PLAY PODCASTS
Chaos Computer Club - archive feed

Chaos Computer Club - archive feed

14,494 episodes — Page 49 of 290

Ein Date zwischen Medizinphysik und Informatik (mrmcd23)

Ablauf und Planung einer Strahlentherapie, Umgang mit der Planugs-Software, sinnvolle Hilfestellung durch KI (?) am realen Beispiel Der Vortrag thematisiert einige Schnittstellen zw Medizin, Physik und Informatik am Beispiel der Strahlentherapie, der Planung einer Bestrahlung mittels geeigneter Software, was eigentlich im Körper passiert, wenn dieser mit hochenergetischer Strahlung "beschossen" wird und wie KI ggf dabei helfen kann und wo sie versagt. Diese ist eine Fortführung des Vortrags "Medizinphysik - von Strahlung und KI" von der GPN21. Auf den Studiengang selbst und die Arbeit im Berufsfeld MPE werde ich nicht mehr eingehen, könnt ihr aber hier (https://www.youtube.com/watch?v=-AiI0WFyDVU) und hier (https://medizinphysik.wiki/) nachschauen. about this event: https://talks.mrmcd.net/2023/talk/C8RLGP/

Sep 1, 202350 min

Code und Kekse: (mrmcd23)

Wie bekommt man in einem Großkonzern das unbeliebte Thema Softwaresicherheit umgesetzt? Wir zeigen, wie wir bei DB Vertrieb die Sicherheitsmaßnahmen unseres Softwarelebenszyklus erklären und Unterstützung für die Umsetzung gewinnen. Softwaresicherheit ist in großen Organisationen ein Thema, das oft wenig Begeisterung in Entwicklungsabteilungen auslöst. Das Backlog ist voll, der Zeitdruck für schnell umzusetzende Sprintziele bestimmt den Alltag und das nächste große Release lässt unbeliebte Themen wie Sicherheit, Wartbarkeit oder Skalierbarkeit in den Hintergrund treten. Um Sicherheit in diesem Spannungsfeld zu gewährleisten, kommt es nicht nur auf das technische Knowhow des Einzelnen an, sondern wir müssen alle Beteiligten abholen, um Sicherheit erfolgreich in die Prozesse der Organisation zu integrieren. Unser Vortrag zeigt, wie wir Mitarbeitenden der DB Vertrieb mit zwei Plüschmonstern unterhaltsam und ohne mahnenden Zeigefinger die Bestandteile unseres sicheren Softwareentwicklungslebenszyklus vermitteln: In der Parallelstraße der Sesamstraße wurden aus einem smarten Tresor alle Kekse geklaut. Der Lagerverantwortliche Krümel M. fragt sich: Wer macht so etwas? Wie konnte das passieren? Wer trägt Schuld? Glücklicherweise übernimmt Privatdetektiv Sherlock H. die Ermittlungen und zeigt auf, wie Krümel M. künftig Software sicher entwickeln sollte und erklärt wie Sicherheitsmaßnahmen - zum Beispiel Penetration-Tests, statische Codeanalyse, Threat Modeling - funktionieren und warum man diese umsetzen will. about this event: https://talks.mrmcd.net/2023/talk/ZA888E/

Sep 1, 20231h 20m

mrmcd23 Closing: Das Ende der Realität (mrmcd23)

Es geht zu Ende about this event: https://talks.mrmcd.net/2023/talk/7RKEUH/

Sep 1, 202311 min

Demoparty Preisverleihung (camp2023)

Award ceremony for the winners of the night before. Award ceremony for the winners of the night before. We'll present the winning entries. about this event: https://pretalx.c3voc.de/camp2023/talk/LJQF7F/

Aug 19, 202317 min

Chaos Communication Camp 2023 Closing (camp2023)

A heartfelt farewell about this event: https://pretalx.c3voc.de/camp2023/talk/NXDM8Z/

Aug 19, 202310 min

#CCCamp23 Review (camp2023)

Zahlen, Daten, Fakten. Natürlich wie immer ohne Gewähr. Die #CCCamp23 Review Session - Damit auch DU weißt, was du verpasst hast. Eine stark willkürliche Auswahl von großartigen Dingen auf dem Camp. about this event: https://pretalx.c3voc.de/camp2023/talk/ACVRNU/

Aug 19, 202354 min

Project Blinkenlights (camp2023)

The complete story of Project Blinkenlights: achievements, failures, technology and its cultural impact In 2001, the Chaos Computer Club surprised the world with a simple but impressive interactive light installation on a building in the heart of Berlin: Blinkenlights illuminated 144 windows forming a huge but low-resolution pixel matrix on the facade of House of the Teacher at Alexanderplatz. But this was just the beginning. Much bigger follow-ups took place in Paris and Toronto and in between a lot of other things happenend. This talk shows it all: what worked, what did not work, the good ideas, the bad ideas and all that jazz. This year at Camp, we celebrate Blinkenlights history with another interactive light installation at the Camp. about this event: https://pretalx.c3voc.de/camp2023/talk/E7XGY9/

Aug 19, 20231h 32m

Cadus e.V. (camp2023)

Chaos Family Cadus e.V. about this event: https://pretalx.c3voc.de/camp2023/talk/1668/

Aug 19, 202332 min

Bosch sensors in the flow3r badge (camp2023)

Exploration of the sensor hardware and programming of the flow3r badge. In particular the pressure sensor BMP581 and acceleration/gyrometer BMI270. I will give a quick introduction into the Bosch MEMS technology and sensors. Next I want to show some very basic steps how to use MicroPython on flow3r to play with LEDs and sensors. about this event: https://pretalx.c3voc.de/camp2023/talk/Z3CPTN/

Aug 19, 202350 min

Wir müssen über KI sprechen (camp2023)

Dass wir bald von Superintelligenzen beherrscht werden, die wie ChatGPT Texte generieren, ist unwahrscheinlich. Aber es gibt offene Fragen: zu Wissensgerechtigkeit, Teilhabe und Monopolisierung durch Konzerne. Künstliche Intelligenz ist eine Projektionsfläche. Jetzt wird alles anders! Dabei ist die Beschäftigung damit, wie Maschinen Aufgaben erledigen, von denen wir bisher dachten, dass sie nur Menschen bewältigen können, fast so alt wie Computer selbst. Und auch die Probleme damit, wie Technik eingesetzt wird, sind ähnlich geblieben. Welche Zukunft darf es sein: Gerecht und frei zugänglich für alle, oder doch lieber in den Händen von wenigen? Es gibt offene Fragen: Wer produziert Wissen unter welchen Rahmenbedingungen? Ist das gerecht? Wie können wir uns als Menschen um mehr Gerechtigkeit bemühen und verhindern, dass die Macht der wirtschaftlichen Giganten unter dem Label "KI" noch weiter wächst? Ein Gedankenanstoß zur politischen und gesellschaftlichen Dimension des Hype-Themas der vergangenen Monate. about this event: https://pretalx.c3voc.de/camp2023/talk/EJBDYN/

Aug 19, 202338 min

Reproducible Builds, the first ten years (camp2023)

In this talk Holger Levsen will give an overview about reproducible builds, the past, the presence and the future. How it started with a small BoF at DebConf13 (and before), how it grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course the talk will not end there but rather outline where we are today and where we still need to be going, until we'll all be running 100% reproducible software, verified by many. In this talk Holger Levsen will give an overview about reproducible builds, the past, the presence and the future. How it started with a small BoF at DebConf13 (and before), how it grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course the talk will not end there but rather outline where we are today and where we still need to be going, until we'll all be running 100% reproducible software, verified by many. And while Holger's day to day work and this talk will have a Debian focus, reproducible builds in other project will be featured and not be left behind as Holger has been involved in Reproducible Builds since 2014 and has been working on reproducing Arch Linux, coreboot, Fedora, FreeBSD, NetBSD, OpenWrt and others. Other important software projects will also be covered and last not least Holger will also explain why you'll want verifiable S BOMs and not just SBOMs. So what is this talk about exactly again? "A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts." (https://reproducible-builds.org/docs/definition) about this event: https://pretalx.c3voc.de/camp2023/talk/J7SDTF/

Aug 19, 202323 min

Nerds touching grass (camp2023)

16 years after the international Hackspace revolution, we are finding ourself in the midst of a global crisis with a search for answers. At Bio-Hack-Spaces we create mycelium based build materials, research new ways of growing (or foraging) our own food, build technological bridges to nudge nature in our desired direction or tinker on devices that help us to better understand our surroundings. 16 Years ago, a series of talks by Johl and Pylon on Hackspace Design Patterns sparked an international revolution. Within a few months tens of new Hackspaces were founded all over the world. And while the fun lasted for a while, we are now in the midst of a global crisis, that its least is urgently asking for mitigation strategies. At Bio-Hack-Spaces we create mycelium based build materials, research new ways of growing (or foraging) our own food, build technological bridges to nudge nature in our desired direction or tinker on devices that help us to better understand our surroundings. The Biopunk movement is in almost every regard comparable to the old school hacker movement. It is about resilience, creativity and autonomy. And yet, there is one fundamental difference: While you bend a computer to your will, you can only politely ask anything that lives. So in that sense, Biopunk is about understanding that we aren’t separated from nature, we are nature. And nature will teach us something that society needs more than anything else: the ability to listen. about this event: https://pretalx.c3voc.de/camp2023/talk/FBQJAG/

Aug 19, 202321 min

Landstraßen-, Wirtschafs- und Feldwegnutzung für Stadtmenschen kurz erklärt (camp2023)

Menschen Fahren aus der Stadt aufs Land. Da fährt (sonntags) kein Bus, deshalb bringen sie ihr Auto mit. Dieser Talk erklärt, wie man vermeidet, dass der Ausflug ins Grüne zum Fiasko wird und wie sich auf dem Land der Strassenverkehr von Staedten unterscheidet. about this event: https://pretalx.c3voc.de/camp2023/talk/VYGPCZ/

Aug 19, 202320 min

Jugend Hackt (camp2023)

Chaos Family Jugend Hackt about this event: https://pretalx.c3voc.de/camp2023/talk/2648/

Aug 19, 202342 min

FIDO2 (camp2023)

Passwords suck, Multi Factor Authentication is hip, everyone wants to use it, but most methods rely on some kind of generated One-Time passcode, which are as vulnerable to phishing as the passwords they should help protect. Other possible factors, like app-based authentication also bring similar design flaws to the table A good alternative to insecure factors is the FIDO2 Standard, also sometimes referred to as WebAuthn, and its latest addition, passkeys. This presentation will demonstrate the functionality of FIDO2/WebAuthn and compare it to other possible (multiple) factors. It will also demo setup and some basic configuration. Special emphasis will be brought to passwordless authentication and the benefits and drawbacks of passkeys. about this event: https://pretalx.c3voc.de/camp2023/talk/R3ETSG/

Aug 19, 202348 min

Bootloader Crimes (camp2023)

Sometimes Windows can't be avoided, usually to run or dissect some weird piece of software. Fortunately, we have virtual machines for that, but installing or maintaining such an image is always a hassle. I built a web-tool based on open-source tools to make the experience of building such images much more enjoyable and discovered some interesting quirks and ways to run and install Windows. about this event: https://pretalx.c3voc.de/camp2023/talk/LLV8KV/

Aug 19, 202321 min

Energy Consumption of Data Centers (camp2023)

The energy consumption of datacenters is increasing exponentially. Local community heating is required to heat houses. The talk will give an overview of the existing problems and examples how data centers can be integrated into green power generation to heating concepts producing data center services en passant. 3% of global electricity consumption today and are projected to touch 4% by 2030. The average hyperscale facility consumes 20-50MW annually – theoretically enough electricity to power up to 37,000 homes[1]. Newer concepts reduce the energy for cooling to zero and integrate the datacenter into photovoltaic energy sources and local community heating as a sink[2]. Open source concepts allow to run a local cloud zone in this location regaining control of citizen data. [1] https://datacentremagazine.com/articles/efficiency-to-loom-large-for-data-centre-industry-in-2023 [2] https://www.ala-magazin.de/_thumbnails_/1680_2_JH-Computers_BHKW.jpg)](http://www.ala-magazin.de/ala-magazin/artikel/2021/jh-computers-gmbh.php about this event: https://pretalx.c3voc.de/camp2023/talk/KXXKKX/

Aug 19, 202347 min

Unlock the Door to my Secrets, but don’t Forget to Glitch (camp2023)

Microcontrollers are used in numerous applications and even in security-relevant areas, for example in form of hardware security tokens or crypto wallets. Hence, the non-volatile flash memory of microcontrollers contains sensitive assets such as cryptographic secrets or intellectual property, that need to be protected from being read out by adversaries. In order to prevent illegal extraction through the integrated debug interface, dedicated protection features are in place. In this talk, we take a look at an attack vector that we call *flash erase suppression*. This attack vector leverages that many microcontrollers allow to deactivate their debug interface protection under the condition that the entire flash memory is erased first. The attack suppresses this mass erase with a glitch whereby its contents are preserved and accessible through the activated debug interface. This type of attack was first presented by Schink et al. at CHES 2021, but only received little attention so far. The talk provides an introduction to this attack vector and gives a foretaste of a comprehensive analysis that will be published soon. The attack will be demonstrated live on stage with an exemplary microcontroller. about this event: https://pretalx.c3voc.de/camp2023/talk/AS9MQY/

Aug 19, 202323 min

Curious case of Indian metros (camp2023)

Major states/cities in India have metro railway system for easy commute. The technology, _however_, has been exploited for a long period of time. I'll go through what's wrong with current system and how to make profit (free travel, I mean) out of it. The talk is majorly about NFC (majorly, MiFare DESFire EV1 cards & classic cards). Keep in mind that this is not a NFC 101. I barely understand NFC due to lack of documentation, I just know enough to make profit out of it. I'll go through the ideas that floated in my mind during this hacking journey and also all the issues that I fell into. about this event: https://pretalx.c3voc.de/camp2023/talk/VHABLM/

Aug 19, 202334 min

c3lingo (camp2023)

. Frag die Teams about this event: https://pretalx.c3voc.de/camp2023/talk/2381/

Aug 19, 202345 min

c3 MorningShow (camp2023)

. about this event: https://pretalx.c3voc.de/camp2023/talk/B7YFEV/

Aug 19, 202318 min

Hack My handicap (camp2023)

Our environment is full of technologies, connected objects and other gadgets that make our daily life much easier. It is indeed, quite easy to remotely command all kind of devices from our smartphones, with a single click. These technologies are also very efficient to help compensate certain handicaps but they have limits when it regards people whose handicap – or combination thereof - prevents them from manipulating a smartphone, reading a screen or using vocal commands. The good news is that it is not necessary to reinvent the wheel as alternative ways to interact with our technological environment, already exist. These solutions however, often stay inaccessible because their usage is judged too complex, their implementation considered time-consuming but mostly because of their (outrageous) price. As a patient, it can be very frustrating to be shut down from these possibilities to improve our quality of life and become more independent. That’s why I turned all my hopes to open-source hardware and tools, right after my I soldered my first TV-B-Gone, about 10 years ago :) I’ve been working on this “Impossible Interface” ever since. I can only describe it as a universal remote control that can also interact with non connected physical objects like the buttons of a lift or a simple light switch. The name Impossible Interface was chosen because of the amount of time I was told it was impossible to build such a device, especially for less than 500 euros but ... Bootchoo II, my latest prototype basically is a Arduino compatible 5 Axis Robot Arm (https://www.adeept.com/robotic-arm-uno_p0118.html) to which I just added a Bluetooth module and I am currently testing several ways of controls it. Ideally, commanding that little bot could be personalized depending on the type of handicap(s) that needs to be compensated. I am currently focusing on patients with low finger mobility, testing different sizes of joysticks as well as other “alternative remote” possibilities such as the ones offered by the MCH2022 badge and the Flipper Zero. As for the reason why I submitting this small talk – even though I am very shy – is because it is precisely not about me. Being as autonomous as possible is a need we all share and it should not be considered a luxury. I’ve mostly worked alone on this project but I got a lot of support from the Hacking Health Besançon association (https://hacking-health.org/fr/besancon-fr/), since I submitted this project during their latest edition. I’ll also admit that it is also time to ask for help to make this open-source assistive robot, safer, stronger and smarter and I can’t think of a better place to share my humble experiments, than at CCCamp. about this event: https://pretalx.c3voc.de/camp2023/talk/38XP9W/

Aug 19, 202328 min

Energy transition into the future, but what about ICT? (camp2023)

Climate change is one of our biggest challenges, and therefore the way we get our power has to change: The newest revision of the Netzentwicklungsplan constitutes for a large amount of additional renewables and our power grid will undergo a transformation. A greater interconnection is needed to efficiently use these resources, but what will happen in case of an error, false values or even an adversial attack? This talk aims to give an Idea about the smart grid and how such questions can be talked using open source software and data. about this event: https://pretalx.c3voc.de/camp2023/talk/9BR9VH/

Aug 19, 202348 min

Hacken Dicht (camp2023)

Die offizielle "Hacken, Dass?!"-Aftershowparty mit säuberlich kuratierter Bar. Das Pflichtprogramm für alle Fans! about this event: https://pretalx.c3voc.de/camp2023/talk/KLVEKE/

Aug 18, 202353 min

Vacuum robot security and privacy (camp2023)

Exactly 5 years ago we were presenting ways to hack and root vacuum robots. Since then, many things have changed. Back then we were looking into ways to use the robots' "dumb" sensors to spy on the user (e.g. by using the ultrasonic sensor). But all our predictions were exceeded by the reality: today's robots bring multiple cameras and microphones with them. AI is used to detect objects and rooms. But can it be trusted? Where will pictures of your cat end up? In this talk we will look at the security and privacy of current devices. We will show that their flaws pose a huge privacy risk and that certification of devices cannot be trusted. Not to worry, though - we will also show you how to protect yourself (and your data) from your robot friends. You will learn on how you can get root access to current flagship models of 4 different vendors. Come with us on a journey of having fun hacking interesting devices while preventing them from breaching your privacy. We will also discuss the risks of used devices, for both old and new users. Finally, we will talk about the challenges of documenting vacuum robots and developing custom software for them. While our primary goal is to disconnect the robots from the cloud, it is also for users to repair their devices - pwning to own in a wholesome way. about this event: https://pretalx.c3voc.de/camp2023/talk/8ZEGLE/

Aug 18, 20231h 1m

Hashing Pico Berries (camp2023)

Nachhaltige Kryptographische Sicherheit stellt insbesondere für stromsparende Hardware eine Reihe von Herausforderungen dar. Für Lösungen mit langer Einsatzzeit müssen heute auch die Sicherheit gegen Quantencomputer Berücksichtigung finden. Hashbasierte Signaturlösungen für den Raspberry Pi Pico ermöglichen beispielsweise Sensorlösungen, welche für Jahrzehnte kryptographische Sicherheit mit stromsparender, standardisierter und preisgünstiger Hardware ermöglichen. Wir präsentieren erste Prototypen aus einer laufenden Masterarbeit. Ruediger Weis Pierre Kurzer Nachhaltige Kryptographische Sicherheit stellt insbesondere für stromsparende Hardware eine Reihe von Herausforderungen dar. Für Lösungen mit langer Einsatzzeit müssen heute auch die Sicherheit gegen Quantencomputer Berücksichtigung finden. Hashbasierte Signaturlösungen für den Raspberry Pi Pico ermöglichen beispielsweise Sensorlösungen, welche für Jahrzehnte kryptographische Sicherheit mit stromsparender, standardisierter und preisgünstiger Hardware ermöglichen. Wir präsentieren erste Prototypen aus einer laufenden Masterarbeit . # Techfoo Raspberry Pi Pico W: * RP2040 microcontroller chip * Dual-core Arm Cortex M0+ processor, flexible clock running up to 133 MHz * 264kB of SRAM, and 2MB of on-board flash memory * Wireless (802.11n), single-band (2.4 GHz), WPA3 https://www.raspberrypi.com/documentation/microcontrollers/raspberry-pi-pico.html Implementierung: Grundlage: https://github.com/davidmcgrew/hash-sigs (David McGrew ist Mitverfasser des RFC8554) Modifikation: * Schlüssel-Cache auf on-board flash memory, Cache für Nodes des Hash Tree * Nur LMS (LM-OTS Hash Tree), keine HSS (Hierarchical Signatures) * Maximal können auf dem <2MB Festspeicher (Verfügbarer Speicher abzüglich MicroPython Interpreter und Lib) 128 Schlüssel im LMS-HashTree gespeichert werden * (Zusätzlich ist eine Abwägung der Größe zu speichernder Sensordaten vs. Anzahl Schlüssel notwendig, ggf. Schlüsselmenge auf 64 reduzieren) * Schlüsselgröße für Winternitz Parameter w=8-Bit, derzeit (gesamt: 288.8kB bei 128 Schlüsseln): o LM-OTS Private: 2184 Bytes o LM-OTS Public: 72 Bytes o Signatur: 2348 Bytes o LMS Private: 108 Bytes o LMS Public: 72 Bytes about this event: https://pretalx.c3voc.de/camp2023/talk/TLB9KC/

Aug 18, 202321 min

Hacken, dass...? (camp2023)

Chaos-Gala auf dem Camp. Stecker mit dem Radlader crimpen? Prozessoren am Geruch erkennen? Telefonnummern anhand des DTMF-Geräuschs hören? Mit Show-Acts und Triple-C-Promis auf der Couch. about this event: https://pretalx.c3voc.de/camp2023/talk/83HPJY/

Aug 18, 20232h 0m

Electronics prototyping is way too easy and there's no reason you can't do it (camp2023)

Hardware is hard, right? Wrong. Building electronics prototypes has never been easier, and people who have been afraid to do it have nothing to fear. I'll tell you about how I build fancy high end devices with minimal, extremely cheap equipment, how it all works, and how you can do it too. We'll find out how to trick your body into making your hands not shake. We'll look at reflow soldering, the way the electronics assembly industry cheats in every possible way to save time, cost, and effort, and how we can do the same, but better, by hand. In 2015, someone was wrong on the Internet. To prove a point, I started teaching people how to prototype electronics. By now, I've taken thousands of people from zero to one boards built, and I think I've proved my point. Building electronic prototypes is easy. It has to be, because machines have to do it, and machines are terrible at what they do and have no idea when they've done it wrong. Humans can do better, more precise, and often faster. It just takes a bit of technique, a bit of practice, and a lot of courage. I'll take you through it, show you some fancy boards prototyped that way, and try to give you the confidence to attempt prototyping your own designs. about this event: https://pretalx.c3voc.de/camp2023/talk/8B9QES/

Aug 18, 202321 min

Digitalcourage und die Post DHL Group (camp2023)

Die Deutsche Post DHL Group erhielt von Digitalcourage den BigBrotherAward 2023 in der Kategorie Verbraucherschutz für praktizierten Digitalzwang. Rena Tangens erzählt etwas zu den Beweggründen, aber vor Allem darüber, welch schräge Sachen sich danach ereignet haben. Die BigBrotherAwards prämieren Datensünder in Wirtschaft und Politik und werden einmal im Jahr verliehen. Als Preisträger eines solchen Negativpreises kann man auf einige Arten reagieren: Man kann den Preis ignorieren und weitermachen wie bisher oder man gelobt publikumswirksam Besserung, und ändert womöglich dann tatsächlich etwas. Die Deutsche Post DHL Group erhielt von Digitalcourage den BigBrotherAward 2023 in der Kategorie Verbraucherschutz für praktizierten Digitalzwang, und hat sich für einen recht kuriosen Weg entschieden, mit dieser Kritik umzugehen. Rena Tangens gibt euch einen Überblick darüber, wieso Digitalcourage ausgerechnet die Post und DHL Group für ihren ausgeübten Digitalzwang anzählt, und wird euch nicht ohne ein breites Grinsen im Gesicht erläutern, was die Preisträgerin sich danach alles ausgedacht hat, um sich mit der Kritik nicht auseinandersetzen zu müssen. about this event: https://pretalx.c3voc.de/camp2023/talk/DBMDYN/

Aug 18, 202347 min

Debugging Microcontrollers (camp2023)

Debugging and Profiling ARM Cortex-M microcontrollers with GDB and Python. This talk gives you an overview of debugging ARM Cortex-M microcontrollers with a focus on the *practical* configuration and usage of the relevant tools. In particular, I will present: - Debug interfaces ([SWD](https://developer.arm.com/documentation/ihi0031/a/The-Serial-Wire-Debug-Port--SW-DP-)) and the associated debug probes ([J-Link](https://www.segger.com/products/debug-probes/j-link/), [STLink](https://www.st.com/en/development-tools/stlink-v3minie.html)) and libraries ([JLinkGDBServer](https://wiki.segger.com/J-Link_GDB_Server), [OpenOCD](https://openocd.org)). - How to install and configure [arm-none-eabi-gdb(-py3)](https://developer.arm.com/Tools%20and%20Software/GNU%20Toolchain) for debugging your ELF. - Commonly used [GDB commands and scripts](https://sourceware.org/gdb/onlinedocs/gdb/index.html). - Advanced [GDB scripting via its Python API](https://sourceware.org/gdb/onlinedocs/gdb/Python.html). - Inspecting [peripheral state](https://github.com/pengi/arm_gdb) with [CMSIS-SVD files](https://www.keil.com/pack/doc/CMSIS/SVD/html/index.html) and custom visualizations. - Dynamic call stack tracing and graphing. - Coredumping for post-mortem debugging via [CrashDebug](https://github.com/adamgreen/CrashDebug). - [Remote GDB scripting](https://github.com/cs01/pygdbmi) via the [Machine Interface](https://sourceware.org/gdb/onlinedocs/gdb/GDB_002fMI.html). - [ITM profiling](https://developer.arm.com/documentation/ddi0403/d/Appendices/Debug-ITM-and-DWT-Packet-Protocol?lang=en) over SWO pin using [Orbuculum](https://orbcode.org/orbuculum/). - Thread/IRQ/Workqueue scheduling visualization and latency analysis using [perfetto](https://perfetto.dev). - High-bandwidth [ETM tracing](https://developer.arm.com/documentation/ihi0014/) over TRACE pins: [J-Trace](https://www.segger.com/products/debug-probes/j-trace/) and [ORBtrace mini](https://orbcode.org/orbtrace-mini/). - Interesting related projects and possible future work. This talk is meant to introduce you to what is possible with embedded debug tools in practice, rather than to give you a comprehensive lecture. about this event: https://pretalx.c3voc.de/camp2023/talk/BQF8TR/

Aug 18, 202339 min

Digital tech fictions as replacement for social and political change? (camp2023)

The climate catastrophe is imminent and global injustice is rising. Now a lot of new digital tech (AI, blockchain, big data, quantum computing) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as "change placebos" resulting in "placebo change", meaning no change at all. Giving concrete examples, this talk wants to explain 1) in which ways technological developents are misused as diversion from the necessary change and 2) the necessity to design concrete technical use cases including their conditions and limitations in order to create a fruitful debate for sustainability assisting technologies and their actually helpful implementations. about this event: https://pretalx.c3voc.de/camp2023/talk/UCKY8H/

Aug 18, 202345 min

On Track Demoparty (camp2023)

On Track is a demoparty inside the chaos communication camp. In short: a demoparty is a multimedia art festival where the participants usually use any kind of computer or digital device for their creations. On Track is a demoparty inside the chaos communication camp. In short: a demoparty is a multimedia art festival where the participants usually use any kind of computer or digital device for their creations. Get your votekey NOW by contacting us on matrix (#ontrack:matrix.org channel), on the Demoscene Discord (#ontrack channel), on Mastodon (@[email protected]) or find us on the camp-site! The voting system is available at https://party.on-track.camp. You are of course encouraged to make an entry, but enjoying the event and voting for the entries is just fine! The following competitions will take place: - Photo - Combined graphics - Combined music - AI generated - A camp badge combo - New school demo - New school intro - Wild All infos including deadlines and "compo" specific rules as well as the timetable can be found at https://on-track.camp. Invitation to the party released at Revision: https://www.pouet.net/prod.php?which=94130 about this event: https://pretalx.c3voc.de/camp2023/talk/EHUHSS/

Aug 18, 20232h 0m

Digital Rights in Europa (camp2023)

Der Politikbetrieb der Europäischen Union läuft allzu oft unter dem Radar politischer Bewegungen, obwohl dort fundamentale Entscheidungen getroffen werden. Wir wollen uns einige aktuelle netzpolitische Themen anschauen und diskutieren, welche Rolle die Digitale Zivilgesellschaft als Teil einer emanzipatorischen Praxis einnehmen kann. Vorratsdatenspeicherung, Uploadfilter und Chatkontrolle - alle paar Jahre wird uns bewusst, dass die Grundlagen einer digitalen Gesellschaft in den komplexen europäischen Institutionen verhandelt werden. Dort werden - allzu oft ohne breitere gesellschaftliche Diskussion - Entscheidungen getroffen, die uns alle betreffen. Während die drohende biometrische Massenüberwachung vielleicht noch einige Aktivist*innen auf die Straße treibt, werden mit e-evidence rechtsstaatliche Grundsätze ausgehöhlt, dem European Health Data Space der Datenschutz gerade bei sensibelsten Daten untergraben und Polizeibehörden europaweit die Möglichkeit gegeben, personenbezogene Daten automatisiert abzurufen. Auch die Migrationsabwehr wird digitalisiert und ein umfassendes Kontrollregime für Menschen auf der Flucht innerhalb und außerhalb der technisch hochgerüsteten Grenzen geschaffen. Während Sicherheitspolitiker*innen, aber auch die Lobby großer Konzerne bestens vernetzt in Brüssel ihre Agenda durchsetzen, halten nur wenige sehr spezialisierte NGOs die Fahne der Emanzipation hoch. Im Talk wollen wir einige aktuelle europäische Themen vorstellen und das Selbstverständnis der Digitalen Zivilgesellschaft zwischen Expert*innentum, Brüsseler Vorzimmern und emanzipatorischer politischer Bewegung diskutieren. about this event: https://pretalx.c3voc.de/camp2023/talk/NLGAXT/

Aug 18, 202342 min

c3 NewsShow (camp2023)

Themen des Tages about this event: https://pretalx.c3voc.de/camp2023/talk/XQVTKE/

Aug 18, 202314 min

Elektronisches Orchester Charlottenburg (camp2023)

The Elektronisches Orchester Charlottenburg (EOC) explores the improvisation and interpretation of Electroacoustic Music. This includes the interaction of diverse electronic instruments and their spatialization in real time. The EOC was founded at the Electronic Music Studio at Technical University of Berlin within a seminar of the Audio Communication Group. It offers a platform for developing and applying new instruments and concepts in the realm of electroacoustic music. The Elektronisches Orchester Charlottenburg (EOC) explores the improvisation and interpretation of Electroacoustic Music. This includes the interaction of diverse electronic instruments and their spatialization in real time. The EOC was founded at the Electronic Music Studio at Technical University of Berlin within a seminar of the Audio Communication Group. It offers a platform for developing and applying new instruments and concepts in the realm of electroacoustic music. https://eo-charlottenburg.de/about/ about this event: https://pretalx.c3voc.de/camp2023/talk/N8ZSFH/

Aug 18, 202340 min

Building a cloud-free digital voice assistant with FOSS (camp2023)

What does it take to build a fully functional (and actually usable) voice assistant that runs on a Raspberry with FOSS? This talk describes the journey from the idea to Version 1.0 (and beyond). It has to be a HAL9000 - the enclosure for my cloud-free digital voice assistant. The personal project is based on FOSS and runs on a Raspberry Pi Zero2 W in combination with a RP2040 (with a small display showing an animated HAL eye and a small GUI). I will talk about: * design decisions (and changes), * the system architecture, * why which software components were chosen, * highlight some interesting hardware and software aspects and * quickly show how the 3D model for the enclosure was created with OpenSCAD. HAL will talk about: * the 9000 series, * the AE-35 unit, * ...and whatever else the demo gods will allow. This talk should also serve as a crash-course into the (basic) technology of digital voice assistants - stuffed with information (and anecdotes) about the hardware, software and the 3D-printed enclosure. about this event: https://pretalx.c3voc.de/camp2023/talk/AUN3FY/

Aug 18, 202347 min

Staatstrojaner für bereits begangene Straftaten (camp2023)

Schon wieder muss Karlsruhe ran Vor mehr als zehn Jahren lang ein Staatstrojaner auf dem Seziertisch des CCC. Was die Analyse zeigte, waren neben eklatanten handwerklichen Fehlern auch die mangelnde Prüfbarkeit der Schadsoftware und weitere grundsätzliche Probleme solcher Ausspähmethoden. Leider hat sich nicht viel verbessert – im Gegenteil. Und so haben wir im Juli dieses Jahres eine weitere Stellungnahme zum Staatstrojaner an das Bundesverfassungsgericht gesendet. Wir wollen berichten, was darin steht und was politisch bei diesen heimlichen Ermittlungsmaßnahmen gerade ansteht. about this event: https://pretalx.c3voc.de/camp2023/talk/NWMSTD/

Aug 18, 202344 min

The Failed Space Program of the Hacker Scene (camp2023)

At Camp 2011 the “Space Program of the Hacker Scene” had been released as one of the main aspects as the outcome of this Camp. It is time for a review after 12 years and reshape it into Solarpunk. **~ For Our Future ~** The [Space Program of the Hacker Scene](https://events.ccc.de/camp/2011/wiki/Call_for_Space_Program) had been released. There were three targets for the upcoming 23 years until 2034: 1. Creation of a free Satellite Network 2. A Hacker in Orbit 3. Landing a Hacker safely on the Moon For reaching this goal, several challenges for self-sustaining habitats, community communication, and transportation needed to be resolved. That's where the hacking and making scene came into effect. But the events on the world changed quickly and we see more challenges to keep our space ship Earth intact. Time to review the Hacker Space Program from 2011 and use its spheres of activities for a better future on Earth in combination with the Solarpunk movement. about this event: https://pretalx.c3voc.de/camp2023/talk/SSL7AC/

Aug 18, 202322 min

How to use Internet scans and passive measurements to analyze Russian attacks and their impact in Ukraine (camp2023)

The role of the Internet in the Ukrainian war is not been fully considered yet. Currently, primary Internet based attacks are analyzed, but it is greatly neglected that with the help of the Internet measurement verifiable statements can be made about the real world. Through global Internet scans and a passive blackhole sensor network, we can identify digital and conventional attacks and their effects in this case study on the territory of Ukraine. We will show that it is possible to detect where in Ukraine, Russian attack-related power outages occur and how long they last. For this purpose, we will also scan and analyze 2 major attack waves that occurred about 5 months apart in detail the service availability of more than 400,000 static IP addresses every 4 hours for several months. This long-term period will also allow us to determine whether and if so, how resilient the Ukrainian power supply has become against Russian missile attacks. In addition, we will also analyze other data such as ESA radar images and correlate the degree of destruction of certain regions in Ukraine with our scan data. This method could be used, for example, to support NGOs to determine the need for mobile power generators in certain regions. Furthermore, using BGP data and media information, we will show that Russian forces in Kherson are attempting to route network traffic from local ISPs through Russian territory to gain a tactical advantage. Finally, we will show that through a blackhole network of about 1000 IP addresses it is possible to detect certain DDOS attacks against Ukrainian infrastructures or government websites. The analysis of the temporal course of the attacks shows interesting temporal patterns that suggest some kind of campaign. about this event: https://pretalx.c3voc.de/camp2023/talk/YRKCQT/

Aug 18, 202342 min

Youth Hacking 4 Freedom (camp2023)

You like coding and tinkering with software or hardware? And you are up for a challenge? Then the “Youth Hacking 4 Freedom” is the perfect competition to test your skills. The Free Software Foundation With the “Youth Hacking 4 Freedom” contest the FSFE has created a fun hacking competition for young people from Europe. The participants have the chance to work on their own project idea with the guidance of experts from the Free Software universe. There are no limitations for the projects as long as they are published under a Free Software license. In this competition young people can test their skills, learn how to work on a project under a deadline, and most importantly have fun while meeting different people from Europe. Hear all about the competition and how to participate in this talk. about this event: https://fahrplan.alpaka.space/camp-2023/talk/MBHHVC/

Aug 18, 202316 min

Chaos Zone (camp2023)

. Chaos Family about this event: https://pretalx.c3voc.de/camp2023/talk/5659/

Aug 18, 202327 min

Digitale Gewalt (camp2023)

Was hat sich beim Thema Digitale Gewalt seit dem letzten Camp verändert? Warum plant das BMJ eine Digitale-Gewalt-Gesetz, das diejenigen identifizieren und bestrafen soll, die in Messengern über schlechte Restaurants lästern, und warum ändert sich noch immer nichts an der Pflicht zur Adresse im Impressum? Das und mehr im Update zum Stand der Dinge bei der Digitalen Gewalt. Vier Jahre nach ["Was tun gegen Digitale Gewalt gegen Frauen"](https://media.ccc.de/v/Camp2019-10346-was_tun_gegen_digitale_gewalt_gegen_frauen), meinem Talk im letzten Camp, ist es Zeit für ein Update. Die Ampel hat sich ein Digitale-Gewalt-Gesetz in den Koalitionsvertrag geschrieben und dazu gerade erste 'Eckpunkte' vorgelegt. Warum das völlig am Problem vorbeigeht und dazu möglicherweise für uns alle eine Gefahr darstellt, werde ich in diesem Talk erläutern. Das Justizministerium möchte nämlich nicht nur diejenigen identifizieren, die andere auf Social-Media-Plattformen bedrohen und beleidigen, sondern auch noch viele andere. Die Sicherheitsbehörden freuen sich schon. Aber vor allem: Das löst nicht die vielfältigen Probleme der digitalen Gewalt. Die findet nicht nur auf Plattformen statt, sondern in Partnerschaften und Ex-Partnerschaften, durch Bekannte und Unbekannte, unter Kolleg*innen, in Familien oder Nachbarschaften. Digitale Technologien werden für alle denkbaren Formen der Manipulation und Kontrolle benutzt: Mitlesen von E-Mails, sichtbare und unsichtbare Kameras in öffentlichen und privaten Räumen, AirTags in Spielzeug, Handtaschen, Fahrzeugen. Spyware wird nicht nur von autokratischen Regimes eingesetzt, sondern auch zur Überwachung der eigenen Familie. Was hat sich in den letzten vier Jahren verändert? Wer hilft den Betroffenen und wie können sie sich selbst helfen? Darum geht es in diesem Talk. about this event: https://pretalx.c3voc.de/camp2023/talk/Z9BF9L/

Aug 18, 202345 min

Lightning Talks Session 3 (camp2023)

A short session for even shorter talks. Language: English or German -- german -- Du willst was sagen? Das Podium gehört dir. 10 Minuten hast du, dann wird gewechselt. Ein kurzer Vortrag über die Aerodynamik von Enten, Werbung für dein neues Open-Source-Projekt, ein kleiner Hack den du neulich entdeckt hast, gesellschaftliche Kommentare ... alles geht. Zur Verfügung stehen Mikrophon, Beamer und ein Laptop mit USB-Stick, um Präsentationen im PDF-Format zu zeigen. Falls du eine Präsentation von deinem eigenen Gerät zeigen möchtest, würden wir dich bitten, 15 Minuten vor Beginn zu kommen, damit wir die Technik testen können. Am besten meldest du deinen Vortrag bei [email protected] . Spontane Beiträge sind aber auch gern gesehen, wenn am Ende noch Zeit ist. -- english -- Wanna say something? The stage is yours. You have 10 minutes to talk about anything. A short talk about the aerodynamics of ducks; promoting your new open-source project; a small hack that you found; social commentary ... anything goes. Available infrastructure: A microphone, beamer and laptop with a USB-Stick to show slides (PDF format). If you want to use your own device to show your presentation, please come to the stage 15 minutes before the event so we can test the setup. If you want to have a talk, we'd like you to write a short e-mail to [email protected] . However, spontaneous contributions are also welcome if there's still some time left at the end. about this event: https://pretalx.c3voc.de/camp2023/talk/7ZXGUM/

Aug 18, 202331 min

Zivile Forensik gegen staatliche Überwachung von Journalist*innen (camp2023)

In diesem Vortrag wollen wir euch einen Überblick geben über die digitale Sicherheitssituation von Journalismus weltweit. Spoiler: nicht so gut, und eher schlechte Aussichten. Außerdem erzählen wir ein bisschen was das Digital Security Lab bei Reporter ohne Grenzen anbietet, was wir tun und wie man Betroffene am besten an uns verweisen kann. about this event: https://pretalx.c3voc.de/camp2023/talk/EQKSYM/

Aug 18, 202346 min

WTF DJI, UAV CTF?! (camp2023)

We'll take a look at how DJI - dominating player for commercial and recreational drones - builds their software, specifically from a security angle. This talk will discuss DJI drones, most specifically the DJI Mini-series; looking at the hardware, discussing attack angles, up to a full compromise of a current drone for custom firmware purposes. Along the way, we'll look at a lot of security WTFs that allow to pwn these devices. The amount and quality of bugs sometimes feel like you're trapped in a very cool hardware CTF. We'll go from sniffing hardware busses, making fun of incorrect usage of SoC security features over to how DJI consistently and knowingly violates the GPL, into executing custom code on the flight controller and Linux system. about this event: https://pretalx.c3voc.de/camp2023/talk/PREGSS/

Aug 18, 202343 min

From c3stoc with love <3 (camp2023)

We‘re c3stoc - the CCC sticker operation center. After helping with the sticker distribution at 36c3 we had to find a solution to ensure new laptops wouldn‘t remain naked during the pandemic. During the last three years we organized remote sticker exchanges. Now it‘s time to share our learnings about exchanges and stickers! The idea was just to make sure CCC Congress doesn’t have one single sticker box with a one hour queue. And we actually still like that idea: A system of sticker boxes strategically placed in various assemblies, and a partnership with ChaosPost to ensure an even distribution of the stickers in the boxes. Year 1 - 36c3 - was a success and we were looking forward to doing it again. We didn‘t foresee that a year later we would be packing stickers in envelopes and sending them accross Germany and the world instead. December 2022 marked the third year of existence of the c3stoc remote exchange. In the last years we have designed, printed, received and sent a lot of stickers. We learned (almost) everything about paper quality, sticker sizes and shapes, about postage rules and how to pack stuff correctly, about which mistakes people make when creating stickers and about which designs communities around us love. We’re here to tell you how we organized the exchange, what we learned about sticker logistics and how to make really, really awesome stickers. about this event: https://pretalx.c3voc.de/camp2023/talk/VPL8WX/

Aug 18, 202347 min

Bid3 and CounterMilitarisim Mapping (camp2023)

Sharing experiences of two technical and educational projects that aimed to provide support for the decentralized grass movement in Sudan. showcase of two technical-sociopolitical projects ## Bid3a: The project aims to make socio-political interventions and creatively express themselves through the courage and symbolism of manipulating and artistically hacking tech devices around. At the core of their approach lies the intersection between art, technology, and political thought. Its strives to create something new and innovative by extensively exploring ready-made devices, operating systems, microcontrollers, and circuits. The objective is to expand their imagination, seeking to discover novel ways of socio-political existence and actively participate in the global discourse on cutting-edge technology, driven by the spirit of the ongoing Sudanese revolution. ## Sudan Civic Map: Sudan civic map is Counter-Militarisation Mapping project is a political statement that challenges the dominant narrative of the Sudan conflict. By foregrounding the experiences of civilian-led movements, the project aims to shift the focus from military-centric news towards the humanitarian efforts of these actors and alternative revolutionary practices. Through mapping and visual representation, the project asserts the importance of non-combatant actors in the Sudan conflict, subverting the conventional portrayal of the conflict as a two-party war. about this event: https://pretalx.c3voc.de/camp2023/talk/WHVPD3/

Aug 18, 202339 min

Service Location Protocol DoS Amplification Attack (camp2023)

We will talk about the lately published Denail of Service attack abusing the Service Location Protocol. The research has shown that there are still protocols lurking in the dark to be explored and ab/used. The focus will be on basics of DoS attacks, then focus on SLP, the impact, defense mechanisms as well as the global attack surface. Furthermore, there will be some goodies in regard of other use-cases. Overview 1. Introduction to DoS attacks 2. Introduction to SLP 3. How is the attack working 4. Observations in the wild 5. Fun with SLP 6. Questions? 7. Finish about this event: https://pretalx.c3voc.de/camp2023/talk/NWDFBT/

Aug 18, 202337 min

Delta Chat messenger (camp2023)

[Delta Chat](https://delta.chat) is an e-mail based messenger that works on all platforms. Apart from an Whatsapp/Telegram-style user interface it features a security-audited [Rust-core library](https://github.com/deltachat/deltachat-core-rust), server [templates for setting up a state-of-the-art e-mail server](https://delta.chat/en/serverguide), many different bots, Matterbridge support and, last but not least, a way write standard web apps that can be shared in a chat (https://webxdc.org) which is now also experimentally supported by the XMPP Android messenger Cheogram. The talk will both discuss and demonstrate other unique features, among them QR-code based onboarding and support for protection against machine-in-the-middle attacks against end-to-end encryption, and we'll also provide glimpses in what's brewing for 2023/2024. about this event: https://pretalx.c3voc.de/camp2023/talk/UL7CQU/

Aug 18, 202319 min

PID Loops Control All the Things (camp2023)

Hidden inside basically every physical machine that needs precise control, PID loops are running the show. Quadcopters, self-balancing robots, and even the hot end of your 3D printer all use the same simple routines. Knowing how they work, deep down, and how to set their mystical three parameters is part art and part science, but it's nothing you can't pick up in a quick talk. Nothing explains complex math better than a few hands-on demos, and we'll definitely be tempting the fates here. By the end, you should be confident enough to code up your own PID routines from scratch and get started tuning. about this event: https://pretalx.c3voc.de/camp2023/talk/3HXEEC/

Aug 18, 202345 min