Chaos Computer Club - archive feed

Although electronic voting has been used 13 times in various elections in Estonia since 2005, the legal, procedural and technical problems are far from solved, but have rather backfired in political situation getting more complicated. Electronic voting is hard to observe because one can't directly see into computers. In case of Estonia, the cryptographic measures to verify the processes are only partially implemented, but as voters have to download a voting application that implements a protocol with a public specification, observers/voters can obtain a special insight into processes by implementing their own tools to cast and verify the votes. Engaging in that kind of participative observation with special tools in 2023 parliamentary elections in Estonia it appeared that the official voting software implemented the process that was not following the specification up to the point of diverging from requirements set in laws and subordinate regulative acts. In addition to couple of vote containers that were processed ignoring the requirements, in the end it appeared that arguably all 312 181 electronic votes cast with official voting application had invalid digital signatures and failed to specify electoral district in vote text. In paper ballot elections these kinds of ballots would have been declared invalid without hesitation, but electoral complaints filed about such electronic votes were dismissed without explanation of why ballots clearly not conforming to legal requirements were counted. This has resulted in a parliament where 22 of 101 representatives have arguably gained their mandate based on invalid ballots, but moreover this indicates that after about 20 years of electronic voting in Estonia, in order to run the elections huge amounts of legal and technical make-believe is needed. If manageable in small scale pilots and elections with low importance, this is hardly a case with 51% of the voters in parliamentary elections casting their votes online -- during times of political polarisation raising to unprecedented heights. about this event: https://events.ccc.de/congress/2023/hub/event/should_e-voting_experience_of_estonia_be_copied/

Am Anfang von jedem Chip, jedem Computer, jedem Plastik steht die Chemieindustrie. Sie ist Deutschlands größter Industrieverbraucher an fossilen Ressourcen wie Öl und Gas. Wir stellen eine neue Studie „Blackbox Chemieindustrie“ des BUND zum Energie- und Ressourcenbedarf der Industrie vor. Die angeblich klimaneutralen Transformationspläne der Industrie werden kritisch hinterfragt und echte Lösungen werden aufgezeigt. Flammschutzmittel für Elektrogeräte, die Metalllegierung zum Löten und Plastik für fast alle Anwendungen im Alltag – all diese Materialen produziert die Chemische Industrie. Sie steht am Anfang der Wertschöpfungskette. Die Materialien, die sie herstellt definiert das Spektrum, mit dem Produktdesigner\*innen arbeiten können. Schockierend ist: Die Industrie verwendet nicht nur fossile Rohstoffe für viele ihrer Produkte, sondern ist auch größter Industrieverbraucher von Energie in Deutschland. Allein für die Produktion von Plastik für Verpackungen verwendet die Industrie in Deutschland mehr Primärenergie, als das Land Slowenien insgesamt. Viele Produkte der Industrie bergen Umwelt- und Gesundheitsgefahren und kein deutsches Chemieunternehmen hat eine Strategie ihre Schadstoffe zu reduzieren. Tatsächlich produzieren und exportieren die Unternehmen sogar weiterhin Schadstoffe, die in der EU längst verboten sind. Dass es so nicht weiter gehen kann erkennt auch die Industrie. Ihre angeblich klimaneutralen Transformationspfade sind technisch und wirtschaftlich nicht sinnvoll und gehen mit einem enormen Anstieg an nicht verfügbarer erneuerbarer Energie und Wasserstoff einher. Der Bedarf übersteigt was die Bundesregierung für ganz Deutschland vorsieht. Wir zeigen auf: Die Transformation der Chemieindustrie kann nicht nur innerhalb dieser Branche gedacht werden. Es darf jetzt nicht in Technologien investiert werden, die Scheinlösungen sind. Die Herausforderungen Klimakrise, Verschmutzung und Biodiversitätskrise müssen jetzt angegangen werden durch echte Defossilisierung, Ressourceneinsparung und Kreislaufwirtschaft und einer Umstellung auf sichere und nachhaltige Chemikalien. about this event: https://events.ccc.de/congress/2023/hub/event/blackbox_chemieindustrie/

Ein Journalist von Radio Dreyeckland steht vor Gericht, weil er das Archiv der verbotenen Internetplattform linksunten.indymedia verlinkt hat. Der Vortrag gibt einen Einblick in das Verfahren und zeigt, wann Links strafbar sein können – und wann nicht. Im Januar 2023 kam es zu Durchsuchungen der Redaktionsräume des Senders Radio Dreyeckland sowie der Wohnungen zweier Journalisten. Anlass der Durchsuchungen und der Beschlagnahme mehrerer Laptops war ein Artikel des Senders, in dem auf ein Archiv von linksunten.indymedia verlinkt wurde. Die Internetplattform war 2017 nach Vereinsrecht verboten worden. Die Staatsschutzabteilung der Staatsanwaltschaft Karlsruhe sieht in dem Artikel eine strafbare Unterstützung einer verbotenen Vereinigung. Das Oberlandesgericht Stuttgart hat inzwischen – anders als zuvor das Landgericht – die Anklage gegen den Journalisten zugelassen und entschieden, dass die Durchsuchung rechtmäßig war. Die Hauptverhandlung soll im kommenden Jahr stattfinden. Der Vortrag gibt einen Einblick in das Verfahren und ordnet es kritisch ein. Dabei wird insbesondere der Frage nachgegangen, wie Links rechtlich zu bewerten sind und wie der Staat gegen (linke) Medien vorgeht. about this event: https://events.ccc.de/congress/2023/hub/event/link-extremismus_und_pressefreiheit/

The NEC Vector Engine (VE) isn't a GPU. It's a member of the only family of vector computers still alive today. Imagine a second CPU with a different instruction set running on the same Linux system. While obscure, it's a very approachable and hackable platform that is an addictingly fun machine to program and allows you to play with all the technologies seen in high-performance computing (HPC) today. I am going to cover lightheartedly what a small community learned about this singular hardware they shared: bemoaning a dangerous power plug standard, (ab)using this scientific simulation power house to run code never intended, some firmware and driver reversing, "rooting" a VE and more. I will also be giving an introduction to core concepts in HPC with knowledge transferable to any other (university) computer cluster and hopefully encouraging students and scientists to use those by making them seem less alien and hostile. The talk will explain unfamiliar concepts in more common terms like: Vector registers are just registers where CPUs can store multiple numbers which belong together and are processed independent of each other together in same operation. This allows a higher processing performance similar to how moving a pallet of same sized boxes can be quicker than just moving the boxes on their own. And will then use those new terms drawing comparisons like: 512 bits long are the largest vector registers available with any other CPU available today compared to 16348 bits long vector registers of which each VE core has 64 of. This puts it in a class of its own among CPUs. If you weren't scrared off by this you shouldn't find the talk to technical. If you have a deep grasp on computing technology and wonder if this talk might interesting then you will hear about some implementation choices from NEC drawing reactions deep from the Kubler-Ross stages of Grief. There will be a short introduction to the VE instruction set highlight a few instructions which are "fun" or otherwise "interesting" and might have some general computing https://en.wikipedia.org/wiki/Fast\_inverse\_square\_root trivia https://vaibhavsagar.com/blog/2019/09/08/popcount/ associtated. The different offloading modes of a VE are introduced, one of which is enterily novel and which also emphasizes the uniqueness and sheer quirkyness. Programs executing on a Vector Engine run in a Linux environment thus one could make many applications run on this accelerator unlocking GPU like performance for them without a need for rewrites if said code can make use of these big vector registers and the massive memory bandwidth available to them. So it's unsupprising that it is enourmously fun to touch up identified bottelnecks and see some application get 200x faster with handful of fixes. We can call hardware homebrewed if we make 2048 run on it, can't we? The presentation about hacks people which joined my "vect.or.at" Vector Engine PUBNIX (basically a shared linux computer) did will cover such speeds ups, mention the state of an ongoing attempt to port the Rust programming languages to it, attempts of digital perservationism and progress towards making the vector engine truely yours by "rooting" it to mess with hardware settings otherwise unavailable. The introduction to HPC portion will be structured as an argument claiming "A NEC Vector Engine would turn your (Linux) computer into a small super computer" and use this as motivation to introduce what such a super computer or HPC cluster is, how you can make it work for you and common software packages used. A few performance "tripping" hazards also are mentioned. about this event: https://events.ccc.de/congress/2023/hub/event/making_homebrew_for_your_very_own_vector_super_computer/

[Reversing.works](https://reversing.works) will outline five years of experience linking trade unions, gig economy workers, GDPR and mobile app reverse engineering. Goal: to replicate an effective form of resistance. This talk will describe our efforts to introduce a new toolkit and mindset for unions and gig workers, which is essential in an era where, for a growing number of people, "an app is their boss". Our work highlights the critical role of technical literacy in improving workers' bargaining power, particularly in collective bargaining. By demystifying the technology that governs them, we aim to equip workers with the tools to assert their rights and shape a fairer working landscape. Since 2019, our team, back in time known as [Tracking.Exposed](https://tracking.exposed) and now operating as [Reversing.Works](https://reversing.works), has focused on connecting mobile app reverse engineering with GDPR and workers' rights. We want to tell this story, all the missteps, the low-hanging fruit that hacktivists across Europe can grab, and the opportunities that new regulations open up in this sense. In 2023, a [report](https://reversing.works/posts/2023/10/report-exercising-workers-rights-in-algorithmic-management-systems/) written for the European Trade Union Institute summarized our investigation into Glovo, in this talk we'll talk about how to repeat the investigations and, with varying complexity, how unionist and activists can start identifying potential data breaches and labor rights violations in mobile apps used by gig economy workers. about this event: https://events.ccc.de/congress/2023/hub/event/mobile_reverse_engineering_to_empower_the_gig_economy_workers_and_labor_unions/

Dass es sich bei Digitalisierung um eine magische Angelegenheit handelt, der durch Regulierung großer Social-Media-Konzerne per Definition nicht beizukommen ist, ist auf politischer Ebene schon lange bekannt. Der Markt für esoterische Dienstleistungen rund um Digitalisierungsfragen ist daher vermutlich immens – und eröffnet viele Möglichkeiten für cyberfeinstofflich begabte Entrepreneurs & Digital-Okkultisten. Ganz nebenbei lernen wir, welche Maschen unseriöse Akteure (auch jenseits der Eso-Szene) anwenden, um mit den Sorgen und Ängsten von Menschen Geld zu machen. In diesem kostenlosen Basis-Seminar werden Dir die wichtigsten Skills zur Erbringung ganzheitlicher Digital-Spiritualitäts-Dienstleistungen vermittelt, mit denen Du direkt in die Selbstständigkeit durchstarten kannst. Wir lernen von den Besten – wir lernen vom Esoterik-Markt, der ja bekanntlich nicht erst seit der Crosspromotion in einschlägigen Corona-Telegram-Gruppen boomt: 1. Digital Forecasting: Warum umständliche Modelle konzipieren, wenn Du den direkten Zugriff auf die Akasha-Datenbank der Weltweisheit verkaufen kannst? In diesem Block geht es um die wichtigsten Wahrsager-Skills (Cold Reading, Hot Reading, Barnum-Effekt). 2. Healing statt Patching: Anwendung ganzheitlich-spiritueller Security-Konzepte auf homöopathischer Basis für Kundennetzwerke mit Schwerpunkt auf dem souveränen Umgang mit Beschwerden & Erstverschlimmerungen. 3. Belebte Netzwerke: Lehren aus der Wasserbelebung & kompatible Geschäftsideen („Serverraum der Neuen Zeit“, Manifestieren von RAM, KI-Karma) 4. Mental-Antivirus: Installationsanleitung für feinstoffliche Unterstützungssoftware zur Ego-Mitigation (thought terminating cliches, Conspiracy & Cult-Groupware as a Service) 5. Upscaling: Innovative Pyramiden- und Schneeballsysteme zwecks ganzheitlicher Gewinnabschöpfung. Melden Sie sich jetzt für das KOSTENLOSE Basis-Seminar an, und Sie bekommen (wenn die Speicherblöcke günstig stehen) unseren limitierten feinschwingenden 5G-Sticker für ihr EDV-Gerät GRATIS dazu. +++ von unabhängigen Cyber-Schamaninnen empfohlen +++ Bild: Charlotte von Hirsch about this event: https://events.ccc.de/congress/2023/hub/event/fortbildung_cyber-astrologie_ki-karma/

How to take your first steps in threat modelling, or an opportunity to extend and/or reorient an existing threat modelling programme. Systems created by humans will contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in search for security issues. In this talk, we will cover the key principles behind these methods, enabling anyone to study and mend the architecture of a system. In covering the basics, we will also critically reflect on the direction of much research and practice, sketching the relevance of threat modelling for addressing contemporary challenges and highlighting the role that you can play in making a security impact. *As preparation for or follow-up of this talk, [see this recorded training](https://archive.org/details/getting_started_with_threat_modelling).* *The recorded training can be watched either before or after the live talk. The talk takes a more reflective and critical look at threat modelling, diving into its underlying history and the current state of research, while also providing a space for Q&A and the sharing of experiences.* about this event: https://events.ccc.de/congress/2023/hub/event/getting-started-with-threat-modelling/

The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries. The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries. about this event: https://c3voc.de

Das merkwürdigste aus militärischer Forschung. Military grade Firewall, Military grade Vollbit Verschlüsselungen etc .. das neuste Buzzword wird wieder durch das Marketing getrieben ? Als Gegenargument gibt es nun die besten militärischen Fehlentwicklungen aus 4 Jahren Och Menno Podcast. Fliegende Panzer und Uboote sind ja genauso logisch wie das vom Marketing. about this event: https://events.ccc.de/congress/2023/hub/event/och-menno-military-grade-bullshit/

Your phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem. Connecting to cellular networks around the world is a highly complex task. iPhones contain a baseband chip (also referred to as a modem) for that purpose. It communicates via a high-level interface with the smartphone’s application processor running iOS. So far, Apple hasn’t been able to build such basebands in-house. Instead, starting from the iPhone 12, they exclusively rely on Qualcomm basebands. Qualcomm’s basebands use a proprietary protocol for external communication, the Qualcomm MSM Interface. We reverse-engineered its iOS implementation and built a framework to extract the protocol’s packet structures from iOS firmware. Our iOS Wireshark dissector uses these packet structures and enables us to monitor the flow of packets between the baseband and iOS. This allows us to gain new insights into the iPhone’s wireless communication infrastructure, including its satellite connectivity. Our tooling also provides a novel way to directly interact with the baseband chip in jailbroken iPhones, bypassing iOS and unlocking hidden capabilities of the baseband. Fake or Rouge base stations can be set up by individuals using readily available software-defined radios. Adversaries can utilize them to capture IMSIs of nearby smartphones, track their location, or exploit vulnerable basebands. iPhone users usually don’t notice such attacks, and there are (almost) no protection mechanisms implemented in iOS. During our research, we discovered Apple’s internal cell location database, which is intended for determining approximate positions. Our CellGuard iOS app combines this database with the QMI analysis framework to monitor various parameters of connected cells, verify their authenticity, and alert users in case there’s suspicious activity. The app even works on non-jailbroken iPhones. We evaluated the app in a lab environment with SDRs and real-world tests since February 2023 and are steadily improving it for a release next year. about this event: https://events.ccc.de/congress/2023/hub/event/what_your_phone_won_t_tell_you/

The work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation. In the piece, three different containers of sound are presented: acoustic(Sound diffusion in the architecture), digital (computer based sound algorithms) and analogue (electromagnetic tape and analog processing). This containers, or buffers, are then being intertwined by the performer creating thus sonic textures that interplay with the resonances of the space. The strategy for the sound performance is to articulate a metaphor of a circular-buffer, a data structure used in Computer Science, to the idea brought upon in Derrida’s interview with Ornette Coleman, in which Improvisation practice in music is understood as a reading in which the borders between reading and writing are obfuscated. The work is inspired by the concept of daemon and non-locality explored by Timothy Morton in his reading of Plato’s Ion as well as Ursula K. Le Guin’s The Carrier Bag Theory of Fiction. about this event: https://events.ccc.de/congress/2023/hub/event/buffered_daemons/

This talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices. During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations. This talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented. The talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen. The final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices. This talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive. about this event: https://events.ccc.de/congress/2023/hub/event/breathing_life_into_legacy_an_open-source_emulator_of_legacy_apple_devices/

While more and more hackerspaces have been founded in the recent years, there are many different topics that are being discussed at the same time: AI, 3D printing, Arduino, social and political questions, and lots more. Where are the hacks though? Things are happening, and with this talk, we want to talk about them and call for exchange. At Chaospott in Essen, we have developed rich tools to interact with and inspect hardware, enabling people to bring their gadgets to new life and run their own code, be it on TV boxes, network cameras, or appliances of various kinds. In other words, should a cloud service go down or unmaintained software get compromised, we revive what would otherwise be bricks. about this event: https://events.ccc.de/congress/2023/hub/event/bringing-the-hack-back-into-the-chaos/

Let's talk ten year old tech! The myo armband was once a really strange way to control a computer, and then became a way to do fine-grained myomuscular electrical detection research. This is a talk about how to hook a myo to a Raspberry Pi 3B+ in 2023, and from there how to have the armband communicate over serial to other devices. We choose to use it to control a Programmable Air system for pneumatic control of muscular robots. Let's talk ten year old tech! The Myo armband from Thalmic Labs was once a really strange way to control a computer, and then became a pretty good way to do fine-grained myomuscular electrical detection research for prosthetics. These processes usually have a high cost or involve less-portable computing systems. In order to make a robotic effect that can be deployed apparently independently, it's more interesting to have a low-cost, encapsulated system. In this talk we'll walk through what it takes in 2023 to have a Thalmic Myo armband talk to a Raspberry Pi 3B+ using Python. We'll provide a demonstration of a pneumatic robot based on the Programmable Air system controlled over serial using the armband. The goal of this project is to have access to strong mechanical advantage without the compromises of servos or stepper motors, and with some of the organic feel possible with air or water systems. about this event: https://events.ccc.de/congress/2023/hub/event/encapsulated-electromyography-with-myo-and-raspi/

Wie umgehen mit der politischen Verzweiflung? Was tun, wenn der Staat keine der Krisen wirklich noch bekämpfen kann, sondern nur neue erzeugt? Reicht es noch, für Transparenz zu kämpfen? Das Beste aus dem letzten Jahr – nein, aus den letzten vier Jahren! – FragDenStaat und Informationsfreiheit. Wir plaudern aus dem Nähkästchen von verlorenen Klagen gegen Frontex über Nazis im EU-Parlament bis zu den Pimmelgate-Akten und darüber, wie aus einer kleinen Recherche die größte Gefangenenbefreiung der deutschen Geschichte wurde. Freut Euch unter anderem auf die besten Auskunfts-Klagen der vergangenen Jahre, laufende Strafverfahren gegen FragDenStaat, missglückte Geldübergaben an die EU-Grenzpolizei und die Frage, ob das alles irgendwas bringt. Euch erwartet außerdem ein Best-Of des Freiheitsfonds, der in zwei Jahren mehr als 900 Menschen aus dem Gefängnis befreit und eine Gesetzesänderung angestoßen hat. Vielleicht wird auch gesungen. about this event: https://events.ccc.de/congress/2023/hub/event/heimlich-manover/

Mainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look. Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control. If you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk. The plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated. about this event: https://events.ccc.de/congress/2023/hub/event/unlocked_picing_a_wireless_door_access_system/

Offene Diskussion im Fishbowl-Format: <a href="https://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719">https://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719</a> about this event: https://events.ccc.de/congress/2023/hub/event/rckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/

3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen. Wir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen. Die einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt. Was gibt es bei der Wahl eines geeigneten Drucktanks zu beachten? Wie lässt sich eine wasserdichte Luke konstruieren? Drahtlose Unterwasserkommunikation mittels Ultraschall? Wie bauen wir Redundanz in die Systeme ein? Wie werden wir das CO2 los, um nicht zu ersticken? Warum sind auf einmal Risse in den Scheiben? Was tun, wenn nichts mehr geht? Und was, wenn dann auch noch die Polizei kommt? In dem Vortrag geht es nicht um Probleme anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln. Mit Fotos von Selene Magnolia about this event: https://events.ccc.de/congress/2023/hub/event/how_to_build_a_submarine_and_survive/

The aim of this talk is to critically analyse the use of digital technology in the current context of global ecological injustice and the collapse of ecosystems. But how can we strive for and promote a sustainable, just and democratic digital future? The challenges are huge and include the digital world's hunger for energy as well as the exploitative global practices of tech companies or the discussion of the current AI sustainability hype. But which digital tools make sense, which do not and how can we achieve global social emancipation from self-destructive structures and towards ecological sustainability and a and a just world? about this event: https://events.ccc.de/congress/2023/hub/event/on_digitalisation_sustainability_climate_justice/

Die zwölf Jahre seit der Selbstenttarnung des NSU haben gezeigt, dass auf den Staat bei der Aufklärung und Aufarbeitung von rechtem Terror kein Verlass ist. Deshalb haben Betroffene von rechter Gewalt, Antifaschist\*innen und Zivilgesellschaft diese Aufgabe wieder und wieder selbst in die Hand genommen. Die daraus gewonnenen Analysen, die Aufklärung und die entstandenen solidarischen Netzwerke sind vielfältiger, als sich viele am Anfang vorgestellt haben. Doch wir wollen fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern? Das bundesweite antifaschistische Bündnis NSU-Watch hat im Sommer 2023 sein Buch „Aufklären und Einmischen. Der NSU-Komplex und der Münchener Prozess“ in der erweiterten Neuauflage herausgebracht. Es gibt einen Überblick über die bisherige Aufarbeitung des NSU-Komplexes. Auf dieser Grundlage wollen Vortrag und Lesung fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern? Die Antworten sind vielfältig und warten teilweise noch darauf, entdeckt zu werden. Und trotzdem bleibt die Gefahr rechten Terrors hoch, auch weil auf staatlicher, behördlicher und gesellschaftlicher Seite Konsequenzen noch ausstehen. Doch wir wissen bereits jetzt genug, um rechtem Terror aktiv entgegenzuwirken. about this event: https://events.ccc.de/congress/2023/hub/event/gemeinsam_gegen_rechten_terror_aber_wie/

How do you capture a video from an 1989's Game Boy without modding the original hardware? With an adapter cartridge that spies on the memory bus! Let's talk about how to reconstruct the Game Boy's memory state, emulate its graphics unit and then encode the image into an MJPEG stream for anyone to use as a USB video class device. In realtime. On an rp2040 microcontroller. The original goal of the open source project "GB Interceptor" was to capture gameplay for one specific game: Tetris. In order to live stream a Tetris tournaments from the contestant's personal Game Boys, the idea was to create an adapter that goes between the Game Boy and the game module to analyze the communication on the memory bus and reconstruct the game state. It turns out that it is actually possible to reconstruct the entire memory state of almost any game and in fact create an rp2040-based adapter that acts as a USB video class device offering the on-screen game footage in realtime. Players can simply put this adapter into their Game Boy and use it like a webcam without additional drivers or knowledge. An essential aspect of this concept is that the Game Boy basically runs all of its code directly from the ROM module, which makes it possible to directly follow the program counter of its 8bit CPU regardless of how the code branches. An image can then be recreated by emulating the graphics unit (PPU). However, there are many edge cases like interrupts, data from registers that are not visible on the bus, the link cable, DMA operations, synchronization of CPU and PPU, game bugs and even bugs in the Game Boy hardware itself. In this talk I will show how all this is done just on an rp2040 with spare cycles to encode everything as a 60fps MJPEG stream. I will shine a light on the edge cases - those that were solved and those that might just be unsolvable with this approach. And I will take you on a sightseeing tour through the 8bit hell that drives our iconic handheld from 1989. about this event: https://events.ccc.de/congress/2023/hub/event/reconstructing_game_footage_from_a_game_boy_s_memory_bus/

Mit einem Glas in der Hand durch die Chemie und Physik eines überraschend komplizierten Getränks Whisky ist ein scheinbar einfaches Getränk: Wasser, Hefe, Gerstenmalz und dann drei Jahre ins Eichenfass. Doch bei genauerem Hinsehen bleiben viele Fragen offen. Warum muss man Scotch Whisky in einer Destille aus Kupfer herstellen? Weshalb werden die Fässer ausgebrannt? Und warum schmeckt mancher Whisky nach Lagerfeuer, andere aber nach Krankenhaus? Hinter all dem stecken oft überraschende chemische und physikalische Prozesse, die auch heute noch Rätsel aufgeben. about this event: https://events.ccc.de/congress/2023/hub/event/die-wissenschaft-vom-whisky/

Von Simone Herpich (Balkonsolar eV) und Dr. Juliane Borchert (Fraunhofer Institut für Solare Energiesysteme) lasse ich mir alles (so viel wie geht) über Solarenergie erzählen. about this event: https://events.ccc.de/congress/2023/hub/event/erklr-ma-solarenergie/

I have previously given talks about security principles and approaches like Least Privilege, TCB Minimization, and Self Sandboxing. The most frequent feedback has been "I don't know how to apply this in practice". So, in this talk, I will show how I applied those principles in a real-world software project: a CRUD web app. My blog. I introduced dangerous attack surface on purpose so I could some day give a talk about how to apply these techniques to reduce risk. This is that talk. I will also introduce the concept of append-only data storage. The end goal of this talk is to show how much more security you can achieve if you don't take an existing architecture and try to sprinkle security over it, but you make architectural decisions with security in mind. This is rarely done in practice because there is a fundamental disagreement between security and software engineering. Security is about limiting what can be done with the software, while software engineering is about not limiting what can be done with the software. My goal with this talk is to show what kind of security gains are possible architecturally. You, too, can sleep soundly at night. Even if the software is written in C. Even if you have bad ACLs or a buffer overflow in the software. about this event: https://events.ccc.de/congress/2023/hub/event/writing_secure_software/

In diesem Vortrag wollen wir auf die letzten knapp drei Jahre Kampf gegen die Chatkontrolle zurückblicken. Ein Kampf, der genauso droht zu einem Wiedergänger zu werden wie die Vorratsdatenspeicherung. Wir waren auf eine harte Auseinandersetzung um Überwachung und sichere Kommunikation vorbereitet. Als Patrick 2020 angefangen, hat uns vor dem, was da kommt, zu warnen, haben wir nicht erwartet, dass es sich zu einer Tragödie entwickeln würde, in der es nicht um Kinderschutz oder Überwachung geht. Sondern um eine Kommission, der jedes Mittel recht ist. Und Korruption und Lobbyskandal. Über die Chatkontrolle wurde in den letzten zwei Jahren viel geredet – die problematischen Inhalte des Gesetzes kommen den meisten von uns wahrscheinlich zu den Ohren heraus. Aber letztlich geht es um nicht weniger als einen historischen Kampf um Ende-zu-Ende-Verschlüsselung. Auf dem Tisch liegt das Thema aber schon deutlich länger. Wir wollen zurückblicken auf die Ursprünge und Kernpunkte des Gesetzesvorschlags. Und dann zusammen mit dem Publikum noch einmal die unüberschaubaren Wege gehen, die die Arbeit an diesem Gesetzesentwurf genommen hat. Aus der Perspektive von Deutschlands oberstem Datenschützer (Ulrich Kelber), dem Abgeordneten des Europäischen Parlamanets (Patrick Breyer) und der digitalen Zivilgesellschaft (khaleesi) erzählen wir die bisherige Geschichte der Chatkontrolle. Wenn ihr dachtet, ihr hättet alles zur Chatkontrolle gehört, bereitet euch auf eine absurde Tragödie vor, die ihr Ende noch nicht gefunden hat. Trotz des Erfolgs im EU-Parlament haben wir noch lange nicht gewonnen. Denn alles hängt im und am Rat, dessen Position könnte im Trilog alles zunichte machen was wir hart erarbeitet haben. Und auch die Europawahlen stehen vor der Tür und damit kann sich nochmal alles ändern. Nicht fertige Gesetze werden in der EU in der nächste Legislaturperiode einfach weiterverhandelt. Um die Chatkontrolle endgültig zu stoppen, darf keine EU-Abgeordnete durch den Wahlkampf kommen, ohne sich klar zum Schutz von Verschlüsselung zu bekennen. about this event: https://events.ccc.de/congress/2023/hub/event/chatkontrolle_-_es_ist_noch_nicht_vorbei/

In the original Hacker Ethics, Steven Levy stated that "you can create art and beauty on a computer". That was 40 years ago, creating art and beauty is one thing, but how do you maintain or develop it as a gallery, archive or museum? You know all about CI/CD and deploying to "the cloud"? Well, let me show you how to deploy to a museum or art space. Important note: this talk is not about NFTs. The preservation and presentation of software/computer-based art in museums presents unique challenges in the contemporary landscape. One prominent issue is the ephemeral nature of digital media, which includes websites, games, software and virtual reality art. Unlike traditional art forms, these works often rely on rapidly evolving technologies, making them vulnerable to obsolescence. Museums are faced with the task of preserving and restoring media art in a way that not only preserves the original intent of the artist, but also ensures accessibility for future audiences. Another significant challenge is the dynamic and interactive nature of many media artworks. Unlike static paintings or sculptures, digital artworks often require specific hardware, software or immersive environments to be experienced. Museums need to invest in both the technological infrastructure and the expertise to recreate these conditions and provide visitors with an authentic encounter with the artwork. In this talk we want to look at some solutions from the perspective of software developers who are motivated not only to preserve and present digital media art, but also to develop it with contemporary software development strategies. about this event: https://events.ccc.de/congress/2023/hub/event/devops_but_for_artworks_in_museums/

Wir sollten uns alle mehr Zeit für Mental Health Care nehmen, also mehr für unsere psychische Gesundheit tun. Ich zeige Euch, mit welchen einfachen Schritten das auch zuhause geht... Und wie und wo Ihr professionelle Hilfe dabei findet, wenn Ihr sie braucht - und warum die klassischen Therapiemethoden bei neurodiversen Menschen oft nicht so gut funktionieren. Der erste Teil des Talks klärt, was Mental Health eigentlich ist, wer die braucht (Spoiler: wir alle) und wie sich mit Mental Health Care Resilienz aufbauen lässt. Wir müssen aber auch darüber sprechen, was dieses "Home" eigentlich ist - und ob Ihr das als wichtigsten Mental Health - Skill erkannt habt und nutzt. Ich stelle Euch einfache Skills für Zuhause und unterwegs vor, wie ich sie in der DBT kennen- und schätzen gelernt habe. Skills auch für Menschen ohne psychische Diagnosen - damit das auch so bleibt. Und im dritten Teil reden wir über die Situation, dass und wenn Ihr doch mal Unterstützung für die Psyche braucht: Wie und wo findet Ihr Unterstützung? Ambulante oder stationäre Therapie - oder ganz ungewöhnliche Art der Therapie (Wawuschel-Style)? Und warum brauchen neurodiverse Menschen andere, leider in unserem Gesundheitssystem nicht vertretene, Therapien? Schickt mir gerne vor dem Talk Eure Themen und Fragen zu Mental Health Care zuhause mit, damit ich die einbauen kann. :) about this event: https://events.ccc.de/congress/2023/hub/event/try-mental-health-care-zuhause/

What is Sápmi? And who are the Sami people? Why is their land threatened by the so-called Green Transition? Why is Europe's largest data centre being built on their land? We would like to try to answer these questions and explain in detail why "our green transition" is a threat to the land and rights of the Sami people. We will also discuss the so-called green server infrastructure in Sápmi for example the largest data centre in Europe (by Facebook). We are from the Decolonise Sápmi info tour through Germany and not Sámi ourselves. Our talk is based on presentations given by Sámi people during our tour. Sápmi is located in northern Europe and refers to the land of the Sámi people. Over time it has been colonized by Sweden, Norway, Finland and Russia. As a result, the Sámi have been subjected to various forms of oppression and discrimination by these countries to this day. Sápmi and Sápmi’s colonial history are presented. Current forms of oppression are also addressed. An important role is played by “green capitalism,” a form of capitalism in which oppression is advanced under the guise of climate protection. Some examples include: Dams that disrupt reindeer migration routes and flood sacred Sámi sites, or wind turbines that are widely avoided by reindeer. Of course, the lectures will also address the problems that mines pose for the Sámi. A topic which was discussed lately with the discussion around the rare earths found in the so-called Sweden also here in Germany. Furthermore, the problems caused by the still occurring clear-cutting in the area of the Sámi and the resulting loss of biodiversity are explained. What resistance has there been in recent years against this capitalist destruction and (green) colonialism? What is the current situation in Sápmi and what does the future look like? about this event: https://events.ccc.de/congress/2023/hub/event/ecocide_and_green_colonialism_in_sapmi/

The Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?! In antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn – but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals. In this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine. Find out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System? about this event: https://events.ccc.de/congress/2023/hub/event/how_many_planets_in_our_solar_system_glad_you_asked/

Why do some people stay fit and healthy easier than others, even when following the same health advice? Why does the same medication work well in one person, but not in another? Some of our individuality in these regards may trace to which bacteria we carry in the soil of our intestinal gardens. In this talk, drawing on work by my own research lab at the Charité and on that by our collaborators and rivals elsewhere in the world, I outline what we know, what we speculate, and what obstacles remain in the way of widespread adoption of personalized health prevention through microbiome sequencing. Despite our best efforts of finding the perfect regimen of diet, exercise and medication to keep any person fit and healthy, outcomes for different people vary widely for all of these measures, even when we comply with them fully. Some of this traces to our individual genetics, which remains difficult to change, but another source of variation in responses may come from differences between our gut microbiomes. Human bodies are not sterile, and our skin, our mucosal surfaces and, in particular, our intestines are home to many more bacteria than there are human cells in our bodies, representing hundreds of different species in each person. These microbial ecosystems, or microbiomes, are found in all animals and have coevolved with their hosts. Therefore we rely on commensal ("friendly") bacteria for many functions, including breaking down nutrients, converting some medications into their active forms, producing certain crucial compounds for us from our diet, and helping our immune systems mature and remain tuned. The microbiota also contains temporary visitors and both transient and resident opportunistic pathogens, often kept in check by the immune system and by the commensals, but sometimes escaping such control to multiply and cause disease. Human gut microbiomes begin establishing at birth and evolve over a lifetime, but remain quite stable within each person throughout adulthood unless something serious like repeated antibiotic cures disrupt them. However, they can differ quite substantially between individuals as well as between populations, reflecting factors such as nutrition and environmental exposures. It has been proposed, and to a degree already demonstrated, that differences between individuals in which gut bacteria they harbour may underlie differences in their susceptibility to disease, their resilience to stressors, and their responses to environmental stimuli. Thus the variation in responses to the same lifestyle between different people may reflect their gut microbiomes. This would open up several venues of personalized medicine, lifestyle advice and nutrition. Choice of medications, diets or interventions could be selected according to a person's specific microbiome to be most effective. It might also be possible to potentiate such interventions by altering the gut microbiome in different ways, such as through antibiotics, probiotics, nutrition or through microbiome transplantation from another person. Alternately put, by adapting the microbiome to a lifestyle intervention, and/or adapting a lifestyle intervention to the microbiome, we may be able to optimize how a given person can seek and achieve fitness and health. In this talk, I will outline what we know on these topics so far, especially from studies using large-scale microbial (meta-)genome DNA sequencing. In this talk I will draw on work by my own lab at the Charité in Berlin, as well as that of our colleagues, rivals and collaborators elsewhere in the world. I will give examples of known gut microbial modulation of human responses to the external environment and introduce the most common strategies both for researching such effects and for their leverage as health-promoting tools. Where there are limits to our knowledge or obstacles to its practical application, I will identify those obstacles and suggest ways to overcome them. about this event: https://events.ccc.de/congress/2023/hub/event/gut_feelings_can_we_optimize_lifestyle_diet_and_medication_according_to_our_respective_microbiota/

Über die letzten vier Jahre sind in der Nautosphäre um den Chaos Computer Club, Deutschland, Europa und der Welt aufregende, irritierende, bemerkenswerte und empörenswerte Dinge passiert, bei deren Einordnung wir gerne helfend zur Seite stehen wollen. Von Berichten aus den Erfahrungsaustauschkreisen über die digitalen Hausbesuche bei den Luca-Apps dieser Welt, von kleinen und riesengroßen Hacker-Veranstaltungen zu den inzwischen schöne Tradition gewordenen Gutachten für unser Verfassungsgericht wollen wir in vielen kleinen Wortmeldung ein rundes Bild zu den Entwicklungen der letzten vier Jahre und einen Ausblick auf das Jahr 2024 geben. about this event: https://events.ccc.de/congress/2023/hub/event/vierjahresruckblick_des_ccc/

Presentation/introduction to the ongoing 37C3 art exhibition groupshow with Joachim Blank, Eva Davidova, Meredith Drum, exonemo, Jonas Lund, Sahej Rahal, Ingeborg Wie by panke.gallery (Sakrowski). With ANIMAL()CITY we draw inspiration from the ghostly presence of foxes that roam the city at night – which nowadays is a common appearance in urban environments – evoking echoes of a pre-industrial era while at the same time drawing people’s attention to a layer of the city that completely eludes their perception in everyday life. In these moments we witness animals and plants forming their own realm and the city itself having its own life, acting like an entity, a ghost at times. Encounters with wild animals in the city make the parallel layers of the landscape momentarily tangible and remind us that we are part of these ‘non-human’ networks as well. On a darker note: urban wildlife not only echoes pre-industrial times but also projects an idea of what our cities will look like when all the people have disappeared due to the consequences of the climate catastrophe. However, the city may also be read analogous to the internet. Animals, humans and plants seldomly interact within the city, and while we might notice traces or encounter their phantoms we seem to live in parallel worlds. Similarly, online we are divided by platforms into threads and channels, living in multi-layered structures haunted by uncanny bots and AI agents. We believe that AR sculptures highlight an ethereal quality of the digital; they appear to transcend from the realm of immateriality into the physical space – the so-called spatial internet that overlays our cities. AR layers possess a magical quality in that they exist as objects whose influence on our world is – on a first step – contingent to our acceptance and perception of them as physical objects. ANIMAL()CITY is an aesthetic inquiry of the artists’ views on how AR may intercept different layers of perception and realities or completely superimpose them. The exhibition presents a collection of animals that transcend their natural forms and assume various "non-natural" shapes; from fantastical mythical creatures to archetypical animal sculpture adhering to classical composition to the most basic 3D animal assets, taken from game engine templates. These AR-animals introduce elements of imagination to their representation, inviting viewers to explore their own interpretations and engage with the artworks on different levels. about this event: https://events.ccc.de/congress/2023/hub/event/animal_city/

In October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special? Gamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light. In October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the ‘Brightest of All Time,’ or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one? Using the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches. about this event: https://events.ccc.de/congress/2023/hub/event/about_gamma-ray_bursts_and_boats/

They call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption was published in July and brings large improvements in performance and security compared to existing protocols. We are here to present Messaging Layer Security, its ecosystem and its roadmap. The MLS protocol is already being used in production to end-to-end encrypt Webex conference calls and will soon provide encryption for Android messages and RCS 2.0 for billions of users. Other messaging tools (such as Discord, Matrix, Wire, etc.) are currently trialing MLS and are expected to follow. Why was the protocol developed in the first place? How does it work? What are the next steps for MLS? MLS improves upon existing protocols such as Signal in group messaging applications. We co-authored the protocol specification and will briefly talk about what motivated the creation of MLS, how it relates to other existing messaging protocols as well as its design process in general. As a group messaging protocol, the security guarantees provided by MLS go beyond authentication and confidentiality. We will go into detail on what security properties users can expect and take a look under the hood on how MLS works. While the MLS specification has only been published recently, more work is underway and an ecosystem is already forming around the standard. We’ll touch on topics like MLS implementations, metadata hiding, federation, and interoperability between messengers (also in the context of the new IETF MIMI working group [1]). And of course we’ll share insights into the future of Messaging Layer Security! [1] https://datatracker.ietf.org/group/mimi/about/ about this event: https://events.ccc.de/congress/2023/hub/event/rfc_9420_or_how_to_scale_end-to-end_encryption_with_messaging_layer_security/

Mit der Programmiersprache SuperCollider komponiere ich seit einigen Jahren elektronische Musik, Klangkunst und Sound Design. Dieser Talk ist eine kurze, praxisbezogene Einführung ins Klangbasteln mit Code. SuperCollider ist eine Programmiersprache mit einem eigenen Audioserver. Vom grundlegenden Sound Design über die Komposition, Effekte und Signalfluss wird alles über Code gesteuert. Zugleich kann SuperCollider mit anderen Systemen interagieren, zum Beispiel über MIDI, OpenSoundControl oder Arduino. In meinem Talk spreche ich über * Was ist SuperCollider und wofür ist es gut? * Die SC IDE: Aufbau und Hilfesystem; alternative Editoren * Grundlegende Syntax * Das "Hallo Welt"-Äquivalent von SuperCollider * Eine etwas komplexere Klangfunktion * SynthDefs: die Sound Design-"Blaupausen" in SuperCollider * Komposition mit Patterns * Tipps zum Einstieg und Lernen * Vorstellung einer kleinen Beispielkomposition about this event: https://events.ccc.de/congress/2023/hub/event/klnge-coden-eine-einfhrung-in-supercollider/

This introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps. In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices. We'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too. By the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them. All the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023. about this event: https://events.ccc.de/congress/2023/hub/event/finding_vulnerabilities_in_internet-connected_devices/

In diesem Vortrag beschreibe ich die Geschichte und den Gegenstand des Social Engineerings über den Tech-Kontext hinaus und erkläre anhand relevanter Forschung, wie, warum und bei wem es wirkt. Die modernen technischen Herausforderungen werden ebenso erläutert wie Maßnahmen, die jetzt oder in der Zukunft gegen Social Engineering getroffen werden können – individuell oder in Gruppen bzw. Organisationen. Über verschiedene Epochen hinweg hat sich Social Engineering stets in der kriminellen Nutzung hervorgetan. Professionelle Hochstapler, Trickbetrüger und Agenten nutzten Social Engineering erfolgreich für kriminelle Unterfangen, Datensammlung oder einfach weil es Spaß machte. Doch Social Engineering ist eigentlich ein sehr alltägliches Phänomen. Jeder Mensch ist mindestens in seiner Kindheit ein geschickter Social Engineer. Manche machen es sich zum Beruf, sei es als Verkäufer oder Red-Teamer. Denn Social Engineering ist in seinem Kern die Kunst der Überzeugung anderer Personen. Die psychologische Forschung hat sich seit den 1970ern intensiv damit beschäftigt, wie andere Menschen sich überzeugen lassen und welche Methoden dafür geeignet sind. Die zentralen Modelle und Konzepte wie das ELM-Modell und verschiedene kognitive Verzerrungen (Biases) werden vorgestellt, es wird praktisch veranschaulicht, welche Rolle sie für Social Engineering spielen. Einige Mythen, die in Bezug auf Social Engineering im Umlauf sind, werden beschrieben und aufgeklärt, die ein oder anderen Fun Facts, die so vielleicht noch nicht allen bekannt sind, zur Sprache kommen. Im finalen Teil des Vortrags dreht sich alles um den größten Bereich von bösartigem Social Engineering, der heutzutage online stattfindet. Ich werde die grundlegenden Klassifizierungen von Social Engineering praktisch relevant anhand neuester Forschung erklären und Maßnahmen aufzeigen, die wirklich helfen - konträr zu dem, was einige Berater gerne verkaufen. about this event: https://events.ccc.de/congress/2023/hub/event/social_engineering_geschichte_wirkung_massnahmen/

Let's explore how online communities of activists can help to bring about forms of radical collective change, through decolonial practices of social (un)learning. What enabling conditions need to be put in place? And what counts as "radical change" in the first place?! It's plain to see: modern societies need to undergo radical social, political, and cultural transformations if they are to truly evolve away from capitalist and neocolonial structures founded on egregious exploitation and injustice. In a context of widespread epistemic fragmentation and echo chambers, we urgently need to become better at harnessing the generative power of socio-technical networks to unite our forces as we compost the harmful ways of being, knowing, and doing that are at the root of our our planetary predicament. But we must do so critically, and not view technology as a miracle solution to anything. What could be the role of the internet, and of online communities in particular, in exploring how such deep changes might happen? And how may everyone's wisdom and skills come together in democratic and sophisticated social (un)learning systems, to figure out the way(s) forward? In this talk, we will discuss the results of a 5-year participatory action research program which considered this topic within two different online communities of activists. This project led the researchers to tackle the idea of radical collective change as involving a decolonial approach to collaboration, knowledge, and community-building, and to consider the enabling and disabling conditions - both social and technological - that may influence whether change happens... or not. In particular, this research highlighted the importance of enabling participants to engage on an equal footing and self-organise, while learning to "stay with the trouble" of confronting modern societies' fundamentally unsustainable and oppressive structures, and one's own implication in them. And it also showed some of the pitfalls that come with the use of digital communication tools, as we try to use them to create a better world. Three of the many insights I will substantiate and examine in the talk are: - that online communities have the potential to create deep changes in people when they are built in ways that foster deep relationships, criticality and conflict transformation, and emergent leadership; - that changing socio-political structures must go together with joyful, liberating practices that can help us unlearn harmful cultural patterns that get in the way; and - that perhaps we should be less interested in becoming experts, and rather find the courage and open hearts allowing us to be fearlessly and fiercely present to the world, with all its shit, its wonder, and its uncertainty. Feeling curious? Join us for a chat on how to change the world! about this event: https://events.ccc.de/congress/2023/hub/event/seeds_of_change/

Digitalisierung in der Schule ist spannend, schwierig, und enorm umstritten. Insbesondere in der Verwaltung fehlt es an freien Tools. AlekSIS ist ein umfangreiches freies Schul-Informations-System, das organisatorische Prozesse digitalisieren kann. Wir möchten einen kurzen Einblick geben, was AlekSIS ist, was es kann, wo es aktuell eingesetzt wird und wie die aktuelle Entwicklung aussieht. Weitere Informationen zu AlekSIS auf https://aleksis.org about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/NGE7W8/

Scotland Yard ist ein Brettspiel bei dem es darum geht sich als Gruppe auf einem Stadtplan von London zu koordinieren um einen flüchtigen Mr X zu fassen. Wir haben dieses Konzept in die echte Welt übertragen und als Open Source Web-App für Karlsruhe umgesetzt. In diesem Lightning Talk tauchen wir in die aufregende Welt von Scotland Yard ein und zeigen, wie wir dieses fesselnde Spiel in die Realität übertragen haben. Inspiriert von den spannenden Jagden nach dem flüchtigen Mr X auf dem Londoner Stadtplan, haben wir eine Open-Source-Web-App entwickelt, die es den Spielern ermöglicht, sich in den Straßenbahnen von Karlsruhe zu koordinieren, um ihren eigenen "Mr X" zu finden. Wir erkunden die Herausforderungen und den Reiz, ein Brettspiel in die reale Welt zu übertragen. Von der Kartierung der Stadt bis hin zur Implementierung von Strategien und Mechaniken, die es den Teilnehmern ermöglichen, die Rolle von Ermittlern oder dem flüchtigen "X" zu übernehmen, beleuchten wir den gesamten Prozess der Umsetzung dieses aufregenden Konzepts. Wenn ihr Spaß an Hotfixes, weirden Bugs und deployment nach Spielstart habt, kommt gerne vorbei. about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/U8XGFL/

This talk will give a brief introduction of deep learning models and the energy they consume for training and inference. We then discuss what methods currently exist for handling their complexity, and how neural network parameter counts could grow by orders of magnitude, despite the end of Moore's law. Declared dead numerous times, the hype around deep learning is bigger than ever. With Large Language Models and Diffusion Models becoming a commodity, we ask the question of how bad their energy consumption *really* is, what we can do about it, and how it is possible to run cutting-edge language models on off-the-shelf GPUs. We will look at the various ways that people have come up with to rein in the hunger for resources of deep learning models, and why we still struggle to keep up with the demands of modern neural network model architectures. From low-bitwidth integer representation, through pruning of redundant connections and using a large network to teach a small one, all the way to quickly adapting existing models using low-rank adaptation. This talk aims to give the audience an estimation of the amount of energy modern machine learning models consume to allow for more informed decisions around their usage and regulations. In the second part, we discuss the most common techniques used for running modern architectures on commodity hardware, outside of data centers. Hopefully, deeper insights into these methods will help improve experimentation with and access to deep learning models. about this event: https://events.ccc.de/congress/2023/hub/event/what_is_this_a_machine_learning_model_for_ants/

Viele Geräte für Zuhause gehen viel zu schnell kaputt. Wie mach ich diese wieder fit? Viele Geräte für Zuhause gehen viel zu schnell kaputt. Wie mach ich diese wieder fit? Bügeleisen, Soundbar (Bose!), Elektrogrills etc. haben zumindest ein eingbautes Teil das nach wenigen Jahren den kompletten Bebtrieb des Gerätes verhindert. Absolute Frechheit, gut dass sich der Entstörkondensator in Serie zum Netz für 2-3€ Materialkosten ersetzen lässt. Ein paar Fotos, woher Ersatzteile bekommen, welche, auf was achten? (Werte, Typen, Grösse.) Warum wird das so gemacht, kurze Erklärung dieses "Netzteil" Aufbaus von modernem Wahnsinn. about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/ZP7EEP/

Computertechnik, von Grund auf erklärt Xyrill arbeitet in der Softwareentwicklung und hat sich auch beim Hacker-Jeopardy schon einen Namen gemacht. Jetzt möchte sein Co-Host ttimeless, seines Zeichens Tischlermeister, mal wissen, wie der ganze Computerkram eigentlich genau funktioniert. Und das schon seit mittlerweile 50 Folgen, von A wie algorithmische Komplexität bis Z wie Zeitdarstellung. Alle Folgen und den Link zum Podcast-Feed gibt es unter https://schlüsseltechnologie-podcast.de/ about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/EUNDLQ/

Das Open Source Projekt lernOS (lernos.org) verwendet für die Publikation von Lern-Leitfäden Markdown-Quellen, die über eine Produktionskette mit pandoc in eine Webseite sowie PDF- und E-Book-Versionen konvertiert wird. Der Lightning Talk stellt den Ansatz vor und zeigt einige Problemfelder. about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/LKH3RA/

Following the failure and easy exploitation of the AACSv1 DRM on HD-DVD and Blu-ray, AACS-LA went back to the drawing board and announced the next generation AACSv2 DRM scheme, launching alongside 4K UHD Blu-ray in 2015. Since then, nearly no information has come out publicly about any vulnerabilities or even the algorithms themselves, owing in large part to software players requiring the use of Intel SGX secure enclave technology, which promises integrity and confidentiality of AACSv2 code and data through local and remote attestation mechanisms. Join us as we explore the broken history of AACS, describe practical side-channel attacks against SGX, and present the first look into the inner workings of AACSv2 DRM, culminating in a demonstration of the first full compromise of AACSv2 and unofficial playback of a UHD-BD disc. The Advanced Access Content System (AACS) is a DRM scheme used to safeguard audio and visual content, particularly in high-definition formats like HD-DVD and Blu-ray. First introduced in 2005 following the failure of the Content Scramble System (CSS) used in DVDs, AACS was designed to be not only secure against regular piracy, but included multiple features intended to restrict the impact of a potential leak of cryptographic material such as revocation lists and traitor-tracing. The concepts and algorithms of AACS were described in a publicly-released whitepaper, relying on strong cryptography and secrecy of keys to maintain security. Unsurprisingly, less than a year after publication, the first unlicensed decryption tool was demonstrated using keys reverse-engineered from a software player binary. While AACS-LA was quick to revoke those keys, a cat-and-mouse game emerged with new keys being regularly extracted from sources such as software updates and PS3 firmware. With AACS effectively broken and easily bypassed as described in Eckersley’s 24c3 presentation, AACS-LA would announce the introduction of AACSv2 for the next generation 4K UHD Blu-ray discs. This time, however, AACS-LA would not release the specifications of the DRM publicly, requiring strict NDAs for implementers and increased software/hardware security measures. Most notably, playback of legitimately purchased UHD-BDs on PC requires Cyberlink PowerDVD software running on Windows 10 and an SGX-capable 7th-10th generation Intel CPU. Since the DRM would run exclusively in the SGX secure enclave, no further information about its inner workings or vulnerabilities would be discovered publicly, until now. In this presentation, we explore the security system of AACSv2 DRM and the Intel SGX trusted execution environment. We first analyze the principles of SGX and its promises of an isolated environment, protected from all software running on the machine. We also investigate the use of SGX local and remote attestation primitives intended to verify the integrity and confidentiality of AACSv2 key material and DRM code, and why it has resisted outside analysis for so many years. We then discover how hardware side-channel attacks can be used to undermine these guarantees of SGX, and craft an effective exploit to extract cryptographic material from the enclave and defeat the DRM code obfuscation. Following that, we present the first public description of the inner workings of AACSv2, the key derivation process, and the updated revocation and traitor-tracing mechanisms. We studied BIOS updates from six motherboard vendors to show how SGX can be broken both easily and cheaply, and that vendors are now faced with a decision of security vs. usability in trusting unpatched machines. Finally, we conclude with the first demonstration of a UHD Blu-ray disc being decrypted and played back on a non-official platform. about this event: https://events.ccc.de/congress/2023/hub/event/full_aacsess_exposing_and_exploiting_aacsv2_uhd_drm_for_your_viewing_pleasure/

Im Projekt Link möchten wir einen multimodalen Routenplaner entwickeln und die Verkehrswende aktiv mitgestalten. Im ländlichen Raum auf's Auto verzichten? Für viele angesichts teils dünner ÖPNV-Anbindung undenkbar. In der Folge fahren viele Pendler*innen im eigenen Fahrzeug in die Stadt, wo alle unter Lärm, Platzmangel, Stau und Emissionen leiden – dabei ist der nächste Bahnhof häufig gar nicht allzu weit entfernt. Im Projekt Link möchten wir einen modernen, freien und echt multimodalen Routenplaner entwickeln, der alle persönlichen Belange berücksichtigt. Dafür suchen wir Mitstreiter*innen! ### Mitmachen Das Projekt wird gerade im Rahmen des *Take-Off-Accelerator*-Programms der Hochschule für Technik und Wirtschaft des Saarlandes gefördert. Wenn Du mitgestalten möchtest, freue ich mich, von Dir zu hören: * Bis Tag 4 bin ich auf dem 37c3 anzutreffen. Ruf mich an unter **DECT [5671](tel:5671)**! * Du erreichst mich auch per E-Mail an [[email protected]](mailto:[email protected]) (möglicherweise werde ich erst nach dem Congress antworten). about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/HAS887/

Digitale Bezahlkarten, Migrationsvorhersage mit sogenannter KI, digitalisierte Grenzen zur Festung Europa und immer mehr davon. Ein Überblick, wie Digitalisierung jenseits des öffentlichen Aufschreis genutzt wird, um den Pull-Faktor Menschlichkeit zu drücken. In der Hackerethik steht: „Computer können dein Leben zum Besseren verändern." Aber viel zu oft werden sie für das Gegenteil genutzt. Vor allem im Bereich der digitalisierten Migrationskontrolle. Mit dabei: das Ausländerzentralregister, eines der größten automatisierten Register der öffentlichen Verwaltung; die Idee für digitale Bezahlkarten, die mehr Freiheitsbeschränkung sind als Zahlungsmittel; die üblichen Verdächtigen unter den BAMF-IT-Assistenzsystemen; Vorhersage-Systeme für Migrationsbewegungen; die digitale Festung Europa. Und ganz neu: das Schneller-Abschieben- und das Datenübermittlungsvorschriftenanpassungsgesetz. Die aktuelle Bundesregierung macht munter dabei mit, ihre digitalen Kontrollhelfer weiter auszuweiten. Und fast niemand schaut hin. about this event: https://events.ccc.de/congress/2023/hub/event/glaserne_gefluchtete/

Das Wissen über Open Source Tools, der Zugang zu datensensiblen Technologien und das Verständnis, warum das Datensammelverhalten des DB Navigators ein Problem ist, sind hauptsächlich einer sehr priveligierten Gruppe von Menschen vorbehalten. Das @all-Kollektiv hat es sich zur Aufgabe gemacht diesen Nerdgap zumindest ein bisschen zu schrumpfen und mehr Menschen an netzpolitischen Diskussionen teilhaben zu lassen. Wie, das erzählen wir euch in unserem Lightning Talk! Es ist faszinierend mitzuerleben, wie sich die FOSS-Bewegung den Techgiganten tagtäglich mit unglaublich viel Kreativität und tausend tollen Tools entgegenstellt, die unsere persönlichen Daten persönlich sein lassen und uns in immer mehr Bereichen Alternativen zu fancy durchdesignten Apps bieten, die oft mehr shiny sind als nice. Dennoch bleibt das Wissen über all die tollen Möglichkeiten zum Schutz der eigenen Daten und warum das überhaupt wichtig sein soll, häufig ein intellektuelles Privileg. Und auch Hardcore-Nerds überblicken doch meist nur ihr eigenes kleines Techno-Village und bekommen gar nicht mehr mit, dass Open Source, Fediverse und DDOS-Attacke vielen Menschen einfach gar nichts sagen. Wir, das @all-Kollektiv, finden, dass sich das dringend ändern muss. Es sollte netzpolitisch woken Nerds nicht egal sein, ob ihre Friends weiter ihre Adressbücher, Passwörter, Standortdaten und Nacktfotos mit iDrive teilen und in ihre GCloud laden. Datenschutz darf kein Privileg sein! about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/HBFXMP/

Kurze Vorstellung eines HW Hacking 101 Boards und Motivation Im Rahmen einer IT-Security Vorlesung (Vertiefung) an der DHBW in Mosbach kam die Idee ein kleines Hardware Hacking 101 inkl. Hardware und Challanges zu erstellen. Das Test-Board und Challanges sind so aufgebaut, das diese mit vorgelagerten Vorlesung und Übung an zwei 4-5h Blockveranstaltungen gelöst werden können. **Ziel:** Den Student:inen in der Angewandten Informatik Embedded Security und Design anhand von typischen HW- und SW-Designfails näher zu bringen. about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/HXYASN/

We present THE ANALOG THING, an open source / open hardware project demonstrating how analog computers work. There is no processor in this board. Analog Computing is an unconventional computer architecture based on mathematical analogies. It shares aspects with quantum computing (nonalgorithmic, initial state preparation and measurement) but is way easier to grasp. 5mins of your time are sufficient. about this event: https://pretalx.c3voc.de/37c3-lightningtalks/talk/WNNDEZ/