - There is no central control over the address space in Reticulum. Anyone can allocate as many addresses as they need, when they need them. - Reticulum ensures end-to-end connectivity. Newly generated addresses become globally reachable in a matter of seconds to a few minutes. - Addresses are self-sovereign and portable. Once an address has been created, it can be moved physically to another place in the network, and continue to be reachable. - All communication is secured with strong, modern encryption by default. - All encryption keys are ephemeral, and communication offers forward secrecy by default. - It is not possible to establish unencrypted links in Reticulum networks. - It is not possible to send unencrypted packets to any destinations in the network. - Destinations receiving unencrypted packets will drop them as invalid. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/reticulum-unstoppable-networks-for-the-people/

A Deep Dive into WAP, SMS, monophonic ringtones and 1-bit graphics. A key part of early 2000s advertisements were hyperactive frogs and annoying crocodiles trying to lure people into subscribing to overpriced ringtones and silly graphics for their mobile phones. Apart from shady business practices -- how exactly do you send pictures and ringtones to vintage GSM mobile phones (most of which don't even support TCP/IP)? In our quest to learn more, we stumbled across WAP-Push, User Data Headers, Concatenated SMS, SMPP, User Agent Profiles and many more forgotten technologies. To put all this knowledge to good use, we built Blåmba -- a Chaos ringtone provider, clearly inspired by the (now long defunct) historic ones. Then at Chaos Communication Camp 2023 with the C3GSM network, we had the first public instalment of Blåmba. The Chaos community uploaded lovely artwork and new ringtones, sent patches for the software, and had a fun time reviving their old Nokia phones. This talk will tell the story behind Blåmba, explain how ringtones (and more) made their way onto your phone, what a WAP gateway did, and what other cool tricks mobile phones could do (if you had the money to pay for GPRS traffic 20 years ago). Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/blmba-behind-the-scenes-of-a-2000s-style-ringtone-provider/