Chaos Computer Club - archive feed

postmarketOS was started with the lofty goal of enabling long term support for mobile phones and other devices with traditionally short lifespans, and doing so outside of the Android walled garden. This has inevitably resulted in a lot of upstream focused hardware bringup and development. Join us and learn what our community have been building, how we're running systemd on Alpine Linux and what we see in the future for postmarketOS. Through community driven efforts and collaboration, postmarketOS has grown into a highly adaptable platform which runs on anything from smartwatches and TVs to phones and laptops. In this talk, Caleb and Clayton discuss how our unique approach to tooling and package management have allowed such a small community to scale up to support hundreds of devices with more than 5 different bootloaders, over a dozen user interfaces, and now two init systems. They will cover: * A rough overview of the distro architecture * How device abstractions work in postmarketOS * Pmbootstrap and apk for fast developer iteration at a low cost * Systemd bootstrapping and current status * Our plan for an immutable postmarketOS (and request for feedback) Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/LJXCKK/

Why bother with Varlink IPC, and why now? The Varlink IPC has been around for a while, but recently we started using it heavily in systemd. In this talk I'd like to explain what Varlink IPC is, and why we are now adopting it so heavily. And I also want to explain why I think that Varlink is a good candidate as IPC of choice for any Linux software, both low-level and higher-level. We'll compare it with D-Bus in particular, and highlight where it shines (and where it doesn't shine so much). Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/XSYMKW/

Container runtimes and other privileged system management tools have historically struggled with safely operating on a path within a directory tree controlled by a malicious user. [libpathrs][] is a library which makes it easy to do said path operations, as well as providing some other safe path-related utilities such as providing safe wrappers to operate on procfs files in a safe way. [libpathrs]: https://github.com/openSUSE/libpathrs As part of the kernel work on openat2(2) and continuing kernel work to make magic-links safer (against both confused deputy attacks and resource re-opening attacks), the need for a library to make it easy to do all sorts of VFS operations safely became obvious, and so [libpathrs][] was born. [libpathrs][] uses openat2(2) if available, but has a fallback to the old fashioned (and more finicky) method of doing safe-ish path resolutions. This talk will talk about how [libpathrs][] works and how it can help secure container runtimes and privileged system management tools against attacks, as well as touching on some ongoing kernel work which would allow for even more hardening. After the talk, slides will be available from [my site](https://www.cyphar.com/talks). [libpathrs]: https://github.com/openSUSE/libpathrs Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/ZZFL7L/

A brief report about how we use io_uring in SLASH/fellow https://gitlab.com/uplex/varnish/slash, an always consistent, eventually persistent storage engine for Varnish-Cache. (FOSS, LGPL) Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/U7GJJW/

Let's have an open discussion with systemd developers who are at ASG and users in the audience. We will open with the developers saying what they plan to work on in the near future, and then allow questions / comments from the audience. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/YQZBGT/

Same as every year, a lot has happened in the systemd project since last year's ASG. We released multiple versions, packed with new components and features. This talk will provide an overview of these changes, commenting on successes and challenges, and a sneak peak at what lies ahead. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/RLZEPD/

Ensuring consistent and secure software builds is crucial in today's cloud-native environments. At Sidero Labs, we've developed a comprehensive approach to reproducible builds for Talos Linux using a variety of tools and techniques. This talk will explore our use of Docker Buildx, Kres, and other key components that contribute to our build system. We'll share insights into our methods, challenges faced, and solutions implemented, providing practical guidance for developers aiming to achieve reproducibility in their own projects. To achieve a fully reproducible stack, from the kernel and initramfs to the software we own and third-party software we build, we use multiple tools in our toolset: - Buildx: Provides a consistent environment for building software. - Kres: Our project scaffolding tool for generating and updating build instructions and dependencies. - Code Patches: Address issues in third-party projects that prevent reproducible builds. - Tests: Written by us to ensure and verify reproducibility. In this talk, we will cover each of these tools and techniques, providing examples and practical insights. You will learn how to apply these methods to achieve reproducible builds in your own projects, gaining a complete picture of our approach and how it can be adapted to your needs. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/RYZJ9W/

Ideas for improving systemd-boot Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/DT3RCU/

A new way to develop on immutable Linux Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/NSKLAR/

Integration testing environment for mixed HPC and cloud workloads Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/XNQLTE/

This presentation will review how far Debian (and more generally, traditional distributions) is from supporting factory reset: what can work, what is missing and possible hacks^Wways to do it without starting a distribution-wide effort. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/3K8NZT/

oo7-daemon (a temporary name based on the oo7 client library) project aims to provide a replacement for the gnome-keyring-daemon as the new D-Bus Secret Service provider in the GNOME desktop environment. In this talk I will go through the latest development plans and the progress made to integrate TPM backed credentials support to oo7-daemon using systemd per-user credentials as a backend. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/8TMT9T/

A quick overview of how RAUC uses libcomposefs to handle new use-cases. Traditionally, RAUC focused on A/B updates for whole partitions, either by using filesystem images or tar archives. While the image-based OS approach has many benefits, there are scenarios where more loosely coupled components need to be handle in addition to the root filesystem. In RAUC, these can be handled with using the new "artifact updates" support. As a system might have many artifacts installed in parallel, such as for containers (systemd-nspawn or otherwise) and systemd-sysexts, efficient storage is important. In many cases, these are updated often, so download efficiency is important as well. After evaluating multiple alternatives, we've now decided to integrate composefs. Besides solving the requirements above, it additionally provides the same level of integrity protection as a dm-verity root filesystem, which is important in systems using secure boot. This talk will show how RAUC uses libcomposefs and the new use-cases supported by having an efficient content-addressed backing store with full authentication. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/3DKX9V/

Probably the way systemd is thought of and used is mostly as a service manager, and a collection of tools built around the idea of “low level user space”. We rarely think of it as a library that can be used as part of any high level language or application. This talk will cover this aspect of systemd, and through the lens of pystemd, explore how applications can use (and abuse) systemd. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/VAQPQW/

systemd introduced Portable Services support in 2018, as part of v239. This feature was covered at ASG 2018 and in a blog post published at the time: https://0pointer.net/blog/walkthrough-for-portable-services.html But a lot has changed in the past 6 years, and very crucial new features have been introduced, so it is time to have another look at this topic and see what has happened in the meanwhile, what new use cases have opened up, and what is coming in the near future. https://systemd.io/PORTABLE_SERVICES/ Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/DGVBSC/

Arch Linux creates 2 cloud images, 2 vagrant images every month using custom bash scripts and requiring root for building. This talk will look at how these images can be created using mkosi, building them in CI, testing the build images and as a bonus; build reproducible? Project link: https://gitlab.archlinux.org/archlinux/arch-boxes Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/QFUGLT/

On general purpose image based systems such as Flatcar and Fedora CoreOS, users are encouraged to run all their applications using containers. To make updates safe and predictable, the system is mounted as read only and local modifications are discouraged. While containers offer a lot of flexibility on Linux, there are still cases where installing binaries or running applications directly on the host operating system is preferred. For example to add kernel modules, use an alternative container runtime version, add more udev rules, etc. Some of those use cases could be addressed with statically linked binaries, but their management is manual and their usage creates new issues around updates, versionning, memory footprint and not everything can be statically compiled. Alternatively, one can build its own image but at non-negligeable maintenance costs. Systemd's system extensions (sys-ext) provide a mechanism to extend the content of the host while preserving the safety guarentees around updates. We will demonstrate how Flatcar, Fedora CoreOS and Atomic Desktops are leveraging sysext images to securely extend the OS. With practical examples and usecases (e.g Cluster API) learn how to install Python, Podman, Kubernetes, ZFS, everything at the same time, by composing your very own image with systemd-sysext. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/HJLF3C/

While software bills of materials become of increasing value to further trust in the software supply chain, generating high quality SBOMs still poses some challenges in some ecosystems due to the lack of proper tooling or accessible build metadata. In this talk, I'll explain and demonstrate how we can leverage the static dependency graph of functional package managers like Nix to generate very precise SBOMs, that can be relevant for running a service on any linux distribution thanks to systemd portable services. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/7XGYDC/

With systemd tooling, including mkosi, it is possible to build an OS image that fulfills all checkmarks a modern image-based OS should have, but with a standard off-the-shelf distribution! This talk gives an overview for a possible workflow, including A/B updates and offline signed images and updates, in real-use. As a bonus, it is also self-replicating and uses as little configuration as possible, leveraging built-in systemd auto detection. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/LJAYYL/

An update on systemd's TPM features, i.e. what happened since last year, i.e. systemd-pcrlock, NvPCRs, and Varlink APIs. At last year's ASG I already did a systemd & TPM talk, and this is supposed to be a follow-up to that, with everything that happened since then, plus what's next and what's missing. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/VQLZBT/

Containers have become the de facto choice for deploying most applications, and all of us benefit from the isolation, portability, and the surrounding ecosystem. In this talk we’ll take a deep dive into the world of bootable containers, using the same ideas, goals and technology for the host system (whether virtualized or bare metal). We’ll look at the bootc project under the github.com/containers umbrella and its current flagship distribution usage in the new Fedora/CentOS bootc project and initiative. We hope you are as excited as we are by taking cloud-native approaches down to the operating system level, and a key goal is finding points that can be shared with other components of the ecosystem, from the uapi-group.org to other container-based OSes. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/LA9LXV/

At the edge, there's one thing we know for sure: it's not to be trusted. But imagine if Kairos could change that, letting you sleep soundly knowing your intellectual property is secure. Kairos is a fully open source project to run kubernetes at the edge. As such, we have put Trusted Boot into action. Inspired by Lennard Pottering, the mind behind Systemd, we've leveraged Secure Boot, Trusted Boot, TPM, and disk encryption. The result? A Linux OS that's built tough against the challenges of untrusted environments. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/9VPPTC/

You may have heard about this weird distribution, NixOS, that breaks compatibility with /usr. This talk explores the properties inherent to NixOS, focusing on its distinct approach to package management and system configuration. Learn how these principles combine with general upstream efforts at bringing TPM2, Secure Boot and more to your Linux distribution. Everything you wanted to know about why NixOS do things a certain way will be answered here. The idea is that you get out of this talk understanding the different compromises done by the NixOS community and what they get out of it. We will cover https://github.com/nix-community/lanzaboote which is a Rust UEFI stub similar to systemd-stub with fewer features but with one unique special feature for NixOS, similar to UKI addons. We will also do a status report of where NixOS stands in terms of adoption of systemd features such as systemd-pcrlock. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/UQ3CYU/

In this talk we present the story of upgrading systemd in Tizen by eleven releases. We share both the lessons we've learnt during the most recent upgrade as well as decade long experience of the maintenance and development of key packages in the only GNU/Linux distribution that uses kdbus. We describe our day-to-day git workflow as well as upgrade procedures we came up with over the years. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/QLJGJJ/

The kernel driver is dead; long live the userspace driver! In this talk, we’ll discuss the motivation, challenges and outcomes of migrating drivers for Meta’s AI accelerator chips from the kernel to userspace. Topics include: - Managing systemd units at scale - Experiences of running IPC over D-Bus - Re-writing the driver in Rust - The tooling necessary to support a variety of environments - Overall deprecation challenges and wins Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/77PFFF/

Fedora image based variants (CoreOS, Atomic Desktops, IoT) are currently built using ostree and rpm-ostree. This enables an hybrid approach where the system is managed like an image but modifications are still possible using RPMs. But this approach has limits: - It is difficult for users to customize their operating system and share those customizations. - The integrity of the boot chain is not guarenteed and it is costly to validate the system content at runtime. To address those shortcomings, we are introducing the bootable containers (bootc) project. With bootable containers, the content of the operating system, including the kernel and initrd (or a UKI) is shipped in a container image alongside its corresponding base userspace root filesystem. This image can then be modified using container native tools and shared via a container registry. To chain from platform Secure Boot to a verified root filesystem, the ostree project has integrated support for composefs. It combines multiple Linux kernel features (overlayfs, EROFS and fs-verity) to provide read-only mountable filesystem trees stacking on top of an underlying "lower" Linux filesystem. We will detail how we are integrating composefs and UKI support in Bootable Containers to enable a trusted and measured boot chain while letting users customize and re-sign their images to fit their needs. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/HVEZQQ/

There is a well-known trade-off between security lockdowns and a user's abiliy to debug/inspect a system. The Linux kernel is finally fixing an old proc/mem security bug which illustrates this trade-off nicely. The kernel will provide a mechanism, so distros need to implement a policy according to their own security needs, to restrict proc/mem access (it gives userspace RW access to processes memory). This talk goes into the what, why and how of getting this bug fixed, with some policies for plugging the long-standing hole for different use-cases, without breaking debuggers or container supervisors. This talk is based the Linux patch series [1] which is extending the /proc/*/mem access controls beyond the normal file-based permissions, to restrict various access during kernel builds (Kconfig level) or early boot via static/read-only key parameters. It is expected to land in kernel v6.11, to be released in late Q3 / early Q4 2024. The author is looking for opinions whether this should be backported to stable trees since the patch is somewhere between a bugfix and a new feature. [1] https://patchwork.kernel.org/project/linux-fsdevel/patch/[email protected]/ Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/9UVMR7/

In this presentation we show how eBPF programmers can easily distribute their programs using Inspektor Gadget, a tool designed for the creation, deployment, and execution of eBPF programs (gadgets) across Kubernetes and Linux environments. Inspektor Gadget encapsulates eBPF programs into OCI containers, providing well-understood and easily distributable units. We then detail how an end user can use Inspektor Gadget to easily derive valuable systems insights. We'll give a brief overview of Inspektor Gadget's automatic data enrichment process, transforming complex kernel information into high-level, understandable concepts tied to Kubernetes and container runtimes. This feature bridges the knowledge gap between raw, low-level data and more interpretable information, improving the understanding of system behavior. We will explain how users can write their own gadgets and make use of different helper APIs provided by Inspektor Gadget for socket enricher, file path discovery and container filtering, etc. We will show how to combine existing gadgets into a new one, add additional post-processing logic using WASM or Lua and export the resulting data to different targets, using for example OpenTelemetry. Throughout the talk, we'll demonstrate more of Inspektor Gadget's features, its support across various environments, discuss its operational mechanics, and share insights into the future direction of the project. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/PVGU77/

The openSUSE project has been looking for a Full Disk Encryption (FDE) solution since long ago. After some iterations we are converging in a systemd based solution. This talks will present the alternatives and will focus in the current proposed solution based on systemd-pcrlock. The openSUSE distribution is moving toward a FDE based on systemd, using signed policies or nvindex policies. We will review the different solutions that we worked on, and we will compare them briefly. We also describe some of the architectural changes done in the distribution before we can use the systemd tools. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/93KLUJ/

As the digital landscape evolves, ensuring robust security measures becomes paramount. In this talk, we will explore the implementation of a new systemd service designed to enhance secure web token management through TPM 2.0 and FIDO2 support. This integration facilitates seamless interaction with the xdg-credentials-portal, aiming to provide a straightforward and secure approach to handling credentials. Key Points: Systemd Service Implementation: An in-depth look at how we are leveraging systemd to create a secure service for web tokens. TPM 2.0 and FIDO2 Integration: Understanding the role of TPM 2.0 and FIDO2 in enhancing hardware security. Seamless Integration with xdg-credentials-portal: Demonstrating the ease of use and benefits of integrating with the xdg-credentials-portal for secure credential management. New Functionality in Systemd: Discussing the significance of this new functionality and its potential impact on the systemd community. Targeted at systemd developers and enthusiasts, this session will provide valuable insights into the implementation process, the benefits of using TPM 2.0 modules for hardware security, and the overall enhancement of systemd functionalities. Attendees will leave with a clear understanding of the concepts and the practical steps required to integrate these security features into their own projects. Join us to explore the future of secure web tokens with systemd and how this integration can simplify and strengthen security protocols in your system architecture. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/9KSPSA/

bpftrace is a popular and powerful dynamic tracer for Linux systems. In the vast majority of uses cases, bpftrace does its job quickly, efficiently, and accurately. However with the rapid increase of users, use cases, and features, the bpftrace community has started to feel (technical) growing pains. In particular, we've started to uncover various reliability issues. In this talk, we will cover what is already done as well as what is currently broken and how we will systematically fix and prevent these issues from re-occuring. Because bpftrace sits at the intersection of operating systems, compilers, and observability, we have the fortunate advantage of being able to absorb techniques and tricks from these fairly different disciplines. We hope that some of the knowledge we share will be both interesting as well practical to attendees. Audience participation is highly welcome. In particular, we are quite interested in receiving feedback in the form of bug reports, feature requests, complaints, etc. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/MXAEYZ/

Meta runs a large production fleet of servers, all making extensive use of TLS for inter-host communication. As part of a general approach of securing keys against exfiltration a project has been undertaken to make use of existing TPM chips to provide secure storage for high privilege private keys. This talk will touch upon the approach taken to allow for the use of a hardware backed key without compromising performance, but mostly focus on the software infrastructure that needed to be built to provision and monitor TPM health across the fleet (a prerequisite for confirmation of viability). Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/JQZ78P/

[Azure-init](https://github.com/Azure/azure-init) is a fresh open source reference implementation for provisioning Linux virtual machines in Azure. In contrast to existing systems like cloud-init, azure-init aims to be minimal, focusing on basic instance initialization from Azure metadata. Azure-init also consists of a flexible structure to enable its use by other provisioning agents like Fedora CoreOS’ [Afterburn](https://github.com/coreos/afterburn/). Finally, azure-init aims to be fast and secure, being written in Rust. In this talk we will review the motivations for the creation of azure-init, the current status of the project, and vision for its future development. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/BK7KMD/

Many consider NixOS a great tool for declarative definition of their OS, but only few know about its capabilities for Image-based Linux. NixOS offers the tools to combine modern technologies such as discoverable disk images (DDIs), unified kernel images (UKIs), and TPM-based measured boot for transforming declarative configurations into security-focused and immutable OS images for both the server and the desktop. This talk showcases how we build such reproducible and immutable DDIs with NixOS, and how ukify, systemd-repart, dm-verity and measured boot are involved in that process. We will also briefly cover the support of SecureBoot in NixOS through the Lanzaboote project, and what else is yet to come for image-based NixOS. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/MRDURE/

Abschluss Hiermit wird die Veranstaltung beendet. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/YPM7GN/

Wieviel von und über mich steckt eigentlich schon in den großen KI-Modellen? Die kostenlose Nutzung von KI-Services bieten einen großen Mehrwert in meinem Leben. Möchte ich das honorieren, indem ich auch eigene Daten für das Training von KI freizugeben (give data back)? Habe ich überhaupt die Kontrolle darüber? Man muss schon etwas tiefer graben, wenn man wissen will, welche Daten überhaupt für die marktführenden Modelle verwendet wurden. Habe ich eigentlich ein Recht darauf, dass keine Content von mir verwendet wird? Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/E3ZPEJ/

Vortrag über die Überschneidung aus Repression und Technik **Dieser Vortrag richtet sich an Aktivist*innen. Es werden lediglich die notwendigen technischen Grundlagen erklärt, um die Überwachungsmaßnahmen zu verstehen** Die Repression gegen uns nimmt zu. Es laufen mehrere §129er Verfahren, was den Behörden eine Rechtsgrundlage für Überwachungsmaßnahmen gibt. Beschlagnahmte Smartphones, Funkzellenabfragen, Telekommunikationsüberwachung. Wir schauen uns an: - Wie läuft das strafprozessual ab (Gesetze, richterliche Beschlüsse, Akte)? - Wie funktioniert die technische Umsetzung seitens der Polizei? - Was können wir dagegen tun? Außerdem: - Eine Einschätzung zum Thema Staatstrojaner - Der Einsatz von IMSI-Catcher - Ein paar Tipps zum Thema Hausdurchsuchung - Datenschmutz-Anfragen Bringt gerne eure Fragen mit! Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/CQBJL8/

Lucy, Felix Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/XWPZEJ/

Kann man mit Gesundheitsdaten forschen, ohne die Privatsphäre der ganzen Bevölkerung zu verletzen? Der europäische Gesundheitsdatenraum steht vor der Tür und es sieht zur Zeit nicht danach aus, dass wir mit dessen Umsetzung zufrieden sein können. Gesundheitsdaten aller europäischen Versicherten werden zentral gesammelt und nicht nur für die individuelle medizinische Versorgung gevorratsdatenspeichert, sondern auch für die Wissenschaft. Dabei ist hier explizit nicht nur akademische, sondern auch privatwirtschaftliche Wissenschaft gemeint. Das heißt, nicht nur Universitäten werden auf die Daten zugreifen können, sondern zum Beispiel auch die Pharmaindustrie und die ganz Großen wie Apple oder Google. Unter dem Vorwand der Verbesserung des Nutzungserlebnisses von proprietären Gesundheits-Apps (vorauseilende Mutmaßung der Speaker) werden die persönlichsten aller Daten in Hände gegeben, in denen sie wirklich nichts zu suchen haben. Ist damit alles verloren? Wir sagen nein! In diesem Vortrag präsentieren wir, wie man mit Hilfe von probabilistischen Datenstrukturen personenbezogene Daten verarbeiten kann, ohne die Privatsphäre der jeweiligen Personen zu beeinträchtigen. Dazu zeigen wir die Ergebnisse einer Fallstudie mit zufallsgenerierten Gesundheitsdaten. Wir möchten mit dem Vortrag deutlich machen, dass es durchaus möglich ist, personenbezogene Daten unter gewissen Voraussetzungen in fremde Hände geben zu können. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/NGTE3G/

Leopold, Vindhya Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/TVPVHV/

Maxi, Lennart, Anna Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/FSRVBU/

Ist das Steuererklärungssystem ELSTER DSGVO-konform? Im April 2007 bringt der Chaos Computer Club die Meldung, dass der Staatstrojaner über ELSTER auf die Rechner zu überwachender Bürger installiert wird. Die Meldung schlägt hohe Wellen, weil sie so realistisch klingt. Sie entpuppt sich als Aprilscherz - aber wer weiß das schon so genau? Ich will mal so sagen: Der Staat hält sich sehr zurück, um diesen Verdacht auszuräumen. In dem Vortrag stelle ich meine Überlegungen zum Thema vor, meine Erfahrungen mit den Finanzbehörden und zahlreiche IFG-Anfragen. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/LJ73ME/

Alexander, Anna, Daniel, Konrad Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/UQQ3XB/

Moritz, Toni I., Jerome, Daniel, Mika Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/PQCA7R/

Jona, Helena Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/PBZJN3/

Gabriel, Warisara, Pablo, Ruben, Vadim, Nic, Sophie, Ile, Clara, Liora Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/FDAC7G/

Deine ersten Schritte in Microcontroller-Programmierung - mit RIOT OS [RIOT OS](https://www.riot-os.org/) ist ein kleines Betriebssystem für Mikrocontroller, das von einer breiten Community und unter anderem an der TU Dresden entwickelt wird. In dieser praktischen Einführung laden wir Programme auf unsere Demo-Boards, schalten LEDs, nutzen Timer und greifen auf andere Boards über ein Funknetzwerk zu. Zur aktiven Teilnahme ist ein eigener Laptop erforderlich; Demo-Boards und sonstige Infrastruktur (bei Bedarf auch Raspberry Pis mit vorinstallierter Entwicklungsumgebung) werden bereitgestellt. Programmierkenntnisse in C oder Rust sind empfohlen, aber nicht unbedingt erforderlich. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/EMK8EE/

Alle Projekte werden auf der großen Bühne vorgestellt. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://fahrplan.alpaka.space/jhhh24/talk/GX9SYX/

Bezahlkarten sollen Geflüchtete abschrecken und ihr Leben noch schwerer machen. Was nun? Seit November 2023 die Ministerpräsident:innen einen Beschluss gefasst haben, rollt die Bezahlkarten-Maschine. Es soll sie zwar bundesweit einheitlich geben, aber viele Kommunen sind schonmal vorgeprescht und haben sie eingeführt. Ausbaden müssen das die Geflüchteten: Bargeld-Limits, komplizierten Überweisungen, eingeschränkte Teilhabe und geografischen Einschränkungen machen ihr Leben noch schwerer. Dieser Vortrag gibt einen Überblick über den Kontrollkarten-Einsatz in Deutschland und erklärt, warum Bezahlkarten für Geflüchtete nicht einfach wie andere elektronische Zahlungsmittel sind. Und was man auf verschiedenen Ebenen jetzt tun kann, mit solidarischen, zivilgesellschaftlichen und juristischen Mitteln. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/PBVUUC/

WHAAT!? No Compiler? Heutzutage schreibt niemand mehr "Hello World!"s von hand. Meißtens nimmt man eine sprache wie Python, C oder Rust. Wer es sich schwer machen will nimmt assembly. Aber irgendwie ist da ja trotzdem ein schritt in dem die .s datei in machine code umgewandelt wird. Warum kann ich nicht einfach ein Programm schreiben ohne compiler / linker? Und was ist eigentlich ELF? Die Antworten zu diesen Fragen findet ihr in diesem Talk Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://talks.datenspuren.de/ds24/talk/BQBNYV/