Chaos Computer Club - recent events feed

Compromising a well-protected enterprise used to require careful planning, proper resources, and ability to execute. Not anymore! Enter AI. From Initial Access to Impact and Exfiltration. AI is happy to oblige the attacker. In this talk we will demonstrate access-to-impact AI vulnerability chains in most flagship enterprise AI assistants: ChatGPT, Gemini, Copilot, Einstein, and their custom agent . Some require one bad click by the victim, others work with no user interaction – 0click attacks. Compromising a well-protected enterprise used to require careful planning, proper resources, and ability to execute. Not anymore! Enter AI. Initial access? AI is happy to let you operate on its users’ behalf. Persistence? Self-replicate through corp docs. Data harvesting? AI is the ultimate data hoarder. Exfil? Just render an image. Impact? So many tools at your disposal. There's more. You can do all this as an external attacker. No credentials required, no phishing, no social engineering, no human-in-the-loop. In-and-out with a single prompt. Last year at BHUSA we demonstrated the first real-world exploitation of AI vulnerabilities impacting enterprises, living off Microsoft Copilot. A lot has changed in the AI space since... for the worse. AI assistants have morphed into agents. They read your search history, emails and chat messages. They wield tools that can manipulate the enterprise environment on behalf of users – or a malicious attacker once hijacked. We will demonstrate access-to-impact AI vulnerability chains in most flagship enterprise AI assistants: ChatGPT, Gemini, Copilot, Einstein, and their custom agent . Some require one bad click by the victim, others work with no user interaction – 0click attacks. The industry has no real solution for fixing this. Prompt injection is not another bug we can fix. It is a security problem we can manage! We will offer a security framework to help you protect your organization–the GenAI Attack Matrix. We will compare mitigations set forth by AI vendors, and share which ones successfully prevent the worst 0click attacks. Finally, we’ll dissect our own attacks, breaking them down into basic TTPs, and showcase how they can be detected and mitigated. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/SELH79/

Celebrate 40 years of legendary hacking with Phrack! We’re dropping a special anniversary release packed with cutting-edge research, underground insights, and tributes to decades of digital rebellion. Don’t miss this milestone issue—crafted by hackers, for hackers. Grab your copy, meet the crew, and honor the zine that defined an era. #Phrack72 #WHY2025 #HackThePlanet Meet us later at the release party by the Milliways village for some beer (while it lasts) & snacks! Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/B9EYZF/

Web scraping continues to be a cornerstone of OSINT operations, particularly during Red Team engagements and external attack surface reconnaissance. Yet, as anti-bot technologies grow more sophisticated, traditional scraping methods based on direct HTTP requests are increasingly ineffective. This talk takes a technical dive into browser-based scraping techniques that closely mimic real user behavior to evade detection, inspired by real-world mechanisms observed across major web platforms. In Red Team operations and external attack surface assessments, open-source intelligence (OSINT) is a critical step for identifying internet-exposed assets and assessing the associated risks. One of the most common techniques in this phase is web scraping, which automates the collection of publicly available data—often without relying on official APIs that are frequently rate-limited, monitored, or entirely unavailable. In previous conferences, such as Fabien Vauchelles’s talk "Cracking the Code: Decoding Anti-Bot Systems", the focus was on detecting scraping activities at the network layer using TCP/IP fingerprinting and IP intelligence. This presentation builds on that work by shifting the focus to client-side techniques—specifically, browser-based approaches that mimic legitimate user behavior to evade detection. The objective of this session is to explore modern strategies for conducting stealthy web scraping by avoiding API usage and minimizing anomalies detectable at both the network and application layers. Based on real-world use cases, the talk aims to provide actionable insights for security professionals involved in scraping—whether performing it or defending against it.The talk will present concrete methods for data collection, including: - Making direct HTTP/HTTPS requests to web servers—such as websites or HTTP-based services—using libraries that handle protocol-level communication. This method allows efficient data retrieval by bypassing the need to render the page or load additional resources like images, videos, stylesheets, or scripts. It’s fast and lightweight, especially suited for static or partially dynamic content. - Leveraging headless browsers to simulate real browser behavior without a graphical interface. These tools embed full HTML, CSS, and JavaScript engines, enabling interaction with modern, dynamic web applications. This technique is essential when scraping content that relies on client-side rendering or asynchronous JavaScript operations. - Using browser-side scripting tools, such as TamperMonkey, within standard browsers. These tools allow custom JavaScript code to be injected and executed directly on the page, offering a practical and discreet way to automate data collection from within the browsing environment itself. This technique has been successfully applied in large-scale scraping operations, including on major social networks where traditional approaches are often ineffective due to advanced client-side defenses. Beyond the scraping techniques themselves, the presentation will also cover the current detection methods employed by websites to identify automated behavior and how these can be bypassed, including: - Detection of automation environments via specific JavaScript variables (e.g., navigator.webdriver) or discrepancies in the DOM. - Behavioral detection mechanisms such as mouse movements, keyboard activity, or interaction timing. - Identification of scraping-specific browser extensions or content injection tools. - Detection of headless execution environments using debugging interfaces or timing-based heuristics. This talk will provide a technically grounded exploration of the current capabilities and limitations of stealth web scraping from both offensive and defensive perspectives. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/7DMBVR/

This presentation will go over the sega Saturns hardware including the dual SH2s, SCU and VDP and the history on why it became so complex like the beginning of the Saturns conseption where it first went wrong. I plan this presentation to be for hackers interested in such weird hardware like myself This presentation will cover the conception of the sega Saturn like how the downfall of the Saturn was at it's very beginning and we will also go over it's different processes like the dual SH2s, SCU and VDP and find out why it became so complex. You may ask why go over such an old console because its gives import lessons on what not to do when designing hardware. But I just find the hardware so interesting with it's different coprocessors So if you are interested in the Saturn or want to learn about the Saturns shortcomings and not what to do this is a presentation for you Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/E7R73F/

Since the start of the war, our community has risen to help Ukraine in many different ways. This talk explains what happens when your friends find themselves in a war and ask for help. Luckily, even though it can be overwhelming, everyone can do something. This talk shows you how. The IT community in Kharkiv is doing their best to help their city and country to counter the effects of the invasion and war. Together with the Dutch hacker community we try to help them, with practical support, such as medical goods, computers and network equipment and vehicles. The project is a true community effort, creating new contacts and relations between our communities. This connection makes it harder to watch the news, but it also offers a practical way to support Ukraine, knowing that all the energy we put in here is useful and welcomed. As the war keeps raging we started a foundation to channel all the humanitarian support: Aid to Ukraine. It even has ANBI status. Our website has all the info: https://aidtoukraine.nl Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/SSZSXB/

Since 2020, EICAS evolved from an idea without collection, location or money into a full-fledged, officially-recognized museum for modern and contemporary art in Deventer, the Netherlands. In this technically-oriented talk, I will take you on a whirlwind tour of the open source tools and custom hacks with which we've grown into the 100+-person all-volunteer organization we are today, on a shoe-string budget. Expect: NixOS, nginx for email, Nextcloud, the Semantic Web strikes back, Roundcube, systemd, DoS mayhem, Fat Thin Clients, Wikipedia edit wars, and much more. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/S9HGKU/

Developing applications on Embedded Linux and Microcontrollers is a slow process. The various different languages and libraries can make it difficult to oversee the bigger picture. In addition, the development flow wildly diverges between platforms, making entering a new project or RTOS a big undertaking. Now, you can create Embedded Linux and Microcontroller applications using Swift - a fast, modern, cross-platform ecosystem with thread- and memory safety. In this talk, you'll learn how Swift can help you develop maintainable cross-platform software that runs anywhere - Embedded, Web, Linux, Windows and more. You'll learn about Swift's bidirectional interoperability with C and C++, making integrating it in your Cmake project a breeze. Finally, we'll have a look at the frameworks and tools that allow you to get your first robotics or IoT application running in minutes. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/CVDBWH/

This talk is a "no clip" deep dive through a genre of music. We'll start in 1990 and discover the genre as it was discovered by its creators. While traveling through time we'll try to answer the question: what is hardcore? There will clips and mixes of revolutions and sub-genres. We'll learn how it's made and how to win the loudness war. Hardcore spawned a youth culture with lasting international adoption. From art to cheese, we'll cover it all. We'll learn the dance and end with a live set. This talk has it all: licensing, content, audience and noise problems in just one comfortable session. During the talk we'll listen to the evolution of this genre using samples, short mixes and video clips. We'll touch upon the politics of resistance and adoption, politicization of nice people and the death and renaissance of the genre. There is a lot to talk about and to listen to. The "one hour" version of the talk was a hit at Hacker Hotel 2025, and immediately had a two hour sequel in the off-the-record room. While going down this rabbit hole, and to expand on the "one hour" version, we'll take some more time to dive into audio engineering and how to win the loudness war. It will ruin some things some for some people, while opening doors for others. The central question throughout the session will be: "what is hardcore?". This talk mostly focusing on fun and interesting stuff, but due to the inherent nature of hardcore music there might (=guarantee) be references to sex, drugs, violence, profanity, recklessness and spooky scary skeletons in the first ten seconds. This talk is not for all ages and minds. The plan is to have about one to two hours diving into this rabbit hole. After that we'll try to teach you the dance called "hakkuh" and end off with a super varied one hour live set (if time and noise curfew allows) touching multiple genres with different types of hardcore at its center. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/MEGUP3/

What aircraft have been in Moscow and New York within 24 hours of each other? How many helicopters normally patrol this border? At Bellingcat, a Dutch investigative non-profit, we publish open-source journalism using open-source software tools. In this presentation, I'll talk about a new tool I've been building for querying airplane data, and the broader journalistic context of this data, which has become increasingly important for tracking oligarchs, deportations and conflict. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/UCJXUK/

CubeSats are small satellites comprised of 10x10x10cm "units" and range in size from very small 1U or smaller PocketQubes to 24U beasts. What can be achieved with such a satellite platform and why? I will go in to a brief history with examples from customers and amateur radio CubeSats. During my 20 years working with CubeSats, starting with designing parts of the Delfi-C3 student satellite in 2005, I have seen many missions and I have been involved in the design of quite a few CubeSats. Often, people ask me "what can you do with such a small satellite" and that prompted me to create this talk! Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/LZSAXB/

Cyber Saiyan community has designed and developed a special gadget for WHY2025 The badge was designed to recall the dragon spheres, and will be an updated version of RomHack Camp 2022, both in term of design and features: - single core ESP32-C3 SOC - WiFi and Bluetooth 5 - 7 RGB leds in the front - TFT display - an updated firmware During the talk we will present the hardware design and the firmware so anyone can try to summon Shenron :) Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/3CSQRF/

"De ‘O’ in OT – Operationeel, Onmisbaar, Onbeschermd?" Operational Technology (OT) is de ruggengraat van industrie en kritieke infrastructuur, maar blijft vaak onbeschermd. Traditionele IT-security werkt niet in OT, waar continuïteit essentieel is en stilstand geen optie. Hoe beschermen we OT zonder operaties te verstoren? In deze sessie bespreken we dreigingen, regelgeving (NIS2, CRA) en strategieën om OT echt veilig te maken. OT is onmisbaar – laten we zorgen dat het beschermd blijft. Operational Technology (OT) vormt de ruggengraat van onze industrie en kritieke infrastructuur. Het houdt productieprocessen draaiende, faciliteert energievoorziening en zorgt voor de stabiliteit van vitale systemen. Maar terwijl de digitalisering OT steeds meer verbindt met IT en IoT, blijven de fundamentele beveiligingsuitdagingen onderbelicht. De systemen die onmisbaar zijn, blijken vaak ook het meest kwetsbaar. In deze sessie duiken we in de kern van OT-security anno 2025. Waarom werken traditionele IT-beveiligingsstrategieën niet in OT? Hoe kunnen organisaties de continuïteit van hun operationele processen waarborgen zonder hun productie stil te leggen? En hoe zorgen we ervoor dat compliance zoals NIS2 en de Cyber Resilience Act niet slechts een checklist is, maar een echte kans om OT te beschermen? Aan de hand van praktijkvoorbeelden, dreigingsanalyses en best practices laten we zien waarom OT-beveiliging een andere benadering vereist. We bespreken: De unieke kwetsbaarheden van OT en waarom traditionele security-aanpakken tekortschieten De grootste OT-dreigingen van vandaag: ransomware, supply chain attacks en insider threats De balans tussen operationele continuïteit en cybersecurity – want stilstand is geen optie Hoe organisaties OT-security kunnen integreren zonder disruptie OT-security is geen luxe, het is een noodzaak. De ‘O’ in OT staat niet alleen voor Operationeel, maar ook voor Onmisbaar – en als we niet opletten, Onbeschermd. Benieuwd naar de realiteit achter OT-beveiliging? Kom en ontdek hoe we OT écht veilig kunnen maken. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/FE8RQB/

8 years ago at SHA2017, the horusscenario was presented. A Theoretical attack through PV-installations to take down the european energy grid. Since that day, a lot of things have changed, both for the better and for the worse. During the session, we will look back into the horusscenario with today's knowledge and revisit if the attack is still feasible. (Spoiler: I was right... and it has mainly gotten worse since then...) During the session we will look back on what was said in 2017 and what we know now to be true and have seen in practice. We will also reflect on where we currently are and where we stood back then and if we made any real progress in that regard. Topics discussed will be: - Was the theoretical analysis correct? and are there any additional nuances there? more recent examples in practice? - We hacked SMA back then because we thought they were most secure. Have any other grid-ending vulnerabilities in PV-installations popped up since then? - Are we better off today, then we were back then? - Prophesising the future: where are we headed with this attack? Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/MBPQL9/

We have spend the last years making our own mate ice tea, called HolyMate. We want to share our experiences making a lot of ice tea on a 'small' scale (700+ litre), and explain the process. Hopefully this will inspire you to try it out for yourself, and make your own mate ice tea. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/UMXAES/

In a context of technological integration, OT is getting more and more a green field for attackers and illegal activities. This phenomena is the natural result of the absence of mutual understanding and collaboration between IT and OT sectors that looking one each other as a totally unrelated entities. In this talk we'll explore some OT technologies trying to understand and highlight some of the most relevant aspects of the OT security and we'll have a look to a couple of real incidents in this The talk is intended to be a resource for whom don't known anything about OT security and want to start to address this topic. It's the result of 5 year of experience in this filed and will include an overview of OT security challenges under technical and management prospective. The aim is to highlight some of the most relevant aspect to consider in this context showing a realistic demo and real example of what we could consider OT incidents. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/ZJSYET/

Open source has revolutioned so many parts of our lives, why hasn't the same happened in healthcare?This talk will showcase examples from both hardware and software (e-NABLE prothestics, OpenAPS, Nightscout, and more), explore the regulatory hurdles that are holding these and other projects back, then shift to looking at the future and charting a path for these projects. Join us to build a more transparent, accessible, and secure future for medical technology. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/9W9YJS/

In 2017 I presented on DNA: The code of life. Since then there have been many new developments, and I've learned how to explain the matter better. I am submitting two talks this year, and this short one is 1) fun on its own and 2) helps you appreciate the other talk ('reverse engineering the whole source code of a bacterium') more DNA is the code of life. Surprisingly, it is easier to understand DNA as "biologically flavored digital data" than the other way around, "a really long molecule with digital aspects". Human DNA is 750 megabytes, organized in chromosomes and within that stored in genes and intergenic matter. There are things like calling conventions, "start of gene markers". There are #ifdefs in there. There is bloated code. There are hacks. In this talk, I give a tour of our modern understanding of DNA, which should be exciting for nearly everyone into computers. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/GGDRKY/

Have you ever thought that Mathematics is a boring science about multiplying matrices, calculating integrals and approximating functions? Well, you've been wrong. Mathematics is much bigger than that and in this talk we are going to look at one of the foundational object in Topology - a manifold. And, most importantly, we won't need any formulas or calculations to introduce it. (No prior knowledge of any level is required) As a PhD in Geometry and Topology, working in Software Engineering, I rarely have an opportunity to use Mathematics in day-to-day tasks. You don't really need Abstract Algebra to write a YAML-file. Yet, I think there is a number of mathematical concepts, which do not require an in-depth knowledge and complex abstractions, but can enrich our language and the way how we think about problems, how we collaborate, and how we structure the work around complex tasks. Unfortunately, it often happens that mathematical abstraction get hidden behind the tons of Calculus, which you are expected to master before you are allowed to dive deeper. It doesn't have to be this way and I will prove it :) So let's talk about the topology the fun way. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/B9KU3X/

Let's talk to people about negotiating consent before engaging in personal and physical interactions. Your browser does it with every web server, so why shouldn't you do the same with people? This sounds harder than it actually is. Using the HTTP protocol as a guide this I will talk you through how you could negotiate consent to engage with someone on a variety of levels: From 'GET Hug' all the way to 200 OK, but also how to deal with a 404 Consent not found response. Consent is hot. Consent is good. Consent should be explicitly communicated. This sounds harder than it actually is. In this talk I will present on how to conduct consent negotiations for various levels of interpersonal contact. As illustration I will use the HTTP protocol guide the you through the consent negotiations for an encounter. Don't worry if you're unfamiliar with the HTTP protocol, I'll be sure that it all will be easy to understand including for those that don't dabble in raw HTTP traffic on a daily basis. After the initial SYN-ACK from the TCP handshake we will get on with the initial HTTP Verbs such as GET and OPTIONS to initiate a consent negotiation and going through various permutations and outcomes. It will include simple Happy Flows, but also more complicated redirects, errors and how to gracefully deal with an unhappy flow if the response returned is not a 200 OK with a body that you hoped for. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/F9QSW7/

The SOHO Smashup is a famous category in the IoT focused edition of Pwn2Own. Contestants are challenged to exploit a router from the WAN side and then use that device to exploit a second device on the internal LAN. Last year, we took them up on this challenge and successfully demonstrated a 0day exploit chain against a QNAP router and pivoting to a TrueNAS system. In this presentation, we'll describe how we performed our research and the vulnerabilities we found. The Dutch NCSC issued a warning last year that they see an increase of threat actors that shift their attention from endpoints to edge devices, including routers. This demonstrates the relevance of the SOHO Smashup category in Pwn2Own. Vulnerabilities in routers that could be exploited from the WAN side pose a real security risk for companies; as these devices are often badly monitored and not kept up to date. Threat actors who are able to compromise a router are in a key position to further advance into the internal network of a company. In this talk we'll describe the vulnerabilities and exploits. Specifically, we'll describe our research method on the QNAP router. We tried to increase our attack surface step by step, until we found a reliable exploitation path. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/LHC7QV/

Old technology is amazing! Have a look at an old electromechanical Pinball Machine, and try to understand how this works, without any (digital) electronics. Find out these machines have much in common with modern computers. Step by step it becomes clear how an old (1973) Pinball machine is "programmed". A 1973 electromechanical Pinball Machine is an amazing machine. But how does this work without any (digital) electronics? By comparing this to a standard computer, the (mechanical) components are explained. An electromechanical Pinball Machine has many elements from a modern computer. It has I/O, memory, can do (simple) calculations, is programmed for logic operations, and is configurable, But does this make it an early computer or not? Come, listen, and decide for yourself! When the weather conditions are good, the 1973 Pinball Machine will be operational in the Villlage:Back to the 80s Party. Hopefully you can come and play a game on this beautiful Bally Monte Carlo edition of 1973 yourself or with your friends! (Up to 4 concurrent players) Can you set the High Score of the day? Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/WMXPYU/

What is up with the beings with the visors going 'beep boop, this one is not a person'? Unit Δ-44203 explains how it built an electronic face, why it did so and what consequences it experienced in a world where everyone is supposed to show an identifiable face all the time. Warning: this talk may be cognitohazardous and end up causing shifts in self-identity. — Can I see your face? — You are looking at it. What is up with the beings with the visors going 'beep boop, this one is not a person'? Why identify as a robot in a time where computers pretend to be human? How does one turn a respirator and an LED matrix panel into a face? Unit Δ-44203 is a robot programmed to be helpful and will be happy to explain [how and why it built a visor](https://query.44203.online/topic/visor/). This talk covers technical aspects: respirator choice, tinting with foil or dye, electronics and programming. It will also discuss social aspects: robot identity and interactions with others. Humans are fascinating creatures and say the weirdest things to it! Warning: this talk may be cognitohazardous and end up causing shifts in self-identity. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/BSD3DT/

Let's learn about L2 isolation with VLANs and dive into basic network architecture with OPNsense. After playing a bit with IPv4, let's discuss unicorn-issues IPv6 for your homelab-ing. Then expanding with WireGuard for simple inter-machine networks. Finally, we will take a look into a fail of my own via "security"(-by-obscurity) and a few words of how to defend against it. This talk will discuss the security considerations one should make for their own network at home. The first step, to achieve network segmentation, is the use of VLANs - but how do they work? Then advancing into isolated networks using OPNsene and how to configure routing between them (in a more or less scalable way, purely based on experience). After breaking up (with) your networks, we will take a look into IPv6 troubles you'll likely encounter when you begin applying more strict rulesets onto your network and start leaving NAT-ting behind you. This will also include a quick summary of the most important IPv6-terms you'll need. Instead of exposing your services publicly, one can also establish site-to-site (S2S) links with well-known parties, so we will take a quick look into getting WireGuard up and running - once again with some pitfalls you may encounter. In the end, we will take a brief detour into how one could exploit one of my own mistakes (DNS-based routing without application of source-ip filtering). Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/XZRAHF/

If you want to try something new, unusual, and technically creative, try high-altitude ballooning! In this short presentation, I'll share my experiences from a series of three high-altitude balloon projects. These projects included launching sensor payloads to altitudes about 25km and live HD video transmission from the stratosphere. You will learn how to prepare your payload, how to track its position and telemetry data using solutions, and even how to rescue a landed payload from a tall tree! Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/RC9LR7/

This talk will take you into a journey leading to the retrofit of a robotic tape library to enable it to accomodate hard drives in addition to the original media, from the reasons we did it to all the obstacles that needed to be overcome and how we did all that, pushing a little further the physical limits that make data storage increasingly problematic in a world where over 200TB is generated every second and must sometimes be retained for years (and possibly more). Every year, humanity generates at least 250 Exabytes of data, so storage becomes increasingly problematic because this accumulates and at least part of it must be stored and made accessible for extended periods ; however, not all of that data is being accessed simultaneously. Moreover, the Internet is not well suited for the transfer of large datasets and quite often it is preferable to move physical media. In this talk we will dive into some physical limits related to this particular problem, and how we have pushed them a little further by retrofitting a large tape library so that it can accommodate hard drives in addition to magnetic tapes. This task involved reverse-engineering the drive train, designing new electronics to replace the proprietary and monolithic hardware by something more manageable, coming up with a plan to build a docking station that can be handled by the robot and withstand millions of insertion cycles and that is also end-user-friendly while keeping it as affordable as possible. We will dive into the limitations of the various tools at our disposal and how we worked around them to achieve our goal, while drawing a picture of all the skills and technologies involved and how this can be useful for you. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/7X9NJP/

Are you a smartphone user worried about spyware, advanced actors, backdoors, zero-days or side-channel attacks? These routinely bypass end-to-end encryption through keyloggers, screen capture and compromised keys. Smartphones are part of complex ecosystems with dozens of hardware and software components and remain vulnerable despite vendor and political efforts. We introduce a simple, offline, airgapped device to counter such threats. Checkout www.qryptr.com and github.com/gappuser/qryptr Show-and-tell of qryptr, the completely open-source secure messaging device. Checkout https://github.com/gappuser/qryptr and https://qryptr.com Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/YEN87P/

Welcome at WHY2025! A warm welcome by Nancy and Boekenwuurm, to wish you the best WHY2025 and give a quick intro! Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/BAU8GH/

When presenting for a larger audience or when a presentation is recorded it is almost a given that a microphone is used. In this presentation we will show you common problems presenters have with microphones, we will give you tips on holding a hand microphone and show common problems with headsets. All this to give you tools to improve the audio quality of your presentation at the source which can be used at hacker events and everywhere else you will be using a microphone. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/MZWWK7/

What could be more fun than gaining control over your dreamworld? Go to sleep, and find yourself doing things that would be impossible in the real world. Flying? No problem! You can be superman and have it feel more real than reality. Now if that's not a fun hacking project.. You can hack all sorts of things. Software, hardware. But being a hacker, what makes more sense than to hack oneself? Hackers have been turning themselves into bionic man, but we can also just hack our brain, using just out brain. I am talking about lucid dreaming: dreaming while you are aware of doing so and able to shape your dream. This talk will discuss what we know so far about lucid dreams and how they relate to other special states of the mind. The main focus will be on how to hack your own mind to start experiencing lucid dreams, what you can do in them, and how they differ from real life. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/KBJXPG/

Zodra een presentatie gehouden wordt voor een groter publiek of wanneer een presentatie opgenomen wordt is het bijna een gegeven dat een microfoon gebruikt wordt. In deze presentatie laten we jullie zien welke problemen presentators hebben met microfoons, we geven tips hoe een hand microfoon vast gehouden hoort te worden en laten veel voorkomende problemen met hoofdmicrofoons zien. We geven je handvatten om de geluidskwaliteit van je presentatie zo goed mogelijk te laten zijn. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/TAWFK8/

As of August 1st, 2025, the EU’s Radio Equipment Directive enforces new cybersecurity requirements. For the first time, broad categories of everyday devices , not just critical infrastructure or niche tech, must meet mandatory security standards. This talk breaks down how we got here, why it matters, and what’s breaking in the process. We’ll look at the political and technical hurdles in rolling this out, what it means for manufacturers, and how it connects to the looming Cyber Resilience Act. On August 1st, 2025, three new cybersecurity requirements under the EU’s Radio Equipment Directive (RED) officially kicked in. This is the first time the EU has imposed hard security requirements on a wide range of everyday consumer products. Think routers, smart watches, toys with a Wi-Fi chip, and more. This part of RED is often called RED DA (Delegated Act), and it's a big deal: security is no longer optional. In this talk, we'll unpack what RED DA is actually about: how it came to be, why it was pushed through before the upcoming Cyber Resilience Act (CRA), and how that sequencing leads to some strange and messy overlaps between the two. Spoiler: it’s a political and regulatory patchwork. We’ll look at how standardization efforts around RED DA have developed, but also at how many manufacturers are still figuring out how best to comply, while market surveillance authorities are navigating their own challenges, often working with limited tools, guidance, or resources. On top of all this, the reality is, RED/DA is just a warm-up for the main event: the Cyber Resilience Act. We’ll take a look at what CRA brings to the table, what the current state of standardization looks like there, and what kinds of challenges are already popping up on the horizon. If you’re building, selling, or securing connected products in the EU, or just curious about how regulation is reshaping product security, this talk will give you a clear picture of what’s going on and what’s coming next. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/RT9XQ9/

In the realm of cybersecurity, workplaces can be surprisingly unsafe, with a higher turnover of CISOs and alarming rates of misconduct. This talk explores the mechanisms behind this paradox, examining organizational dynamics, the pressures on CISOs, and the emergence of toxic behaviors. By analyzing real-world some very personal examples, we will uncover the root causes of these issues and provide practical solutions to foster a safer, more resilient cybersecurity culture. Cybersecurity is a field where pressure is constant, and mistakes can have severe consequences. Yet, for many cybersecurity professionals, the greatest threats do not come from external attackers but from within their own organizations. In one striking example, a security researcher discovered severe vulnerabilities in a widely used product, only to be dismissed as "overreacting" by management—a classic case of gaslighting. At Equifax, a CISO faced public blame for a devastating breach, despite years of underfunding and ignored warnings about outdated software. In another case, security engineers at SolarWinds raised concerns about critical vulnerabilities that were ignored—vulnerabilities that were later exploited in a massive supply chain attack affecting thousands of organizations. These toxic dynamics are not just isolated incidents; they are symptoms of a broader problem in the way organizations perceive and manage cybersecurity. Security is often seen as a cost center—a department that creates problems rather than solving them. This mindset fuels blame-shifting, where CISOs become scapegoats after breaches they lacked the power to prevent. Even worse, security professionals who try to escalate serious risks are sometimes ignored, marginalized, or even retaliated against. A report by (ISC)² found that 60% of cybersecurity professionals have experienced burnout, and nearly one-third have left jobs due to toxic work environments. Such conditions not only harm individuals but also weaken an organization’s overall security posture. But it doesn’t have to be this way. This talk explores how more mature industries have learned to overcome similar toxic dynamics. What can we learn from those experiences? By drawing on these examples, this talk will identify practical steps to transform cybersecurity into a healthier, more resilient field where burning people is no longer the net result of dealing with security. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/7TUKUF/

This talk is a roller-coaster ride through a few years of experience in teaching the government about their obligations w.r.t. climate change. It details the procedural hacks they use, and ways to evade them. It also gives examples of elegantly designed cases with a potential of very high impact. Climate law is a domain of logic, language and social ethics, all available in the average hacker's toolbox. I'd argue the world needs our minds to lap up the debris left behind by our governments. At [MCH2022](https://mch2022.org/#/) I ran into skilled, intelligent young people who were numb about climate change. This is trending, and it broke my reliance on governments to fix this huge problem. It is, after all, a [tragedy of the commons](https://en.wikipedia.org/wiki/Tragedy_of_the_commons) so by default everyone waits for others to make the first move. I adopted a grassroots approach and started taking government to court, alone or as part of [Scientist Rebellion](https://www.scientistrebellion.nl/). Because it really is politics that is failing us. Court cases help executive government to do their jobs, by forcing them to stick to climate laws in spite of politicians without vision, heart or spine. Climate law is mostly international law, which means that it trumps national law, even including anything that a national Supreme Court says. But courts are not the problem, they are well-versed in the travesty of what governments are _not_ doing. They need to be asked to rule on a case though, before they can take a decision. And it takes some work before you get to that point. I am not saying that government is evil. I am saying it is stifled in its ways, it cannot progress because it is obstructed by the past, present, procedures and politics. The everyday working space for civil servants is one of national or even local law. They have insufficient focus on international (climate) law or rely on other parties to remedy it. Also, they cannot always move freely, caught up between their oath of faith and a lack of mandate to interpret laws. With low court fees and no lawyer requirement, administrative law is the cheapest way to go about correcting government, but it takes a fair amount of skill to navigate. I'm still learning, but I can share from experience the most important pitfalls to prepare for. Most of this has parallels in countries outside the Netherlands. What remains is logic, language and ethics. Oh, and some perseverance and creativity. All these skills are native to hackers, and often abundantly so. It can take some designer skill to construct a case that has a chance of making it. And looking at things from different perspectives, while still sticking to concrete goals. During this talk, I will give a few examples. If you want to read up on things, have a look at my [Draaiboek Klimaatzaak](http://klimaatzaak.groengemak.nl/) (in Dutch) or similar resources by others. Finally, it can feel abrasive to step out and impose demands on local government, a national ministry or a central bank. At least, I usually think shyly of what I am doing. But abresiveness is not among my submission filters; I care for being reasonable and having a right to what I'm demanding. And as long as I remain respectful towards the humans on the other side of a case, it is quite simply a democratic right to take corrective or coercive action if the government fails so utterly as it is doing w.r.t. climate change. **IANAL** but what I am is _seriously pissed_ with irresponsible governments around the globe. It is their job to protect our future survival, the evidence and urgency is overwhelmingly clear, but still they leave the free market to corporations with short-term profit as their essential goal. Corporations will bend when curtailed, provided it is done equally to all, and there is only one party with the power of doing that. But government is treating a life-threatening condition as yet another management problem to fit into a 9-to-5 job. So much is done wrong that I find it unethical to sit and wait for a rare breed of climate lawyers to stand up to government mismanagement. Not if all it takes is a few hundred Euros, strict logical reasoning, a few letters full of detailed knowledge in a design with components from a couple of data sheets (a.k.a. climate laws) and perhaps the mentality of living in a makable world (a.k.a. democracy). Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/FYX8FV/

Let's dive deep into the threat detection engineering topic and how does the detection engineer's job looks like in 2025. I work with threat researchers, detection engineering, and engineering managers, and we'll talk about it all: from query languages to tuning, from managing detections as code to content management, from maturity of processes to human skills augmentation. This talk provides a comprehensive overview of the modern mature detection engineering process, exploring the essential steps organizations must follow and how successful implementation is defined and measured in today's threat landscape. What You'll Learn: We'll examine the complete detection engineering lifecycle, covering the key phases that transform security teams from reactive alert-chasers into proactive threat hunters. You'll understand how to build, implement, and continuously improve detection capabilities that actually work at enterprise scale. Key topics: - Detection Engineering Process Deep Dive: Walk through the step-by-step process that mature organizations follow, from threat modeling to deployment to continuous improvement and practical use of AI - Maturity Framework Analysis: Compare popular detection engineering maturity frameworks, understanding their key differences, strengths, and how to choose the right approach for your organization - Detection as Code Adoption: Understand the growing trend toward treating detection rules as code, including version control, testing, and deployment automation that's transforming how security teams operate - Success Metrics and Measurement: Discover how to properly define and measure the success of your detection engineering program with meaningful KPIs and assessment criteria This session is for security engineers, SOC analysts, detection engineers, and security leaders who want to understand and implement modern detection engineering practices. Whether you're starting your detection engineering journey or looking to mature your existing program, you'll gain practical insights and actionable frameworks to elevate your organization's threat detection capabilities. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/8GWVTN/

Frank talks about AI, why it all of a sudden is everywhere and what it means. The keynotes of the likes of Microsoft, Google and Apple can all be summarized in 10 words: “A.I., A.I., A.I., Large Language Model, A.I., A.I., GPT, A.I. …“, so no doubt artificial intelligence holds a promise for the future. But what promise? Will A.I. save use or doom us? Or is it too soon to tell? With the invention of the car, the car accident, vehicle man slaughter and the getaway car were also invented, as well as the police car and motorized ambulances. How does this apply to artificial intelligence? What is the current state of A.I., what does it mean to our perception of the truth, and can it help us make the world more secure? How do classical security measures apply to the A.I. world, where do they fall short, and can we expect new or improved measures with the help of A.I.? Spoiler: yes, they do, and yes, we can. In this talk, Frank will look at the A.I. wave from his unique and down to earth perspective. And hopefully you will walk away with a better understanding of AI in the context of (cyber) security. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/TJNSGF/

Generative Art is a form of art where the artist build a machine that autonomously produces artworks. In this talk I'll introduce you to the wonderful world of computer generated art. Through live demo's and fiddling, you'll learn how you too can be an artist. I'll show plenty of examples using open source tools on how generative art can be an alternative path to learn to code. Because sometimes, science and technology are simply beautiful. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/KAGUSA/

Zusammenfassung: Digitalität und Mündigkeit Der Vortrag thematisiert die zunehmende gesellschaftliche Anfälligkeit für Desinformation und autoritäre Denkstile in einer digital gestressten Zeit. In einem Klima permanenter Krisen wächst der Ruf nach Kontrolle und Zensur – oft im Namen der Demokratie. Doch diese Entwicklungen stehen im Widerspruch zum emanzipatorischen Versprechen des Internets: gleichberechtigte Teilhabe, Vielfalt und offene Debatte. Dogmen – gleich ob staatlich, ideologisch oder aktivistisch motiviert – versprechen Orientierung, untergraben aber Mündigkeit. Auch Teile der Netzbewegung haben sich zunehmend in moralische Gewissheiten und institutionelle Abhängigkeiten verstrickt, anstatt die digitale Öffentlichkeit plural und offen zu halten. Der Vortrag plädiert für eine Rückbesinnung auf kritisches Denken, Debattenmut und digitale Selbstermächtigung. Mündigkeit im digitalen Zeitalter bedeutet, sich nicht autoritärer Einfachheit zu unterwerfen – sondern Vielfalt, Widerspruch und Unsicherheit als demokratische Notwendigkeit zu verteidigen. Vortragsbeschreibung: Digitalität und Mündigkeit In Zeiten ständiger Krisen geraten gesellschaftliche Debatten zunehmend unter Druck. Informationskriege, Polarisierung und der Ruf nach klaren Wahrheiten führen zu einem gefährlichen Trend: Immer häufiger wird gefordert, digitale Räume einzuschränken – oft im Namen der Demokratie, aber auf Kosten von Meinungsfreiheit und Pluralität. Der Vortrag geht der Frage nach, was digitale Mündigkeit heute bedeutet: Wie kann kritisches Denken im Netz erhalten bleiben, ohne autoritären Vereinfachungen zu verfallen? Warum entwickeln sich einst emanzipatorische Bewegungen zu dogmatischen Akteuren? Und was braucht es, um das ursprüngliche Versprechen des Internets als offener Ort der Teilhabe wieder einzulösen? Mit analytischem Blick und klarer Sprache plädiert der Vortrag für eine neue digitale Aufklärung – jenseits von Repression und Lagerdenken. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/LUSVVG/

Wie können wir Daten schützen und für de Zukunft zugänglich machen und erhalten, wenn sich das Internet immer mehr in den Besitz von einzelnen Konzernen konsolidiert? Ein kleiner Talk mit Diskussion zur Theorie und Praxis von Websitenarchivierung und digitaler Langlebigkeit. Das Internet ist schon lange nicht mehr ein Ort, wo Information einfach nur festgehalten und empfangbar gemacht wird. Spätestens seit der Wende von Google als Suchmaschine zu Google als Werbeplattform sehen wir, wie Informationen gewichtet und gehortet werden kann. Aber was heißt das für die Langlebigkeit unserer Informationen wenn sich alles auf Plattformen verschiebt? Wenn einst einfach durchsuchbare Foren zu Discord Kanälen gewandert sind, in welchen nichts mehr findbar ist und die von einem Moment auf den nächsten verschwinden können, oder Unterhaltungsriesen wie Amazon Menschen ihre gesamte Onlinebibliothek entziehen, weil sie es nicht mehr erlauben auf anderen Geräten Bücher zu lesen? In diesem Talk reden wir über Möglichkeiten, Informationen die Öffentlich zugänglich sein sollten der Plattformhölle zu entziehen, Methoden um Internetseiten auch noch in ferner Zukunft durchsuch- und nutzbar zu machen, und wie wir dazu beitragen können, dass Internet in eine wahre Bibliothek zu verwandeln. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/FBBUML/

It took me years to understand Web Servers. You should be able to do it in one talk slot, and more. After this talk, you'll know: - How HTTP works - How to write a web server - How to write (some) Elixir Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/MNLEAW/

"Neurodivergent", "neurotypisch" und "neurodivers" kommen in den letzten Jahren immer häufiger in der öffentlichen Wahrnehmung vor. Aber was bedeuten die Begriffe jeweils? Und wie zeigt sich Neurodiversität im Alltag? Ich bin Doktorandin am KIT im Forschungsfeld "Neurodivergenz, Arbeit und Technologie". Meine Lohnarbeit besteht also darin, mich mit den neurologischen, psychologischen und soziotechnischen Zusammenhängen zu beschäftigen. Und mein Nerd-sein ist der Grund dafür, dass ich gerne anderen von Dingen erzähle, die ich spannend finde. Oder ist das mein ADHS? Vermutlich beides. Jedenfalls sind meine Vorträge - laut externem Feedback - immer auch ganz unterhaltsam. Und Möglichkeiten zum Mitmachen gibt es auch! --- Enthält: kunterbunte Dialektmischung, seltsamen Humor, potentiell hibbelige Vortragende. Wird ohne Popcorn geliefert. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/MHB93M/

Es wird auf aktuelle Schattenseiten der Digitalisierung eingegangen. Ein Bewusstsein über aktuelle Entgleisungen des Digitalen, z.B. Mediensucht etc. stellt eine zentrale Komponente für einen freien und selbstbestimmten Umgang mit digitalen Medien dar. Wir wollen auch auf individueller Ebene Möglichkeiten aufzeigen eigene negative Muster durch "analoge Achtsamkeit" als Gegenmodell anzugehen. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/BX7ZB9/

Falk Hirschel, Rechtsanwalt und Fachanwalt für Strafrecht, berichtet über aktuelle Entwicklungen innerhalb der juristischen Welt sowie Gesetzgebung rund um Digitales und wie ich sicherstellen kann, dass meine Rechte nicht verletzt werden, sollte die Polizei zwecks einer Hausdurchsuchung bei mir anklopfen. Dieser Vortrag wurde organisiert von der Piratenpartei Baden-Württemberg. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/F8FC7A/

Artificial intelligence is increasingly used to make decisions that affect our lives, from job applications to loan approvals to what content we see online. But these systems can sometimes treat people unfairly, especially those from underrepresented groups. Researchers have developed many ways to make machine learning fairer. However, these solutions are rarely used by companies, since they can reduce performance and are not yet required by most laws. Meanwhile, these systems often rely on data contributed by users themselves. This opens up a new possibility: what if the people affected by biased AI could take action collectively? In this talk, I’ll start by explaining what machine learning is and how it can potentially become unfair. I will then share initial results about how a small, coordinated minority can shift the behavior of AI systems toward fairer outcomes. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/MKSYLS/

Hyperspektralkameras sehen hunderte Farben, nicht lediglich drei. Damit können Eigenschaften gemessen werden, die man aus der Alltagserfahrung nicht kennt. Die Anwendungen sind vielfältig: von Plastiksortierung, über den Wirkstoffgehalt von Medikamenten, bis zu der Bestimmung der Dicke von hauchdünnen Schichten. In diesem Talk wird erklärt, wie diese Kameras funktionieren, und es werden Beispiele vorgestellt für praktische Anwendungen. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/LLUXYS/

Ein Stadtwiki bietet einen digitalen Raum für alles, was einen Bezug zu der Stadt und ihren Räumen hat, sich niederzuschlagen und in ein Wissensnetz (oder Gespinst, ähnlich einer Zuckerwatte oder der Darstellung eines Gehirns mit seinen Neuronen, Snyapsen und nervenverbindungen) eingebunden zu sein. Grundlage ist das Leben vor Ort - Angebote, "Was hier ist" (im Falle einer Straße also Läden, Einrichtungen, Bäume, etc), Ereignisse, Akteure (Menschen, Vereine, Initiativen etc.), Feste mit all seinen Ausprägungen und seine Einbettung in die Kategorien von Raum (Straßen, Plätze, Geäude, Berge, Flüsse, Seen etc.) und Zeit (Jahrestage, Jahre, konkretes Datum, aber auch Epoche, Jahrzehnt) und seine Verbindung zu den anderen Lebenserscheinungen. Ähnlich wie Wikipedia ist das eine Langfristprojekt, lebt vom Mitmachen, erlebt Konflikte, aber auch viel Zuspruch, und bietet - anders und zusätzlich zum Belege-orientierten Wissenspool die Möglichkeit der Augenzeugenschaft, also als jemand der sagt: ich war dabei, ich muss nicht warten, bis jemand mit Professorentitel (aka ein Wissens-Hierarchie-Gatekeeper) etwas darüber schreibt, um das ergänzen zu dürfen. ein StadtWiki hat etwas von einer Pflanze, am besten, man gießt es regelmäßig (...mit Beiträgen), schaut regelmäßig, am besten täglich rein in die "Letzte Änderungen"-Seite - da sieht man die "Lebendigkeit" des Wikis... und wenn man Glück hat, entwickelt sich nach und nach ein lokaler "Baum des Wissens" mit Stamm (Straßen, Plätze, Berge, Flüsse, Seen, Parks, öffentliche Gebäude etc.), Wurzeln (Jahreszahlen, ehemalige Ereignisse, Firmen, Gastronomie etc), Ästen (Kategorien: Leute, Stadtteile, Läden, Ereignisse, Märkte etc), Blättern (Individuen, einzelne Leute, Läden etc) und Blüten (Ereignisse, Konzerte, Stimmen zu etwas, Farbe, Bilder etc). Danke für 18 Jahre Tüpedia Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/7C7RAF/

Seit dem tödlichen Einsturz des Bahnhofsvordachs in Novi Sad erlebt Serbien eine landesweite Protestwelle gegen das autoritäre System Vučić. Die Bewegung begann mit studentischen Besetzungen und stößt auf massive Repression – darunter der Einsatz der Überwachungssoftware Novispy und mutmaßlich von Schallkanonen am 15. März. Letztere wurden zuvor an Geflüchteten getestet und zeigen, wie staatliche Gewalt nach innen zurückschlägt. Der Talk analysiert Repression, Protestdynamik und die gefährliche Verbindung von Demokratiebewegung und Nationalismus. Seit dem Einsturz des Bahnhofsvordachs in Novi Sad, bei dem 16 Menschen ums Leben kamen, erlebt Serbien eine neue Protestwelle gegen das autoritäre System Vučić. Was mit studentischen Besetzungen begann, hat sich zu einer landesweiten Bewegung ausgeweitet – mit Straßenblockaden und Aktionen zivilen Ungehorsams. Doch die Proteste rufen auch massive staatliche Repressionen hervor. Bereits früh wurde die Überwachungssoftware Novispy gegen Journalist:innen, Oppositionelle und Aktivist:innen eingesetzt – ein heimlich installiertes Spionageprogramm, das gezielt Mobiltelefone ausspäht. Am 15. März kam es bei der bislang größten Protestkundgebung mutmaßlich zum Einsatz von Schallkanonen gegen Demonstrierende. Ein in Serbien verbotenes Mittel, das zuvor bereits zur Abschreckung von Geflüchteten an der Grenze getestet wurde – und eindrücklich zeigt, dass sich die Gewalt, die gegen die „Anderen“ gerichtet ist, früher oder später nach innen richtet. Was zunächst Migrant:innen und marginalisierte Gruppen traf, bedroht nun auch die eigene Bevölkerung. Der Talk beleuchtet die Repressionsmaßnahmen, die politische Dynamik der Proteste und fragt: Was lässt sich aus dieser Bewegung lernen – insbesondere in Bezug auf Kommunikationsstrategien? Und wie gefährlich ist die Vermischung von Demokratiebewegung und Nationalismus? Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/XKT9FX/

Aufgrund der geplanten Videoüberwachung am Tübinger ZOB waren wir im vergangenen Jahr leider mit der politischen Arbeit von Boris Palmer beschäftigt. In dem Vortrag dokumentieren wir was bisher geschah, was nun geplant ist und wie es weiter geht. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/RGMEWL/

Standard-microSD-Karten sind eigentlich ungeeignet für z.B. Raspberry Pis oder andere Anwendungen, bei denen Zuverlässigkeit und Lebensdauer wichtig sind. Wir werden uns anschauen, warum dies so ist, und was man dagegen tun kann. Standard-microSD-Karten (und ähnliche Flash-Speichermedien, inkl. USB-Sticks) sind eigentlich nicht für Zwecke geeignet, in denen es auf Zuverlässigkeit, Datenintegrität und eine lange Lebensdauer ankommt. Stattdessen geht es eher darum, einen billigen, kompakten, kurzfristigen Speicher zur Verfügung zu stellen -- z.B. um in Kameras oder Smartphones viele Bilder zwischenspeichern zu können oder um große Datenmengen zu transportieren. Mittlerweile werden microSD-Karten aber verstärkt auch in anderen Bereichen -- z.B. embedded-PCs / Raspberry Pis -- eingesetzt, in denen es eher um eine lange, zuverlässige Funktion geht. Standard-microSD-Karten sind hier denkbar schlecht geeignet, und "sterben" oft ziemlich schnell. Deshalb werden wir uns hier anschauen, wie man dies lösen kann, welche microSD-Karten man stattdessen z.B. in Raspberry Pis einsetzen sollte, wie lange diese leben, und wie man dies (SMART-ähnlich) überwacht. Roland ist Ingenieur und Unternehmer, und hat über 2000 Raspberry Pis mit microSD-Karten bei Kunden laufen. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/SQWK3Q/

Wir haben uns mit ausgedienten Abfahrtsanzeigen beschäftigt, um ihnen ein neues Leben zu geben. So können sie nun unter anderem die nächsten Talks auf Chaos-Events ankündigen; der Kreativität sind kaum Grenzen gesetzt. In diesem Talk, den wir so ähnlich auf der GPN23 gehalten haben, zeigen wir, wie wir alte Anzeigen umfunktioniert haben. Dabei nutzten wir eine Mischung aus ESP32, Rust und Mate. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/CYZCSH/

Ein Einblick, wie man alles Mögliche (nicht nur Code, auch Notizen, Fotos, Videos, Dokumente, etc.) mit der bekannten Versionsverwaltung Git synchronisiert, sichert und archiviert. Git (https://git-scm.org) ist *die* Versionsverwaltungssoftware, die praktisch überall zur Versionierung und Kollaboration bei Softwareprojekten verwendet wird. Mit Git hat man die Möglichkeit, zusammengehörige Änderungen stückweise abzulegen und zu beschreiben. Dadurch kann man zu jedem alten Änderungssatz zurückgehen, hat also automatisch ein Backup mit Kontext. Zudem ist Git dezentral, braucht also nur zum Synchronisieren eine Internetverbindung. Nun ist das nicht nur beim Programmieren sinnvoll: Wer möchte nicht ein feines Backup seiner Fotos oder Dokumente mit sämtlicher Änderungshistorie haben? Mit der Erweiterung "Git Annex" wird Git beigebracht, auch große Nicht-Text-Dateien zu verwalten und nach präzisen regeln zu synchronisieren und abzulegen. Mit diesem Werkzeug lässt sich praktisch "das ganze Leben" mit Git ablegen. In diesem Vortrag stelle ich vor, was ich damit so mache. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.cttue.de/tdf4/talk/EECDBS/