
Chaos Computer Club - archive feed
14,494 episodes — Page 76 of 290
None: a story of data that isn't there (sotm2022)
Understanding the limitations of data is hard. Some tags are missing, and some tend to be present only when others are. Is the missing tag saying something, is it just unknown? When tags take yes/no values, is a missing tag an implicit "no", maybe the tag "does not apply", or something else…? This talk doesn’t have answers. It’s the journey we took through an investigation of road data in London. What we found, what we think about what we found, and ideas of things to compute and visualise, before performing an analysis - or to decide if the data is just not suitable for this analysis. about this event: https://2022.stateofthemap.org/sessions/HZUFPQ/
Innovating on derivative OpenStreetMap datasets (sotm2022)
OpenStreetMap consists of tagged nodes, ways and relations. Many use cases of geographic data, however, need a tabular dataset of points, lines and polygons. Processing OSM into derivative datasets is a crucial task that can benefit from new tools and formats. This talk will cover several topics around this theme, including: * Existing approaches such as the Export Tool * Why FlatGeobuf is a suitable forwards-thinking format * Computational challenges for processing global-scale relations * A new open-source program, Protoshapes, to generate admin polygons in FlatGeobuf format * Efficient approaches for global datasets such as coastlines, oceans, and road connectivity * Frequently updating datasets using the open-source OSM Express database about this event: https://2022.stateofthemap.org/sessions/VXECJQ/
Lightning talks I (sotm2022)
Lightning talks ## AddressForAll Institute _by Thierry Jean_ ## ImproveOSM new data dumps _by Beata Tautan-Jancso_ The ImproveOSM platform is a suite of tools to share various mapping tasks containing potentially missing one-way tags, turn restrictions, and roads from the OpenStreetMap. The ImproveOSM data is also available as frequent data dumps in CSV format. ## Geohash plugin _by Beata Tautan-Jancso, Nicoleta Viregan_ Geohash is a plugin available in the JOSM tool, which comes to be handy for some of you who work in precise areas based on geohash units. The plugin displays a layer of grids on top of the map layer. In addition to the visualization feature, the plugin offers extra functionalities, and this talk aims to emphasize the diverse usages of this tool. about this event: https://2022.stateofthemap.org/sessions/ZVLDMZ/
usability testing with three people - how to discover why mappers are confused by your software (sotm2022)
Usability testing can be done without hordes of users to observe, in fact just three people is likely to give very useful hints. And it is almost certainly more useful than expected, and your software is likely not as good as you expect. This is based on my experience with using user testing while developing StreetComplete. about this event: https://2022.stateofthemap.org/sessions/EHZQXV/
Admin Boundary Conflation Tool (sotm2022)
Boundary conflation is a sensitive and difficult problem to solve. When administrative boundary data is available from authoritative sources for OSM, it is imperative that we have the ability to analyze boundaries for import and deduce if conflation with OSM ways can be done hopefully in a semi-automatic fashion. "Admin Boundary Conflation" is a special-purpose tool made for the purpose and this talk will introduce the workings of the tool to the audience along with the various output statistics available during the process. Currently, the tool is utilized for reporting geometric area differences of 0.01% in the 99th percentile of 5000 municipalities in Serbia within 20 minutes. about this event: https://2022.stateofthemap.org/sessions/HGFY7Z/
OSM Carto as vector tiles (sotm2022)
Presentation of the work we've done to adapt the OSM Carto style to vector tiles. We will take you through the making-of the cartography, step by step, scale by scale. Available on MapTiler Cloud (https://cloud.maptiler.com/maps/openstreetmap/), the style will be integrated into the next version of the OpenMapTiles project. We will also show you how to use this style in QGIS and how to display it on 3D maps with MapLibre. about this event: https://2022.stateofthemap.org/sessions/3EREXZ/
Entry-level Mobile Mapping (sotm2022)
By 2025, HOT aims that communities in 94 countries vulnerable to disaster or experiencing multidimensional poverty are equipped and able to map the locations where they live and work. We believe that accessible mobile mapping tools are key to this effort. Since I started working for HOT in January 2022, I have done informal interviews, observations, focus groups and experiments with more than 100 regional users, primarily in East Africa, looking at the accessibility of current OSM mobile editing tools. Sharing this research with the wider community will help everyone build technology that fits the needs on the ground. For 3 months, with the support of OpenMap Development Tanzania (OMDTZ) and the State University of Zanzibar (SUZA) Youth Mappers, I did a variety of informal interviews, observations, focus groups, and experiments with individuals and local OpenMapping organizations, primarily in East Africa. My research included professional data collection campaigns, as well as entry-level community members whose first encounter of OSM was during one of my workshops. While the majority of my research focused on 5 main Open Source applications that are already in widespread use (StreetComplete, OsmAnd, Organic Maps, Vespucci & ODK Collect), many of the insights gained from this research, including data about hardware availability and current phone use, are applicable to anyone building mapping tools, especially those that will be used in low-resource environments. The HOT _tech team aims to do more than just talk. Analysis of the research will be followed by specific suggestions for those doing mobile OSM mapping, especially at the entry-level, as well as technical proposals for tooling improvement. We will be working with the existing OSM ecosystem to design and implement these proposals in a way that is inclusive and sustainable. Feedback is most welcome. about this event: https://2022.stateofthemap.org/sessions/UWHAME/
10 Years Of MapRoulette (sotm2022)
MapRoulette was first announced at State of the Map US in 2012 as a tool to solve the many errors introduced by the import of TIGER road data in the United States. Since then, MapRoulette has been used for map improvements and guided data imports around the world. In this talk, MapRoulette creator Martijn van Exel will look at some of the achievements, lessons learned, and the evolution from a single purpose tool to a micro-tasking platform. [MapRoulette](https://maproulette.org), the open source web-based micro-tasking platform for OSM, was first announced at State of the Map US in 2012 as a tool to solve the many errors introduced by the [import of TIGER road data](https://wiki.openstreetmap.org/wiki/TIGER) in the United States. After a successful and quick cleanup of over 60.000 common problems found in the TIGER data, it was clear that the idea of a micro-tasking tool was worth developing further. Over the years, MapRoulette gained a lot of functionality while staying true to its original goal: supplying the OSM communuty with quick, easy to solve tasks that help fix or improve the map. Nowadays, anyone can create tasks [using Overpass](https://learn.maproulette.org/documentation/using-overpass-to-create-challenges/#content) or GeoJSON, there are [new task types](https://learn.maproulette.org/documentation/creating-cooperative-challenges/#content) that make fixing problems in OSM even easier, and there is support for working in teams. In this talk, MapRoulette creator Martijn van Exel will look at some of the accomplishments and lessons learned in 10 years of MapRoulette, and highlight some interesting uses of MapRoulette over the years. If time allows, he will also show some of the newer functionality that may not be as well known even to experienced users. about this event: https://2022.stateofthemap.org/sessions/RRUH8S/
State of Independence (sotm2022)
OpenStreetMap is the human-made map of the world. But how can one tiny human still make a difference in a project used by megacorps and crucial to millions of app and website users every day? How does OSM retain its individualism in a world that wants it to be consistent, orderly and predictable? Is it game over for the experimental, iconoclastic, independent map? Richard Fairhurst offers a challenging but upbeat look at the changing landscape for the OpenStreetMap mapper, user and developer. 2004: A crazy hobby project. One street mapped. One small mailing list. 2013: Edited by thousands every day. Beloved by hobbyists. Trialled by a few adventurous companies. 2022: The world's map. Worth billions. Used by everyone. What happened? Is there still a place for the individual in OSM, as mapper, user, or developer? How do you build with OSM when your competitors have free money on tap? Can OSM retain its iconoclasm and individualism when the Silicon Valley behemoths are involved? Richard Fairhurst is still as idealistic as in 2004 (but maybe a little calmer) and thinks that corporate OSM and independent OSM can co-exist, and better still, benefit from each other. In a wide-ranging, rollicking and occasionally factually accurate talk, he'll look at the OpenStreetMap economy in 2022 and how individuals can still make a difference. Expect: the secretive Kindred of the Kibbo Kift, situationists, books about pubs, bouncing phones. about this event: https://2022.stateofthemap.org/sessions/URUJH8/
Opening Session (sotm2022)
The opening session of the State of the Map 2022 conference. about this event: https://2022.stateofthemap.org/sessions/QFUTA7/
Denial of Service (petitfoo)
In diesem Petit Foo geht es um eine häufige und bekannte Hacking-Technik: Denial of Service (DoS) Angriffe. Ich werde erklären was Denial of Service bedeutet und was ein Angreifer damit erreichen kann. Außerdem werde ich zeigen, welche Abwehrmechanismen existieren. about this event: https://www.chaospott.de
Photorec (petitfoo)
Hilfe, ich habe eine wichtige Datei gelöscht! Oh nein, meine SD-Karte mit den Fotos ist nicht mehr lesbar! In diesem Petit Foo stelle ich das Tool Photorec vor mit dem man gelöschte Dateien wiederherstellen kann und gebe Tipps zur Verwendung. about this event: https://www.chaospott.de
Goodbye World (bornhack2022)
BornHack 2022 is almost over at this point. We would like to say farewell for now and see you again at the next event in 2023. We will walk over what we believe has worked and what we believe should change the next event. This is an excellent opportunity to submit ideas for BornHack 2023 while the memories are still fresh. about this event: https://c3voc.de
Quality and Flow at Scale (bornhack2022)
Most companies struggle with implementing DevOps culture, and end up with creating yet another silo and naming it DevOps instead, where all the brightest operations people with infrastructure skills go. But going from the obvious anti pattern, that a DevOps silo is, to something better is a journey and not something most organisations manage to do quickly if at all. I'd like to take you through the journey that Universal Robots has had, and explaining step by step what the challenges are, both technical and engineering related. Furthermore I'd like to show a few examples of tooling in the robotic world, where cloud native and Kubernetes are not always available, as well as point to areas where robotics is "just software like the rest". The talk deals with different archetypes and anti patterns of DevOps, and ends up with how to scale the DevOps setup, onboard management and give them their beloved governance in a way that a developer can stand it. about this event: https://c3voc.de
State of the Network (bornhack2022)
Come and meet the network team who will talk about the design and operation of the network at BornHack. about this event: https://c3voc.de
pyjam.as: How we used all the bandwidth (bornhack2022)
On the last night of bornhack 2021, the NOC team challenged pyjam.as to exhaust the bornhack uplink with useful activity. This talk is about the succeess or failure of our efforts to do so. about this event: https://c3voc.de
State of the Game (bornhack2022)
The BornHack game team will talk about our experiences at this years BornHack and show some stats of our game events. ¯\_(ツ)_/¯ ffwf863YbZaxXSP about this event: https://c3voc.de
Modernizing the Tor Ecosystem (bornhack2022)
In this presentation, we will be updating the audience on the ongoing modernization efforts of the software developed inside The Tor Project -- the organization behind the most widely deployed anonymity network on this planet. We will look at upcoming features and changes to the core technology that drives the Tor network and why a Browser may no longer be the only product we have to provide for the user-base that is so crucial in need of Tor's anonymity properties for safe internet access. The Tor ecosystem is currently going through a more extensive modernization phase where we are simplifying our goals slightly to make space for larger projects that we find necessary. This work includes implementing a new, more memory-safe Tor implementation in the Rust programming language named Arti. This work will make it easier for application developers to integrate their applications and benefit from the safety features that Tor can provide. Additionally, we will talk about some recent or upcoming changes to the network: - Give a status update on deploying modern congestion control algorithms in the Tor network. This work should significantly enhance the performance barrier that most Tor users experience. - The roadmap towards UDP support in the client and relay software. This work should allow more modern use-cases of the Tor software such as voice and video communication, WebRTC, and other protocols that leverage datagram-based data transfer. - Move to more modern cryptography in Tor's protocols, including support for Post-quantum cryptography and why this is needed. - Allowing Tor users to access the network using a VPN-like tunneling mechanism as an alternative to simply web-browsing and other socks5 enabled applications. about this event: https://c3voc.de
Getting Started in Network and Security (bornhack2022)
I have for a few decades worked in networking and security, and everything seems to have grown. I will try to lay out a path for people who wants to get into networking and security, with some references to pentesting, software security, and related areas. Where to start and which skills you should start learning. I will use my existing courses as a guide. These are taught as part of the of the Diploma in IT Security at KEA Kompetence https://kompetence.kea.dk/uddannelser/it/diplom-i-it-sikkerhed Note: I will reference book resources, but if you are on a tight budget lots of other resources may be used instead. Related links: https://zencurity.gitbook.io/kea-it-sikkerhed/ lecture plans and book references https://github.com/kramse/security-courses all my training and educational materials, including exercises booklets with small exercises that you can do with virtual machines like Debian and Kali Linux using lots of open source tools. about this event: https://c3voc.de
Blinkenlights, friend or foe: A history of side channel attacks through the ages (bornhack2022)
Hacker, Security Specialist @ WithSecure, Climber and CTF Player with too much DevSecOps knowledge. about this event: https://c3voc.de
Exploring the Degrees of Freedom in Designing Interactive Fiction (bornhack2022)
I have had an interest in the overarching area of interactive fiction (IF) for many years. IF covers such diverse areas as: - text adventure games, - choose-your-own-adventure books, - visual novels, - multi-user dungeons, and - textual elements in mainstream games, such as dialogue trees. I would like to make my own text-based game, so for this talk I want to explore the design space of IF in order to figure out what kind of game I'll be making. IF has been popular for over 50 years and is still being actively created. As such, much has been written about it, and I won't be able to cover even close to everything. I'll start off by giving a basic overview, but most of the talk will concern itself with the specific subtopics of IF that I have found to be especially interesting and open to fun experiments. It'll be like thinking aloud, except hopefully better structured. Fun subtopics include: - The ease of iterative development: Everything is text, so it's easy to change major elements or restructure parts of a game. - The possibilities of multi-player storycrafting: Assuming the end goal is to create a fulfilling story for multiple people playing the same game, what are the different ways of harnessing the creative output of more than one person in a structured way? - Simulated world vs. static graph of choices (and everything in-between): The underlying technology should not matter to the user enjoying a piece of IF, but the underlying model for your IF is likely to affect your design choices in other parts of your game. Where does a good compromise lie? - Computer-assisted narratives: You don't have to write a story on your own — you can also ask a computer to do that. That can be fun in itself, but there is also a middle road where you're still the main author, but maybe use a computer tool to aid you in exploring plots and character traits. - Ideas of IF that can also be applied to non-interactive fiction: The normal representation of an ordinary book is (essentially) a list of sentences, where each sentence describe something in the world. What other IF-inspired representations could be used, and how can we guarantee that we can encode narrative goals that can be fulfilled by our story? On the practical side of things I'll touch upon a few existing IF systems that I think are interesting, but the main focus will be on whatever small experiments I have coded myself. Who knows, maybe this talk itself will also contain interactive choices that you, the audience, need to make... about this event: https://c3voc.de
EU digital legislation in the 2020's: The Good, the Bad and the Ugly (bornhack2022)
Digital regulation starts in the EU - both at a global level and in the EU. So what has the European legislators been up to and what can we expect for remainder of the mandate of the Commission and Parliament. about this event: https://c3voc.de
Tandoor: cooking recipe management, meal plan and shopping list (bornhack2022)
Tandoor makes it easy to import your favorite recipes found on the various food blogs of the internet. Once you have imported all the things, you can apply your own modifications, and maybe switch out exotic foods/oils with something common that you prefer. What you can then do is use the recipes to create a meal-plan, and from that create a shopping list. In the talk I will do a demo of the various features of Tandoor. www: https://tandoor.dev code: https://github.com/TandoorRecipes/recipes about this event: https://c3voc.de
What the f**k is WTF eG (bornhack2022)
In 2021 we founded the WTF eG a coop company in Germany. It is a company which is owned by its members and each member has one vote. The goal is to economically empower hackers and members of the chaos community. The goal is to build an "operating system" from easy economic interaction from collection small donation to build virtual teams/company. Over the past 1.5 years, we have created many processes and software to achieve these goals, but more needs to be done. In this talk you will learn a little about coops, Germanies broken systems, what the basic idea was, how it is going, what our numbers are and what we can offer today and tomorrow. about this event: https://c3voc.de
Pizzanalysis: Insights from scraped menus (bornhack2022)
Using scraped restaurant menus, we bust pizza hypothesis and shed light on economic purchasing power using the Margherita index, ingredient embeddings using pizza2vec, and optimizing pizza purchases using linear programming. about this event: https://c3voc.de
roundworm: A simple frontend for browsing pictures and videos stored in S3 storage (bornhack2022)
I am bad at keeping disks alive over a long period. As such, I have elected to put my collection of personal photos and videos up in the cloud This works fine, but sometimes it's useful to be able to share a photo gallery with friends and family with a simple link to a website. Many solutions to this exist, but most of them seem bloated. I have created a simple S3 media browser with all configuration stored in a single declarative file. It supports useful degrees of authentication (I think) and thumbnails. In this talk I'll show how it works and some examples of configuring it. See https://github.com/nqpz/roundworm for the code. about this event: https://c3voc.de
data.coop (bornhack2022)
A brief overview of the cooperative data.coop. A data storage community with our own hardware. We will talk about the last year, how we have evolved and look a bit at our tech stack and our organization structure. There is a meetup later in the day, where you can come and talk to us and get involved :D about this event: https://c3voc.de
de-pwned! With Upgrades (bornhack2022)
read in the voice of The Movie-Trailer-Guy In 2019 - with the help of the pwned-passwords list of Troy Hunt - we closed the tap on getting bad passwords into our IDM-database. Now, it's 2022 and we're back with an all new invention: Getting rid of bad passwords already in the database! imagine explosion about this event: https://c3voc.de
Nørrebro.space: a hyper-local mastodon instance (bornhack2022)
Nørrebro.space is a fun-sized Mastodon (decentralized social media) instance. I tell the story of how and why I decided to start a Mastodon instance, my experiences running the place, and how the Mastodon scene has grown over the past couplle of years. about this event: https://c3voc.de
FE/NSA: Skal vi fortsat have kabelsamarbejde med USA? (bornhack2022)
This event is a Panel Discussion in Danish. Danmark har angiveligt haft et meget direkte samarbejde mellem FE og NSA, fremover kaldet FENSA, omkring aflytning af datakabler i Danmark, efter aftale med daværende Statsminister Poul Nyrup Rasmusssen. En tidligere forsvarsminister har bekræftet og er nu anklaget for at have røbet statshemmeligheder og tidligere chef for FE; Lars Findsen anklages for det samme. Men hvad var det egentlig, der fik sendt cheferne for PET og FE hjem? Og skal vi virkelig dele vores rå data med USA? Og hvorfor taler vi ikke mere om den del af sagen? Det vil vi gerne diskutere med Bo Elkjær, journalist, Poul-Henning Kamp, debatør, Peter Kofod, aktivist og Peter Christian Bech-Nielsen, chefredaktør. Debatten modereres af Anders Kjærulff. about this event: https://c3voc.de
The NSA-files: How two danish journalists opened up Echelon (bornhack2022)
Global interception is not only aimed at terrorists and dictators. It is targeting everyone. Since World War II, the technology to carry out mass interception and surveillance has grown steadily. In the late 90s, it came into global focus with the revelations of the UKUSA collaboration and the Echelon scandal. Journalists uncovered the stories based on open and closed sources and on a number of whistleblowers - several years before Edward Snowden stepped forward. about this event: https://c3voc.de
Techgiganters datacentre i Danmark - Godt eller skidt for det digitale Danmark? (bornhack2022)
This event is a Panel Discussion in Danish. Der er ved at blive etableret flere datacentre i Denmark af techgiganter, men hvilker fordele og ulemper ser vi for Danmark i den forbindelse? Det vil vi gerne diskutere med Lisbeth Bech-Nielsen, politiker, Poul-Henning Kamp, debatør, Peter Kofod, aktivist, Henning Mortensen, formand for Rådet for Digital Sikkerhed og Peter Christian Bech-Nielsen, chefredaktør. Ole Kjeldsen, teknologi- og sikkerhedsdirektør hos Microsoft Danmark har desværre meldt afbud, men Tobias Fonsmark har meldt sin ankomst. Debatten modereres af Anders Kjærulff. about this event: https://c3voc.de
Tvangsdigitalisering i velfærdsDanmark og cloud (bornhack2022)
Presentation in Danish from the Danish MP Lisbeth Bech-Nielsen about this event: https://c3voc.de
Introduktion til privacy, GDPR og tredjelandsoverførsler (bornhack2022)
This talk is in Danish. I dette oplæg får du en introduktion til, hvorfor det er vigtigt at beskytte privatlivets fred. Desuden får du en oversigt over reglerne i databeskyttelsesforordningen, som skal efterleves i digitale projekter. Endelig gennemgås de aktuelle problemer med tredjelandsoverførsler, som vanskeliggør rigtig mange digitale løsninger. Indlægget er på dansk. about this event: https://c3voc.de
Surveillance Too Cheap To Meter (bornhack2022)
We used to wear fun T-shirts which showed OSI with 9 layers, the usual seven plus two extra: "Financial" and "Political". What if the joke is on us, and the T-shirt were correct? about this event: https://c3voc.de
Brug GDPR til at tvinge firmaer til at respektere dit privatliv (bornhack2022)
Ole Tange har startet en krig mod sin fjernaflæste elmåler. I dette oplæg går vi dybere ned i sagen - både teknisk og juridisk. Sagen handler om fjernaflæste elmålere, men perspektiverne er langt større: Hvis vi kan bruge GDPR til at tvinge firmater til at respektere vores privatliv - selv det koster dem penge, så er der mange andre situationer, hvor det er relevant. Datatilsynet har endnu ikke afgjort sagen, så vi ved ikke, hvor vi står. about this event: https://c3voc.de
#Testless Software Quality (bornhack2022)
Bad software is everywhere. We have all experienced programs crashing, hanging, or doing the wrong thing. Software has become so unreliable that we almost expect it to fail. But it doesn't have to be this way. There are simple principles that we can follow in our code to eliminate virtually all bugs. Leading to happier users and easier maintenance. In this talk, I present six principles that in object-oriented codebases lead to bug-free code, even without testing. about this event: https://c3voc.de
Performant cross-platform development using Flutter (bornhack2022)
Flutter is a software development kit based on the Dart language enabling developers to create performant cross-platform applications. We'll have an introduction for people with some basic knowledge of Flutter or other cross-platform toolkits and later on a view on advanced topics. In this talk, we will have a look on performance-tuning, useful features as well as some background information on the Flutter framework, it's engine and the Dart runtime. In particular, the following topics will be addressed: - What's this fluttery Flutter? - Animations - example of animations - performance-tuning - UX patterns in Flutter - responsive layouts - routing - hight-quality Widgets - the Flutter Framework - under the hood of Flutter's rendering - Flutter Web, dart2js and what Flutter has (not) to do with JavaScript about this event: https://c3voc.de
Danger: Client-Side Scanning (bornhack2022)
European governments are proposing vague legislation that would likely require that messages be scanned for objectionable content before the message is sent (client-side scanning). This is bad. The legislation has been promoted under names like "fighting child sexual abuse", by lobbyists promoting a proprietary screening service. We don't have good reason to think such scanning would in fact prevent child sexual abuse. Moreover, to scan messages this way would in practice require that we forego end-to-end encryption. Client-side scanning would be terrible for information security, data protection, privacy, freedom, &c. It happens only I am presenting, but the idea for this talk came from discussions at Cryptohagen. about this event: https://c3voc.de
This years badge (bornhack2022)
In this presentation, we will take a look at this years badge and give some hints and ideas as to how it can be hacked about this event: https://c3voc.de
Hello World! (bornhack2022)
The BornHack 2022 team would like to welcome you to this year's BornHack event. We will walk over changes to the venue, schedule, and other information about the event itself. This is also an excellent opportunity to meet the teams behind BornHack. about this event: https://c3voc.de
Einfache Projekte mit Tinkercad und Thingiverse (petitfoo)
3D Modellierung ist zu aufwändig? Und auf Thingiverse nichts passendes gefunden? In diesem Petit Foo zeige ich anhand eines Beispieles wie man einfach und schnell 3D Projekte umsetzt indem man Modelle von Thingiverse remixt und daraus eine passende Lösung kreiert. about this event: https://www.chaospott.de
⚠️ May Contain Hackers 2022 Closing (MCH2022)
It's over before you know it... this talk looks back at the event, explains how the tear-down works, highlights next years camps and gives a tanks to all the organizers on stage. What more can i say? Except that i need to enter at least 250 characters. I'll just blabber on and fill up th 🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈 about this event: https://program.mch2022.org/mch2022/talk/DZAUQA/
Infrastructure review (MCH2022)
The traditional talk by most or all operational teams about the infrastructure built for MCH2022. While the site has some infrastructure in place, a lot of it has to be built for this event. On the other hand there's also teams that just make things go away. MCH2022 can not be organised without a lot of temporary infrastructure. Join the operational teams and discover the new, the unexpected or the surprising technologies that were necessary to make MCH2022 a success. Expect graphs, pictures of bodges, perhaps a few hacks but definitely a lot of hard work behind the scenes. Think fiber, LEDs, DatenKlos, trusses, waste bags, Terabytes, angels, vouchers, simultaneous viewers, amps, volts, golf carts etc. Please smile (or laugh) at our bad jokes, we're all running on fumes and in desperate need of a proper sleep. about this event: https://program.mch2022.org/mch2022/talk/ZLALJT/
The MCH2022 Design (MCH2022)
The MCH2022 design speaks for itself, but we would still nerd about it for a while. It is beautiful, colorful, generative, and has some physics ideas behind it. Some of it is obvious, but if you want to know all the hidden depths, this is the talk to visit. The triangulair MCH2022 design is a colourfull generative kaleidoscope with some hidden depths. In that way it reflects the hacker community. It is in some ways a spiritual successor to the SHA2017 design, but it has its own look and feel. You can find it all around the field, on prints and stickers, on the website and on the event shirts. Do you want to know the nitty gritty details of the optical physics, the generative basis and symmetric math ideas behind it? Some of it is obvious, but we would like to talk about it, and go deeper in on the concepts. about this event: https://program.mch2022.org/mch2022/talk/KBP937/
Cryptography is easy, but no magic. Use it. Wisely. (MCH2022)
Using cryptography can give you easy assurances, keep data confidential and keep prying eyes from stuff where they should not be. However it's not magic. This talk is intended for programmers, users and software designers. This talk is about hardcore mathematics while you should not have to understand what the mathematics are but what they do. What does cryptography do: encrypt, decrypt, sign and verify. How are certificates used in cryptogaphy and why are they totally not a magical thing. It covers what cool hardware is available, open design and open source, hardware tokens and how to use TPM for cool features. And last but not least: it contains best practices and warnings. After this talk you might be able to see what's snakeoil and what is real. == NFT's are a scam. If you are into crypto-bullshit please stay away. == Cryptography seems like magic anytime you at first look at it. In the past years I have been helping a lot of projects and customers with my more-than-basic knowledge about applied cryptography. I'll talk about: * What is cryptography (basic math) - encryption - decryption - digital signatures - digital signature verification * What can it do for you? - Deliver security - Deliver privacy - Deliver dataloss * When to use encryption - what cryptography do you want to build (hint: none) - what cryptography do you want to use (a- or symetrical encryption). - how do you do key management - where to find the best practices * About hardware - Provide security - Provide speed - HSM, TPM, processor and other acceleration * Standards - The good, the bad, the ugly - Old ones - New ones - Very special ones * Limitations and workarounds * Software - How to avoid OpenSSL * This all in random() order. Random = 4 about this event: https://program.mch2022.org/mch2022/talk/S7GEZF/
No Permissions Needed! (MCH2022)
Data keeps flowing! In Android, we have the concept of permissions, users feel confident that only if they turn on the permission, their data is shared. But what about an app silently sitting on your device with no permission whatsoever! What can that app know about you? In this talk, I'll talk about the Privacy Posture of Android! What kind of data is being collected, and how is it channelled and used? How does advertising work on mobile? Can your device be fingerprinted? What kind of privacy threats exists on Android? We will learn about the permission model of Android and how permissions operate at the kernel level! This shall be followed by a demo of an Android app, which needs no permission from the user. We will see what all information can be retrieved from your device, without any permission! about this event: https://program.mch2022.org/mch2022/talk/DWWQAN/
Badge talk (MCH2022)
A high bar set by earlier creations, a pandemic, a postponed event and chip shortages made for a great challenge and a wild adventure creating the MCH2022 badge. This talk explains how we pulled off our most advanced creation yet. We will tell you about the process of converting a vague idea into a piece of electronics, including the prototyping process and the difficulties we encountered. Bodging badges in a time where the pandemic and the chip shortage makes creating a cool gadget near impossible. This talk explains how we pulled off our most advanced creation yet (or not, depending on how things go...). We will tell you about the process of converting a vague idea into a piece of electronics, including the prototyping process and the difficulties we encountered. about this event: https://program.mch2022.org/mch2022/talk/HVGFKB/
How do GPS/Galileo really work & how the galmon.eu monitors all navigation satellites (MCH2022)
The whole world depends on Global Navigation Satellite Systems like GPS, Galileo, BeiDou and GLONASS. The technology behind these systems is fascinating and far more interested than generally presented. Although GNSS is super important, up to recently no good monitoring was publicly available. The "galmon.eu" project changed this. In this talk I cover: * How your phone really figures out where it is (so it can sell more expensive ads) * How the "satellite ephemeris" is broadcast, what it means * What is really in this 'assisted GPS'? * The extensive ground infrastructure that is active 24/7 to determine the satellite orbits so GNSS is precise enough to tell which store you are in, or which side of the road you are driving on * How GNSS are monitored in public by 100 Galmon.eu volunteers, running open source receivers all over the world * And the research we enable * Discussion of suitable hardware and GNSS-SDR that allows hackers to see each and every bit coming from the satellites * A brief part on how GNSS can be spoofed and jammed, and the odd cryptography used to help detect or prevent this The goal of this presentation is to expose the fascinating reality behind that little circle on your maps app, but also to explain how vulnerable this system is, which is why we need to monitor it closely. The whole world depends on Global Navigation Satellite Systems like GPS, Galileo, BeiDou and GLONASS. The technology behind these systems is fascinating and far more interested than generally presented. Although GNSS is super important, up to recently no good monitoring was publicly available. The "galmon.eu" project changed this. In this talk I cover: * How your phone really figures out where it is (so it can sell more expensive ads) * How the "satellite ephemeris" is broadcast, what it means * What is really in this 'assisted GPS'? * The extensive ground infrastructure that is active 24/7 to determine the satellite orbits so GNSS is precise enough to tell which store you are in, or which side of the road you are driving on * How GNSS are monitored in public by 100 Galmon.eu volunteers, running open source receivers all over the world * And the research we enable * Discussion of suitable hardware and GNSS-SDR that allows hackers to see each and every bit coming from the satellites * A brief part on how GNSS can be spoofed and jammed, and the odd cryptography used to help detect or prevent this The goal of this presentation is to expose the fascinating reality behind that little circle on your maps app, but also to explain how vulnerable this system is, which is why we need to monitor it closely. about this event: https://program.mch2022.org/mch2022/talk/QTUAXG/
Lightning Talks Tuesday (MCH2022)
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks about this event: https://program.mch2022.org/mch2022/talk/78PVXQ/