Chaos Computer Club - archive feed

Exploring the visualization of OSM data outside its digital form and how it can be applied to everyday object from book cover to wallpaper. This talk will discuss on how to elevate OSM data beyond maps, exploring its potential in data-as-decor on both public and private space. The talk will describe the tools and workflow on how to create these product as well as its strengths and weakness. When people describe OSM data, usually it will revolve around its structures, type and geometry. And normally the data will be transform into maps, both in printed and digital format. Yet, we believe that it should not stay that way. Several efforts have been made to transform OSM data into everyday product, from simple things such as book cover, t-shirt design to wallpaper or wall paintings. Its open data license enables vast array of customization into product that some may consider as a work of art without constrained by cost and licensing. We will showcase what have been created by OSM community all around the world from OSM data in everyday objects and several products that we created ourselves for event merchandises (book cover, key chains, sticker, mouse pad, goody bag) and office decoration. For the product that we create we will explain the tools (software and hardware), options for media used and what is the workflow to create such product so that it will inspire the audience to create their own product for their area of interest as well as building geographic identity through design. We want to proliferate OSM data and transform its data beyond maps and explore its potential in non-conventional design. about this event: https://pretalx.com/sotm2019/talk/799WZF/

Eine kurze Einführung in Qubes-OS - einem vernünftig sicherem Betriebssystem - und ein Erfahrungsbericht über die private Nutzung des selbigen. Der Vortrag beschreibt die Herausforderungen mit klassischen Betriebssystemen und die Gründe für Qubes OS. Es folgt ein Überblick über die Architektur und ein paar Live-Beispiele. Zum Abschluss gibt es noch ein paar Informationen aus meiner Erfahrung mit Qubes OS. about this event: https://datenspuren.de/2019/fahrplan/events/10456.html

Der Talk bietet einen aktuellen Einblick zum Statua Quo zum Thema Entwicklung und Anwendung von Algorithmen und KI, den damit beteiligten Akteuren und den Bugs … Der Talk bietet einen aktuellen Einblick zum Statua Quo zum Thema Entwicklung und Anwendung von Algorithmen und KI, den damit beteiligten Akteuren und den Bugs. Der Schwerpunkt liegt aber auf der Frage, welche KI brauchen und wollen wir. Und stellt zur Debatte die Frage: "Sollen alle überleben oder keiner" bzw. "Betrachten wir den Menschen als Sicherheitsrisiko oder den Klimawandel?" Am Ende werden Ansätze skizziert für eine KI-Entwicklung, die dem Menschen dient. about this event: https://datenspuren.de/2019/fahrplan/events/10491.html

Wer etwas auf sich hält, wird heutzutage auch mal gehackt. Das gilt insbesondere für Unternehmen. Doch wie geht es dann weiter? Dieser Vortrag beschreibt die unterschiedlichen Phasen eines Hackerangriffs und wie man als gehackter professionell reagiert, neudeutsch "Incident Response" betreibt. about this event: https://datenspuren.de/2019/fahrplan/events/10393.html

Get to know the Board and the Working Groups. Together, we run the OSMF. Let's use the SotM to have a real face to face meeting. The public is invited to join the conversation too. SotM is about the community meeting the community. But we don't always seek out everyone we would like to talk to. So let's use this space to make sure as many members of the working groups and the board get to know each other as people and not just online text. All working group and board members are invited on the stage and can discuss anything. The public can also ask questions. Feel free to suggest some agenda items to joost -at- osmfoundation.org about this event: https://pretalx.com/sotm2019/talk/9MR9QK/

The boot loader specification defines a generic drop-in based solution for defining boot targets. sd-boot is a boot loader for UEFI systems, and included in the systemd source tree. In this talk we’ll have a closer look on the what, the why and the how of the specification and the boot loader. about this event: https://cfp.all-systems-go.io/ASG2019/talk/HFJMLU/

Traditionally processes are identified globally via process identifiers (PIDs). Due to how pid allocation works the kernel is free to recycle PIDs once a process has been reaped. As such, PIDs do not allow another process to maintain a private, stable reference on a process. On systems under pressure it is thus possible that a PID is recycled without other (non-parent) processes being aware of it. This becomes rather problematic when (non-parent) processes are in charge of managing other processes as is the case for system managers or userspace implementations of OOM killers. Over the last months we have been working on solving these and other problems by introducing pidfds – process file descriptors. Among other nice properties, the allow callers to maintain a private, stable reference on a process. In this talk we will look at challenges we faced and the different approaches people pushed for. We will see what already has been implement and pushed upstream, look into various implementation details and outline what we have planned for the future. about this event: https://cfp.all-systems-go.io/ASG2019/talk/TPS8TS/

Most modern container image formats use tar-based linear archives to represent root filesystems, which results in many issues when using modern container images. In this talk, we will demonstrate a solution to this problem that we plan to propose for standardisation within the Open Container Initiative (code-named "OCIv2 images"). This talk is specific to the Open Container Initiative's image specification, but the same techniques could be applied to other systems (though we'd obviously recommend using OCI). In order to avoid the [numerous issues with tar archives](https://www.cyphar.com/blog/post/ociv2-images-i-tar) it is necessary to come up with a different format. In addition, layer representations result in needless wasted space for storage of files which are no longer relevant to running containers. Massive amounts of duplication are also rampant within OCI images because tar archives are completely opaque to OCI's content-addressable store. Luckily the problem of representing a container root filesystem for distribution is very similar to existing problems within backup systems, and we can take advantage of prior art such as [restic](https://restic.net/) to show us how we can get significant space-savings and possibly efficiency savings. However, we also must ensure that the runtime cost of using this new system is equivalent to existing container images. Container images are efficient at runtime because they map directly to how overlay filesystems represent change-sets as layers, but with some tricks it is possible for us to obtain most of the improvements we also gained in distribution with de-duplication. Our proposed solution to all of these problems will be laid out, with opportunities for feedback and discussion. about this event: https://cfp.all-systems-go.io/ASG2019/talk/VMTEPT/

Follow a journey of writing STM32 microcontroller firmware from scratch, using open-source tools. Follow Nikolay Kondrashov's journey of learning to write firmware for an STM32 microcontroller (the Blue Pill one) from scratch, using only open-source tools. From blinking LEDs, to controlling a toy car, without the complicated, and license-restricted manufacturer's libraries, or the comfortable crutches of the Arduino stack. Learn where to look for information, which tools you might need, and how to do it yourself with a similar or a different microcontroller. about this event: https://cfp.all-systems-go.io/ASG2019/talk/JDCVYP/

In this talk David will show Grafana's advanced features to manage a fleet of Linux hosts. He will also show relevant metrics and logging datasources and how they can be combined to get a full picture of what is going on. about this event: https://cfp.all-systems-go.io/ASG2019/talk/XJAWA7/

How Endless are implementing time-limited scopes in systemd, using that to implement time-limited login sessions, and then using that to implement parental controls on the desktop. about this event: https://cfp.all-systems-go.io/ASG2019/talk/8RB73U/

Sometimes things in our society can look as if they were always there. Take for example police. Today majority of the people living next to us can’t imagine the world without police in our neighborhood. However it was not always like that. Kristian Williams, anarchist and author of Our Enemies in Blue and Fire the Cops, will talk about the history of policing in the United States, from its origin in slave patrols to the present era of militarization and community policing. Particular attention will be given to the role of police in repression movement fighting for social justice and greater equality. about this event: https://datenspuren.de/2019/fahrplan/events/10398.html

Resource control is reaching feature completeness and the focus at facebook is shifting towards productionizing. Let's go over what feature completeness means and the productionizing efforts. Until recently, we never had all the kernel and system features needed to implement work-conserving comprehensive resource control. With the recent additions of senpai, io.weight and cpu.headroom and others, we now have all pieces to implement protection, stacking and side-loading. Our focus at facebook is gradually shifting towards productionizing resource control so that service owners can obtain high resource reliability and utilization without worrying about the details. Let's go over how resource control features come together to form the basic resource profiles and how we're trying to productionize them. about this event: https://cfp.all-systems-go.io/ASG2019/talk/KEK3MD/

The primary focus is to gather feedback from systemd community regarding ongoing and future work to introduce custom cgroup-bpf programs to systemd. The motivation is to give a user a capability to attach their own cgroup-bpf programs to systemd containers. This is a continuation of <a href="https://github.com/systemd/systemd/issues/10227" title="discussion"> started at ASG2018 and followed by <a href="https://github.com/systemd/systemd/pull/12151" title="PR12151"> and <a href="https://github.com/systemd/systemd/pull/12419" title="PR12419">. Currently systemd utilizes BPF macro-assembly which is poorly extendable and maintainable, so the 1st iteration would be introducing `libbpf` library to systemd. The first attempt was made and it raised valid questions about `libbpf` testability and dependencies it introduces. We’d like to address that. Another topic of focus may be implementation details, such as how to store libbpf programs: either as bytecode or as restricted C which compiles with the rest of systemd. For attendees with no context a brief intro to eBPF will be made including new initiatives which may be of use to systemd, e.g. “Compile once, run everywhere”. Since this is ongoing work the agenda may vary depending on activity in PRs. about this event: https://cfp.all-systems-go.io/ASG2019/talk/M8DVWG/

How can we build hostile and untrusted code in containers? There are many options available, but not all of them are as safe as they claim to be... Rootless container image builds (as distinct from rootless container runtimes) have crept ever closer with orca-build, BuildKit, and img proving the concept. They are desperately needed: a build pipeline with an exposed Docker socket can be used by a malicious actor to escalate privilege - and is probably a backdoor into most Kubernetes-based CI build farms. With a slew of new rootless tooling emerging including Red Hat’s buildah, Google’s Kaniko, and Uber’s Makisu, we will see build systems that support building untrusted Dockerfiles? How are traditional build and packaging requirements like reproducibility and hermetic isolation being approached? In this talk we: - Detail attacks on container image builds - Compare the strengths and weaknesses of modern container build tooling - Chart the history and future of container build projects - Explore the safety of untrusted builds about this event: https://cfp.all-systems-go.io/ASG2019/talk/PVYETJ/

Whether to support users, ensure their security, or meet compliance goals, organizations need to deploy monitoring of their desktop machines. Yet, many approaches overreach by effectively being rootkits. In this presentation, we'll examine: * What data a monitoring system needs to collect * Where the data we need lives on a modern Linux desktop * Which data sources expose sandbox-friendly API access * Sandboxing the monitoring daemon itself about this event: https://cfp.all-systems-go.io/ASG2019/talk/3ZKVWF/

Learn how a Service Mesh can secure your bare-metal (non-virtualized) workloads quickly without any code modifications to improve your security posture. Zero Trust is an information security mantra to not implicitly trust any the underlying infrastructure (hardware, network, software, etc). For many organizations, this extends into the cloud where this philosophy is applied to workloads running in public, virtualized clouds. We'll be taking this philosophy to protect an insecure application, the Fortune Cookie Micro Service, running atop a bare metal cloud with a Service Mesh to provide authentication and encryption of data in motion without the complexities of virtualization or containerization. This walkthrough uses all open source software (Terraform for the deployment atop the Packet bare metal cloud and Consul for the service mesh) atop Ubuntu physical nodes. about this event: https://cfp.all-systems-go.io/ASG2019/talk/H3YZZM/

Let's bring the UNIX concept of Home Directories into the 21st century. The concept of home directories on Linux/UNIX has little changed in the last 39 years. It's time to have a closer look, and bring them up to today's standards, regarding encryption, storage, authentication, user records, and more. In this talk we'll talk about "systemd-homed", a new component for systemd, that reworks how we do home directories on Linux, adds strong encryption that makes sense, supports automatic enumeration and hot-plugged home directories and more. about this event: https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/

Tilo Jung, Stefan Schulz und Hans Jessen kommen nach Dresden und machen den zweiten A!Live außerhalb Berlins. https://aufwachen-podcast.de/termine/alive-in-dresden/ about this event: https://datenspuren.de/2019/fahrplan/events/10470.html

In this talk, I'll go through my efforts to revamp libcontainer's systemd driver, in particular to support the unified cgroup hierarchy. libcontainer is part of runc (opencontainers/runc in GitHub) and is used by the Docker and containerd ecosystem to spawn containers. This work is trying to bridge the gap between the Docker/containerd/Kubernetes ecosystem and cgroup2 through the unified hierarchy, using systemd as an authoritative container manager. I'll also touch on alternative approaches (such as crun and systemd-nspawn) and briefly talk about the OCI standard and the need for it to evolve to properly support cgroup2 semantics. about this event: https://cfp.all-systems-go.io/ASG2019/talk/YPU3HL/

Atomic Updates and user modified configuration files in /etc often lead to hard to resolve conflicts. In this talk, I want to show the most common and biggest problems and possible solutions. More and more Linux Distributors have a Distribution using atomic updates to update the system. They all have the problem of updating the files in /etc, as an admin could do changes after the update but before the reboot to activate the updates. But everybody come up with another solution which solves their usecase, but is not generic useable. Additional there is the "Factory Reset" of systemd, which no big distribution has really fully implemented today. A unique handling of /etc for atomic updates could also help to convince upstream developers to add support to their applications, while currently they hesitate to add distribution specific patches and support. During this talk, I will describe the different areas of problems and possible solutions. The goal is to provide a concept working for all Linux Distributors (like the FHS). My dream is, that no package installs anything in /etc, it should only contain changes made by the system administrator or configuration files managed by the system administrator. For some problems, it would be already enough today if Linux distributors would adjust the configuration of applications or use all features of them. Other requires minimal to intrusive changes to packages, and for the last kind complete new concepts are necessary. about this event: https://cfp.all-systems-go.io/ASG2019/talk/KYTCJV/

Presenting [traceloop](https://github.com/kinvolk/traceloop), a “time travel” tracing tool to trace system calls in cgroups using BPF and overwritable ring buffers. Many people use the “strace” tool to synchronously trace system calls using ptrace. [Traceloop](https://github.com/kinvolk/traceloop) similarly traces system calls but asynchronously in the background, using BPF and tracing per cgroup. I’ll show how it can be integrated with systemd and with Kubernetes via [Inspektor Gadget](https://github.com/kinvolk/inspektor-gadget). Traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. As opposed to “strace”, the tracing could be permanently enabled on systemd services or Kubernetes pods and inspected in case of a crash. This is like a always-on “strace in the past”. Traceloop uses BPF through the gobpf library. Several new features have been added in gobpf for the needs of traceloop: support for overwritable ring buffers and swapping buffers when the userspace utility dumps the buffer. https://github.com/kinvolk/traceloop https://github.com/kinvolk/inspektor-gadget https://github.com/iovisor/gobpf Slides: https://docs.google.com/presentation/d/1zIZUrTrD7FkS9pHnWz87ZmoLTrO1g9-J_lDMD7E5kdo/edit about this event: https://cfp.all-systems-go.io/ASG2019/talk/98A9LW/

How did Microsoft made SQL Server available on Linux, Containers and ARM CPUs? Come hear the story from the SQL Server engineering team. We'd love to tell the story on how we made SQL Server available to ecosystems outside of Windows in this talk. It's a great story that involves quite a bit of interesting technologies and we'd like to share that with everyone! about this event: https://cfp.all-systems-go.io/ASG2019/talk/GTYJFV/

The difficult task to checkpoint and restore a process is used in many container runtimes to implement container live migration. This talk will give details how CRIU is able to checkpoint and restore processes, how it is integrated in different container runtimes and which optimizations CRIU offers to decrease the downtime during container migration. In this talk I want to provide details how CRIU checkpoints and restores a process. Starting from ptrace() to pause the process, how parasite code is injected into the process to checkpoint the process from its own address space. How CRIU transforms itself to the restored process during restore. How SELinux and seccomp is restored. I also want to give an overview how CRIU uses userfaultfd for lazy migration and dirty page tracking for pre-copy migration. I want to end this talk with an overview about how CRIU is integrated in different container runtimes to implement container live migration. about this event: https://cfp.all-systems-go.io/ASG2019/talk/E88Z7V/

Have you ever encountered a transient performance issue, that was hard to investigate only from the database point of view? On top of how many layers of abstraction your database is working? What is the difference between running your database on a bare metal, VM or inside a container? PostgreSQL does not work in the vacuum, it heavily relies on functionality provided by an underlying platform. And sometimes to answer these questions above one needs to step back and look at a problem not only from a database point of view. In this talk we will discuss how to achieve that, how to tame such tools as strace, perf or eBPF to troubleshoot intricate issues and stay curious. Have you ever encountered a transient performance issue, that was hard to investigate only from the database point of view? On top of how many layers of abstraction your database is working? What is the difference between running your database on a bare metal, VM or inside a container? PostgreSQL does not work in the vacuum, it heavily relies on functionality provided by an underlying platform. And sometimes to answer these questions above one needs to step back and look at a problem not only from a database point of view. In this talk we will discuss how to achieve that, how to tame such tools as strace, perf or eBPF to troubleshoot intricate issues and stay curious. about this event: https://cfp.all-systems-go.io/ASG2019/talk/AXPVZ3/

GNU poke is a new interactive editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. GNU poke is a new interactive editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes. The program comes with a library of already written descriptions (or "pickles" in poke parlance) for many binary formats. GNU poke is useful in many domains. It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers. This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs. Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively. It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files. This talk (unlike Gaul) is divided into four parts. First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures. Then I will show some of the internals, and how poke is implemented. The third block will cover the way of using Poke to describe user data, which is to say the art of writing "pickles". The presentation ends with a status of the project, a call for hackers, and a hint at future works. about this event: https://cfp.all-systems-go.io/ASG2019/talk/BKXVJQ/

Transactional updates (also called atomic updates) are a way to update a system without interfering with the currently running system - making this a rock-solid way to update any machine, from embedded systems to cluster nodes. What do openSUSE MicroOS, Fedora CoreOS, Chrome OS, Ubuntu Core and Android have in common? All of them are using a *read-only root file system* and so called *transactional / atomic updates* to update a system safely - without having to worry that a broken update could leave your system in some undefined state. This talk will focus on how to use *btrfs*' snapshot feature to implement such a transactional system and explain where the pitfalls of implementing such a system compared to a traditional read-write system are. about this event: https://cfp.all-systems-go.io/ASG2019/talk/SXENPK/

What happened in the coreboot based firmware world since last year? How to get started? In September, coreboot 4.10 will have been released, and the Open Source Firmware Conference took place. Take this opportunity to present the latest news and changes in the coreboot based firmware world. AMD devices are available with coreboot, and after Google and Puri.sm more vendors like System76 ship their devices with coreboot. While at it, give a quick introduction how to get started. about this event: https://cfp.all-systems-go.io/ASG2019/talk/UUYNXW/

Using RPMs can be very advantageous during development of systemd on Fedora. In order to make that viable, we need to build them from a git checkout and have the ability to use incremental builds. I will explore tooling I've been using and building to use RPMs during systemd development. I'll quickly cover the motivation and advantages while I manage to build one during a lightning demo. about this event: https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/

Opening of All Systems Go! about this event: https://cfp.all-systems-go.io/ASG2019/talk/A3KZGD/

The embedded world has dealt with image creation for decades. Why not use those decade of experience to reliably create image for the datacenter world ? Building an OS image in a reliable, reproducible, tracable and archivable way is a hard problem, but it is a problem that the embedded world has been working on for decades and where mature and easy to use tools exist Nowdays, the world of containers is rediscovering these problems and most tools do not provide the level of tracability and reliability needed to be able to properly track the content of an image in every detail and be confident that it is possible to report what changes are local and what licenses are used. Buildroot is one of the tools the embedded world provides to solve that problem. It is robust, mature, deadly simple to use and can really help getting back the control on container images. about this event: https://cfp.all-systems-go.io/ASG2019/talk/B7D7BC/

Several of the standard tools like `grep` and `find` have rewritten alternatives, performing the tasks much quicker and have a more intuitive interface. Present some of them. about this event: https://cfp.all-systems-go.io/ASG2019/talk/JFC7VC/

Zstandard (zstd) is a new lossless compression algorithm with a very attractive compression rate and performance. In production environments it comes with some quantifiable benefits but also with some surprising issues. about this event: https://cfp.all-systems-go.io/ASG2019/talk/DG3YDE/

Was ist moderne Kryptografie, Wie arbeiten Kryptologen heute, Wie wird was in drahtlosen Netzen chiffriert, ggf. Angriffsmöglichkeiten & Tipps für sichere mobile Kommunikation Von security zu obscurity zu open-source cryptography nach dem kerckhoffschen Prinzip anhand von KASUMI, Zero Knowlegde und Challenge Response Verfahren. Kryptologen = Alchimisten der Moderne oder rationale Wissenschaftler. Vom GMS zu 5G wie siocher sind mobile Netze wo liegen die Schwachstellen (SS7 Protokoll warum das so ein großes Ding ist) Welche Daten werden wann wie wie verschlüsselt. Sichere Ende zu Ende Verschlüsselung mit OTR und ZRTG about this event: https://talks.mrmcd.net/2019/talk/J8LDXK/

[Æ-DIR](https://www.ae-dir.com) ist ein Identity & Access Management, welches die Prinzipien Need-to-Know- und Least-Privilege ernst nimmt. [Æ-DIR](https://www.ae-dir.com) ist ein paranoides Identity & Access Management basierend auf OpenLDAP. Im Gegensatz zu anderen LDAP-Servern muss für an Æ-DIR angeschlossene Systeme die Sichtbarkeit von Benutzern und Gruppen immer explizit (zweckgebunden) erlaubt werden. Dies erfolgt rein über Datenpflege im LDAP-Server. LDAP-fähige Anwendungen müssen auch dank Schemakompabilität nicht speziell für Æ-DIR angepasst werden. Ein für Æ-DIR angepasster NSS-/PAM-Dienst [aehostd](https://www.ae-dir.com/aehostd.html) ermöglicht die automatisierte Integration und performante Nutzung auch in grossen Server-Umgebungen. Zudem wird die Administration auf mehreren Ebenen an kleine Benutzergruppen delegiert, um zu mächtige Stellvertreter-Rollen zu vermeiden. Dies macht auch Genehmigungsprozesse überflüssig. Strikte Vorgaben im System dienen der langfristigen Auditierbarkeit und somit als Grundlage für detaillierte Compliance-Prüfungen. Durch Statusänderung auf "archiviert" kann dabei die Sichtbarkeit von Einträgen sehr stark eingeschränkt werden, um trotz der langfristigen Speicherung von Benutzerdaten (z.B. wg. GOB/GdPdU) ausreichenden Datenschutz (DSGVO) zu gewährleisten. about this event: https://talks.mrmcd.net/2019/talk/VU7SC8/

Closing about this event: https://talks.mrmcd.net/2019/talk/ZLX8NW/

Ein kleiner Überblick warum (meiner Meinung nach) OpenSource Hardware bei weitem nicht so weit verbreitet ist wie OpenSource Software. Kaum hat mein ein elektronisches Gerät/eine Platine entwickelt, kommt man "natürlich" auf die Idee das Ergebnis zu Teilen. Bei Hardware ist das aus organisatorischen und regulatorischen Gründen jedoch deutlich schwieriger verglichen mit Software. Diese möchte ich gerne Anreißen und Diskutieren. about this event: https://talks.mrmcd.net/2019/talk/KWEAX7/

Hackback-Quartett spielt doch heutzutage jedes hippe Cyberland mit^^gegeneinander. Die größten Auswirkungen auf KRITIS und die Ethik gewinnen! Oder warum wir eine defensive Cybersicherheitsstrategie im Bevölkerungsgesellschaftsspielfeld haben wollen… Die Würfel im Cyberquartett „IT-Sicherheitsgesetz“ sind gefallen: neun! So viele Sektoren gibt es als kritische Infrastrukturen im Cyberquartett. Darunter fallen Energieversorgung, Finanz- und Versicherungswesen, Wasser, Ernährung, Gesundheit, IT und TK, Transport und Verkehr. Spielt ein Land den Hackback-Joker aus, erleidet der andere Spieler einen Versorgungsausfall, der zu einem Großlagebild oder sogar zu einer Krise führen kann, in der die Versorgung eines großen Teils der Gesellschaft(sspieler) nicht mehr gewährleistet werden könnte. Setzten einige Staaten alles auf eine Karte durch offensive Cyberwar- und Hackback-Vorgehensweisen als auch mittels hybrider Kriegsführung? Droht dann der Spielverlust und warum bedeutet das dann für die Bevölkerung „Gehe direkt ins Gefängnis, gehe nicht über Los, ziehe keine 4.000,- € ein“? Warum kann es bei allen vier Bahnhöfen und dem Elektrizitäts- und Wasserwerk zu physischen IT-Störungen und Ausfällen kommen? Welche Spielregeln sind im Cybermonopoly aufzustellen, um von offensiven zurück zu defensiven Besitzrechten zurück zu kommen. Und wieso liegt darin eigentlich der einzig wahre Spielsieg für die Bevölkerung? Mögen die Spiele beginnen… about this event: https://talks.mrmcd.net/2019/talk/CNRWVN/

Die DSGVO sucht Mitspieler! Wir erklären euch die Spielregeln: wie man Anfragen richtig stellt, die Datenschutzbeauftragten einschaltet und eine Klage einreicht. Dazu haben die Spielmeister schon Punkte gesammelt mit über 100 *Artikel-15* Anfragen, 10 *Artikel-77*Beschwerden und 4 *Artikel-79-Klagen* eingereicht. Um euch das Leben leichter zu machen, haben wir einen Workflow und ein Tool, um Anfragen zu generieren erstellt und zeigen euch, wie ihr mit den Gegenspielern umgeht, was ihr gegen Cheater tut, und wie ihr das Spiel gewinnt. Spieler 1 (Andreas Diehl) ist Informatiker, Datenschützer aus Leidenschaft, und betreibt selbst eine kleine IT-Firma. Spielerin 2 (Ramona Weik) ist Juristin, forscht auf dem Gebiet der Auslegung der DSGVO und der Teilautomatisierung der Anfragen Wir würden gerne einem breiteren Publikum zeigen, wie man mit nicht oder falsch erfüllten DSGVO-Anfragen zu Auskunft und Löschung umgeht, wie man sich die Hilfe von Datenschutzbeauftragten verschafft und was man schreiben muss, um das ganze notfalls gerichtlich durchzusetzen. Dazu können wir viele Beispiele anhand von unseren Anfragen und zum Teil auch Gerichtsverfahren liefern (und auch zeigen, wie man den Gerichten erklärt, wie sie die DSGVO auszulegen haben). Tool zum Stellen von Anfragen: [HDGDLDSGVO](https://adiehl.github.io/dsgvo) ([source](https://github.com/adiehl/hdgdldsgvo)) about this event: https://talks.mrmcd.net/2019/talk/QRUYMX/

Bei Freifunk Frankfurt hat sich in den letzten Jahren einiges getan: Statt unser Netz nur über gemietete Server zu verbinden, haben wir jetzt eigene Hardware in mehreren Rechenzentren und ein Autonomes System, mit dem wir direkt an die zentralen Punkte des Internets angebunden sind. Den Weg dahin und unsere Ideen für die Zukunft wollen wir euch hier vorstellen. about this event: https://talks.mrmcd.net/2019/talk/RZPYCL/

Dieser Vortrag richtet sich an Lebewesen, die Keime in und auf sich tragen - ja, auch du hast ein Mikrobiom! ;) Ich spreche einsteigerfreundlich über die Themen: - was sind Bakterien und was machen die eigentlich so? - wie entstehen und funktionieren Resistenzen? - was sind multiresistente Keime? wo kommen sie vor? warum breiten sie sich aus? - worauf kann ich persönlich achten? wie desinfiziere ich richtig meine Hände? - das neue Antivir - mit Bakteriophagen gegen die Superbugs (30 Tage Testversion wird beim Vortrag verteilt) wenn ich fertig bin, könnt ihr euch mit der Security für eure Körper befassen. (no pentests please) about this event: https://talks.mrmcd.net/2019/talk/YR7FHB/

Das [Recurse Center](https://recurse.com) ist laut Selbstbeschreibung "a self-directed, community-driven educational retreat for programmers in New York City". Ich habe dort im Frühjahr drei Monate verbracht, und möchte euch von meinen Erfahrungen erzählen. Das Recurse Center versteht sich als laufendes Experiment, wie man eine gesunde, diverse, und integrative Community baut und aufrecht erhält. Über die Jahre sind dort viele Strukturen und Traditionen entstanden, die mir sehr gefallen haben, wie das wöchentliche *feelings check-in*, oder der *coffee chat bot*, der zu einer schnellen Vernetzung innerhalb der Community beiträgt. Viele Ideen halte ich für übertragbar auf andere Communities. Es gibt vier einfache soziale Regeln, die zu einem respektvollen Miteinander beitragen, und zu einer Umgebung, in der sich die Leute voll darauf konzentrieren können, voneinander zu lernen. Und was inhaltlich dort passiert, ist vollständig von den Teilnehmenden gestaltet – in sie wird das Vertrauen gesetzt, selbst am besten zu wissen, wie sie ihre Zeit dort strukturieren wollen, ganz im Sinne der Unschooling-Bewegung. Dies wird ein sehr persönlicher Vortrag, in dem ich sowohl von dem Rahmen erzählen möchte, als auch von den Menschen, die ich dort kennen lernen durfte, und schließlich auch davon, was ich inhaltlich dort so gemacht habe. about this event: https://talks.mrmcd.net/2019/talk/ARZGCP/

Ein Überblick über das HAFAS und die Datengrundlage. Wie sieht die Datenlage international aus? Was weiß die ÖBB über Deutsche Fahrten. Was weiß die DB? Passt das zusammen? Nach dem Überblick über reine DB APIs auf der GPN19 (https://media.ccc.de/v/gpn19-67-bahn-api-chaos) diesmal ein Überblick über das HAFAS. Die Fahrplanauskunft der DB und vieler anderer Verkehrsbetriebe. Wie sieht die Datenlage aus? Was weiß die ÖBB über die DB und andere regionale Verkehrsbetriebe? about this event: https://talks.mrmcd.net/2019/talk/P3SLQX/

A talk about the utterly broken chain of trust of SSL/TLS certificates and certificate pinning in the browser as a means to take back control. Web browser developers have been betrayed by the SSL/TLS chain of trust more than once in the past. As a result they are now pinning their own certificates which means that they only trust a particular issuer. This talk gives an overview how the chain of trust works, of potential attack vectors, presents remedies that were tried and explains why they were largely unsuccessful. Finally a solution is presented how the rest of us can also regain control with a Firefox plugin that pins certificates of our choosing and warns when nasty things happen. about this event: https://talks.mrmcd.net/2019/talk/H8XDK8/

Scheinargumente, kognitive Verzerrungen und verbale Taschenspielertricks erkennen und entkräften. Nicht jede sachliche Diskussion wird von allen Teilnehmern auch sachlich geführt. Manche Leute wollen einfach nur ihren Standpunkt durchsetzen, egal welche sachlichen Argumente dem entgegenstehen. Dazu benutzen Sie „unehrliche“ rhetorische Techniken, die mittels verschiedener verbaler und psychologischer Tricks die Gegner und Gegenargumente als falsch oder lächerlich darzustellen versuchen. Gerade in Talkshows mit Politikern oder bei Meetings mit hochrangigen Managern werden solche Techniken oft eingesetzt. Dieser Workshop zeigt einige dieser Techniken auf, wie man sie erkennt und wie man sich gegen sie wehren kann. Basierend auf Schoppenhauers *„38 Kunstgriffe - Die Kunst, Recht zu behalten“.* about this event: https://talks.mrmcd.net/2019/talk/KMYUJM/

Der Austausch von Informationen ist so alt wie die Menschheit selbst. Doch Kommunikation ist Veränderungen unterworfen und hat vom Hohen Mittelalter bis in unsere Zeit eine gewaltige Entwicklung erfahren. Der Austausch von Informationen ist so alt wie die Menschheit selbst. Doch Kommunikation ist Veränderungen unterworfen und hat vom Hohen Mittelalter bis in unsere Zeit eine gewaltige Entwicklung erfahren. Um die einmalige Dynamik der Gegenwart einordnen zu können, lenken wir den Blick zunächst zurück in eine Zeit, als das Schreiben nur wenigen gebildeten Menschen vorbehalten war und Bücher noch handschriftlich vervielfältigt werden mussten. Erst mit dem Buchdruck, 1454 der größte Meilenstein des vergangenen Jahrtausends, konnten Bücher schneller, günstiger und in größerer Auflage hergestellt werden. Der Buchdruck beschleunigte gelehrte Dispute und trug ganz erheblich zur Reformation bei, die wiederum die geistliche und politische Welt veränderte. Neben die Kommunikation eines Einzelnen mit einem Einzelnen trat die Übermittlung von Informationen an ein größeres Publikum. Dieses Jahrhunderte bestehende System erfuhr mit der industriellen Revolution einen erneuten Schub. Nachrichten gelangten durch kabelgebundene oder drahtlose Kommunikation schnell über alle Erdteile, moderne Druckverfahren verbilligten die Erzeugnisse zur Massenware. Doch erst mit der in den 1980er Jahren beginnenden Computertechnologie kann man von einem neuen Kommunikationszeitalter sprechen. Alle können nunmehr jederzeit miteinander in Verbindung treten – schnell, unmittelbar, ohne räumliche Beschränkung und seit der Jahrtausendwende sogar mobil. Der Blick in die Vergangenheit soll verdeutlichen, wie rasend schnell sich die moderne Kommunikationstechnik entwickelt und welche ungeahnten Möglichkeiten sie mit sich bringt. about this event: https://talks.mrmcd.net/2019/talk/YMXYW8/

Dondon teilt seine Erfahrungen mit dem SBC und geht im Vortrag auf die Erstellung eines Debian-Systems mit mainline Kernel und mainline u-boot ein. Der Bootvorgang wird ausführlich erläutert. Es soll eine Diskussion entstehen inwieweit bereits proproietäre Systeme und Binary-Blobs ausgeschlossen werden konnten und künftig möglichst vollständig substituiert werden können. Dondon shares his expirience with a SBC (single board computer) and speaks about the installation of a pure debian system with mainline kernel und mainline u-boot. The booting sequence will be described in detail. The presentation will be followed by a discussion propritary systems and binary blobs can be eliminated and replaced with opensource software and hardware in the future. about this event: https://talks.mrmcd.net/2019/talk/BTUCFG/

Ein kurzer Überblick über die Möglichkeiten (und Grenzen) der Digitalisierung in der Landwirtschaft, was OpenSource dazu beitragen kann am Beispiel von automatischen Lenksystemen und was noch alles fehlt. Neben einer kurzen allgemeinen Übersicht was im Bereich Digitalisierung in der Landwirtschaft alles schon existiert möchte ich auf OpenSource Projekte eingehen, insbesondere AgOpenGPS und verwandte Projekte, die einen Trecker (fast) autonom arbeiten lassen. about this event: https://talks.mrmcd.net/2019/talk/9ZYWEB/

Bruteforce Angriffe - also Angriffe durch Ausprobieren aller möglicher Passwörter - sind so alt wie Passwörter selbst. Seit Systeme über das Internet erreichbar wurden, haben diese Angriffe an Relevanz gewonnen. Doch obwohl die Idee des Angriffs simpel und altbekannt ist, gibt es in der Praxis kaum Verfahren zur Abwehr dieser Angriffe, die nicht neue Probleme mit sich bringen. In meinem Vortrag möchte ich die gängigen Verfahren beleuchten, aufzeigen welche Probleme sie mit sich bringen und schließlich auch eine Lösung vorstellen, die es besser macht. Im Vortrag zeige ich verschiedene Ansätze wie Bruteforce Protection in der Praxis gehandhabt wird, und dass sie fast alle ein zentrales Problem ignorieren - sie ermöglichen einen Denial of Service Angriff. Schließlich stelle ich das Verfahren der Bruteforce Protection via Device Cookies vom Open Web Application Security Project (OWASP) vor, das bisher der einzige praktikable Ansatz zu sein scheint. Abschließend gibt es noch ein Ausblick über Zwei-Faktor-Authentifizierung zu WebAuthn um zu zeigen, dass es auch andere Lösungsansätze gibt die sich mit der Problematik von Passwörtern allgemein befassen und eine Zusammenfassung mit Hinweisen für Anwendungsentwickler\*innen und Nutzer\*innen. about this event: https://talks.mrmcd.net/2019/talk/PMPV9P/

The Google Memo was not the first and will not be the last sexism discussion in tech. And the problems do not end there. Tech has a diversity problem, and discussions about inclusion, welcoming culture, toxic behaviour, discrimination and the reasons why people are leaving the field can and should not be ignored. This talk asks why people do not feel at home in tech, examines why it is so important that they do, discusses requirements for improvement, and suggests some first steps we can all take to change this. Come by and hear why a summer coding camp for school girls might be a good thing, but not the answer to our problems. The Pay Gap, the Pipeline Problem, and the Glass Ceiling have been discussed, in society as a whole, as well as in the tech industry for years. Every now and then, a scandal fires up the discussions ageing, adds new facettes, or gives focus to another group of people. However, inbetween there is a constant flow of reports and anecdotes of those people that do not feel as at home in tech as they want to. Not everyone interested in the subject matter finds their place -- and it is not a matter of lack of tasks, or versatility of the field. And it is also not a matter of isolated incidents. Across its spectrum and locations tech has a diversity problem: Those already underrepresented leave the field. Why is it that so many do not feel welcome here? How come tolerance can lead to exclusion? Why does not everybody have the same chance of success? And why do we definitely need to change that? Inclusion and diversity are not a matter of "nice-to-have". They are a basis of success. It is time for excuses to stop and for everyone in the field to do their part. This is not an instruction manual to make everything better. But maybe it is food for thought and an inspiration for what can be done. about this event: https://talks.mrmcd.net/2019/talk/REX9YH/