Chaos Computer Club - archive feed

A lack of VoLTE standardisation breaks voice calling globally. Your brand new smartphone may not work because VoLTE is screwed up by manufacturers and carriers. Voice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been standardized for years, but now that more and more 2G and 3G networks are shut down by operators, users discover their phones don't work anymore with basic voice calling. The cause is a massive mess in standardization, with a boatload of options and settings and vendors and carriers interpreting it differently, masked by fall-back to 2G and 3G and lack of "international roaming" agreements for VoLTE. Handset manufacturers decided to implement shortcuts (neglecting parts of the standards) or even worse, implementing white-lists with only mayor operators included, so you cannot switch operators anymore and are up for a big surprise while roaming in another country. The result: Even your brand new phone might be unable to provide voice calling in one country but work in another. Voice-calling might work if you're lucky, but you cannot reach 112/911, the eCALL system in your car fails after 2G/3G shutdown or you cannot receive an SMS you need for remote Two-Factor-Authentication while roaming in another country. It's such a disastrous mess, so should we stop the 2G/3G shutdown and get-it-fixed? This is a tale of a disaster still looming in most of Europe for Europeans, as 2G/3G still works as the fall-back mode of your device. As a result nobody noticed that VoLTE was screwed up. However many non-Americans roaming with their phones into the USA suddenly learn their brand new phone isn't working for voice-calls, as AT&T has shut down 2G/3G on July 1st 2022. Problems already did happen to users roaming into countries like India. Users who buy seemingly the same recent model of a supplier like Samsung or Apple, and think they are safe, might be up for a big suprise too. Months of testing needed per device was considered way too cumbersome and too expensive by many, so at best it was halfway done. Manufacturers decided to cope with it by curtailing the myriad of options and settings, included mobile-network-code white-lists or implement short-cuts (neglecting parts of the standards). With white-lists you suddenly are tied to an operator and changing your subscription from a major Mobile Network Operator to an MVNO, makes voice-calling on your brand new smartphone defunct, only allowing data communications working. The "advice" to complainers is just to use voice-apps, but these don't allow Emergency calls. eCALL devices built into cars that dial emergency numbers may work in your home country, but fail when driving in another land on your holiday. Roaming agreements between international carriers have up to now been made only between major operators in large countries, There are merely 50 international VoLTE roaming agreements actually working. If you are from a "small country" like Sweden, you're out of luck in the USA. Voice-over-LTE (4G), voice-over-NR (5G) and voice-over-WiFi have been screwed up by an unholy alliance of handset manufacturers, carriers, the GSM-Association and IMS-core vendors and standardization bodies, who couldn't decide to settle VoLTE down to a limited set of options and prescribe large scale compulsory plugfests and compatibility tests. Regulators have looked away, expecting the "magic of the market would resolve all issues". Some vendors have engaged in favoritism with white-listing or don't deal with MVNOs and MVNEs, as they don't order millions of devices. This talk explains the cause of the mess and highlights the problems lurking in your brand new device. It provides real problems, with devices and disfunctional VoLTE, collected in 2021/2022. We should ask the question whether the announced shutdowns of 2G/3G in most of Europe have to be stopped. Must device manufacturers and carriers be forced to clean-up their act now, and halt their anti-competitive practices and favoritism, before people die as they cannot reach 112/911 during an Emergency? about this event: https://program.mch2022.org/mch2022/talk/7TVHSD/

The HomeComputerMuseum's idea originated in 2016 and opened the doors in 2018. Since then, we faced several challenges but we came out on the other end and became one of the largest museums about computers with an award-winning social impact, an enormous social network, collaborations over the whole world and even are of essential importance to the Dutch government. The talk is about the original concept, how we build it to what it is now. The original concept of the HomeComputerMuseum is a hands-on computermuseum dedicated to the home computer or connected computers. Because a museum is a terrible businessplan I decided to create a few services, like repairs, selling overstock and reading old media. For this could not be done by one person, I decided to have people with autism help me by simply not putting a label on them. The businessplan was created and eventually a building was rented. The entire museum is physically built in 7 days (not even kidding) and we were off to a very rough start and even balancing on the edge of bankruptcy. However, we managed to stay afloat and we even moved to a much better and bigger building where we enjoyed for a full month before corona hit the museum. As an unsubsidized museum and without big sponsors we were faced a brand new challenge. But we overcame and grew stronger than ever.... (and then there's plenty of story to tell more). about this event: https://program.mch2022.org/mch2022/talk/XTJRMK/

This session will go over my journey to hack the Quincy drawing robot. This is a cheap 3-axis drawing robot, that uses a proprietary "closed" system. I wanted to hack this robot to draw Pokémon's for my son. I will explain how I deciphered the file formats, figured out how the robot could be controlled (which needed some very very difficult math!) and the software I made to create your own drawings. BONUS: At the end of the session you can WIN one of these Quincy Robots!!! This session will explain step by step the process I took to decode the proprietary file formats, using some simple python coding. This will give you an insight in general how you can try to decode file formats that are not documented. Besides understanding the files, the math behind controlling this robot turned out to be very complicated. I will explain the difficulty and if you are a Math Nerd you can see if you could solve this difficult challenge. Finally I will show the software I made to create your own drawing files. about this event: https://program.mch2022.org/mch2022/talk/787GY3/

Modern electronic locks are often optimized for cost, not security. Or their manufacturers don’t do security research. Or they ignore it. For whatever reason, many current electronic lock systems are susceptible to surprisingly simple attacks. We’ll look at some of them, and at the underlying basics, so that you can do your own research. In this talk, we look at a number of modern electronic locks and their security flaws. Surprisingly many current systems are susceptible to very simple attacks, like the equivalent of using bump keys. Of course, there are electronic and/or SW-based attacks, too. We’ll look at some of them, and at the underlying basics, so that you can do your own research. Some of the problems have been fixed by manufacturers, but typically only for future production runs, so you will get some practical advice on how to test your own hardware for these critical flaws. about this event: https://program.mch2022.org/mch2022/talk/KBVXRU/

Ransomware is making a comeback and attacking us all! Learn and sharpen your blades in order to defend against this multi headed monster! There’s a lot to learn from every ransomware attack. By demounting every bit of the attack and looking at every stage there’s much to gain for setting up proper detection and other defence techniques Remember those times when a popup appeared on your screen with the message to immediately transfer an amount of bitcoins to retrieve your files? Ransomware is still a serious threat to a lot of people and organisations and nowadays using more and more advanced techniques to target you and steal your data. This talk will tell us what Ransomware actually is, who’s writing the code and making money out of it, it shows us a bit of the Ransomware history and what types were out there, to better understand what we’re dealing with. And explain all of the ransomware attack stages and what you can do in terms of detection and defence inside your security operations. about this event: https://program.mch2022.org/mch2022/talk/8JETCV/

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's the largest supermarket chains here. They have a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage. The Albert Heijn, everyone (in the Netherlands at least) knows it. It's one of the largest supermarket chains with a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage. AirMiles, tracking stamps for the current saving program, receipts, personal discounts. All these can be viewed or tracked within the Albert Heijn app. But, what if you want to track your savings over time? I want my pretty Grafana dashboard gosh darn it! This talk will go into the story behind randombonuskaart.nl (a website for a 'random' bonuskaart right when you need it), talk about how your private API is not really private and how we can use the Albert Heijn API to track various data and do tedious actions for us. The knowledge gained from this talk can also be used with other apps, but the Albert Heijn app proves for a very good example. about this event: https://program.mch2022.org/mch2022/talk/F88JGH/

This discussion will start with a brief summary on the history of repair initiatives. We can report about our personal repair activities during the pandemic. Subsequently, I'll outline the achievements of the right to repair movement and we can discuss ideas for the future. During a peak in public interest, the repair café movement was caught by the covid pandemic. Many local initiatives adapted quickly and opened online repair consultation hours. In the german-speaking countries, a monthly central online repair café was established. I'll give a lessons-learned about the experiences and limits of these online activities. The political right to repair movement has brought many interesting improvements, for example the french repairability index or the European ecodesign directive. I'll talk about them and what else is to be expected in the near future. This is in interactive discussion format, so ideally I'll only present a few facts and guide through topics while the audience chimes in with their personal experiences and questions. Slides: https://pads.schaffenburg.org/p/Repair-for-future-MCH about this event: https://program.mch2022.org/mch2022/talk/ZNJYHC/

SLAPP suits (strategic lawsuits against public participation) are nuisance lawsuits designed to get journalists, activists, historians, whistleblowers and others to keep quiet. This kind of lawfare isn't new, but there is an increasing focus on the issue in Europe, with new legislation coming. Here's where you find out more. You receive a threatening letter from a major law firm, probably based in London, trying to stop your reporting, or your activism, threatening you as an individual as well as the organisation you are affiliated with - congratulations, you've just been SLAPPed. Strategic lawsuits against public participation (SLAPPs) are on the increase worldwide, and Europe is beginning to take notice. Lawyers' associations in Italy and Croatia report hundreds of nuisance suits being laid against journalists. In Hungary, Poland and Slovenia, the state and its allies are SLAPPing opponents - journalists, anticorruption activists, LGBTI+ rights advocates - with impunity. Litigation has been turned against the activist community, oligarchs try to silence debate and Eastern Europe has become the new home of SLAPP-based oppression, as politics slide into autocracy and leaders stamp down on dissent. Blueprint is part of an 11-country coalition working on the ground to train lawyers to help the victims of SLAPPs strike back. We're currently developing a curriculum from scratch, drawing on European human rights principles and local knowledge. If you want to understand the European situation better, or if you have experience of SLAPPS and can help us understand what kinds of legal training and other defences are useful to civil society, we'd love for you to join this conversation. about this event: https://program.mch2022.org/mch2022/talk/ZUYKEC/

When gathering data for public services becomes privacy infringement and what you as a citizen can do about it. Or: How I made the municipality pay a 600.000 euro fine for invading your privacy. In September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed? In September 2017 The Municipality of Enschede started tracking visitor movements in the city center 24/7 by registering their mobile phones WIFI MAC addresses. Is this an infringement on our privacy, even when the underlying identities remain concealed? Yes it is, claimed speaker and privacy activist Dave Borghuis. After a 4 year process the dutch DPA agreed and Enschede was charge a massive fine for its infringement. Now, can we learn from this case? Where does or should our privacy start? And what can we, as citizens, do to protect our freedom to move about in privacy? Read more on my blog https://daveborghuis.nl/wp/wifi-tracking/ about this event: https://program.mch2022.org/mch2022/talk/LQRMFA/

Stalking is unwanted and/or repeated surveillance by an individual or group toward another person. But what is the impact of tech companies making it easier to do this with the development of technology? In the news, we hear about the increase in stalkerware found on devices or scary government spyware. But it’s not just that, there are so many more common tools used by stalkers. From September 2020 to May 2021, the number of devices infected with stalkerware increased by 63 percent, according to a study by Norton Labs. But stalkerware is not what I encounter most when I get contacted by stalking victims. Almost anyone can become a victim of stalking; stalkers do not just target celebrities. Sometimes they are ex-partners known to the victim, other times they may be a casual acquaintance, or just a simple stranger. With stalkerware, the actor needs access to the device or needs to persuade the victim to install something. In cases where the stalker is a (ex-)partner, that might be doable. But in other cases, it is easier to gain access to the accounts of the victim, gather information about the victim from social media, or use tracking devices (looking at you Apple and Tile) to follow the victim. Tech companies develop new apps and gadgets seemingly without thinking about other ways these can be used. And they end up making it easier to stalk someone. But what can we do about this problem? Should we lower efforts hunting stalkerware and help victims gather evidence? Or can we do something else. about this event: https://program.mch2022.org/mch2022/talk/THP7HG/

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki. Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki. about this event: https://program.mch2022.org/mch2022/talk/BZ3Y7X/

What are the risks and problems of face search engines like Clearview AI and PimEyes? Since institutional protection against these systems is failing us, how can we protect ourselves against this? Three people involved in the fight against biometric mass surveillance share their experiences and reflections. Come to this talk to exchange experiences, learn what tools there are for your protection, how to use them and how you can help stop the creep of mass surveillance technologies. Face search engines like [Clearview AI](https://reclaimyourface.eu/how-to-reclaim-your-face-from-clearview-ai/) and [Pimeyes](https://edition.cnn.com/2021/05/04/tech/pimeyes-facial-recognition/index.html) have all our faces and process our biometric data. They didn't ask us if we like their *service* and if they may use our data. Users of these search engines can now identify us anytime, anywhere. Since biometric data enjoy special protection under GDPR, we filed complaints in multiple European states. We report how data protection authorities did nothing for a long time and tell of the first successes. However, it became clear that GDPR does not protect against biometric surveillance. That's why we have joined forces to form the **[Reclaim Your Face](https://reclaimyourface.eu/)** campaign. Together, we call on the European Commission to strictly regulate the use of biometric technilogies in order to avoid undue interference with fundamental rights. In particular, we ask the Commission to prohibit, in law and in practice, indiscriminate or arbitrarily-targeted uses of biometrics which can lead to unlawful mass surveillance. The two face search engines are not the only examples of everyday biometric surveillance. However, it is difficult to track where else we are being monitored: There is a lack of transparency and oversight. Public authorities and private companies rarely report on their own what they have been up to. We share how we've used FOIA requests, among other things, to create a little more publicity. about this event: https://program.mch2022.org/mch2022/talk/SQQ3D9/

From complaining out loud about a televised government app-a-thon to being hired by the Ministry of Health, Welfare and Sport as lead developer RoHS running a team of devs to work on all the covid backend infrastructure exception routes and making sure no person is left in digital limbo in just under an hour. When late 2019 the first signs from China of the novel Corona virus came I was intrigued, During the first "lock down" in the Netherlands our Ministry of Health, Welfare and Sport created an app-a-thon . . and much hilarity ensued. As all geeks had seen . . nice ideas people . . but Apple and Google already have a standard agreed. And a lot of us "Dutch Hackers" where pretty vocal about it as usual. Meanwhile at "the ministry" a civil servant started hiring people from the Dutch hacker scene. Late December 2020 it came to their attention that there was some missing or ancient infrastructure in place for vaccine registration, not at all ready for the then upcoming vaccination landrush. 14th of December I get a call . . can you clean your calendar for the year? Sure . . just over two weeks, one of them I had planned as holiday anyway to watch CCCongres talks. . Little did I know they meant clear agenda for 2021 .. and 2022 . . not 2020. This story takes you from getting very privacy and security aware infrastructure for registering the first ever Covid vaccination in the Netherlands built and tested in 3 weeks to the current state of the DCC infra up close and personal. about this event: https://program.mch2022.org/mch2022/talk/PHSMTF/

Goal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us. We will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations. Goal is to discuss the gravity of the situation and create shared set of ideas on what is likely coming at us. We will do a Threat Modelling exercise around the climate change topic. Via a collective mind mapping exercise we will create a shared mental model and identify the things that will happen and how they will affect various people at various locations. about this event: https://program.mch2022.org/mch2022/talk/UCSKRM/

Many 5G networks are built in fundamentally new ways, opening new hacking avenues. Mobile networks have so far been monolithic systems from big vendors. Networks are rapidly changing to an "open" model that mixes software from specialized vendors, hosted in cloud environments. The talk dives into the hacking potential of the technologies and new interfaces needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks. # Background # Mobile networks are undergoing a paradigm shift from single-vendor monoliths to open cloud environments. Telco software now comes from different vendors and is installed on commodity hardware. OpenRAN is introduced in many (not all) 5G network globally. Operators hope that OpenRAN will be more flexible and cheaper. But what about security? To make building blocks interoperable, OpenRAN comes with new interfaces, with often unclear security properties. OpenRAN also adds complex IT technologies, which come with their own hacking issues. Many components are run on Linux in Docker containers on top of Kubernetes, adding multiple layers of possible hacking interference. Mobile networks also become easier to test, including for pentesters with experience in web apps and cloud environments. This talk explores how we can best use this new accessibility. # What we discuss # *1. Technology overview.* Which technologies and interfaces are used in OpenRAN *2. Baseline security.* Which security measures are part of OpenRAN, and which gaps are left open *3. Pentest/hacking advice.* How do you test whether a network uses necessary security measures *4. Tales of caution.* Vulnerabilities we found in real-world networks about this event: https://program.mch2022.org/mch2022/talk/8BEFCG/

Attacks on cyber physical systems are perceived as necessarily complex and requiring significant time and resources. However, in the last couple years we have also observed the inverse: simple attacks where actors with varying levels of skill and few resources gain access to software and interfaces that control physical processes. These compromises appear to be driven by ideological, egotistical, or financial objectives, taking advantage of an ample supply of internet-connected cyber physical systems. This is sometimes concerning, for example when it is affects panels for controlling processes in a water facilities or manufacturing processes. Sometimes, though, it is absurd, such as when the critical systems actors claim to compromise are in fact toys or domestic appliances. In this talk, we will share a series of stories of success and failure involving low sophistication compromises on cyber physical systems. We will describe the different types of cases we have observed, what the actors did, and how you can reproduce them for good. At last, we will discuss to what extent these crimes of opportunity represent a risk to cyber physical systems and what we can do about it. In november 2021, I presented a version of this talk at a local non-profit event in Bergamo, Italy. For this event - NoHat - I focused on sharing the stories of low sophistication compromises we observed involving software used to control physical processes. However, for MCH I did some modifications in the title and the presentation itself to share not only the cases, but also how to reproduce them for good. The purpose of this talk is to share with the audience how actors without necessarily a lot of skills or resources are using very simple tools to hack cyber physical systems. I will do some experiments to show very quick results the audience can get reproducing these techniques so that they learn how to find these internet-connected cyber physical assets and notify the owners. The outline of the initial presentation was: • Introduction o Story: Hacked kitchen was supposed to be a gas system • Define low sophistication cyber physical compromises • (De)evolution of cyber physical threats o From state-sponsored to financial, and now opportunistic • Describe low sophistication compromises of cyber physical systems o Distribution and claims of exposed systems o Seeming actor motivations o Common actor techniques o Types of evidence (or lack of) • Low Sophistication Threat Actors Access HMIs and Manipulate Control Processes o Oldsmar, Florida modified HMI on water facility o Israel’s advisory on compromises to water facility systems o Solar energy and dam surveillance system o Hotel BAS • Amateur Actors Show Limited OT Expertise o “Train control system” was in fact a human resources tool o Second “train control system” controls toy trains o Website leaks claiming access to SCADA systems • Hacktivist and Researcher Tutorials o Two hacktivist groups share tutorials for finding and compromising cyber physical systems o Researchers have done too – including a couple examples, such as a recent script to identify tank gauges • Does this activity pose an actual risk to cyber physical systems? o Each incident provides threat actors with opportunities to learn more about OT, such as the underlying technology, physical processes, and operations. o Even low-sophistication intrusions into OT environments carry the risk of disruption to physical processes, mainly in the case of industries or organizations with less mature security practices. o The publicity of these incidents normalizes cyber operations against OT and may encourage other threat actors to increasingly target or impact these systems. • On the bright side… o There are safety methods in place that stop immediate computer instructions from modifying actual physical processes  Engineering and human processes  Missing security on the software side Additional Materials: Please find in this link our recent blog on this topic: https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html about this event: https://program.mch2022.org/mch2022/talk/C9FANR/

Greenpeace is a direct action organisation. We have been doing physical direct civil disobedience actions for 50 years now. Civil disobedience has always played an important part in evolving democratic society if you look for instance at womens’ voting rights, the civil rights movement in the US and de ‘klimaatspijbelaars’. The digital realm is becoming more and more important in all of our lives. That is why we are working on a research project on what digital civil disobedience can look like. This is something else than mere ‘clicktivism’. What are the differences and similarities of online and offline civil disobedience? How do you 'drop' a digital banner or how do we digitally 'occupy' a building or mine? During this talk we want to tell about this project and give you an insight look on how we prepare disobedient actions at Greenpeace. Greenpeace is a direct action organisation. We have been doing direct civil disobedient actions for over 40 years now. At Greenpeace we know our strength and our weaknesses when doing actions in physical spaces. We scale buildings and hang banners, we have blocked the petrol harbour in Rotterdam (multiple times) and we stop oil/gas rigs from operating. All these kinds of actions are part of a struggle for a healthy climate and safe planet to live on and so ideologically motivated. The right to protest is a fundamental European right, a right that is very dear to us and important when chased by the law. At Greenpeace we always look at new ways to do disobedient actions. This is why we started a research on how online actions can contribute to campaigns. The last few months we have been looking into the possibilities of digital civil disobedience actions. We looked at the risks, the actions and the possibilities it will bring. One thing we learned is that everyone we talk to about this topic is super excited. about this event: https://program.mch2022.org/mch2022/talk/J9PRJK/

A series of isolated problems encountered when attempting to fuzz software, in this case Adobe Reader (DC), and hackish solutions to said problems. Constructing a fuzzing pipeline capable of finding real bugs by stringing together freely available tools creating the bare minimum of glue. Starting from target selection, moving over requirements for a given fuzzing campaign to smart input generation, briefly touching on scaling challenges and performance issues. This presentation describes a practical approach to creating a fuzzing pipeline with the purpose of finding real world bugs in closed source software, in this case Adobe Reader (dc). The approach taken is suitable for anyone with basic scripting capabilities, is easy to replicate, and leads to bug hunting capabilities without a doctoral degree or years of experience in vulnerability discovery. about this event: https://program.mch2022.org/mch2022/talk/HVQDNE/

If we consider technology sufficiently advanced indistinguishable from magic, then the closest we get to ancient magical glyphs are barcodes. In this talk, we will show how barcodes are not just simple numbers, but can be used to control the machines. If we consider technology sufficiently advanced indistinguishable from magic, then the closest we get to ancient magical glyphs are barcodes. In this talk, we will show how barcodes are not just simple numbers, but can be used to control the machines. In this talk we do a brief introduction into barcodes, the way they are built, their uses and their misuses. This will be illustrated with a couple of examples of misuses in the real world. After this, we will demonstrate how a common implementation of (barcode)-scanning is vulnerable to a deceptively simple attack, which can lead to some interesting results. about this event: https://program.mch2022.org/mch2022/talk/LFTLBD/

This presentation will includes insights in starting your own online pirate radiostation, the mathematics of bingo cards, keeping participants data up to GDPR standards, Fitbit-statistics, and the optimization of bingo winner-calculations. This presentation will also at one point include a guy in an ice cream cone costume with an offensive name, as well as an optional disco bingo party with songs supplied by visitors to the conference. As the first Covid lockdown made it impossible to continue hosting live events in pubs, many presenters and questioneers quickly adapted to hosting online quizzes. Slightly depressed by the notion that online quizzes would involve a great amount of cheating and the thought that participants would see it as an “okay substitute for the offline version”, I choose to develop an online event that would be impossible to cheat and would give people a unique experience, whilst still being a game that can also be played in pubs. When this presentation is held, there will have been at least 200 installments of DJ Cone Yo’s online Discobingo, with over 5.000 participants on all 6 continents, all from a laptop on a nightstand next to my bed. It proved to be an event accessible to both Children as well as high-level employees of companies such as Deloitte, PWC, Gemeente Amsterdam, and then some. Please note that this will not be a presentation on any personal accomplishment with this event. Because let’s be honest: it’s a guy doing digital conga shuffles in front of the webcam. However, during the development of this activity I learned how to build up an https online radio server with Icecast2, created calculation models in excel to manufacture unique cards, optimized this data to supply me predictive data to rapidly check results, and created a way to supply participants with all information, including unique cards, whilst living up to GDPR-standards. With this presentation I’d like to provide some inspiration regarding how to develop each of these things without any knowledge of programming and using some of the most basic pieces of software. Also: share the joy of bingo math. There is an option to also do a shared evening activity. People can supply songs for an evening discobingo which can be played in multiple locations at the same time. So if there are any restrictions still set, the radio stream can be played in tents or in smaller groups, and everyone that wishes to join can receive a unique card and play along. In the spirit of the event, people can even submit their own prizes to the bingo as to share them with others at the festival. And on a personal note: After visiting SHA2017 back when I was working as a campaign strategist for Bits of Freedom (where I got to design campaigns such as the Rijksveiligheidsdienst) I have thought about how amazing it would be to do a presentation at one of these events. Back then, me and a few colleagues specifically enjoyed a presentation on “how to start an escape room”. Doing something along these lines and sharing insights gained from developing entertainment is something I am good at. about this event: https://program.mch2022.org/mch2022/talk/PQXR8Y/

Medical devices come in all shapes and sizes, and a great deal of them contain – or consist of – software. If they are faulty, they can kill. We’ll talk about different types and classes of medical devices, the regulations that try to ensure their safety and what all of this means for medical software projects. So you have a great idea for a medical product with software that will make the world a better place? It helps people to regain or improve their health, cope with a permanent condition or analyze their vital stats? That’s fantastic! What could possibly go wrong? History has shown that faults in medical devices can have disastrous consequences. Those products may cause severe injury, permanent damage, even death. In order to make sure that your product does not harm its users there is a bunch of regulations that you have to comply with. How does this affect your work? First we’ll take a look at where to find software in or around medical devices from embedded code to stand-alone sofware with AI. Then I’ll provide a few infamous examples of what went wrong (including a great talk about faulty software in pacemakers from CCC Camp 2019 – you know, that last great event before THE VIRUS). Then we’ll talk about the regulatory part, especially at the EU Medical Device Regulation and what it means for planning, implementing and maintaining software for medical products (my favourite topic: traceability. ;-) ). It’s also of interest for non-EU participants because many of the regulations are ISO-harmonized. about this event: https://program.mch2022.org/mch2022/talk/V77FEC/

E-signatures in your country are insecure. They have been hacked 10 years ago. Everyone knew that but no one wanted to talk about it since there is no easy fix. We decided to create a PoC and poke the government with it. This is a story on what happened. ⭐ PoCs included ⭐ Electronically signed documents were a great relief to organizing our daily life during the pandemic. They have actually been helping us for many years (depending on the country). It's been known for some time that **dynamic content + e-signatures = trouble**, but we were surprised that no one has really done anything about it. In 2021 we got tired of explaining the vulnerability each partner that sends in a vulnerable asice for signing, so we created multiple practical PoC that allow you to modify content of e-signed documents post-signing. Some of these PoC work against many countries. And there is PoC for every single country. - What is the actual impact? - Why is no-one fixing this? - Can we even fix it? - What are we gonna do about it then? about this event: https://program.mch2022.org/mch2022/talk/TW9ECH/

Ever wondered what happens behind the scenes when you click buy on that domain for a new side project that'll definitely happen (you will get to it eventually, right)? Well this is the talk for you! We'll cover all the extremely cursed details of how exactly one sells and manages a domain, the standards for this (or lack thereof), and some pointers for how you could get started managing your own domains directly, if you're not completely put off by this talk's contents. Back at the start of lockdown in 2020 I think we where all a bit bored at home with not much to do; well, me and a friend decided it would be a good idea to start a domain registrar (big mistake, big, huge). This is the tale of how that went, what we learn, and why you might not want to do it yourself. We'll cover the technical aspects of how a domain is actually managed by your registrar, touch on the absolutely crazy business structures of the domain world with the likes of ICANN and friends, and how we ended up in this situation. Some of the standards are extremely cursed, some are extremely old, most are both. We'll also cover more recent developments in the domain space, such as the move from WHOIS to RDAP, and improvements in DNSSEC deployment. And finally after all that if you decide that somehow this is something you want more of in your life we'll give some pointers for how one might setup their own registrar, especially if they want to take greater control of their own domains, or just have some fun. about this event: https://program.mch2022.org/mch2022/talk/RETGE7/

People have been modeling different parts of Earth's systems for decades, on different scales and with different goals from short term weather forecasting through actuarial risk prediction to long term climate models. In this talk I'll explore some of the typical models, methods, data formats, infrastructure layouts and design assumptions that go into such models, and discuss some low hanging fruit available to improve them. Earth is a pretty complicated system, consisting of numerous sub-systems operating at different time and energy scales. All the systems are strongly coupled. These include the atmosphere, oceans, freshwater, cryosphere and biosphere, all of which can be further subdivided by various schemes. The problems facing people trying to model these systems are numerous: there's a lot of data, all of it is bad, most of the code is written in Fortran, and all of it is horribly slow. To make matters worse, modeling Earth is computationally intractable without some simplifying assumptions. For instance, if your global grid for weather prediction has "pixels" that represent more than 16km², the physical parameterization can't "see" convection, so you miss most storms. And yet somehow people manage. In this talk, we'll start with a brief introduction to how some Earth systems work, describe some parameterizations, and then look at different free software/open source models operating under different domains, assumptions, and scales. Finally, we'll do a quick review of some of the many places where there is room for improvement. about this event: https://program.mch2022.org/mch2022/talk/TKTHUG/

A number of people have built wonderful and useful tools to make the life of KiCad users easier. cpresser and Kliment are here to give you a tour of a number of the most useful addons, and show you what they're good for and how they can improve your life. We will go through a number of tools that people have built into the KiCad ecosystem - you may have used some of them, but a surprising number of KiCad users aren't aware they exist. We're here to fix that. We'll show you how to make your boards have fancy labels, how to get an interactive assembly guide for your designs, how to easily pack a bunch of boards in a production panel, how to automatically generate footprints, how to make your PCBs fit the real world, how to not repeat your effort when making lots of the same circuit, and how to not make terrible mistakes and lose your work. It will be a wild tour, but you'll have much more fun with your PCB design work afterwards. about this event: https://program.mch2022.org/mch2022/talk/T8XRKC/

Warning (but don't be afraid): this talk contains an overarching theory of the workings of Internet governance (with an emphasis on human rights)! The rules of the road for the Internet infrastructure are designed in different governance bodies, such as the Internet Engineering Taskforce (IETF), the Internet Corporation for Assigned Names and Numbers (ICANN), and in Regional Internet Registries (RIRs). I will showcase how Internet governance institutions are tied together through 'the infrastructural norm of interconnection'. This concept helps explain how Internet governance works and why many social and legal norms, such as human rights and data protection, get resisted and subverted in the governance of the Internet infrastructure. This talk is the outcome of 6 years participation in and research of Internet governance institutions and processes, and is suitable for both issue matter experts and people who never heard of Internet governance before. The entanglement of the Internet with the daily practices of governments, companies, institutions, and individuals means that the processes that shape the Internet also shape society. For this talk, I studied the norms that shape the Internet’s underlying structure through its transnational governance. Norms are the ‘widely-accepted and internalised [sic] principles or codes of conduct that indicate what is deemed to be permitted, prohibited, or required of agents within a specific community’ (Erskine and Carr 2016, 87). Internet governance is the development, coordination, and implementation of policies, technologies, protocols, and standards. Internet governance produces a global and interoperable Internet functioning as a general-purpose communication network in transnational governance bodies. I examine four cases of norm conflict and evolution in three key Internet governance institutions: the Internet Engineering Taskforce (IETF); the Internet Corporation for Assigned Names and Numbers (ICANN); and the Réseaux IP Européens Network (RIPE). I show how social and legal norms evolve and are introduced, subverted, and resisted by participants in Internet governance processes with distinct and dynamic values and interests, in order to develop policies, technologies, and standards to produce an interconnected Internet. I leverage notions and insights from science and technology studies and international relations to illuminate how a sociotechnical imaginary—the combination of visions, symbols, and futures that exist in groups and society—architectural principles, and an entrenched norm function as instruments of metagovernance in the Internet infrastructure. This way, I demonstrate how a sociotechnical imaginary, values, and norms facilitate, instruct, and evaluate the norm setting processes in Internet governance. This talk is empirically grounded in the analysis of mailing lists; technical documents; policy documents; interviews and the extensive observation of governance meetings. I have operationalized this analysis using the following methods: quantitative descriptive analysis; network analysis; quantitative and qualitative discourse analysis, as well as in participant observation, including semi-structured interviews and ethnographic probes. The aim of this talk is to show how Internet governance happening in multistakeholder bodies, what I call private Internet governance, solely functions to increase interconnection between independent networks. In this process, the introduction of social and legal norms—such as human rights principles and data protection regulations that might hamper increased interconnection—is resisted by significantly represented stakeholders in the process. Ultimately, I argue that while the sociotechnical imaginary and architectural principles serve to legitimize this governance ordering, the entrenched norm, what I call the infrastructural norm that transcends singular institutions, guides the distributed private governance regime. The infrastructural norm of voluntary interconnection plays an instructing and evaluating role in the process of norm development and evolution in private Internet governance. The infrastructural norm is embedded in its institutional configuration, technological materiality, economical incentives, and supranational interest, and ties the private Internet governance regime together. In conclusion, I posit that the private Internet governance regime is designed and optimized for the narrow and limited role of increasing interconnection. As a result, the governance regime resists aligning Internet infrastructure with social or legal norms that might limit or hamper increasing interconnection. about this event: https://program.mch2022.org/mch2022/talk/GUVANG/

In March 2022 the Global NOG Alliance (GNA) started the Keep Ukraine Connected task force to help network operators in Ukraine during and after the invasion. These are our experiences. A simple idea turned into an interesting logistics puzzle with a steep learning curve into customs rules. What started as a simple idea ("Our goal is to help network operator groups, I'm sure there is more that we can do than hosting their websites and email when there is a war going on) turned into a global aid campaign. We have shipped a truck full of network equipment to Ukraine, and that was only a tiny part. Many companies and individuals from around the world have donated money, hardware and software to help the Ukrainian network operators. Everything from WiFi access points and PoE switches to be used in the bomb shelters to full-rack core routers for rebuilding their infrastructure. In the end the logistics are the hardest part. Finding warehouses to temporarily store the donated hardware to getting help shipping equipment across borders and through complicated customs rules (network devices are dual-use goods, and convincing customs officers that a truck full of gear qualifies as humanitarian aid can be a challenge…) about this event: https://program.mch2022.org/mch2022/talk/QUFG7J/

A multi-disciplinary lecture and follow up discussion about sustainability from the hacker perspective. It will combine the state of the art scientific knowledge and evidence with observations on the cultural dynamics of the hacker community. It is the continuation of the series started at OHM 2013, SH2017, Balccon 2019 and Bornhack 2019 Climate change, habitat and biodiversity loss, environmental pollution and other consequences of the current globalized society are here to stay and will get worse in the near future. In this talk, we will explore the known, expected and possible technical, environmental, social, economic and political changes that we will be facing in the next decades. This talk will approach the problem from the hacker / maker perspective. What can and will the impacts be on technology, privacy, communication, openness, communities and most important of all, Aliexpress shipments? What can we, as the hacker community, do to prepare ourselves and the communities around us to be robust and resilient to those changes? What can we do to reverse the course of these changes? Do not expect a prepper talk (okay, just a tiny bit), but rather a discussion based on empirical observations and scientific insights from a wide variety of academic disciplines. After the lecture a informal discussion session will be organized. about this event: https://program.mch2022.org/mch2022/talk/U8AEE9/

Most security implementations leak information, mechanical security is no different. It takes sharp eyes, a soft touch, and a good hearing to distinguish between information and noise. In this talk we will go in depth on how locks works, and how we can persuade them to disclose their secrets, and open them without damage. The Open Organization of Lockpickers (Toool) is a group of nerds obsessed with mechanical security. We create, collect, take apart, discuss, and attempt to defeat locks. While we are known for lockpicking, there are many other techniques for opening locks without damage. This talk will focus on the language of the locks, the side channels in mechanical security systems. We will start with binding order, the mechanism to isolate the locking elements, and exploit them one by one. Then we will discuss a wide variety of other methods of gathering information and opening locks. Most of these methods are not practical, but working them out gives us great joy, and we would like to share the highlights with you. about this event: https://program.mch2022.org/mch2022/talk/ACWT8Y/

Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack of a definitive link between most DNA mutations and any effect * Could you hack your DNA? Will people start doing this? * Should we try to stop them? * Wild speculation on what this might mean for the future The goal of this presentation is to provide real non-hyped information on what DNA editing is and what it might achieve. And since we are hackers, I hope to explain how a hackerspace could start reading DNA right now with USB-powered hardware. And finally, since no hacker can resist tinkering: could you hack your own genome, or your cat's, or improve on your favorite plant? Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack of a definitive link between most DNA mutations and any effect * Could you hack your DNA? Will people start doing this? * Should we try to stop them? * Wild speculation on what this might mean for the future The goal of this presentation is to provide real non-hyped information on what DNA editing is and what it might achieve. And since we are hackers, I hope to explain how a hackerspace could start reading DNA right now with USB-powered hardware. And finally, since no hacker can resist tinkering: could you hack your own genome, or your cat's, or improve on your favorite plant? about this event: https://program.mch2022.org/mch2022/talk/Y898KK/

Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a way that doesn't compromise the anonymity of anyone (except the attacker, of course) and doing so with a reliable result where poisoning and false positives are almost impossible. Too good to be true? Come by and judge for yourself! The objective with the talk is to inspire the audience to understand why the world needs to think differently towards the threats of cyberattacks from criminals and which advantages it has when you’re really utilizing the power of the crowd. Basically we’ve been doing it wrong until now by thinking that all the world’s problems can be solved by throwing money at them. Guess what: They can’t. Defending against hackers is a full time, complex task that requires a lot of complex tasks to be carried out in the same order and same way every time to be effective. That’s difficult to do so in order to make it more doable we should try working together. CrowdSec is FOSS software that does exactly this by enabling users to share information about current attacks by parsing log files and sharing basic information (anonymously) about the attack (source ip, timestamp, IoC) with the crowd. CrowdSec could be perceived as a modern form of Fail2ban, though for Cloud and container-based infrastructure as well and capable of taking way more advanced decisions a lot faster. Mainly, it’s using a decoupled and distributed approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML & Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like files, syslogd, journald, AWS Cloudwatch and Kinesis, Docker logs and Windows Event Log, normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution and ressource conservative. To make sure signals are generally trustworthy we’ve implemented a reputation engine. Not only don’t we want any false positives - we also don’t want data to be poisoned. This is taken care of by a trust-ranking system where we assign a trust to each agent that will grow over time as the agent provides reliable signals. In this process both persistence and consistency is taken into account. In this process both persistence and consistency is taken into account. When an ip is voted for, it needs a certain amount of points based on the trust rank of each agent that has reported the ip. This system makes it expensive to poison collected data. Not only does it take a long time to reach a trust rank that makes any real difference - also diversity of AS NNumbers are being taken into account as well. The outcome of this is a reliable blocklist that’s constantly redistributed to network members in order to achieve a form of digital herd immunity. An ip caught aggressing WordPress sites will quickly be banned by all members who subscribed to the WordPress defense collection. While CrowdSec is in charge of the detection, the reaction is performed by “bouncers” that aim to be deployable at any level of the applicative / infrastructure stack : via nftables/iptables/pf based on an IP set via nginx/openresty LUA scripting via a Wordpress plugin via a general PHP/Python/JS bouncer that works with all applications written in those languages on Cloudflare or Fastly via our bouncer that integrates with the provider’s API on AWS WAF via our bouncer that integrates with AWS’ API. .. or in many other ways. Over time the possibilities will increase as the application design basically supports anything. Bouncers can enforce several types of remediations, like blocking, sending a captcha, notifying, lowering rights, speed, sending a 2FA request, etc. This approach, combined with a declarative configuration and a stateless behavior, makes it an efficient tool to enhance the security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures). We are committed to building a strong community, with all that it implies : a public hub to find, share and amend parsers, scenarios, and blockers permissive open-source license (MIT) to stay business-friendly and overall a strong commitment to transparency and community-first mentality, by tooling and behavior In my talk I will dig into the technical nitty-gritty part of CrowdSec, the architecture and concepts and focus specifically on how we managed to collect data from live Log4J exploitation attempts using the crow

Thanks to DNSSEC and DANE, it is possible to automatically verify [email protected] identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs. For clients, being able to control an online identity is not just a cool matter of adding their domain name at the end. It also means that they control how long the identity exists, if it is an alias, if it can be a group account with members that they control. (We made identity and access control libraries to support all that, along with identities that are only usable until a timeout, from a certain remote domain, under a particular communication topic, and so on.) For servers, being able to authenticate users from any domain is an answer to many questions that otherwise stagnate: * Why does every HTTP server want us to create an account under its domain, instead of letting us use our own? * Why do we constantly need to confirm our email address by clicking links? * Why not authenticate SMTP senders and subject others to the most stringent spam filtering? * Why not publish a mailing list archive in IMAP, available only to subscribers and searchable with their own tooling? * Why not use AMQP as an automation-friendly document push protocol with authenticated senders for form submission, bill processing, blog publications, document archiving, ... * Why not share your MQTT dataflow with external parties, so they don't need to keep a web page open to be notified about, say, a newly posted document? * Why not share your PGP keys and contact information in your own LDAP directory but with access control to decide who may see what? All these questions stagnate on problems like *You would need to have accounts for all users in the World*. So that is what we solved in this project. This project expands the usefulness of many protocols by changing the way their implementations handle authentication; instead of local accounts, they follow a backlink to the client's domain. We designed and built the extensions needed for the backend, and made a few first implementations. We are hoping to show the usefulness of adopting these ideas in your own tooling. We present a number of generic mechanisms for Realm Crossover: 1. SASL tokens can be relayed to a Diameter server under the domain.name; 2. Kerberos supports Realm Crossover, and a keying handshake can do this on-demand; 3. X.509 certificates and PGP keys can be assured with DANE-akin structures for clients or by a lookup in an LDAP server for domain.name. For each, some form of domain-owned identity provider is run to assert identity when an external service needs it. The level of security is a matter of the user and their domain.name; an external service should not have to force down the security level of the client's domain. These three Realm Crossover mechanisms cover the majority of application protocols, the notable exceptions being the oldest ones, like Telnet, FTP and HTTP. Specifically for HTTP, we have defined an authentication mechanism that adds SASL; this means that new security mechanisms can be defined in SASL, where it benefits many protocols; it also means that authentication shifts from the HTTP application to the server, where the coding environment is better suited for such responsibilities. We end with a demo, showcasing a useful authentication flow: * Client desktop, with FireFox and a HTTP-SASL plugin * Server domain, running Apache with HTTP-SASL module under an independent domain * Server identity client, using Diameter to relay SASL to the Client Domain * Client Domain, running an identity provider with SASL over Diameter about this event: https://program.mch2022.org/mch2022/talk/NMNWQB/

This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of yourself. Some inventions are so good that they change the world. When a new innovation is useful enough, we no longer want to live without it – and once a technology is practical enough, it soon becomes compulsory. Electrical networks are a good example of this. While it is hard to imagine modern life without electricity, electrical networks are a fairly recent invention. Nowadays, a power outage brings everything to a halt. If an outage is extensive, not only homes will be affected – shops and factories also close. Once these networks are down, society will be offline. Modern society could only last for a few days in a complete power outage. If the Internet were to fail, the impacts would be much less dramatic. Society would not stop during a network outage. Factories would continue to operate. Information would flow via TV antennas and FM radio. Of course, work would be much more difficult without network connections. Most monetary transactions would also cease. In a nutshell, internet outages are expensive, but they don't kill people. I predict that, before long, the information network and electrical network will be equally important to our society. Before long, much like a power outage, a network outage will bring life to a halt. In fact, before long, a network outage will also mean a power outage. Electrical networks have been highly beneficial, but we have become highly dependent on them. The same is now happening in relation to information networks. The electrical network needs the information network to work, and vice versa. Technological development is changing our society in a fundamental way. This dependency is happening on our watch. about this event: https://program.mch2022.org/mch2022/talk/R9LCYW/

Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public. This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment. Passcrow is a system for community-assisted secure “password escrow”, making it possible to recover from forgetting or losing a key, password or passphrase. Born out of a desire to make strong encryption easier (and safer!) to use for less technical users, the project is in an early stage of development - but code has been published and the system is usable today. Passcrow is many things: there is an underlying protocol, basic user experience guidelines, a client library for integration with other (Python) apps, an HTTP API server, and a command-line tool for making use of the system by hand. Potential applications include password managers, secure messengers, general purpose encryption tools (including OpenPGP and hard drive encryption) and cryptocurrency wallets. In this talk, I will discuss the motivation and rationale for the project, demonstrate how the system works and talk about some of the challenges and design decisions we have seen so far. The purpose of this talk is to solicit feedback and participation from the community; if you are interested in the subject, please come find me afterwards (my base at MCH will be The Quarantine Arms village) and let's have a chat! If you miss the talk, you can read about it at www.passcrow.org. Passcrow is a spin-off from Mailpile (www.mailpile.is), the secure e-mail client. Passcrow is inspired by Mailpile's experience attempting to make e-mail encryption more usable for less technical users, and will be used in future versions of the app. about this event: https://program.mch2022.org/mch2022/talk/GMA8VX/

Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki. Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki. about this event: https://program.mch2022.org/mch2022/talk/G9ZWRZ/

What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has created for them. The performers draw inspiration from one of the most important stories about penance: the crucifixion. They want to find out exactly who or what should be nailed to the cross, and what the world might look like after a resurrection.Taking the St Matthew Passion as a starting point, both for the valuable lessons as well as musical inspiration. Armed with Bachst’ St Matthew Passion and synthesizers we will look for a new way of dealing with big tech. SETUP (Utrecht) is a media lab exploring the day-to-day future of technology. Using a critical yet humorous perspective, SETUP translates complex themes into more tangible ideas for everyone. In 2021, SETUP asked several artists to offer new perspectives on penance and forgiveness for big tech, using the St Matthew Passion. A composed group consisting of multidisciplinary theater collective de Transmissie and musician Rodrigo Ferreira came to a stunning result, with live performances from Theater Kikker and Pakhuis de Zwijger in April 2021. The new performance in 2022 is the next step in this research. about this event: https://program.mch2022.org/mch2022/talk/DEJQME/

⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party? This talk serves as an introduction to the camp. It tells how the camp works, what new features are being released, how to participate and what to be aware of. During this talk there will be some audio-trickery in the Abacus stage which can not be relayed to the recording or via the stream. As we cannot film audience reactions, know that it will be more epic than the final battle scene of LOTR. In all seriousness: there are absolutely stunning new additions to the camp. I'm have to write at least 5 about this event: https://program.mch2022.org/mch2022/talk/JBNXAX/

Ich möchte einen Workshop organisieren! Aber wie? In diesem Petit Foo stelle ich verschiedene Möglichkeiten vor um einen Workshop zu organisieren und gebe Tipps worauf man bei der Durchführung achten sollte. about this event: https://www.chaospott.de

Ein Spiel, das zeigt, wie viel im Leben auf Glück basiert about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/WFAAQJ/

Eine App, die reisen leichter macht about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/EGUGBQ/

Die datenschutzsichere Sicherheitskamera about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/RQ9FHA/

Pflanzen spielerisch kennenlernen about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/CASDPC/

Der angenehmste Wecker der Welt about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/YDFDRD/

Webseite, auf der Schulbücher, Aufgaben und alles weitere gesammelt werden about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/Z9SF39/

Plattform, auf der Schüler*innen gesammelt Fragen stellen und beantworten können about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/FNMTT9/

Eine Einkauflisten-App, die gemeinsam verwaltet werden kann about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/Z3ZNNF/

Eine Drone, die in Krisengebieten helfen kann. about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/XVAL9H/

Alle Projekte werden auf der großen Bühne vorgestellt. about this event: https://pretalx.c3voc.de/jugend-hackt-rhein-neckar-2022/talk/X8EDHQ/

Der CCC wird am 27. August einen "Tag des offenen Hackerspaces" durchführen, für den sich neben uns mittlerweile 65 Hackerspaces angemeldet haben. In diesem Petit Foo möchte ich euch den Tag des offenen Hackerspaces vorstellen, erklären, was sich dahinter verbirgt und was euch dort erwartet. about this event: https://www.chaospott.de

<p>The concept of MedEvac has been historically proven to be a functional relief mechanism in medical emergencies, natural disasters, crisis situations and wars. However, it is usually a very costly, risky mission that requires the deployment of highly trained staff, impeccable operational plans as well as flawless communication and teamwork.</p><p>Today we are going to speak with Michail Liontiris, part of the CADUS Ukraine Emergency Response Team, about what MedEvac is basically about, its roots, its challenges and how they can be potentially overcome. Last but not least, we will debate on the ethical considerations of a MedEvac project: How do I perceive myself when saving patients and injured people? Who am I supposed to take and who am I supposed to leave behind? What are the limits of my capacities? How much am I allowed to risk my team’s and my own safety to carry out a mission successfully?</p> about this event: https://cadus.org/debate