PLAY PODCASTS
Chaos Computer Club - archive feed

Chaos Computer Club - archive feed

14,494 episodes — Page 13 of 290

Der Mythos der „gezielten Tötung”. Zur Verantwortung von KI-gestützten Zielsystemen am Beispiel „Lavender“ (38c3)

Das Lavender-KI-Zielsystem zeigt gut, wie Kriegsautomatisierung aktuell aussieht und was daran falsch läuft. Das Thema „KI in der Militärtechnik“ und die Beziehung zwischen Mensch und Maschine ist seit Jahrzehnten ein theoretisches Thema in der Philosophie, den Sozialwissenschaften und den kritischen Algorithmus-Studien. Doch in den letzten Jahren wurden Waffensysteme mit KI-Komponenten entwickelt und jüngst in bewaffneten Konflikten praktisch eingesetzt. Am Beispiel des KI-gestützten Zielwahlsystem Lavender, das vom israelischen Militär IDF im derzeit laufenden Gaza-Krieg eingesetzt wird, werden die aktuellen Entwicklungen aufgezeigt und in den historisch-technischen Kontext der „Signature Strikes“ der USA in Waziristan (Pakistan) oder Afghanistan gesetzt, sowie konkrete technische Designentscheidungen vorgestellt und kritisch diskutiert. Dabei entstehen auch Fragen von Verantwortungsverlagerung und Rechtsumgehung. Die hier vorgestellten Erkenntnisse beruhen auf einer gemeinsamen Analyse von Expert:innen des Forums InformatikerInnen für Frieden und Gesellschaftliche Verantwortung (FIfF e.V.) zusammen mit der Informationsstelle Militarisierung (IMI e.V.) und der Arbeitskreis gegen bewaffnete Drohnen e.V., die die Praxis der KI-basierten „gezielten Tötung“ wie etwa durch Lavender als Kriegsverbrechen zu ächten sucht. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/der-mythos-der-gezielten-ttung-zur-verantwortung-von-ki-gesttzten-zielsystemen-am-beispiel-lavender/

Dec 28, 202446 min

io_uring, eBPF, XDP and AF_XDP (38c3)

Modern high-performance networking APIs on Linux - beyond the classic BSD sockets API. For many decades, application software programmers have been using the venerable BSD sockets API to make their applications communicate over (at least IP based) networks. Linux has supported TCP/UDP sockets ever since it had a network stack back in the 1990s. While those socket system call APIs are simple and straight-forward, they were designed at a time when internet access happened over dial-up modems and LANs had no more than 10 MBit/s, if at all. With today's Multi-Gigabit speeds even in consumer equipment and 40GE/100GE network interface cards for servers being a reality, using those 1980s BSD/POSIX socket interfaces comes with a huge performance penalty. Some specific use cases like single-flow high-throughput TCP on an end-node have seen optimizations that are transparent to the user (TCP segmentation offloading). But there's only so far you can go with that. Parts of the industry have proposed user-space network stacks built on DPDK - but then basically you do no longer use the Linux kernel network stack at all, and subsequently have none of its features. Yes, that can be fast, but Linux becomes nothing but a bootloader, and you have to implement everything from Ethernet to ARP and IP+TCP in your application. The answer of the Linux kernel community over the last 5+ years has been various new mechanisms and interfaces in the Linux kernel that revolutionize the way how applications can achieve higher network I/O throughput - whether an end host (server/client) or a packet-forwarding router/bridge/firewall. This talk provides a brief but deeply technical introduction into the problem space, the new mechanisms and their use cases. While the talk discusses features of the Linux kernel, we do not discuss their internals; the focus is on how those mechanisms can be used by applications. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/iouring-ebpf-xdp-and-afxdp/

Dec 28, 202456 min

arafed futures - An Artist Dialogue on Chip Storage and AI Accelerationism (38c3)

The global chip shortage during the COVID-19 pandemic brought semiconductor production into focus, sparking accelerated efforts to meet the surging demand for digital infrastructure. This phenomenon not only expanded AI capabilities but also introduced unexpected computational artifacts. One such artifact is the word “arafed”, a term absent from any dictionary yet mysteriously appears across contexts from image prompts to Amazon product descriptions. Such unintended linguistic artifacts, born from transformer-based AI models, exemplify how digital artifacts emerge into realities with which we cohabitate. The talk investigates how supply-chains break and AI-words spread from an artistic research perspective. Mapping both the abstract landscapes of embedding spaces, that are filled with emergent words and images, and the tangible, geopolitical realities of global semiconductor supply chains. The accelerating pace of generative AI has put a strain on the interconnected software and hardware systems necessary for generative AI. The artist duo explores the media specificity of generative artificial intelligence. The talk consists of two parts: The material aspects of AI, specifically the story of semiconductor and chip shortage. And the spread of hallucinations like terms that escaped their embedding space into language. The working of LLMs is often limited by computational power. These obstacles tethered abstract computation to the physical world, exposing how materiality plays a critical role in the implementation of AI. The investigation begins by examining the causes of the chip shortage — a disruption that brought the semiconductor industry and its surrounding geopolitical tensions into discourse. On the hardware level, NVIDIA’s A100 chips, produced using Taiwan’s TSMC 7nm process, exemplify this intersection, providing the power to expand large language models (LLMs) and image generators. On the software level, the increasing demand for ai-as-service accelerates the use of models with complex pipelines. This interconnected use of models, in turn, leads to the emergence of unexpected artifacts that are morphing back into everyday reality. While browsing AI-generated images on social media, one might come across the word "arafed" in image descriptions, such as, "an arafed man in a white robe riding on top of a blue car.". Yet, a dictionary definition is nowhere to be found. An image search for "arafed" reveals something striking: all resulting images appear AI-generated, spread across various image-sharing and stock photography platforms. The term "arafed" seems to lack a clear origin, but a few posts attribute it to the BLIP-2 model, an image-captioning system that generates descriptive text from image inputs. However, the BLIP-2 paper doesn't mention "arafed" but running BLIP-2 clearly produces descriptions containing this artifact-like word, as if "arafed" has embedded itself in the model's vocabulary. Through the widespread and often unintentional use of BLIP-2 in libraries, extensions, and services, the interconnected nature of software has spread the word into research papers, Amazon descriptions, and even other datasets, further revealing the brittle infrastructure generative-ai systems are built upon. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/arafed-futures-an-artist-dialogue-on-chip-storage-and-ai-accelerationism/

Dec 28, 20241h 0m

7 Years Later: Why And How To Make Portable Open Hardware Computers (38c3)

After more than 7 years, a small team of hackers and designers in Berlin are about to release the third generation of their Open Hardware laptop family: MNT Reform Next. Here, Lukas "minute" Hartmann will discuss why we need Open Hardware computers, what we learned through trial, error and hardship of designing and hand-assembling over 1000 of them by hand, and how you can claw back some autonomy over your hardware from Big Computer. The talk will illustrate, with many pictures and without holding back, interesting problems and solutions we encountered while creating 3 laptops on shoestring budgets. Aiming to inspire more people to take custom hardware into their own hands, I will quickly walk through the essential tools and methods that you can use to create your own Open Source Hardware computing devices or modifying existing ones, like: - How and why I choose chips and components - How to get them into KiCAD for electronics, and get boards made - Use FreeCAD and OpenSCAD for 3D modeling, and get enclosures made, also from unorthodox materials - Cables, connectors and screws considerations - Firmware and Kernel troubles (designing Hardware for Linux) - Our basics of community participation (GitLab, IRC, Discourse) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/7-years-later-why-and-how-to-make-portable-open-hardware-computers/

Dec 28, 202438 min

Der Schlüssel zur COMpromittierung: Local Privilege Escalation Schwachstellen in AV/EDRs (38c3)

Im vergangenen Jahr wurden von uns in fünf kritische Schwachstellen in Endpoint Protection Software entdeckt, die es uns ermöglichen, auf Basis von COM-Hijacking unsere Privilegien auf Windows-Endpunkten zu erweitern. In diesem Vortrag demonstrieren wir, wie COM-Hijacking genutzt werden kann, um Code im Kontext geschützter Frontend-Prozesse auszuführen. Zudem zeigen wir auf, wie COM Hijacking das Vertrauensverhältnis zwischen geschützten Frontend-Prozessen und Backend-Diensten aushebelt um höhere Privilegien (Local Privilege Escalation) auf Systemen zu erhalten. Des Weiteren erklären wir unsere Methodik und Vorgehensweise um solche Schwachstellen zu finden und auszunutzen. Abschließend enthüllen wir Details zu den von uns gefundenen Schwachstellen und diskutieren mögliche Gegenmaßnahmen. COM-Hijacking ist vor allem als Technik bekannt, um auf Windows-Endpunkten Persistenz zu erreichen. In diesem Vortrag stellen wir jedoch eine weniger bekannte, aber äußerst wirkungsvolle Anwendung vor: Wir haben COM-Hijacking eingesetzt, um Code in die geschützten Frontend-Prozesse von Sicherheitsprodukten einzuschleusen. Dadurch konnten wir die Vertrauensbeziehung zwischen diesen Prozessen und den privilegierten Backends ausnutzen und hohe Privilegien auf dem Endpunkt erlangen. In unserem Vortrag erläutern wir detailliert unsere Vorgehensweise zur Identifikation dieser Schwachstellen und stellen die technischen Aspekte der von uns entdeckten Lücken im Detail vor. Im ersten Teil des Vortrags zeigen wir, wie wir mittels COM-Hijacking in der Lage waren, Code im Kontext der geschützten Frontend-Prozesse auszuführen. Im zweiten Teil analysieren wir die Kommunikationsmechanismen zwischen Frontend und Backend und legen offen, wie wir diese Vertrauensverbindung kompromittieren konnten. Abschließend erklären wir verschiedene Techniken, die es uns ermöglichte, unsere Privilegien auf Systemebene erfolgreich zu erweitern und diskutieren Gegenmaßnahmen die ähnliche Schwachstellen verhindern könnten. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs/

Dec 28, 202453 min

Der CCC-Jahresrückblick (38c3)

Wir geben einen Überblick über die Themen, die den Chaos Computer Club 2024 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte und anstehende Diskussionen reden. Von der Ampel über den epa bis zur Chatkontrolle, welche Themen haben den CCC in 2024 auf Trab gehalten? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/der-ccc-jahresrckblick/

Dec 28, 20242h 2m

10 years of emulating the Nintendo 3DS: A tale of ninjas, lemons, and pandas (38c3)

How is 3DS preservation faring 10 years after the release of the first emulator? What technical obstacles have we overcome, which ones remain? What hidden gems have we discovered beyond games? Join us on a journey through the struggles, the successes, and the future of 3DS emulation! The 3DS marks a key point in the evolution of handheld consoles from embedded systems to more powerful PC-like architectures, which makes it particularly interesting as a target for emulation: We'll look at the technical challenges presented by its unique hardware components and the custom microkernel-based software stack built on top of it, the various approaches taken to emulate them (low-level vs. high-level), and the trends we're seeing for the future. These technical challenges are put into historical context by looking at the emulator Citra, its initial way to success, the interplay between emulator developers and console hackers, and the impact of a prominent lawsuit that ultimately led to Citra's shutdown. Additionally we'll highlight broader community efforts like Pretendo that help preserve the platform beyond emulation. Finally we'll provide a status update for our ongoing emulation project Mikage and discuss the future outlook of 3DS preservation. This talk will be accessible to a technical audience and gaming enthusiasts alike. We particularly hope to spark new interest in preserving the 3DS legacy and foster new ideas for pushing the boundaries of emulation technology. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/10-years-of-emulating-the-nintendo-3ds-a-tale-of-ninjas-lemons-and-pandas/

Dec 28, 202455 min

Self Models of Loving Grace (38c3)

Artificial Intelligence is not just an engineering discipline, but also the most fascinating and important philosophical project ever attempted: the explanation of the mind, by recreating it. This part of the series "From Computation to Consciousness" focuses on the nature of the self, agency and identity. When we recognize the paradigm of Artificial Intelligence as a philosophical and scientific framework for understanding the nature of minds like ours, we may begin with an essential question: What does it mean for a machine to feel? How do emotions arise at the intersection between a self and its world—or more precisely, within an a reflexive self model, in response to being dynamically reconfigured by a motivational system, in response to shifts in its alignment to a model of its environment, all within the same mind? This inquiry takes us to the core of our own psychological architecture. Who are we when our self-perception alters? What does it mean to depersonalize, to dissolve the boundaries of the self? Can we reverse engineer, debug and reconstruct our identities to become who we want to be? Is there free will? Is it possible to recreate self and sentience in nonbiological substrates? Can AI be conscious? Could we perhaps even extend our own self to non biological substrates? This presentation is part of the philosophical series “From Computation to Consciousness,” which draws on insights from AI and cognitive science to explore the nature of intelligence, consciousness, and their realization in the physical universe. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/self-models-of-loving-grace/

Dec 28, 20241h 0m

Fehlercode 406: Request not acceptable. Digitalzwang als Human Security-Problem (38c3)

Schon die neue Bahncard in der App integriert und dabei erfolglos versucht, dem Tracking auszuweichen? Digitalzwang kostet: Und zwar uns, den Nutzer:innen von Diensten von Unternehmen, Behörden, oder anderen Anbietern (auch du, Deutsche Bahn!). Dabei ist es weniger ein Problem, ob digitalisiert wird, sondern wie. Ich argumentiere, dass mit der fortschreitenden Digitalisierung eine Bringschuld von Anbietern auf die einzelnen Verbraucher:innen übertragen wird. Betroffene von Digitalzwang erfahren dabei höhere Kosten in ihrem Alltag: Sie müssen mehr Geld ausgeben, um einer Datenabgabe zu entkommen, oder brauchen mehr Zeit für Dienstleistungen, weil diese sie ausschließen. Dabei reicht der Rahmen über die vermeintlich Technik-feindlichen Senioren weit hinaus, und betrifft arme, körperlich behinderte, oder Datenschutz-affine Menschen genau so. Digitalcourage hat bereits beim Fireshonks 2022 ein Best-Off ihres Digitalzwangmelders vorgestellt. Ich habe jetzt eine Übersicht aufgebaut, um das Problem zu visualisieren. Durch die Analyse von Forschungsinterviews mit Betroffenen zeige ich, wer von Digitalzwang betroffen ist, in welchen Formen Digitalzwang auftritt, und welche Auswirkungen er auf ihr Leben hat. Dabei zeige ich, dass der Digitalzwang in seinen verschiedenen Facetten mehr ist als nur „unangenehm“: Er wirkt als Brennglas für bestehende Probleme und führt zu Ausgrenzungen und Einschränkungen. Computer können das Leben verbessern. Digitalisierung macht viele Prozesse schneller und leichter umsetzbar, zumindest in der Theorie. Was aber, wenn man gar keinen Zugang zu digitalen Angeboten hat, oder ihn aus Sorge von Datenmissbrauch ausschließen muss? Armut, Behinderung, fehlende Umgangserfahrung oder eine hohe Datenhygiene führen dazu, dass Menschen sich im Alltag einschränken müssen, weil ihnen der Zugang zu einem Gut nicht offen steht. Das geht los bei Rabattaktionen im Supermarkt und geht bis zu Einschränkungen in der Mobilität – die Deutsch Bahn lässt grüßen. Ich zeige, in welchen Bereichen des Lebens Digitalzwang auftritt und wie vielseitig er sich gestaltet. Hierfür habe ich Forschungsinterviews mit Menschen geführt, die sich von Digitalzwang betroffen sehen. Im Gespräch habe ich erfahren, mit welchen Formen des Zwangs sie konfrontiert waren und wie schwer diese Eingriffe waren. Dabei zeigt sich, dass Digitalzwang zwar ein Problem für sich ist, jedoch oft intersektionell wirkt: Armut, Behinderung oder fehlende Bildung werden durch eine exklusive Digitalisierung noch verstärkt. Digitalzwang ist damit nicht nur unangenehm, sondern wird in vielen Fällen zu einem Human Security-Problem. Dieses Konzept geht davon aus, dass Sicherheit nicht nur die Abwesenheit von Gewalt ist, sondern ein Zustand, indem sich Menschen frei entwickeln können. Ein Ausschluss aus einer Gesellschaft oder eine Beschränkung im eigenen Leben wirken diesem Zustand entgegen. Anhand der Beispiele, die ich durch die Interviews gesammelt habe, zeige ich, wie die Auswirkungen von Digitalzwang diese Probleme erzeugen können. Dabei müssen wir uns die Frage stellen, wie wir mit der Digitalisierung umgehen wollen. Um dabei nicht ganz im Pessimismus zu versinken, gehe ich auch auf positive Beispiele ein: Wo wird gut und nutzerfreundlich digitalisiert? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fehlercode-406-request-not-acceptable-digitalzwang-als-human-security-problem/

Dec 28, 202437 min

MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs (38c3)

User location information is inherently privacy sensitive as it reveals a lot about us: Where do we work and live? Which cities, organizations & institutions do we visit? How does our weekly routine look like? When are we on a vacation and not at home? MacOS has introduced multiple layers of security mitigations to protect sensitive user location information from attackers and malicious applications over the years — but are these enough? ­­­­­­In this talk, we dive into how attackers could have exploited multiple design flaws, information disclosures and logic vulnerabilities spread all across the macOS stack, leading to all kinds of ways to bypass the macOS TCC Location Services privacy protection and precisely localize the user without consent. We will show how attackers could have retrieved precise real time & historical geographic user locations hiding in various components of the persistence layer, within application state restoration files and error log messages that could be triggered via reliably exploitable HTTP response callback race conditions. Digging deeper, we find that the precise user location can be reconstructed with lossless precision by combining various sources of metadata, which were accessible through different pathways and quirks of the operating system, such as: Access point SSID’s + signal strength data, Apple Maps location query data caches, custom application binary plists and even Find My widget UI structure metadata enabling to precisely reconstruct the victims AirTag locations. These issues have been responsibly reported in the scope of the Apple Security Research program and resulted in 24 CVE entries in Apple’s security advisories for macOS. We will finish of by investigating how we can prevent such issues in the future: Extended automated privacy focused integration testing, shifting responsibility of privacy preservation from developers to the system framework level and a more privacy focused API architecture of localization relevant frameworks. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/macos-location-privacy-red-pill-a-rabbit-hole-resulting-in-24-cves/

Dec 28, 202458 min

Navigating the grey (38c3)

Navigating The Gray; Hacker's Compass. In an expanding digital world, the lines quickly blur between what's good and what is bad (ethical and not) Without using big complicated words, Ethics are a reference for our action to know good from bad. In this talk we go over a framework of ethics to help predetermine which direction our actions would lead us. This is not a code of ethics saying what is good and what is bad, after all life is somewhere in between, and you do you. This is a more of a measurement tool, like a compass. A hacker's compass, a pocket sized framework of three ethics to triangulate where we are on the gray, and where our actions would take us. Prepared time for Q&A and little discussion after the talk. I would be happy to learn more from other people's experiences and Ideas on this topic. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/navigating-the-grey/

Dec 28, 202434 min

State of Surveillance: A year of digital threats to civil society (38c3)

The digital arms race between activists and government spies continues to shift and evolve. Through a series of cases studies, researchers from Amnesty International's Security Lab will share surveillance wins, the ongoing challenges, and the new threats on the digital horizon. Drawing on research by Amnesty International and partners over the past year, we will examine how the digital threats facing activists and journalists continue to evolve and adapt. Progress has been made in reigning in abuses from highly invasive spyware, with vendors going out of business and others being hit by lawsuits and sanctions. The technical arms race between defenders and the exploit industry also shows signs for cautious optimism. However notorious spyware companies, occasionally with active government protection, continue taking steps to block much needed accountability efforts. Amnesty International will also the findings of a brand new investigation into the misuse of surveillance technology. The work for civil society to defend against these threats remains challenging. Surveillance vendors continue to deploy increasing murky webs of brokers and complex corporate structures to hide their activities, although we will show tactics that can be used to map these. The emerging surveillance threats at the intersection of mass surveillance, ad tech, and artificial intelligence are becoming all too real, and surveillance tactics continues to unequally and dangerously impact already marginalized people including woman and LGBTQI activists. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/state-of-surveillance-a-year-of-digital-threats-to-civil-society/

Dec 28, 202459 min

Prototypes to Props: How to Build and Hack in the Film/TV Industry (38c3)

Look behind the scenes with filmmaker, inventor, and former Mythbuster Davis DeWitt and learn how Hollywood hackers combine prototyping and art to bring movie magic to life! Through real-world examples, this talk will explore the unique challenges of creating builds for the entertainment industry, from designing prototypes to filming the final sequence and everything in between. Have you ever been asked to build a smoke grenade or blow up a car? With over 8 years of experience in the film industry, Davis is one of the hackers with the skills to accommodate these unusual requests. In this talk, we'll explore several of his favorite builds to highlight how anyone can get started combining art and hardware hacking on their own. From CAD, to 3D printing, microcontroller programming, painting, weathering, cinematography, and more, discover how multiple disciplines blend together to create hacker movie magic! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/prototypes-to-props-how-to-build-and-hack-in-the-film-tv-industry/

Dec 28, 202432 min

Fearsome File Formats (38c3)

Specifications are enough, they say… 10 years after 31c3's "Funky File Formats" … Have things improved? With so many open-source parsers being tested and fuzzed, and widely available specs, what could go wrong with file formats nowadays ? Nothing to fear, right? Let's explore even darker corners of their landscape! Even extreme simplicity can misleadingly lead to unexpected challenges. And at the other end of the spectrum, new complex constructs appeared over the years: near-polyglots, timecryption, hashquines … Even AI is an element of the game now. Let's play FileCraft, and enjoy the ride! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fearsome-file-formats/

Dec 28, 202445 min

Software accessibility without the fuzz (38c3)

We've all heard how important digital accessibility is, at this point. But how does one get started with this complex topic? Let's cover all the techy basics! Software accessibility is important, we all know that by now. In the past years while working as an accessibility consultant, many people have asked me the very same question: How do I get started with this? I'm overwhelmed by all the different resources! Heck, I can't find anything useful! In all fairness, I get you. There's so much fuzz surrounding this. Social workers will feel right at home because of this, but frankly, for us techies, it just doesn't work that way. We would like to know what to do precisely, or at least dive deeper into a topic on our own terms. In this talk, I would like to give a brief overview over what's important only for programmers and where you can educate yourself further. We can do this together! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/software-accessibility-without-the-fuzz/

Dec 28, 202421 min

Pirouette Machines. Fluid Components (38c3)

This lecture follows the path of an ex-ballerina through fluid computers, handmade semiconductors, and cosmetic synthesisers. We will tackle the seductive side and hidden narratives of circuitry to natural systems, salty fluids, and minerals and discuss the importance of alternative hardware morphologies. Pirouette Machines. Fluid Components embarks on an intimate visual essay on an alternative history of computer hardware in which minerals, cosmetics and fluids mingle in tactile experiments. A lipstick converted into a strident sound generator resonates through toxic entanglements with one of its main historical ingredients: lead. Following a radioactive decay chain, lead ore or galena is found on our lips and in our early 20th-century technologies such as crystal radio demodulation frenzy. This talk draws parallels between different types of hardware materialities and personal stories surrounding computing components in their use. Starting with the beauty industry, the talk serpents amongst toxic concoctions filled with heavy metals oscillating to become predecessors to the first transistors and their alternative fluidic siblings that use air and water instead of electricity. Fluidics is a technology lost in history. To operate, it requires only simple fluid matter guided by natural phenomena. Much like its mineral counterpart: electronics, fluidics builds circuits for computing. This talk concludes by following the seductive forms that fluidic circuits assume, forms, that can reimagine the morphologies of our current electronic machines. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/pirouette-machines-fluid-components/

Dec 28, 202437 min

Wann klappt der Anschluss, wann nicht und wie sagt man Chaos vorher? (38c3)

Gut 1 Mrd. Datenpunkte zu Zugfahrten, wie kann man damit das Zugfahren verbessern? Wir versuchen, die Zuverlässigkeit von Zugverbindungen vor der Buchung zu prognostizieren. Um allen Bahnfahrenden zu helfen, wollen wir auf Basis eines Kriesel-Artigen Datensatz vorhersagen, welche Anschlusszug verpasst wird und welcher nicht. Dafür schauen wir uns die Verspätungsdaten ganz genau an, um prädiktive Faktoren für Verspätungsvorhersagen zu finden. Wir schauen uns ein paar Techniken für kategorische Datentypen an, bauen ein Machine-Learning-Modell und werden dann nachweisen, ob dieses etwas taugt. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/wann-klappt-der-anschluss-wann-nicht-und-wie-sagt-man-chaos-vorher/

Dec 28, 202441 min

Automated Malfare - discriminatory effects of welfare automation (38c3)

An increasing number of countries is implementing algorithmic decision-making and fraud detection systems within their social benefits system. Instead of improving decision fairness and ensuring effective procedures, these systems often reinforce preexisting discriminations and injustices. The talk presents case studies of automation in the welfare systems of the Netherlands, India, Serbia and Denmark, based on research by Amnesty International. Social security benefits provide a safety net for those who are dependent on support in order to make a living. Poverty and other forms of discrimination often come together for those affected. But what happens, when states decide to use Social Benefit Systems as a playground for automated decision making? Promising more fair and effective public services, a closer investigation reveals reinforcements of discriminations due to the kind of algorithms and quality of the input data on the one hand and a large-scale use of mass surveillance techniques in order to generate data to feed the systems with on the other hand. Amnesty International has conducted case studies in the Netherlands, India, Serbia and, most recently, Denmark. In the Netherlands, the fraud detection algorithm under investigation in 2021 was found to be clearly discriminatory. The algorithm uses nationality as a risk factor, and the automated decisions went largely unchallenged by the authorities, leading to severe and unjustified subsidy cuts for many families. The more recent Danish system takes a more holistic approach, taking into account a huge amount of private data and some dozens of algorithms, resulting in a system that could well fall under the EU's own AI law definition of a social scoring system, which is prohibited. In the cases of India and Serbia, intransparency, problems with data integrity, automation bias and increased surveillance have also led to severe human rights violations. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/automated-malfare-discriminatory-effects-of-welfare-automation/

Dec 28, 202445 min

From Pegasus to Predator - The evolution of Commercial Spyware on iOS (38c3)

My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024. The talk will start with an analysis how exploits, infection vectors and methods of commercial spyware on iOS have changed over time. The second section of the talk is all about advances in detection methods and the forensic sources which are available to discover commercial spyware. This talk will also include a Case Study about the discovery and analysis of BlastPass (one of the latest NSO Exploits). The third part will discuss technical challenges and limitations of the detections methods and data sources. Finally, I will conclude the talk with open research topics and suggestions what Apple or we could technically do to make the detection of commercial spyware better. The commercial spyware landscape on iOS has evolved significantly since the discovery of Pegasus in 2016. In this talk, we’ll explore that evolution through four main areas: 1. Spyware Evolution (2016-2024): By analyzing key exploits, tactics, techniques, and procedures (TTPs), infection vectors, and indicators of compromise (IOCs), we’ll trace how spyware has advanced in sophistication, highlighting changes that have led to today’s complex threats. 2. Advancements in Detection: As spyware has grown more sophisticated, so too have detection capabilities. We’ll review the main actors, public organizations and tools that have shaped spyware detection. This part will also include a case study on my discovery and analysis of a sample NSO‘s BlastPass Exploit chain. 3. Current and Future Challenges: Looking forward, we’ll examine the pressing challenges in spyware detection and speculate on how commercial spyware might evolve in response to new security measures and technologies. 4. Recommendations for Research and Detections: Finally, I’ll offer recommendations for advancing research and detection methods and capabilities to combat commercial spyware. Attendees will gain a comprehensive view of the past, present, and future of spyware on iOS, along with actionable strategies for future research and collaboration. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios/

Dec 28, 202459 min

Erpressung aus dem Internet - auf den Spuren der Cybermafia (38c3)

Manchmal sind es tausende, manchmal sind es zehntausende von Euros, um die vor allem junge Männer aus Deutschland bei Onlinescams betrogen werden. Die Scham ist zu groß, um darüber zu sprechen, schließlich ist „Mann“ selbst schuld daran. Es geht um Erpressung mit Nacktfotos, Liebes-Fallen und zweifelhafte Investments, die auf dem Vormarsch sind. Der Vortrag folgt den Spuren der Täter:innen und enthüllt eine prosperierende Scam-Industrie in Asien, fest in den Händen der chinesischen Mafia. Aus Scham wollte er eigentlich gar nicht darüber sprechen. Sebastian (26 Jahre) flirtet mit einer Unbekannten aus dem Internet, sie schickt ihm Nacktfotos, fragt, ob auch er sich vor der Kamera für sie auszieht. Er fühlt sich geschmeichelt, sie verabreden sich zum Videocall, er masturbiert vor laufender Kamera. Davon werden Screenshots erstellt und eine Männerstimme fordert ihn auf 2.000 Dollar zu bezahlen, sonst würden die Bilder an all seine Instagram Freunde gehen. „Ich habe zu leichtsinnig im Internet vertraut“, sagt er rückblickend. Für viele Betroffene folgen neben der Scham und dem finanziellen Verlust Angstzuständen und Depressionen, immer gepaart mit dem Gefühl großer Hilflosigkeit, weil sich die Spuren im Netz verlieren. Ausgehend von den Opfern folgen wir den Spuren von Onlineverbrechern, bei denen vor allem (junge) Männer ausgenommen werden. Es gelingt uns Kontakt aufzubauen, zu einem der selbst Täter war. „Neo“ nennt er sich: Der junge Chinese war auf ein verlockend klingendes Jobangebot als englisch Übersetzer eingegangen, wurde gekidnapped und in eine sogenannte Betrugsfabrik verschleppt. Er berichtet und belegt mit Fotos sowie zahlreichen Unterlagen, wie in Myanmar entlang der Grenze von Thailand hunderttausende Menschen gefangen gehalten und ausgebeutet werden. Der junge Chinese erzählt von Folter und davon, wie sie dort hunderte Menschen im Internet und am Telefon pro Tag abzocken mussten. „Wer nicht gehorchte, bekam Schläge“, sagt er. NGOs und andere Überlebende berichten von Elektroschocks und einem ausgeklügelten System von Menschenhandel und Ausbeutung. Interpol spricht inzwischen von einer aufsteigenden Industrie, die in der gesamten Region Südostasien an Umsatz inzwischen den Drogenhandel abgelöst hat. Rasante technische Entwicklungen, wie Übersetzungsprogramme, Bots und mit KI generierte Fotos und Videos sorgen dafür, dass sich der Betrug immer weiter globalisiert und nach Deutschland strahlt. "Neo" gelingt es schließlich zu fliehen und hunderte interne Dokumente und Fotos aus der "Betrugsfabrik" heraus zu schmuggeln. Der Talk gibt einen Einblick in diese verborgene Welt. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/erpressung-aus-dem-internet-auf-den-spuren-der-cybermafia/

Dec 28, 202437 min

Gemeinwohlorientierte Forschung mit KI: Missbrauch eindämmen durch Zweckbindung für KI-Modelle (38c3)

Trainierte KI-Modelle sind mächtige Werkzeuge, die in Wissenschaft und Forschung oft für gute Zwecke gebaut werden. Aber wie alle Werkzeuge können sie auch zweckentfremdet werden – in Bereichen, für die sie nicht gedacht waren, in denen sie profitgierigen Interessen dienen und gesellschaftlichen Schaden anrichten. Vor dem Hintergrund des Trends von "open source" AI ist die Gefahr der unkontrollierten Zweckentfremdung von KI-Modellen enorm gestiegen. Wir zeigen: Das Risiko einer missbräuchlichen Sekundärnutzung von für Forschungszwecke trainierten KIs ist aktuell die größte regulatorische Lücke, trotz DSGVO und AI-Act. Zugleich ermöglicht das Zweckentfremden von Modellen die immer weiter wachsende Machtposition von Big Tech. Um das Problem zu bekämpfen, muss das Prinzip "Zweckbindung" für das Zeitalter der KI geupdated werden. Skandale wie die Weitergabe von Forschungsdaten der UK Biobank an Versicherungsunternehmen zeigen ein typisches, aber oft übersehenes Risiko im Zusammenhang mit KI: Modelle und Trainingsdaten, die eigentlich dem Gemeinwohl dienen sollten, werden im Schatten der öffentlichen Aufmerksamkeit, jedoch ohne geltendes Recht zu verletzen, für diskriminierende, manipulative und profitorientierte Zwecke zweitverwendet. Wer etwa in der medizinischen Forschung ein Modell zur Erkennung von psychischen Krankheiten anhand von Audiodaten (Stimmaufzeichnung) baut, kann dieses Modell auch außerhalb des medizinischen Kontexts auf beliebige Individuen anwenden – und zum Beispiel bei Video-Bewerbungsgesprächen ein automatisiertes Risiko Scoring damit machen (unsere Beispiele zeigen, dass daran gerade großes Interesse besteht). Der Besitz trainierter KI-Modelle stellt eine enorme Konzentration von Informationsmacht dar – und mit dieser Macht geht ein Missbrauchspotenzial einher, wenn die Tools z.B. in einen kommerziellen Kontext übertragen werden. Zum Schutz unserer Gesellschaft vor Missbrauch KI-basierter Forschung müssen wir deshalb die Zirkulation trainierter KI-Modelle und anonymisierter Trainingsdaten unter demokratische Kontrolle stellen. Wir brauchen ein Regulierungskonzept, das offene Forschungszwecke ermöglicht und gleichzeitig kommerziellen Missbrauch verhindert. Modelle mit allgemeinem Verwendungszweck wie sie die KI-VO legitimiert, sollte es nicht geben. Als Lösung holen wir das alte, bei der Industrie verhasste und in der Politik fast schon vergessene Datenschutzprinzip der Zweckbindung aus der Mottenkiste und aktualisieren es für die Kontrolle von KI. Unser Regulierungsvorschlag einer "Zweckbindung für KI-Modelle" beruht auf unserer mehrjährigen interdisziplinären Forschung zwischen Ethik, Rechtswissenschaft und Informatik. Background Readings und weitere Infos: <a href="https://purposelimitation.ai">https://purposelimitation.ai</a> Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/gemeinwohlorientierte-forschung-mit-ki-missbrauch-eindmmen-durch-zweckbindung-fr-ki-modelle/

Dec 28, 202441 min

Hackspace-Vorstellungen (38c3)

Eine Vorstellung der Hackspaces Eine Vorstellung der Hackspaces organisiert via wiki at https://events.ccc.de/congress/2024/hub/de/wiki/hackspace-vorstellungen/ Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hackspace-vorstellungen/

Dec 28, 20241h 9m

Digitalisierung mit der Brechstange (38c3)

Fünf Prozent der Bevölkerung im Alter von 16 bis 74 Jahren in Deutschland sind offline. Dafür gibt es verschiedenen Gründe: Manche wollen nicht ins Netz und manche können nicht. Dennoch gibt es zunehmend auch öffentliche Dienstleistungen nur noch digital. Das wäre kein Problem, wenn gewährleistet wäre, dass alle Zugang zu Geräte, zum Netz und die nötige Unterstützung haben, um die Angebote nutzen zu können. Und wenn wir darauf vertrauen könnten, dass unsere Daten dort sicher sind. Solange beides nicht gegeben ist, darf niemand ausgeschlossen werden, weil der Zugang fehlt. Menschen, die noch immer nicht online sind, sind älter, arm, häufig weiblich, manchmal behindert, sind keine Akademiker*innen oder arbeiten in Jobs, bei denen sie nicht vor Computern sitzen. Aber auch durchaus IT-affine Menschen geraten mal ins Straucheln, wenn der Akku vom Gerät mit dem digitalen Ticket nicht mehr mitmacht oder das Funkloch verhindert, dass die digitale Bahncard aktualisiert werden kann, wenn die Kontrolle kommt. Statt dafür zu sorgen, dass die nötige Infrastruktur läuft und alle die Unterstützung bekommen, die sie brauchen, um die immer anders aussehenden digitalen Behördengänge erledigen zu können, setzt die Bundesregierung auf Zuckerbrot und Peitsche. Es gab Geschenke wie den Kulturpass für 18-Jährige oder eine 200-Euro-Einmalzahlung für Studierende, aber die gab es nur für die, die sie online beantragten. Es wird akzeptiert, dass Post- und Bankfilialen durch Online-Angebote ersetzt werden. Alle, die damit nicht klarkommen, werden höchstens belächelt. Aber das betrifft nicht wenige Menschen, die angesichts dieser Digitalisierung mit der Brechstange im Regen stehen. Sie sind oft so schon auf die eine oder andere Weise benachteiligt und nun durch rein digitale Angebote noch weiter abgehängt. Im Idealfall sollte Digitalisierung das Leben vereinfachen. Tatsächlich trägt diese Digitalisierung zu noch mehr gesellschaftlicher Spaltung bei. Dieser Talk beleuchtet, wen das betrifft und warum, und zeigt Beispiele für Dienstleistungen und Angebote, die nur online zu haben sind – und für die, die keine Skrupel haben angesichts der häufig wenig vertrauenserweckenden Umsetzung. Schließlich wird es auch darum gehen, was nötig wäre, um diese Situation zu ändern. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/digitalisierung-mit-der-brechstange/

Dec 28, 202439 min

Transitous - offener Routingdienst für öffentliche Verkehrsmittel (38c3)

Unabhängige Apps für den öffentlichen Nahverkehr stehen häufig vor dem Problem, dass sie durch die vielen separaten APIs der Verkehrsbetriebe eingeschränkt sind, die oft nicht über die vollständigen Daten der anderen Betreiber verfügen. Dies macht es unmöglich, vollständige Routen zu erhalten. In Städten wie Paris ist z.B. die Kenntnis der örtlichen Metro erforderlich, da die verschiedenen Bahnhöfe nicht direkt miteinander verbunden sind. Transitous will dieses Problem auf der Grundlage öffentlich zugänglicher Fahrplandaten lösen. Bestehende Routing-Lösungen aus der Community waren nur für Fahrräder, Autos oder Fußgänger verfügbar. Dadurch blieb den Apps für den öffentlichen Verkehr nur die Möglichkeit, viele verschiedene Betreiber-APIs mit begrenzten Daten zu verwenden. Einige überließen die Wahl der besten API der Nutzer*in oder versuchten, die beste API auf der Grundlage der regionalen Abdeckung automatisch auszuwählen. Dies verhinderte, Verbindungen über größere Entfernungen einschließlich des Nahverkehrs mit einer einzelnen Anfrage finden zu können. Mit neueren freien und quelloffenen intermodalen Routing-Engines wie MOTIS und der zunehmenden Verfügbarkeit von Fahrplänen der öffentlichen Verkehrsmittel im GTFS- und GTFS-RT-Format im Internet wurde es möglich, dieses Problem zu lösen. In diesem Talk wird vorgestellt, was wir bisher erreicht haben und wie das Projekt weiterentwickelt und genutzt werden kann. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/transitous-offener-routingdienst-fr-ffentliche-verkehrsmittel/

Dec 28, 202442 min

From Critical Making via unmaking towards (un)making (38c3)

In this talk, an advocate of (un)making, Yoshinari Nishiki, dives into the historical foundation of the concept. Starting from the Maker movement, transitioning to Critical Making, evolving into unmaking, and culminating in (un)making, Yoshinari emphasizes a process defined by the deliberate absence of production, where (un)making itself embodies the act of not producing. Unmaking is a newly emerged term in the fields of HCI and design that references the idea of unlearning. In unmaking, researchers have explored the realms of making beyond the pursuit of plastic perfection: one prominent study investigated the aesthetics found in the processes of decay in 3D-printed objects. In (un)making, however—a variant of unmaking—Yoshinari attempts to step away from production itself while still generating monetary value. As profit-making entities increasingly face pressure to claim—whether superficially or substantially—that they are reducing their environmental impact, the overall trend of relentless production remains largely unchanged and unchallenged. This raises a critical question: can we ever truly stop making? One reason we find it nearly impossible to stop is that the urge to make is deeply ingrained in our nervous systems. While pioneering researchers have begun to explore this issue by moving beyond unlearning to the concept of unmaking, little insight has emerged regarding the dilemma of value creation. Put simply, people cannot stop making things because they need to keep earning. Universal Basic Income (UBI) is not a straightforward solution, as it could further reinforce the monetary logic of resource acquisition. Instead, we need to (re)develop skills to derive benefits from our surroundings with minimal effort. This is precisely what Yoshinari Nishiki is exploring in his engineering PhD on (un)making. However, to address the historical complexities of production, it is essential to revisit the evolution of our modes of making. In this talk, Yoshinari carefully traces the origins of (un)making, from the Maker movement and Critical Making to the emerging concepts of unmaking and (un)making. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/from-critical-making-via-unmaking-towards-un-making/

Dec 28, 202436 min

Opt Green: Coordinating a Windows 10-to-Linux upcycling campaign across Free Software communities worldwide (38c3)

Windows 10 security updates end on 14 October 2025, KDE's 29th birthday and also, ironically, International E-Waste Day [1] (you cannot make these things up!). Hundreds of millions of functioning devices [2] will become e-waste. This means manufacturing and transporting new ones, which is perhaps the biggest waste of all: hardware production alone can account for over 75% of a device's CO2 emissions over its lifespan. Free Software is a solution, today, and if we work together Windows 10 could truly be the last version of Windows users ever use! In this talk I will present the issue of e-waste and the importance of right-to-repair software, and invite the audience to participate in coordinating a global, unified Free Software campaign over the next year to raise awareness about the environmental harm of software-driven hardware obsolescence, while promoting upgrading users from Windows 10 to GNU/Linux directly. Extending hardware's operating life with Free Software is good for users, and better for the environment. Let's think big and act boldly as a unified community! [0] https://arstechnica.com/gadgets/2024/10/lots-of-pcs-are-poised-to-fall-off-the-windows-10-update-cliff-one-year-from-today/ [1] https://weee-forum.org/iewd-about/ [2] https://www.canalys.com/insights/end-of-windows-10-support-could-turn-240-million-pcs-into-e-waste This is a talk about digital sustainability and the role software plays in hardware longevity. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/opt-green-coordinating-a-windows-10-to-linux-upcycling-campaign-across-free-software-communities-worldwide/

Dec 28, 202445 min

Lightning Talks Day 2 (38c3)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! 11:00 Opening Lightningtalks 11:05 400kWp Eigenbau-PV als Genossenschaft,mherweg 11:10 The Shadow Life of Endless Pots.Jakob Kilian 11:15 Chaos Sticker Collection,mwarning 11:20 Eurobox,Ledge 11:25 Midimaxe,polygon 11:30 Hamburg Werbefrei - auf zum Volksbegehren!,N. E. Flick 11:35 Reliable Radio Communications,Bernerd DO3RB 11:40 "The Sound Of Data - Turning planets, DNA and stock prices into music",Jonas Scholten 11:45 "Moderne Landwirtschaft ist kaputt, oder?",twe 11:50 Old-School Demo-Effekte mit pyxel,Marco Bakera 11:55 RegretBlocker,Andreas Haupt 12:00 "Satzungsänderung unter Zuhilfenahme von ReStructuredText, Git und Python",adnidor 12:05 Pfandgeben die Plattform zum Pfandspenden,Chris 12:10 GLED,René 12:15 From Pixels to Procedures: An Open Source Design Suite for 2025,Dennis Kobert 12:20 Das bisschen Haushalt - lässt sich nicht gut verteilen,Rici 12:25 Freie Software in Organisationen - Das geht!,Leonard Marschke 12:30 Inside a modern groovebox,dena 12:35 GNU Boot,Denis 'GNUtoo' Carikli 12:40 Functional Safety over Industrial Ethernet - Broken by Design,Nick Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/lightning-talks-day-2/

Dec 28, 20241h 31m

Junghacker:innentag Einführung (38c3)

Zu unserer Freude haben sich in den letzten Jahren immer mehr Junghacker:innen auf dem Congress eingefunden. Daher bieten wir auch diesmal, wie schon in den Vorjahren, einen speziell auf Kinder und Jugendliche zugeschnittenen Junghacker:innentag an. Am zweiten Congresstag, dem 28. Dezember 2024, organisieren Freiwillige aus vielen Assemblies von etwa 10 bis 17 Uhr ein vielseitiges Workshop-Programm für angehende Hacker:innen. Weitere Informationen siehe [https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/](https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/junghacker-innentag-einfhrung/

Dec 28, 202432 min

Fnord-Nachrichtenrückblick 2024 (38c3)

Wir zeigen euch die Fnords in den Nachrichten des Jahres. Endlich wieder ein normaler Ausklang fürs Jahr! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/fnord-nachrichtenrckblick-2024/

Dec 28, 20241h 37m

OpenPV - Calculate the solar potential of your building (38c3)

Simulating the photovoltaic potential of roofs and facades with WebGL and OpenData in real time This talk is a deep dive into the open-source website [openpv.de](https://www.openpv.de/) - prepare yourself for lots of open geodata, physics-based solar irradiance simulation, some shady WebGL code, and insights on how to get funding from the German government for your open-source project. We will look at the available open data of 3D buildings, laser scans, and elevation models from Germany and how we navigated through the jungle of governmental open datasets. Having these valuable datasets allows us to do fancy things - like building a browser-based tool for solar potential simulation. This includes the task of performing physics-based simulation in WebGL, a nice problem we planned to solve in one afternoon but that ended up taking several weekends. In the talk, we also share about the evolution of our project and our experience along the way. We started as a simple free-time project, but evolved and even received public funding from the German Prototype Fund in the end. Come and listen to our talk if you 1. think about installing your own PV system, 2. love open geodata, 3. want to see some fancy 3D simulations in the browser. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/openpv-calculate-the-solar-potential-of-your-building/

Dec 28, 202429 min

Reticulum: Unstoppable Networks for The People (38c3)

Reticulum is a cryptography-based networking stack for building local and wide-area networks with readily available hardware. Reticulum can continue to operate even in adverse conditions with very high latency and extremely low bandwidth. The vision of Reticulum is to allow anyone to operate their own sovereign communication networks, and to make it cheap and easy to cover vast areas with a myriad of independent, interconnectable and autonomous networks. On this talk we shall present Reticulum, a highly resilient cryptography-based networking stack, that you can use to get out of the shackles of surveillance corporate networks. Reticulum is a tool for building networks. Networks without kill-switches, surveillance, censorship and control. Networks that can freely interoperate, associate and disassociate with each other. Reticulum is Networks for Human Beings. It solves the same problem that any network stack does, namely to get data reliably from one point to another over a number of intermediaries. But it does so in a way that is very different from other networking technologies: - Reticulum does not use source addresses. No packets transmitted include information about the address, place, machine or person they originated from. - There is no central control over the address space in Reticulum. Anyone can allocate as many addresses as they need, when they need them. - Reticulum ensures end-to-end connectivity. Newly generated addresses become globally reachable in a matter of seconds to a few minutes. - Addresses are self-sovereign and portable. Once an address has been created, it can be moved physically to another place in the network, and continue to be reachable. - All communication is secured with strong, modern encryption by default. - All encryption keys are ephemeral, and communication offers forward secrecy by default. - It is not possible to establish unencrypted links in Reticulum networks. - It is not possible to send unencrypted packets to any destinations in the network. - Destinations receiving unencrypted packets will drop them as invalid. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/reticulum-unstoppable-networks-for-the-people/

Dec 27, 202443 min

Blåmba! ☎️ Behind the scenes of a 2000s-style ringtone provider (38c3)

A Deep Dive into WAP, SMS, monophonic ringtones and 1-bit graphics. A key part of early 2000s advertisements were hyperactive frogs and annoying crocodiles trying to lure people into subscribing to overpriced ringtones and silly graphics for their mobile phones. Apart from shady business practices -- how exactly do you send pictures and ringtones to vintage GSM mobile phones (most of which don't even support TCP/IP)? In our quest to learn more, we stumbled across WAP-Push, User Data Headers, Concatenated SMS, SMPP, User Agent Profiles and many more forgotten technologies. To put all this knowledge to good use, we built Blåmba -- a Chaos ringtone provider, clearly inspired by the (now long defunct) historic ones. Then at Chaos Communication Camp 2023 with the C3GSM network, we had the first public instalment of Blåmba. The Chaos community uploaded lovely artwork and new ringtones, sent patches for the software, and had a fun time reviving their old Nokia phones. This talk will tell the story behind Blåmba, explain how ringtones (and more) made their way onto your phone, what a WAP gateway did, and what other cool tricks mobile phones could do (if you had the money to pay for GPRS traffic 20 years ago). Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/blmba-behind-the-scenes-of-a-2000s-style-ringtone-provider/

Dec 27, 202427 min

Desiring Technology. Über Porno, Abhängigkeit und Fortschritt (38c3)

Eine wachsende Zahl von Menschen eignet sich ihre empfundene Abhängigkeit von digitaler Pornografie als mystischen Fetisch an – sie konsumieren ihren Konsum. Was ist Gooning, wie hat es sich entwickelt und was kann es uns über unser Verhältnis zu Medientechnologie im weiteren Sinn erzählen? Pornografie gilt als wichtiger Treiber von Digitalisierung. Ihre Nutzung ist damit auch ein kulturelles Labor digitaler Konsumgesellschaft - aber eines, über das relativ wenig gesprochen wird. Was genau machen Leute eigentlich mit Pornos? Wie Pornos konsumiert werden, gibt mehr als nur Aufschluss über den Stand dessen, was wir “Sexualität” nennen. Menschliches Begehren ist die wichtigste Ressource für technische Entwicklung schlechthin, und in den Lustfarmen der Pornokonsumindustrie findet dieser Zusammenhang nur einen besonders deutlichen Ausdruck. Dieser Vortrag erzählt die Geschichte einer relativ jungen Form digitalisierter Sexualität rund um Pornografiekonsum: Gooning. Er beschreibt, wie über die letzten zehn Jahre diese Form der Lust an sich selbst eine innige Verbindung mit digitalen Medien eingegangen ist. Und er nutzt dieses Beispiel, um eine weitere Geschichte zu erzählen: eine Geschichte über menschliche und vor allem männliche Körper, die nicht anders können, als das Neue zu begehren – selbst angesichts der unerwünschten Zukünfte, mit denen die technologisierte Welt, von der sie abhängig geworden sind, sie konfrontiert. Inhaltshinweis Themen: Sexualität, Sucht. Nacktheit im Bildmaterial ist verpixelt. Dennoch nicht empfohlen für Personen unter 18 Jahren. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/desiring-technology-ber-porno-abhngigkeit-und-fortschritt/

Dec 27, 202442 min

A Competitive Time-Trial AI for Need for Speed: Most Wanted Using Deep Reinforcement Learning (38c3)

All challenges and achievements in creating a competitive time-trial AI in NFS:MW. 15 years ago, at the height of my eSports career, I uploaded an (unofficial) ESL record at Need for Speed: Most Wanted (2005) (NFS:MW) to Youtube. In the meantime Deep Reinforcement Learning became popular and ever since I have dreamt of creating a competitive AI for my favorite racing game of all time: NFS:MW. Now finally the time was right: The hardware is fast enough, good software is available, and Sony's AI research has proven the task is actually doable. Hence I thought: "How hard can it possibly be?". This talk will present in detail all challenges and achievements in creating a competitive time-trial AI in NFS:MW from scratch - including but not limited to - hacking of the game to create a custom API, building a custom (real-time) OpenAI gym environment, steering the game using a virtual controller, and finally successfully training an AI using the Soft-Actor-Critic algorithm. All code including the API is written in Python and is open source. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/a-competitive-time-trial-ai-for-need-for-speed-most-wanted-using-deep-reinforcement-learning/

Dec 27, 202444 min

Instructions unclear - Über die (In-)Accessibility von Symbolen (38c3)

Ein Talk über die Kommunikation ohne gesprochene oder geschriebene Sprache Kommunikation ist ja schon mit Worten manchmal schwierig - Wie ist das eigentlich, wenn man NICHT mit Worten kommunizieren kann? (Sei dies durch Sprachbarrieren, Psychische oder körperliche Beeinträchtigungen oder einfach nur aus Platzmangel) In diesem Talk werde ich mich auf eine ehrliche und hoffentlich auch etwas humoristische Art mit der Kommunikation mithilfe von Symbolen auseinandersetzen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/instructions-unclear-ber-die-in-accessibility-von-symbolen/

Dec 27, 202424 min

Operation Mindfuck Vol. 7 (38c3)

For the seventh time, we'll present a colorful potpourri of nerdsniping topics: some of our favorite facts about computers, art, and the world! We draw a lot of inspiration from new and absurd ideas, and we'd like to share that enthusiasm with you! - [Vol. 1](https://blinry.org/operation-mindfuck/) (German) - [Vol. 2](https://blinry.org/operation-mindfuck-2/) (German) - [Vol. 3](https://blinry.org/operation-mindfuck-3/) (German) - [Vol. 4](https://blinry.org/operation-mindfuck-4/) (English) - [Vol. 5](https://blinry.org/operation-mindfuck-5/) (English) - [Vol. 6](https://blinry.org/operation-mindfuck-6/) (English) Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/operation-mindfuck-vol-7/

Dec 27, 202452 min

IRIS: Non-Destructive Inspection of Silicon (38c3)

IRIS (Infra-Red, *in situ*) is a technique for non-destructively inspecting the construction of a select but common type of chip. It can improve visibility into our hardware and provide supporting evidence of its correct construction, without desoldering chips or expensive analytical gear. This talk covers the theory behind IRIS, as well as some embodiments of the technique. I will also frame the relevance of IRIS in the face of various threat scenarios. Time permitting, I’ll also show how you can do it at home by peeking around a few chips as a demo. Do we really know what chips are inside our devices? To a first order, the answer is “no”. We can read the label printed on the chip's package, but most of us have no way to determine if the silicon actually matches what’s on the label. This lack of transparency has lead to much hand-wringing about the safety of our global supply chains, as chips zig-zag the globe on their way to our doorstep: each stop is an opportunity for bad actors to inject malicious hardware, and those of us without access to million-dollar analytical gear have no way of detecting this. IRIS (Infra-Red, *in situ*) is a technique I have been developing that aims to democratize the inspection of silicon. It turns out that for a select but fairly common type of chip - those in chip-scale packages - a simple modification to an off the shelf microscope camera can enable the visualization of micron-scale features within – without requiring any nasty chemicals or desoldering chips. I will also show how the basic everyday technique can be combined with a Jubilee 3D motion platform to create detailed, full-chip images. This talk will cover the basic theory behind the technique, and frame it in the context of several hypothetical threat scenarios that highlight its strengths and limitations. It is important to understand that IRIS is not a panacea for chip verification, but it is a significant step forward in improving transparency. I will also discuss its potential as a new tool for system designers who are serious about enabling user-level hardware verification. Finally, time permitting and equipment cooperating, I would like to share the simple pleasure of being able to take a peek inside the chips of some common mobile phone motherboards with a live demo. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/iris-non-destructive-inspection-of-silicon/

Dec 27, 202457 min

We've not been trained for this: life after the Newag DRM disclosure (38c3)

You've probably already heard the story: we got contracted to analyze a bunch of trains breaking down after being serviced by independent workshops. We reverse engineered them and found code which simulated failures when they detected servicing attempts. We presented our findings at 37C3… and then shit hit the fan. This talk will be an update about what happened since our 37C3 presentation. We’ll talk about: - Three parliamentary workgroup sessions with dirty bathroom photos on Newag’s offtopic slides, train operators revealing that they paid Newag more than 20k EUR for unlocking a single train, which Newag was able to unlock in 10 minutes, and at the same time saying that they don’t know anything about the locks. - 140-page lawsuits, accusing us of _copyright violation and unfair competition_ (sic!) with a lot of logical gymnastics. - How it’s like to repeatedly explain reverse engineering concepts to journalists. - 6 official investigations, two of them criminal. - New cases revealed since then (from different train operators). - and much more! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure/

Dec 27, 202444 min

Hacking the RP2350 (38c3)

Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the chip is indeed vulnerable (in at least one way). This talk will cover the process of discovering this vulnerability, the method of exploiting it, and avenues for deducing more about the relevant low-level hardware behavior. The RP2350 security architecture involves several interconnected mechanisms which together provide authentication of code running on the chip, protected one-time-programmable storage, fine-grained control of debug features, and so on. An antifuse-based OTP memory serves as the root of trust of the system, and informs the configuration of ARM TrustZone as well as additional attack mitigations such as glitch detectors. Raspberry Pi even constructs an impressive, bespoke Redundancy Coprocessor (RCP), which hardens execution of boot ROM code on the Cortex-M33 cores with stack protection, data validation, and instruction latency randomization. Since there are many potential incorrect guesses to be made about where problems might lie, here I begin with the most fundamental features of the chip logic, including the reset process. Even small oversights at this level can entirely defeat sophisticated security efforts if higher-level mechanisms place complete trust in seemingly simple hardware operations. I show how cursory research into the design details of IP blocks used in the SoC can help inform an attack, and demonstrate the importance of fully testing new features which are built atop older IP. Ultimately, the significant amount of luck (or lack thereof) involved is a reminder of the need to meticulously understand and validate complex systems. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hacking-the-rp2350/

Dec 27, 202457 min

Einstieg in die Teilchenphysik (38c3)

Was sind die fundamentalen Bestandteile der Materie, und wie interagieren sie miteinander? Die Teilchenphysik beschäftigt sich mit diesen grundlegenden Fragen und bildet die Basis unseres Verständnisses der Naturgesetze. In diesem Talk möchte ich euch einen Einstieg in die spannende Welt der Quarks, Leptonen und Bosonen geben. Ich werde die Grundlagen des Standardmodells der Teilchenphysik erklären, einen Einblick in Experimente wie den Large Hadron Collider (LHC) geben und zeigen, welche Rolle Teilchen wie das Higgs-Boson oder Neutrinos spielen. Der Fokus liegt darauf, die Teilchenphysik verständlich und anschaulich zu machen - ganz ohne Vorkenntnisse, aber mit viel Raum für Fragen. Dieser Talk richtet sich an alle, die mehr über die Grundbausteine der Materie und die Arbeit moderner Physiker:innen erfahren möchten. Egal ob Schüler:in, Student: in oder einfach nur Wissenschaftsinteressierte - hier seid ihr richtig! Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/einstieg-in-die-teilchenphysik/

Dec 27, 202432 min

Ultraschall Workshop (38c3)

Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/ultraschall-workshop/

Dec 27, 20241h 27m

Die große Datenschutz-, Datenpannen- und DS-GVO-Show (38c3)

Datenschutz darf auch Spaß machen, und alle können dabei etwas lernen, egal ob Einsteiger oder Profi-Hacker: Bei dem Datenschutz- und Datenpannen-Quiz kämpfen vier Kandidat:innen aus dem Publikum zusammen mit dem Publikum um den Sieg. Nicht nur Wissen rund um IT-Sicherheit und Datenschutz, sondern auch eine schnelle Reaktion und das nötige Quäntchen Glück entscheiden über Sieg und Niederlage. Die Unterhaltsame Datenschutz-Quiz-Show mit Bildungsauftrag! Datenschutz wird oftmals als lästige Pflicht wahrgenommen – aber was will und macht Datenschutz, für was ist er sinnvoll und was ist zu beachten? Die Datenschutz- und DSGVO-Show vermittelt spielerisch Datenschutzgrundlagen, bietet einen Einblick in die Praxis der Datenschutz-Aufsichtsbehörden und zeigt typische technische wie rechtliche Fehler im Umgang mit personenbezogenen Daten. Aber auch für Datenschutz-Profis und Superhirne sind einige harte Nüsse dabei. Der Moderator arbeitet beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg und berichtet aus der praktischen Arbeit einer Aufsichtsbehörde, nennt rechtliche Grundlagen, gibt Hinweise zu notwendigen technischen Maßnahmen nach Artikel 32 DS-GVO und die oftmals schwierige Risikoabschätzung nach „wir wurden gecybert“-Sicherheitsvorfällen. Im Quiz selbst müssen die Kandidat:innen in ihren Antworten praktische Lösungsvorschläge für häufige technische und rechtliche Probleme vorschlagen, zum Beispiel welche technischen Maßnahmen bei bestimmten Datenpannen nach dem „Stand der Technik“ angebracht sind, ob man als Website-Betreiber denn nun Google Analytics nutzen darf oder wie man sich gegen (rechtswidrige) Datensammler wehrt. Dadurch können Teilnehmer wie Zuschauer die praktische Anwendung der DS-GVO spielerisch lernen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/die-groe-datenschutz-datenpannen-und-ds-gvo-show/

Dec 27, 20241h 31m

Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope! (38c3)

Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot. A digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future. This is possible because lot of custom silicon chips from that era (80s and 90s) are of the "gate array" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more. In this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is. I will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/proprietary-silicon-ics-and-dubious-marketing-claims-let-s-fight-those-with-a-microscope/

Dec 27, 202436 min

Wir wissen wo dein Auto steht (38c3)

Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell. Welche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt? Was verraten Fahrzeugdaten über die Mobilität von Behörden, Ämtern, Ministerien, Lieferdiensten, Mietwagenfirmen, etc.? Wofür werden diese Daten überhaupt gesammelt? Wir zeigen Kurioses bis Bedenkliches - natürlich mit mehr Respekt für den Datenschutz, als diejenigen, die die Daten gesammelt haben. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/

Dec 27, 202438 min

Wie wird gleich? (38c3)

Welchen Einfluss hat die Form der Dinge? Wie wirken wir durch die Gestaltung unseren kulturellen Praxen, Architekturen, Sprachen und Strukturen auf uns und die uns umgebende Zukunft ein? Und warum findet sich in zeitgenössischer Design Theorie ein Verb wie *Futuring*? Basierend auf der Annahme, dass alles mit allem zusammen hängt und ein gemeinsames Interesse besteht, die gesamte Scheiße zum Guten zu wenden, lade ich dazu ein, anhand von Praxisbeispielen aus meiner künstlerischer Forschung und einfachen Live-Experimenten, zu erfahren, wie wir alle Welt gestalten. Und wie wir aus diesem Beteiligt sein Mut ziehen können, einer lebenswerten Zukunft für alle näher zu kommen. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/wie-wird-gleich/

Dec 27, 202434 min

Hardware hacking mit Bluetooth Low Energy (38c3)

How to remote-control (and build) the weirdest devices with Bluetooth Low Energy and no programming. Want to build a connected [soap bubble maker | water boiler | door lock | ...]? This talk briefly covers the basics of Bluetooth Low Energy, outlining the effort needed to implement such a technology with raw code. It then focuses on how to leverage said technology without getting your hands dirty by replacing programming with a bit of configuration, demonstrating the usage of the [BLEnky](https://structure.nullco.de/?node_id=66216cdb1a95fb4425f23212&token=3c55f7bb1de0e79c9020dbb09deac741df56fc5474825407abb94f96714ce134&focused_node=6622041d1a95fb4425f2323a) project for quick results. [Click here for many more examples](https://structure.nullco.de/?node_id=66216cdb1a95fb4425f23212&token=3c55f7bb1de0e79c9020dbb09deac741df56fc5474825407abb94f96714ce134&focused_node=6622041d1a95fb4425f2323a) Some notable projects will be described, as well as a live hack of some stupid gadget to make it "smart". Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/hardware-hacking-mit-bluetooth-low-energy/

Dec 27, 202435 min

Feelings are Facts: Love, Privacy, and the Politics of Intellectual Shame (38c3)

A debut of new research and analysis, focused on emotions and the affective register—love! shame! intimacy! What happens when we put love and intimacy at the center of our understanding of privacy, and what are the consequences of their disavowal, in favor of a more familiar technocratic definition of privacy-as-absense? What role does our deep desire for love and belonging, and our concomitant fear of shame and rejection, have to do with the (mis)direction of tech capital and the current, warped shape of the tech industry and its products? We take these questions seriously, and work through their implications together in Hamburg during that brief, liminal window between the winter holidays and the new year. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/feelings-are-facts-love-privacy-and-the-politics-of-intellectual-shame/

Dec 27, 202440 min

How to Spec - Fun with dinosaurs (38c3)

The public image of dinosaurs is largely shaped by art. While paleontology is a dynamic and productive science, it is primarily through paleoart that our perception of prehistoric life takes form. By combining informed speculation with a deep understanding of anatomy, ecology, and geology, paleoartists continuously reimagine extinct organisms in innovative ways. The public image of dinosaurs is largely shaped by art. While paleontology is a dynamic and productive science, it is primarily through paleoart that our perception of prehistoric life takes form. This tradition of science informed art form, rooted in a 200-year history, finds its inspiration in the fossil record and the interpretations it offers. The gaps in our knowledge are as influential as the fossils themselves. Through informed speculation and a fundamental understanding of anatomy, ecology and geology a paleoartist is able to bring back extinct organisms in ever new ways. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/how-to-spec-fun-with-dinosaurs/

Dec 27, 202441 min

A dive into DNS (38c3)

Everyone kind of forgot about DNS. How does it work, how to claim it back and why? This talk will show some data about DNS to see differences between TLD's, will show how the entire thing works and the current problems in some setups. Then show how to make our own authoritative DNS servers in a secure and redundant way to claim ownership of it and decentralise it from the big providers. Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/a-dive-into-dns/

Dec 27, 202440 min

Waiter, There's An LLM In My Search! (38c3)

This year Large Language Models (LLMs) in search engines told us to put glue on our pizza and eat a small rock every day. This is not ideal, and the consequences of "AI Overviews" and similar features could even be deadly for some people, like mushroom foragers. Maybe it's time for a new sort of search? In this talk I'll sketch out some possible futures and look at how we can put search back in the hands of the searcher. Also, there will be memes! Overall, the state of search right now is: not good. Search engine results are full of AI generated sludge, SEO spam and self-dealing by providers. This talk will look at the options that are open to us to improve search somewhat, including a few tips and tricks that anyone can take advantage of today to make hyperscale search providers like Google more functional again. But in many ways the most interesting question is whether we can find ways to discover stuff online that don't rely on a handful of hyperscale providers to do all the web crawling and indexing, and servicing of people's queries. In particular, what would happen if search was federated - how could we make that scaleable and performant, and what can we learn from the fediverse? Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://events.ccc.de/congress/2024/hub/event/waiter-there-s-an-llm-in-my-search/

Dec 27, 202439 min