Chaos Computer Club - archive feed

You become aware of a security vulnerability affecting your Go program(s)! What now? This talk tries to answer that question for various common scenarios, explaining the roles of the various technologies and services (like the Go Module Proxy or Go Checksum Database). The recent xz vulnerability brought the topic of Supply Chain Security to everyone’s attention. I don’t have a solution for preventing the social engineering aspect of the vulnerability. So let’s focus on the part we can control: assuming it has happened, what does our incident response look like? Aside from the more general details about Go, we’ll look at the gokrazy system as a concrete case study in Supply Chain Minimalism (Linux kernel + Go) and how it can be used for sensitive use-cases. about this event: https://cfp.gulas.ch/gpn22/talk/WY37UN/

Federated Learning (FL) offers a privacy-preserving machine learning method by enabling collaborative model training across multiple clients without data sharing, securing sensitive information at its source. This talk explores Machine Learning applications and how to keep them secure, for example in critical sectors like healthcare. Collaborative learning, and in particular Federated Learning (FL) is a Machine Learning approach in which multiple clients collaboratively train a Neural Network model on their private data without the need to share the data. This strategy guarantees that data stays in its initial location, never being disclosed to external entities. This talk, will cover an introduction on how FL is used and its advantages when supporting secured data collaboration projects for example in environments like health care, where it is not possible to publish patient data for Machine Learning purposes. We will focus on the security perspective of Machine Learning and privacy attacks and defenses in those systems. This introduction draws upon the teachings of a course conducted by Phillip Rieger from System Security Lab at TU Darmstadt. about this event: https://cfp.gulas.ch/gpn22/talk/8MNJ9B/

With the speed of 400G coherent technology was introduced to pluggable optical transceivers (OIF 400ZR and OpenZR+). This technology is complex and powerful for your network, it even has influence on your network device operating system. This talk will provide first insight in Nokia's implementation as well as known or potential interoperability issues addressed by the OIForum. If your transport system, router or even switch already provides coherent pluggable transceivers check the available interface parameters. You can send me these CLI outputs / management software screenshots to [email protected]. I will try to include it into the presentation. And finally new formfactors for 800G and 1,6T will be part of the game as well. Stay tuned.... about this event: https://cfp.gulas.ch/gpn22/talk/8TKX7Q/

This talk is about our delight, awe and fear of electricity and its effects on the human body. It charts our changing relationship with it from the 18th century to today. I particularly love the 18th century gentlemen scientists with their electrical entertainments - particularly because they appreciated the magic of electriocity and were so excited by it. Its sad that people today just take electricity for granted. Over the years I've accumulated a collection of contemporary images which I'll use to illustrate the talk. It may include a few demonstations as well. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/318-a-short-history-of-electric-shocks

Pulling a shot of espresso sounds so simple - just pump some water through a bed of coffee grounds. But while it sounds simple, many things can go wrong. What ends up in the cup can too easily end up bitter, sour, watery, chalky, harsh, or flat. So how can you be an espresso alchemist, and convert your bitter shots into gold? In this talk, I'll cover the anatomy of what goes on during coffee extraction, and the problems that can lead to bad flavoured coffee. I'll also give a whirlwind tour of the different coffee machines, equipment, and hacks that are designed to make better espresso - both the high-value gadets and the duds. You'll learn how to 'dial in' a shot to prevent it being too sour or bitter, and what steps you can take to maximise deliciousness! about this event: https://www.emfcamp.org/schedule/2024/133-the-coffee-fix-why-its-so-hard-to-pull-a-great-espresso

In a world where large language models like GPT and Gemini are becoming more and more ubiquitous, what does this mean for comedy? If computers getting things obviously wrong is a factor in their comedy value, do the improvements in generative AI take us into an uncanny valley where the outputs are realistic enough to no longer be funny? Join our presenters as they each argue the case for one side of the battle between generations from large language models, vs. more naive generation approaches. We’ll explore what makes comedy funny at all, and then drill deeper into why we find content generated by computers so hilarious - often when it’s not trying to be! Throughout the talk we’ll give some examples of humorous computer generated content from past projects - intentional or otherwise. Learn why you shouldn’t join us for dinner when the recipes are auto-generated; see how we abuse state-of-the-art AI safety techniques to make LLMs funnier; and join for a group singalong for some live-generated parody karaoke. about this event: https://www.emfcamp.org/schedule/2024/169-from-haunted-karaoke-to-the-humour-feature

After accidentally becoming fluent in Morse Code I have waded through a sea of dots and dashes to find THE best word in Morse Code (ok, maybe its just my personal favourite - but I have reasons to back it up!) Of course, as a mathematician, I couldn't leave it there and have also determined what I believe to be the best number in Morse Code too. From steganography to lexical anomalies we explore the delights of this not exactly binary alphabet. You may not have time to learn all of Morse Code, so come and learn the singular most awesome word in Morse instead! Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/294-the-best-word-in-morse-code

This talk will be a quick look into the methods of psychological manipulation that games and chore apps use make your sessions with them longer and get you to come back regulary. Ever wondered why you just can't put your game down, even though you know you should already be sleeping? Were you terrible at learning languages in school but suddenly excel at it using Duolingo? The reasons for both are probably the same. I will to go into the manipulation strategies that games and chore apps alike utilise and compare them to user hostile design patterns, that I have already talked about in the past. This talk will not tell you how to feel about these tricks, but it will hopefully provide you with the knowledge you need to detect them and make more conscious decisions on if you want to let them work on you. about this event: https://cfp.gulas.ch/gpn22/talk/S3HXXG/

Over the past five decades, the concert & live event industry has undergone a dramatic transformation into a major sector of the economy, with the production playing a pivotal role. Artists and their shows constantly seek the latest lighting & video technology, intricate stage setups, and top-notch audio quality to dazzle fans. Ticket sales are a major revenue stream for Artists, and a high-quality production show, sells tickets. This high level of production is only possible because of an industry full of talented roadies. Behind every arena or stadium show lies a hundreads of engineers tirelessly setting up, operating, and dismantling these elaborate stage setups, often in a new venue, on a daily basis. Long gone are the days of makeshift equipment cobbled together, roadies now navigate highly sophisticated AV control systems supported by intricate network infrastructures. A vast array of specialised hardware caters specifically to live events, engineered to be both flexible for on-the-fly adjustments and durable for daily setup and teardown. Reliability is paramount, with equipment expected to perform flawlessly show after show, never missing a beat. In this talk we are going to take an overview into the world of live event production, shedding light on how roadies consistently deliver stellar performances day in and day out. We'll explore the intricacies of AV networks, offering an insightful overview of the behind-the-scenes magic that brings unforgettable concerts to life. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/450-how-roadies-became-network-engineers

Welche geheimnisvolle Zutat macht eigentlich einen Haufen elektrischer Bauteile zu einem Computer? Und geht das auch mit unter 1.000.000.000 Transistoren, womöglich sogar für normalsterbliche Menschen verständlich? In diesem Vortrag beantworte ich diese Frage auf ganz praktische Weise: Ich stelle einen selbstgebauten, modularen Relais-Prozessor vor, der (hoffentlich) einfach genug ist, ihn vollständig zu verstehen. Klick-klack auf der Bühne inklusive. Prozessoren sind furchtbar kompliziert. Kein Wunder bei dem, was wir alles von ihnen erwarten, und dann auch noch mehrere Milliarden mal pro Sekunde. Da ist es verständlich, dass sie auf den ersten, und auch auf viele folgende Blicke, absolut unergründlich und quasi magisch erscheinen. Dabei gehört gar nicht so viel dazu, Strom zum Rechnen zu bringen. Schon aus gut 100 Relais lässt sich ein ganz einfacher Prozessor bauen, der dann klein genug ist um ihn vollständig zu verstehen. Einen solchen Prozessor habe ich entwickelt und möchte ihn in diesem Vortrag vorstellen. Es wird um drei Themen gehen: * Welche Grundbausteine brauchen wir, und wie passen sie zusammen? * Wie verschalten wir sie so, dass sie nützliche Instruktionen ausführen können? * Wie kann der Maschinencode Programmierung und Elektronik verbinden? Für den Vortrag sind nur Grundkenntnisse erforderlich. Wer weiß, dass Strom durch Kabel läuft, und dass Computer Befehle ausführen, sollte folgen können. Link zum Projekt: https://github.com/fread/visvitalis about this event: https://cfp.gulas.ch/gpn22/talk/GK8WNE/

This talk is about RFID/NFC-based payment systems that are often seen in university mensas or company canteens. You typically pay with the student ID card or you employee badge, which is preloaded with money or linked to you monthly salary. The security of some of these systems is severely broken due to the usage of old and insecure RFID/NFC technologies. We will learn some basics about those insecure RFID/NFC technologies and hear stories of broken systems I've analyzed in the past. about this event: https://cfp.gulas.ch/gpn22/talk/VZFLQB/

Using a fad of the 2010s and the UK's most popular river dweller the Leeds hackspace has combined 2 hoverboard wheels with a shopping trolley to create a monstrosity. Armed with a PA system, rally lights, under glow and 2 car horns it’s the perfect centre of chaos for protests or your ALDI shop. During our presentation, we invite the audience to delve into the fascinating world of motorising random objects and the art of upcycling, along with the myriad challenges we encountered along the way. From designing our own lithium-polymer batteries to countless iterations and rigorous testing, we'll discuss the intricacies of dealing with electromagnetic interference, experimenting with various motor controllers, and even designing our own from scratch. We want people to experience the shenanigans we went through and the fun we had along the way to hopefully get more people into whacky-wheeled…..wehicles. But it's not all talk! We're excited to demonstrate the trolley live, allowing you to experience first-hand the joy and sheer mayhem it brings. Our goal is to inspire you to embark on your own wacky-wheeled adventures, learning from our missteps and benefiting from our advice and tips. No Project is ever truly done lastly we want to look into the future: The intended use cases and how we aim to share our knowledge and plans with the wider community. Our commitment to openness and collaboration means that anyone bold enough to motorise anything around them can benefit from our experiences and insights. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/421-remote-controlled-chaos-cart-how-to-motorise-trash

A rare live two way link with the Boulby Underground Laboratory, where the Boulby team will give us a tour of the underground facilities that include a Mars Yard, where real (and LEGO) Mars rovers are tested, multiple Dark Matter research experiments, understanding the radioactivity of substances and more! Have any questions you want answered? Email them to [email protected] Boulby is one of just a select few facilities in the world suitable for hosting ultra-low background and deep underground science projects. It is a special place for science, 'a quiet place in the Universe', where studies can be carried out almost entirely free of interference from natural background radiation. It also provides access & support for studies of the geologically interesting deep underground environment. We are employees of the Science and Technology Facilities Council, the UKRI research council that runs the facility. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/282-live-tour-of-the-boulby-underground-laboratory

This is a talk about how we combined textiles, electronics and storytelling to provide a platform for people to share experiences. For this project, we wanted to explore more the findings of previous research around the guilt mothers feel when feeding their babies, but in a more creative way. Coming at the project from 3 very different points of expertise, we worked with mums to design and make a touch interactive quilt. We asked mothers of young babies to describe their emotions around feeding, a topic often emotional and controversial, and send a voice clip along with a piece of their baby’s clothing which we stitched together to create a special interactive quilt. The quilt is embedded with electronic touch sensors which activate the clips when the metal buttons of the clothes are touched. By interacting with them you can hear the stories through headphones. All this results in a very intimate and emotional experience that provides a platform for visibility and understanding and we think is a great conversation starter to share stories and create community. The talk will include a timeline of how we created a digitally augmented quilt, and a few thoughts if you want to make one too. It will also include some of our own reflections when working on a project that brings up difficult emotions and sensitive topics. about this event: https://www.emfcamp.org/schedule/2024/34-mothers-g-q-uilt

Combining his deep interest in the biology of hair with generative music systems, Chris will give you a an insight into how he has brought the two fields together. After a chance introduction to an Austrailian biology student in 2022, Chris and Jay have spent the last few years researching the mechanics of hair growth, the structures of Amino Acids and Keratins and the composition of different parts of human hair. They used this research to develop a suite of software tools that use these bio-mechanics as a structure for creating music. Chris will cover: - the biology of hair - generative music systems - implementation in Max/MSP and Ableton Live The talk will end with a brand new piece of music created from a single strand of hair. about this event: https://www.emfcamp.org/schedule/2024/202-making-music-with-hair

Always thought it was expensive to receive signals from Space? In this talk I will go through the simple homebrew antennas and cheap (around £10) receivers that you can use to get such diverse things as weather satellite images, pictures from the ISS, receive telemetry from the orbiting CubeSats, and even begin communicating with the first Amateur Geosynchronous Satellite, QO-100 where you can receive TV pictures from amateurs across the world with a rust old satellite dish and a cheap LNB. It is amazing what you can do with a piece of bent water pipe or a coat hanger! Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/130-working-amateur-satellites-on-a-budget

Internet search results were a toxic hellstew of ads, SEO spam, content farms and misinformation/disinformation even before the arrival of Large Language Models like ChatGPT in 2023. In 2024 nearly half the world’s population votes in elections that will have consequential impacts for key issues like climate change and civil rights, and it’s more important than ever before that search results can be relied upon. This talk will highlight a few ways to put search back in the service of the searcher rather than a handful of global megacorps. We’ll time-travel 30 years to the Internet’s Cambrian Explosion period, before Lycos, AltaVista and BackRub/PageRank, and look how technologies like Really Simple Syndication (RSS) and open source self-hosted meta-search engines like SearXNG can help. And then, demo gods permitting, I’ll show you how this can all come together to put a search engine in every pocket. about this event: https://www.emfcamp.org/schedule/2024/13-lets-party-like-its-1994

Type theory is the secret sauce that makes a programming language awesome. The more knowledge we can make the compiler aware of, the more we can rely on the compiler. But what is the limit? What if we could take _make bad state unrepresentable_ to the mathematical extreme? What is a proof anyway, can you eat it? Come on a wonderful journey into the land of dependent types, where we try building type-safe SQL queries, and sweeten the deal with our own syntactic sugar. I give a compressed intro and overview of Lean 4, a purely functional, dependently typed programming language and interactive theorem prover. Knowledge of purely functional languages is *not* required. 1. We start from zero. Introduction to Lean 4 syntax, side-by-side with Rust. Sum and product types, `List`, some easy intro examples. 2. _Dependent types_: Example of `Vec`, i.e. lists with statically known length. Dependent pattern matching. 3. _Propositions-as-types_: You can have logical `And` and `Or` in Rust, too! But how do you model forall quantifiers? How do you model `x <= y` in the type system? 4. Playing around with _types as first-class objects_, using heterogenous lists and projections on them as example. You can't pattern match on types themselves, or... can you? 5. _Metaprogramming_: Custom syntax, custom elaborators. Using what we learned to make type-safe SQL queries work, such as (note the absence of string quotes): ``` let dragons : Table Dragon := [...here be dragons...] let dragons2 : Table ?huh? := SELECT name, coins FROM dragons ``` Code samples from slides: https://gist.github.com/Kiiyya/5566f09b2d1af6aa0d85ba01179dcfdb about this event: https://cfp.gulas.ch/gpn22/talk/WWMGVN/

Die Bezahlkarte für Geflüchtete kommt. Wir haben uns die drei weitverbreitesten Anbieter der Bezahlkarten genauer angeschaut. Im Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel in Bezahlkarten-Apps und Webapplikationen für Geflüchtete genauer beschrieben. Durch Meldungen im Rahmen von Responsible Disclosure-Verfahren konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit verantwortlich aufgedeckt und behoben werden. Nach mehrmonatiger Debatte hat die Ampel-Koalition eine Einigung im Rahmen der sogenannten „Bezahlkarte für Geflüchtete“ erzielt und am 12.04.2024 im Bundestag eine Rechtsgrundlage für die bundeseinheitliche Bezahlkarte für Asylbewerber und Geflüchtete beschlossen. Durch eine Änderung des Asylbewerberleistungsgesetzes soll es zukünftig möglich sein, Leistungen über eine sogenannte Bezahlkarte an Asylbewerber zu vergeben. Die Bezahlkarte ist eine guthabenbasierte Karte mit Debit-Funktion. Einige Gemeinden, Städte und Bundesländer haben bereits vorab Lösungen in dem Bereich eingeführt oder Pilotprojekte durchgeführt. Die Lösungen stammen dabei von verschiedenen Anbietern. Neben einer physischen Karte ist für Asylsuchende ebenfalls die Nutzung einer virtuellen Bezahlkarte im Rahmen von Wallet-Apps möglich. Die Bezahlkarte wird dabei innerhalb einer App auf dem Smartphone gespeichert und kann mittels „mobile Payment“ genutzt werden. Im Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel in Bezahlkarten-Apps für Geflüchtete genauer beschrieben. about this event: https://cfp.gulas.ch/gpn22/talk/RAMYBJ/

Many people rely on pollen forecasts to know when their allergies are likely to cause trouble. So when the main source of them in Finland scaled back after losing funding, a replacement was needed. Hear about the process of starting at zero knowledge of pollen forecasting, discovering the available models and data, and putting it together to get 3-day forecasts for any location in Europe, as a hobbyist with some help from the Finnish Meteorological Institute. Includes learning about atmospheric science, academic data, coordinate projections, Rust and more. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/414-fighting-allergies-with-pollen-forecasting

Biohacking for girls, gays, theys, and undisclosed entitites. Why biohacking is good, cool, and a human right A brief history of biohacking and why endocrine biohacking is so cool how to manage your own endocrine care how to access managed endocrine care safe sourcing of international pharmaceuticals alternative routes of care (and modelling risk) Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/17-endocrine-biohacking-friends-of-bl%C3%A5haj-and-beyond

It sounds easy enough: build a clock that always shows the correct local time, no matter where you take it. Mobile phones can sort-of do this, but they manage by listening to the cell towers, so this won't work everywhere. "Radio controlled" clocks just listen to a low frequency broadcast, there's a few different transmissions across the world but they're incompatible and know nothing of time zones. Desktop computers can use the internet for time, but you still have to tell it what zone you're in. Really, it should be possible to build a clock with nothing more than a GPS receiver, which figures out the time on its own, with no need for internet or cellular connection. It turns out that doing this requires an on-board world atlas, a spherical coordinate point-in-polygon algorithm, and a complete database of offsets and daylight savings rules. I finally created a clock that automatically corrects itself as you carry it across country and timezone borders. The journey to this point was so ridiculously tedious that it borders on the absurd. In this talk I'll run through some of the highlights, and of course no talk about GPS time would be complete without mentioning leap seconds, which cause problems even when they don't happen. about this event: https://www.emfcamp.org/schedule/2024/337-gps-time-leap-seconds-and-a-clock-thats-always-right

Graphite kombiniert Vektor (svg) und pixelbasierte Arbeitsweisen in einer FOSS Grafik-Design Software. Das Node-basierte Bearbeiten erlaubt nicht destruktive Workflows und die prozedurale Generierung von Kunst. In diesem Talk werfen wir ein Blick unter die Haube und ich gebe ein Einblick, warum wir dafür eine eigene Programmiersprache entwickeln und was man damit Cooles anstellen kann. https://graphite.rs/ Zuerst werde ich einen Überblick über das Graphite Projekt geben und den aktuellen Stand vorstellen. Dann erkläre ich wie die node-basierte funktionale Programmiersprache funktioniert und gebe einen Ausblick darauf, was das alles für aufregende Anwendungen ermöglicht. about this event: https://cfp.gulas.ch/gpn22/talk/QURWCW/

Are you secretly a spy and/or passionate about open-source? Maybe you don't trust a cloud-hosted service with your highly classified information, or perhaps you like to build things for yourself. In this light-hearted talk, you will learn how to make a real-time on-device GenAI-powered application that can live transcribe and summarize conversations without internet access, using open-source components. Our journey begins with an introduction to open-source LLMs and the latest trends in running GenAI tools on your own hardware. We will build up our application step-by-step, first creating a live streaming voice-to-text transcription pipeline, then an LLM-based conversation summarization layer, presented within a Streamlit frontend, with conversation summaries sent to a lightweight Django API backend for storage. Here's why this matters: 1️⃣ Cloud-hosted SaaS tools cannot store highly sensitive information. 2️⃣ Good open-source alternatives exist for most GenAI tasks; the more people who use them, the more they will thrive. 3️⃣ Commercial tools will solve for common use cases, but developers can build personalised tools that are highly specialised for their own bespoke needs. This talk is tailored for Python enthusiasts and requires no ML expertise. By seeing a practical demo come together piece by piece, attendees will gain a deeper understanding of how to build their own complex Generative AI applications and be pushed to imagine what they could make for themselves using on-device computation in real-world scenarios. Expect plenty of Python code and some fun live demos, with GitHub code provided for attendees to try it at home. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/183-whispered-secrets

Caves present a challenging environment to survey and map. Conditions are often wet, muddy and involve confined spaces. This talk will look at how the technology we have developed has changed how we measure and create maps of cave systems. From traditional sighting compasses, tape measures and paper and pencil, to laser measures, bluetooth data transfer and PDAs or mobile phones as recording and drawing devices. Then once the data is collected underground, how open source software has been developed by cavers to process the data and draw maps which adjust to later changes in positions of parts of the cave when more data is collected or corrected. We'll look at loop closures, explorations of places no person has gone before, and different ways to present a 3 dimensional map of a 70km cave system. There will be plenty of photographs and video clips of cave exploration, along with live software demos and viewing of digital maps. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/256-how-to-map-caves

It turns out that building a Hackspace in a rural area is really hard. From the name of the group causing security concerns to finding a venue and members, a lot of the challenges that are presented in rural environments don't really seem to be present in the cities where hackspaces are most frequently found. In this talk, I'll go over the challenges I've faced in building a Hackspace in a rural town and hopefully show how others can avoid the same pitfalls! about this event: https://www.emfcamp.org/schedule/2024/210-small-town-big-ideas

How does your home router get to the "internet" in the UK? With the rise of alternative fibre networks, and major operators finally deploying fibre to the home, the copper cables that have connected us since the 1900s are being rapidly replaced with fibre networks. This talk will dive into the detail of how these new optical fibre access networks being deployed today actually work, and how cat videos get from the internet to your home. about this event: https://www.emfcamp.org/schedule/2024/305-the-last-miles-of-the-internet

Kann ich als Typ 1 Diabetikerin in die Apotheke gehen und dort alles bekommen, was ich so an Verbrauchsmaterial brauche? Kann ich einfach ins Krankenhaus gehen und die haben alle Dinge vorrätig, die ich brauche? Die Antwort auf diese beiden Fragen ist nein und was das bedeutet und wieso das so ist werden wir uns ein bisschen in diesem Talk anschauen. Zudem möchte ich aufzeigen wie es in anderen Ländern ist und welchen großen Einfluss auf die Diabetiker*innen eine mögliche "Verbesserung" unseres Systems hätte. about this event: https://cfp.gulas.ch/gpn22/talk/EF77XF/

Aufbauend auf meinem [talk von letztem Jahr][1] werden wir in diesem Talk ein bisschen tiefer in die Kubernetes Materie einsteigen und darüber reden wie man denn jetzt überhaupt mal irgendetwas in sein Kubernetes Cluster rein deployed. Wir werden auch versuchen das ganze halbwegs sinnvoll zu tun ohne alle seine Secrets oder Passwörter im Klartext in Git zu haben, oder die YAML config unnötig zu duplizieren. [1]: https://media.ccc.de/v/gpn21-49-from-0-to-kubernetes-eine-einfhrung-zur-container-orchestrierung-mit-praktischen-antworten-auf-die-hufigsten-fragen-wie-warum-oder-wann- Der Talk ist klar für Kubernetes Neulinge die bisher noch keine Erfahrungen damit gemacht haben, wie man denn jetzt mit Kubernetes überhaupt irgendetwas deployed. [Letztes Jahr][1] haben wir in [meinem Talk][1] ja darüber geredet was es denn überhaupt so grundsätzlich für verschiedene Optionen gibt. Dieses Jahr werde ich etwas konkreter darauf eingehen wie man denn nun mit `kubectl`, `helm` und `kustomize` Dinge in Kubernetes deployen kann und wie wir mit [SOPS][2] unsere secrets auch wirklich secret halten. [1]: https://media.ccc.de/v/gpn21-49-from-0-to-kubernetes-eine-einfhrung-zur-container-orchestrierung-mit-praktischen-antworten-auf-die-hufigsten-fragen-wie-warum-oder-wann- [2]: https://github.com/getsops/sops about this event: https://cfp.gulas.ch/gpn22/talk/3RV3BL/

At EMF 2022 I ran a drop in sewing workshop. Whilst it was popular, one question that I didn't have time to answer properly was the broad: "I want to make my own clothes: where do I start?" I'd like to answer just that question in this talk. I'll cover things like: tools/equipment you need (and what you don't!), how to read a sewing pattern, key things to remember and suggestions for easy projects to get started with. I've previously worked costuming for theatre and designing/making wedding dresses. Whilst my main focus has been on garment sewing, I'm happy to help people with their wild projects: how to make your projects waterproof, how to make wacky shapes and how to work with weird fabrics are all things I can help with. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/258-seams-like-magic-a-primer-on-sewing-basics

What is the best tiny toolkit for hacking in a field, fixing robots in the wild and repairing products for friends? We've spent years creating our own bespoke tiny toolkits, with tiny tools, that work for our own specific needs as makers and hackers. In this talk, we will share the knowledge we’ve gained along the way, a philosophy of tools and tiny toolkits, the best of the tool kits we’ve assembled, and the most trusted tools we've collected, made and modified. We hope that you too, will be inspired to make your own tiny tool kit. Small is Beautiful. about this event: https://www.emfcamp.org/schedule/2024/265-the-tiny-tool-kit-manifesto

In a 2012 talk about running your own infrastructure I made some predictions on the future and made some claims. A long time has passed and let's see what came true and what was not so correct. After that talk we also started building our own infrastructure. I will show what we are running, what you can run and share experiences running infrastructure for larger groups of people. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/24-run-your-own-fucking-infrastructure-2024-edition

Meine Erfahrungen mit verschiedenen politischen Instanzen (Petitionsausschuss, verschiedenen Bundesministerien etc) auf dem Weg zu rechtlicher Klarheit und Sicherheit für dein Balkonkraftwerk. Der Kampf gegen Bürokratie und Idiotie. Brühwarm und doch schon wieder kalter Kaffee auf die Mühlen der Demokratie. Politik beeinflussen und mitmachen ist einfacher als man denkt. Gewählte VolksvertreterInnen kochen auch nur mit Wasser und sind auf Expertise von außen dringend angewiesen. Wir alle teilen den Common Code des demokratischen Grundrechts zu wählen, gewählt zu werden oder auf die Politik, z.B. mithilfe einer Petition, direkt Einfluss zu nehmen. Einigen reicht es, alle paar Jahre ihr Kreuzchen zu setzen und den Rest den gewählten PolitikerInnen zu überlassen. Um aber an die Wurzel verschiedener Probleme zu gelangen, braucht es manchmal nervige Penetranz, Commitment und genaues Hinschauen auf die Finger der gewählten VolksvertreterInnen. Nicht alle haben Lust dazu. Aus gutem Grund. Ich habe es trotzdem getan und berichte euch, was ich dabei erlebt habe. PolitikerInnen machen ihren Job am besten, wenn MitbürgerInnen/ExpertInnen und verschiedene Sichtweisen (Wurzeln) gebündelt werden, um an konstruktiven und nutzbaren Lösungen zu arbeiten. Dabei möchte ich es vor allem als Dialog gestalten und auf eure Fragen eingehen. about this event: https://cfp.gulas.ch/gpn22/talk/NMUWVQ/

How to specify and deploy an off-grid system in the UK. Covers power requirement calculations and performance tradeoffs in the real world. How to handle low production near winter solstice. Touches on battery selection, care and feeding and dimensioning for a given power demand. How Inverters were selected. Reliability issues. Aimed at people wanting to deploy their own systems. I've been running off grid for the last 5 years in the West Midlands, and will share the what I have learnt during that time. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/188-how-to-go-solar-off-grid-in-the-uk

In diesem Talk möchte ich aus der Sicht eines Informatikers darüber reden wie Stellwerke funktionieren (kurz) und wie sie geplant werden. Insbesondere werde ich den aktuellen Stand der Digitalisierung der Stellwerksplanung humoristisch analysieren und kritisieren. Zielgruppe sind alle ITler die sich für die Bahnwelt interessieren, verständnisrelevante Grundlagen der Bahnwelt werden kurz eingeführt. Der Talk setzt sich kritisch mit den Schnittstellen zwischen Leit- und Sicherungstechnik (Stellwerkstechnik) und Informatik auseinander. Ich zeige Perspektiven auf, wie man diese Stellwerkswelt mit bekannten Techniken der IT-Welt (besser) digitalisieren kann, und was dem entgegensteht. Die Inhalte reichen von NP-Vollständigkeit über Datenmodelle für Stellwerke, das Open-Source-Verständnis der DB und formaler Logik zu deutsche Verwaltungsvorschriften. Ich plane beruflich Leit- und Sicherungstechnik bei der Deutschen Bahn, halte diesen Vortrag aber privat. about this event: https://cfp.gulas.ch/gpn22/talk/HYAMKF/

When we’re out and about, text messages (and also voice calls, mobile data etc.) sent and received through our everyday smartphones are all routed through fixed land-based ‘cell tower’ antennas no more than a few km distant, which form what we might term a ‘Terrestrial Network’ (TN). In rural areas, we often lose cellular wireless signal entirely, even within highly technologically advanced economies such as the UK, EU, US etc. We then find that we are unable to send or receive text messages, even emergency messages. In the 1990s, visionary scientists and engineers developed alternative voice and messaging systems, using satellites as their ‘flying’ cell towers. We will discuss an example of such a pioneering network, called Iridium, which has operated successfully from the late 1990s right up to the present day. Today’s scientist and engineer visionaries are now proposing that the same ‘space-based’ capabilities could be added to our everyday smartphones, without needing to purchase a separate satellite-messaging device. This would allow our phone, when necessary, to switch from the land-based TN to the space-based ‘Non-Terrestrial Network’ (NTN). In this presentation we will discuss some of the technical challenges in achieving this ‘Direct-to-Device’ (D2D) satellite messaging feature, and some of the solutions which are being proposed, and even already being tested for real. One of the leading players in this space is Starlink, so buckle up for a wild ride! Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/40-sending-text-messages-through-space

During WW2, British plane crews sometimes found themselves imprisoned behind enemy lines. With only light punishments for escape attempts, some of these prisoners worked on incredible schemes to get back home. This illustrated talk will talk about these escapes, from famous ones to those that are undeservedly forgotten. It's a story of impressive creativity, of people trying to hack their way to freedom, including tunnels, dummies and an attempt to build a plane. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://www.emfcamp.org/schedule/2024/359-how-to-escape-from-a-ww2-pow-camp

The ceremony in which we open the festival. Hello! about this event: https://www.emfcamp.org/schedule/2024/550-opening-ceremony

A Bad Apple demo with the longest explanation ever – how I accidentally wrote my own image compression algorithms to cram more FPS into an ESP8266 than ever before. An exploration of data compression in the context of simple video compression. There won't be many real-world codecs in here, but don't worry – you'll accidentally learn all the fundamentals of data compression anyways. This talk is very beginner-friendly. about this event: https://cfp.gulas.ch/gpn22/talk/SAXCFX/

GPS / GNSS Jamming und Spoofing ist zu einer ernstzunehmenden Gefahr für Verkehr, Navigation und kritische Infrastrukturen geworden. Wir betrachten die damit verbundenen Risiken sowie Hintergründe, Geschichte, Technologien und Abwehrmaßnahmen. In den letzten Monaten sind die GNSS Jamming und Spoofing Vorfälle weltweit signifikant angestiegen - vor allem, aber nicht nur, rund um die Krisenherde unseres Planeten. Zum Verstehen der Hintergründe werfen wir einen Blick auf die Geschichte des Spoofings und die Technik hinter GNSS und PNT. Ebenso schauen wir uns anhand echter Beispiele aktuelle Jamming und Spoofing Technologien an. Welche realen Risiken ergeben sich daraus für den Flugverkehr und kritische Infrastrukturen? Wie lässt sich durch technologische und organisatorische Maßnahmen die Resilienz bestehender Systeme erhöhen? about this event: https://cfp.gulas.ch/gpn22/talk/BK9CWC/

Hörgeräte bringen Lebensqualität zurück. Ich habe relativ jung festgestellt, dass ich nicht gut höre, es aber lange hinausgezögert mich drum zu kümmern. Jetzt habe ich seit 3 Jahren ein Paar Hörgeräte und bereue es, dass ich mich nicht schon früher darum gekümmert habe. Ich möchte von meinen Erfahrungen berichten und jeden ermutigen, zumindest mal einen Hörtest zu machen, und keine Angst davor zu haben Hörgeräteträger zu werden: Hörgeräte sind ein cooles Stück Technik! Ich möchte kurz meinen Leidensweg beschreiben und meine Erfahrungen teilen und zeigen, dass Hörgeräte ganz schön viel Technik auf kleinstem Raum unterbringen: Fast wie Airpods nur in Super-Premium. Ich möchte auch Anderen die Hemmung nehmen und ermuntern, sich mit dem Thema zu beschäftige wenn man den Eindruck hat schlecht zu hören oder auch nur schlecht zu verstehen. Hören ist echte Lebensqualität. about this event: https://cfp.gulas.ch/gpn22/talk/S3CJD3/

Nowadays, many websites rely on user-generated content, e.g., by allowing users to upload images, videos, documents, or other files. If not handled carefully, Unrestricted File Uploads (UFUs) may appear and become a serious security issue. Our academic results show that some UFU types still fly under the state-of-the-art vulnerability scanners' radars, leaving websites at risk of severe vulnerabilities, such as Remote Code Execution or Cross-Site Scripting. Thus, we propose a File Upload Exploitation Lab (FUEL) to (em)power vulnerability scanners to become better at identifying UFUs and invite the community to reFUEL. If web applications fail to validate or handle user uploaded files properly, security issues such as Cross-Site Scripting or Remote Code Execution may arise. While PHP-based web applications are known to be prone to Unrestricted File Upload (UFU) vulnerabilities, other programming languages and web frameworks might be affected, too. Academic and non-academic work has covered many types of UFUs vulnerabilities and created vulnerability scanners to identify them. We have compared four different vulnerability scanners (BurpSuite, ZAP, FUSE and Fuxploider) with our novel File Upload Exploitation Lab (FUEL) to identify potential shortcomings in the detection capabilities. The results show that none of these state-of-the-art scanners manages to identify the UFU vulnerability in all of the 15 FUEL scenarios. Attendees of this talk will learn about UFUs and some less-known file upload bypasses. Further, we hope to raise the awareness that, similar to humans, no tool is perfect. Last but not least, we will invite the community to extend FUEL with more UFU scenarios to create a more thorough vulnerability scanner evaluation framework. The academic paper is to be published at DIMVA 2024, but we wanted to give the community a sneak preview :) about this event: https://cfp.gulas.ch/gpn22/talk/FSMH9M/

I will give some insight to the world of (post-quantum) cryptography and what questions in this world look like, from the perspective of a newcomer. In particular, I will give a user-friendly introduction to the Random Oracle Model, a tool frequently used in cryptography proofs. We will look at where the model fails and what problems come up when giving you enemies a quantum computer. No prior knowledge in quantum or cryptography is required to follow this talk, anyone who has programmed before will be able to follow. Last October, I started my PhD with the topic 'Quantum Security of Memory-Hard Functions' at the University of Amsterdam. Since then, I have been working on building an understanding of the tools typically used to prove security of cryptographic constructions. In this talk, I want to give you an introduction to the Random Oracle Model, a typical building block and its application to my topic. We will start from basic assumptions and work our way up to the full model and the construction of memory-hard functions. On the way, we will explore where the model breaks and what challenges arise once we assume our attacker has access to a quantum computer. about this event: https://cfp.gulas.ch/gpn22/talk/JJM9PN/

Spätestens seit dem Brand eines Straßburger Rechenzentrums im März 2021 wissen wir, dass manche Anbieter die Cloud-Migration zu wörtlich nehmen. Der Straßburger Brand war jedoch nicht der einzige Unfall eines Rechenzentrums. In diesem Vortrag zeige ich Bilder und Videos von Rechenzentrums-Bränden, Wasserschäden und Naturkatastrophen. Ich spreche über die Ursachen und Auswirkungen dieser Unfälle, sowie über die Maßnahmen, um eigene Systeme gegen solche zu schützen. Neben schweren Katastrophen zeige ich weitere Dinge aus der Kategorie "dumm gelaufen". about this event: https://cfp.gulas.ch/gpn22/talk/DGMEBH/

A short session for even shorter talks Language: English or German -- english -- Wanna say something? The stage is yours. You have 10 minutes to talk about anything. A short talk about the aerodynamics of ducks; promoting your new open-source project; a small hack that you found; social commentary ... anything goes. Available infrastructure: A microphone, beamer and laptop with a USB-Stick to show slides (PDF format). If you want to use your own device to show your presentation, please come to the stage 15 minutes before the event so we can test the setup. If you want to have a talk, we'd like you to write a short e-mail to [email protected] or just call DECT 7063 (P0N3). However, spontaneous contributions are also welcome if there's still some time left at the end. -- german -- Du willst was sagen? Das Podium gehört dir. 10 Minuten hast du, dann wird gewechselt. Ein kurzer Vortrag über die Aerodynamik von Enten, Werbung für dein neues Open-Source-Projekt, ein kleiner Hack den du neulich entdeckt hast, gesellschaftliche Kommentare ... alles geht. Zur Verfügung stehen Mikrophon, Beamer und ein Laptop mit USB-Stick, um Präsentationen im PDF-Format zu zeigen. Falls du eine Präsentation von deinem eigenen Gerät zeigen möchtest, würden wir dich bitten, 15 Minuten vor Beginn zu kommen, damit wir die Technik testen können. Am besten meldest du deinen Vortrag bei [email protected] oder DECT 7063 (P0N3) an. Spontane Beiträge sind aber auch gern gesehen, wenn am Ende noch Zeit ist. about this event: https://cfp.gulas.ch/gpn22/talk/GJCEB9/

Der “Werbeblocker” für die Hosentasche mit Pi-hole und WireGuard VPN. User und Userinnen, die keine Werbung, kein Tracking und keinen Schadecode mögen und sich “irgendwie” selber schützen wollen und sich den Umgang mit mit Linux und Docker zutrauen und bestenfalls auch ein paar Netzwerk-Grundlagen haben, werden hier mit Infos dazu versorgt, wie sie mit ihrem eigenen VPN (zuhause oder auf einem eigenen, kostengünstigen Cloudserver) auf jedem Gerät und in jedem Netz (WLAN/WiFi, mobile Daten) und in jedem Land ihren eigenen Werbeblocker immer dabei haben. about this event: https://cfp.gulas.ch/gpn22/talk/TK7H9S/

Dieser Vortrag beschreibt, wie wir fehlerhafte Prozesse in der Paketverfolgung der meisten deutschen Paketzustelldienste entdeckt haben, wie diese auf unsere Erkenntnisse reagiert haben und warum dies sehr wahrscheinlich auch deine Privatsphäre betrifft. In Zeiten des Online-Shoppings sind die Menschen besorgt, ob Online-Shops ihre Daten vernünftig behandeln und sichern. Online-Shops können über gängige Web-Schwachstellen wie SQL-Injections, XSS usw. angegriffen werden. Dadurch könnten Angreifer persönliche Informationen wie Name, Adresse und Bankdaten kopieren. Wir haben jedoch eine noch einfachere - und bisher unbeachtete - Möglichkeit gefunden, an die persönlichen Daten der Kunden von Online-Shops zu gelangen - ohne irgendwelche Schwachstellen auszunutzen. Da fast alle online bestellten physischen Waren von Paketdiensten ausgeliefert werden, haben wir das Tracking der wichtigsten Akteure im deutschen Paketmarkt analysiert. Durch die Verwendung öffentlich zugänglicher Daten und trivialer Statistik konnten wir Empfängerinformationen (Name, Adresse) schnell und in großer Zahl ermitteln. Dabei war es bei einigen Diensten sogar möglich, die Zustellung von Paketen zu beeinflussen. Gezielte Angriffe könnten dazu führen, dass Adressen und Einkaufsverhalten von Politikern und anderen Personen des öffentlichen Lebens aufgedeckt werden. Auch die Identifizierung von Kunden bestimmter Geschäfte ist denkbar. Die Art und Weise, wie die Sendungsnummern generiert werden, ermöglicht es uns nämlich, gezielt bestimmte Online-Shops anzugreifen. Während unserer Recherche haben wir mehrere Paketdienste kontaktiert (Responsible Disclosure), was zu einigen Verbesserungen führte. Einige Disclosure-Prozesse hatten schnelle und effektive Maßnahmen zur Folge und können als gute Beispiele dienen, während andere noch Raum für Optimierungen bieten. Wir werden auch darüber reden, wie Disclosure-Prozesse besser ablaufen können, und werden ein paar unterhaltsame Ereignisse darstellen. Wir kommen zu dem Schluss, dass Paketdienste eine - vielleicht - unterschätzte Gefahr für die Privatsphäre darstellen. Anstatt zahllose Online-Shops anzugreifen, ist der Missbrauch fehlerhafter Prozesse bei den wenigen marktbeherrschenden Paketzustelldiensten, die von fast allen Shops genutzt werden, ein ziemlich effizienter Weg, um an Adressen und in einigen Fällen an die Möglichkeit zu gelangen, in den Zustellprozess einzugreifen. In unserem Vortrag werden wir den statistischen Ansatz zum Brechen der Authentifizierung für die Paketverfolgung, die zugrundeliegenden Probleme, (negative und positive) Highlights aus den Disclosure-Prozessen und natürlich die Auswirkungen auf die Privatsphäre aufzeigen, die dies gehabt haben könnte und noch haben kann. Bei der diesjährigen GPN sprechen wir zum ersten Mal über zwei Paketdienstleister, die bei uns bisher noch nicht zur Sprache kamen, GLS und UPS. Zum Zeitpunkt der Veröffentlichung war die Schwachstelle bei UPS noch nicht behoben. about this event: https://cfp.gulas.ch/gpn22/talk/ABDM9K/

In diesem Vortrag geht es in die spannende Welt der Pilze – einer faszinierenden Lebensform, über die wir doch viel zu wenig wissen. Von Pilzen, die größer als ein Wal sind, über sich bewegende Schleimpilze bis hin zu Pilzen, die im Dunkeln leuchten. Haltet euch fest, es wird spannend. Gehalten von Fabian vom Wildschytz. about this event: https://cfp.gulas.ch/gpn22/talk/HX7KC9/

SMD Löten und Rework ist ziemlich einfach - wenn man die Tricks kennt. Daher zeige ich euch mal ein paar der Tricks mit denen das Ein- und Auslöten von SMD Bauteilen besser geht. Als Live-Demo zeige ich diverse SMD-Lötarbeiten mit Lötkolben und Heißluft. Der Fokus wird auf Techniken liegen die zur Reparatur von Platinen hilfreich sind. Zudem versuche ich interaktiv Fragen zu beantworten und Dinge zu zeigen mit denen Ihr Probleme habt. Unter anderem zeige ich: * Chips aus- und einlöten (QFP, QFN, SOIC) * Widerstände und Kondensatoren tauschen * THT (Stiftleisten, Stecker) Bauteile entfernen * Bodgewires anlöten und verlegen * Entlötlitze sinnvoll verwenden * Masseflächen identifizieren & damit klarkommen * Niedertemperatur-zinn (Bismuth basiert) * Flussmittel verwenden und wieder saubermachen about this event: https://cfp.gulas.ch/gpn22/talk/GLLLBT/

Ende März '24 wurde zufällig eine Backdoor in der verbreiteten Open Source - Bibliothek xz-utils entdeckt, die unter anderem im ssh-Server moderner Linux-Distributionen verwendet wird. Diese Sicherheitslücke wurde in einem mehrjährigen Prozess vorbereitet und eingebaut. Es wurden dazu sowohl menschliche Schwäche, als auch grundlegende organisatorische und technische Probleme in der Zusammenarbeit rund um Open Source Entwicklung ausgenutzt. Dieser Vortrag wird über die mehrjährige Vorbereitung und Implementierung der Schwachstelle berichten, aber auch einige offene Fragen und mögliche Konsequenzen beleuchten. Warum baut das Internet auf Bibliotheken auf, die einzelne Maintainer in ihrer Freizeit basteln? Besteht ein grundlegendes Sicherheitsproblem in der Nutzung von Open Source Software? Könnte KI die Lösung sein? slides: https://gitlab.com/cy4n/talk-backdoorxz_pub/-/blob/main/xz_gpn.pdf about this event: https://cfp.gulas.ch/gpn22/talk/8MKMDL/