BAD NETWORK/FIREWALL 33c3 2016-12-27 2016-12-30 4 00:15 2016-12-27T11:00:00+01:00 11:00 00:30 Saal 1 33c3-8429-33c3_opening_ceremony CCC lecture en false anna elisa 2016-12-27T11:30:00+01:00 11:30 01:00 Saal 1 33c3-8425-the_global_assassination_grid The Infrastructure and People behind Drone Killings Ethics, Society & Politics lecture en As they say in the Air Force, ‚No comms no bombs‘, – A technician’s insight into the invisible networks governing military drones and the quest for accountability Cian has spent a great deal of time thinking about the issues of responsibility in, and how communications technology has been used to distance people from the act of killing. Rising superpowers around the world are working day and night to build the next stealth drone that can penetrate air defense systems. The automation of target selection processes, navigation and control are incentivized by the vulnerability posed by the signals drones rely upon to operate. A drone is merely a networked platform that moves across a grid, much like a mouse. It’s „mind“ is distributed among dozens of individuals located around the globe, controlling separate parts of the the overall mission using data derived from surveillance, and processed using algorithms that may or may not reflect the reality on the ground. Cian challenges the common notion that drones are the most effective tool for combatting terrorism and seeks to explain why this is so, as well as how mistakes happen. The automation of these processes will further take the responsibility out of the hands of individuals and disperse them further. This calls for a new level of ethical considerations and accountability mechanisms to be developed. false Cian Westmoreland /system/events/logos/000/008/295/large/EncryptionLogo.png?1479417484 2016-12-27T12:45:00+01:00 12:45 01:00 Saal 1 33c3-8295-the_fight_for_encryption_in_2016 Crypto fight in the Wake of Apple v. FBI Ethics, Society & Politics lecture en Both strong end-to-end communications encryption and device encryption are legal in most jurisdictions today, and remain widely available. Yet software programmers and hardware producers are increasingly under pressure from law enforcement and policy makers around the world to include so-called backdoors in encryption products. In this lecture, I will provide the state of the law as we moving into 2017, detailing what happened in the fight between Apple and the FBI in San Bernardino and the current proposals to weaken or ban encryption, covering proposed and recently enacted laws. I will also discuss the extra-legal pressures placed upon companies, and the rise of government hacking and state-sponsored malware as an alternative or addition to weakening software. Finally, the presentation will discuss possible realistic outcomes, and give my predictions on what the state of the law will be as we head into 2017, and discuss how we can fight for a future that will allow for secure communications for everyone. The discussion will include: - The law and policy issues in the FBI v. Apple iPhone case, - The FBI’s purchase of 0day access to the iPhone 5c, and Apple’s technical response, - The rise in use of government malware to access encrypted device - Proposed and enacted crypto laws in the United States, Australia, India, Russia, and the UK, - Legal pressures on companies, like Brazil’s arrest of Facebook executives to pressure WhatsApp, - Q&A with the audience. CC BY 4.0 false Kurt Opsahl /system/events/logos/000/008/314/large/28070128343_d6c0b5497c_k.jpg?1475272210 2016-12-27T14:00:00+01:00 14:00 01:00 Saal 1 33c3-8314-bootstraping_a_slightly_more_secure_laptop Security lecture en Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. It targets specific models of commodity hardware and takes advantage of lessons learned from several years of vulnerability research. This talk provides a high level overview of Heads, a demo of installing it on a Thinkpad and a tour of some of the attacks that it protects against. Heads builds on several years of firmware security research focused on firmware vulnerabilities ("Thunderstrike: EFI bootkits for Apple Macbooks" and "Thunderstrike 2") as well as many other CCC talks ("Hardening hardware and choosing a #goodBIOS", "Beyond anti evil maid", "Towards (reasonably) trustworthy x86 laptops", etc.) and combines these ideas into a single system. It is not just another Linux distribution - it combines physical hardening and flash security features with custom Coreboot firmware and a Linux boot loader in ROM. This moves the root of trust into the write-protected ROM and prevents further modifications to the bootup code. Controlling the first instruction the CPU executes allows Heads to measure every step of the boot process into the TPM, which makes it possible to attest to the user or a remote system that the firmware has not been tampered with. While modern Intel CPUs require binary blobs to boot, these non-Free components are included in the measurements and are at least guaranteed to be unchanging. Once the system is in a known good state, the TPM is used as a hardware key storage to decrypt the drive. Additionally, the hypervisor, kernel and initrd images are signed by keys controlled by the user, and the OS uses a signed, immutable root filesystem so that any software exploits that attempt to gain persistence will be detected. While all of these firmware and software changes don't secure the system against every possible attack vector, they address several classes of attacks against the boot process and physical hardware that have been neglected in traditional installations, hopefully raising the difficulty beyond what most attackers are willing to spend. CC BY 4.0 false Trammell Hudson Heads overview 2016-12-27T16:00:00+01:00 16:00 00:30 Saal 1 33c3-8018-law_enforcement_are_hacking_the_planet How the FBI and local cops are hacking computers outside of their jurisdiction. Ethics, Society & Politics lecture en In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser exploit to target over 4000 computers spread across the world based on a single, arguably illegal warrant. But this is only one case in the growing trend of law enforcement agencies reaching outside of their own country and hacking criminals suspects abroad, bringing up urgent questions of legality, jurisdiction, and proportionately in the digital age. For the past year, I have investigated law enforcement’s international use of hacking tools. As well as finding which countries the FBI remotely searched computers in, I uncovered another operation led by a local Australian police department, which targeted individuals in the United States – clearly outside of the agency’s jurisdiction. Because many criminals suspects have moved onto the so-called dark web, law enforcement have no idea where the computers they are hacking are actually located. This worrying shoot-malware-ask-questions later approach has seen only minimal attention from policy makers and legal experts, and is likely to become more widespread. CC BY 4.0 false Joseph Cox The FBI’s ‚Unprecedented‘ Hacking Campaign Targeted Over a Thousand Computers, Motherboard, Jan. 5. 2016 Child Porn Sting Goes Global: FBI Hacked Computers in Denmark, Greece, Chile, Motherboard, Jan. 22. 2016 FBI’s Mass Hack Hit 50 Computers in Austria, Motherboard, July 28. 2016 Australian Authorities Hacked Computers in the US, Motherboard, Aug. 15. 2016 Seung Lee: Supreme Court Allows FBI to Hack Any Computer Anywhere with a Warrant, Newsweek, May 1. 2015 /system/events/logos/000/007/969/large/cube_flat-money_square.png?1480726610 2016-12-27T16:45:00+01:00 16:45 00:30 Saal 1 33c3-7969-shut_up_and_take_my_money The Red Pill of N26 Security Security lecture en FinTechs increasingly cut the ground from under long-established banks’ feet. With a "Mobile First" strategy, many set their sights on bringing all financial tasks—checking the account balance, making transactions, arranging investments, and ordering an overdraft—on your smartphone. In a business area that was once entirely committed to security, Fintechs make a hip design and outstanding user experience their one and only priority. Even though this strategy is rewarded by rapidly increasing customer numbers, it also reveals a flawed understanding of security. With the example of the pan-European banking startup N26 (formerly Number26), we succeeded independently from the used device to leak customer data, manipulate transactions, and to entirely take over accounts to ultimately issue arbitrary transactions—even without credit. Over the last few years, smartphones have become an omnipresent device that almost everybody owns and carries around all the time. Although financial institutions usually react conservatively to new technologies and trends, most established banks today offer their customers banking apps and app-based second-factor authentication methods. Fintechs, technology startups in the financial sector, pressure the tried and trusted structure of established banks, as they highlight the customer’s smartphone as the hub of their financial life. This business model is especially appealing to younger customers. FinTechs, however, also play an important role in the advancing downfall of important conceptual security measures. While the latter can be understood as the next step in the decay process of second-factor authentication, which was started with the introduction of app-based legitimization methods, FinTechs also reveal limited insights into conceptual and technical security. We have encountered severe vulnerabilities at the Berlin-based FinTech N26, which offers their smartphone-only bank account to many countries throughout Europe. Entirely independent of the used device, we were not only able to reveal N26 customers and to manipulate transactions in real-time but also to completely take over a victim’s bank account. CC BY 4.0 false Vincent Haupert Research page of this talk at FAU /system/events/logos/000/007/901/large/15319353_1203772349660451_127043702_n.jpg?1480701672 2016-12-27T17:30:00+01:00 17:30 00:30 Saal 1 33c3-7901-pegasus_internals Technical Teardown of the Pegasus malware and Trident exploit chain Security lecture en This talk will take an in-depth look at the technical capabilities and vulnerabilities used by Pegasus. We will focus on Pegasus’s features and the exploit chain Pegasus used called Trident. Attendees will learn about Pegasus’s use of 0-days, obfuscation, encryption, function hooking, and its ability to go unnoticed. We will present our detailed technical analysis that covers each payload stage of Pegasus including its exploit chain and the various 0-day vulnerabilities that the toolkit was using to jailbreak a device. After this talk attendees will have learned all of the technical details about Pegasus and Trident and how the vulnerabilities we found were patched. Presentation Outline: 1. Introduction Introduction to the talk and the background of the speaker 2. Technical Analysis In the technical analysis section we will cover in-depth the three stages of this attack including the exploits and the payloads used at each stage. We will detail the obfuscation and encryption techniques the developers used to hide the payloads. We will also examine the 0-day vulnerabilities, called Trident, that we found, which allow for a remote jailbreak on the latest versions of iOS (up to 9.3.4) via Safari. * 0-days (responsibly disclosed to Apple) * Malware techniques * Obfuscation and encryption techniques The technical analysis will continue and detail the software that gets installed including what it was designed to collect, which includes texts, emails, chats, calendars, and voice calls from apps including Viber, WhatsApp, Skype, SMS, iMessage, Facebook, WeChat, Viber, WhatsApp, Telegram, Vkontakte, Odnoklassniki, Line, Mail.Ru Agent, Tango, Pegasus, Kakao Talk, and more. * Application Hooking * Use of SIP for exfiltration * Historical Analysis of jailbreaks We will detail how the jailbreak techniques used by this software have changed and adapted to the changing security mechanisms added to iOS over the years. 4. Summary and conclusions CC BY 4.0 false Max Bazaliy Sophisticated, persistent mobile attack against high-value targets on iOS Pegasus Internals /system/events/logos/000/008/033/large/Screen_Shot_2016-09-28_at_11.29.27.png?1475055126 2016-12-27T18:15:00+01:00 18:15 00:30 Saal 1 33c3-8033-what_s_it_doing_now The Role of Automation Dependency in Aviation Accidents Science lecture en Legend has it that most airline pilots will at one time have uttered the sentence "What's it Doing now?", whenever the autopilot or one of its related systems did something unexpected. I will be exploring some high-profile accidents in which wrong expectations of automation behaviour contributed to the outcome. "Pilot Error" is often publicly reported as "the cause" of an accident whenever a member of the flight crew did something which had consequences for the chain of events. We maintain that there is never a single cause, and every mistake a pilot may make has causes, and other factors contributing to it. We use the notion of a "necessary causal factor" to investigate the causes of accidents, and almost invariable there is a combination of both technical and human causal factors. I will look in some detail at accidents in which a combination of a technical problem, misleading or missing indications, and inappropriate (but often understandable) crew actions contributed to an accident, and also some in which unprecedented actions of the human crew turned a problem with potentially fatal consequences into a survivable accident. Automation in modern airliners has become so reliable and useful that it may be argued that it leads to a deterioration of hand-flying skills and, perhaps more importantly, of decision-making skills. Sample accident cases will include Asiana Flight 214, Spanair Flight 5022, Turkish Flight 1951, TAM Flight 3054 and others. I will also briefly touch on technical and ethical problems with self-driving vehicles highlighted by the recent Tesla crash as well as increasing automation in General Aviation and its consequences. In conclusion I will look at ways to improve safety and maintain the very high standard currently achieved in commercial aviation. CC BY 4.0 false Bernd Sieker Causal Analysis of SpanAir Flight 5022 Examples of Reverse-Engineering Compendium of Computer-Related Incidents with Commercial Aircraft 2016-12-27T19:00:00+01:00 19:00 00:30 Saal 1 33c3-8131-dieselgate_a_year_later env stinks || exit Ethics, Society & Politics lecture en At 32C3 we gave an overview on the organizational and technical aspects of Dieselgate that had just broken public three months before. In the last year we have learned a lot and spoken to hundreds of people. Daniel gives an update on what is known and what is still to be revealed. As predicted at 32C3 the last year showed basically every car manufacturer has been cheating with NOx emissions. The whole regulatory scene is a chaotic and over-complex mess of copy-and-paste legislation.The legal battle reveals more of the methods and organizations involved. The political scene tries to look busy and drive clientele agendas. Daniel reports from the EU parliament, why Mayo fries VW layers in Ireland and how the Michigan Attorney General does the Braunschweig AGO’s job. CC BY 4.0 false Daniel Lange (DLange) Presentation slides 2016-12-27T20:30:00+01:00 20:30 01:00 Saal 1 33c3-7904-software_defined_emissions A hacker’s review of Dieselgate Ethics, Society & Politics lecture en A technical talk on how to reverse-engineer electronic control units in order to document what was left apparently intentionally undocumented by the vendor – including how Volkswagen tweaked their cycle detection code while already being investigated by the EPA, how different the Volkswagen approach is really to the rest of the industry, and of course some trivia on how the „acoustic function“ got its name. A year ago, I showed how I pinpointed the cycle detection technique in the ECU software of a Volkswagen car. This talk will focus on the technical part of what has happened since then – how to reverse engineer an ECU, what other vendors do, what their reaction was, and putting the „isolated findings of a hacker“ into perspective. I’ll talk about data collection over CAN, understanding EGR/SCR control strategies (and how to characterize them), and how to find the needle in a 17000-element haystack (and how to understand whether it’s indeed a needle and or just a thin, cylindrical object with a sharp point at the end which legally does not represent a needle). CC BY 4.0 false Felix „tmbinc“ Domke 2016-12-27T21:45:00+01:00 21:45 01:00 Saal 1 33c3-8019-lockpicking_in_the_iot ...or why adding BTLE to a device sometimes isn't smart at all Hardware & Making lecture en "Smart" devices using BTLE, a mobile phone and the Internet are becoming more and more popular. We will be using mechanical and electronic hardware attacks, TLS MitM, BTLE sniffing and App decompilation to show why those devices and their manufacturers aren't always that smart after all. And that even AES128 on top of the BTLE layer doesn't have to mean "unbreakable". Our main target will be electronic locks, but the methods shown apply to many other smart devices as well... This talk will hand you all the tools you need to go deeply into hacking smart devices. And you should! The only reason a huge bunch of these products doesn't even implement the most basic security mechanisms, might be that we don't hack them enough! We start by looking at the hardware layer, dissecting PCBs and showing which chips are usually used for building those devices. Even if the firmware is read protected they still can be used as nice devboards with unusual pheripherals - if you can't flash it, you don't own it! But you don't always have to get out your JTAG interfaces. The most simple part is intercepting an Apps communication with its servers. We show an easy Man-in-the-middle setup, which on the fly breaks the TLS encryption and lets you read and manipulate the data flowing through. This was enough to completely defeat the restrictions on a locks "share to a friend" feature and of course helps you recover your password... Understanding the API also is the best way to actually OWN your device - giving you the option to replace the vendors cloud service with an own backend. We show how this can be for example used to continue using your bike lock when the kickstarter you got it from goes bankrupt after a presentation about it's bad crypto. Just kidding, they are already notified and working on a patch. Also going for the wireless interface and sniffing BTLE isn't as difficult as it might sound. Turning a cheap 10 EUR devboard into a sniffer we show how to use Wireshark to dissect the packets going from and to the device and analyze the payload. In some cases this is all what's needed to get the secret key from a single interaction... Finally we will turn into reverse engineers, showing how to decompile an android app and analyze it's inner working or even modify it to your needs. Using this we show, that a quite popular electronic padlock indeed correctly claims to use AES128, but due to a silly key exchange mechanism we can break it by listening to a single opening command. All details of this 0-day attack will be released during the talk - the vendor has been notified in May. Last but not least we will go back for the hardware layer, showing that sometimes even simple things like magnets or shims can be used to defeat $80+ electronic locks in seconds... CC BY 4.0 false Ray Updated Slides 2016-12-27T23:00:00+01:00 23:00 01:00 Saal 1 33c3-7946-console_hacking_2016 PS4: PC Master Race Security lecture en Last year, we demonstrated Linux running on the PS4 in a lightning talk - presented on the PS4 itself. But how did we do it? In a departure from previous Console Hacking talks focusing on security, this year we're going to focus on the PS4 hardware, what makes it different from a PC, and how we reverse engineered it enough to get a full-blown Linux distro running on it, complete with 3D acceleration. So you have an exploit. You have code execution. Great! But what do you do now? In the past, console homebrew usually focused on bringing up a development environment similar to the one used for commercial games. However, with the increasing complexity of console hardware, it's becoming impractical for a small team of hackers to create a full blown development SDK. Using leaked official SDKs is illegal. What can we do? Well, there's Linux. The PS4 is particularly great for Linux, because it is based on a modified x86 platform and a modified Radeon GPU. That means that once the basic OS port is complete, it can run existing games - even Steam games and other commercial software. But just how similar is the PS4 to a PC? Can you just throw GRUB on it and boot an Ubuntu kernel? Not quite. In this talk we'll cover the PS4 hardware and part of its software environment, and how we reverse engineered enough of it to write Linux drivers and kernel patches. We'll go over how we went from basic code execution to building a 'kexec' function that can boot into Linux from the PS4's FreeBSD-based kernel. We'll reverse engineer the PS4's special hardware, from special PCI interrupt management to the HDMI encoder. We'll dive deep into the Radeon-based GPU architecture, and we'll share some previously unreleased research and tools of interest to AMD Radeon driver developers and hackers. If you're interested in the strange world of x86 hardware that isn't quite a PC, then this talk is for you. CC BY 4.0 false marcan 2016-12-28T00:15:00+01:00 00:15 01:00 Saal 1 33c3-8116-nicht_offentlich Ein Geheimdienst als Zeuge. Szenen aus dem NSA-Untersuchungsausschuss. Entertainment performance de Der NSA-Untersuchungsausschuss im Bundestag soll aufklären, was die NSA in Deutschland tut und wie deutsche Geheimdienste in diese Aktivitäten verwickelt sind. Fast wie in einer Gerichtsverhandlung – doch es gibt eine Besonderheit: Der Zeuge ist der BND, ein Geheimdienst. Und der tut alles dafür, nichts zu verraten. Die Inszenierung enthält originale Szenen und Zitate aus dem Ausschuss, die zeigen, wie mühsam es ist, einen Geheimdienst zu vernehmen, wie schwer er es dem Parlament macht, ihn zu kontrollieren. Doch sie belegen auch, dass demokratische Aufklärung nicht umsonst ist, auch wenn sie manchmal nur aus Versehen passiert. Oder wenn den Aufklärern statt einer verschiedene Wahrheiten zu einem Thema präsentiert werden. CC BY 4.0 false anna Kai Biermann Felix Betzin Elisabeth Pleß Johannes Wolf vieuxrenard 2016-12-27T11:30:00+01:00 11:30 01:00 Saal 2 33c3-8399-reverse_engineering_outernet Hardware & Making lecture en <a href="https://outernet.is">Outernet</a> is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I have been able to <a href="http://destevez.net/tag/outernet/">reverse engineer</a> most of the protocols, and a functional <a href="https://github.com/daniestevez/free-outernet">open source</a> receiver is now available. <a href="https://outernet.is">Outernet</a> is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Currently, they broadcast an L-band signal from 3 Inmarsat satellites, giving them almost worldwide coverage. The bitrate of the signal is 2kbps (or 20MB of content per day), and they use the signal to broadcast Wikipedia pages, weather information and other information of public interest. Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I think this is contrary to the goal of providing free worldwide access to internet contents. Therefore, I have worked to reverse engineer the protocols and build an open source receiver. I have been able to <a href="http://destevez.net/tag/outernet/">reverse engineer</a> most of the protocols, and a functional <a href="https://github.com/daniestevez/free-outernet">open source</a> receiver is now available. In this talk, I'll explain which modulation, coding and framing is used for the Outernet L-band signal, what are the ad-hoc network and transport layer used, how the file broadcasting system works, and some of the tools and techniques I have used to do reverse engineering. CC BY 4.0 false Daniel Estévez Description of the protocols used in Outernet free-outernet open source Outernet client gr-outernet GNUradio OOT module to receive the Outernet signal with an SDR PDF slides 2016-12-27T12:45:00+01:00 12:45 01:00 Saal 2 33c3-8127-how_do_i_crack_satellite_and_cable_pay_tv Security lecture en Follow the steps taken to crack a conditional access and scrambling system used in millions of TV set-top-boxes across North America. From circuit board to chemical decapsulation, optical ROM extraction, glitching, and reverse engineering custom hardware cryptographic features. This talk describes the techniques used to breach the security of satellite and cable TV systems that have remained secure after 15+ years in use. Analysis of, and low-cost attack techniques against, a conditional access and scrambling system used in tens of millions of TV set-top-boxes in North America. A case study of the low-cost techniques used by an individual hacker to successfully crack a major pay TV system.<br/> <br/> Topics include: <ul> <li> chemical decapsulation and delayering of ICs in acids, <li> microphotography and optical bit extraction of ROM, <li> binary analysis using IDA and homebrew CPU simulators, <li> datalogging and injection of SPI and serial TS data, <li> designing and using a voltage glitcher, <li> extracting secret keys from RAM of a battery-backed IC, <li> analyzing hardware-based crypto customizations, <li> studying undocumented hardware peripherals, <li> MPEG transport streams and non-DVB-standards, <li> QPSK demodulation, interleaving, randomization, FEC of OOB (out-of-band) cable data. </ul> The result is knowledge of the transport stream scrambling modes and knowledge of the conditional access system used to deliver keys. Strong and weak points are identified, advanced security features implemented nearly 20 years ago are compared to modern security designs. A softcam is designed and tested using free software, working for cable and satellite TV. CC BY 4.0 false Chris Gerlinsky 33C3 - How Do I Crack Satellite and Cable Pay TV slides (PDF) /system/events/logos/000/007/821/large/DROWN_logo.png?1472827263 2016-12-27T14:00:00+01:00 14:00 01:00 Saal 2 33c3-7821-the_drown_attack Breaking TLS using SSLv2 Security lecture en We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack. We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. We introduce two versions of the attack. The more general form exploits multiple unnoticed protocol flaws in SSLv2 to develop a new and stronger variant of the Bleichenbacher RSA padding-oracle attack. The victim client never initiates SSLv2 connections. We implemented the attack and can decrypt a TLS 1.2 handshake using 2048-bit RSA in under 8 hours, at a cost of $440 on Amazon EC2. Using Internet-wide scans, we find that 33% of all HTTPS servers and 22% of those with browser-trusted certificates are vulnerable to this protocol-level attack due to widespread key and certificate reuse. For an even cheaper attack, we apply our new techniques together with a newly discovered vulnerability in OpenSSL that was present in releases from 1998 to early 2015. Given an unpatched SSLv2 server to use as an oracle, we can decrypt a TLS ciphertext in one minute on a single CPU—fast enough to enable man-in-the-middle attacks against modern browsers. We find that 26% of HTTPS servers are vulnerable to this attack. This talk gives an overview on the DROWN vulnerability for the hacker community with some background information that didn’t make it to the paper. CC BY 4.0 false Sebastian Schinzel The DROWN attack 2016-12-27T16:00:00+01:00 16:00 00:30 Saal 2 33c3-7939-check_your_police_record Polizeiliche Datenbanken und was man über seinen Auskunfts- und Löschungsanspruch wissen sollte Ethics, Society & Politics lecture de Polizeibehörden und Geheimdienste sammeln Daten der Bürger – mehr als je zuvor. Der Bestand an unterschiedlichen Datenbanken ist enorm gewachsen und geradezu unübersichtlich geworden. Aufgrund datenschutzrechtlicher Regelungen gibt es für etliche dieser Datenbanken einen gesetzlichen Auskunftsanspruch des Bürgers. Gesetzlich geregelt sind auch die Fristen für die Löschung dieser Daten. Die Praxis zeigt aber, dass die Daten häufig erst gelöscht werden, wenn der betroffene Bürger eine Datenauskunft beantragt – Grund genug also, um dies massenhaft zu tun. Der Tonfall bei der Verkehrskontrolle ist zunächst freundlich. Nachdem aber die Personalien über das Polizeisystem überprüft wurden, sind die vorher freundlichen Beamten plötzlich ganz schön ruppig, der Kofferraum wird durchsucht, die Kontrolle dauert ohne erkennbaren Grund noch eine ganze Weile länger. Da muss es wohl noch eine alte Eintragung im Polizeicomputer geben, Widerstand gegen Vollstreckungsbeamte, Drogendelikte oder einfach den Personenbezogenen Hinweis (PHW) Straftäter linksmotiviert? Wer würde da nicht gerne wissen, was die Polizei und andere Behörden über ihn gespeichert haben? Das kann man wissen – mit einem Antrag auf Auskunft über die im POLIKS, POLAS, INPOL, Schengener Informationsystem (SIS) oder Mehrländer-Staatsanwaltschafts-Automation (MESTA) – um nur einige Datenbanken zu nennen – gespeicherten Daten. Hierzu braucht man jedoch einen Überblick, welche Behörde welche Daten erhebt, wo und wie die Anfrage gestellt werden muss und welche Besonderheiten es dabei jeweils zu beachten gilt. Da die Behörden genug personelle Kapazitäten einsetzen, um zu speichern, nicht aber, um nach Ablauf der Speicherfrist die gesetzlichen Löschungsvorschriften einzuhalten, wird häufig eine Löschung erst vorgenommen, wenn ein Antrag auf Datenauskunft gestellt wird. Der mündige Bürger sollte daher die über ihn gespeicherten Daten in den unterschiedlichen polizeilichen Datenbanken überprüfen. Der Vortrag wird zeigen, wo und wie das gemacht wird. CC BY 4.0 false RA Ulrich Kerner Beitrag auf der re:publica 2016 /system/events/logos/000/008/026/large/bias.jpg?1475005121 2016-12-27T16:45:00+01:00 16:45 00:30 Saal 2 33c3-8026-a_story_of_discrimination_and_unfairness Prejudice in Word Embeddings Science lecture en Artificial intelligence and machine learning are in a period of astounding growth. However, there are concerns that these technologies may be used, either with or without intention, to perpetuate the prejudice and unfairness that unfortunately characterizes many human institutions. We show for the first time that human-like semantic biases result from the application of standard machine learning to ordinary language—the same sort of language humans are exposed to every day. We replicate a spectrum of standard human biases as exposed by the Implicit Association Test and other well-known psychological studies. We replicate these using a widely used, purely statistical machine-learning model—namely, the GloVe word embedding—trained on a corpus of text from the Web. Our results indicate that language itself contains recoverable and accurate imprints of our historic biases, whether these are morally neutral as towards insects or flowers, problematic as towards race or gender, or even simply veridical, reflecting the status quo for the distribution of gender with respect to careers or first names. These regularities are captured by machine learning along with the rest of semantics. In addition to our empirical findings concerning language, we also contribute new methods for evaluating bias in text, the Word Embedding Association Test (WEAT) and the Word Embedding Factual Association Test (WEFAT). Our results have implications not only for AI and machine learning, but also for the fields of psychology, sociology, and human ethics, since they raise the possibility that mere exposure to everyday language can account for the biases we replicate here. There is no Alice and Bob in this talk. This talk is intended for an audience that genuinely cares for humanity and believes in equality while supporting fairness and acts against discrimination. This talk might not be interesting for folks who promote exclusion while discouraging diversity. Many of us have felt excluded in certain situations because of our gender, race, nationality, sexual orientation, disabilities, or physical appearance. This talk aims to communicate how big data driven machine learning is pushing the society towards discrimination, unfairness, and prejudices that harm billions of people every single day. This year, I will not talk about de-anonymizing programmers, re-identifying underground forum members, or anonymous writing. I will be talking about a human right, namely equality, and the issue of unfairness which happens to be embedded in machines that make decisions about our future, what we see and read, or whether we go to prison or not. Machine learning models are widely used for various applications that end up affecting billions of people and Internet users every day. Random forest classifiers guide the U.S. drone program to predict couriers that can lead to terrorists in Pakistan. Employers use algorithms, which might be racist, to aid in employment decisions. Insurance companies determine health care or car insurance rates based on machine learning outcomes. Internet search results are personalized according to machine learning models, which are known to discriminate against women by showing advertisements with lower salaries, while showing higher paying job advertisements for men. On the other hand, natural language processing models are being used for generating text and speech, machine translation, sentiment analysis, and sentence completion, which collectively influence search engine results, page ranks, and the information presented to all Internet users within filter bubbles. Given the enormous and unavoidable effect of machine learning algorithms on individuals and society, we attempt to uncover implicit bias embedded in machine learning models, focusing particularly on word embeddings. We show empirically that natural language necessarily contains human biases, and the paradigm of training machine learning on language corpora means that AI will inevitably imbibe these biases as well. We look at “word embeddings”, a state-of-the-art language representation used in machine learning. Each word is mapped to a point in a 300-dimensional vector space so that semantically similar words map to nearby points. We show that a wide variety of results from psychology on human bias can be replicated using nothing but these word embeddings. We primarily look at the Implicit Association Test (IAT), a widely used and accepted test of implicit bias. The IAT asks subjects to pair concepts together (e.g., white/black-sounding names with pleasant or unpleasant words) and measures reaction times as an indicator of bias. In place of reaction times, we use the semantic closeness between pairs of words. In short, we were able to replicate every single implicit bias result that we tested, with high effect sizes and low p-values. These include innocuous, universal associations (flowers are associated with pleasantness and insects with unpleasantness), racial prejudice (European-American names are associated with pleasantness and African-American names with unpleasantness), and a variety of gender stereotypes (for example, career words are associated with male names and family words with female names). We look at nationalism, mental health stigma, and prejudice towards the elderly. We also look at word embeddings generated from German text to investigate prejudice based on German data. We do not cherry pick any of these IATs, they have been extensively performed by millions of people from various countries and they are also available for German speakers (https://implicit.harvard.edu/implicit/germany/). We go further. We show that information about the real world is recoverable from word embeddings to a striking degree. We can accurately predict the percentage of U.S. workers in an occupation who are women using nothing but the semantic closeness of the occupation word to feminine words! These results simultaneously show that the biases in question are embedded in human language, and that word embeddings are picking up the biases. Our finding of pervasive, human-like bias in AI may be surprising, but we consider it inevitable. We mean “bias” in a morally neutral sense. Some biases are prejudices, which society deems unacceptable. Others are facts about the real world (such as gender gaps in occupations), even if they reflect historical injustices that we wish to mitigate. Yet others are perfectly innocuous. Algorithms don’t have a good way of telling these apart. If AI learns language sufficiently well, it will also learn cultural associations that are offensive, objectionable, or harmful. At a high level, bias is meaning. “Debiasing” these machine models, while intriguing and technically interesting, necessarily harms meaning. Instead, we suggest that mitigating prejudice should be a separate component of an AI system. Rather than altering AI’s representation of language, we should alter how or whether it acts on that knowledge, just as humans are able to learn not to act on our implicit biases. This requires a long-term research program that includes ethicists and domain experts, rather than formulating ethics as just another technical constraint in a learning system. Finally, our results have implications for human prejudice. Given how deeply bias is embedded in language, to what extent does the influence of language explain prejudiced behavior? And could transmission of language explain transmission of prejudices? These explanations are simplistic, but that is precisely our point: in the future, we should treat these as “null hypotheses’’ to be eliminated before we turn to more complex accounts of bias in humans. CC BY 4.0 false Aylin Caliskan Semantics derived automatically from language corpora necessarily contain human biases A Story of Discrimination and Unfairness Blogpost News Article #1 News Article #2 Slides /system/events/logos/000/007/966/large/C3.gif?1481205280 2016-12-27T17:30:00+01:00 17:30 00:30 Saal 2 33c3-7966-geolocation_methods_in_mobile_networks Ethics, Society & Politics lecture en This talk presents the results of the technical analysis for the German Parliamentary Committee investigating the NSA spying scandal on geolocation methods in mobile networks. Which data are required to localize a mobile device? Which methods can be applied to accurately assess the geolocation? How can a single drone with a flight altitude of a few kilometers determine the position of a mobile device? Which role have mobile network operators in geolocation? In my talk I will provide solid answers to these and related questions. CC BY 4.0 false Erik Informatik-Gutachten: Eine Telefonnummer ist ausreichend, um eine Person mit einer Drohnen-Rakete zu treffen file Slides /system/events/logos/000/008/076/large/SaveDtheinternet.jpg?1475159463 2016-12-27T18:15:00+01:00 18:15 00:30 Saal 2 33c3-8076-make_the_internet_neutral_again Let's put the new EU Net Neutrality rules to work Ethics, Society & Politics lecture en After three years the EU has for the first time new Net Neutrality rules. What do they mean in practice? Which commercial practices by ISPs are allowed and which have to be punished by the telecom regulator. We give an overview about three years of campaign and where we go from here. As part of the Savetheinternet.eu coalition, we fought hard over three years in all stages of the legislative and regulatory process to make the new Net Neutrality protections as strong as possible. We explain our tactics and goals for this campaign of 32 NGOs from 14 countries that managed to submit half a million comments to the European Regulators, BEREC. This talk focusess on the pracitcal implications of the new rules and which types of potential network discrimination are prohibited, disputed or allowed. We explain how enforcement is working in different countries and what you can do to put these new rules into practice and extinguish Net Neutrality violations by your ISP. A core component in this fight is the platform RespectMyNet.eu. Users can submit Net Neutrality violations on this website and thereby give them visibility and allow others to confirm, discuss and act upon them. As BEREC guidelines will be regurlaly reviewed this tool is of utmost importance to track the implementation of Net Neutrality rules as well as commercial practices by ISPs and mobile operators. RespectMyNet lived different lives, one of our current tasks is to make the tool and the submissions fit the new BEREC Guidelines in order to provide an easy to use and efficient tool for net neutrality activists in Europe. Let's protect the Internet as an open, free and neutral platform with the new rules the EU has given us. CC BY 4.0 false Thomas Lohninger Christopher Talib RespectMyNet.eu Savetheinternet.eu /system/events/logos/000/008/288/large/logo.png?1475269239 2016-12-27T19:00:00+01:00 19:00 00:30 Saal 2 33c3-8288-bonsai_kitten_waren_mir_lieber_-_rechte_falschmeldungen_in_sozialen_netzwerken Wie mit Gerüchten über Geflüchtete im Netz Stimmung gemacht wird Ethics, Society & Politics lecture de Auf der Hoaxmap werden seit vergangenem Februar Gerüchte über Geflüchtete und deren Widerlegungen gesammelt, sortiert und in Kartenform präsentiert. Die Themen sind dabei so vielfältig wie die Erzählformen. Nach einem knappen Jahr Arbeit an der Karte wollen wir ein Zwischenfazit ziehen und einen Blick auf die Gerüchte, ihre Verbreiter*innen und deren Vorgehen werfen. Seit im Sommer des letzten Jahres die Zahl der Geflüchteten in der Bundesrepublik anstieg, sind vermehrt Gerüchte und auch Falschmeldungen über Asylbewerber*innen und Migrant*innen im Umlauf. Die Hoaxmap hat sich des Phänomens angenommen und stellt gesammelte Gerüchte und ihre Widerlegungen auf einer Karte dar. Und deren Spannbreite ist groß. Die Themen umfassen angebliche Kriminalität ebenso wie vermeintliche Sozialleistungen. Und auch ihre Form beschränkt sich nicht auf Facebook-Posts und klassische Stammtischgespräche, wie ein Blick auf die gesammelten Daten zeigt. Im Talk wollen wir außerdem der Frage nachgehen, wer die Akteure sind, die Gerüchte verbreiten oder gar erst in die Welt setzen. An Beispielen werden wir betrachten, welche politische Wirkung Gerüchte entfalten können und womöglich auch sollen. Wir möchten aber auch zeigen, wie einfach es zumindest auf technischer Ebene ist, mit Werkzeugen, die das Netz zur Verfügung stellt, gegen rassistische Zerrbilder vorzugehen. CC BY 4.0 false fraulutz NoAverageRobot Hoaxmap @hoaxmap auf Twitter /system/events/logos/000/008/344/large/game_over_1.png?1481818206 2016-12-27T20:30:00+01:00 20:30 01:00 Saal 2 33c3-8344-nintendo_hacking_2016 Game Over Security lecture en This talk will give a unique insight of what happens when consoles have been hacked already, but not all secrets are busted yet. This time we will not only focus on the Nintendo 3DS but also on the Wii U, talking about our experiences wrapping up the end of an era. We will show how we managed to exploit them in novel ways and discuss why we think that Nintendo has lost the game. As Nintendo's latest game consoles, the 3DS and Wii U were built with security in mind. While both have since been the targets of many successful attacks, certain aspects have so far remained uncompromised, including critical hardware secrets. During this talk, we will present our latest research, which includes exploits for achieving persistent code execution capabilities and the extraction of secrets from both Wii U and 3DS. Basic knowledge of embedded systems, CPU architectures and cryptography is recommended, though we will do our best to make this talk accessible and enjoyable to all. We also recommend watching the recording of last year's C3 talk called "Console Hacking - Breaking the 3DS". CC BY 4.0 false derrek nedwill naehrwert 2016-12-27T21:45:00+01:00 21:45 01:00 Saal 2 33c3-8348-deploying_tls_1_3_the_great_the_good_and_the_bad Improving the encrypted the web, one round-trip at a time Security lecture en Transport Layer Security (TLS) 1.3 is almost here. The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions in detail, focusing on the security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption. At Cloudflare we will be the first to deploy TLS 1.3 on a wide scale, and we’ll be able to discuss the insights we gained while implementing and deploying this protocol. Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. A lot has changed between 1.2 (2008) and 1.3. At the a high level, 1.3 saves a round-trip, making most connections much faster to establish. We'll see how the 1.2 handshake worked, and what had to change to enable 1-RTT handshakes. But even more importantly, the 1.3 design shifted towards putting robustness first. Anything that is not strictly necessary to the main function of TLS was removed (compression, renegotiation); choices of suboptimal security aren't offered at all (static RSA, CBC, RC4, SHA1, MD5); secure, easy to implement designs are introduced or privileged (RSA-PSS, AEAD implicit nonces, full handshake signatures, Curve25519, resumption forward secrecy). We will go into the why and how of all of these. But two major trade-offs had to be made: first, 1-RTT handshakes inherently prevent the introduction of encrypted domain names (SNI). We'll see why and what can replace them to provide similar privacy. Most interestingly, 1.3 comes with 0-RTT resumption. The catch there is that the protocol itself provides no complete protection against replay attacks. We'll unpack the problem, see what mitigations are available, what the risks and attacks are and how that requires careful API design and deployment. Finally, deployment hasn't been entirely smooth. Many servers out there turned out to be intolerant to 1.3 clients. We'll see what this causes, how it was worked around, and how downgrade protection provides defense in depth. TLS 1.3 is not in the distant future. The draft is almost finalized, and at Cloudflare we developed an open source stack in Go and support the protocol in beta for all websites. Chrome Canary and Firefox Nightly implement 1.3 clients. CC BY 4.0 false Filippo Valsorda Nick Sullivan 2016-12-27T23:00:00+01:00 23:00 01:00 Saal 2 33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet Finding interesting targets in 128bit of entropy Security lecture en In this talk we will explore and present various IPv6 scanning techniques that allow attackers to peek into IPv6 networks. With the already known difference between IPv4 and IPv6 firewalling (the latter is worse... ) we then demonstrate how these techniques can be combined and used to obtain a large-scale view on the state of IPv6 in infrastructures and data centers. To give the whole issue a somewhat more fun dimension, we will also look at some (security) sensitive applications of this technique. Complimentary code-snippets will be provided. Scanning networks is a basic tool for security researchers. Software misconfiguration like with unprotected key-value stores and software bugs like heartbleed are analyzed and investigated in the wild using scanning of networks. At least since the rise of zMap, scanning the I---Pv4---nternet has become a rather simple endeavour. When one happens to be at a conference that tends to supply 1gE or 10gE ports on the access layer, scanning the Internet can be done in 60-10 Minutes. Scanning the 2^32 possible addresses (with certain limitations) of IPv4 has become cheap. However, the small searchspace of IPv4 that makes it so scannable is also what renders it increasingly obsolete. To overcome this issue, IPv6 was designed. Along with IPv6 we receive a theoretical maximum of 2^128 different addresses. Scanning this larger space is a challenge that---so far---has been mostly approached by researchers. Specifically, not security but network measurement researchers. Their works usually focus on having access to large datasets of IPv6 addresses, the most famous ones using the access logs of a large CDN. With the average nerd lacking a small enterprise scale CDN in the basement, we set out to utilize other techniques for enumerating IPv6 that only utilizes public data sources. Following RFC7707, we found various interesting candidate techniques. Especially probing the PTR sets of IPv6 networks sounded promising. However, when implementing the techniques, we had to realize that these were not yet ready to be used on a global scale. During the last couple of months we discovered pitfalls, adjusted the tools and ran enumerations. In this talk we will present the approaches we used to enumerate IPv6. From this presentation, the average person in the audience should be able to easily implement these tools for them self---with subsequent "spasz am geraet". Furthermore, we will present anecdotes, case-studies and investigations on the data we gathered so far. This includes peeks into transit networks of large ISPs, datacenters of global cloud providers and a suprisingly high amount of things one would not expect (or hope to be) on the Internet. CC BY 4.0 false Tobias Fiebig 2016-12-27T11:30:00+01:00 11:30 01:00 Saal G 33c3-8044-what_could_possibly_go_wrong_with_insert_x86_instruction_here Side effects include side-channel attacks and bypassing kernel ASLR Security lecture en Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputting a result. However, the internal state of the hardware leaks information about the programs that are executing. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. Beyond classical cache-based side-channel attacks, we demonstrate how to perform cache attacks without a single memory access, as well as how to bypass kernel ASLR. This talk does not require any knowledge about assembly. We promise. When hunting for bugs, the focus is mostly on the software layer. On the other hand, hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are running. Unlike software bugs, these bugs are not easy to patch on current hardware, and manufacturers are also reluctant to fix them in future generations, as they are tightly tied with performance optimizations. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. The most studied microarchitectural attacks are beyond doubt cache attacks. Indeed, the timing of a memory access depends heavily on the state of the CPU cache. But beyond memory accesses that are the base of classical cache-based side-channel attacks, other x86 instructions leak information about the internal state of the hardware, and thus about running programs. First, we present side channels caused by the "clflush" instruction, that flushes all content of the cache. We will explain how it can be used to perform side-channel attacks that are faster and stealthier than their classical counterpart, without performing so much as a single memory access [1]. Second, we present side channels caused by the prefetch instructions. We will explain how these instructions can be used to translate virtual addresses to physical addresses - without the use of the proc interface that is restricted today -, and to bypass kernel ASLR [2]. This talk does not require any knowledge about assembly. We promise. The talk will be given as a joint presentation by Clémentine Maurice and Moritz Lipp. [1] Daniel Gruss, Clémentine Maurice, Klaus Wagner and Stefan Mangard, "Flush+Flush: A Fast and Stealthy Cache Attack", DIMVA 2016 [2] Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard, "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR", CCS 2016 CC BY 4.0 false Clémentine Maurice Moritz Lipp Slides /system/events/logos/000/008/338/large/XTRX_in_hands.jpg?1479260196 2016-12-27T12:45:00+01:00 12:45 01:00 Saal G 33c3-8338-building_a_high_throughput_low-latency_pcie_based_sdr Lessons learnt implementing PCIe on FPGA for XTRX Software Defined Radio Hardware & Making lecture en Software Defined Radios (SDRs) became a mainstream tool for wireless engineers and security researches and there are plenty of them available on the market. Most if not all SDRs in the affordable price range are using USB2/USB3 as a transport, because of implementation simplicity. While being so popular, USB has limited bandwidth, high latency and is not really suitable for embedded applications. PCIe/miniPCIe is the only widespread bus which is embedded friendly, low latency and high bandwidth at the same time. But implementing PCIe/miniPCIe is not for the faint of heart - you have to write your own FPGA code, write your own Linux kernel driver and ensure compatibility with different chipsets, each with its own quirks. In this talk we will look at the requirements for a high performance SDR like XTRX, how this leads to certain design decisions and share pitfalls and gotchas we encountered (and solved). We've been working with SDRs since 2008 and building own SDRs since 2011, focusing on embedded systems and mobile base stations. We created ClockTamer configurable clock source and UmTRX SDR and built a complete base station (UmSITE) to run OpenBTS and later Osmocom GSM stacks. This year we've started working on a new tiny high-performance SDR called XTRX which fits into the miniPCIe form-factor and using PCIe for the I/Q samples transfer. We will talk about when to use PCIe and when not to use PCIe and why did we choose it for XTRX; FPGA implementation of PCIe with optimization for low latency and high throughput; Linux kernel driver for this PCIe device; integration with various SDR platforms; all the various issues we encountered and how you can avoid them. CC BY 4.0 false Alexander Chemeris Sergey Kostanbaev XTRX blog /system/events/logos/000/008/262/large/Cms_logo.jpg?1475263992 2016-12-27T14:00:00+01:00 14:00 01:00 Saal G 33c3-8262-zwischen_technikbegeisterung_und_kritischer_reflexion_chaos_macht_schule CCC lecture de Die Lebenswelt von Kindern und Jugendlichen sowie die der Schulen könnte in Bezug auf die Digitalisierung kaum gegensätzlicher sein: Schülerinnen und Schüler leben und entfalten sich begeistert in der digitalen Welt, aber die Schule ist kaum in der Lage, Schülern ihre drängenden Fragen rund um die komplexe digitale Welt zu beantworten. In unserem Talk möchten wir anhand unserer Erfahrungen aus dem Projekt "Chaos macht Schule" u.a. diskutieren, wie man die heranwachsende Generation u. a. für Themen wie Datenschutz und Überwachung sensibilisieren und gleichzeitig Technikbegeisterung bei jungen Menschen fördern kann. Die Lebenswelt von Kindern und Jugendlichen sowie die der Schulen könnte in Bezug auf die Digitalisierung kaum gegensätzlicher sein. Schülerinnen und Schüler leben und entfalten sich begeistert in der digitalen Welt, während am Großteil der Schulen weder die Technik vorhanden ist noch die Lehrkräften dafür ausgebildet wurden bzw. die Lehrpläne genügend Raum lassen, Schülern ihre drängenden Fragen rund um die komplexe digitale Welt zu beantworten. Als Bundesbildungsministerin Johanna Wanka im Oktober ihren Plan äußerte, 2017 fünf Milliarden Euro für die digitale Ausstattung an Schulen bereitstellen zu wollen, folgte direkt laute Kritik vom Präsidenten des Lehrerverbandes Josef Kraus. Vor diesem Hintergrund verwundert es kaum, wenn Frank Rieger und Rop Gonggrijp vor elf Jahren in ihrem vielbeachteten Talk "We lost the war“ beklagten, dass es uns nicht gelungen sei, unsere Themen in der Gesellschaft zu verankern. Auch heute noch gibt es nur vereinzelte Ansätze, Jugendliche an Themen der Medienkompetenz, Technikgestaltung und gesellschaftlichen Relevanz heranzuführen. Im Rahmen des Projektes "Chaos macht Schule" besuchen Mitglieder des CCCs seit mittlerweile ca. 10 Jahren Bildungseinrichtungen für Workshops zu technischen Themen (z.B. Programmierung, Löten etc.) als auch zu gesellschaftlichen (z.B. Datenschutz, Überwachung) mit dem Ziel, Medienkompetenz und Technikverständnis zu fördern. Mit "Chaos macht Schule“ möchten wir diese Themen, die über reine Programmierkenntnisse hinausgehe, weiter in die Gesellschaft tragen. In unserem Talk möchten wir anhand unserer Erfahrungen betrachten, wie man die heranwachsende Generation u. a. für Themen wie Datenschutz und Überwachung sensibilisieren und gleichzeitig die Technikbegeisterung der jungen Menschen fördern kann. Wir erörtern, warum wir es auch für eine Bereicherung für die Hacker-Community halten, in die Schulen zu gehen. Außerdem möchten wir Tipps geben, was man selbst tun kann, die Hacker-Ethik über die junge Generation in die Gesellschaft zu tragen. CC BY 4.0 false benni Dorina Chaos macht Schule 22C3: We lost the war /system/events/logos/000/007/958/large/rundgaenge001_detail_thump.jpg?1479331460 2016-12-27T16:00:00+01:00 16:00 00:30 Saal G 33c3-7958-space_making_space_shaping How mapping creates space, shapes cities and our view of the world. Science lecture de What are the politics and aesthetics of mapping? An introduction how cartography shapes cities and landscapes, creates borders and determines the perception of our environment. How an evolving mix of high-resolution satellite imagery, algorithm-based mappings and the huge amount of data of digitized cities will enhance these effects? And in contrast, how can maps be designed, that question the “objectivity” and “correctness” of conventional cartography? While digital communication gets ubiquitous, maps play an important role in the formation and mediation of physical space. A view back to earlier stages of development from the Da Vinci maps in the 15th century, the world-exploring and world-conquering by cartographic techniques in the area of colonialism in the late 19th, the emergence of photorealistic mapping (aerial and satellite photography) in the 20th century will provide some ideas of the power of maps and its impacts on society. With the Aspen Movie Map and its widespread successor Google Street View there is a decisive change of perspective going on (from bird‘s eye view to street level) that will lead to new, more intense forms of immersion by the use of maps. Maps shapeshift into navigational screens, we are using digital maps while our devices map our movements in the same time. With a view ahead, I‘ll try to find out which mapping algorithms are developed, which kind of images latest satellites with high-resolution 3D capabilities will create and what maps the researchers of Silicon Valley and the automotive industry want to fabricate – and thus new aesthetics and politics of mappings. In contrast to this I will follow the question how other views can be created by antagonistic maps, that question the brutal “objectivity” and shiny “correctness” of computer-generated maps and that tell different stories from the perspective of the inhabitants living in those mapped cities and landscapes. CC BY 4.0 false Ulf Treger 2016-12-27T16:45:00+01:00 16:45 00:30 Saal G 33c3-8388-kampf_dem_abmahnunwesen Wider die automatisierte Rechtsdurchsetzung CCC lecture de Im Spannungsfeld zwischen der Vorderfront der Computertechnik und einem Spezialbereich des Urheberrechts hat sich eine Industrie eine Nische geschaffen, in der sie durch Hochspezialisierung und Automatisierung ein einträgliches Geschäft aufgezogen haben. Dabei nehmen sie als Kollateralschaden in Kauf, dass Unschuldige durch die Drohkulisse zum Zahlen bewegt und zum Schließen ihres offenen Netzwerks gebracht werden. Wir beschreiben, was man dagegen tun kann und was wir dagegen schon getan haben. Probleme: • Die Abmahnungen sind fein austariert, um das Kostenrisiko für eigene Auslagen für fast jeden Schritt beim Abgemahnten zu belassen. • Die Anschreiben sind technisch und juristisch komplex und der einzig “überschaubare” Pfad ist der Überweisungsträger, zudem ist die Frist auf Einschüchterung angelegt. • Die Abmahner können beliebig bis kurz vor Verjährung warten, um den Fall am Leben zu halten, es gibt bis zur Feststellung keine Sicherheit. • Die Abmahner können sich auf bewährte Textbausteine, fachlich überforderte Richter und (bis zuletzt) den fliegenden Gerichtsstand mit dem Anliegen wohl gesonnenen Richtern stützen. • Dazu kommt verunsichernde Rechtssprechung beim BGH, was Störerhaftung betrifft. • Die Abmahner können sich darauf verlassen, dass eine Solidarität unter den Abgemahnten faktisch nicht besteht und Fälle mit Aussicht auf ungünstige Präzedenzen noch außergerichtlich beilegen. Quasi kein normaler Abgemahnter hat Lust, das Verfahren durch eine negative Feststellungsklage abschließend zu klären. • Aber erst durch das Risiko, die Auslagen für eine große Zahl von Fällen selber tragen zu müssen, in denen sich die Abgemahnten mit potentiell kostspieligen Strategien wehren, kann dem industriell betriebenen Abmahnen Grenzen aufzeigen. • Problem ist dabei, dass bei einer Abmahnung grundsätzlich “jeder trägt seins” gilt, was für den normal nicht Rechtsschutzversicherten mit Blick auf das RVG eine ganz eigene gefährliche Mathematik eröffnet • UrhG sagt, dass der Abmahner die Spesen des Abgemahnten nur selber tragen muss, wenn er die Unrechtmäßigkeit der Abmahnung hätte erkennen müssen. Bis dahin ist es für den Abmahner leichtes und risikoloses Spiel, erstmal groß abzumahnen und im Zweifel zurückzuziehen • Hier versucht der Abmahnbeantworter, Hilfe zu schaffen, indem er eine Erstverteidigung ermöglicht, ohne Kosten zu verursachen. false Beata Hubrig erdgeist /system/events/logos/000/008/024/large/rz_lego-techy_quad.jpg?1474989825 2016-12-27T17:30:00+01:00 17:30 00:30 Saal G 33c3-8024-routerzwang_und_funkabschottung Was Aktivisten davon lernen können Ethics, Society & Politics lecture de Nach drei Jahren wurde endlich die nutzerunfreundliche Praxis des Routerzwangs („Compulsory Routers“) gesetzlich für unzulässig erklärt, und aktuell treibt uns die EU-Funkabschottung („Radio Lockdown Directive“) um. Um was geht es dabei? Und was können wir daraus für andere Fälle lernen? Im Vortrag wird klar werden, warum politischer Aktivismus so wichtig ist und dass er eigentlich gar nicht so schwer ist, wenn man ein paar Dinge beachtet. Es hat drei Jahre gebraucht, um die nutzerunfreundliche Praxis des Routerzwangs endlich gesetzlich für ungültig zu erklären. Diese ermöglicht es Internetanbietern, ihren Kunden ein Endgerät aufzuzwingen, auf das sie nur geringen Einfluss nehmen können. Schlimmer noch: Will man einen eigenen Router anschließen, etwa weil man bestimmte technische Dienste benötigt, Geräte auf Basis Freier Software bevorzugt oder ein stromsparenderes Modell einsetzen möchte, ist dies bei vielen Anbietern entweder gar nicht möglich oder man wird bei Support-Anfragen diskriminiert. Dieses Verhalten von Providern ist in vielerlei Hinsicht höchst problematisch, da es hohe Sicherheitsrisiken für Nutzer birgt, fairen Wettbewerb verzerrt und den technologischen Fortschritt hemmt. Und seit einigen Monaten steht die EU-Richtlinie für Funkabschottung auf unserer Agenda, die möglicherweise schon bald die Nutzung und Entwicklung von Freier Software auf allen Geräten, die in irgendeiner Art Funkwellen verwenden, enorm einschränkt. Die Free Software Foundation Europe, für die der Referent Max Mehl arbeitet, hat schon seit den ersten Debatten vor über drei Jahren gegen den Routerzwang angekämpft und dabei viele Erfahrungen gesammelt. In Zusammenarbeit mit Freie-Software-Entwicklern, Organisationen wie dem Chaos Computer Club oder Digitalcourage sowie mit Endgeräteherstellern, Verbänden und Politik ist es gelungen, den Routerzwang gesetzlich offiziell ab Sommer 2016 zu beenden. Ein wesentlicher Grund für den Erfolg der Initiative war die Einigkeit innerhalb der Allianz gegen den Routerzwang, dass dieses Problem nur politisch gelöst werden kann. Technisch gäbe es für einige der aufgelisteten Kritikpunkte sicherlich kurzfristig Lösungen, doch aus Erfahrung wissen wir, dass das ein Kampf gegen Windmühlen wäre und sich das Grundproblem nur weiter verfestigen würde. Dasselbe Ziel verfolgen wir auch für die Funkabschottung. Der Referent will daher dazu ermutigen, dass sich mehr Menschen für politische Lösungen von ähnlichen Missständen einsetzen. Dazu wird er zum einen den Verlauf des Routerzwangs kurz zusammenfassen und dann anhand dessen skizzieren, wie ähnliche Probleme – im großen wie im kleinen Maßstab – angegangen werden können: unter anderem durch ausführliche Informationsbeschaffung, den Aufbau von Kontakten, gute Kommunikation und das Aufbauen von Allianzen. Währenddessen wird klar werden, dass man für erfolgreichen politischen Aktivismus kein Hauptzeitlobbyist sein muss, sondern Vielfältigkeit sogar von Vorteil ist. Bildcredit: Konrad Twardowski, CC BY-SA 2.0 CC BY 4.0 false Max Mehl Informationen zum Routerzwang Informationen zur Funkabschottung Slides (German) 2016-12-27T18:15:00+01:00 18:15 01:00 Saal G 33c3-8014-untrusting_the_cpu A proposal for secure computing in an age where we cannot trust our CPUs anymore Security lecture en It is a sad fact of reality that we can no longer trust our CPUs to only run the things we want and to not have exploitable flaws. I will provide an proposal for a system to restore (some) trust in communication secrecy and system security even in this day and age without compromising too much the benefits in usability and speed modern systems provide. CPUs have not only massively grown in complexity in the last years, they have unfortunately also spawned a slew of proprietary vendor subsystems that execute unauditable code beyond our control (TrustZone, Intel ME etc.). There are some projects attempting to mitigate this issue somewhat by running less unauditable code (Coreboot, Novena etc.), but in the long run even using those we are still at the whims of some very large corporations which can decide whether or not we still have control over the systems we own. In this talk, I propose an alternative approach to regain privacy and security on our systems. Instead of trying to fix our CPUs by reverse-engineering large amounts of proprietary blobbiness, I propose we move as much sensitive data as possible out of these compromised systems. In practice, the architecture I propose places a trusted interposer into the compromised system's display bus (LVDS, (e)DP or HDMI) that receives in-band control data containing intact ciphertext (read: PGP/OTR encoded into specially formatted RGB pixel data) and that transparently decrypts, verifies and renders the decrypted data into the pixel data stream. The resulting system looks almost identical from a user-interface perspective, but guarantees plaintext message data is never handled on the compromised host CPU while all the juicy computational power and fancy visual effects that one provides remain intact. I will outline the implementation problem areas of this approach and some possible solutions for them. I will also provide an analysis of this system from a privacy and security perspective. CC BY 4.0 false jaseg 2016-12-27T20:30:00+01:00 20:30 01:00 Saal G 33c3-7911-make_wi-fi_fast_again Eine kleine Einführung in den 802.11ac Standard Hardware & Making lecture de Mit steigendem Datenaufkommen und einer immer größer werdenden Zahl von Geräten muss auch das WLAN wachsen. Nach "ur WiFi sucks!!1!" ist dieser Talk eine kleine Einführung in die Neuerungen, welche mit dem 802.11ac-Standard gekommen sind und gibt eine Erklärung, wie sie funktionieren. Seit 2013 der 802.11ac-Standard veröffentlicht wurde, haben die Hersteller schon viele Geräte hergestellt, welche das neue "Gigabit"-WLAN unterstützen. Aber was ist das eigentlich? Warum ist es so viel schneller? Was ist eigentlich dieses "MultiUser-MIMO" und wie funktioniert eigentlich dieses Beamforming? In diesem Talk werden alle Fragen behandelt und ein Grundverständnis über die Funktionalität und den Aufbau des Standards vermittelt. Zusätzlich schauen wir auf die praktischen Vorteile, die sich für eine WLAN-Installation bieten und was man als Hersteller bei der Entwicklung der AccessPoints falsch machen kann. CC BY 4.0 false Hendrik Lüth Talk "ur WiFi sucks!!1!" auf der GPN 2016-12-27T21:45:00+01:00 21:45 01:00 Saal G 33c3-7964-where_in_the_world_is_carmen_sandiego Becoming a secret travel agent Security lecture en Travel booking systems are among the oldest global IT infrastructures, and have changed surprisingly little since the 80s. The personal information contained in these systems is hence not well secured by today's standards. This talk shows real-world hacking risks from tracking travelers to stealing flights. Airline reservation systems grew from mainframes with green-screen terminals to modern-looking XML/SOAP APIs to access those same mainframes. The systems lack central concepts of IT security, in particular good authentication and proper access control. We show how these weaknesses translate into disclosure of traveler's personal information and would allow several forms of fraud and theft, if left unfixed. CC BY 4.0 false Karsten Nohl Nemanja Nikodijevic Slides 2016-12-27T23:00:00+01:00 23:00 01:00 Saal G 33c3-8143-woolim_lifting_the_fog_on_dprk_s_latest_tablet_pc Ethics, Society & Politics lecture en Last year we have been talking about DPRK’s operating system Red Star OS and its surveillance features. We have identified a watermarking mechanism and gave an insight on the internals of the operating system itself. This year we will be talking about one of DPRK’s Tablet PCs, called Woolim. The tablet PC contains a similar watermarking mechanism that can be used to track and prevent the distribution of unwanted media files in a more advanced and effective way. In addition, Woolim contains a remarkable hardening and jails the user to protect the integrity of the system. The tablet itself and the Apps that are preinstalled provide a rare insight into DPRK’s development in the IT sector. We will lift the fog on the internals of Woolim and provide a deep dive into the internals of the tablet PC. Over the past years DPRK released several different tablet PCs. This talk will focus on what seems to be the latest device called Woolim (울림), which is the Korean word for „echo“. It was build in late 2015 and the device is an outstanding piece of technology designed to jail users to predefined functionality and track the user's behavior. We will start by giving an introduction to the hardware specifications of the tablet. The device is equipped with a wide variety of applications. Users are able to read and create documents, watch movies, visit websites and play games. There are also a bunch of dictionaries on the device. We will give an introduction to the most interesting applications and features of the tablet. The applications that come with Woolim give a rare insight into how technology is used and distributed in DPRK. All of the applications on Woolim have been touched by DPRK, even games like Angry Birds have been modified. The features implemented to jail the user and protect the integrity of the system will also be in focus for this talk. We have published a detailed analysis of a watermarking mechanism in DPRK’s Red Star OS last year, speculating that the code in Red Star OS already contains some preparations for a far more sophisticated watermarking mechanism. We have identified such advanced mechanisms in Woolim and will give a technical insight on how they prevent distribution of unwanted media more effectively. DPRK continues to develop surveillance technology that is hidden inside consumer hardware. It’s goal seems to be to enable total control of it’s users in terms of tracking the distribution of media files and preventing unwanted information in the DPRK ecosystem. Implementing such features into smartphones or tablet PCs like Woolim allows even more effective surveillance of DPRK citizens. Therefore, we will try to shed some light on the privacy invading features of Woolim. CC BY 4.0 false Florian Grunow Niklaus Schiess Manuel Lubetzki 2016-12-27T11:30:00+01:00 11:30 01:00 Saal 6 33c3-8167-everything_you_always_wanted_to_know_about_certificate_transparency (but were afraid to ask) Security lecture en Certificate transparency - what is it, and what can be done with it? Certificate Transparency is the new kid on the block of TLS. Specified as RFC6962 it is designed to prevent fraudulently issued TLS certificates, and detect wrongdoing from Certificate Authorities. This talk will present Certificate Transparency in full details. Beginning from the attacks it prevents, key players and threat models, we will dive into the public data that is readily available and present ideas how to enhance its ecosystem as a whole. CC BY 4.0 false Martin Schmiedecker Slides 2016-12-27T12:45:00+01:00 12:45 01:00 Saal 6 33c3-7858-exploiting_php7_unserialize teaching a new dog old tricks Security lecture en PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions. However, the language has gone through extensive changes and none of previous exploitation techniques are relevant. In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and present re-usable primitives for remote exploitation of these vulnerabilities. PHP is the most prominent web server-side language used today. Although secure coding practices are used when developing in PHP, they can’t mitigate vulnerabilities in the language itself. Since PHP is written in C, it is exposed to vulnerabilities found in projects written in a low-level language, such as memory-corruption vulnerabilities, which are common when manipulating data formats. PHP-7 is a new implementation of the language, and while memory corruption bugs exist in this version as well, none of the exploitation primitives from the previous version are working (e.g. @i0n1c presentation from BH2010). In this talk, I will discuss the memory internals of PHP7 from exploiter and vulnerability researcher's perspective, explain newly found vulnerabilities in the unserialize mechanism and demonstrate how to exploit this class of bugs in PHP-7 presenting re-usable primitives. The internals of the language implementation changed quite dramatically, and now it’s harder to find and exploit memory corruption bugs. The new zval system prefers embedding over pointing to members and the allocation mechanism has gone through a complete re-write, removing metadata. The overall result is less primitives and less control over crafted data. unserialize is a data manipulation and object instantiation mechanism in PHP which is prone to memory corruption vulnerabilities. For the first time, we have managed to implement a remote exploit of a real world bug in PHP-7unserialize mechanism. CC BY 4.0 false Yannay Livneh pdf outlining the exploitation primitives which will be discussed /system/events/logos/000/008/195/large/icon.jpg?1482789163 2016-12-27T14:00:00+01:00 14:00 01:00 Saal 6 33c3-8195-predicting_and_abusing_wpa2_802_11_group_keys Security lecture en We analyze the generation and management of WPA2 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typical Wi-Fi network. First we show that the 802.11 random number generator is flawed by design, and provides an insufficient amount of entropy. This is confirmed by predicting randomly generated group keys on several platforms. We then examine whether group keys are securely transmitted to clients. Here we discover a downgrade attack that forces usage of RC4 to encrypt the group key when transmitted in the 4-way handshake. The per-message RC4 key is the concatenation of a public 16-byte initialization vector with a secret 16-byte key, and the first 256 keystream bytes are dropped. We study this peculiar usage of RC4, and find that capturing 2 billion handshakes can be sufficient to recover (i.e., decrypt) a 128-bit group key. We also examine whether group traffic is properly isolated from unicast traffic. We find that this is not the case, and show that the group key can be used to inject and decrypt unicast traffic. Finally, we propose and study a new random number generator tailored for 802.11 platforms. CC BY 4.0 false Mathy Vanhoef Research paper Presentation /system/events/logos/000/007/925/large/nibbletronic.JPG?1473939697 2016-12-27T16:00:00+01:00 16:00 00:30 Saal 6 33c3-7925-the_nibbletronic A DIY MIDI Controller and a New UI for Wind Instruments Hardware & Making lecture en The NibbleTronic is a MIDI wind controller that features a novel user interface resulting in a unique tonal range. The standard configuration allows to precisely play a bit more than four full octaves including semitones with only one hand. In my talk I want to describe the individual stages of development from a barely usable electronic recorder to a useful and unique instrument that could come as a kit. The interface that puts four octaves at the fingertips of a single hand will be the second core topic. CC BY 4.0 false ctrapp Slides /system/events/logos/000/008/420/large/1___960.jpg?1482080320 2016-12-27T16:45:00+01:00 16:45 00:30 Saal 6 33c3-8420-anthropology_for_kids_-_what_is_privacy Art & Culture lecture en I would like to present my project called Anthropology for kids and a specific book, that I am working on in the larger framework of this project. This book will look like an ordinary school notebook in which a teacher checks a student if the lesson had been learnt. But it is actually not! I gathered this collection of historical and anthropological notes, so that together with school kids we can think about how the very idea of privacy was developed in different countries and in different historical epochs. In ancient Babylon wealthy women were allowed to cover their faces and their bodies, but the poor ones were not. In the Soviet Union during Stalin times it was dangerous to tell a political joke even in the group of close friends. One of them may report a joke to the authorities. Punishment for a political joke could be a prison sentence. Today more or less all our online communication is watched or recorded by authorities. How does our present relate to other times in history, how is the western notion of privacy related to the ideas in other cultures. About the speaker: Her practice evolved from visual arts, journalism, internet culture and publishing. After an artistic career in Israel in the early Nineties, Dubrovsky was among the pioneers in Russia's new media start-up scene and specialized in social media and open source culture. Moving to New York in 2001 she became a significant voice in Russian blogging. Her critical position on educational regimes led to the development and publishing of doodle books for children. Her current project Anthropology For Kids aims at creating a publication series with a participatory approach. Reframing crucial aspects of human life – family, money, health, beauty, and alike – Anthropology For Kids seeks to deconstruct conditioned notions of how we (should) live, demonstrating the diversity of perspectives and possibilities that exist in different cultures. false Nika Dubrovsky Privacy__ccc_last.pdf 2016-12-27T18:15:00+01:00 18:15 00:30 Saal 6 33c3-7999-a_data_point_walks_into_a_bar How cold data can make you feel things. Art & Culture lecture en tl;dr: Mother Teresa said "If I look at the mass I will never act. If I look at the one, I will." I'll present ways that make us act when looking at the mass. Remember when we thought that data would solve all our problems? Ah, the good old days. We thought we finally found all the important problems. And all the right answers. We just forgot one important thing: The audience of data is very often....people. Irrational people. People who didn't care if Trump lied or not in the Election Year of 2016. People who know that "millions of people starve in Africa", but who want to donate for that one hungry child in Norway they saw in a TV documentary. People who read about a portfolio company and then think the whole night about becoming a farmer in Chile, like the main character of their favourite book. Stories stick, but data doesn't. Stories stick because they make us feel something; and we remember situations in which we felt intense feelings. Stories make us act; they change our beliefs. Stories make us feel warm and empathic and alive. Data doesn't make us feel anything on it’s own. Data is cold. And still, I love data, and I love to work with it. Can we create feelings with data? Away from the beaten paths of company dashboards, scientific plots and newspaper graphics? I believe it's possible. In my talk, I will showcase some ways to present data so that it sticks and makes you feel things. We'll talk about the status quo of data presentation and where we still need to go. If you like data and want to look at more of it, you should come by. CC BY 4.0 false Lisa Charlotte Rost /system/events/logos/000/008/408/large/logo.jpg?1479404200 2016-12-27T19:00:00+01:00 19:00 00:30 Saal 6 33c3-8408-keys_of_fury Type In Beyond the Scrolling Horizon Art & Culture lecture en Keys Of Fury is a brutalist storytelling about technology and keystrokes where text is used unadorned and roughcast, like concrete. I define my practice as KYBDslöjd (drawing by Type In) who uses the Commodore 64 computer, Teletext technologies and Typewriter. Brutalism has an unfortunate reputation of evoking a raw dystopia and KYBDslöjd evokes an “object of nostalgia”. But nostalgic‬, ‪retro‬, obsolete or ‪limited‬ are rhetoric qualities earn by constant repetition. We live in a time where hardware and software become obsolete before most of the users have learned how to use them or disappear into pure functionality. The obedience to standards who made us passive observers and consumers. Keys Of Fury is a brutalist storytelling about technology and keystrokes where text is used unadorned and roughcast, like concrete. I define my practice as KYBDslöjd (drawing by Type In) who uses the Commodore 64 computer, Teletext technologies and Typewriter. Brutalism has an unfortunate reputation of evoking a raw dystopia and KYBDslöjd evokes an “object of nostalgia”. But nostalgic‬, ‪retro‬, obsolete or ‪limited‬ are rhetoric qualities earn by constant repetition. We live in a time where hardware and software become obsolete before most of the users have learned how to use them or disappear into pure functionality. The obedience to standards who made us passive observers and consumers. KYBDslöjd is heavy, flat, brutal, and there is no CTRL-Z. You cannot make corrections, so any unintended strikes force you to start all over again. The screen is the canvas, use as rectilinear grid on which one keystroke at a time build a character by character animation. The remote control triggers the ghost on the television screen hiding in the vertical blanking interval (VBI) lines like REM (rapid eye movement) sleep intervals. A door to unlock the Imagination. The joy of Text-mode. KYBDslöjd is not “dead media” of the past being reanimated for individual’s self-identity and pursuits. It doesn't provide immediate satisfaction, only challenge you. It is meant to be use and not parasite. It is a dialogue of possibilities rather than an ego-trip monologue with technology. false raquel meyers http://www.raquelmeyers.com Myopia for the Future // immediate satisfaction Vladijenk II (The corroded mainframe at Tartarus edition) Keys of Fury. Type In Beyond the Scrolling Horizon /system/events/logos/000/008/264/large/buepf_tux.jpg?1479140924 2016-12-27T20:30:00+01:00 20:30 01:00 Saal 6 33c3-8264-netzpolitik_in_der_schweiz_2016 Grundrechte per Volksentscheid versenken CCC lecture de Ein Überblick zur netzpolitischen Situation in der Schweiz. Wir geben einen umfassenden Rückblick auf das ereignissreiche Jahr 2016, in dem die Schweizer Bevölkerung über gleich zwei Massenüberwachungsgesetze entschieden hat. Die netzpolitischen Gruppierungen haben mit viel Einsatz gegen die Gesetze gekämpft . Wir berichten darüber, wie wir das angengangen sind, wie es ausgegangen ist und was wir dabei gelernt haben. Zudem machen wir einen Ausblick auf kommende netzpolitische Herausforderungen. In Sachen Netzpolitik hat sich im Jahr 2016, seit unserem letzten Vortrag zu dem Thema, viel getan. Gleich zu Beginn 2016 kam die Nachricht, dass das Referendum zum NDG erfolgreich war. Damit hat das Schweizer Stimmvolk die Chance erhalten, über das Geheimdienstgesetz (NDG) abzustimmen. Mit dem Zustandekommen des Referendums war aber erst die halbe Arbeit getan. Es galt nun der in Gang gesetzten staatlichen Propagandamaschinerie sowie einigen, insbesondere bürgerlichen, Parteien entgegenzuwirken. Die netzpolitischen Gruppierungen waren also gefragt, sich aktiv, parteipolitisch unabhängig und mit technischen Fakten in den Abstimmungskampf einzubringen. Am 25. September 2016 hat dann das Schweizer Stimmvolk über das neue Nachrichtendienstgesetz entschieden: 65% der Bevölkerung hat das gesetz angenommen, nur gerade 35 % teilten unsere Meinung. Im Frühling hat das Parlament gleich das nächste fragwürdige Gesetz verabschiedet - das revidierte Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs (BÜPF). Auch gegen dieses Gesetz hat die Schweizer Netzgemeinde, unterstützt von einer ganzen Reihe Jungparteien, umgehend das Referendum ergriffen. Das Sammeln der Unterschriften wurde diesmal aus den Räumen des CCC Zürich (CCCZH) koordiniert, da es sich abgesehen von der stark netzpolitisch verankerten Pirtatenpartei, nicht um eine parteipolitische Initiative handelte. Auch wenn das Referendum gegen das BÜPF leider nicht erfolgreich war, so haben wir bei der Zusammenarbeit mit einem gross gestreuten Kommittee, beim Sammeln auf der Strasse und dem Auszählen und bescheinigen der Unterschriften viel gelernt und somit nicht Gold, aber immerhin Silber und Bronze abgeräumt. Auch wenn mit 2016 ein - mit Bezug auf die Schweizer Netzpolitik - besonders düsters Jahr zu Ende geht, so ist für die Zukunft noch einiges ausstehend. Zum Schluss wollen wir einen kurzen Überblick geben über das was kommt. Detaillierte Erklärungen zum politischen System in der Schweiz und der (damals) aktuellen Lage haben wir im Vortrag am 32c3 gegeben: https://media.ccc.de/v/32c3-7205-netzpolitik_in_der_schweiz Im Anschluss an den Talk gibt es eine ausgedehnte Diskussions- und Fragesession zu den behandelten Themen im Raum A.1: Siehe hier: https://events.ccc.de/congress/2016/wiki/Session:Netzpolitik_in_der_Schweiz_2017 CC BY 4.0 false Hakuna MaMate Chaos Computer Club Schweiz Digitale Gesellschaft Schweiz Referendumsplattform BÜPF Referendumsplattform NDG Sldies /system/events/logos/000/008/293/large/ew_Logo_farbe_L.jpg?1481916567 2016-12-27T21:45:00+01:00 21:45 01:00 Saal 6 33c3-8293-netzpolitik_in_osterreich Ein Jahresrückblick aus dem Land der Datenberge CCC lecture de Die Netzpolitik der österreichischen Bundesregierung hat sich im Jahr 2016 nicht besser dargestellt als die Jahre davor: Neue Überwachungsgesetze, (bislang erfolgreich verhinderte) Versuche eine staatliche Spionagesoftware (Bundestrojaner) einzuführen, der ewige Kampf um ein Transparenzgesetz, eine scheinheilige Simulation demokratischer Partizipation und das totglaubte E-Voting sind brennende Themen und bedürfen einer breiten gesellschaftlichen Diskussion. Der AKVorrat zeigt in einem netzpolitischen Jahresrückblick, was wir dagegen tun können und zeigt, dass Zivilgesellschaft wirkt. Polizeiliches Staatsschutzgesetz beschlossen, Gesetzesvorlage für die Legalisierung einer Überwachungssoftware (Bundestrojaner) eingebracht, weitreichende Überwachungsmaßnahmen neuerdings schon bei Verwaltungsübertretungen möglich etc. – die Liste der datenschutzrechtlichen und netzpolitischen Problemfälle in Österreich ist lang. Das Arbeitspensum für Aktivistinnen und Aktivisten in Österreich steigt. Auch für zivilgesellschaftliche Initiativen gilt, dass Politik das Bohren harter Bretter bedeutet. Mit einer wohldosierten Mischung aus juristischer und technischer Expertise sowie Aktionismus konnten 2016 ein paar sehr tiefe Löcher in die offizielle unausgewogene Netzpolitik Österreichs gebohrt werden. Herzstück der Aktivitäten des abgelaufenen Jahres war HEAT, das Handbuch zur Evaluation der Anti-Terror-Gesetze in Österreich. Das Ausmaß der staatlichen Eingriffe in unsere Privatsphäre und in die informationelle Selbstbestimmung lässt sich nur durch die Betrachtung der Summe aller Eingriffe richtig erfassen. Diese wichtige Erkenntnis der Notwendigkeit einer „Überwachungs-Gesamtrechnung“ wurde erstmals vom deutschen Bundesverfassungsgericht im Urteil zur Aufhebung der deutschen Vorratsdatenspeicherung im März 2010 formuliert. HEAT listet alle Überwachungsgesetze Österreichs auf, kombiniert dies mit einer Aufarbeitung der relevanten Judikatur, einer Erhebung der für Sicherheitsbehörden verfügbaren sowie der tatsächlich eingesetzten Technologien und schließlich einer ersten groben Technikfolgenabschätzung. In den Schlussfolgerungen wird daraus ein Kriterienkatalog für eine Evaluation aller Anti-Terror-Gesetze abgeleitet. Dieses „Pflichtenheft“ soll staatlichen und zivilen Organisationen helfen, überschießende und damit potentiell verfassungswidrige Überwachungsbefugnisse zu identifizieren. Mit HEAT liegt erstmals eine Anleitung vor, wie bestehende und zukünftige Gesetze mit allgemein anerkannten Grundrechten in Einklang gebracht werden können. Diese ist allgemein anwendbar und nicht nur für Österreich. HEAT ist auch die Grundlage für eine sogenannte Drittelbeschwerde, die von einem Drittel der Abgeordneten zum österreichischen Nationalrat gegen das Polizeiliche Staatsschutzgesetz beim Österreichischen Verfassungsgerichtshof eingebracht wurde. CC BY 4.0 false Thomas Lohninger Alexander Czadilek AKVorrat HEAT - Handbuch zur Evaluation der Anti-Terror-Gesetze 2016-12-27T23:00:00+01:00 23:00 01:00 Saal 6 33c3-8094-visiting_the_bear_den A Journey in the Land of (Cyber-)Espionage Security lecture en Sednit, a.k.a Fancy Bear/APT28/Sofacy, is a group of attackers operating since at least 2004 and whose main objective is to steal confidential information from specific targets. Over the past two years, this group's activity increased significantly, in particular with numerous attacks against foreign affairs ministries and embassies all over the world. They are supposedly behind the DNC hack, and the WADA hack, which happened earlier this year. This talk presents the results of a two-year hunt after Sednit, during which we dug up and analyzed many of their software. Technically speaking, Sednit is probably one of the best espionage group out there. Not only have they created a complex software ecosystem -- composed of tens of different components --, but they also regularly come out with 0-day exploits. Also remarkable is their ability to very quickly integrate newly published techniques in their toolkit. In particular, we will explain how they tend to operate and we will dive into technical details of their most impressive components: - DOWNDELPH, a mysterious downloader deployed in very rare cases and with advanced persistence methods. In particular, we found a Windows bootkit dropping this component, and also a Windows rootkit, both never documented. - XTUNNEL, a network proxy tool able to transform an infected machine into a pivot to contact computers normally unreachable from the Internet. Heavily obfuscated, and based on a custom encrypted protocol, XTUNNEL is a major asset in Sednit post-infection toolkit. - XAGENT, the flagship Sednit backdoor, for which Windows, Linux and iOS versions have been developed. Built as a modular framework around a so-called "kernel", it allows to build flexible backdoors with, for example, the ability to switch between various network protocols. - SEDKIT, a full-fledged exploit-kit, which depending on the target's configuration may drop 0-day exploits or revamped exploits. And also, during our tracking, we also gained a great visibility on Sednit post-infection modus operandi, a world full of Mimikatz and various custom hacking tools. CC BY 4.0 false Jessy Campos 2016-12-27T15:00:00+01:00 15:00 1:00 Saal 6 self organized sessions discussion en Daily meeting for all VOC Angels. Jwacalex V0tti Felixs https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Engelmeeting /system/events/logos/000/000/383/large/qx8g3qfa_400x400.jpg?1482079808 2016-12-27T12:00:00+01:00 12:00 00:30 Sendezentrumsbühne 33c3-383-begrussung_sendezentrum Wir sagen Hallo! Sendezentrumsbühne de Zum Warmmachen vor der ersten Bühnensession und der ersten Aufnahme am Podcastingtisch, möchten wir mit euch zusammenkommen und euch im Sendezentrum auf dem 33C3 willkommen heißen. Wir möchten euch "Hallo" sagen und in einer schnellen, intensiven aber herzlichen Vorstellungsrunde herausbekommen, wer alles auf dem CCCongress unterwegs sein wird und ein Herz für das Podcasting hat. Ihr bekommt auch eine Übersicht über die Möglichkeiten, die euch im Sendezentrum auf dem 33C3 erwarten. Wir freuen uns auf euch! false Martin Fischer Ulrike Kretzmer Tim Pritlove /system/events/logos/000/000/399/large/nHrbp8sU.jpg?1480276359 2016-12-27T12:30:00+01:00 12:30 00:55 Sendezentrumsbühne 33c3-399-podcastpat_innen_prasentieren_podcast-formate Podcasting für Anfänger Sendezentrumsbühne workshop de Laberpodcast, Interviewpodcast, Magazin oder Feature: Was für Podcast-Formate gibt es eigentlich? Die Podcastpat_innen nehmen Euch mit zu einer Rundreise durch die deutschsprachige Podcastlandschaft. Am Anfang gibt es immer ein Problem: Welches Thema, welches Format, welche Software, welcher Veröffentlichungsort? Die Podcastpat_innen sind ein selbstorganisiertes Communityprojekt und wollen Anfänger_innen beim Start ihres eigenen Podcasts unterstützen. Auf der Bühne stellen Daniel Meßner und Tine Nowak das Podcastpat_innen-Projekt kurz vor und starten dann mit einem Überblick zu den verschiedenen Podcastformaten in einer speziellen 33C3-Edition. false tinowa Daniel Meßner /system/events/logos/000/000/390/large/x.jpg?1482576287 2016-12-27T14:00:00+01:00 14:00 00:45 Sendezentrumsbühne 33c3-390-die_ultraschall_rauspertaste günstige MIDI Controller selber bauen Sendezentrumsbühne lecture de MIDI Räuspertasten kann man sehr günstig mit einem Arduino und geeigneter mechanischer Hardware selber Bauen. Ob Türklingelknopf oder Fußtaster. Jeder kann seine Wunsch-MIDI-Fernbedienung für Ultraschall selber bauen. Robert Nixdorf und Udo Sauer "forschen" seit längerem auf dem Gebiet MIDI-Controller und stellen einige einfache und ein paar komplexere Möglichkeiten vor, Ultraschall fernzusteuern. false fernsehmuell Diodenschein /system/events/logos/000/000/397/large/GBNI_Logo.jpg?1480281472 2016-12-27T16:30:00+01:00 16:30 01:30 Sendezentrumsbühne 33c3-397-gala_be_need_inn Die Podcast Quiz Show Sendezentrumsbühne other de Die Quizshow deren Name ein Anagram des Originals ist! In dieser Show geht es um die Lösung hinter Fragen wie was ist ein Alarmstuhl, was ist Spritzgeld oder warum haben Züge aus Deutschland nach Frankreich Knallerbsen an Board! Ein Team aus vier Kandidaten versucht diese Rätsel möglichst schnell zu lösen, hat einer der Vier die Lösung gefunden gewinnt er fünf Euro. Alle anderen, samt Moderator, müssen sich ein Kurzen trinken. Wird die Lösung nicht gefunden gehen fünf Euro als Spende ans Sendezentrum. Pro Rätsel sind circa 10 Minuten eingeplant. false MacSnider Gala Be Need Inn Website /system/events/logos/000/000/377/large/rechtsbelehrung-klein.png?1478555273 2016-12-27T18:30:00+01:00 18:30 01:30 Sendezentrumsbühne 33c3-377-rechtsbelehrung_com Recht autonom - Geschäftsfähigkeit und Haftung von KIs, Bots und autonomen Systemen. Sendezentrumsbühne workshop de Wer zahlt, wenn Bots in einen Kaufrausch geraten oder autonom fahrende Autos sich nicht an die Verkehrsregeln halten? Entwickler, Nutzer oder etwa die KI selbst? Die Rechtsbelehrung ist ein Podcast, der über rechtliche Phänomene, die entstehen, wenn die Meatwelt mit dem digitalen Raum verschmilzt. Auf dem Congress - wahrscheinlich der letzten Veranstaltung, auf der es außer Menschen keine weiteren vernunftbegabten Entitäten geben wird - wollen sich Thomas Schwenke und Marcus Richter einer der ältesten Fragen der Menschheit zuwenden: Wer ist schuld? Wer zahlt, wenn Bots in einen Kaufrausch geraten oder autonom fahrende Autos sich nicht an die Verkehrsregeln halten? Entwickler, Nutzer oder etwa die KI selbst? Wenn autonome Systeme unabhängig agieren und sich selbst definieren, sollten sie dann nicht auch rechtlich autonom werden? Wird es neben den natürlichen Personen (aka Menschen) und juristischen Personen (aka Firmen) auch eine "E-Person" geben? Die beiden Menschen der Rechtsbelehrung bringen viele Ideen, Grundlagen sowie Fragen mit und werden sich gemeinsam mit dem Publikum auf die Suche nach den Antworten begeben. false Marcus Richter Dr. Thomas Schwenke Die Rechtsbelehrung /system/events/logos/000/000/393/large/wisspod_logo.png?1480106308 2016-12-27T20:30:00+01:00 20:30 01:00 Sendezentrumsbühne 33c3-393-wisspod-quiz Sendezentrumsbühne de Wir werden auf der Sendezentrums-Bühne interessante Gäste aus dem Bereich des Wissenschaftspodcasting aber auch der Wissenschaftskommunikation haben, mit ihnen über Wissenschaftskommunikation diskutieren und gemeinsam mit dem Publikum ein Jeopardy-Quiz veranstalten. Dabei gilt es mit Hilfe von Audioauschnitten aus Wissen{schaft}spodcasts die dort behandelten Themen zu erraten. Wissen{schaft}spodcasts sind Podcasts, deren primäres Ziel die Wissensvermittlung ist. Wir sind davon überzeugt, dass Podcasts ein geeignetes didaktisches Medium zur nachhaltigen Wissensvermittlung sind und haben daher das kuratierte Wisspod Verzeichnis http://wissenschaftspodcasts.de erstellt. Darüber hinaus sind Wissen{schaft}spodcasts aber noch etwas: Lehrreiche Unterhaltung. Sie zählen darum aus gutem Grund zu den beliebtesten Podcastangeboten. Darum glauben wir, dass speziell diese Podcasts auf die Showbühne gehören. Ganz nebenbei wird dabei das vielfältige Angebot der kuratierten Wisspod-Webseite vorgestellt. Wir möchten die Bandbreite dieser Formate durch den Showcharakter sichtbar machen und dafür sensibilisieren, dass Podcasts ein noch unterschätztes Potenzial bergen. Durch die Show führen einige Mitglieder der Wisspod-Redaktion, die so auch sichtbarer werden und anschließend zur Diskussion zur Verfügung stehen. false Nicolas Wöhrl Daniel Meßner Martin Rützler /system/events/logos/000/000/406/large/Quizradio.jpg?1482681033 2016-12-27T22:00:00+01:00 22:00 01:00 Sendezentrumsbühne 33c3-406-quizradio Sendezentrumsbühne de Ein Quizpodcast Das Projekt "Quizradio" ist gerade noch im Aufbau und wird auf der Podcast-Livebühne des 33c3 seinen ersten Erfolg feiern. Kandidaten aus dem Publikum treten gegeinandern an, um sich in Quizfragen zu messen, die vielleicht nicht ganz so typisch wie bei Jauch und Pilawa sind. false Sebi /system/events/logos/000/000/402/large/nHrbp8sU.jpg?1480281829 2016-12-27T14:00:00+01:00 14:00 00:55 Podcastingtisch 33c3-402-podcastpat_innen_talk_i Mach mit am Podcastingtisch! Podcastingtisch meeting de Egal wie alt - alle können Podcasts produzieren. Hast Du auch schon überlegt, mit dem Podcasten anzufangen? Am Podcastingtisch kann man das Podcasten gleich ausprobieren. Die Podcastpat_innen sind ein selbstorganisiertes Communityprojekt und wollen Anfänger_innen beim Start ihres eigenen Podcasts unterstützen. Setz Dich mit zu uns an den Podcastingtisch und frag alles zum Podcasten, was Du gerne wissen möchtest. Vielleicht willst Du selbst mit den Podcasting beginnen? Wir brainstormen, denken nach und hören zu. Am Tisch begrüsst Euch heute u.a. Tine Nowak... Es sind weitere Podcastpat_innen vor Ort: Sprich uns an! false tinowa Infos zu den Podcastpat_innen /system/events/logos/000/000/416/large/talentschmiede.jpg?1482776512 2016-12-27T15:00:00+01:00 15:00 01:00 Podcastingtisch 33c3-416-talentschmiede Podcastingtisch Im Talentschmiede Podcast spreche ich über verschiedenste Fußball Mannschaften. Thema der 33C3-Episode wird der 1. FC Köln sein! false RikschaAndi Lukas Rinke /system/events/logos/000/000/392/large/BlickwechselLogo.jpeg?1480018459 2016-12-27T17:00:00+01:00 17:00 00:45 Podcastingtisch 33c3-392-blickwechsel Sprich mit uns Podcastingtisch other de Chris und Horst setzten sich an den Tisch und besprechen ein Homo- und ein Heterothema. Wenn Hörer_innen Lust haben können sie gerne dazu kommen oder Themen in den Kommentaren vorgeben und wir reden beim Kongress darüber. false die_horst Chris /system/events/logos/000/000/382/large/kulturpessimisten_original.png?1478883007 2016-12-27T22:00:00+01:00 22:00 01:00 Podcastingtisch 33c3-382-kulturpessimisten_feat_insnider_-_rogue_one Podcastingtisch other de Rebellen! Todesstern! Vader! Wie schon auf dem 32c3 setzen wir auch dieses Jahr die Tradition fort, die neueste Fortsetzung des Star Wars Universums zu besprechen, Rogue One. Natürlich ist dabei auch wieder der MacSnider mit von der Partie. false Eric Schmieder MacSnider VanillaChief @Genderbeitrag Sven Schmidt Blog Besprechung von Episode 7 /system/events/logos/000/000/384/large/tis_logo.png?1478983879 2016-12-27T23:00:00+01:00 23:00 01:00 Podcastingtisch 33c3-384-the_insnider_feat_die_kulturpessimisten_-_rogue_one Der Crossover Podcast Talk zu Rogue One - A Star Wars Story Podcastingtisch other de Vader! Rebellen! Todesstern! Wie schon auf dem 32c3 setzen wir auch dieses Jahr die Tradition fort, die neueste Fortsetzung des Star Wars Universums zu besprechen, Rogue One. Mit dabei sind wieder die Jungs vom Podcast "Die Kulturpessimisten" false MacSnider Mr. Eric S. @Genderbeitrag Sven Schmidt VanillaChief Website Besprechung von Episode 7 2016-12-27T16:30:00+01:00 16:30 0:30 Hall A.1 self organized sessions other de Einführung ins Kassenengeling. https://events.ccc.de/congress/2016/wiki/Session:Engeleinf%C3%BChrung_Kasse 2016-12-27T15:00:00+01:00 15:00 1:00 Hall A.1 Meet & Greet self organized sessions meeting de Room A.2: Dedicated workshop area for women* and other minorities. Meet people, learn new things, discuss topics, host your own workshop here! We still have open slots :) Haecksen Melzai http://many.haecksen.org/mediawiki/index.php/33C3 https://events.ccc.de/congress/2016/wiki/Session:Haecksenraum 2016-12-27T21:15:00+01:00 21:15 2:00 Hall A.1 self organized sessions meeting de Das ausgehende Jahr war ein schwieriges Jahr auch für die Netzpolitik in der Schweiz. Wir stecken den Kopf deswegen jedoch nicht in den Sand. Nach dem Talk zur «Netzpolitik in der Schweiz 2016» (27.12.16, 20:30 Uhr, Saal 6) treffen wir uns daher zu einer ausgedehnten Diskussions-, Frage und Planungssession. Kire https://www.digitale-gesellschaft.ch https://events.ccc.de/congress/2016/wiki/Session:Netzpolitik_in_der_Schweiz_2017 2016-12-27T12:00:00+01:00 12:00 1:00 Hall A.1 self organized sessions de Internal Schiko-Meeting Melzai https://events.ccc.de/congress/2016/wiki/Session:Schiko-Meeting 2016-12-28T01:00:00+01:00 01:00 1:00 Hall A.1 self organized sessions meeting en all travelers with a certain skill will be invited to these sessions. Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_a 2016-12-28T02:00:00+01:00 02:00 1:00 Hall A.1 self organized sessions meeting en all travelers with a certain skill will be invited to these sessions. Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_a 2016-12-27T20:00:00+01:00 20:00 1:00 Hall A.1 Day1 Introduction Stagemanagers self organized sessions workshop en Stage Managers are responsible for a specific lecture hall (Saal) and all the talks within a 4 hour time slot. In short, stage managers make sure the talks go as smoothly as possible, including technical issues and crowd management. During this Session we will introduce you to your dutys as a stage manager and teach you all that you need to know to make the Talks during 33c3 run as smoothly as possible. Ijon https://events.ccc.de/congress/2016/wiki/Static:Stage_manager https://events.ccc.de/congress/2016/wiki/Session:Stage_Manager_Angel_Introduction 2016-12-27T10:00:00+01:00 10:00 0:30 Hall A.1 self organized sessions meeting en The Angelmeeting for the subtitles Angels. If you want to be approved as a subtitles Angel, please visit! If you are one already, this is the easiest way to meet and manage shifts etc. Welcome to the Subtitles Angelmeeting! Cube https://c3subtitles.de/ https://events.ccc.de/congress/2016/wiki/Session:Subtitles-Angelmeetings 2016-12-27T15:15:00+01:00 15:15 0:30 Hall A.1 self organized sessions meeting en The Angelmeeting for the subtitles Angels. If you want to be approved as a subtitles Angel, please visit! If you are one already, this is the easiest way to meet and manage shifts etc. Welcome to the Subtitles Angelmeeting! Cube https://c3subtitles.de/ https://events.ccc.de/congress/2016/wiki/Session:Subtitles-Angelmeetings 2016-12-27T19:45:00+01:00 19:45 0:30 Hall B Angelmeeting Day 1 self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-27T15:00:00+01:00 15:00 1:00 Hall B Introduction meeting for new angels self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-27T13:00:00+01:00 13:00 1:00 Hall B Angel meeting day 1 self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-27T20:30:00+01:00 20:30 2:15 Hall B self organized sessions game de Inspiriert vom gewachsenen Konzept von Sec und Ray haben wir unsere eigene Hard- und Software gebaut. Wir können zwar keine teuren Preise bereitstellen, haben uns aber einige neue Kategorien überlegt, damit euch nicht langweilig wird. Hertle Mate https://events.ccc.de/congress/2016/wiki/Session:Hackerjeopardy_-_A_New_Approach 2016-12-27T18:00:00+01:00 18:00 1:00 Hall B self organized sessions talk en The pretty Easy privacy project (p≡p) is a project to turn the cyberpunk movement's dream into reality that everyone should be able to protect his/her privacy using technical tools. Overall p≡p is about changing today's default of digital written communications from unencrypted, unanonymized and unverified to encrypted, anonymized and verified. p≡p's vision is to offer an automatic and easy to use solution to make all end-to-end written digital communications over the Internet ‘Private and Secure by Default and Design‘. With that 'unencrypted' e-mails become the exception not the norm. The p≡p project aims at encrypting existing written digital communications and does not force users to switch to platform-centric or other crypto solutions, in which users are likely to be locked. Eal https://pep.foundation/ https://events.ccc.de/congress/2016/wiki/Session:Privacy_by_default_with_pretty_Easy_privacy_(p%E2%89%A1p) 2016-12-27T16:00:00+01:00 16:00 2:00 Hall B Start of the gathering self organized sessions meeting en A meetup for all the queer feminist geek folk. We will talk a bit about our assembly and what we are doing there, exchange projects and ideas, and network with each other. This meetup is open to people of all genders, but please be mindful of how much space you are taking up. Especially if you are white, male, straight and cis, please try to actively listen instead of talking. This is our Code of Conduct: https://events.ccc.de/congress/2015/wiki/Projects:Code_of_Conduct_of_the_Queer_Feminist_Geek_Assembly Obaz UMT CoopDot https://events.ccc.de/congress/2016/wiki/Session:Queer_Feminist_Geeks_Gathering 2016-12-27T12:00:00+01:00 12:00 1:00 Hall C.1 First meetup self organized sessions other en Looking forward to meet new and old friends interested in UnCivilization! We are a group of people interested in intersection of technology & society, politics, activism, art, and critical of techno-optimism. We share a mailing list since 2012, called UnCivilization, inspired (but not otherwise connected to) Dark Mountain "Uncivilization Manifesto", as well as Ursula LeGuin, Derrick Jensen, Heather Marsh, John Zerzan, Naomi Klein, Daniel Quinn, Ursula Franklin, and other feminist, anarchist, anti-supremacist authors. Goal of this meetup is to catch-up, give each other hugs & support, and plan our activities for the next months & years (e.g. another LikaCamp?!) Becha http://unciv.nl https://events.ccc.de/congress/2016/wiki/Session:An_UnCivilization_Commune_ReWilded_Life_Shared_with_Squirrels 2016-12-27T15:00:00+01:00 15:00 1:00 Hall C.1 self organized sessions meeting de Vorbesprechung für die Helfer des Chaos macht Schule-Lötworkshops Djim Benni Duisburch https://events.ccc.de/congress/2016/wiki/Projects:Junghackertag https://events.ccc.de/congress/2016/wiki/Session:CmS_L%C3%B6tworkshop_Vorbesprechung_f%C3%BCr_Helfer 2016-12-27T16:30:00+01:00 16:30 1:30 Hall C.1 Spare room in case we split up groups self organized sessions meeting en A meetup for all the queer feminist geek folk. We will talk a bit about our assembly and what we are doing there, exchange projects and ideas, and network with each other. This meetup is open to people of all genders, but please be mindful of how much space you are taking up. Especially if you are white, male, straight and cis, please try to actively listen instead of talking. This is our Code of Conduct: https://events.ccc.de/congress/2015/wiki/Projects:Code_of_Conduct_of_the_Queer_Feminist_Geek_Assembly Obaz UMT CoopDot https://events.ccc.de/congress/2016/wiki/Session:Queer_Feminist_Geeks_Gathering 2016-12-27T21:00:00+01:00 21:00 1:00 Hall C.2 self organized sessions discussion en I breathed the promise of liberation through IT technology for three decades, yet now can't help but notice different trajectories in our brave new software driven world. I was the odd nerd bringing internet, mail, google, mobile phone usage to friends and communities. Instruments of liberty, as the still strong going Sillicon Valley narratives pitch it. Now i see more and more people regulated and alienated by what what others allow them (i.e. software), be they waiters in Cafe's, people working in customer support, cashiers at supermarkets, and the other hundreds of millions who sit in front of screens. However, human freedom luckily keeps creeping in and there are examples and opportunities for autonomous uses of technology. It must begin with a slowdown, un-busying ourselves, because it is the increasing speed of movement and information flows which stabilize the grip of cybernetic capitalism. Hpk https://events.ccc.de/congress/2016/wiki/Session:ComputerSaysNo 2016-12-27T14:00:00+01:00 14:00 1:00 Hall C.2 self organized sessions talk de Herausforderung Konsensentscheid Wie es sein sollte. Wie es nicht sein sollte. Wie es dann trotzdem klappt. https://events.ccc.de/congress/2016/wiki/Session:Entscheidungsfindung/Konsens 2016-12-27T15:00:00+01:00 15:00 0:45 Hall C.2 self organized sessions talk en Is infinity plus one bigger than infinity? Or is it still just infinity? If you were bothered by this question at some point in your life, this talk is for you. It gives you the graphical tools to decide this question for yourself without any remaining doubt. Absolutely no mathematical prerequisites needed. Iblech https://events.ccc.de/congress/2016/wiki/Session:Fun_with_infinitely_large_numbers_(Wondrous_Mathematics) 2016-12-27T19:00:00+01:00 19:00 1:00 Hall C.2 self organized sessions workshop en Write code in Rust, run on the rad1o from CCCamp15 Astro https://github.com/astro/rad1o-rust https://events.ccc.de/congress/2016/wiki/Session:Rust_on_the_rad1o 2016-12-27T17:30:00+01:00 17:30 1:10 Hall C.2 KulturKunstPartyPolitik! - Teil2: Urban Intervention self organized sessions talk de KulturKunstPartyPolitik! Ein Schiff als Arena schwimmender Spontandemos, Wandbild-Brigaden für internationalistische Politikarbeit. Visuelle Grenzenüberschreitungen an scheinbar unzugänglichen Orten, Hausfassaden, die innerhalb weniger Minuten in Farbe getaucht werden… Wie nehmen wir uns den öffentlichen Raum, umgehen seine Vorschriften und Reglementierungen? Wie schaffen wir Orte für Kollektivität und basisdemokratisches Zusammenleben? mit den Freimeutern, Interbrigadas, .WAV, Graffitiarchiv, Überraschungsgästen und Mensch Meier. Jona http://www.reclaimyourcity.net http://www.w3arevisual.wordpress.com http://interbrigadas.org http://www.anarche.noblogs.org https://events.ccc.de/congress/2016/wiki/Session:Space_Hacking 2016-12-27T16:00:00+01:00 16:00 1:10 Hall C.2 KulturKunstPartyPolitik! - Teil1: Collective Space self organized sessions talk de KulturKunstPartyPolitik! Ein Schiff als Arena schwimmender Spontandemos, Wandbild-Brigaden für internationalistische Politikarbeit. Visuelle Grenzenüberschreitungen an scheinbar unzugänglichen Orten, Hausfassaden, die innerhalb weniger Minuten in Farbe getaucht werden… Wie nehmen wir uns den öffentlichen Raum, umgehen seine Vorschriften und Reglementierungen? Wie schaffen wir Orte für Kollektivität und basisdemokratisches Zusammenleben? mit den Freimeutern, Interbrigadas, .WAV, Graffitiarchiv, Überraschungsgästen und Mensch Meier. Jona http://www.reclaimyourcity.net http://www.w3arevisual.wordpress.com http://interbrigadas.org http://www.anarche.noblogs.org https://events.ccc.de/congress/2016/wiki/Session:Space_Hacking 2016-12-27T15:00:00+01:00 15:00 0:24 Hall C.3 self organized sessions workshop en For years I updated the signature for my emails manually – until I got fed up… That’s why I wrote a script to create a randomized signature block automatically from an RSS feed! Birdy1976 https://github.com/birdy1976/signature https://b76.ch/9400 https://events.ccc.de/congress/2016/wiki/Session:42birds:_Randomized_Signature_Block_for_Emails 2016-12-27T17:00:00+01:00 17:00 1:30 Hall C.3 self organized sessions meeting en Meet-up for all fiction-writing entities: Share your experiences over mate & coffee. Christina http://www.jokoren.de/33C3.html https://events.ccc.de/congress/2016/wiki/Session:Fiction_Writers%27_Session 2016-12-27T13:00:00+01:00 13:00 2:00 Hall C.3 self organized sessions meeting de https://events.ccc.de/congress/2016/wiki/Session:Infra-meetup 2016-12-27T15:30:00+01:00 15:30 1:30 Hall C.3 self organized sessions talk en We talk about the current state of VPN and encrypted email services and the use cases for providers and end users. Varac Kali Zara https://leap.se https://pixelated-project.org/ https://events.ccc.de/congress/2016/wiki/Session:Introduction_to_LEAP_encryption_access_project_and_Pixelated 2016-12-27T19:30:00+01:00 19:30 1:30 Hall C.3 self organized sessions hands-on en Try out different mechanical keyboards and bring your own to show it off! Coloneljesus https://events.ccc.de/congress/2016/wiki/Session:Mechanical_Keyboard_Meetup_%26_Tryout 2016-12-27T17:00:00+01:00 17:00 1:30 Hall C.4 GPG Schlüsselverteilung self organized sessions workshop de Um EndeZuEnde-Verschlüsselung für die breite Masse nutzbar zu machen, benötigen wir Verfahren, welche mit möglichst geringen Aufwand und wenig Vorkenntnisse auch von Laien nutzbar sind. Als Einführung in das Thema, stellt ein kurzer Vortrag die aktuellen Entwicklungen vor, um eine Grundlage für die anschließende Diskussion zu bereiten. Yncyrydybyl Pefi https://www.keys4all.de/ https://events.ccc.de/congress/2016/wiki/Session:GPG_Schl%C3%BCsselverteilung 2016-12-27T15:00:00+01:00 15:00 2:00 Hall C.4 self organized sessions hands-on en You will learn how to create basic schematics, select footprints and finally design the actual PCB using KiCad. Kbeckmann https://events.ccc.de/congress/2016/wiki/Session:PCB_design_for_beginners_using_KiCad 2016-12-27T19:30:00+01:00 19:30 1:30 Hall C.4 self organized sessions meeting en This will be a meeting for political organisations and individuals who work on the Radio Lockdown Directive. Eal https://fsfe.org/activities/radiodirective/statement https://events.ccc.de/congress/2016/wiki/Session:Radio_Lockdown_Directive:_coordinating_future_steps 2016-12-27T23:00:00+01:00 23:00 25:00 Hall F Lötworkshop von Chaos Macht Schule self organized sessions workshop de Lötworkshop von Chaos Macht Schule für Junghacker Djim Duisburch Benni Cbass Stean https://events.ccc.de/congress/2016/wiki/Session:L%C3%B6tworkshop_von_Chaos_macht_Schule 2016-12-27T19:00:00+01:00 19:00 0:40 Hall 13-14 IceBreaker Day 1 self organized sessions de How to provide some congress feeling to your people at home ? Congress Everywhere events in hackerspaces usually happen at evening as public viewing of congress talks. Such a livestream-only link provides very limited "congress feelings". In your local timezone, the events do start with a major break, where no talk happens and therefore no livestream is sent out Let's fill this break with meet and greet between your congress site and your hackerspace at home. Myon https://events.ccc.de/congress/2016/wiki/Session:Congress_Everywhere_Greet_%26_Meet 2016-12-27T14:00:00+01:00 14:00 1:00 Hall 13-14 self organized sessions meeting en This is a gathering for academic researchers who are a part of Hackademia (the listserv, IRC channel, summer school, etc). We will gather together to share our work, exchange ideas about methods, challenges, and gaps, and discuss recent developments in research involving hacker communities. Though this is a meant to be a private session for people already involved in the group, please contact us beforehand if you’d like to join! Swest https://events.ccc.de/congress/2016/wiki/Session:Hackademia_Meetup 2016-12-27T22:00:00+01:00 22:00 1:00 Hall 13-14 self organized sessions discussion en WHAT DO YOU USE FOR X? Call out the best and worst open source software, websites, and practices. Relaxed get-together + Pad note-taking + Learn. Focus: Groupware / Collaboration / "Workflow". Dcht00 https://events.ccc.de/congress/2016/wiki/Session:Hacker_workflows 2016-12-27T16:00:00+01:00 16:00 3:00 Hall 13-14 self organized sessions workshop en In this workshop we will teach the basics of digital security and how to use tools that allow us to maintain our privacy, anonymity and security with an emphasis on attendees of a hackers conference. Yuvadm Dawning-sun https://www.cryptoparty.in https://events.ccc.de/congress/2016/wiki/Session:How_to_Survive_33C3_CryptoParty 2016-12-28T00:15:00+01:00 00:15 1:40 Hall 13-14 self organized sessions workshop en '''Ever wondered how webpages arrive in your browser? How zmap works? Want to get your first hands-on experience using ''wireshark''?''' To learn all that you need to learn the basic networking concepts. You're in luck as this is a hands-on networking workshop preceded by a lecture. We will cover such topics as the ISO/OSI model, Ethernet, IP, TCP, UDP, routing, and wireshark. Kirils http://kirils.org/ https://events.ccc.de/congress/2016/wiki/Session:Network_concepts_introduction_%26_wireshark_workshop 2016-12-28T02:00:00+01:00 02:00 1:00 Hall 13-14 self organized sessions meeting en all travelers with a certain skill will be invited to these sessions. Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_a 2016-12-28T03:00:00+01:00 03:00 1:00 Hall 13-14 self organized sessions meeting en all travelers with a certain skill will be invited to these sessions. Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_a 2016-12-27T19:40:00+01:00 19:40 0:50 Hall 13-14 day 1, evening meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-27T15:10:00+01:00 15:10 0:50 Hall 13-14 day 1, afternoon meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-27T14:00:00+01:00 14:00 1:00 Assembly:3D Hackspace self organized sessions workshop en Never used a 3D printer? No idea how to use CAD? This workshops is for you. From ABS to Z-Axis, you'll learn basics of 3D printing. Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_beginners 2016-12-27T18:00:00+01:00 18:00 1:00 Assembly:3D Hackspace self organized sessions hands-on de REGISTRATION NEEDED: I'll bring an industrial grade 3D scanner and you'll be able to get free high resolution scans of yourself, your friends etc... Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_scan_yourself 2016-12-27T15:00:00+01:00 15:00 0:30 Assembly:Freifunk self organized sessions other de Calm down and have a chat with us Monic https://events.ccc.de/congress/2016/wiki/Session:Coffee_Break 2016-12-27T18:30:00+01:00 18:30 0:45 Assembly:Freifunk self organized sessions talk en The Freifunk Berlin Line-of-Sight visualiser is a tool to see which long-distance wireless connections to existing larger Freifunk sites in Berlin can be expected from a given location. It can augment or sometimes even replace standing on the roof and seeing what is visible from there. It takes the form of a script that presents custom KML format sight lines over the network to the user running Google Earth Pro, which combines these lines with the Google 3D-buildings layer so the user can easily see if there is something interrupting a line of sight. Andibraeu https://events.ccc.de/congress/2016/wiki/Session:Line-of-sight_visualizer 2016-12-27T15:30:00+01:00 15:30 0:45 Assembly:Freifunk self organized sessions meeting de Come to the freifunk Assembly, say hello, introduce yourself, see who's there, get to know others... Bobo PK https://events.ccc.de/congress/2016/wiki/Session:Welcome_%26_Icebreaker 2016-12-27T19:30:00+01:00 19:30 0:30 Assembly:Freifunk self organized sessions workshop de We'll present our new wizard for configuring Freifunk routers Andrenarchy https://events.ccc.de/congress/2016/wiki/Session:Wizard_of_Berlin%27s_Freifunk_Firmware 2016-12-27T17:00:00+01:00 17:00 1:00 Assembly:Freiwurst self organized sessions hands-on en come over to the Freiwurst assembly, play with our cyberthingy and enjoy some Freiwurst. Apex https://www.freiwurst.net https://events.ccc.de/congress/2016/wiki/Session:Cyberthingy 2016-12-27T15:00:00+01:00 15:00 2:00 Assembly:Scottish Consulate self organized sessions talk en DVB-S is the core technology behind Digital Satellite Television. This will be a look into the technical aspects of how Satellite TV is transmitted, received, how the standard works and how to abuse it for your own entertainment. Low Power and Low Cost hardware is now capable of both transmitting and receiving DVB - a Raspberry Pi and an SDR are all you need to get started. We'll look at setting up a DVB-S station and what parts are required. Expect a presentation, demonstration and then discussion to share ideas. Hibby https://events.ccc.de/congress/2016/wiki/Session:DVB-S:_Pirate_or_Amateur_Digital_TV_Stations 2016-12-27T23:45:00+01:00 23:45 1:00 Assembly:Flunkyground evening game day 1 self organized sessions game en Playing Flunkyball together. Organized by the UPB Flunkyteam. Flunkyball is a common german drinking game for all ages. ApolloLV http://upb-flunkyteam.de https://events.ccc.de/congress/2016/wiki/Session:Flunkyball 2016-12-27T21:00:00+01:00 21:00 1:00 Assembly:Mainframe Beginners self organized sessions workshop de Learn about the ESP8266, a very small and cheap microcontroller with builtin WiFi. Bring your Laptop, ESP8266-Dev-Boards and some sensors are available for donations. MarvinGS https://events.ccc.de/congress/2016/wiki/Session:Getting_started_with_ESP8266_and_IoT 2016-12-27T16:00:00+01:00 16:00 0:15 Hebocon Q&A self organized sessions hands-on en Before the Hebocon we will offer some space build robots and we will do the official registration at the Aaaaaaaaaaaa Assembly. Konfusius https://events.ccc.de/congress/2016/wiki/Session:Hebocon_Registration_and_testfights 2016-12-28T00:10:00+01:00 00:10 0:45 self organized sessions game en Tired of egoshooters? Feeling the need for better graphics, realistic physics and surround sound? Join the big Nerf-Gun Battle at 33c3! Come around - bring your own device - get shot! Troll https://events.ccc.de/congress/2016/wiki/Session:NerfgunBattle 2016-12-27T20:00:00+01:00 20:00 3:00 Day 1 *FULL* self organized sessions game de A short introductory session for the cyberpunk role-playing game of Shadowrun. SnakeBDD https://rpgzweinull.de/profile/tomorrowland https://events.ccc.de/congress/2016/wiki/Session:Shadowrun 2016-12-27T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en This workshop will teach you how to start your own batch of tempeh using commercial starting culture tasting your own creation before the congress is over! Algoldor https://foodhackingbase.org/wiki/Recipe:Tempeh_making_manual_-_short_workshop_form https://events.ccc.de/congress/2016/wiki/Session:Introduction_to_Soy_Bean_Fermentation_-_Tempeh_Making 2016-12-27T20:00:00+01:00 20:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en We'll have a Siebel off flavour kit for beer with us. You'll learn which off flavours you can perceive, what causes them, and how to remedy them. Ofosos https://foodhackingbase.org/wiki/Off_flavours_33c3 https://events.ccc.de/congress/2016/wiki/Session:Off_flavours_in_homebrewed_beer 2016-12-27T16:00:00+01:00 16:00 1:00 Assembly:Foodhackingbase self organized sessions workshop en We want to share our favourite ways to satisfy our cravings for childhood-memory-food through vegan substitutes. We won’t cook that much but, share and taste visions and experiences. Come, if you want to share your favourite substitute, bring a sample or recipe. Come, if you search for a vegan alternative for your favourite dish and pose a challenge. Momio https://events.ccc.de/congress/2016/wiki/Session:Vegan_Replacements_%E2%80%93_Hacking_Food_Traditions 2016-12-27T23:00:00+01:00 23:00 2:00 Assembly:Chaos West [[User:Plopesmusic|deadact aka pedro lopes]] DJ set: lounge-core-experimental-juke-freeform-hop self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-28T01:00:00+01:00 01:00 2:00 Assembly:Chaos West [[User:majorx|MajorX234]] DJ set: Dub, Bass, IDM, UK Garage self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-27T20:00:00+01:00 20:00 3:00 Assembly:Chaos West [[User:Bam|bam]] DJ set: Techno/Tech House/Deep Techno self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-27T19:30:00+01:00 19:30 1:30 Assembly:Mensch meier and friends self organized sessions de Angewandte malediktion Noja https://events.ccc.de/congress/2016/wiki/Session:Kreatives_beschimpfen 2016-12-27T17:00:00+01:00 17:00 6:59 Assembly:HardwareHackingArea Day 1 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2016/wiki/Session:LearnToSolder 2016-12-27T19:30:00+01:00 19:30 1:30 Assembly:HardwareHackingArea Mill your PCBs self organized sessions workshop en Open Milling - Mill your PCB Design, Learn PCB Milling Pollo vollador https://events.ccc.de/congress/2016/wiki/Session:Pcb_milling_with_the_othermill 2016-12-27T17:00:00+01:00 17:00 1:30 Assembly:HardwareHackingArea Day 1 - Session 3 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-27T13:00:00+01:00 13:00 1:30 Assembly:HardwareHackingArea Day 1 - Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-27T15:00:00+01:00 15:00 1:30 Assembly:HardwareHackingArea Day 1 - Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-27T19:00:00+01:00 19:00 0:10 Assembly:Free Software Foundation Europe self organized sessions en Join us now and sing together the Free Software song! Everyday at another time at the Assembly of the Free Software Foundation Europe. We have the lyrics and conductor. Simply come and we form an ad-hoc choir and sing together the Free Software Song! "You'll be Free hackers, Freeee!" Eal https://events.ccc.de/congress/2016/wiki/Session:Let%27s_sing_together_the_Free_Software_Song 2016-12-27T19:00:00+01:00 19:00 2:00 Assembly:Milliways Game demo self organized sessions game en 'Off Grid' is a videogame where you have to hack into networks and exfiltrate data by manipulating vulnerable IoT devices and socially engineering other characters. Come to Milliways and play an early build of the game! ATNMY http://www.offgridthegame.com https://events.ccc.de/congress/2016/wiki/Session:Off_Grid:_a_videogame_about_hacking,_data_privacy,_and_surveillance 2016-12-27T21:00:00+01:00 21:00 2:00 Assembly:Milliways Game demo self organized sessions game en 'Off Grid' is a videogame where you have to hack into networks and exfiltrate data by manipulating vulnerable IoT devices and socially engineering other characters. Come to Milliways and play an early build of the game! ATNMY http://www.offgridthegame.com https://events.ccc.de/congress/2016/wiki/Session:Off_Grid:_a_videogame_about_hacking,_data_privacy,_and_surveillance 2016-12-27T16:00:00+01:00 16:00 1:00 Assembly:Openlab Augsburg Getting started, Q&A self organized sessions workshop de see project/siehe Projekt Anmerkung: Kinderfreundlich, aber auch für Erwachsene Fluktusdukt https://events.ccc.de/congress/2016/wiki/Session:Shitty_Robots 2016-12-27T14:00:00+01:00 14:00 2:00 Kidspace self organized sessions workshop de Wir basteln Vibrobots! Ein Vibrobot ist wahrscheinlich der einfachste und schnellste Weg einen "Roboter" zu basteln. Ohne viel Aufwand hast Du einen kleines Wesen gebaut, das sich selbständig über den Fußboden bewegt. Mischk* https://events.ccc.de/congress/2016/wiki/Session:Vibrobots_basteln_f%C3%BCr_Kids /system/events/logos/000/008/237/large/Logo-talk-33c3.png?1482882305 2016-12-28T11:30:00+01:00 11:30 00:30 Saal 1 33c3-8237-es_sind_die_kleinen_dinge_im_leben von Mikroskopen, Wahrnehmung und warum das kaum jemanden interessiert Science lecture de Jeder weiß ungefähr was ein Mikroskop ist und vielleicht hat man auch mal davon gehört das da immernoch dran geforscht wird – Stichwort Hochauflösungsmikroskopie (Nobelpreis 2014 in Chemie). Es gibt deutlich mehr Mikroskope in der professionellen Forschung als es Teleskope gibt, deutlich mehr – und da könnte man sich jetzt fragen: "Warum sehe ich so viele Bilder von Sterne, aber kaum Mikroskopiebilder von öffentlichen Einrichtungen und Stellen?". Um diese Frage zu beantworten will ich kurz in die Welt der Hochauflösungsmikroskopie einführen und die Techniken erklären. Ein bisschen über die Community erzählen und versuchen klar zu machen, warum es hier mit der Offenheit noch etwas hapert. UND: Es soll auch mikroskopiert werden. Ich habe die letzten 6 Jahre ein Mikroskop gebaut. Eins, dass mit Licht Dinge sehen kann unterhalb der Beugungsgrenze von Licht, in mehreren Farben, in 3D. Das Ding ist fertig – so fertig wie etwas sein kann, das man als Doktorarbeitsprojekt bezeichnet. Ich will das niemandem verkaufen, die Forschung ist Veröffentlicht, unsere Software dazu ist open source. Für mich war die Arbeit daran Eintrittskarte in eine andere Welt. Ich will erzählen was Hochauflösungsmikroskopie ist, die drei verschiedenen Ansätze dazu (PALM/STORM, STED, SIM), wie sie sich ergänzen und wie die technologische Entwicklung des 21. Jahrhunderts das erst möglich gemacht hat. Wie Techniken basierend auf Laserphysik (STED), stochastischem Blinken von Molekülen (PALM/STORM) oder schneller Fouriertransformation (SIM) uns ermöglichen tiefer in Zellen hinein zu schauen – und man sich plötzlich Gedanken darüber machen muss wie man etwas in einem Bild darstellt, dass eigentlich gar kein richtiges Bild ist, sondern ein vielschichtiges Messergebnis. Aber auch die Community in diesem Feld ist interessant. Langsam aber sicher verbreitet sich der open science Gedanke, immer mehr Software ist Quelloffen, es gibt sogar einen Jährlichen Wettbewerb für die beste Bildrekonstruktionssoftware, immer mehr Anleitungen zum Eigenbau machen die Runde, wie zum Beispiel Arduino Lösungen für Kameratimings, Laser aus Discobeleuchtungen und hier und da finden sich auch offene Daten. Trotzdem werden Mikroskope wohl nie dem Teleskop den Rang ablaufen, denn das was man als interessierter Bastler, oder auch als Profi auf diesem Gebiet, zu Hause anstellen kann ist begrenzt. Was geht will ich auf der Bühne zeigen mit kostengünstigen USB-Mikroskopen und evtl. mit einem kleinen Eigenbau. CC BY 4.0 false André Lampe Blog (dort gibts ne Liste mit Links aus dem Talk - nach dem Talk) /system/events/logos/000/008/083/large/logo_full-350.png?1479458993 2016-12-28T12:15:00+01:00 12:15 00:30 Saal 1 33c3-8083-how_physicists_analyze_massive_data_lhc_brain_root_higgs Science lecture en Physicists are not computer scientists. But at CERN and worldwide, they need to analyze petabytes of data, efficiently. Since more than 20 years now, ROOT helps them with interactive development of analysis algorithms (in the context of the experiments' multi-gigabyte software libraries), serialization of virtually any C++ object, fast statistical and general math tools, and high quality graphics for publications. I.e. ROOT helps physicists transform data into knowledge. The presentation will introduce the life of data, the role of computing for physicists and how physicists analyze data with ROOT. It will sketch out how some of us foresee the development of data analysis given that the rest of the world all of a sudden also has big data tools: where they fit, where they don't, and what's missing. CC BY 4.0 false Axel ROOT cling, the C++ interpreter The Slides 2016-12-28T13:00:00+01:00 13:00 00:30 Saal 1 33c3-8349-hacking_the_world The struggle for security for all. Ethics, Society & Politics lecture en In this lecture I wish to reflect on the maturation of the security and hacking communities and their role in larger societal and political participation. We'll reflect on the predominant role that technology has been growing into our lives, and the responsibilities we have in nurturing it. After having spent the last years in researching, exposing, and preventing the electronic targeting of dissidents and journalists, I hope to synthesize my experience and suggest how to reconsider our tactics, the successes, and the failures, and hopefully draw some inspiration for a brighter future. Computer systems were destined for a global cultural and economic revolution that the hacker community anticipated. We saw the potential, we saw it coming. And while we enjoyed the little time of reckless banditism, playing cowboys of the early interconnected age, we also soon welcomed the public realization that we were right all along, that information technology was going to change everything, and that information security was critical. Now, the Internet governs our lives. Success always comes with strings attached. The Internet morphed with us. Once an unexplored space we were wandering in solitude, now it has become a marketplace for goods, *the* vehicle for communication, as well as an instrument for control, and a field for battle. We learned the many ways it was abused and broken. We learned the stories of those who were victims of the shortcomings of computer and network systems, and we realized how often and brutally they were turned into means of persecution against those who struggle for free speech and democracy around the world. In this lecture I wish to reflect on the maturation of the security and hacking communities and their role in larger societal and political participation. We'll reflect on the predominant role that technology has been growing into our lives, and the responsibilities we have in nurturing it. After having spent the last years in researching, exposing, and preventing the electronic targeting of dissidents and journalists, I hope to synthesize my experience and suggest how to reconsider our tactics, the successes, and the failures, and hopefully draw some inspiration for a brighter future. CC BY 4.0 false Claudio "nex" Guarnieri /system/events/logos/000/007/865/large/687474703a2f2f692e696d6775722e636f6d2f6f65506e484a6e2e6a7067.jpg?1473218711 2016-12-28T13:45:00+01:00 13:45 00:30 Saal 1 33c3-7865-gone_in_60_milliseconds Intrusion and Exfiltration in Server-less Architectures Security lecture en <p>More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for <i>60 milliseconds</i>?</p> <p>This talk will show novel attack vectors using cloud event sources, exploitabilities in common server-less patterns and frameworks, abuse of undocumented features in AWS Lambda for persistent malware injection, identifying valuable targets for pilfering, and, of course, how to exfiltrate juicy data out of a secure Virtual Private Cloud. </p> <p>This talk will be the first public anatomy of an attack on a server-less application deployed to AWS Lambda and AWS API Gateway. It'll be useful for any application developer looking to build a server-less application, and for any hacker who's come up against this interesting new class of application.</p> <p>First, we'll take a look at the current state of server-less architectures and show some common deployment patterns and how they're used in production, comparing the advantages and trade offs against traditional monolithic servers.</p> <p>Next, we'll explore the attack surface of a server-less application, showing that where Satan closes a door, he opens a window. Using exploitables in common server-less patterns, we'll use cloud event sources as a vector for delivering our obfuscated payload.</p> <p>Then, we'll use some undocumented features in AWS Lambda to persist our malware, explore the Lambda environment looking for secret keys and other buried treasures, and pillage a remote database.</p> <p>Finally, we'll use a few more tricks to sneak out of the VPC with our precious data in tow! And, of course, we'll tidy up after ourselves leaving the DevOps team none-the-wiser.</p> CC BY 4.0 false Rich Jones Zappa - on Github 2016-12-28T14:30:00+01:00 14:30 01:00 Saal 1 33c3-8074-recount_2016_an_uninvited_security_audit_of_the_u_s_presidential_election Security lecture en The 2016 U.S. presidential election was preceded by unprecedented cyberattacks and produced a result that surprised many people in the U.S. and abroad. Was it hacked? To find out, we teamed up with scientists and lawyers from around the country&mdash;and a presidential candidate&mdash;to initiate the first presidential election recounts motivated primarily by e-voting security concerns. In this talk, we will explain how the recounts took place, what we learned about the integrity of the election, and what needs to change to ensure that future U.S. elections are secure. CC BY 4.0 false Matt Bernhard J. Alex Halderman 2016-12-28T16:00:00+01:00 16:00 01:00 Saal 1 33c3-8037-die_sprache_der_populisten Wie politische "Gewissheiten" sprachlich konstruiert werden Ethics, Society & Politics lecture de Mit dem Erstarken der Rechtspopulisten (nicht nur in Deutschland) werden populistische Positionen immer häufiger hingenommen, obwohl es sich dabei um vermeintliche "Gewissenheiten" handelt, die bei näherer Betrachtung inakzeptabel sind. Solche Positionen beruhen nicht auf einer nachvollziehbaren Argumentation, sondern auf sprachlich-rhetorischen Tricks, die im Grunde leicht zu durchschauen sind, denen jedoch immer mehr Menschen auf den Leim gehen. Dieser Vortrag soll zeigen, welche Tricks das sind und wie Populisten demaskiert werden können. Dabei wird deutlich werden, dass nicht nur eine Partei für populistische Parolen anfällig ist. Populismus besteht darin, einfache politische "Gewissheiten" zu vertreten, die leicht Anhänger finden (also populär sind). Statt diese Positionen argumentativ zu untermauern, was oft gar nicht möglich oder zumindest wenig überzeugend ist, wird oft mit Stereotypisierungen und Scheinargumenten gearbeitet. Oft verweisen Populisten auf das "Recht des Stärkeren" (der Mehrheit) und stellen das als "demokratisch" dar, obwohl der Minderheitenschutz ein wesentliches Merkmal demokratischer Systeme ist. Gleichzeitig wird eine Minderheit zum Sündenbock gemacht. Eine populistische Forderung wird sprachlich oft auf eine einfache Formel gebracht ("Obergrenze", "Kinder statt Inder", "Flüchtlingswelle", "Leistung muss sich wieder lohnen" usw.), wobei oft mit bestimmten Tricks gearbeitet wird, z.B. mit Unterstellungen (genauer: Präsuppositionen bzw. Implikaturen) und framing (Einordnung in einen größeren, möglicherweise unpassenden Zusammenhang). Sich auf populistische Scheinargumentationen einzulassen, ist gefährlich, weil damit oft unbewusst unhaltbare Positionen, auf denen die Argumentation beruht (z.B. ein bestimmtes framing), hingenommen und nicht mehr hinterfragt werden. CC BY 4.0 false Martin Haase/maha Rechtspopulismus Neusprech-Blog "Völkisch" ist nicht irgendein Adjektiv 2016-12-28T17:15:00+01:00 17:15 01:00 Saal 1 33c3-8117-3_years_after_snowden_is_germany_fighting_state_surveillance A Closer Look at the Political Reactions to Mass Surveillance in Germany Ethics, Society & Politics lecture en Germany has a good reputation for strong data protection. It also features the only parliamentary inquiry committee investigating the Snowden revelations. But what are actual results of parliamentary, journalistic and public engagement? What did we learn from 3 years of debate on secret service surveillance? What did the the inquiry committee find out? What are political consequences? Is Germany really a desirable role model in the anti-surveillance movement? Or at least efficiently controlling its own secret services? We’ll provide answers. They might change your perception of how Germany deals with the fundamental right to privacy. The speakers work for netzpolitik.org, the leading news outlet on digital rights in Germany. They have published many classified documents on surveillance, dodged treason-charges, and live-transcribe every hearing of the parliamentary inquiry committee on mass surveillance, totaling over 3.000 pages of text. CC BY 4.0 false anna Andre Meister live-blogs from the Bundestag inquiry committee 2016-12-28T18:30:00+01:00 18:30 01:00 Saal 1 33c3-8136-stopping_law_enforcement_hacking Ethics, Society & Politics lecture en We didn’t win the second crypto wars. Governments merely made a strategic retreat and they’ll be back. Although they will likely give up on trying to regulate or prohibit encryption, we should expect that malware and law enforcement hacking will play a starring role in the next battle in the crypto wars. In a world where encryption is increasingly the norm, the cops aren’t going to give up and go home. No, they’ll target our scarily insecure mobile devices and computers. How did we get here, what's going on, and what can we do to stop it? Come to this talk to find out. For more than fifteen years, the FBI has had a dedicated hacking team. Until recently, this team’s hacking operations were shrouded in near-complete secrecy. That is slowly starting to change. And while we still don’t know a lot, what we have learned is alarming. For example, in order to deliver malware, the FBI has impersonated journalists and engaged in bulk-hacking operations that targeted users of legitimate communications services (TorMail). As the next crypto wars unfold in Washington, London and Brussels, we should expect to see law enforcement hacking play a central role in the debate. With the mass, default adoption of full disk encryption storage and end-to-end encryption for communications, law enforcement agencies will no doubt struggle to acquire data that has traditionally been easy for them to get. This will likely result in two significant policy shifts – first, it will force law enforcement hacking out of the shadows, and second, it will cause hacking tools to trickle down from elite, well-resourced federal law enforcement units to regional and local cops, who are most impacted by encryption, the least technically sophisticated and the most likely to abuse hacking tools. If a world in which the FBI hacks is scary, just wait until local police departments are doing it too. We must stop the spread of hacking as a law enforcement tool, before it is too late. CC BY 4.0 false Christopher Soghoian 2016-12-28T20:30:00+01:00 20:30 02:15 Saal 1 33c3-8440-die_nsu-monologe_nsu-monologlari Dokumentarisches Theater Art & Culture performance de Der Kampf der Hinterbliebenen um die Wahrheit --- Geride kalanların gerçekler için savaşı Fünf Jahre nach Bekanntwerden des "Nationalsozialistischen Untergrunds" erzählen die NSU-Monologe von den jahrelangen Kämpfen dreier Familien der Opfer des NSU - von Elif Kubaşık, Adile Şimşek und İsmail Yozgat: von ihrem Mut, in der 1. Reihe eines Trauermarschs zu stehen, von der Willensstärke, die Umbenennung einer Straße einzufordern und vom Versuch, die eigene Erinnerung an den geliebten Menschen gegen die vermeintliche Wahrheit der Behörden zu verteidigen. --- “Nasyonal sosyalist yeraltı” oluşumundan tam beş yıl sonra NSU-monologları NSU kurbanları olan üç ailenin savaşını anlatıyor - Elif Kubaşık, Adile Şimşek ve İsmail Yozgat: onların cesaretini, cenaze töreninde ilk sırada durmayı, irade gücünü, bir sokağın tekrar isim değiştirme talebini ve son olmayacak şekile, sevdiği kişinin hatıralarını sözde doğruları konuşan araştırmacı karşısında savunma yapmalarını anlatıyor. --- Veranstaltung auf Deutsch mit Türkischen und Englischen Übertiteln --- Publikumsgespräch im Anschluss mit: Nissar Gardi, Referentin des Projekts "Empower. Beratungsstelle für Betroffene rechter, antisemitischer und rassistischer Gewalt" & Andreas Kienzle, Nebenklageanwalt der Familie Yozgat true Bühne für Menschenrechte Elisabeth Pleß Idil Üner Mehmet Kurtulus Vanida Karun Michael Ruf Nissar Gardi Andreas Kienzle Florentine Seuffert Barnie Ecke Robert Colonius Sarah Sott 2016-12-28T23:00:00+01:00 23:00 01:00 Saal 1 33c3-8439-durchmarsch_von_rechts …und was wir dagegen tun können Ethics, Society & Politics lecture de Seit einigen Jahren formieren sich am rechten Rand der Gesellschaft explosionsartig neue rassistische, völkisch-nationalistische und offen nazistische Strömungen, Gruppen und Parteien. Einen erschreckenden Verstärker findet das neue braune Getöse in den sozialen Medien und sein Resonanzraum reicht inzwischen bis weit in die Mitte der Gesellschaft. Teil des Problems sind institutioneller Rassismus in den Behörden und unkontrollierbare Geheimdienste, die den Mob gewähren lassen: Dafür bietet der NSU-Komplex ein erschütterndes Beispiel. Vor dem neuen, sehr lauten, in der Tendenz aber auch gewalttätigen und terroristischen Phänomen rechter Formierung stehen Linke und bürgerliche Mitte ziemlich verdattert und hilflos. Jetzt kommt es darauf an, diese Hilflosigkeit zu überwinden, das Geschehen zu analysieren und sich Gegenstrategien einfallen zu lassen. Das ist „unser“ Job. Wann hat es begonnen? Wann hat sich der rechte Erdrutsch in Bewegung gesetzt? War es Ende der Nuller Jahre mit Eva Hermann? War es Thilo Sarrazins Bestseller „Deutschland schafft sich ab“? Seither ging es Schlag auf Schlag und spätestens seit der Ankunft Hundertausender Geflüchteter aus globalen Krisengebieten gibt es eine Dauerpräsenz rassistischer Proteste wie Pegida auf den Straßen und eine alarmierende Welle offener Gewalt gegen Geflüchtete, Migrant_innen und Linke. Laut Bundesinnenministerium haben sich seit 2014 bis Mitte 2016 rund 2500 Angriffe und Anschläge auf zum Teil bewohnte Geflüchtetenunterkünfte ereignet; im Frühjahr 2016 hat selbst das Bundeskriminalamt vor der Entstehung neuer rechter Terrorgruppen á la NSU gewarnt, die sich von rassistischen Protesten zum Handeln ermuntert fühlen. <br> Als hätten Zehntausende nur auf das Stichwort gewartet, entlädt sich derzeit in sozialen Netzwerken blanker Hass gegen das Establishment, gegen „links-versiffte Gutmenschen“, gegen „Nicht-Deutsche“ und Geflüchtete, progressive politische Aktivist_innen und Frauenrechtler_innen und Muslim_innen. Im Netz schießt der Rassismus mit heillos hypertrophierenden, in sich hermetischen Verschwörungswelten zusammen und konstituiert in Vollendung, was mit „postfaktische Zeiten“ gemeint ist. <br> Eine seit Jahrzehnten ohne großen Einfluss vor sich hin dümpelnde „Neue Rechte“ erlebt eine enorme Konjunktur, ihren einstigen Rufern in der Wüste wie Götz Kubischek vom neurechten Institut für Staatspolitik oder Hardcore-Trollen wie dem Compact-Chefredakteur Jürgen Elsässer hören auf einmal Tausende zu und freuen sich, dass „so kluge Leute“ ihnen aus der Seele sprechen. <br> Durch die Decke gehen die Wahlergebnisse der „Alternative für Deutschland“ seit einigen Jahren, befeuert durch die beschriebenen Umstände: Noch bei jeder Wahl erzielte die einstige Anti-Euro-Partei der Wirtschaftsprofessoren und Unternehmer – nach einigen politischen Häutungen zur neo-nationalistischen, völkischen Anti-Establishment-Partei gewandelt – aus dem Stand zweistellige Ergebnisse, sitzt heute in 10 Landesparlamenten und bereitet sich auf den anscheinend unaufhaltsamen Einzug in den Bundestag vor. <br> Andere apokryphe völkisch-nationalistische Gruppen und Initiativen wie die „Identitären“, die „Reichsbürger“, „Einprozent“, allenthalben gegen die „Umvolkung“ entstehende Bürgerwehren, Burschenschaften, „Bürgerforen“, neue Neonazi-Parteien wie „Der Dritte Weg“ oder die „Rechte“ und knallharte Nazi-Kameradschaften versuchen an diese sich neu formierende nationalistische Bewegung anzudocken und aufzusatteln. Militante Vigilanten organisieren den völkischen „Selbstschutz“ gegen Zuwanderung und staatliche Stellen sehen allzuoft augenzwinkernd zu. Erst als ein „Reichsbürger“ Mitte Oktober einen Polizisten erschießt, beginnt der Apparat – auch gegen die „Reichsbürger“ in den eigenen Reihen – zu ermitteln. Gewaltbereitschaft, Bewaffnung, Selbstermächtigung und terroristisches Vorgehen gegen „Unerwünschte“ oder Andersdenkende sind der neue Trend. <br> Personelle und ideologische Querverbindungen zwischen den bedrohlichen neuen Formationen, der AfD, den rechten Rändern der etablierten Parteien und weiteren reaktionäre Erscheinungen wie der christlich-fundamentalistischen, antifeministischen Bewegung, aber auch – personifiziert etwa in dem Thüringer AfD-MdL Björn Höcke – zu „echten“ Nazis lassen sich zahlreich nachweisen. Die Verharmlosung des Nationalsozialismus oder gar die Leugnung seiner Verbrechen gehört dabei zusehends zum Sagbaren und mutig gegen „Sprechverbote“ Herausposaunten. <br> Es entsteht mit den neuen rechten Netzwerken ein Panorama des Grauens, das für alle links und emanzipativ, sozial und menschenrechtlich Orientierten eine gigantische Herausforderung darstellt. Die Schockstarre und Handlungsunfähigkeit einer kritischen, progressiven Masse zu überwinden und eine unverbrüchliche humane Orientierung in postfaktischen Zeiten der Krise stark zu machen, ist das Gebot der Stunde. <br> Und während das alles geschieht laufen seit 3 ½ Jahren der NSU-Prozess in München und unterdessen 12 Parlamentarische Untersuchungsausschüsse (PUA) zum NSU-Komplex: Neben den rassistischen Verbrechen des „Nationalsozialistischen Untergrunds“ und seines mutmaßlich etliche hundert Helfer_innen umfassenden Netzwerkes, dem institutionellen Rassismus in den Ermittlungsbehörden, die jahrelang gegen die Opfer des NSU ermittelt haben, wird vor Gericht und in den PUAs vor allem auch die Verstrickung des Staates und seiner Inlandsgeheimdienste in den rechten Terror deutlich: Auch dieser Befund trägt etwas zur Stimmung im Lande bei und muss für den Protest dagegen ins Kalkül gezogen werden. false Friedrich Burschel Durchmarsch von Rechts /system/events/logos/000/008/021/large/brawl.jpg?1481931664 2016-12-29T00:15:00+01:00 00:15 00:30 Saal 1 33c3-8021-eine_kleine_geschichte_der_parlamentsschlagerei Schlagende Argumente, fliegende Fäuste Entertainment lecture de Der Vortrag gibt einen Abriss über die Geschichte der Parlamentsschlägerei, ordnet diese politisch und geografisch ein - um dann die verschiedenen Typen und Formen anhand von Videomaterial zu zeigen und gemeinsam zu analysieren. Die beiden Vortragenden betreiben seit 2010 gemeinsam das weltweit einzige Fachblog für Parlamentsschlägereien. Du findest Parlamentsdebatten todlangweilig? Bei Phoenix TV schläfst du ein? Politischer Kampf klingt für dich nur nach Geschichtsbuch? Unsympathische Abgeordnete in Parlamenten wecken bei Dir Gewaltphantasien? Wir haben die Lösung für all diese Probleme: Internationale Parlaments-Schlägereien! Die beiden Vortragenden betreiben mit großer Freude ein Fachblog für diese Form der handfesten parlamentarischen Auseinandersetzung. In sieben Jahren haben sie über 100 Videos gesammelt, wie Abgeordnete raufen, schlagen, treten - und so manches Inventar zur Waffe umfunktionieren. Im kurzweiligen Abend-Vortrag geben sie einen kleinen Abriss über die Geschichte der Parlamentsschlägerei, zeigen verschiedene Typen und Formen, vergeben Preise für außergewöhnliche Leistungen - und stellen sogar die neuesten wissenschaftlichen Erkentnisse zum Thema vor. Aber keine Angst: Es bleibt unterhaltsam. CC BY 4.0 false Joachim Schautenbach Pia Fortunata parliamentfights.wordpress.com /system/events/logos/000/007/960/large/logo.png?1474487509 2016-12-29T00:45:00+01:00 00:45 01:30 Saal 1 33c3-7960-fnord-jahresruckblick Wir helfen euch, die Fnords zu sehen! Entertainment lecture de Wenn mal wieder der Zensor pinkeln war, wenn DAMIT ja wohl NIEMAND rechnen konnte, wenn es um demokratisch legitimiertes Baumanagement oder um Stahlbälle geht, dann ist es wieder an der Zeit für eine lockere Abendshow mit den High- und Lowlights des Jahres. Lehnen Sie sich zurück, bringen Sie die Poppfolie in Stellung, tragen Sie die Schwielencreme gegen Facepalm-Blutergüsse auf der Stirn auf, brechen Sie das Popcorn an und genießen Sie die lockere Abendrevue zum Jahr 2016! CC BY 4.0 false Fefe frank 2016-12-28T11:30:00+01:00 11:30 00:30 Saal 2 33c3-8266-der_33_jahreruckblick Technology and Politics in Congress Talks, from 1984 to now Ethics, Society & Politics lecture en The proper relationship of technology and politics have been the subject of an evergreen debate on the floor of the Chaos Communication Congress. Rather than taking a position in this debate, we are asking how the two have been co-articulated in practice so far by CCC participants? The proper relationship of technology and politics and thereby the percentage each covers in the Congress schedule have been the subject of an evergreen debate at the floor and in the corridors of the Chaos Communication Congress. Rather than taking a position in this debate, we are asking how the two have been co-articulated in talks so far by CCC participants? In order to answer this question, we are analysing the available titles and abstracts of Congress talks from 1984 until now. This ongoing research seeks to identify changing trends, significant outliers, apparent patterns and common threads throughout the years. We also wonder if it is possible to identify turning points in the narrative. The empirical data is contextualised by reflections on the shifting ground of technology, politics and society in the world during the long history of the CCC, as well as by qualitative reflections of attendants. We are inviting the audience to help us with the latter by joining in a follow-up discussion after the presentation. CC BY 4.0 false maxigas mel Research blog of maxigas Slides /system/events/logos/000/007/909/large/TSA2.jpg?1473779744 2016-12-28T12:15:00+01:00 12:15 00:30 Saal 2 33c3-7909-syrian_archive Preserving documentation of human rights violations Ethics, Society & Politics lecture en Journalists and human rights groups need to find and use verified visual evidence in order to accurately report about what’s happening in conflict zones. In the case of Syria, there are more hours of online footage online than there have been hours of conflict. There is currently no tool that supports finding, collecting, preserving and collaboratively verifying and curating visual evidence from social media platforms: The Syrian Archive is the first to do so. In this talk, members of the Syrian Archive team will give an overview of the Syrian Archive project, explore the technical components and verification procedures, and review investigations completed using open source methodologies. Journalists and human rights groups need to find and use verified visual evidence in order to accurately report about what’s happening in conflict zones. We have currently developed an open source tool in alpha stage in collaboration with developers from Tactical Tech which collects and preserves video evidence from Youtube. We have additionally developed a unique workflow in order to verify video documentation and to conduct our investigations. By aggregating, preserving, cataloging and securing digital documentation relating to human rights violations in Syria, the Syrian Archive project helps Syrian civil society, human rights activists, media offices, journalists and lawyers increase their capacity to respond to human rights violations thorough using documentation and investigations that adhere to international standards, and using better tools to demand accountability against perpetrators of those violations. Findings from investigations have been used by Human Rights Watch, the United Nations Security Council and the Organisation for the Prevention of Chemical Weapons in their work investigating the Syrian conflict. Further, research has been cross-published by Bellingcat, an award-winning open source investigation platform and partner to the project. CC BY 4.0 false Jeff Deutch Hadi Al-Khatib Syrian Archive 2016-12-28T13:00:00+01:00 13:00 00:30 Saal 2 33c3-7860-welcome_to_the_anthropocene (Did) We Accidentally a New Geological Epoch(?) Science lecture en The Anthropocene is widely understood to mean the current <em>&quot;period of Earth's history during which humans have a decisive influence on the state, dynamics and future&quot;</em> of this planet. For several years, scientists in the <a href="http://quaternary.stratigraphy.org/workinggroups/anthropocene/" title="Website of the Working Group on the &#39;Anthropocene&#39; (AWG)">Working Group on the 'Anthropocene' (AWG)</a> have <a href="https://www2.le.ac.uk/offices/press/press-releases/2016/august/media-note-anthropocene-working-group-awg" title="Media note on AWG recommendations">worked (and voted!)</a> on defining the beginning of the Anthropocene in geochemical terms. The mid-20^th century provides an obvious geochemical 'timestamp': fallout from <a href="https://media.ccc.de/v/31c3_-_6121_-_en_-_saal_2_-_201412291715_-_what_ever_happened_to_nuclear_weapons_-_michael_buker" title="Michael Büker&#39;s &#39;What Ever Happened to Nuclear Weapons?&#39; talk at 31c3">nuclear weapons detonations</a>. Which other chemicals and timestamps are being considered for marking the Anthropocene's start? How is 'define-by-committee' even working out for <a href="http://www.stratigraphy.org/index.php/ics-chart-timescale" title="International Chronostratigraphic Chart AKA Geological Timescale">geological epochs</a>? This talk boils the scientific background of the Anthropocene debate down for non-stratigraphers. <p><a href="https://en.wikipedia.org/wiki/Stratigraphy" title="Wikipedia: Stratigraphy">Stratigraphers</a> are geologists, who focus on sediment, rock or ice layers, etc. These 'strata' form by deposition of organic or inorganic material (such as microorganisms or volcanic ash) and provide a records of the history of our planet's surface. Because gas bubbles, isotopes, etc. are captured in the strata, scientists can analyse the geochemistry of the past, date certain events, and more. That kind of data ultimately underlies <a href="https://xkcd.com/1732/" title="xkcd comic &#39;Earth Temperature Timeline&#39;">xkcd's recent 'Earth Temperature Timeline'</a>. Direct measurements of geochemical signals such as <a href="https://scripps.ucsd.edu/programs/keelingcurve/" title="Keeling curve of CO2 concentrations">atmospheric CO₂ concentration</a> and ocean pH started only in the mid-20^th century.</p> <p>Besides the <a href="https://ipcc.ch/" title="Website of the Intergovernmental Panel on Climate Change">Intergovernmental Panel on Climate Change</a>, the AWG is possibly the most diverse scientific committee with most public attention currently. Therefore, defining the Anthropocene is a multi-disciplinary, collaborative scientific effort, as well as an inherently political statement. This talk will explain why.</p> CC BY 4.0 false KaLeiMai International Chronostratigraphic Chart (AKA Geological Time Scale) KonScience-Episoden zu dem Thema AWG's status in Aug.'16 AWG homepage slides 2016-12-28T13:45:00+01:00 13:45 00:30 Saal 2 33c3-8169-in_search_of_evidence-based_it-security IT security is largely a science-free field. This needs to change. Science lecture en Applied IT security is largely a science-free field. The IT-Security industry is selling a range of products with often very questionable and sometimes outright ridiculous claims. Yet it's widely accepted practice among users and companies that protection with security appliances, antivirus products and firewalls is a necessity. There are no rigorous scientific studies that try to evaluate the effectiveness of most security products or strategies. Evidence-based IT security could provide a way out of the security nihilism that's often dominating the debate – however it doesn't exist yet. From Next-Generation APT-Defense to Machine Learning and Artificial Intelligence: The promises of IT security product vendors are often bold. Some marketing promises are simply impossible, because they violate a fundamental theorem of computer science, the halting problem. Many IT security professionals are skeptical of security appliances, antivirus software and other IT security products and call them snake oil. Furthermore security products often have security vulnerabilities themselves, which has lately been shown by the impressive work done by Tavis Ormandy from Google's Project Zero. When there's disagreement about the effectiveness of an approach then rational people should ask for scientific evidence. However, surprisingly this evidence largely doesn't exist. While there obviously is a lot of scientific research in IT security it rarely tries to answer practical questions most relevant to users. Decisions are made in an ad-hoc way and are usually based on opinions rather than rigorous scientific evidence. It is quite ironic that given the medical analogies this field likes to use (viruses, infections etc.), nobody is looking how medicine solves these problems. The gold standard of scientific evidence in medicine (and many other fields) is to do randomized controlled trials (RCTs) and meta-analyses of those trials. An RCT divides patients in groups and a treatment – for example a new drug – is compared against a placebo treatment or against the current best practice. Single trials are usually not considered sufficient, therefore meta-analyses pool together the results of all trials done on a particular question. There's no reason RCTs couldn't be applied to the question whether a particular security product works. Evidence-based medicine is undoubtedly the right approach, but these methods aren't without problems. Publication Bias skews results, many studies cannot be replicated and the scientific publishing and career system is often supporting poor scientific practices. But this doesn't question the scientific approach itself, it just means that more rigorous scientific practices need to be implemented. Unfortunately, in the few cases where controlled studies are done in the Infosec world they often suffer from the most basic methodological problems like being underpowered (too few participants), never being independently replicated or not measuring relevant outcomes. (There are a few studies on password security and similar questions.) Applying rigorous science to IT security could provide a way out of the security nihilism that dominates the debate so often these days - “Everything is broken, everyone's going to get hacked eventually”. And by learning from other fields Evidence-Based IT Security could skip the flaws that rife other fields of science. CC BY 4.0 false hanno Slides 2016-12-28T14:30:00+01:00 14:30 00:30 Saal 2 33c3-8181-haft_fur_whistleblower Demokratiefeindliches Strafrecht: Die Datenhehlerei gem. § 202d StGB Ethics, Society & Politics lecture de Der neue Straftatbestand der Datenhehlerei gem. § 202d StGB kriminalisiert Whistleblower und droht mit Haftstrafe bis zu drei Jahren oder Geldstrafe. Das schwächt die Zivilgesellschaft und verhindert wichtige demokratische Aufklärungsprozesse. Im Dezember 2015 hat der Bundestag mit dem Gesetz zur Vorratsdatenspeicherung auch von der Öffentlichkeit zunächst unbemerkt die „Datenhehlerei“ unter Strafe gestellt und den § 202d StGB erlassen. Der Straftatbestand soll nach Ansicht des Gesetzgebers eine Lücke im Bereich der Cyber-Kriminalität schließen und den Verkauf von rechtswidrig erlangen Daten erfassen, mit denen typischerweise von den Käufern Straftaten begangen werden. Hier geht es z. B. um den illegalen Handel mit Kreditkartendaten, Bankverbindungen und Log-In-Daten für Onlineshops. Das ist zunächst mal durchaus akzeptabel. Die Strafbarkeit beschränkt sich jedoch nicht auf diese Fälle. Denn auch Whistleblower sind von der neuen Regelung betroffen. Strafbar macht sich nämlich durchaus auch, wer rechtswidrig erlangte Daten weitergibt, an deren Veröffentlichung die Allgemeinheit ein überaus großes Interesse hat. Das aber schadet dem demokratischen Gemeinwesen und verhindert die Aufklärung von gesellschaftlichen Missständen. CC BY 4.0 false RA Ulrich Kerner Beitrag auf der re:publica 2016: Blogger zwischen Pressefreiheit und Polizeimaßnahmen /system/events/logos/000/008/229/large/brace2big.jpg?1475257311 2016-12-28T16:00:00+01:00 16:00 01:00 Saal 2 33c3-8229-copywrongs_2_0 We must prevent EU copyright reform from breaking the internet Ethics, Society & Politics lecture en EU copyright reform plans threaten freedom of expression: Commissioner Günther Oettinger wants to make sharing even the tiniest snippets of news content subject to costly licensing, and obligate internet platforms to monitor all user uploads. We can still stop these proposals – if you join the fight now. Two years ago, I laid out the urgent need for EU copyright reform <a href="https://events.ccc.de/congress/2014/Fahrplan/events/6350.html">at 31c3</a>. Now the reform proposal is finally on the table – but Commissioner Oettinger has let big business interests hijack it. Instead of updating copyright law to better fit the digital age, he wants to try to use it to make the internet fit the established business models of analogue industry giants: • The link is under attack: Extra copyright for news sites would make most ways of sharing even 20-year-old news articles illegal without a license. Website owners, news aggregators, social networks, curation/bookmarking apps, „read later“ services, etc. would need to pay news sites for linking to with even the shortest of teaser snippets. • Internet platforms would be obligated to scan all user uploads for copyright infringements – a huge burden on community projects like Wikipedia as well as EU startups. Because robots are bad at evaluating when copyright exceptions apply, lots of legal works would be taken down. • The new copyright exception for text and data mining would restrict the freedom to do so to public institutions. Hackers and amateur scientists would be left out in the cold. • The proposals leave discriminatory geoblocking and restrictions on the freedom of panorama here to stay. We must stop these proposals from harming the internet. I’ll lay out how you can help. CC BY 4.0 false Julia Reda Commissioner Oettinger is about to turn EU copyright reform into another ACTA /system/events/logos/000/007/824/large/Blockchain_small.png?1472849124 2016-12-28T17:15:00+01:00 17:15 01:00 Saal 2 33c3-7824-einfuhrung_zu_blockchains Security lecture de Blockchain ist die Technologie welche moderne Kryptowährungen ermöglicht. In dem Vortrag wird die Funktionsweise von Blockchains ganz allgemein erklärt. Anhand der Bitcoin Blockchain wird ausserdem gezeigt, wie diese Funktionen in einem echten System umgesetzt werden können. Blockchain ist die Technologie hinter Bitcoin. Sie macht Kryptowährungen überhaupt erst möglich und die meisten Vorgänge moderner Kryptowährungen können anhand der jeweiligen Blockchain aufgezeigt und erklärt werden. Der Vortrag gibt eine Einführung zu Blockchains. Es wird gezeigt, was Blockchains bezwecken sollen und wie sie das erreichen. Die Grundlegenden Eigenschaften werden anhand eines abstrakten Modells erklärt: <ul> <li>Wie wird ein Konsens etabliert</li> <li>Wie schützen Blockchains vor doublespending</li> <li>Wie schützen Blockchains vor Angriffen auf einzelne Teilnehmer des P2P Netzwerkes</li> <li>Was ist ein Proof of work und welche Rolle spielt er für die Sicherheit</li> <li>Wie kann der Zustand effizient an alle Teilnehmer verteilt werden</li> </ul> Anhand der Bitcoin Blockchain soll ausserdem gezeigt werden, wie diese Funktionen in einem echten System umgesetzt werden können. Ausserdem wird die Funktionsweise von Light-clients behandelt. Dabei spielen insbesondere der Aufbau der Bitcoin Blöcke und der Schutz der Transaktionen mittels eines Merkle Baumes eine wichtige Rolle. Der Vortrag fokussiert auf die Blockchain-Technologie. Funktionen und Implementationsdetails von Bitcoin, die mit der Blockchain nicht in direktem Zusammenhang stehen, werden nicht behandelt. Es werden die Eigenschaften öffentlicher, POW basierter, Blockchains behandelt, private Blockchains, wie sie in von Finanzinstituten entwickelt werden, werden nicht behandelt. CC BY 4.0 false vimja Presentation sourc code Handout (revision 0.99) Slides 2016-12-28T18:30:00+01:00 18:30 01:00 Saal 2 33c3-8416-the_untold_story_of_edward_snowden_s_escape_from_hong_kong and How You Can Help the Refugees Who Saved His Life Ethics, Society & Politics lecture en On June 9, 2013, Edward Snowden revealed massive civil rights abuses by the NSA. On June 10, Snowden didn’t know where to hide. Snowden’s revelations had started the greatest intelligence man hunt in history. The entire US secret service apparatus was looking for the American Whistleblower. Every policeman in Hong Kong was on the lookout. And hundreds of journalists were flooding the city to find the man who shocked the world. No one could find him. On June 23, Snowden boarded a plane to Moscow. In the two weeks before that, he had simply been invisible. For three years, these two weeks have been unexplained. Then, investigative journalist Sönke Iwersen from the German newspaper Handelsblatt filled in the gaps. Today, Sönke will present the people who kept Snowden alive: rights lawyer Robert Tibbo, who is coming from Hong Kong to Hamburg to join us on stage. Ajith, a former soldier from Sri Lanka. Vanessa, a domestic helper from the Philippines. And Nadeeka and Supun, a refugee couple in Hong Kong. Without any preparations, these five men and women were given an almost impossible task: Hide the most wanted man alive. This hour at 33c3 will tell how they succeeded. You will learn about Snowden’s days in hiding, the human rights situation for refugees in Hong Kong, and how you can help both Snowden and the refugees who saved his life. Also, you will hear the latest news on Edward Snowden himself. Lena Rohrbach from Amnesty International will tell you about the Pardon Snowden Campaign and how you can participate. Time is running out! false Lena Rohrbach Sönke Iwersen Robert Tibbo https://www.gofundme.com/snowdenguardians https://fundrazr.com/snowdensguardians 2016-12-28T20:30:00+01:00 20:30 01:00 Saal 2 33c3-8034-build_your_own_nsa How private companies leak your personal data into the public domain, and how you can buy it. Security lecture de When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession. When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. Companies which are quite big, with thousands of employees but names you maybe never heard of. They all try to get their hands on your personal data, often with illegal methods. Most of them keep their data to themselves, some exchange it, but a few sell it to anyone who's willing to pay. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession. Your “click-stream data”, every URL you have been visiting while browsing the web. After a couple of weeks and some phone calls we were able to acquire the personal data of millions of German Internet users - from banking, over communication with insurance companies to porn. Including several public figures from politics, media and society. In the talk, we'll explain how we got our hands on this data, what can be found inside and what this could mean for your own privacy and safety now and in the future. * Introduction & background * Who collects data and for which purposes * How we got our hands on a large data sample * What's in it? Detailed analysis of the data set * How does it work? Analysis of the collection methods * Outlook: Can we still save our privacy? CC BY 4.0 false Andreas Dewes @sveckert /system/events/logos/000/007/912/large/spiegelmining_logo_ccc.png?1479141333 2016-12-28T21:45:00+01:00 21:45 01:00 Saal 2 33c3-7912-spiegelmining_reverse_engineering_von_spiegel-online Wer denkt, Vorratsdatenspeicherungen und „Big Data“ sind harmlos, der kriegt hier eine Demo an Spiegel-Online. Ethics, Society & Politics lecture de Seit Mitte 2014 hat David fast 100.000 Artikel von Spiegel-Online systematisch gespeichert. Diese Datenmasse wird er in einem bunten Vortrag vorstellen und erforschen. Der Vortrag gibt tiefe und überraschende Einblicke in das Verhalten des vielleicht größten Meinungsmachers Deutschlands. Ihr werdet Spiegel-Online danach mit anderen Augen lesen. Dazu gibt er einen <i>allgemeinverständlichen</i> Überblick, was mit der heutigen Daten-Auswerterei alles geht. Ihr werdet also vielleicht auch mehr aufpassen, was für Daten von euch ihr ins Internet lasst. Der Vortrag hat drei rote Fäden: <b>1) Wir reverse engineeren Spiegel-Online.</b> Wir nehmen den Datensatz so richtig auseinander und betrachten Spiegel-Online aus vielen völlig neuen Blickwinkeln. Das Ganze wird bunt, unterhaltsam und anschaulich passieren, so dass es für Techies und Nicht-Techies eingängig ist. Warum sind manche Artikel lang, manche kurz? Kann man Artikeln ansehen, ob die Redakteure wirklich dahinter stehen oder nicht? Welche Redakteure sind enger miteinander verbandelt als andere? Welche Inhalte hält der Spiegel selbst für politisch inkorrekt? Kann man sowas <i>wirklich</i> einfach so von außen messen? Glaubt’s mal – man kann. Bei einigen der Auswertungen wird vielleicht „nur“ das rauskommen, was ihr euch schon vorher denken konntet. Bei anderen werden wir überraschende Ergebnisse erhalten. Und manchmal entdeckt man auch Systematiken da, wo man überhaupt keine erwartet hat. Kurz: Wir werden kreativ sein. Wir werden etwas lernen und Spiegel-Online auch. <b>2) Ein Überblick über „Data Science“.</b> Wir betrachten nicht nur die Vorgehensweise, sondern auch die Möglichkeiten und gesellschaftlichen Gefahren der Datensammelwut und Auswerterei. Über den Vortrag hinweg wird David – locker und unmathematisch – verschiedene Methoden des Datenauswertens anhand des Spiegel-Online-Datensatzes anschaulich machen. Nicht mit Formeln, sondern mit bunten Grafiken. Nach dem Vortrag werdet ihr eine Vorstellung davon haben, was sich hinter dem „Big Data“-Buzzword verbirgt, und warum dieser Hype – bei allem Nutzen, den er haben mag – gesellschaftlich auch sehr gefährlich ist. Ihr könnt nämlich überhaupt nicht wissen was ihr über euch preisgebt, wenn ihr irgendwelche Daten veröffentlicht. Egal, wie uninteressant eure Daten für euch aussehen mögen – was man daraus lesen kann, entscheidet der Gegner und nicht ihr. <b>3) Und für die Aktivisten unter euch</b> liefert der Vortrag eine grobe Anleitung, wie man es sinnvoll anstellt, wenn man ein Massenmedium (oder auch beliebige andere Sachen im Internet) mal beobachten und so richtig durchleuchten will. Wie sammeln wir die Daten? Wie geht man kreativ mit Daten um? Wie findet man Zusammenhänge? Wie gießt man die Daten in sinnvolle und ästhetische Bilder, mit denen jeder etwas anfangen kann? Es gibt ja nur eine Breitband-Verbindung ins Gehirn: die Augen. CC BY 4.0 false David Kriesel /system/events/logos/000/008/398/large/messowires.jpg?1476689522 2016-12-28T23:00:00+01:00 23:00 01:00 Saal 2 33c3-8398-shining_some_light_on_the_amazon_dash_button Hardware & Making lecture en This talk will explore the hard- and software of the Amazon Dash button. While the old hardware-revision of the button has already been analyzed and can be repurposed easily, the new hardware-revision is locked more tightly to prevent tinkering. In this talk a detailed teardown of the dash button hardware will be given. The talk will also have a closer look at the software running on the device and how communication with the server works. Although the new hardware-revision of the button makes use of the controller lockbits to prevent the user from reprogramming the device, a method for running custom code on the device and extracting stored secret keys will be presented. CC BY 4.0 false hunz git repository slides 2016-12-29T00:45:00+01:00 00:45 01:30 Saal 2 33c3-8461-fnord-jahresruckblick_stream Entertainment other false /system/events/logos/000/008/062/large/Untitled.png?1475144790 2016-12-28T11:30:00+01:00 11:30 01:00 Saal G 33c3-8062-a_look_into_the_mobile_messaging_black_box A gentle introduction to mobile messaging and subsequent analysis of the Threema protocol. Security lecture en Most of us use mobile messaging every day. We use certain apps that we chose for a number of factors, like our friends using it, good press, privacy promises, or simply their feature sets. This talk aims to enable more of us to reason about the privacy and security of messaging apps. We will try to present simple analogies translating abstract security and privacy expectations into concrete feature sets. We will illustrate these features using the the popular messaging app Threema. Our analysis of its protocol is based on our own reverse-engineering efforts and a re-implementation of the Threema protocol that we will release during the talk. Despite its ubiquitous application and widespread acceptance, mobile instant messaging remains a complex matter and is often not understood by its users. Easy-to-use apps and security assurances by their developers suggest users a safe and private environment for conversation. At the same time, more and more apps flood the market and it is becoming increasingly difficult, even for technically-educated users, to keep track of both technological development and their own security and privacy requirements. We want to present a talk that sheds some light into technical aspects of mobile instant messaging and presents an overview of techniques and design decisions by different mobile instant messaging app developers. We aim at both technically-educated and casual users alike, trying to present simple analogies and break down complex details into understandable components. After an introduction to the mobile instant messaging world, we will dissect one of the most popular mobile instant messaging apps in Germany: Threema. It is closed-source and only superficially documented, yet widely used. We picked it for a particular design decision in its protocol, the lack of which we consider the most important flaw in competitor protocols like Signal: the use of discardable IDs in favor of phone numbers. Another interesting aspect about Threema’s protocol is its use of the NaCl library for end-to-end encryption. We have fully reverse-engineered the Threema app and can therefore analyze and present its protocol and our analysis of it in detail. CC BY 4.0 false Roland Schilling Frieder Steinmetz Talk Slides /system/events/logos/000/008/087/large/YNMibW_C.jpg?1482827512 2016-12-28T12:45:00+01:00 12:45 02:15 Saal G 33c3-8087-lightning_talks_day_2 Lightning Talks CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit <a href="https://events.ccc.de/congress/2016/wiki/Static:Lightning_Talks">the Lightning Talks Wikipage</a>. CC BY 4.0 false gedsic bigalex 2016-12-28T16:00:00+01:00 16:00 01:00 Saal G 33c3-8031-no_usb_no_problem How to write an open source bit-bang low-speed USB stack running on a sub-$1 Cortex M0+ Hardware & Making lecture en How to get USB running on an ARM microcontroller that has no built in USB hardware. We'll cover electrical requirements, pin assignments, and microcontroller considerations, then move all the way up the stack to creating a bidirectional USB HID communications layer entirely in software. USB is amazing. It's hot-pluggable, auto-negotiating, and reasonably fast. It's robust, capable of supplying power, and works cross-platform. It lives up to the “Universal” claim: your PC definitely has USB, but it may not have TTL Serial, I2C, or SPI available. Hardware USB support is available in all manner of embedded microcontrollers. However it's not available on all microcontrollers, and integrating a hardware USB PHY can double the cost of a low-end microcontroller. This problem is particularly acute in the sub-$1 microcontrollers: a companion USB PHY chip would typically cost more than the microcontroller (example: the MAX3420E USB-to-SPI adapter costs around $5), so your only option for USB is to get your hands dirty and bit bang the missing protocol. This talk describes the implementation of a new bitbanged USB stack, starting with a primer on the USB PHY layer and continuing up the stack, concluding with "Palawan", a feature-complete open-source bitbanged USB Low Speed stack available for use on microcontrollers priced for under a dollar. We'll go over requirements for getting USB to work, as well as talking about USB timing, packet order, and how to integrate everything together. Unlike other bitbang USB implementations such as V-USB and LemcUSB, Palawan makes fewer assumptions about GPIO layout. With Palawan, USB's D+ and D- signals can be on different GPIO banks, and need not be consecutive. By doing so, more pins are available to the user, making it easier to use with devices that have special restrictions on what pins can do what. The only requirements are that both GPIO pins can be both inputs and push-pull outputs, and that at least one pin can be used as an interrupt. Palawan also includes a USB HID firmware update mechanism to allow for updates to be installed even on platforms that normally require USB drivers. As a protocol, USB comes in multiple speeds. The base speeds are called Full Speed and Low Speed -- FS and LS respectively. FS runs at 12 Mbps, and LS runs at 1.5 Mbps. LS is more restricted in scope than FS. It limits packet data payload size to 8 bytes (down from 64), and only allows Control or Interrupt endpoints (so no Bulk or Isochronous endpoints). While it's true that this limits the total possible features we can implement, it means that the job of implementing them in software becomes simpler. Limiting communications to 8-bytes of payload data also significantly lowers memory requirements. The core USB PHY layer consists of two functions: USBPhyRead() and USBPhyWrite(). These functions transparently take care of bit stuffing and unstuffing, where long runs of data have a transition period inserted. They also take care of synchronizing reception to the incoming signal, as well as interpreting SE0 end sequences, recognizing USB keepalive packets, and adding the USB SE0 footer. This particular implementation takes care to ensure incoming packets are presented in the correct endianness, as USB packets are transmitted with the most significant byte first. Since the PHY code is written using cycle-counting, it must be run from memory that is cycle-accurate. The Kinetis parts we used for testing have variable-cycle flash, so we must first copy the data into RAM and execute from there. Fortunately, gcc makes it easy to put executable code in the .data section, and automatically generates calls to RAM. The core of the USB PHY layer is written in Thumb2 assembly for an ARM Cortex M0+ using ARMv6m. This is an extremely limited subset of ARM code that removes lots of fun stuff like conditional execution, different source and destination registers in opcodes, as well as DSP instructions. As a tradeoff, most instructions complete in one cycle, with the notable exceptions of branches (which are two cycles if taken) and loads/stores (which are two cycles unless it involves single-cycle IO). USB is 1.5 Mbit/s, and at 48 MHz that gives us 32 cycles to write the data out two ports, calculate bit [un]stuffing, check for end-of-packet, and load the next chunk of data for writing. The the USB PHY layer makes the following assumptions: + The controller is a 48 MHz Cortex M0+ with associated two-stage pipeline + GPIO is single-cycle access (sometimes referred to as Fast GPIO or FGPIO) + GPIO has separate "Set Value" and "Clear Value" banks. + GPIO pin direction register is 1 for output, 0 for input + Code is executing from single-cycle access memory, meaning it may need to execute from RAM Despite these limitations, this code has been ported to two different Freescale/NXP Kinetis parts under a variety of operating systems. These assumptions aren't terribly restrictive, meaning this core could easily be ported to other M0+ implementations. Other bit-banged USB implementations make assumptions that were not useful for our implementation. V-USB impressively works on an AVR microcontroller across a range of frequencies, but it is the wrong architecture and uses special timer modes unavailable on ARM. LemcUSB is conceptually similar to Palawan and is available for other M0+ chips, and in fact can run at a lower clock speed of 24 MHz. However, LemcUSB requires that D+ and D- be on a GPIO bank's pins 0 and 1 respectively, which is not available on all chips, or may conflict with the SWD pins. Additionally, the M0+ ISA has no instruction for reversing word order, so LemcUSB's low-level PHY functions return data reversed. Palawan takes care to load bits in the correct order, saving a step when examining the packet. Our sample implementation is accompanied by a bootloader that provides a USB HID communication. This allows for driver-free firmware updates even on Windows, which normally requires a signed driver installation. This USB HID code can act as a keyboard, but is also bidirectional, and is capable of allowing for firmware upload to the device. While there are bootloader HID implementations from companies such as NXP and Microchip, we are unaware of any general-purpose open-source USB HID bootloader created with the intention of providing firmware updates. CC BY 4.0 false Xobs Slides /system/events/logos/000/007/963/large/14726308_1208926132479694_5138167602106859520_n.jpg?1479920421 2016-12-28T17:15:00+01:00 17:15 01:00 Saal G 33c3-7963-searchwing_-_mit_drohnen_leben_retten Hardware & Making lecture de Refugees are dying in the Mediterranean Sea. Thousands of them. We are building fixed wing drones, autonomously searching for refugee-vessels in a radius of 50km around a base-ship. The association "Seawatch e.V." has bought two well equipped Ships to help and rescue those people. But to help them we first have to find them. CCC-Berlin and "Sea Watch e.V." are working together to use high tech for humanitarian projects. In this talk we will explain the situation in the Mediterranean Sea and show possibilities to help refugees in mortal danger with high tech. We will present a smartphone app for organising the multidimensional chaos in the Mediterranean Sea and we explain in depth, how the development of the drones is proceeding, what already works and which challenges are still waiting. After some deliberation, we reluctantly decided to give this talk in German since we have a lot to show and talk about within a constrained time window. However, live translation services should be available via streaming (or DECT) so our international guests can participate. Of course, questions asked in English are welcome as well. CC BY 4.0 false Steini Ruben Neugebauer benthor Searchwing - Mit Technik Leben retten Sea-Watch Vortrag-Slides 2016-12-28T18:30:00+01:00 18:30 01:00 Saal G 33c3-7827-on_the_security_and_privacy_of_modern_single_sign-on_in_the_web (Not Only) Attacks on OAuth and OpenID Connect Security lecture en <p>Many web sites allow users to log in with their Facebook or Google account. This so-called Web single sign-on (SSO) often uses the standard protocols OAuth and OpenID Connect. How secure are these protocols? What can go wrong?</p> <p>OAuth and OpenID Connect do not protect your privacy at all, i.e., your identity provider (e.g., Facebook or Google) can always track, where you log in. Mozilla tried to create an authentication protocol that aimed to prevent tracking: BrowserID (a.k.a. Persona). Did their proposition really solve the privacy issue? What are the lessons learned and can we do better?</p> <p>Most ordinary web users have accounts at (at least) one of the big players in the web: Facebook, Google, Microsoft (Hotmail, Live), or even Yahoo. Also, many of these users are always logged in at some web sites of these companies. For web sites by other parties, it seems convenient to just re-use this already established authentication: They do not need to annoy the user with registration and login, and these web sites also do not need to maintain and protect an authentication database on their own. This is where SSO protocols come into play -- most times OAuth 2.0 or OpenID Connect. Both protocols have in common that they even require that the identity providers track where users log in. The only attempt so far, that tried to do better to protect the user's privacy, is Mozilla's BrowserID (a.k.a. Persona).</p> <p>We have analyzed these SSO protocols and discovered various critical attacks that break the security of all three protocols and also break the privacy promise of BrowserID. In our research, however, we aim to get positive security proofs for such SSO systems: We will discuss fixes and redesigns and whether it is possible to create a secure and privacy-respecting SSO.</p> <p>Contents of the talk: <ul> <li>How do OAuth, OpenID Connect, and BrowserID protocols work?</li> <li>Attacks on these protocols!</li> <li>Can we make SSO great again?</li> </ul></p> CC BY 4.0 false Guido Schmitz (gtrs) dfett Slides /system/events/logos/000/008/068/large/sick-2016.png?1475151368 2016-12-28T20:30:00+01:00 20:30 01:00 Saal G 33c3-8068-state_of_internet_censorship_2016 Ethics, Society & Politics lecture en 2016 has been marked by major shifts in political policy towards the Internet in Turkey and Thailand, a renegotiation of the responsibilities of content platforms in the west, and a continued struggle for control over the Internet around the world. Turbulent times, indeed. In this session, we'll survey what's changed in Internet surveillance and censorship in the last year, and provide context for the major changes affecting the net today. The good news is the community ability to monitor and act as a watchdog on policy changes is continuing to develop. The Open Observatory effort has set its sights on monitoring country policy, the US Department of State has called for proposals in the area infusing additional money, and groups like Access Now and Great Fire are working on regular measurement of services and access technologies. As we move from an Internet regulated by DPI and technical controls to one dominated by mobile applications and legal regulations on companies, our ability to argue for policy change from an accurate factual basis is critical for advocacy and our continued right to expression. This session will arm you with an updated set of facts for your discussions in the coming year. CC BY 4.0 false Will Scott Philipp Winter Slides /system/events/logos/000/008/027/large/logointercom.jpg?1479118660 2016-12-28T21:45:00+01:00 21:45 01:00 Saal G 33c3-8027-intercoms_hacking Call the frontdoor to install your backdoors Security lecture en <p>To break into a building, several methods have already been discussed, such as trying to find the code paths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods like lockpicking a door lock or breaking a window.</p> <p>New methods are now possible with recent intercoms. Indeed, these intercoms are used to call the tenants to access the building. But little study has been performed on how these boxes communicate to request and grant access to the building.</p> <p>In the past, they were connected with wires directly to apartments. Now, these are more practical and allow residents to open doors not only from their classic door phone, but to forward calls to their home or mobile phone. Private houses are now equipped with these new devices and its common to find these “connected” intercoms on recent and renovated buildings.</p> <p>In this short paper we introduce the Intercoms and focus on one particular device that is commonly installed in buildings today. Then we present our analysis on an interesting attack vector, which already has its own history. After this analysis, we present our environment to test the intercoms, and show some practical attacks that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms, and M2M intercoms attacks will be also presented.</p> CC BY 4.0 false Sebastien Dudek paper 2016-12-28T23:00:00+01:00 23:00 01:00 Saal G 33c3-8273-atms_how_to_break_them_to_stop_the_fraud Security lecture en How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors. Guys with malicious intentions never sleep, but make their bad deal all days, all nights. When you have your five-o-clock beer, they open service zone of ATM and connect "magic box" that make ATM empty. Alternatively, sometimes banks security guys may watch video surveillance footage with man-in-the-hoody, who make something in the nearby corner of ATM. Surely, ATM is empty again! On the other hand, banks may not have any video monitoring so they cannot imagine how ATM became empty without any forensics evidence. We have collected huge number of cases on how ATMs could be hacked during our researches, incidents responses and security assessments. A lot of malware infects ATM through the network or locally. There are black boxes, which connect to communications port of devices directly. There are also network attacks, such as rogue processing center or MiTM. Before we spoke about vulnerabilities and fraud methods used by criminals. Now we would like to combine our expertise to help financial and security society with more direct advices how to implement security measures or approaches to make ATMs more secure. CC BY 4.0 false Olga Kochetova Alexey Osipov 2016-12-28T11:30:00+01:00 11:30 00:30 Saal 6 33c3-7880-international_exchange_of_tax_information Ethics, Society & Politics lecture en The Common Reporting Standard is a multinational agreement signed by more than 80 nations, including all EU member states. The signatories promised to exchange bank account information on foreigners. Paypal, a Luxembourg company, is expected to report millions of accounts to German, French, Spanish etc. tax auditors. This lecture will give an overview of the technical and legal aspects of the exchange. The Common Reporting Standard (CRS) and FATCA obligate banks to collect information from their customers and forward this information to the national tax authorities. The national tax authorities in turn forward this information to whatever country it is designated for. It is estimated that Paypal Luxembourg will report 60 million accounts in Europe. These reports will land on the desk of tax auditors which then will start asking questions to taxpayers. This talk will give an overview who is affected, what type of information will be exchanged, and what you can do about it. CC BY 4.0 false taxman 2016-12-28T12:15:00+01:00 12:15 00:30 Saal 6 33c3-8419-the_clash_of_digitalizations The Devolution of Arab Men from Humans to Digital Fodder Art & Culture lecture en This talk discusses the representation of Arab males in video games and the adverse effect it has on the collective political imagination. Anonymous military-aged Arab men become increasingly the exception to the laws of human rights, and become default targets for conventional and unmanned drone attacks. This devolution is seen through the lens of the changing nature of conflict through digitalization, the collapse of the nation state in Iraq and Syria, and the future of war. In the popular video game series "Call of Duty: Modern Warfare", Arab men are consistently depicted as the mindless throngs of the indestinguishable enemy. The First Person Shooter (FPS) genre lends itself to killing enemies, usually many in the same round, but the evolution of the target went from Nazi's in Wolfenstein 3D in 1992, to targets that become increasingly comparable to Arabs and Muslims in the following years. So besides historically oriented games that focus on the combatants of World War II, most games since the 1990's begin to shift their focus to another kind of enemy--one that suspiciously looks Arab or Islamic. Even Sci-Fi epics like the Halo series, which take place may hundreds of years in the future, the enemies start taking on an exotified look and feel, and follow an obviously religious ideology that is inimical to universal peace. The smallest insignificant alien becomes a strategic risk as they become "suicide bombers" blowing themselves up before they die, expressing a sigh of cowardice before they die. In "Modern Warfare 2", something suprising happens. The Arab characters are given a little more depth and backstory, and the Arabic dialogue is the most realistic of any of the other games. It also becomes the version of the game that is most modified by users (in so-called "mods"). Hacked and converted to other versions, there is significantly a version used by Al-Qaeda for recruitment purposes. The production company responsible, Infinity Ward, later had its two chief developers and founders fired under mysterious circumstances. As a researcher on radical Islamic thought, over the years I have collected some materials about video games and their uses for recruitment and ideological training on the Jihadist side. What I would like to do for 33C3 is show versions of the modded games parrallel to the originals in a face-off setting, and give a lecture about the background to these games. I will explore stories of recruitment from American soldiers, and how these games factored into their decision to join the U.S. military. Through the digital realm, I will propose a new framework for understanding the so-called Huntingtonian "Clash of Civilizations"--where very recent cultural artifacts become automatic motivations. As a drone operator sees the pixelation of a real Arab male on the screen, it is an image he's shot at in the virtual domain over and over again since he was a child. The Arab male has devolved from being a human being (in the way that women or children, or caucasian males are) to being mere fodder, a natural target where you simply just shoot. false Saud Al-Zaid 2016-12-28T13:00:00+01:00 13:00 00:30 Saal 6 33c3-8069-tapping_into_the_core Security lecture en Engaging universally available deep debug functionality of modern Intel cores, with zero software or hardware modifications required on the target side. Our research team at Positive Technologies has discovered a way to engage the advanced debug machinery on modern Intel cores. This advanced machinery can be employed to exercise deep control of the running system across all execution modes using merely a USB port connection, with zero software or hardware modifications required on the target side. It goes without saying that such functionality carries profound security implications. CC BY 4.0 false Maxim Goryachy Mark Ermolov /system/events/logos/000/007/949/large/tarot_wheel_of_fortune.jpg?1479175448 2016-12-28T13:45:00+01:00 13:45 00:30 Saal 6 33c3-7949-wheel_of_fortune Analyzing Embedded OS Random Number Generators Security lecture en Secure random number generators play a crucial role in the wider security ecosystem. In the absence of a dedicated hardware True Random Number Generator (TRNG), computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Since the (secure) design of a CSPRNG is an involved and complicated effort and since randomness is such a security-critical resource, many operating systems provide a CSPRNG as a core system service and many popular security software products assume their presence. The constraints imposed by the embedded world, however, pose a variety of unique challenges to proper OS (CS)PRNG design and implementation which have historically resulted in security failures. In this talk we will discuss these challenges, how they affect the quality of (CS)PRNGs in embedded operating systems and illustrate our arguments by means of the first public analysis of the OS random number generators of several popular embedded operating systems. Randomness is a fundamental, security-critical resource in the wider security ecosystem utilized by everything from cryptographic software (eg. key and nonce generation) to exploit mitigations (eg. ASLR and stack canary generation). Ideally secure random number generation is done using a dedicated hardware True Random Number Generator (TRNG) collecting entropy from physical processes such as radioactive decay or shot noise. TRNGs, however, are both relatively slow in their provision of random data and often too expensive to integrate in a system which means computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Such a CSPRNG is seeded (both initially and continuously) from a variety of sources of 'true' entropy which are effectively stretched into additional pseudo-random data using cryptographic methods. Since the design and implementation of such CSPRNGs is a complicated and involved effort, many operating systems provide one as a system service (eg. /dev/(u)random on UNIX-like systems) and as a result many security software suites assume their existence. The embedded world, however, poses a variety of unique challenges (resulting from constraints and deployment scenarios, which differ significantly from the general-purpose world) when designing and implementing (CS)PRNGs. Resulting inadequacies in embedded OS random number generators have led to various security failures in the past (from weak cryptographic keys in network devices to broken exploit mitigations in smartphones) emphasizing the need for public scrutiny of their security, especially considering the nature of embedded system deployments (in everything from vehicles and critical infrastructure to networking equipment) and the sheer variety of ebmedded operating systems compared to the general-purpose world. In this talk we will discuss various challenges posed by the embedded world to (CS)PRNG design and implementation and illustrate our arguments by means of the first public analysis of the OS random number generators of several popular embedded operating systems and a discussion of how their flaws related to these previously identified challenges. CC BY 4.0 false Jos Wetzels Ali Abbasi Wheel of Fortune 2016-12-28T14:30:00+01:00 14:30 00:30 Saal 6 33c3-8418-von_kaffeeriechern_abtrittanbietern_und_fischbeinreissern Berufe aus vergangenen Zeiten Art & Culture lecture de Aus ihrem Buch „Von Kaffeeriechern, Abtrittanbietern und Fischbeinreißern – Berufe aus vergangenen Zeiten“: es geht darin um Berufe, die einfach verschwunden sind, deren Bezeichnung bereits in Bedeutungslosigkeit versunken sind. Aber was machte z.B. ein Kaffeeriecher? Er war kein Hipster-Barista, sondern ein Auswuchs der Politik von Friedrich II.: durch den Schmuggel von Kaffeebohnen sah sich Friedrich II genötigt, ausgediente Kriegsveteranen durch Berlin zu schicken. Sie durften in die Häuser der Bürger eindringen, um unversteuerten Kaffee aufzufinden. Sie verletzten dabei die Privatsphäre und schnüffelten buchstäblich nach einem Vergehen. Anders als die Überwachung im Netz heute waren sie laut und derb und nicht unsichtbar. Den Bürgern waren sie so verhasst, dass sie sich gegen sie aufbäumten. Nach nur acht Jahre war der Spuk vorbei, die Kaffeeriecher wurden durch Protest des Volkes ausrangiert. Wäre es heute nur so einfach. Akribisch nach Fakten, Formen und Verbindungen suchend, entstand auch die Auftragsarbeit „Altes Handwerk“ , für die Stiftung Preußischer Kulturbesitz: ein Jahr lang wühlte Michaela Vieser in den Archiven des BPK: zum Teil lagen die Bilder in einer alten Kegelbahn in einem Offizierskasino in Charlottenburg. Die Fotografien stammen aus einer Zeit, als der Fotograf selbst noch Handwerker war. Anhand der Bilder lassen sich Ästhetik und Funktionalität des neuen Berufes klar erkennen. Das Buch wurde gemeinsam in einem Interview mit dem Bundesarbeitsminister im Radio vorgestellt, es war über zwei Jahre lang das wichtigste Buch des Verlags Braun editions. Im Folgewerk „Das Zeitalter der Maschinen – Von der Industrialisierung des Lebens“ geht es um den Übergang in die Industrielle Revolution: „Die Zeit“ schreibt: „Seit der Industrialisierung bestimmen Maschinen unseren Alltag – damals waren sie aus Eisen und Stahl, und manche überlebensgroß. Heute denken wir über die winzigen Chips schon gar nicht mehr nach, die Smartphones oder Autos steuern. Doch damals revolutionierten die Maschinen nicht nur die Wirtschaft, sondern das ganze Leben. Ein neuer Bildband vermittelt einen Eindruck davon, wie sehr.“ Michaela Vieser zieht im Vorwort die Parallele zur Digitalen Revolution. false Michaela Vieser 2016-12-28T16:00:00+01:00 16:00 01:00 Saal 6 33c3-8317-hacking_reality Mixed Reality and multi-sensory communication Art & Culture lecture en Inspired by a long history of bold reality hacks this talk considers the kinds of potentials opening up through emerging Virtual Reality (VR) and Mixed Reality technologies. In this current moment of climate crisis and structural metamorphosis how can we work with powerful immersive technologies to understand our own perceptual systems, to radically communicate and to innovate new ways of being together? Our physical body and the spaces we inhabit seem very real, but what is this sense of reality – of presence in the world – and is it simply a story told to us by our brain, a neural fiction? Just over a decade ago, neuroscientists at Princeton discovered the ‘rubber hand illusion’, a way of persuading the brain to incorporate a fake hand into its internal body image, so that the fake hand became a felt part of the body. Since then, scientists and virtual reality experts have developed ‘full body’ illusions showing how our attachment to our whole body is somehow provisional and flexible. The talk will consider these strange findings and what potentials are emerging through creative VR projects. I will discuss my own work with Virtual Reality, which investigates how immersive audio, visual, touch and haptic environments enable us to "slip our moorings" and experience transformed relationships to our environment, to other people and to our own bodies. I’ll describe the interdisciplinary experimentation undertaken in the Sackler Centre's Labs and the development of visual technologies and multi-sensory techniques that invite audiences to investigate the architecture of their own subjective experience for themselves. Our understanding of what it is to be human is undergoing a dramatic seachange: a biological, embodied, emotional and fundamentally social understanding of human subjectivity is emerging across disciplines. These powerful immersive technologies and techniques for hacking the human sensory system have uses beyond entertainment. This session will end by outlining some ways ahead for creatively working with this tech to bring us into deeper relationship with the systems we live in and distant ecosystems, other people and the vital feelings of our own bodies. CC BY 4.0 false Kate Genevieve Wellcome Trust link Artist Website 2016-12-28T17:15:00+01:00 17:15 01:00 Saal 6 33c3-7922-formal_verification_of_verilog_hdl_with_yosys-smtbmc Hardware & Making lecture en Yosys is a free and open source Verilog synthesis tool and more. It gained prominence last year because of its role as synthesis tool in the Project IceStorm FOSS Verilog-to-bitstream flow for iCE40 FPGAs. This presentation however dives into the Yosys-SMTBMC formal verification flow that can be used for verifying formal properties using bounded model checks and/or temporal induction. Yosys is a free and open source Verilog synthesis tool and more. It gained prominence last year because of its role as synthesis tool in the Project IceStorm FOSS Verilog-to-bitstream flow for iCE40 FPGAs. This presentation however dives into the Yosys-SMTBMC formal verification flow that can be used for verifying formal properties using bounded model checks and/or temporal induction. Unlike FPGA synthesis, there are no free-to-use formal verification tools available and licenses for commercial tools cost far more than most hobbyists or even small design companies can afford. While IceStorm was the first complete free-as-in-free-speech synthesis tool-chain, Yosys-SMTBMC is the first free Verilog verification flow for any definition of the word "free". Because of the prohibiting pricing of commercial tools it can be expected that most audience members never had a chance to work with formal verification tools. Therefore a large portion of the presentation is dedicated to introducing basic concepts related to formal verification of digital designs and discussing small code examples. CC BY 4.0 false Clifford /system/events/logos/000/008/315/large/icon-1294811_640.png?1475272511 2016-12-28T18:30:00+01:00 18:30 01:00 Saal 6 33c3-8315-a_world_without_blockchain How (inter)national money transfers works Ethics, Society & Politics lecture en Instant money transfer, globally without borders and 24/7. That’s one of the promises of Bitcoin. But how does national and international money transfer work in the world of banks? <p>I moved from the world of Bitcoin and blockchain to the world of domestic and international payments at banks. I had a lot of questions and managed to get my job moving in the place where I can learn how those things work and to get answers. In this presentation, I’m going to share what I’ve learned and I’ll help you understand something about the current payment systems that exist in the world.</p> <p>The topics I’ll bring are going to present some answers to the following questions:</p> <ul> <li>How do banks communicate?</li> <li>Why does a payment between two banks take longer than a payment within a single bank?</li> <li>Where is the money when it’s debited from my account, but not yet in the beneficiary account?</li> <li>Why are international payment so expensive?</li> <li>We can do instant payments with credit cards, how come normal bank transfer aren’t instant?</li> </ul> CC BY 4.0 false Mark van Cuijk Presentation slides 2016-12-28T20:30:00+01:00 20:30 01:00 Saal 6 33c3-7888-downgrading_ios_from_past_to_present Security lecture en This talk is about the iOS secure boot chain and how it changed throughout different iOS versions, while focusing on downgrading despite countermesures. It will explain basics like what SHSH blobs and APTickets are and how IMG3 and IMG4 file format works. Also a new technique called "prometheus" will be introduced which allows for the first time downgrading 64bit devices. This talk shows how Apple's secure boot chain works and what changes where made with new software and hardware updates. It explains how the boot/restore process works, what SHSH blobs and APTickets are and how they are structured. Each time a new feature is introduced to improve the secure boot chain, a technique is shown how it can be bypassed in order to downgrade. This talk recaps how it was possible to downgrade with TinyUmbrella and limera1n back in the old days and presents a new approach by showing how a technique called odysseus is able to downgrade newer 32bit devices. It is pointed out why Basebands are such a pain when trying to downgrade, as well as why odysseusOTA is able to downgrade Basebands anyways. Components new to 64bit devices like IMG4 file format and SEPOS are introduced and embedded into the context of downgrading. At the end a new technique called "prometheus" is presented, which is the first one to be able to downgrade 64bit device and also the first method since the introduction of APTickets which *can* work without a Jailbreak or Bootrom/iBoot exploits. CC BY 4.0 false tihmstar /system/events/logos/000/007/873/large/logo3.PNG?1479221750 2016-12-28T21:45:00+01:00 21:45 01:00 Saal 6 33c3-7873-spinalhdl_an_alternative_hardware_description_language Hardware & Making lecture en Since too long we use VHDL and Verilog to describe hardware. SpinalHDL is an alternative language which does its best to prove that it is time to do a paradigm shift in hardware description. SpinalHDL is a Scala library which allow to describe RTL by using object oriented programming and functional programming. This talk will present basics of SpinalHDL and then show by which way this alternative approach offers a huge benefit in code clarity, genericity and reusability. CC BY 4.0 false Dolu1990 Online documentation SpinalHDL repository Presentations slides 2016-12-28T23:00:00+01:00 23:00 01:00 Saal 6 33c3-8042-code_brown_in_the_air A systemic update of sensitive information that you sniff from pagers Security lecture en The talk is about the paging system, an old technology in the 90's, used in healthcare, ICS and government, a systematic review of security impacts that it brought to us in the age of SDR, covering the United States, Canada, England and Japan. By sniffing known pager frequencies in the general vicinity of hospitals, factories and public facilities with a $20 DVB-T, we discovered that not only is pager technology alive and kicking, but much of the traffic is not encrypted, resulting in violation of privacy laws and more importantly, leaks of sensitive information. The talk is not about the protocol nor the hardware device. <p> Pager was once very popular in the 90's. It did not disappear from the world as cellular technology phased in, but found a niche market in hospitals, industry control systems, public services and defense industries where low transmitting power or uni-directional transmission are mandatory. Just like other old technologies, systematic risk can emerge as new technology, for example SDR, becomes affordable. <p> It is well known that one can decode POCSAG and FLEX messages with SDR as early as in 2013. After four months of observation, prudent metadata collection and data analysis, however, the researchers believe that the extensive use of email-to-pager and SMS-to-pager gateways, along with the unencrypted nature of paging system, makes it a huge security impact to the users and companies. Workflow software integrated with pagers can cause a huge leak of personal information. We can fix it only after people are fully aware of the status quo. <p> The talk is a summary of data analysis and a demonstration of how far passive intelligence using pagers can go, scenarios including, <ul> <li>Workflow systems in hospitals <li>Patient tracking <li>Pharmacy and prescription <li>Nuclear plants <li>Power stations <li>ICS and HVAC in chemical and semiconductor companies <li>Automation and intelligence in defense sector <li>SNMP and system monitoring <li>Interpersonal relationship </ul> If time permits, the researchers will also update the status of paging system used in several European countries. CC BY 4.0 false miaoski 2016-12-28T15:00:00+01:00 15:00 1:00 Saal 6 self organized sessions discussion en Daily meeting for all VOC Angels. Jwacalex V0tti Felixs https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Engelmeeting /system/events/logos/000/000/412/large/Hello_World.jpg?1482757857 2016-12-28T10:30:00+01:00 10:30 00:30 Sendezentrumsbühne 33c3-412-hallo_welt_begrussung_der_gaste_des_junghackertags Sendezentrumsbühne de Wir eröffnen den Junghackertag dieses Jahr mit einer kurzen Vorstellung des Chaos Communication Congresses und der vielen tollen Angebote für die Junghackerinnen und -hacker. Was genau ist eigentlich der 33C3? Welche assemblies (Stände) und Projekte beteiligen sich am Junghackertag? Und welche Workshops werden wann und wo angeboten? Alle Interessierten erhalten hier einen kompakten Überblick. true /system/events/logos/000/000/396/large/Salon.jpg?1482680093 2016-12-28T12:00:00+01:00 12:00 00:45 Sendezentrumsbühne 33c3-396-salon_faire_elektronik Der Stand der Dinge Sendezentrumsbühne podium de In der ersten Folge des neuen Podcasts <i>Salon Faire Elektronik<i> erläutern wir im Expertengespräch den aktuellen Stand der Dinge. Wir finden heraus, was zu tun ist, um an Hardware zu kommen bei deren Entstehung niemand zu Schaden kommt und alle korrekt bezahlt werden. false Matthias sjekutsch sjordan alorenzen Faire Computer FairLötet NagerIT /system/events/logos/000/000/400/large/JungPodcaster_innenTalk.png?1480277247 2016-12-28T13:15:00+01:00 13:15 00:45 Sendezentrumsbühne 33c3-400-podcasting_fur_kinder_jugendliche_familien Jungpodcaster_innen Talk Sendezentrumsbühne workshop de Egal wie alt - alle können Podcasts produzieren. Hast Du auch schon überlegt, mit dem Podcasten anzufangen? Auf der Bühne erzählen junge Menschen, die selbst Audio online stellen oder die mit ihren Eltern podcasten von ihrem Podcast-Alltag. Doch wo fängt man an? Und was haben die podcastenden Familien davon? Moderiert wird die Bühnen-Session von Nele Heise (Podcastpatin). Mit dabei sind: - Toby Baier (Einschlafen Podcast) - Mareile Baier (Klogschieters) - Lovis Baier (Mal mit uns) - Andreas Rinke (INFOeinholen) - Lukas Rinke (Talentschmiede Podcast) Im Anschluss gibt es die Möglichkeit, am Podcast-Tisch das Podcasten gleich auszuprobieren oder sich dazu setzen und zuzuhören. Für Fragen sind Podcastpat_innen vor Ort. Sprich uns an! false tinowa Nele Toby Baier RikschaAndi Lukas Rinke Infos zu den Podcastpat_innen /system/events/logos/000/000/388/large/logo.png?1479203470 2016-12-28T14:30:00+01:00 14:30 01:00 Sendezentrumsbühne 33c3-388-hor_doch_mal_zu Ein Labberpodcast Sendezentrumsbühne podium de Hör doch mal zu ist ein relative neuer Labberpodcast, und der einzige mit doppel B. Wir wollen auf der Bühne einen persönlichen politischen Jahresrückblick machen und würden uns freuen, wenn wir das auch machen können. Unter anderem wollen mit Hilfe eines Brennpunktraten auf das Jahr zurückblicken und das Publikum ist eingeladen, sich zu beteiligen. Auch Fragen zu Autismus sind möglich... Wir sind Jan und Frank und machen den Podcast “Hör doch mal zu”. Jan wurde 1988 in Berlin (Ost) geboren und arbeitet in der IT. Außerdem ist Jan Autist. Frank ist 1953 in Berlin(West) geboren und lebe noch immer (gerne) in der Stadt. Er arbeite seit erfolgreich abgebrochenem E-Technik Studium an der TU Berlin in der IT, Schwerpunkt “Mail” und ‘n bischen System-Administration und Netz. Durch den Altersunterschied ergibt sich bei uns immer eine gewisse Spannung, die wir auch gerne auf die Bühne des Sendezentrums auf dem 33c3 bringen wollen. false Jan mailonator Hör doch mal zu /system/events/logos/000/000/413/large/LOLs.jpg?1482758866 2016-12-28T16:00:00+01:00 16:00 00:30 Sendezentrumsbühne 33c3-413-loten_legos_und_lols_-_der_33c3_von_kindern_und_jugendlichen_erklart Sendezentrumsbühne de Wir wollen den Junghackertag aus Kinder- und Jugendperspektive Revue passieren lassen. Dazu interviewt Marcus Richter Teilnehmer:innen des Junghackertags zu ihren Erlebnissen und Eindrücken. Wir sind gespannt, welche spannenden Geschichten uns die Kinder und Jugendlichen zu erzählen haben und freuen uns auf neue Perspektiven. true Marcus Richter /system/events/logos/000/000/372/large/as7KikRK_400x400.jpg?1481049309 2016-12-28T16:45:00+01:00 16:45 01:00 Sendezentrumsbühne 33c3-372-die_sprechstunde Sendezentrumsbühne de Wir, Christoph Herburg und Thomas Brandt wollen mit euch über Schule sprechen und was läge da näher als das klassische Format der Sprechstunde aufzumachen. Ihr stellt Fragen und wir versuchen sie bestmöglich zu beantworten. Dabei kann es um praktische Probleme, wie auch die großen politischen Fragen gehen. false Thomas Brandt Christoph Herburg Website /system/events/logos/000/000/376/large/WeisheitKlein.jpg?1478553649 2016-12-28T18:15:00+01:00 18:15 01:00 Sendezentrumsbühne 33c3-376-der_weisheit Dr. Weisheit ist im Haus! Sendezentrumsbühne podium de Drei Staffeln lang haben wir über unsere Probleme besprochen. Jetzt lösen wir Eure. Der Weisheit ist ein einstündiges Radiomagazin mit Malik Aziz, Marcus Richter, Patricia Cammarata und Frau Kirsche. Gesprochen wird über Alltägliches, Tiefschürfendes und Albernes, also das, was uns gerade bewegt. Jetzt ist es soweit: Frau Kirsche, Patricia, Malik und Marcus kehren auf den Congress zurück und retten die Welt. Eure Welt. Nachdem wir auf dem 32C3 eure Fragen beantwortet haben, wollen wir jetzt Eure Probleme lösen. Ihr wollt die Antwort auf das Trolley-Problem? Der Schwippschwager eurer Schwester hat dem Hund des Friseurs eurer Tante ein Ohr abgebissen und ihr wisst nicht wie ihr euch verhalten wollt? Ihr braucht eine Quote, aber wisst nicht wie viele? Kommt zur Bühne im Sendezentrum und all eure Fragen sollen für immer beantwortet werden. In einer Stunde. Nicht mehr und nicht weniger. PS: Falls ihr euch nicht traut die Fragen live auf der Bühne zu stellen, könnt ihr sie auch vorher an fragen@derweisheit.de schicken. false Marcus Richter Patricia Cammarata Malik Frau Kirsche [Der Webseite] /system/events/logos/000/000/411/large/Science_Slam.jpg?1482681936 2016-12-28T19:45:00+01:00 19:45 00:45 Sendezentrumsbühne 33c3-411-science_slam Sendezentrumsbühne de false Julia Offe Reinhold Remscheid Michael Büker Ines Gütt /system/events/logos/000/000/373/large/Screenshot_2016-11-05_15h_57m_32s.png?1478357863 2016-12-28T21:00:00+01:00 21:00 01:00 Sendezentrumsbühne 33c3-373-teenagersexbeichte Das geile Lifestylemagazin mit Malik und Johnny Sendezentrumsbühne performance de Wir legen den Senderzetrum in Schud und assche. für gelt. aber nix den sagen ok Unseren unterhaltsamen und tiergerechten Lifestylepodcast werden im Jahr von über 1,2 Millionen Zuschauern gelesen, darunter auch von viele Prominenten. Bundespräsident Dr. Ronan Keating, der Bayerische Ministerpräsident Dr. Angela Merkels, das Bayerische Kabinett oder Außenminister a.D. Oppa Güntrich sind gerngesehene Gäste vor ihren Podcatchern. Auch viele Schauspieler und Popstars (Michael Jackson, Bon Jovi, die Kelly-Familie, also vermuten wir) zählen zu unseren "Fans", ebenso wie Holger Pritlove und Marcus Stockmann. Anläßlich des 33c3 Gastspiels 2016 in Hamburch besuchen die Box-Champions Vitali und Vladimir Klitschko die Vorstellung. Bundesarbeitsminister a.D. Nikolaus Grill war zu Gast in seinem Wahlkreis Südstraße und schwang bei einem Kurzauftritt in der Manege die berühmte Pita-Peitsche. In Österreich kam der "bekennende" Blindseefan Alexander Tavor mit Familie gleich zweimal und zollte Malik und Johnny bei einem Pausenempfang seine Hochachtung für ihr Lebenswerk. false Malik teenagersexjohnny teenagersexbeichte /system/events/logos/000/000/410/large/tG88RpTQ_400x400.jpg?1481130545 2016-12-28T22:30:00+01:00 22:30 01:00 Sendezentrumsbühne 33c3-410-freakshow Sendezentrumsbühne de Freak Show ist ein Podcast, der sich mit dem Leben mit Technik im 21. Jahrhundert auseinandersetzt und dabei eine Vielzahl von Themen anschneidet. Es ist kein Geheimnis, dass das Team sich viel und gerne mit Apple und seinen Produkten, Programmierung, Bitcoin, Gitarren, Podcasting und anderen Lastern herumschlägt. Aber wir reden auch über was anderes. false Freakshow Webseite /system/events/logos/000/000/378/large/wisspod_logo.png?1478636852 2016-12-28T13:00:00+01:00 13:00 00:45 Podcastingtisch 33c3-378-wisspod_inside Podcastingtisch de Wisspod ist ein Reiseführer durch die Welt der Wissenschaftspodcasts. Das Redaktionsteam stellt das Projekt vor und diskutiert über weitere Pläne des kuratierten Angebots. false Daniel Meßner Nicolas Wöhrl Ulrike Kretzmer Markus Völter Martin Rützler Wisspod /system/events/logos/000/000/401/large/JungPodcaster_innenTisch.png?1480280927 2016-12-28T14:00:00+01:00 14:00 00:55 Podcastingtisch 33c3-401-podcastpat_innen_talk_ii Jungpodcaster_innen Edition Podcastingtisch meeting de Egal wie alt - alle können Podcasts produzieren. Hast Du auch schon überlegt, mit dem Podcasten anzufangen? Am Podcasttisch kann man das Podcasten gleich ausprobieren. Im Rahmen des Junghacker-Tags steht der Podcasttisch Kindern und Jugendlichen frei, gemeinsam mit den Podcastpat_innen einen Podcast aufzunehmen. Welche Fragen zum Podcasting gibt es? Worüber würden die Jungpodcaster_innen selber gerne podcasten? Wie führt man Gespräche? Ein gemeinsamer Podcast-Einstieg! Am Tisch begrüssen Euch heute Nele Heise und Simon Dückert... Es sind weitere Podcastpat_innen für Fragen vor Ort. false tinowa Simon Dückert Nele Infos zu den Podcastpat_innen /system/events/logos/000/000/405/large/vushmu8z_400x400.jpg?1481045718 2016-12-28T15:00:00+01:00 15:00 01:00 Podcastingtisch 33c3-405-goldene_zehn_-_folge_28 Podcastingtisch de Aufzeichnung der 28ten Folge des Podcasts "die goldene Zehn". Mit Henry und Sebi live und einem Kai aus der Dose. Aufzeichnung der 28ten Folge des Podcasts "die goldene Zehn". Mit Henry und Sebi live und einem Kai aus der Dose. false Sebi Schmalzstullenkönig Kai Die goldene Zehn /system/events/logos/000/000/404/large/abslogo06.png?1480286836 2016-12-28T16:00:00+01:00 16:00 01:00 Podcastingtisch 33c3-404-abs-magazin Arbeit, Bildung, Soziales. Gesellschaftspolitisches Magazin bei RadioX. Podcastingtisch other de Wöchentliche Magazinsendung auf RadioX, dem nichtkommerziellen Bürgerradio. Frankfurt 91,8MHz. Live vom 33c3. Unterhaltungen mit Besucher:innen und Macher:innen des 33c3. Sowohl Details zur aktuellen Lage, als auch der große Überblick. Welche Herausforderungen durch neue Technik ergeben sich für unsere Gesellschaft? Unsere Gäste: - nexus vom ccc - RA Ulrich Kerner false Michael absmagazin.de Works for me – 33c3 /system/events/logos/000/000/394/large/Logo_2015-11-16.jpg?1480113060 2016-12-28T17:00:00+01:00 17:00 01:00 Podcastingtisch 33c3-394-abcoholics_folge_t Podcastingtisch de ABCoholics, der Info-Podcast auf Zeit läd Gäste und spricht über Themen mit dem Anfangsbuchstaben T. Gesellschaft, Kultur, Wissenschaft, Politik. Lasst euch überraschen Bei den ABCoholics sprechen wir über alles. Technik, Wissenschaft, Politik, Gesellschaft und was uns sonst so einfällt. Dabei muss nur eines gegeben sein: Der Anfangsbuchstabe. In Folge T sprechen wir mit 2 Gästen über 4 Themen zum Bustaben T. Lasst euch überraschen false StillesOe @dbenzhuser @Susticle /system/events/logos/000/000/417/large/u2wDYLkc_400x400.jpg?1482780930 2016-12-28T18:00:00+01:00 18:00 01:00 Podcastingtisch 33c3-417-zellkultur-podcast Podcastingtisch de false Adora Belle Zellkultur-Podcast Webseite /system/events/logos/000/000/415/large/w4VHSrN8_400x400.jpg?1482429927 2016-12-28T19:00:00+01:00 19:00 01:30 Podcastingtisch 33c3-415-nerd_emissionen Podcastingtisch de Der nerdige Podcast rund um Tech News, Apple und was sonst so war. false MacSnider Michael Erdmann Podcast Website /system/events/logos/000/000/420/large/request-for-comments_400x400.jpg?1482918881 2016-12-28T20:30:00+01:00 20:30 01:00 Podcastingtisch 33c3-420-request_for_comments RFC1951 "DEFLATE Compressed Data Format Specification" Podcastingtisch de mit Michael Steil false 2016-12-28T10:00:00+01:00 10:00 0:42 Hall A.1 self organized sessions workshop en Processing is a flexible software sketchbook and a language for learning how to code within the context of the visual arts. In this workshop you'll make your first steps! Birdy1976 https://github.com/birdy1976/creative-coding https://b76.ch/9470 https://events.ccc.de/congress/2016/wiki/Session:42birds:_Creative_Coding_with_Processing 2016-12-28T16:30:00+01:00 16:30 1:00 Hall A.1 self organized sessions talk en Intel Software Guard Extensions (Intel SGX) are a new extension of the x86 instruction set allowing the creation of so-called enclaves. Enclaves are isolated, secure parts of normal applications This talk gives an overview about SGX, how it can be used to secure existing applications, what are its limitations and pitfalls and technical details about its implementation. Slides are available here: https://weichbrodt.me/dokuwiki/_media/pres.pdf Envy https://events.ccc.de/congress/2016/wiki/Session:An_Introduction_to_Intel_Software_Guard_Extensions_(SGX) 2016-12-28T19:00:00+01:00 19:00 1:30 Hall A.1 IceBreaker Day 2 self organized sessions de How to provide some congress feeling to your people at home ? Congress Everywhere events in hackerspaces usually happen at evening as public viewing of congress talks. Such a livestream-only link provides very limited "congress feelings". In your local timezone, the events do start with a major break, where no talk happens and therefore no livestream is sent out Let's fill this break with meet and greet between your congress site and your hackerspace at home. Myon https://events.ccc.de/congress/2016/wiki/Session:Congress_Everywhere_Greet_%26_Meet 2016-12-28T17:30:00+01:00 17:30 1:00 Hall A.1 self organized sessions discussion en Let's build an international network against e-voting and discuss/analyze the current political agenda on the subject. Ms Redplanet https://events.ccc.de/congress/2016/wiki/Session:E-Voting:_Defend_our_right_to_vote! 2016-12-28T14:00:00+01:00 14:00 0:50 Hall A.1 self organized sessions talk en This talk gives a leisurely introduction to constructive mathematics, a variant of classical mathematics where we drop some of the standard axioms of ordinary reasoning. This allows us to adopt classically inconsistent "dream axioms" and explore curious alternate mathematical universes. In the talk we'll focus on a wondrous connection to models of computation, both standard ones such as ordinary programming languages and exotic models such as hypercomputation which allow for infinitely many steps in finite time and which push the laws of physics to their limits. The special properties of these alternative universes then depend on the nature of our physical reality. Iblech https://events.ccc.de/congress/2016/wiki/Session:Exploring_alternate_mathematical_universes_with_hypercomputation_(Wondrous_Mathematics) 2016-12-28T12:30:00+01:00 12:30 1:30 Hall A.1 self organized sessions meeting en GNUNet e.V. meeting Jeffburdges http://gnunet.org https://events.ccc.de/congress/2016/wiki/Session:GNUNet_e.V._meeting 2016-12-28T15:00:00+01:00 15:00 1:00 Hall A.1 Meet & Greet self organized sessions meeting de Room A.2: Dedicated workshop area for women* and other minorities. Meet people, learn new things, discuss topics, host your own workshop here! We still have open slots :) Haecksen Melzai http://many.haecksen.org/mediawiki/index.php/33C3 https://events.ccc.de/congress/2016/wiki/Session:Haecksenraum 2016-12-28T11:00:00+01:00 11:00 1:00 Hall A.1 self organized sessions workshop en Belarus is a small Kolkhoz ruled by the authoritarian president Alexander Lukashenko since 1994. Several years ago Belarussian government have discovered the Internet and the danger that it poses to the status quo existing in the country. Since than Belarus made its first steps towards making the Internet a safe and secure space for dictatorship to flourish in the country. What were those steps and how the economy in crisis is creating infrastructure to block the dissent online? https://events.ccc.de/congress/2016/wiki/Session:Internet_cencorship_in_Belarus 2016-12-28T16:00:00+01:00 16:00 0:30 Hall A.1 self organized sessions hands-on de In dieser Session arbeiten wir die letzten Kommentare zum Open Data Gesetz Entwurf bis 30.12 ein. Siehe https://okfn.de/blog/2016/12/odgesetz/ Vavoida https://events.ccc.de/congress/2016/wiki/Session:Open_Data_Gesetz_Deutschland 2016-12-29T00:30:00+01:00 00:30 1:00 Hall A.1 self organized sessions meeting en all travelers of a certain skill will be invented to join their respective session Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_b 2016-12-29T01:30:00+01:00 01:30 1:00 Hall A.1 self organized sessions meeting en all travelers of a certain skill will be invented to join their respective session Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_b 2016-12-28T15:15:00+01:00 15:15 0:30 Hall A.1 self organized sessions meeting en The Angelmeeting for the subtitles Angels. If you want to be approved as a subtitles Angel, please visit! If you are one already, this is the easiest way to meet and manage shifts etc. Welcome to the Subtitles Angelmeeting! Cube https://c3subtitles.de/ https://events.ccc.de/congress/2016/wiki/Session:Subtitles-Angelmeetings 2016-12-28T20:15:00+01:00 20:15 1:00 Hall B self organized sessions talk en In the recent years quantum cryptography as well as computation has several times gained public attention. Sentences like "today crypto will be broken by quantum computers" or "quantum computers can compute exponentially faster than normal computers" can be read on many media articles and blog. But are those those statements actually true? Evylon https://events.ccc.de/congress/2016/wiki/Session:A_Primer_on_Quantum_Computation_and_Cryptography 2016-12-28T11:45:00+01:00 11:45 1:15 Hall B self organized sessions talk en A p≡p engine developer gives a tour through the inner workings of the p≡p engine, the core which is used to drive the crypto used in p≡p, message transport, and automatic key management and synchronization. Discussed will be fundamental features and functionality of the engine core and how that relates to the apps and adapters using p≡p, as well as some discussion of upcoming near-term and longer-term future developmens of the p≡p technology. Pf https://pep.foundation https://pep-project.org https://events.ccc.de/congress/2016/wiki/Session:A_walk_through_the_inner_core_of_pEp 2016-12-28T13:00:00+01:00 13:00 1:00 Hall B Angelmeeting Day 2 self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-28T19:45:00+01:00 19:45 0:30 Hall B Angelmeeting day 2 self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-28T21:30:00+01:00 21:30 1:30 Hall B self organized sessions meeting en Session should be used to connect with all the people who work for the various projects within or related with tor. Julius https://events.ccc.de/congress/2016/wiki/Session:Tor 2016-12-28T18:45:00+01:00 18:45 1:00 Hall B Opertunistic Email Encryption self organized sessions talk en We Fix the Net session will include talks on developing secure alternatives to current internet protocols. We might hold an organized discussion or panel as well. This session is organized by GNUnet and pEp, and acts as a successor to the YBTI sessions of previous years. Jeffburdges http://gnunet.org http://pep.foundation/ https://events.ccc.de/congress/2016/wiki/Session:We_Fix_the_Net 2016-12-28T14:00:00+01:00 14:00 1:00 Hall B MinimaLT in Ethos with Jon A. Solworth and Janosch Rux self organized sessions talk en We Fix the Net session will include talks on developing secure alternatives to current internet protocols. We might hold an organized discussion or panel as well. This session is organized by GNUnet and pEp, and acts as a successor to the YBTI sessions of previous years. Jeffburdges http://gnunet.org http://pep.foundation/ https://events.ccc.de/congress/2016/wiki/Session:We_Fix_the_Net 2016-12-28T15:00:00+01:00 15:00 3:45 Hall B We Fix The Net Short Talks self organized sessions talk en We Fix the Net session will include talks on developing secure alternatives to current internet protocols. We might hold an organized discussion or panel as well. This session is organized by GNUnet and pEp, and acts as a successor to the YBTI sessions of previous years. Jeffburdges http://gnunet.org http://pep.foundation/ https://events.ccc.de/congress/2016/wiki/Session:We_Fix_the_Net 2016-12-28T20:00:00+01:00 20:00 0:45 Hall C.1 self organized sessions talk en Matrix is an open standard for decentralised communication. Riot is a messenger built on top of Matrix that supports group chats, multiple devices, persistent history and end to end encryption among other features. You can run your own server and bridge to other platforms like IRC, Gitter, Slack and more. In this talk I'll introduce you to Matrix and Riot, show you how it works, what you can do with it and why it is awesome. Note that I'm not a Matrix.org team member. Exul https://events.ccc.de/congress/2016/wiki/Session:An_introduction_to_Matrix.org_-_An_open_network_for_secure,_decentralized_communication 2016-12-28T11:00:00+01:00 11:00 2:00 Hall C.1 self organized sessions hands-on de In der Schule besteht Mathematik zu einem großen Teil aus Rechnungen. Das ist aber nicht das, was Mathematik wirklich ausmacht! Dazu gehören nämlich ergreifende Aha-Momente beim Verstehen von Zusammenhängen. Mathematik ist die Kunst, das Verborgene auf das Offensichtliche zurückzuführen! Iblech https://events.ccc.de/congress/2016/wiki/Session:Beweise_ohne_Worte_(Wondrous_Mathematics) 2016-12-28T11:00:00+01:00 11:00 2:00 Hall C.1 self organized sessions hands-on de Vor etwa 15 Jahren schickte die Menschheit eine Radiobotschaft an ausgewählte Sterne, in der Hoffnung, dass die Nachricht Außerirdische erreicht, diese die Nachricht verstehen und uns antworten. Die Nachricht ist nicht auf Deutsch oder Englisch verfasst, sondern bedient sich einer eigens entwickelten Symbolsprache. Schaffen wenigstens wir Menschen, die Botschaft zu entziffern? Das wollen wir in dem Workshop an uns selbst testen und herausfinden! Iblech https://events.ccc.de/congress/2016/wiki/Session:Eine_Botschaft_an_Au%C3%9Ferirdische_(Wondrous_Mathematics) 2016-12-28T14:00:00+01:00 14:00 2:00 Hall C.1 self organized sessions discussion en Member of the European Parliament Marietje Schaake wants to talk about a number of laws that are currently being contemplated in the European Union which might affect the work of hackers, and get your input in order to make them right. Marietje Schaake https://events.ccc.de/congress/2016/wiki/Session:Hacking_democracy_with_MEP_Marietje_Schaake 2016-12-28T18:00:00+01:00 18:00 2:00 Hall C.1 self organized sessions discussion de Billige Webcams, Plasterouter und Glühbirnen in Bonnets bedrohen die Internet-Infrastruktur, für einen Update-Pfad hat der Hersteller keine Kostenstelle vorgesehen. Als Lösung wird von vielen Seiten eine Herstellerhaftung für Sicherheitslücken vorgeschlagen. Wir wollen uns Gedanken machen, wie diese ausgestaltet werden können, ohne dass unerwünschte Nebenwirkungen wie millionenschwere Haftungsrisiken Open Source-Software oder Endverbraucher bedrohen. Wer soll überhaupt haftbar sein, die chinesische Fabrik, der Distributor, der sein Logo draufklebt, der Autor des letzten Commits der Firmware (oder der Software, von der sie abgeleitet ist) oder der Benutzer, der eine alternative Software installiert oder nur die Standardkonfiguration verändert hat? Atdotde https://docs.google.com/document/d/1hTYnLYdzDjeZAs_45HFx_HfMaZI2FrYJTV9YaXCHwrw/edit?usp=sharing https://events.ccc.de/congress/2016/wiki/Session:Haftung_f%C3%BCr_Devices_und_Software_gestalten 2016-12-28T13:00:00+01:00 13:00 0:45 Hall C.1 self organized sessions talk de #KopfausdemSand - Wenn du denkst Unterschriftenlisten und nie beachtete Demos sind die einzigen Methoden um die Politik in Österreich, Deutschland oder der EU zu beeinflussen, dann möchte ich dir hier einen Überblick geben welche Möglichkeiten es noch gibt um die Gesetzgebung und Verwaltung zu unseren Gunsten zu beeinflussen. Man kann zwar Gesetze selbst nicht schaffen, aber der Einfluss ist noch lange nicht bei 0! Wir haben sowohl die Netzneutralität Großteils gerettet als auch schon einmal die Vorratsdatenspeicherung gekippt. Für Neueinsteiger, Menschen und andere Lebensformen die meinen sie könnten noch etwas Neues lernen. Eest9 https://events.ccc.de/congress/2016/wiki/Session:Kopf_aus_dem_Sand_-_Wie_du_ohne_Parteien_die_Politik_beeinflussen_kannst! 2016-12-28T16:30:00+01:00 16:30 0:30 Hall C.1 Discussion about similarities, differences and interactions between the maker movement and the hacker scene self organized sessions discussion en This interactive session consists of a 10 minute presentation to present the EU research project MAKE-IT, followed by a 20 minute discussion with the participants about similarities, differences and interactions between the maker movement and the hacker scene. MAKE-IT is a Horizon2020 European research project focused on how the role of Collective Awareness Platforms (CAPS) enables the growth and governance of the Maker movement, particularly in relation to Information Technology, using and creating social innovations and achieving sustainability. The international research consortium investigates ten makerspaces in eight different countries to learn about their "organisation and governance", "peer and collaborative activities" and "value creation and impact". I would like to present research findings of the ongoing project (2016-2017) and critically assess, enrich and validate them in an interactive discussion with the session participants. In particular, I am interested to discuss how the 'maker movement' is similar or different from and interacts with the 'hacker scene'. I wish to keep this workshop as informal and accessible as possible and look forward to your input! Janosch http://make-it.io/ https://events.ccc.de/congress/2016/wiki/Session:MAKE-IT:_Interactive_presentation_of_the_EU_research_project_about_the_Maker_Movement 2016-12-28T12:00:00+01:00 12:00 1:00 Hall C.1 self organized sessions de Internal Schiko-Meeting Melzai https://events.ccc.de/congress/2016/wiki/Session:Schiko-Meeting 2016-12-28T17:00:00+01:00 17:00 1:00 Hall C.1 self organized sessions talk en I'll talk about one of our research projects to improve anonymity in Bitcoin by peer-to-peer coin mixing. In particular, I'll present ValueShuffle, the first coin mixing protocol that is compatible with Confidential Transactions, a proposal to hide monetary values in Bitcoin transactions. Combined together, ValueShuffle and Confidential Transaction provide strong privacy on the blockchain. I'll also explain CoinShuffle++, a very efficient peer-to-peer coin mixing protocol which forms the basis for ValueShuffle. Real-or-random https://people.mmci.uni-saarland.de/~truffing/papers/valueshuffle.pdf https://crypsys.mmci.uni-saarland.de/projects/FastDC/paper.pdf https://events.ccc.de/congress/2016/wiki/Session:ValueShuffle:_Mixing_Confidential_Transactions_for_Full_Privacy_in_Bitcoin 2016-12-28T20:45:00+01:00 20:45 1:55 Hall C.1 self organized sessions workshop en Hackers don't thoughtlessly trust the mechanics of their computer, apps, or in general the world around them........So why would we trust the mechanics of the governments' justice system? In this workshop we'll discuss alternatives using texts and exercises. Ontological Mdik https://events.ccc.de/congress/2016/wiki/Session:You%27ve_hardened_your_OS-_now_harden_your_hacker_community 2016-12-28T19:30:00+01:00 19:30 3:00 Hall C.2 self organized sessions meeting en We will check each other's identity papers and sign each other's OpenPGP keys. This builds the OpenPGP Web of Trust, and it's also just a nice get-together. Digital Brains https://events.ccc.de/congress/2016/wiki/Session:Keysigning_party 2016-12-28T17:00:00+01:00 17:00 2:00 Hall C.2 self organized sessions workshop en We'll show you how to setup a LEAP provider to self-host a vpn and/or encrypted email service. Varac Kwadronaut https://leap.se https://pixelated-project.org/ https://events.ccc.de/congress/2016/wiki/Session:LEAP_Platform_for_vpn_%2B_LEAP_and_Pixelated_platform_for_email_providers 2016-12-28T16:00:00+01:00 16:00 1:00 Hall C.2 self organized sessions talk en NewPipe is a Free Youtube/Streaming app for Android. This talk will be about how NewPipe works, and what the features of NewPipe will be. The app was created as a hobby project one year ago, but slowly evolves. Eal https://newpipe.schabi.org/ https://events.ccc.de/congress/2016/wiki/Session:NewPipe 2016-12-28T15:00:00+01:00 15:00 1:00 Hall C.2 self organized sessions talk en Veripeditus is the first free and open source framework that enables everyone to develop augmented reality mobile games like Ingress or Pokémon Go. It brings the creative side of such games to everyone, including, but not limited to, class rooms, along with a great new way of learning programming skills with Python. Presented by Nik, a 26 year-old software developer and network admin from Bonn, but better known as head of Teckids e.V., a youth organisation establishing a FOSS community among children. Eal https://events.ccc.de/congress/2016/wiki/Session:Veripeditus_AR_Game_Framework 2016-12-28T15:00:00+01:00 15:00 1:00 Hall C.3 meeting self organized sessions meeting en Session for meeting up and discussing all things around electronics in boats. Lassekarstensen https://events.ccc.de/congress/2016/wiki/Session:Boat_instruments_hacking 2016-12-28T17:00:00+01:00 17:00 1:00 Hall C.3 self organized sessions discussion en From artificial intolerance to decolonizing our programming: We want to discuss who is speaking? who is writing the code and what do we have to do about it? Ever heard of „My friend's not a gorilla“ and google photos? we gonna provide some twisted examples… Al-Badri Nelles https://events.ccc.de/congress/2016/wiki/Session:Discussing_Postcolonial_Computing 2016-12-28T16:00:00+01:00 16:00 1:00 Hall C.3 self organized sessions workshop en We will share our knowledge in making humanoid robots with you. The workshop will cover mostly hardware but also software. We will bring some of our robots with us for a hands on. If you want you can also just stop by to ask questions. We will speak mainly in English, but we speak also German and French. SammyRamone http://bit-bots.de https://events.ccc.de/congress/2016/wiki/Session:How_to_Make_Humanoid_Robots 2016-12-28T20:00:00+01:00 20:00 1:00 Hall C.3 self organized sessions meeting de Informal meetup of Pirates present on 33c3. Zeno4ever https://events.ccc.de/congress/2016/wiki/Session:Informal_Pirate_meetup 2016-12-28T18:00:00+01:00 18:00 1:30 Hall C.3 self organized sessions meeting en You probably know Club Mate and Flora Mate, as they are available at the 33c3. But there are more kinds of Mate and we will taste them! You can bring own bottles by yourself, too. It is possible that we will not have all existing brands. Leodin Xilent https://events.ccc.de/congress/2016/wiki/Session:Mate 2016-12-28T13:00:00+01:00 13:00 1:30 Hall C.3 Friends Of MikroTik Meeting self organized sessions meeting en Meeting of users and not-yet-users of MikroTik devices to get in contact and share their wisdom. This meeting is private organized! Njumaen https://events.ccc.de/congress/2016/wiki/Session:UMUM 2016-12-28T15:00:00+01:00 15:00 1:00 Hall C.4 self organized sessions discussion en The session is designed to discuss and exchange the views about the implications of on-going copyright reform on Free Software, in particular the inclusion of far-reaching DRM measures in the latest proposal for the directive and how this can have an impact on Free Software. The session will start with a small presentation on the topic, followed by the discussion with the participants. Eal https://fsfe.org/news/2016/news-20160928-01.en.html https://events.ccc.de/congress/2016/wiki/Session:Implications_of_the_EU_copyright_reform_on_Free_Software 2016-12-28T20:30:00+01:00 20:30 1:30 Hall C.4 self organized sessions workshop en A short introduction into KiCad for users experienced with other PCB design software (eagle). This Workshop will cover the design-flow from schematics to gerber files. Cpresser https://events.ccc.de/congress/2016/wiki/Session:KiCad_PCB_Design_for_Eagle-Users 2016-12-28T23:59:00+01:00 23:59 1:00 Hall C.4 smtp via tor onion services self organized sessions discussion en onionmx is a proposal to have email transport via tor onion services. it is not about having .onion domain email addresses but rather about email providers making their smtp transport available as an onion service to each other. there is a working implementation out there and we have some months of successful operations behind us. now we'd like to meet more like minded mail providers to join the effort. lets discuss what we have and how to move forward. Onionmx https://github.com/riseupnet/onionmx https://events.ccc.de/congress/2016/wiki/Session:Onionmx 2016-12-28T16:00:00+01:00 16:00 1:30 Hall C.4 New school, Old school - How can we hack education? self organized sessions workshop en Despite high expectations, "digital education" has not much advanced beyond sharing single-purpose worksheets as pdf. Existing Open Educational Resources (OER) often tend to reinforce current teaching scenarios and top-down structures, missing out on the potential for new forms of participation. To prepare new education projects, we invite you to share your experiences and ideas: How can digital methods / concepts / tools contribute to a more inclusive pedagogy, enabling and motivating learners for co-creation? What else can we do within existing frameworks, and how to approach it effectively in class? Links: - Padlet: http://padlet.haake.be/ - EtherPad https://pad.okfn.de/p/33c3-open-education - Gdrive https://goo.gl/hvCQoP - My link page: https://haake.be/links NMarkus PeterVanPan http://education.okfn.org/ https://events.ccc.de/congress/2016/wiki/Session:Open_Education_Workshop 2016-12-28T11:00:00+01:00 11:00 2:00 Hall C.4 self organized sessions hands-on en --- session will be in English, German and some Brazilian Portuguese --- We are organising this hands-on session to invite people to learn about Pixelated, an open source solution for easy email encryption, your own indie email provider and client with privacy and encryption &lt;3 Anyone who is able to send an email is welcome! In the session we will invite you too try things out, to give us feedback, and we will show you how to install and set up Pixelated on your machine or on a remote server. Looking forward to see you there and as a future contributor. ;) Varac Zara http://pixelated-project.org https://events.ccc.de/congress/2016/wiki/Session:Pixelated_hands-on 2016-12-28T19:00:00+01:00 19:00 1:00 Hall C.4 self organized sessions workshop en The Radio Equipment Directive (2014/53/EU) contains a provision requiring hardware manufacturers to check all software installable on their devices. Community WiFi projects heavily rely on (free software) firmware they modify for their purposes and install on consumer-grade hardware. Action is needed to mitigate this threat, but there's a promising course of action: Community WiFi initiatives of Europe, unite! KaerF https://juliareda.eu/2015/10/dear-european-governments-dont-endanger-free-and-open-wifi-networks/ https://events.ccc.de/congress/2016/wiki/Session:Radio_Lockdown:_Community_WiFis_unite! 2016-12-28T22:00:00+01:00 22:00 2:00 Hall C.4 self organized sessions meeting en https://events.ccc.de/congress/2016/wiki/Session:There_is_no_network 2016-12-28T17:30:00+01:00 17:30 1:30 Hall C.4 self organized sessions meeting en Training our own trainers we can help grow the CryptoParty. In this session we'd like to share concepts and ideas on what works. Dawning-sun https://www.cryptoparty.in/33c3 https://events.ccc.de/congress/2016/wiki/Session:Train_the_CryptoParty_Trainer 2016-12-28T13:00:00+01:00 13:00 1:00 Hall C.4 self organized sessions talk en This is a talk about visualization with wikidata, how wikidata​ works and how people can contribute​, also what are some of the project where people can get involve​​. We will learn what is a query and how you can use them to visualize and combine information of data from wikidata. Greta Doçi is an ICT engineer student who contributes to Open Source/Free Software since 2013. She is one of the board members of Wikimedians of Albanian User Group. Greta is currently working as an security support assistant at a government institution. Margott https://www.wikidata.org https://events.ccc.de/congress/2016/wiki/Session:Wikidata_query_and_visualization 2016-12-28T14:00:00+01:00 14:00 1:00 Hall C.4 self organized sessions workshop en This workshop aims to explain what Wikidata is, and how to use it. We'll explore the data mode, web API, and query interface. Wikidata is the world's largest free general purpose knowledge base. As a Wikimedia-run sister project of Wikipedia, it provides machine readable information about just about anything. It's the encyclopedia by bots, for bots. Brightbyte https://wikidata.org https://query.wikidata.org/ https://events.ccc.de/congress/2016/wiki/Session:Wikidata,_the_encyclopedia_by_bots,_for_bots 2016-12-28T17:00:00+01:00 17:00 2:00 Hall F self organized sessions workshop de Beginner's bondage workshop organized by the Kinky Geeks Assembly. We will discuss the basic safety and materials for bondage and will then practice basic ties with rope. No fancy stuff, but a good and solid foundation for safe and fun ropework. Bring your own rope if you have it, but we'll also have a limited amount of rope that we can share. MrCode Lil-Missy http://kinkygeeks.de https://events.ccc.de/congress/2016/wiki/Session:Kinky_Geeks_Bondage_Workshop 2016-12-28T20:30:00+01:00 20:30 1:00 Hall 13-14 self organized sessions discussion en Of all the Free Software business models, Software-as-a-Service (SaaS) is one of the most appealing. Wordpresss blazed a path over a decade ago that few have managed to follow. How do Free Software businesses of this nature work? What are their biggest challenges? And why aren't there more of them? Bring your ideas for a discussion. Eal http://samtuke.com/uploads/2016-12-22-33c3-presentation.pdf https://events.ccc.de/congress/2016/wiki/Session:FSaaS:_Challenges_for_%27Free_Software_as_a_Service%27_in_business 2016-12-28T18:45:00+01:00 18:45 0:55 Hall 13-14 self organized sessions discussion en Hackbases are similar to hackerspaces but people also live in them. Dcht00 http://pad.totalism.org/p/33c3-hackbases https://events.ccc.de/congress/2016/wiki/Session:Hackbases_5_years 2016-12-28T16:00:00+01:00 16:00 1:00 Hall 13-14 self organized sessions workshop en Bitcoin is among the world’s most widely deployed decentralized cryptographic systems. We will give a short introduction into why financial privacy and Bitcoin is a critical tool for activists and briefly discuss the mechanisms behind Bitcoin. We will then dive into configuring a Bitcoin Core node suitable for running at home. Topics that will be covered include: * How to get statistics from the network and how to interpret them. * How to use the RPC interface to create (multisig-)transactions. * How to set limits on resource usage. * How to make use of Tor. * How to securely store coins. Nickler BlueMatt https://github.com/jonasnick/bitcoin-node https://events.ccc.de/congress/2016/wiki/Session:How_To_Run_A_Bitcoin_Node 2016-12-28T13:00:00+01:00 13:00 2:00 Hall 13-14 IT-solutions for humanitarian crisis problems self organized sessions workshop en Syrien, ein Land welches innerhalb von 5 Jahren von einem hohen technischen Level zurück in die Steinzeit gebombt wurde. Weite Teile des Landes sind ohne Internet. Telefonnetze sind von unterschiedlicher Qualität und Verfügbarkeit. Viele Regionen des Landes sind auf Grund der Vorherrschaft unterschiedlichster Milizen nicht passierbar für Helfer*innen in der humanitären Arbeit. Nur ein Beispiel, wo es neue Lösungen braucht für humanitäre Notlagen. Wenn wir die Betroffenen nicht selbst erreichen können, wie können wir dann doch mit innovativen Methoden vor Ort Hilfe leisten? CADUS e.V. arbeitet seit über 2 Jahren in verschiedenen Krisenregionen. In dem Workshop dient CADUS als Fallgeberin für akute Problemstellungen in den Regionen vor Ort. In Arbeitsgruppen wollen wir Lösungsmöglichkeiten für (Teil-)Probleme erarbeiten, und deren Durchführbarkeit direkt mit Menschen diskutieren, die den Bogen von der Theorie zur Praxis schlagen können. Cadus http://www.cadus.org https://events.ccc.de/congress/2016/wiki/Session:IT-solutions_for_humanitarian_crisis_problems 2016-12-28T21:30:00+01:00 21:30 0:30 Hall 13-14 self organized sessions discussion en The Prototype Fund supports the implementation of ideas in civic tech, data literacy, data security and software infrastructure. With a grant of up to €30,000, software developers, hackers and creatives can write code and develop open source prototypes over a period of six months. Applying is as easy as possible and the next deadline at the begin of February. Come, hear and ask us everything about the Prototype Fund. Eal https://prototypefund.de https://events.ccc.de/congress/2016/wiki/Session:Prototype_Fund_-_1.2_Million_Euros_for_Free_Software_Projects 2016-12-29T02:30:00+01:00 02:30 1:00 Hall 13-14 self organized sessions meeting en all travelers of a certain skill will be invented to join their respective session Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_b 2016-12-29T00:30:00+01:00 00:30 1:00 Hall 13-14 self organized sessions meeting en all travelers of a certain skill will be invented to join their respective session Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_b 2016-12-29T01:30:00+01:00 01:30 1:00 Hall 13-14 self organized sessions meeting en all travelers of a certain skill will be invented to join their respective session Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_b 2016-12-28T18:00:00+01:00 18:00 0:45 Hall 13-14 self organized sessions talk en This is a user-friendly guide for those who like to use their multiple devices (PC, Laptop, Phone, Tablet) with Free Software and to sync their data between these devices with Free Software as well. Liberate your devices and sync your data in freedom without the need of third-party accounts or services! For example, use your phone with full usage-spectrum but without a Google account or any other account. Or create your own cloud and IT infrastructure to host your data on your own devices solely. And the best: You do not need to be a hacker for this! I will show you a user-friendly way to achieve freedom - all tools and software presented come with graphical interfaces and with no coding skills required. Self-empowerment never was so easy! Eal https://events.ccc.de/congress/2016/wiki/Session:The_user-friendly_guide_to_mobile_freedom 2016-12-28T19:40:00+01:00 19:40 0:50 Hall 13-14 day 2, evening meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-28T15:10:00+01:00 15:10 0:50 Hall 13-14 day 2, afternoon meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-28T17:00:00+01:00 17:00 1:00 Hall 13-14 self organized sessions talk en There are an increasing number of mobile SMS-like applications that offer different levels of crypto and privacy features. This talk will give an overview over some popular and some less well known apps and discuss certain aspects that get too little attention in mainstream debates. Note that this talk is not about the details of crypto protocols or implementations, but more general issues like trust, integrity and availability in regard to the software, network infrastructure and the companies/projects behind them. The talk is 100% newbie-friendly. Eal https://events.ccc.de/congress/2016/wiki/Session:What_makes_a_secure_mobile_messenger%3F_--_A_comparison_of_WhatsApp_competitors 2016-12-28T14:00:00+01:00 14:00 0:30 Assembly:Chaos West self organized sessions workshop de kleiner Einblick in die 12V Solar Strom Versorgung und MPPT-Laderegler gebastel Strom-peter https://events.ccc.de/congress/2016/wiki/Session:12V_SolarPower_%26_Sound 2016-12-28T21:00:00+01:00 21:00 3:00 Assembly:Chaos West [[User:couchsofa|couchsofa]] DJ set: Techno/Tech House/Melodic Techno/Glitch self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-28T19:00:00+01:00 19:00 2:00 Assembly:Chaos West [[User:robelix|robelix]] DJ-set: Futurepop, Darkwave, Industrial, Chiptunes self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-28T14:00:00+01:00 14:00 0:15 Assembly:3D Hackspace Group 1 self organized sessions workshop de Learn how to design 3D parts and print them! Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_kids 2016-12-28T14:30:00+01:00 14:30 0:15 Assembly:3D Hackspace Group 2 self organized sessions workshop de Learn how to design 3D parts and print them! Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_kids 2016-12-28T15:00:00+01:00 15:00 0:15 Assembly:3D Hackspace Group 3 self organized sessions workshop de Learn how to design 3D parts and print them! Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_kids 2016-12-28T15:30:00+01:00 15:30 0:15 Assembly:3D Hackspace Group 4 self organized sessions workshop de Learn how to design 3D parts and print them! Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_kids 2016-12-28T18:00:00+01:00 18:00 1:00 Assembly:3D Hackspace self organized sessions hands-on de REGISTRATION NEEDED: I'll bring an industrial grade 3D scanner and you'll be able to get free high resolution scans of yourself, your friends etc... Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_scan_yourself 2016-12-28T12:00:00+01:00 12:00 0:30 Assembly:3D Hackspace Group 1 self organized sessions hands-on de They will be an infrared camera (detects heat). We can play around with warm and cold stuff and create nice pictures. Obelix https://events.ccc.de/congress/2016/wiki/Session:Thermal_pictures_for_kids 2016-12-28T12:30:00+01:00 12:30 0:30 Assembly:3D Hackspace Group 2 self organized sessions hands-on de They will be an infrared camera (detects heat). We can play around with warm and cold stuff and create nice pictures. Obelix https://events.ccc.de/congress/2016/wiki/Session:Thermal_pictures_for_kids 2016-12-28T20:00:00+01:00 20:00 1:30 Assembly:Anarchist Village Discussion on AI as mental reformatting self organized sessions discussion de Discussion on AI as mental reformatting - Diskussion ueber KI als mentale Neuformatierung Capulcu http://capulcu.blackblogs.org https://events.ccc.de/congress/2016/wiki/Session:AI:_He_will_be_amazed_if_he_stays_dead!_-_Der_wird_sich_wundern,_wenn_er_tot_bleibt! 2016-12-28T17:00:00+01:00 17:00 1:00 Assembly:Scottish Consulate self organized sessions discussion en The web is bullshit, let's go back to the internet! Get together for those who are interested in BBSes. There will be a short intro to the commonly used software packages, and chat about what BBSes can do, can't do, what our favorites are and why we insist on still using them. Hibby https://events.ccc.de/congress/2016/wiki/Session:BBS_Enthusiasts 2016-12-28T20:00:00+01:00 20:00 3:00 Assembly:Foodhackingbase self organized sessions hands-on en We'll be tasting homebrewed and commercial beers. Ofosos https://foodhackingbase.org/wiki/Beer_tasting_33c3 https://events.ccc.de/congress/2016/wiki/Session:Beer_Tasting 2016-12-28T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en A short 2 hour session introducing you to the basics of all grain brewing Ofosos Helo https://foodhackingbase.org/wiki/Homebrewing_33c3 https://events.ccc.de/congress/2016/wiki/Session:Brewing_beer_for_beginners 2016-12-28T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en You will learn how to take care about milk kefir grain culture preparing lovely fermented foods and drinks. Algoldor https://foodhackingbase.org/wiki/Recipe:Kefir_making_manual_-_short_workshop_form https://events.ccc.de/congress/2016/wiki/Session:Kefir_Making 2016-12-28T13:00:00+01:00 13:00 1:00 Assembly:Jugend hackt Calliope Workshop 01 / Junghackertag self organized sessions workshop de Wir werden bis zum 20 Kindern das Experimentieren mit dem Calliope Board zeigen. Mit dem Calliope Editor werden wir die ersten Schritte zum eigenen Programm machen. Was werden wir tun: a. Schrittzähler b. Melodie bei Lichteinfall c. Orakel mit Knete Geeignet für Kinder von 8-16. DerMicha http://calliope.cc/ https://events.ccc.de/congress/2016/wiki/Session:Calliope_Workshop 2016-12-28T13:00:00+01:00 13:00 1:00 Assembly:Jugend hackt self organized sessions workshop de Das CoderDojo richtet sich an Kinder und Jugendliche zwischen 6 und 17 Jahren, die gerne Software und Hardware programmieren und hacken möchten. Für unsere Workshops braucht man keine Erfahrungen oder Vorkenntnisse: Mentoren untersützen alle Teilnehmer. Sie entwickeln mit Dir Projekte und stehen Dir während des kompletten Workshops zur Verfügung. Info: Wir stellen Dir kostenlos einen Leihcomputer für den Workshop zur Verfügung. Wenn Du einen eigenen hast, dann kannst du Deinen natürlich gerne mitbringen (dann hast du deine Projekte direkt auf deinem Computer abgespeichert). Nana berlin Cyber-phil Niccokunzmann http://coderdojo.com https://events.ccc.de/congress/2016/wiki/Session:Coder_Dojo 2016-12-28T11:00:00+01:00 11:00 1:00 Assembly:Jugend hackt self organized sessions workshop de Das CoderDojo richtet sich an Kinder und Jugendliche zwischen 6 und 17 Jahren, die gerne Software und Hardware programmieren und hacken möchten. Für unsere Workshops braucht man keine Erfahrungen oder Vorkenntnisse: Mentoren untersützen alle Teilnehmer. Sie entwickeln mit Dir Projekte und stehen Dir während des kompletten Workshops zur Verfügung. Info: Wir stellen Dir kostenlos einen Leihcomputer für den Workshop zur Verfügung. Wenn Du einen eigenen hast, dann kannst du Deinen natürlich gerne mitbringen (dann hast du deine Projekte direkt auf deinem Computer abgespeichert). Nana berlin Cyber-phil Niccokunzmann http://coderdojo.com https://events.ccc.de/congress/2016/wiki/Session:Coder_Dojo 2016-12-28T12:00:00+01:00 12:00 1:00 Assembly:Jugend hackt self organized sessions workshop de Das CoderDojo richtet sich an Kinder und Jugendliche zwischen 6 und 17 Jahren, die gerne Software und Hardware programmieren und hacken möchten. Für unsere Workshops braucht man keine Erfahrungen oder Vorkenntnisse: Mentoren untersützen alle Teilnehmer. Sie entwickeln mit Dir Projekte und stehen Dir während des kompletten Workshops zur Verfügung. Info: Wir stellen Dir kostenlos einen Leihcomputer für den Workshop zur Verfügung. Wenn Du einen eigenen hast, dann kannst du Deinen natürlich gerne mitbringen (dann hast du deine Projekte direkt auf deinem Computer abgespeichert). Nana berlin Cyber-phil Niccokunzmann http://coderdojo.com https://events.ccc.de/congress/2016/wiki/Session:Coder_Dojo 2016-12-28T13:00:00+01:00 13:00 1:30 Assembly:Jugend hackt self organized sessions workshop de In der Assembly von Jugend hackt werden wir „CoolTourHats“ bauen. Die Idee entstand bei Jugend hackt Südkorea: um Menschen aus anderen Kulturen in der eigenen Stadt kennenzulernen hilft mit ein Hut mit Arduino drin. Befinden sich interessante Menschen in der direkten Umgebung, leuchten ihre Hüte bunt (oder tun andere Dinge). So erkennen sie sich gegenseitig und haben die Chance sich kennenzulernen. Juka https://events.ccc.de/congress/2016/wiki/Session:CooTourHat_bei_Jugend_hackt 2016-12-28T14:00:00+01:00 14:00 1:00 Assembly:Jugend hackt Workshop 1 self organized sessions workshop de Einstieg in App-Programmierung und Scratch, 2 Workshops mit jeweils 90 Minuten für bis zu 10 Kids, organisiert von App Camps und Code+Design InaW https://events.ccc.de/congress/2016/wiki/Session:Einstieg_in_App-Programmierung_und_Scratch_(f%C3%BCr_Kids) 2016-12-28T15:00:00+01:00 15:00 1:00 Assembly:Jugend hackt Workshop 2 self organized sessions workshop de Einstieg in App-Programmierung und Scratch, 2 Workshops mit jeweils 90 Minuten für bis zu 10 Kids, organisiert von App Camps und Code+Design InaW https://events.ccc.de/congress/2016/wiki/Session:Einstieg_in_App-Programmierung_und_Scratch_(f%C3%BCr_Kids) 2016-12-28T15:00:00+01:00 15:00 0:30 Assembly:Freifunk self organized sessions other de Calm down and have a chat with us Monic https://events.ccc.de/congress/2016/wiki/Session:Coffee_Break 2016-12-28T17:30:00+01:00 17:30 0:45 Assembly:Freifunk self organized sessions de Let's talk about the radio lockdown directive which got law in Germany this year. KaerF https://events.ccc.de/congress/2016/wiki/Session:Gettogether_Radio_Lockdown 2016-12-28T18:30:00+01:00 18:30 1:00 Assembly:Freifunk self organized sessions talk de An introduction to a crowd-sourced long-range radio network for autonomous devices. Kgbvax https://www.thethingsnetwork.org https://www.warpzone.ms/perma/hacknbreakfast-lorawan-freifunk-der-dinge/1995/ https://events.ccc.de/congress/2016/wiki/Session:LoRaWAN%E2%80%93Freifunk_der_Dinge 2016-12-28T12:00:00+01:00 12:00 0:30 Assembly:Freifunk self organized sessions discussion de Was hat der Förderverein in diesem Jahr getan, was haben wir erreicht, welche Neuigkeiten gibt es? Monic https://foerderverein.freie-netzwerke.de https://events.ccc.de/congress/2016/wiki/Session:News_vom_F%C3%B6rderverein_freie_Netzwerke_e.V. 2016-12-28T16:15:00+01:00 16:15 0:30 Assembly:Freifunk self organized sessions talk en Leandro introduces ninux Andibraeu http://ninux.org/ https://events.ccc.de/congress/2016/wiki/Session:Ninux_-_an_italian_wireless_community 2016-12-28T19:30:00+01:00 19:30 1:00 Assembly:Freifunk self organized sessions talk de Elektra presents her latest project, designing a mpp tracker to support solar powered wifi routers. Andibraeu https://wiki.freifunk.net/Freifunk-Mast https://events.ccc.de/congress/2016/wiki/Session:Solar_powered_freifunk_mast 2016-12-28T15:30:00+01:00 15:30 0:30 Assembly:Freifunk self organized sessions talk de Bea gives us an update on our "Feststellungsklagen" we are running Monic https://events.ccc.de/congress/2016/wiki/Session:Update_on_declaratory_action_(Feststellungsklagen) 2016-12-28T14:00:00+01:00 14:00 0:30 Assembly:Freifunk self organized sessions discussion de Wie sieht die Förderung von Freifunk in den einzelnen Bundesländern aus? Ein Erfahrungsaustausch. u.A. über Berlin, NDS, Sachsen-Anhalt, NRW, Thüringen Eriu https://freifunk.net https://events.ccc.de/congress/2016/wiki/Session:%C3%96ffentliche_F%C3%B6rderung_f%C3%BCr_Freifunk 2016-12-28T22:00:00+01:00 22:00 4:00 self organized sessions meeting en Just a social meeting of people interested in chatting about cryptography. https://events.ccc.de/congress/2016/wiki/Session:Crypto_Meetup 2016-12-28T12:00:00+01:00 12:00 6:00 self organized sessions workshop en In the Geheimkamera Workshop we rebuild the secret spy cam "C.P. Stirn's Photographische Geheimkamera" from 1890 out of cardboard with our smartphones, because High Tech from the next to last century is still up to date and looks pretty cool! The workshop is done, but you can still build a secret spy cam and download the coolest manual + stencil here: http://nadjabuttendorf.com/geheim-camera-zine/ Nadjalien Aramba http://nadjabuttendorf.com/geheim-camera/ https://events.ccc.de/congress/2016/wiki/Session:Geheimkamera_Workshop 2016-12-28T14:55:00+01:00 14:55 0:05 Lightning "Talk", Hall G self organized sessions en Join us now and sing together the Free Software song! Everyday at another time at the Assembly of the Free Software Foundation Europe. We have the lyrics and conductor. Simply come and we form an ad-hoc choir and sing together the Free Software Song! "You'll be Free hackers, Freeee!" Eal https://events.ccc.de/congress/2016/wiki/Session:Let%27s_sing_together_the_Free_Software_Song 2016-12-28T14:00:00+01:00 14:00 0:45 Placeholder - This workshop is by request self organized sessions workshop de I'm a professional music producer and teacher (as well as studio builder and tech guy). You want to know anything about music software? Which interface to use for which job (from entry-level music recording / podcasting to hi-end Thunderbolt/Dante/AVB etc.)? What microphone to get? How to create that special effect? Improve your recordings and mixes? DM me on Twitter @zenephant or drop me a mail: ccc@daw-support.de and lets meet up! Daw-support http://www.daw-support.de https://events.ccc.de/congress/2016/wiki/Session:Music_production_and_studio_technology 2016-12-28T17:00:00+01:00 17:00 3:00 Day 2 *FULL* self organized sessions game de A short introductory session for the cyberpunk role-playing game of Shadowrun. SnakeBDD https://rpgzweinull.de/profile/tomorrowland https://events.ccc.de/congress/2016/wiki/Session:Shadowrun 2016-12-28T14:00:00+01:00 14:00 1:30 Day 2 - AltSession 0 - !!!At ALT33c3!!! self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-28T17:00:00+01:00 17:00 1:00 Assembly:Freiwurst self organized sessions hands-on en come over to the Freiwurst assembly, play with our cyberthingy and enjoy some Freiwurst. Apex https://www.freiwurst.net https://events.ccc.de/congress/2016/wiki/Session:Cyberthingy 2016-12-28T15:15:00+01:00 15:15 0:45 Anti Error Lounge self organized sessions meeting en An informal meetup for the members of the EGP and associated parliamentary groups who made it to 33C3. No formal topics as of yet, just a meet and greet / networking type of meeting. Please refrain from display insignia/merchandise of the EGP Bj00rn https://events.ccc.de/congress/2016/wiki/Session:EGP_Meetup:_From_Tree-Huggers_to_WiFi-Lovers 2016-12-28T19:35:00+01:00 19:35 0:40 Assembly:Flunkyground evening game day 2 self organized sessions game en Playing Flunkyball together. Organized by the UPB Flunkyteam. Flunkyball is a common german drinking game for all ages. ApolloLV http://upb-flunkyteam.de https://events.ccc.de/congress/2016/wiki/Session:Flunkyball 2016-12-28T06:00:00+01:00 06:00 1:00 Assembly:TEST ASSEMBLY PLEASE IGNORE self organized sessions other en just for testing, ignore me Andi- https://google.com https://events.ccc.de/congress/2016/wiki/Session:Full_schedule_test_session 2016-12-28T14:00:00+01:00 14:00 1:00 Assembly:Lokale Gruppe self organized sessions workshop de Wir knoten uns mithilfe von Paracord eigene kleine Schlüsselanhänger. Es ist nicht sonderlich schwierig und es gibt nur eine begrenzte Anzahl von Material, aber was soll's. Bei Bedarf könnt ihr auch gerne einfach so vorbeikommen. Zichy https://events.ccc.de/congress/2016/wiki/Session:In_kurzer_Zeit_zur_Schl%C3%BCsselwurst 2016-12-28T11:00:00+01:00 11:00 12:59 Assembly:HardwareHackingArea Day 2 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2016/wiki/Session:LearnToSolder 2016-12-28T17:30:00+01:00 17:30 1:00 Assembly:HardwareHackingArea self organized sessions workshop en A soldering workshop where people make a bone conduction kit. It allows the user to bite a medal rod, that sends vibrations via their teeth, jawbone into their inner ear. It allows people to listen to music without the sound travelling via the air. Its a through hole soldering kit. This Kit will cost €12 + €1 for a battery Day 2: 28-Dec, 5.30pm - 6:30pm Tdr112 https://events.ccc.de/congress/2016/wiki/User:Tdr112/Skull_Radio_Workshop/ https://events.ccc.de/congress/2016/wiki/Session:Skull_Radio_Workshop 2016-12-28T16:30:00+01:00 16:30 1:30 Assembly:HardwareHackingArea Day 2 - Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-28T18:30:00+01:00 18:30 1:30 Assembly:HardwareHackingArea Day 2 - Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-28T12:30:00+01:00 12:30 0:10 Assembly:Free Software Foundation Europe self organized sessions en Join us now and sing together the Free Software song! Everyday at another time at the Assembly of the Free Software Foundation Europe. We have the lyrics and conductor. Simply come and we form an ad-hoc choir and sing together the Free Software Song! "You'll be Free hackers, Freeee!" Eal https://events.ccc.de/congress/2016/wiki/Session:Let%27s_sing_together_the_Free_Software_Song 2016-12-28T16:00:00+01:00 16:00 2:00 Kidspace self organized sessions workshop de Tanzt mit euren selbstgebastelten LED-Throwies vor einer Kamera rum und malt Lichtbilder in die Luft und aufs Foto! Die Bilder werden anschließend im KidSpace auf einem Monitor ausgestellt :) Mischk* https://events.ccc.de/congress/2016/wiki/Session:LightPainting_(Kidspace) 2016-12-28T12:00:00+01:00 12:00 6:00 Assembly:Openlab Augsburg shitty robots - workshop self organized sessions workshop de Workshop für die Shitty Robots/Vorbereitung auf Shitty Robot /Hebocon Battle. Für das Sumo battle siehe: https://events.ccc.de/congress/2016/wiki/index.php?title=Session:Shitty_Robot_/Hebocon_Battle Fluktusdukt Konfusius https://events.ccc.de/congress/2016/wiki/Session:Shitty_Robot_-_Workshop 2016-12-28T20:00:00+01:00 20:00 1:30 Assembly:Mozilla self organized sessions game en If we attract at least six players, we'll sit down and play a round (or more) of the fun and easy to learn game commonly known as 'Werewolf.' Michaesc http://www.playwerewolf.co/ https://events.ccc.de/congress/2016/wiki/Session:Werewolf_Party_Game 2016-12-29T11:30:00+01:00 11:30 01:00 Saal 1 33c3-8115-million_dollar_dissidents_and_the_rest_of_us Uncovering Nation-State Mobile Espionage in the Wild Ethics, Society & Politics lecture en In August 2016, Apple issued updates to iOS and macOS that patched three zero-day vulnerabilities that were being exploited in the wild to remotely install persistent malcode on a target’s device if they tapped on a specially crafted link. We linked the vulnerabilities and malcode to US-owned, Israel-based NSO Group, a government-exclusive surveillance vendor described by one of its founders as “a complete ghost”. Apple’s updates were the latest chapter in a yearlong investigation by Citizen Lab into a UAE-based threat actor targeting critics of the UAE at home and around the world. In this talk, we will explain how Citizen Lab discovered and tracked this threat actor, and uncovered the first publicly-reported iOS remote jailbreak used in the wild for mobile espionage. Using the NSO case, we will detail some of the tools and techniques we use to track these groups, and how they try to avoid detection and scrutiny. This investigation is Citizen Lab’s latest expose into the abuse of commercial “lawful intercept” malcode. We will begin the presentation with our discovery and investigation of a UAE-based threat actor we call Stealth Falcon, and explain how a small error in the operators’ operational security led us to a mobile attack infrastructure consisting of hundreds of servers, which we determined was associated with NSO’s Pegasus product. We will detail the Internet scanning we undertook to enumerate this infrastructure, and some techniques we used to try and find “live” exploit links. It was through these techniques that we identified suspicious links sent via SMS to UAE human rights defender Ahmed Mansoor. We will describe how we caused the exploit server to “fire”, and how we determined that it served us a one-click zero-day iPhone remote jailbreak to deliver NSO’s Pegasus, a powerful and sophisticated piece of government-exclusive malcode. We will outline the functionality of the exploit used against Mansoor, and the Pegasus surveillance malcode, and outline the collaborative research and responsible disclosure process to Apple that led to the out-of-band updates to iOS and macOS. The proliferation of commercial tools for targeted digital surveillance presents a documented risk to activists and civil society. However, there is a silver lining for researchers in this proliferation: by reselling the same commercial “lawful intercept” tool and network infrastructure to multiple countries, and training operators in the same attack techniques, companies are creating patterns that we can use to identify surveillance across a wide range of different actors. Using the Mansoor attack as a case study, we will provide a window into how researchers at Citizen Lab leverage and fingerprint these patterns to track nation-state level attacks against human rights defenders and journalists. Drawing on cases from the UAE and beyond, we will discuss how we work with targets and victims, conduct Internet scanning, and fingerprint C&C servers. We will conclude with a discussion of some trends that we have observed in commercial malcode sold to nation state actors. CC BY 4.0 false Bill Marczak John Scott-Railton /system/events/logos/000/008/401/large/pesthoernchenFrei.png?1478130202 2016-12-29T12:45:00+01:00 12:45 02:15 Saal 1 33c3-8401-ccc-jahresruckblick_2016 CCC lecture de Wir werden einen Überblick über die Themen geben, die den Chaos Computer Club 2016 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir einen Blick in die Zukunft wagen. false frank Linus Neumann Constanze Kurz nexus 2016-12-29T16:00:00+01:00 16:00 01:00 Saal 1 33c3-7975-making_technology_inclusive_through_papercraft_and_sound Introducing the Love to Code Platform Hardware & Making lecture en The participation of women in computer education is low; undergraduate classrooms in Germany were only 10% female in 2000[1]. The picture at the primary school level is fuzzier, as students do not declare majors at that level, but evidence indicates the trend starts from a young age. Can we make computer education more gender-inclusive? Presenting technology in familiar, non-threatening contexts can lead to more balanced gender participation. For example, Chibitronics uses the context of papercraft to present electronics to beginners; the familiarity of papercraft improves the participation of women of all ages in the creation of electronics. Based on these learnings, we have devised the “Love to Code” platform, an open source hardware-to-cloud stack which combines the familiarity of paper craft with a web-based, driver-free embedded firmware development environment based on FSK audio provisioning via a headphone jack. In this talk, we will dive into the novel open source technical contributions of this platform, which includes the audio-based provisioning protocol and the unique rigid-flex design of the circuitry enabling papercraft integration, as well as the multi-threaded client OS and cloud infrastructure required to complete the picture. This combination of new technology with familiar interfaces aims to lower the barrier to computer education, thus making coding a more accessible and inclusive activity. Computer technology tends to be a male-dominated field. One study from 2002 placed female participation in undergraduate computer education classrooms around 10% for Germany, and 26% for the US[1]. The picture is fuzzier at the primary school level, because students do not declare majors at such a young age, but evidence indicates that this strong gender bias has roots extending to primary school. Can we make computer education more inclusive? There is evidence that presenting technology in familiar, non-threatening contexts can lead to more inclusive participation. As an example, Chibitronics uses the context of paper craft to present electronics to beginners. Paper craft – the art of manipulating and coating paper as exemplified by origami or painting – has universal accessibility among almost all ages, genders, and ethnic groups. In our approach, novices start with the familiarity of paper, and combine it with copper tape and electronic stickers to build circuits. Demographic analysis of the Chibitronics user base indicates this approach is succeeding at gender inclusivity: over 70% of individual buyers are female. Follow-up interviews indicate that Chibitronics acts as a gateway to more advance projects and skills. After bootstrapping into basic electronics, users pick up skills such as soldering to build larger and more permanent projects. We would like to continue this trend beyond circuit crafting and into the realm of embedded firmware coding. Creating parallel and series combinations of LEDs and switches can only go so far; users rapidly outgrow the basic techniques and want to add patterns and interactivity to their projects through coding. Coding for the web is as simple as learning a text editor and pointing a browser at a URL, but coding for an embedded hardware target, such as an Arduino, inevitably requires platform-specific drivers, which can require installation and debugging. The problem is further exacerbated by the fact that primary school educators rarely possess the skillset to install, debug, and maintain a classroom of computers for embedded development. Furthermore, the waning popularity of laptops and desktops means the most inclusive platforms are now mobile devices such as smartphones and tablets, even though their touchscreen keyboards are not ideal for extensive programming. In order to tackle the problem of inclusivity, we make embedded firmware development nearly universal by coupling a cloud-based editing and compilation infrastructure with an audio-based firmware upload protocol suitable for implementation on low-cost microcontrollers. Cloud-based editing and compilation eliminates the barrier of downloading and running a C compiler on the client, while the audio-based firmware upload protocol allows virtually any computer, smartphone, or tablet to communicate with target hardware implementing our demodulator. We demonstrate this end-to-end solution via the Chibitronics “Love To Code” (LtC) open source hardware platform. Users code for their LtC boards using Arduino-flavored C++ as a baseline language by visiting our demo site (either https://chibitronics.com/ltc (CodeMirror editor) or https://chibitronics.com/cb (Codebender/ACE editor)). Users enter their code on the client-side editor, which is then uploaded as plain text to a cloud-based C++ compiler and returned as an object code binary. The binary is then packetized, coded and modulated using browser-side Javascript into an FSK audio stream with a baud rate of 8000 bps. The frequency plan was chosen to minimize interaction with audio “enhancement” filters found in devices such as iPhones, and to enable the raw audio stream to be recorded as a 128kbps CBR MP3 with minimal distortion. This allows pre-compiled binaries to be stored as songs; one could even entertain the thought of cutting these songs into vinyl records and provisioning microcontrollers using nothing more than an analog turntable. The FSK audio stream is coupled from the headphone jack into the microcontroller PCB via a modified microUSB cable. The USB interface is used only for power; the data pins are inert during the provisioning process. Audio arrives at the LtC hardware via the “fifth pin” in the microUSB plug that is normally reserved for identifying A or B type devices. This hack allows users to power programmed LtC devices using any regular microUSB cable. Within the LtC device, the audio signal is DC coupled and level-shifted using a passive RC network into a single ADC pin on an NXP CPU, the MKL02Z32VFK4. This 48 MHz Cortex M0+ features 32k of FLASH and 4k of RAM and costs under $1 in modest volumes, less than one third the cost of the AVR used in the Arduino Leonardo. The microcontroller uses noncoherent demodulation to recover the bitstream. The received data is hash-checked for integrity and, if it passes, is committed to FLASH memory. Since our code is open source, one can add FSK audio provisioning to a wide range of microcontrollers with built-in ADCs for the price of a couple resistors and a capacitor. Because microphone jack pin assignments are non-standard between different device ecosystems, we designed the protocol to operate with only forward error correction through trivially redundant transmission of packets. In other words, we cannot rely on a feedback path being available for the device to request a retransmission of a corrupt packet, due to a lack of standardization among microphone interfaces. Fortunately, in our application, the signal to noise ratio is typically quite good and most errors are due to burst noise, e.g. a notification tone generated by another application during device programming. In this scenario, simple hamming codes (such as SECDED) do little to improve robustness of the protocol, and more advanced error correction mechanisms such as BCH codes requires more computational power and storage space than available in our inexpensive target device. As a result, we handle error correction through trivial replication of data by playing the song three times over. In addition to the audio firmware downloader code, the target CPU also runs an implementation of the open source, multi-threaded RTOS ChibiOS (no relationship to Chibitronics despite the Japanese-derived “chibi” prefix). We expose the threading API so that advanced users can create multi-threaded applications on LtC. This is an advantage over the popular Arduino platform, which has no native support for multi-threading. In order to reduce code upload times over an 8000bps link to within the “impatience limit” of an 8-year old, we pre-load the LtC device with common shared library routines, including floating point, string manipulation, a WS2812 RGB LED driver, and primitives for a low speed USB stack. Because of the library pre-load, we are able to reduce the upload time of most simple programs to under two seconds. The built-in libraries, audio demodulation framework, and multi-threaded OS consumes 22k of memory, leaving 10k for user application code. Learning from our prior experiences with paper electronics, the physical design of the LtC hardware borrows from familiar and non-threatening interaction paradigms. The LtC circuit board uses a rigi-flex construction: the rigid portion allows for mechanically robust connectors and compatibility with fine-pitch QFN packages, while the flex portion enables seamless integration with paper-based circuit techniques. As a result, users can integrate the LtC hardware into their projects using a variety of techniques, from sticker-like methods to an electronic clipboard paradigm. The electronic clipboard method is well-suited to classroom environments, as it combines unlimited re-use of the LtC hardware with low-cost, quickly customized and paper-craftable circuitry. This combination enables meaningful learning engagements within an hour of two of classroom time, at a price point accessible by non-elite, publicly funded institutions. Finally, the entire framework is licensed under an open source license. Our hope is that once a novice is hooked on coding, they can go as deep as they want, perhaps even remixing our hardware and firmware frameworks into new and creative applications we never had never dreamed of. The Chibitronics Love to Code platform is familiar: users with little or no prior technical background find themselves immediately in familiar territory thanks to the papercraft interaction design. It is easy to use: cloud compilation coupled with audio firmware upload ensures compatibility with a broad range of devices from laptops to smartphones. It is accessible: the combination of cost-optimized core technology with paper as a consumable substrate reduces the barrier of access for schools on tight budgets. The net result is an embedded coding framework for inclusive computer education. [1] V. Galpin, SIGSCE Bulletin, Vol 34 No 2, 2002 June. “Women in Computing Around the World” CC BY 4.0 false bunnie Chibitronics Website 2016-12-29T17:15:00+01:00 17:15 01:00 Saal 1 33c3-8057-dissecting_hdmi Developing open, FPGA-based capture hardware for conference & user group recording Hardware & Making lecture en Ever wondered what is actually happening when a speaker can't get their laptop to project? While developing the FPGA-based <a href="https://hdmi2usb.tv">HDMI2USB.tv open hardware for recording conferences</a>, we discovered just how convoluted the HDMI protocol can be. Come hear all the horrible details! <p> The <a href="https://code.timvideos.us">TimVideos.us group</a> aims to make it easy for anyone to create high quality recordings of conferences and user groups. To achieve this goal we have developed the <a href="https://hdmi2usb.tv">HDMI2USB.tv project, an FPGA based, fully open (hardware and firmware) solution for capturing HDMI video signals</a>. The solution has been in use since late 2015 and used at numerous conferences such as <a href="https://linux.conf.au">Linux.conf.au</a>, <a href="https://debconf.org">DebConf</a> and many PyCon conferences around the world. </p><p> To be truly FOSS has however meant developing code for doing HDMI receiving and sending. Come hear about all the issues we have run into and the nitty gritty details about how it works (or doesn't!). By the end of the talk you will know more than you ever wanted to about the HDMI protocol! </p><p> This talk will cover: <ul> <li>The HDMI video standard, including <ul> <li>An overview of the many protocols and standards required. </li> <li>A high level description of the low speed protocols needed such as DCD (EDID) and CEC. </li> <li>A indepth dive into the high speed TMDS protocol and encoding. </li> </ul> </li> <li>How to build a HDMI receiver and transmission to run on an FPGA. </li> <li>War stories from trying to use the HDMI2USB capture device for recording FOSS conference, including; <ul> <li>Why your HDMI cable can actually matter. </li> <li>Some of the reasons why plugging in a screen doesn't always "just work". </li> <li>Doing error correction on a protocol which doesn't have any. </li> </ul> </li> </ul> </p><p> All code and materials and hardware covered in this talk are released under OSI approved licenses. </p> CC BY 4.0 false Tim 'mithro' Ansell HDMI2USB Project TimVideos Group TimVideos related videos TMDS Encoding GitHub Repo Mithro's GitHub Talk Slides 2016-12-29T18:30:00+01:00 18:30 01:00 Saal 1 33c3-8438-no_love_for_the_us_gov Why Lauri Love’s case is even more important than you thought Ethics, Society & Politics lecture en Lauri Love has never set foot in the United States, yet he is facing a potential century in jail if extradited for his alleged involvement in #OpLastResort, an Anonymous-related protest action that occurred in response to the death of Aaron Swartz. The case against Love, a Finnish and UK citizen, has profound implications for United States claims of global jurisdiction over the internet, for the treatment of neurodivergent individuals under the law, and for privacy rights in the UK and beyond. Lauri has been involved in two important legal cases this year. In May, Lauri scored a rare victory for digital rights in the UK, ensuring the National Crime Agency did not establish a dangerous new precedent to compel the decryption of stored data. Then this summer, during his extradition hearings, a significant portion of defense testimony related to Love’s diagnosis with Aspergers syndrome, his depression and long-term health symptoms for which he is under medical observation. Expert testimony reinforced the inadequacy, violence and injustice of the U.S. prison system for dealing with these concerns. This September, a judge agreed that Lauri was at serious risk of self-harm, yet she approved his extradition nonetheless, reopening a debate in the UK over how to protect vulnerable individuals that was ostensibly resolved after Gary McKinnon’s extradition was blocked by Theresa May in 2012. Ex-Lulzsec member Jake Davis – who was indicted in the United States but prosecuted in the UK, will give his take on Lauri’s case and its broader ramifications. Lauri himself will also participate via video link. How does the possibility of Lauri’s extradition change the threat landscape for digital activists? Is there any way to prevent extradition being used as a tool of US global jurisdiction over the internet? Where has the law on both sides of the Atlantic failed Lauri, and what are the changes we should be fighting for? false Jake Davis Lauri Love Mustafa Al-Bassam /system/events/logos/000/008/406/large/moon.jpeg?1478093272 2016-12-29T20:30:00+01:00 20:30 00:30 Saal 1 33c3-8406-the_moon_and_european_space_exploration Refocusing on the moon as a platform for future deep space missoins Space lecture en Since the early successes of moon missions in the Sixtie, mankind has moved on to the earth orbit and other deep space missions. But interest in the moon as a target has intensified recently as the strategies for future missions are evolving. false Jan Wörner /system/events/logos/000/007/942/large/640px-Spacecolony1.jpg?1474294764 2016-12-29T21:15:00+01:00 21:15 00:30 Saal 1 33c3-7942-interplanetary_colonization the state at the beginning of the 21st Century Space lecture en The long term survival of the human species requires that we become an interplanetary species. But we must answer two big questions: where are we going, and how do we get there? We explore what scientists know (and don’t know) about humanity’s potential future homes both inside and outside the solar system, and then we’ll dive into the technological challenges of (and potential solutions for) getting humans to and colonizing a new planet. Long the realm of science fiction, interplanetary colonization is now taken more and more seriously by scientists and space agencies alike as technologies come within reach. We will evaluate obstacles and solutions by looking at two topics: Where to go? and How to get there? Part 1 explores the options that humans have in expanding to new planets. There are now 3,439 exoplanets in 2,569 planetary systems confirmed. We’ll discuss how astronomers find planets, and how they learn about the conditions there. How do we pick a colonization target based on the data we can gather when there is no way of sending probes there and getting information back in reasonable time like we do in our solar system? Part 2 gives an overview of technologies currently available to get humans to other planets, and what that means in terms of humanity’s expansion. We'll also talk about the technology advancements necessary for truly interstellar colonization. CC BY 4.0 false Liz George Peter Buschkamp 2016-12-29T22:00:00+01:00 22:00 00:30 Saal 1 33c3-7927-lasers_in_the_sky_with_asteroids Space lecture en At 32C3 we shot lasers into space... now it's lasers in space! We look at space- and airborne laser platforms and what practical uses people have come up with (hint: mostly more or less secret communication and military use). We'll also recap the basic physics and boundaries and check if 'pew pew pew' is really gonna cut it (hint: mostly no). To close, we'll have a look at laser based propulsion for space travel and other speculative applications off the beaten path. Today lasers are routinely flown on space and airborne platforms for scientific, military and telecommunication applications. While they make nice special effects in action and sci-fi movies, there are physical boundaries that guide the use of lasers in space and in surface to air/space scenarios. 'SDI' might not be straight forward, but intercepting airborne vehicles or laser based communication to submerged submarines is no longer science fiction. But can we use it for space travel? Lets see. CC BY 4.0 false Peter Buschkamp /system/events/logos/000/008/245/large/photo.jpg?1475260312 2016-12-29T22:45:00+01:00 22:45 00:30 Saal 1 33c3-8245-eavesdropping_on_the_dark_cosmos Dark Matter and Gravitational Waves Space lecture en Imagine, there is this huge data center but your user privileges allow you to access only 5% of the data. That is the exact same situation physicists face when trying to study the cosmos. 95% of our universe is made out of something that cannot be seen or touched. We generally call this unknown substance "dark matter" / "dark energy". The recent discovery of gravitational waves gives us a handle on the dark cosmos. We can now listen to invisible events in our universe. But there may also be other methods to shed light on the dark side. There is (much) more than meets the eye: 95% of everything there is in the universe does not interact with normal matter. It is completely transparent. Does not emit light. Reflects no light waves. Can be neither seen nor touched. The only reason we know it exists is the fact that this unknown substance curves spacetime: it interacts gravitationally. Hence gravitational wave astronomy can target the entire universe while conventional telescopes are fundamentally limited to only 5% of the cosmos. After the initial direct detection of gravitational waves by the Laser Interferometer Gravitational-Wave Observatory (LIGO) last year, many more observatories on ground and in space are under construction that will create a wideband gravitational wave detector network. We will be able to listen to stars falling into black holes, colliding galaxies, maybe even artificial sources of gravitational waves, and will find as yet completely unknown objects in the universe. But gravitational waves are not the only handle we have on the dark side of the cosmos. Many other research teams aim to directly detect dark matter. The Any Light Particle Search (ALPS) even tries to artificially generate dark matter particles in a controlled laboratory environment. It is under construction at the German Electron Synchrotron (DESY) in Hamburg, Germany. First results are expected as early as 2019. This lecture will give you a brief and fun introduction to cosmology and Einstein's general relativity. We will explore different known sources of gravitational waves and their associated frequency range. You will understand how LIGO detected the first gravitational wave signature. Join us to learn about upcoming earthbound observatories and space missions like the Laser Interferometer Space Antenna (LISA). Finally we will turn to detectors that could detect dark matter directly and explore the need for dark matter generators. CC BY 4.0 false Simon Barke Dark Cosmos Group, University of Florida /system/events/logos/000/007/861/large/HUDF.jpg?1473189037 2016-12-29T23:30:00+01:00 23:30 00:30 Saal 1 33c3-7861-the_universe_is_like_seriously_huge Stuff in Space Is Far Away – but How Do We Know? Space lecture en Astronomers struggle to accurately measure distances in the vastness of the known universe. Get an insight into the sophisticated techniques and dirty tricks of today's astrophysics and cosmology. No physics background required, featuring lots of pretty space pictures. On Earth, distances are commonly given in meters and kilometers, and can be measured comfortably with measuring sticks, odometers or optical instruments. But how does that work in space, where machines take years to arrive at other bodies, and distant stars are utterly out of reach? From precise calculations to daring guesstimates, many different techniques and approaches are combined to form what's called the "cosmic distance ladder", giving more or less reasonable estimates of the distances between planets, stars and galaxies. Climb the distance ladder and get to know our place in Space from kilometers to Astronomical Units and light years, all the way to gigaparsecs and the reaches of the known universe. CC BY 4.0 false Michael Büker 2016-12-30T00:15:00+01:00 00:15 01:30 Saal 1 33c3-8460-methodisch_inkorrekt_stream Entertainment other de true /system/events/logos/000/008/095/large/r2big.png?1475174000 2016-12-29T11:30:00+01:00 11:30 01:00 Saal 2 33c3-8095-radare_demystified after 1.0 Security lecture en radare is a libre framework and a set of tools to ease several tasks related to reverse engineering, exploiting, forensics, binary patching, .. this year, the project gets 10 year old. In the process, the design evolved and several new functionalities has appeared, defining better development rules, improving code reviews and introducing RDD and fuzzing as part of the development process. Constant refactoring, writing usage examples and documentation and giving talks, to enlarge the community has been key elements to reach the great user base and health the project lives nowadays. This year, in order to celebrate the 10th anniversary, the author organized the first r2con, a congress around the tool that aims to be an excuse for sharing knowledge, tools, scripts about what different parties and people is doing with it. The congress was pretty successful and allowed to meet developers, users and other interested parties for learning more about the future of the tool and understanding its capabilities. This talk will show the evolution and structure of the project, its roots, some of the most notorious capabilities, showing several usage examples to let the attendees the power in functionalities and extensibility the tool provides. The target for this talk is everyone, from beginners to experts, from curious to skeptics. CC BY 4.0 false pancake radare 2016-12-29T12:45:00+01:00 12:45 01:00 Saal 2 33c3-8272-on_smart_cities_smart_energy_and_dumb_security Security lecture en Smart City is an abstract concept everyone talks about but no one knows what it actually means. No one, except Energy utilities. In this talk we will explore the vast world of Smart Energy, and see how energy providers used the "Smart City" concept to get better control over our energy consumption, all while almost completely ignoring security aspects along the way. Join me and see how Smart Energy is making our lives a little bit better, but also dangerously insecure. While "Smart Cities" are starting to pop all over the world, no city has ever standardized what that term actually means. Smart Energy, on the other hand, has been standardized both by governments and by large private utilities. This positive regulation made the Smart Energy market one of the largest IoT industries today, with over 100,000,000 smart devices currently implemented at consumer premises by utilities all over the world. In this talk We will dive into the Smart Grid, exploring security issues both in the utility infrastructure and the Smart Meters present at consumers. We will explore the magical world called ZigBee, the confusing world of incomplete RFCs, and the hazardous world of insecure wireless devices that control your electricity grid. You will leave this talk with a much better understanding at what's going on in your city, your energy provider, and, surprisingly, your home; And trust me, it won't make you feel any better. CC BY 4.0 false Netanel Rubin 2016-12-29T14:00:00+01:00 14:00 01:00 Saal 2 33c3-8151-dissecting_modern_3g_4g_cellular_modems Security lecture en Let's have a detailed look at some modern 3G/4G cellular modems and see what we can find out about their internals using undocumented debug interfaces and software or hardware based hacking techniques. Cellular modems are not only present in smartphones, tablets and laptops, but these days also in many M2M and internet-of-toilets (IoT) applications. Long gone are the days where those modules were GSM/GPRS/EDGE only with ancient ARM7TMDI or ARM926EJS cores and a relatively small-sized firmware in the range of kilobytes to very few megabytes, like on the famous OsmocomBB supported phones. Modern cellular modems re-use the cellular chipsets of smartphones one or two generations ago, like the MDM9615 used in the iPhone 5. As those chipsets contain plenty of processors and are quite sophisticated SoCs on their own, one can even find (undocumented) Linux or Android in some modems, which of course makes them a very attractive target for further exploration or running your own code inside the modem. We will give a short overview about the current market of cellular modems, the major chipset suppliers and chipset families and then pick one or two examples and show the methods used for reverse engineering them to a point where they can be used for much more than the AT command or QMI interface officially documented/supported by the manufacturer. This includes the execution of custom code inside modems, as well as protocol tracing of the air-interface. We'll also look at the FOTA (Firmware Update Over The Air) features, and perform a security analysis of our findings. This talk understands itself following the tradition of various baseband processor related talks at many CCC events of the past decade, including <a href="https://events.ccc.de/congress/2008/Fahrplan/events/3008.en.html">25C3: Anatomy of smartphone hardware</a> and <a href="https://events.ccc.de/congress/2011/Fahrplan/events/4735.en.html">28C3: Reverse-engineering a Qualcomm baseband</a>. Both speakers (Harald Welte and Holger Freyther) have been working on Free Software related to cellular telephony for more than a decade, including projects like <a href="http://openmoko.org/">Openmoko</a>, <a href="http://openbsc.osmocom.org/">OpenBSC</a>, <a href="http://bb.osmocom.org/">OsmocomBB</a> and many other <a href="http://osmocom.org/">Osmocom</a> projects. CC BY 4.0 false LaForge holger slides /system/events/logos/000/008/369/large/dream_machine_cutout.jpg?1475521404 2016-12-29T16:00:00+01:00 16:00 01:00 Saal 2 33c3-8369-machine_dreams Dreaming Machines Ethics, Society & Politics lecture en Artificial Intelligence provides a conceptual framework to understand mind and universe in new ways, clearing the obstacles that hindered the progress of philosophy and psychology. Let us see how AI can help us to understand how our minds create the experience of a universe. Unlike the machine learning systems of the past, minds are not just classifiers or policy optimizers. Minds are not accumulators of knowledge about the world. Minds are generative systems: they actively produce the world that we subjectively experience. Ordinary day-time experiences are in fact dreams constrained by sensory data. This simple insight of contemporary cognitive science turns realist notions of embodiment on their head. The idea of the brain as a dreaming machine opens a way to understand the nature of our experiences. This is the proposed fourth installment of a series of presentations about using AI perspectives to understand minds and their relationship to the universe. "How to build a mind" (30c3) suggested specifications for an architecture of cognition; "From computation to consciousness" (31c3) explored the mind's computational foundations; "Computational metapsychology" (32c3) discussed the individual and social construction of meaning. "Machine dreams" sketches how the computational machinery of our brains leads to our experience a subjective world. We will look at the conductor theory of consciousness, some of the mental structures contributing to our models of self and world, and the unreasonable effectiveness of neural processes in modeling physics. CC BY 4.0 false Joscha 2016-12-29T17:15:00+01:00 17:15 01:00 Saal 2 33c3-8097-technologien_fur_und_wider_digitale_souveranitat Ethics, Society & Politics lecture de ''Technologien für und wider Digitale Souveränität'' Die weltweite Vernetzung ist die tiefgreifendste Veränderung seit der industriellen Revolution. In einer Zeit der maßlose Massenüberwachung scheint die Digitale Souveränität den Einsatz privatsphärenfreundlicher Technologien als ein unverzichtbarer Bestandteil von gesellschaftlichen Lösungsversuchen zwingend zu erfordern. In unserem Beitrag möchten wir hackerrelvante Teilaspekte und Verfahren aus einer Studie für das Bundesministerium für Justiz und Verbraucherschutz vorstellen. Unter anderem sind hier kryptographische Protokolle (z. B. Blinde Signaturen, Zero-Knowlege Protokolle) und Methoden zur statistischen Auswertung von vertraulichen Daten (z.B. K-Anonymität, Differentielle Vertraulichkeit) zu nennen. CC BY 4.0 false ruedi vgrass Prof. Stefan Lucks /system/events/logos/000/008/407/large/space-elevator-square.jpg?1478019322 2016-12-29T18:30:00+01:00 18:30 01:00 Saal 2 33c3-8407-an_elevator_to_the_moon_and_back Space Transportation and the Extraterrestrial Imperative Space lecture en Why is it so hard to go to the Moon? The curse of Newtonian Mechanics and Tsiolkovsky's Rocket Equation force us to build huge rockets to achieve any meaningful activity on the Moon. There are two strategies to hack the laws of celestial mechanics: making fuel on the Moon and using cables to climb out of the gravity well. Here we focus on the latter, which is the Moon version of the famous space elevator. The difference to an Earth elevator is - anelevator to the Moon's surface is realistic with today's materials. In the talk an introduction to the general problem is given and a starting point for a discussion is given that can easily lead to a sustainable access to the Moon if there is demand to do so. false Markus Landgraf /system/events/logos/000/008/233/large/Secret_Communication_System.jpg?1475258124 2016-12-29T20:30:00+01:00 20:30 00:30 Saal 2 33c3-8233-the_woman_behind_your_wifi Hedy Lamarr: Frequency Hopping in Hollywood Science lecture en Used in cell phone technology, bluetooth devices, and WiFi, Frequency Hopping Spread Spectrum (FHSS) is often said to have been invented in the early 1940s by none other than Hollywood actress and sex symbol Hedy Lamarr. This talk will present the undeniably entertaining history of a well-known actress moonlighting as a military inventor as well as give an overview of the 100-year-old history of frequency hopping and its past and present uses. Imagine no WiFi, no cell phones, no bluetooth. (Everything’s better with bluetooth!) It is often said that we owe the convenience of all these modern technologies to Hollywood actress Hedy Lamarr and her invention of Frequency Hopping Spread Spectrum (FHSS) in the early 1940s. Do we? Born Hedwig Eva Maria Kiesler on November 9, 1914, the daughter of an affluent Viennese family became famous at age 18 for starring naked and faking the first onscreen orgasm in history in the Czech-Austrian film “Ekstase” – fame which led to a successful Hollywood career after Hedwig Kiesler emigrated to the USA and renamed herself Hedy Lamarr. “The most beautiful woman in the world”, as director Max Reinhardt called her, starred in more than two dozen Hollywood movies over the course of twenty years, all the while being bored by the intellectual limitations her job offered. On the subject of what it takes to be a Hollywood sex symbol, she is quoted to have said “Any girl can look glamorous. All you have to do is stand still and look stupid.” Lamarr had always been interested in science and technology and wanted to help the United States' war effort during World War II by doing more than just using her fame and physical beauty to sell war bonds and entertaining the troops at the Hollywood Canteen. In her spare time, she thought about torpedoes: powerful, yet hard to control weapons which might hit their targets more precisely when guided by radio signals. Lamarr knew that the problem with radio signals was that they could easily be jammed by the enemy – and with her co-inventor, pianist and composer George Antheil, she developed a “Secret Communication System” based on the idea of having radio signals hop around frequencies in a seemingly random pattern, making it thereby hard to impossible to interfere with them. A patent was granted to Lamarr and Antheil, but the United States Navy dismissed the technology, in part due to the fact that it had been proposed by an actress and a composer. Lamarr's idea of frequency hopping remained untouched until the 1960s, when the Navy first used it in a buoy signaling submarine locations to airplanes during the Cuban Missile Crisis. In the following decades, the military and private companies developed numerous technologies around the idea of frequency hopping, which is found in most digital devices communicating wirelessly today, be it via bluetooth, WiFi, or in cell phones. Hedy Lamarr's legacy, though, remained that of a beautiful Hollywood actress and sex symbol until recently. Only in 2014 were she and Antheil inducted into the National Inventors Hall of Fame. Admittedly, Lamarr was not the first person to think of frequency hopping as a method for making radio signals harder to intercept and jam: none other than Nikola Tesla was granted a U.S. patent in 1903 which does not use the words “frequency hopping”, but describes changing wireless frequencies to avoid interception of radio communication. During World War I, the German army used a primitive way of frequency hopping to stop the British listening in to their radio communication. It may be an overstatement, therefore, to say that without Hedy Lamarr there would be no bluetooth, no WiFi, no cell phones today. But she did invent a unique way of doing frequency hopping, and many recent patents in frequency hopping spread spectrum technology refer to the Lamarr-Antheil patent as the basis of the field. When it comes to Hedy Lamarr, although she resented not being credited for her scientific inventions for most of her life and instead being reduced to a beautiful face and body, she was after all a woman of her (sexist) time: during her later years, she desperately tried to save her looks through multiple plastic surgery, comically distorting her face to the point where she hardly left the house any more and could only be reached by phone. When, in 1997, her work was finally credited for the first time with the Electronic Frontier Foundation’s Pioneer Award, 82-year-old Hedy sent a recorded message: “In acknowledgement of your honoring me, I hope you feel good as well as I feel good about it, and it was not done in vain. Thank you.” Sources: Barton, Ruth. Hedy Lamarr: The most beautiful woman in film. Lexington, Ky.: University Press of Kentucky, 2010. Förster, Jochen, and Anthony Loder. Hedy Darling: das filmreife Leben der Hedy Lamarr. Hollenstedt: Ankerherz Verlag, 2012. Lamarr, Hedy. Ecstasy and me: my life as a woman. New York: Bartholomew House, 1967. Miessner, Benjamin Franklin. Radiodynamics: The wireless control of torpedoes and other mechanisms. London: Crosby, Lockwood & Son, 1917. Rhodes, Richard. Hedy's Folly: The Life and Breakthrough Inventions of Hedy Lamarr, the Most Beautiful Woman in the World. New York: Doubleday, 2011. Robbins, Trina. Hedy Lamarr and a secret communication system. Mankato, Minn.: Capstone Press, 2007. [graphic novel aimed at middle school students] Shearer, Stephen Michael. Beautiful: The life of Hedy Lamarr. New York: Thomas Dunne Books/St. Martin's Press, 2010. Simons, Marvin K., et. al. Spread Spectrum Communications Handbook. New York: McGraw-Hill, 2002. CC BY 4.0 false Anja Drephal U.S. Patent No. 2292387, "Secret Communication System" Google Doodle celebrating Lamarr's 101st birthday, November 9, 2015 Nikola Tesla's "boat" patent, 1898 Nikola Tesla's "Method of Signaling" patent, 1903 Slides 2016-12-29T21:15:00+01:00 21:15 00:30 Saal 2 33c3-7811-irren_ist_staatlich 10 Jahre Informationsfreiheitsgesetz Ethics, Society & Politics lecture de Dieses Jahr feiert das Informationsfreiheitsgesetz (IFG) seinen zehnten Geburtstag – und niemand feiert mit. Zeit für eine Abrechnung. FOIA frei! Zehn Jahre ist es her, seit das Informationsfreiheitsgesetz (IFG) in Kraft getreten ist und das erste Mal beim Congress vorgestellt wurde. In den USA wird der Freedom of Information Act (FOIA) dieses Jahr 50, in Schweden sogar 250 Jahre alt. Trotzdem ist das Gesetz auf Bundesebene in den letzten Jahren nicht besser geworden, sondern nur schlechter. Zeit für uns, die Verbesserung selbst in die Hand zu nehmen: Mit unserer Kampagne „FragDenBundestag“ haben wir dieses Jahr den Wissenschaftlichen Dienst des Bundestags gezwungen, tausende Gutachten herauszugeben. Auf wen richten wir das dazugehörige Kampagnen-Tool als nächstes? Außerdem haben wir neben einigen Klagen auch eine Verfassungsbeschwerde eingereicht. Wir zeigen, wie wir die Klage massentauglich machen wollen. FOIA frei! CC BY SA false Arne Semsrott /system/events/logos/000/008/039/large/Bildschirmfoto_2016-09-28_um_15.05.17.png?1475067941 2016-12-29T22:00:00+01:00 22:00 00:30 Saal 2 33c3-8039-what_we_can_learn_about_creativity_from_3d_printing Science lecture en For the past three years we studied the world’s largest 3D printing community “Thingiverse”. We explored the remix-relationships—accessible due the community’s use of open licenses—of more than 200.000 individual designs, tracked an entire week’s new designs for half a year, interviewed more than 80 creators and surveyed over 200 more. This allowed us to develop a deep understanding of the creative processes that take place on the platform. In this talk we would like to present our findings. This is of interest to people who care about 3D printing as we can give sort of a behind the scenes view on how ideas come to life here. But it is also interesting to people that care about creativity in general. As what we have found has merit outside of 3D printing, too. In this talk we would like to cover the following: (1) Introduce our research setting and explain why it is useful to study this, (2) provide a consolidated overview on our most interesting findings, and (3) give real life examples for how these findings are transferable to other settings. We have presented primary results of the studies at various academic conferences and have a comprehensive paper on the project currently under revision at the Journal of Information Technology (see attached file). We are a group of three university professors and a Ph.D. student. We work on the intersection of information systems, innovation management, product development, and creativity. We believe that many of the people we studied either attend 33C3 or watch talks online and we therefore think that our results would be of interest to this community. Further, we feel that a well structured talk is better and more entertaining than mailing around our academic journal publications to those who are interested. And lastly, we are eager to receive feedback from a more hands-on audience (than what we deal with at academic conferences). It would be especially useful for us to hear of new developments, discuss ideas for follow-up research projects, and get access to creators that would like to work with us in the future. When we think about creativity we imagine some lone genius that has an incredible insight. Oftentimes, this understanding goes hand in hand with some form of divine intervention: someone is “blessed”, or literally “touched by the Gods”. When we look at academic research that deals with creativity we see a fundamentally different picture. Creative insights are no divine interventions, they are almost always recombinations of known building blocks, they are what is now often called “remixes”. For a long time scholars have tried to make these remixes visible. However, this turned out to be pretty complicated. Creatives either do not want to name their sources of inspiration (for instance due to copyright infringements) or they do not exactly recall what inspired them. For the last three years we looked at creators from the realm of 3D printing. On the world’s largest platform for 3D printable designs (Thingiverse) creators are allowed to remix existing designs but in turn have to indicate which designs they used. This open licensing allowed us to study remix relationships across the entire platform. We explored the remix-relationships—accessible due to their use of open licenses—of more than 200.000 individual designs, tracked an entire week’s new designs for half a year, interviewed more than 80 creators and surveyed over 200 more. On the foundation of these empirical observations, we studied the creative processes in regards to four dimensions: (i) the role of remixes in creative communities, (ii) the different patterns of remixing processes, (iii) the surrounding features that facilitate remixes, and (iv) the characteristics of the remixing users. What we found has merit outside of 3D printing as the creative behaviors that we were able to study are transferable to other settings. In this talk we would like to provide an entertaining overview on our finding, provide examples from 3D printing and contrast them to other creative behaviors. We have attached a working paper that is currently under revision at the Journal of Information Technology. This paper will provide more detail on what we did methodologically. It also entails a couple of figures that illustrate both research setting and findings well. Our research is exploratory in nature. That means we did not start with a clear set of hypotheses like many research projects do. Such a form of research is typical if you want to understand more about an under-researched phenomenon. In our case we wanted to find out how remixing in a digital setting works, and how important it is for creative communities. After studying the setting we conclude our research with five propositions. These are basically guidelines that sum up our findings. These five are: (P1) Remixes pose a major source of innovation in open online communities besides the emergence of isolated designs. (P2) Remixes occur in the form of several different, clearly distinguishable evolutionary paths including convergent and divergent patterns. (P3) The co-existence of different design categories allows for cross-category remixes, which are asymmetric with categories tending to either donate or absorb ideas. (P4) The effectiveness of remixing in online platforms and their attractiveness to different user groups is influenced by a variety of platform features for browsing and processing its contents. (P5) To foster innovation in online communities, platforms need to address the needs and interests of different user groups, each characterized by distinct preferences regarding platform features. Overall we were struck by how important remixing is for the creative process we see in the 3D printing community. And we hope that our research will on the one hand provide more creatives with and understanding how others come to solutions and on the other hand ignite a discussion on the importance of remixing for creative processes in general. More research on this is needed and also platforms need to address this aspect of creativity better. CC BY 4.0 false Sascha Friesike Talk on a part of this research given at "Lange Nacht der Wissenschaften" in Berlin Slides file 2016-12-29T22:45:00+01:00 22:45 00:30 Saal 2 33c3-8231-pufs_protection_privacy_prngs an overview of physically unclonable functions Science lecture en A physically unclonable function, or PUF, is some physical structure with properties that are easy to verify, hard to predict, and practically impossible to clone. Ideally, this means it's a device-unique unchanging identifier, which can be used for improving security. However, it can be at odds with privacy and anonymity. This talk will give you an overview of the thirty years of history behind PUFs, and will include the most recent advances in research. The functions, structure, and design will be discussed, as well as devices and materials that have properties to base PUFs on. What do CPU registers, sticks of RAM, shared memory in GPUs, and paper have in common? They all have unique properties that are impossible[1] to reproduce, even when using the same manufacturing process. These properties can be turned into physically unclonable functions, or PUFs for short, yielding an object-bound unique identifier. This makes you trackable, but since you're being tracked anyway, you might as well put some of this to good use. The idea of PUFs is not new, and can be traced back several decades to anti-counterfeiting measures in currency. Since then, several formalizations have been proposed, new types of PUFs have been invented, implemented, attacked, and scrutinized. PUFs can be used to identify and authenticate devices. They can be used to secure your boot process. Some PUF constructions can be used to enhance your random number generation. You might be using devices right now that have properties that can be turned into PUFs, provided you have the tools and want to do some programming. This talk will take you on a brief tour of the history of PUFs. Along the way, it will show you how a PUF is constructed, what its properties should be, what it can be used for, what materials and devices are known to be suitable for building one, and how you might go about searching for them in your own devices. [1] For certain definitions of impossible. CC BY 4.0 false Pol Van Aubel PUFs - slides file /system/events/logos/000/008/330/large/zcash.png?1479469683 2016-12-29T23:30:00+01:00 23:30 00:30 Saal 2 33c3-8330-the_zcash_anonymous_cryptocurrency or zero-knowledge succinct non-interactive arguments of knowledge for laypeople Science lecture en Zcash is the third iteration of an extension to the Bitcoin protocol that provides true untraceability, i.e. fully anonymous transactions. It is arguably the first serious attempt to establish this extension, in the form of its own blockchain, beyond the form of an academic proposal. The talk provides an introduction to the magic that makes it work. Despite everything, the Bitcoin cryptocurrency has not imploded or destroyed itself; it might be here to stay after all. That would presently include, however, its biggest flaw: The utter lack of anonymity. In fact, the famed Bitcoin blockchain is the world's most robust, transparent, and <em>public</em> financial accounting system ever. The above means that Bitcoin's potential widespread adoption is nothing short of a privacy horror scenario straight out of Orwell. Every toilet paper purchase publicly recorded, verified, stamped, and approved. This should not be news to anyone. In 2013, a few reputable cryptographers came up with some mathematical magic that would, if integrated into Bitcoin, enable anonymous transactions. This proposal has been described in an academic paper under the name Zerocoin and a year later improved in another paper under the name Zerocash. The plan had then shifted to establishing the system as an anonymous <em>altcoin</em> rather than to push for integration into Bitcoin itself. Zcash is the name of a company formed by the authors of Zerocash to develop and launch this altcoin; launch occured as planned on 28 October 2016. This talk will introduce the audience to the mathematical and technical background of Zcash, and report on the state of the currency two months after its launch. A degree in mathematics is not required. Note: The presenter is not affiliated with the Zcash company. CC BY 4.0 false pesco Zcash website Zerocash paper (2014) Zerocoin paper (2013) Zcash specification Ben-Sasson et al.: "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture" Presentation slides 2016-12-29T11:30:00+01:00 11:30 01:00 Saal G 33c3-8099-how_do_we_know_our_prngs_work_properly Security lecture en Pseudo-random number generators (PRNGs) are critical pieces of security infrastructure. Yet, PRNGs are surprisingly difficult to design, implement, and debug. The PRNG vulnerability that we recently found in GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several expert audits. In this presentation, we not only describe the details of the flaw but, based on our research, explain why the current state of PRNG implementation and quality assurance downright provokes incidents. We also present a PRNG analysis method that we developed and give specific recommendations to implementors of software producing or consuming pseudo-random numbers to ensure correctness. <P>Bugs in PRNGs often go unnoticed for years, as witnessed previously by the Debian OpenSSL disaster (2006-2008; see presentation at 25C3) or the Android PRNG vulnerability (2005-2013), which was responsible for a series of bitcoin thefts. This longevity has good reasons, as currently almost no effective technical safeguards against the PRNG flaws are in place. In public forums, questions about quality assurance for PRNGs are typically met with fatalistic shrugging, links to web comics, or links to statistical test suites. None of these approaches is effective in solving the problem. <P>In the past two years, we carried out research into correctness of cryptographic PRNGs, studying the effectiveness of various measures, and developing new ones. We analyzed numerous PRNGs that are currently in deployment. With this presentation we aim to convey insights into: <UL> <LI> the current state of PRNG implementations <LI> why quality assurance of PRNGs is difficult and <LI> why hardly any technical safeguards against flaws in PRNGs are currently in place <LI> the details of the GnuPG flaw that we uncovered <LI> the hidden technical similarities behind many PRNG flaws (such as the three mentioned above) <LI> which safeguards are effective and which are not <LI> how to improve the situation </UL> CC BY 4.0 false Vladimir Klebanov Felix Dörre CVE-2016-6313: Entropy Loss and Output Predictability in the Libgcrypt PRNG Practical Detection of Entropy Loss in Pseudo-Random Number Generators Slides /system/events/logos/000/008/088/large/YNMibW_C.jpg?1482827532 2016-12-29T12:45:00+01:00 12:45 02:15 Saal G 33c3-8088-lightning_talks_day_3 Lightning Talks CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit <a href="https://events.ccc.de/congress/2016/wiki/Static:Lightning_Talks">the Lightning Talks Wikipage</a>. CC BY 4.0 false gedsic bigalex /system/events/logos/000/008/012/large/4412754.png?1482415556 2016-12-29T16:00:00+01:00 16:00 01:00 Saal G 33c3-8012-building_custom_pinball_machines What you need and how it works. An experiences report Hardware & Making lecture en How to build a pinball machine? We introduce you to all basics and explain the different options for hardware and software. As an example, we show images of our own custom pinball machine. This talk gives an overview over all the components in a pinball machine which includes software and a lot of hardware. Afterwards, we go over all the steps when designing and building a pinball machine. We start with basic design rules, physical limits and best practices. Then, we focus on the mechanical and electronic components. After that, we talk about software and display (DMD vs LCD) options. At the end, we explain how to build or manufacture certain parts for your machine. For the hardware, we talk about: - EM, WPC and modern machines - Coils and Switches - Sources for mechanical elements - Gi/Lamps - RGB LEDs - Display option (DMDs, LED-DMDs, LCDs) and how to control them Electronics: - Open Pinball Project (Open Hardware) - Multimorphic P-Roc and P3-Roc - FAST Pinball Boards - Full custom options - Fadecandy/Openpixel - I2C and ServoControllers Software options: - Mission Pinball Framework (Disclaimer: I'm one of the authors) - pypinprocgame/pypinprocgameHD Building/Manufacturing Parts: - Playfields (including printing) - Cabinet - Metal ramps - Wire ramps - Plastic ramps - Plastics/Decals - Inserts - Mechanics CC BY 4.0 false jab 2016-12-29T17:15:00+01:00 17:15 01:00 Saal G 33c3-8163-a_new_dark_age Turbulence, Big Data, AI, Fake News, and Peak Knowledge Art & Culture lecture en James Bridle is a British writer and artist living in Greece. His work explores the impact of technology on society, law, geography, politics, and culture. His Drone Shadow installations have appeared on city streets worldwide, he has mapped deportation centres with CGI, designed new kinds of citizenship based on online behaviour. and used neural networks and satellite images to predict election results. A New Dark Age is an exploration of what we can no longer know about the world, and what we can do about it. The history of computation and the history of the weather are deeply intertwined. The possibilities of mathematical prediction have driven a belief in our ability to model and control the world. Today, the pervasive metaphor of "the Cloud" shapes how we think about the world - but not always in useful or democratic ways. James Bridle's Cloud Index explored this history and sets out a new model for thinking about the world with the cloud at its heart: a nebulous, ever-changing set of possibilities, founded on unknowing. The Cloud Index (http://cloudindx.com, 2016) is an online artwork using neural networks to generate new weather patterns corresponding to differing electoral outcomes. The work challenges our ability to predict and thus control the future, and questions our intentions and ethics when it comes to the things we build. Using the Cloud Index as a starting point, Bridle's lecture explores the military and political histories of computation, networking, and weather control. As the processes of computational thinking - the belief that the gathering of ever-increasing volumes of data and the application of vast engines of computing power - fail to produce coherence or agency in the world, Bridle suggests that we should take the Cloud at its word. Cloud thinking is the acknowledgement that we cannot know or predict everything, and our technology is trying to teach us a different way of seeing and understanding the world. CC BY 4.0 false James Bridle Cloud Index Cloud Thinking James Bridles' work Cloud Index 2016-12-29T18:30:00+01:00 18:30 01:00 Saal G 33c3-8139-hochsicherheits-generalschlussel_marke_eigenbau Hardware & Making lecture de Die Verfügbarkeit preiswerter Maschinentechnik und Open Source CAD-Software hat den Aufwand des Herstellens eigener mechanischer Schlüssel signifikant abgesenkt, die wir noch vor zehn Jahren als „sicher“ bezeichnet haben. Klassische Zylinderschlösser sind in der Vergangenheit bereits ausführlich analysiert worden, doch wie sieht die Situation bei anspruchsvolleren mechanischen Schließsystemen aus? Wir zeigen, wie man den Generalschlüssel einer hoch präzisen, hochpreisigen Schließanlage ermittelt. Weiterhin präsentieren wir unseren Workflow der Software und Mechanik, mit dem man Rohlinge und Schlüssel eines Hochsicherheitssystem mit einer „Low Cost“ CNC-Fräse herstellen kann. Im Gegensatz zum 3D-Drucken bietet uns dies eine deutlich höhere Präzision und mechanische Stabilität - und das für unter 2 Euro pro Schlüssel. Die Verfügbarkeit preiswerter Maschinentechnik und Open Source CAD-Software hat den Aufwand des Herstellens eigener mechanischer Schlüssel signifikant abgesenkt, die wir noch vor zehn Jahren als „sicher“ bezeichnet haben. Beispielsweise sind CAD-Daten von TSA-Schlüsseln veröffentlicht und mit 3D-Druckern nachgedruckt worden; auf dem 32C3 wurden Tools zur automatisierten Erstellung von Schlüsselrohlingen gezeigt. Klassische Zylinderschlösser sind in der Vergangenheit bereits ausführlich analysiert worden, ebenso die Decodierung einer Schließanlage bis zum 3D-Drucken von geschützten Schlüsselrohlingen anhand eines einfachen Fotos. Doch wie kann dieses Wissen adaptiert und erweitert werden, um es auch bei anspruchsvolleren Systemen anwenden zu können? Wir zeigen, wie man den Generalschlüssel einer komplexen Schließanlage bestimmt. Als Beispiele dienen EVVA 3KS und KESO. Wir erklären, wie man Schlüssel und Schlösser als Informationsquelle nutzt. Weiterhin präsentieren wir unseren Workflow der Software und Mechanik, mit dem man Rohlinge und Schlüssel eines Hochsicherheitssystem mit einer „Low Cost“ CNC-Fräse herstellen kann. Im Gegensatz zum 3D-Drucken bietet uns dies eine deutlich höhere Präzision und mechanische Stabilität - und das für unter 2 Euro pro Schlüssel. Als Beispiel zeigen wir, wie man diese Technik an einer mitgebrachten Schließanlage einsetzt. CC BY 4.0 false Michael Weiner RFguy key.jpg /system/events/logos/000/007/899/large/Logo.jpg?1481283258 2016-12-29T20:30:00+01:00 20:30 00:30 Saal G 33c3-7899-berechnete_welt Unsere Daten, die Zukunft und die zerstörte Demokratie Ethics, Society & Politics lecture de Wer all unsere Daten der Gegenwart mit selbstlernenden Algorithmen auswertet, wird die nahe Zukunft grob vorhersagen können. Die Instrumente dafür sind so weit, viele seriöse Forscher arbeiten an Teilbruchstücken. Die Folgen für die Gesellschaft scheinen fatal zu sein. Orwell naht gewaltig. Vorhersagen hatten lange einen zweifelhaften Ruf: von den antiken Orakeln mit ihrer eigenen Agenda bis zu den Meinungsumfragen der Gegenwart. Die Gesellschaft galt seriösen Forschern seit jeher als zu komplex, um die Zukunft seriös vorausberechnen zu können. Aber das ändert sich heute: Selbstlernende Algorithmen finden in den exponentiell wachsende Datenbergen immer mehr über uns alle heraus. Kollektives Verhalten vieler Menschen wird, im kleinen zeitlichen Rahmen, vorhersehbar. Die Facebook- und Twitterdaten vom arabischen Frühling waren ein ausgezeichneter Lerndatensatz. Dieser Vortrag beginnt mit den Zutaten, die für einen echten Weltsimulator nötig sind. Und er endet mit der Frage, was demokratische und weniger demokratische Machthaber damit anfangen könnten. Wenn sie derartige Instrumente nicht längst nutzen. CC BY 4.0 false Karl Urban 2016-12-29T21:15:00+01:00 21:15 00:30 Saal G 33c3-8135-saving_the_world_with_vegan_science Science lecture en Describing the science behind new high tech vegan foods which will replace animal agriculture. I will also discuss the potential impact to lessen the severity of climate change and give an update on the Real Vegan Cheese biohacker project. Climate change is the most pressing issues ever faced by humans. While many people are aware of the need for renewable energy, electric vehicles and more efficient homes and manufacturing, fewer people are aware that animal agriculture is a major issue which must be addressed. In fact animal agriculture is one of the highest impact human activities, producing greenhouse gas emissions and environmental damage on par with worldwide transportation and industrial manufacturing. Rather than convincing people to give up animal products, some groups (academic, industrial and biohackers) are using science to produce near-identical, or in some cases identical, replacements for these products. Replacing animal products will greatly reduce the environmental impact of our diets, without making people give up the food they desire. I will discuss various approaches including plant protein databases used for engineering realistic animal product replacement, production of proteins in genetically modified microorganisms, and culturing of animal cells without the growing of a whole animal. The science behind these approaches, potential impact, and progress by various players in these fields will be presented. Finally I give a progress update on the Real Vegan Cheese project, which is run out of biohacker spaces in the SF bay area and aims to produce real cheese from engineered yeast. CC BY 4.0 false Benjamin Rupert slides 2016-12-29T22:00:00+01:00 22:00 00:30 Saal G 33c3-8444-jodi_-_apache_is_functioning_normally A net.art collective since 1995. Understanding the browser as a canvas for art. Art & Culture lecture en Joan Heemskerk and Dirk Paesmans, collectively known as JODI, are rightfully venerated for their countless contributions to art and technology, working as an artistic duo since the mid-90’s. Generally referred to as pioneers of “net.art,” that oft-misunderstood “movement” combining the efforts of artists using the internet as a medium circa 1994, JODI is revered not only for their artistic meditations on the increasing presence of new technology in our daily lives, but also for their fuck-if-I-care attitude toward both the establishments of the technology and art worlds. JODI’s famous five-word “acceptance” speech—if you could call it that—for their 1999 Webby Award in art, simply read, “Ugly commercial sons of bitches.” false DI JO JODI /system/events/logos/000/008/113/large/image.jpeg?1475186987 2016-12-29T22:45:00+01:00 22:45 00:30 Saal G 33c3-8113-edible_soft_robotics An exploration of candy as an engineered material Hardware & Making lecture en As a soft roboticist I am constantly searching for inspiration for novel soft actuators, and as a home cook and artist I consider eating an object to be a high-level form of interactivity. Having noted the similarities between cast silicone and gummi candies it was natural to combine these interests. I will share my experiments in assessing different candies for their engineering potential, and show my work-in-progress for sweet soft robots. As a soft roboticist I am constantly searching for inspiration for novel soft actuators, and as a home cook and artist I consider eating an object to be a high-level form of interactivity. Having noted the similarities between cast silicone and gummi candies it was natural to combine these interests. Part of this analysis is developing testing metrics for candy recipes for performance characteristics, and looking to an ever-increasing set of candy-making techniques to potentially use to design and iterate/innovate. I will share my experiments in assessing different candies for their engineering potential, and show my work-in-progress for sweet soft robots. I will also share a few ideas for future design plans. CC BY 4.0 false Kari Love Edible Soft Robotics /system/events/logos/000/008/270/large/hebocon_logo.png?1475265089 2016-12-29T23:30:00+01:00 23:30 00:30 Saal G 33c3-8270-hebocon A sumo style robot battle for intentionally crappy robots! Entertainment performance en Join with your derpy bot to fight your nemesis! Push it off the table or knock the enemy over. No weapons. No advanced controllers. No tears. Don't take it serious. Hebocon is a robot sumo-wrestling competition for those who are not technically gifted. It is a competition where crappy robots that can just barely move gather and somehow manage to engage in odd, awkward battles. This kind of robot battles was invented to enable people to participate without much knowledge and financial resources. Robots should be built to be able to move (sometimes they don't), must be lighter than 1kg and smaller than 50x50 cm. The battlefield will be 100x50 cm. Don't use weapons, advanced self build controls or autonomous mechanisms. Winners will be determined by knockout, points and audience. CC BY 4.0 false Konfusius Hebocon International Hebocon Video Hebocon @ Schmiede 2015 Hebocon @ Schmiede 2016 /system/events/logos/000/008/020/large/logopodcast.jpg?1474982648 2016-12-30T00:15:00+01:00 00:15 01:30 Saal G 33c3-8020-methodisch_inkorrekt Die Wissenschaftsgala vom 33C3 Entertainment lecture de Wer hat diese Jungs wieder reingelassen?! Nicolas Wöhrl und Reinhard Remfort sind eine Gefahr für Leib und Leben. Unter dem Deckmantel der Wissenschaftskommunikation machen sie auf der Bühne alles das, was sie an der Uni nie gewagt hätten. Dazu sprechen sie über aktuelle wissenschaftliche Themen. Laaaangweilig! Wer will denn sowas sehen? Unstrukturiert, abschweifend, hoffnungslos subjektiv und immer garantiert methodisch inkorrekt. Eigentlich ein Podcast der alle 14 Tage erscheint. Nach dem großen Erfolg auf dem Congress im letzten Jahr wird diesmal eine noch größere Show abgezogen: Experimente, die mal interessant, mal fragwürdig sind. Wissenschaftler, die mal belehrend und mal unzurechnungsfähig sind. Wissenschaftliche Studien, die mal nobelpreisverdächtig und mal zweifelhaft sind. Wissenschaft auf der Showbühne. It works, bitches! CC BY 4.0 false Nicolas Wöhrl @ReinhardRemfort Auftritt 32c3 2016-12-29T11:30:00+01:00 11:30 01:00 Saal 6 33c3-8414-corporate_surveillance_digital_tracking_big_data_privacy How thousands of companies are profiling, categorizing, rating and affecting the lives of billions Ethics, Society & Politics lecture en Today virtually everything we do is monitored in some way. The collection, analysis and utilization of digital information about our clicks, swipes, likes, purchases, movements, behaviors and interests have become part of everyday life. While individuals become increasingly transparent, companies take control of the recorded data. In his talk, Wolfie Christl will outline how today’s online platforms, data brokers, credit reporting agencies, insurers, mobile app developers and tech companies are collecting, analyzing, sharing and making use of vast amounts of data about our everyday lives – across platforms, devices and life contexts. In October 2016, his book „Networks of Control“ was published, a comprehensive report about privacy in times of corporate surveillance, digital tracking and big data. The report was co-authored by Sarah Spiekermann, a renowned privacy scholar, and not only exposes the full degree and scale of today’s personal data industry, but also shows how algorithmic decisions on people lead to discrimination, exclusion and other harms. Based on many examples, Wolfie Christl will give an overview of his research: Who are the players in today's surveillance economy? How do networks of online platforms, tech companies and data brokers really collect, analyze, trade and make use of personal data? What can be inferred from our purchases, web searches and likes? How is analytics based on personal information already used in fields such as insurance, finance, healthcare and employment to treat people differently? And, what are the societal implications and risks of ubiquitous corporate surveillance? false Wolfie Christl Wolfie Christl, Sarah Spiekermann (2016): Networks of Control. A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy. Facultas, Vienna. PDF Download: /system/events/logos/000/008/022/large/memdedup_logo.PNG?1482858644 2016-12-29T12:45:00+01:00 12:45 01:00 Saal 6 33c3-8022-memory_deduplication_the_curse_that_keeps_on_giving A tale of 3 different memory deduplication based exploitation techniques Security lecture en We are 4 security researchers who have collectively worked on 3 different attack techniques that all (ab)use memory deduplication in one way or another. There is a cross-vm data leak attack, a cross-vm data write attack, and an in-sandbox (MS Edge) Javascript data leak + full memory read/write attack based in MS Edge. In this talk we detail how memory deduplication works and the many different ways it is exploited in our attacks. Memory deduplication is a widely applied technique to reduce memory consumption in servers, VM hosts, desktop systems and even mobile devices. Deduplication maps multiple identical copies of a physical page onto a single shared copy with copy-on-write semantics. As a result, a write to such a shared page triggers a page fault and is thus measurably slower than a write to a unshared page. Prior work has shown that an attacker able to craft pages on the target system can use this timing difference as a simple single-bit side channel to discover that certain pages exist in the system. In this talk, we show that the security implications of using memory deduplication are much more severe than initially assumed. We show that by maliciously programming memory deduplication, an attacker can build primitives to read arbitrary data from memory and even write to memory in a limited but powerful way. We exemplify these primitives using three attacks that we have recently developed. The first attack, CAIN, uses memory deduplication to brute-force ASLR’s entropy bits from a co-hosted victim VM. The second attack, Dedup Est Machina, extends CAIN in order to leak arbitrary data such as ASLR heap/code pointers and password hashes in a victim’s browser from JavaScript. Using the leaked pointers, Dedup Est Machina uses a Rowhammer exploit to own Microsoft Edge without relying on a single software vulnerability. The third attack, Flip Feng Shui, uses memory deduplication to control the placement of a co-hosted victim VM’s sensitive information on physical memory for building a sophisticated Rowhammer attack on RSA public keys. Flip Feng Shui makes cross-VM Rowhammer attacks precise, fast and reliable. As an example, Flip Feng Shui compromises the OpenSSH server of a victim VM in less than 10 minutes in 84% of the cases. We conclude memory deduplication is fatal for security in more ways than one. Speaker BIOs: Kaveh Kaveh Razavi is a security researcher at the Vrije Universiteit Amsterdam in the Netherlands. He is currently mostly interested in reliable exploitation and mitigation of hardware vulnerabilities and side-channel attacks on OS/hardware interfaces. He has previously been part of a CERT team specializing on operating system security, has worked on authentication systems of a Swiss bank, and has spent two summers in Microsoft Research building large-scale system prototypes. He holds a BSc from Sharif University of Technology, Tehran, an MSc from ETH Zurich and a PhD from Vrije Universiteit Amsterdam. Ben Ben Gras has been part of the systems security research group at the Vrije Universiteit Amsterdam since 2015. Previously, he was a scientific programmer working on the Minix operating system under Andy Tanenbaum for 10 years. Erik Erik Bosman is a PhD student in the Systems and Network Security group at the Vrije Universiteit Amsterdam in the Netherlands. He is currently working on novel side-channel attacks for leaking sensitive information from the OS and applications. He has previously developed Signal Return-Oriented Programming, a highly portable exploitation technique that abuses signal frames for creating a weird machine that the attackers can program. His minemu system is the world’s fastest dynamic taint-tracker that can be used to protect binaries against memory corruption attacks. Antonio Antonio Barresi is Co-founder and CEO of xorlab, a Swiss IT security company. Before founding xorlab, he worked at the Laboratory for Software Technology (LST) at ETH Zurich on software security related topics. His research interests are software and systems security. Before joining LST, he worked in industry as a Software Engineer, Security Consultant, and IT Risk Officer. He holds a BSc and MSc degree in Computer Science from ETH Zurich. CC BY 4.0 false Ben Gras Kaveh Razavi brainsmoke Antonio Barresi Flip Feng Shui project page Dedup Est Machina project page CAIN blog article Slides /system/events/logos/000/008/072/large/logo_nl.png?1475157053 2016-12-29T14:00:00+01:00 14:00 01:00 Saal 6 33c3-8072-liberte_egalite_fraternite_and_privacy Ethics, Society & Politics lecture en France is under a state of emergency since November 2015. Several laws and a more intrusive surveillance framework, infringing rights and freedoms, have been adopted these recent years in the name of the fight against terrorism. Privacy, freedom of expression… these words could soon disappear from French vocabulary as the number of measures increases as the same time than their intensity. We will show how it happened and what are our actions to try to defend the rights of all to privacy and freedom of speech. The next French presidential elections will take place in spring 2017 under the state of emergency while all laws recently adopted are making our national motto „liberté, égalité, fraternité“ out of date. Furthermore, the increasing surveillance drifts are undermining Privacy whereas this is a fundamental right and a sine qua non condition for freedom. We are looking back on the three years span of law adopted on surveillance in France as well as the more than one-year old state of emegency. What does that mean for our rights ? What is at stake ? In which society model are we heading? What can we learn form the French experience? Let’s find out. CC BY 4.0 false Agnes Christopher Talib /system/events/logos/000/007/853/large/Logo2.png?1481195946 2016-12-29T16:00:00+01:00 16:00 01:00 Saal 6 33c3-7853-do_as_i_say_not_as_i_do_stealth_modification_of_programmable_logic_controllers_i_o_by_pin_control_attack Security lecture en Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this work, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them. Embedded systems are widely used today in a variety of applications, such as consumer, industrial, automotive, medical, commercial and military. As such, they are often employed in mission critical systems that have to be both reliable and secure. In particular, it is important that their I/O (Input/Output) be stable and secure, as this is the way they interact with the outside world. Digging into their architecture, we know that the I/O interfaces of embedded systems (e.g., GPIO, SCI, USB, etc.), are usually controlled by a so-called System on a Chip (SoC), an integrated circuit that combines multiple I/O interfaces. In turn, the pins in a SoC are managed by a pin controller, a subsystem of SoC, through which one can configure pin multiplexing or the input or output mode of pins. One of the most peculiar aspects of a pin controller is that its behavior is determined by a set of registers: by altering these registers one can change the behavior of the chip in a dramatic way. This feature is exploitable by attackers, who can tamper with the integrity or the availability of legitimate I/O operations, factually changing how an embedded system interacts with the outside world. Based on these observations, in this research, we introduce a novel attack technique against embedded systems, which we call pin control attack. As we will demonstrate in the work, the salient features of this new class of attacks are: First, it is intrinsically stealth. The alteration of the pin configuration does not generate any interrupt, preventing the OS to react to it. Secondly, it is entirely different in execution from traditional techniques such as manipulation of kernel data structures or system call hooking, which are typically monitored by anti-rootkit protection systems. Finally, it is viable. It is possible to build concrete attack using it. To demonstrate these points, we first present and demonstrate the attack capabilities offered by Pin Control attack, together with the minimal requirements for carrying out the attack. We argue that the attack capabilities include blocking the communication with a peripheral, causing physical damage to the peripheral, and manipulating values read or written by legitimate processes. We show how pin control can be exploited both with and without the attacker having kernel-level or root access. To demonstrate the feasibility of our attack technique, we describe the practical implementation of an attack against a Programmable Logic Controller (PLC) environment by exploiting the runtime configuration of the I/O pins used by the PLC to control a physical process. The attack allows one to reliably take control of the physical process normally managed by the PLC, while remaining stealth to both the PLC runtime and operators monitoring the process through a Human Machine Interface, a goal much more challenging than simply disabling the process control capabilities of the PLC, which would anyway lead to potentially catastrophic consequences. The attack does not require modification of the PLC logic or traditional kernel tampering or hooking techniques, which are normally monitored by anti-rootkit tools. We present two variations of the attack implementation. The first implementation allows an extremely reliable manipulation of the process at the cost of requiring root access. The second implementation slightly relaxes the requirement of reliable manipulation while allowing the manipulation to be achieved without root access. Finally, we discuss potential mechanisms to detect/prevent Pin Configuration exploitation. However, because the pin configuration does happen legitimately at runtime and the lack of proper interrupt notifications from the SoC, it seems non-trivial to devise monitoring techniques that are both reliable and sufficiently light way to be employed in embedded systems. CC BY 4.0 false Ali Abbasi Majid CCC Presentation /system/events/logos/000/008/336/large/dog.jpg?1475273918 2016-12-29T17:15:00+01:00 17:15 01:00 Saal 6 33c3-8336-talking_behind_your_back On the Privacy & Security of the Ultrasound Tracking Ecosystem Security lecture en In the last two years, the marketing industry started to show a fast increasing interest in technologies for user cross-device tracking, proximity tracking, and their derivative monetization schemes. To meet these demands, a new ultrasound-based technology has recently emerged and is already utilized in a number of different real-world applications. Ultrasound tracking comes with a number of desirable features (e.g., easy to deploy, inaudible to humans), but alarmingly until now no comprehensive security analysis of the technology has been conducted. In this talk, we will publish the results of our security analysis of the ultrasound tracking ecosystem, and demonstrate the practical security and privacy risks that arise with its adoption. Subsequently, we will introduce some immediately deployable defense mechanisms for practitioners, researchers, and everyday users. Finally, we will initiate the discussion for the standardization of ultrasound beacons, and outline our proposed OS-level API that enables both secure and effortless deployment for ultrasound-enabled applications. This talk will present the outcomes of the first comprehensive security study on the ultrasound tracking ecosystem. This ecosystem remained almost unknown to the general public until recently, when a newly-founded company faced the nemesis of the security community and the regulators (e.g., the Federal Trade Commission) for its controversial tracking techniques. However, there are many more “traditional players” using ultrasound tracking techniques for various purposes, raising a number of levels of security and privacy issues with different security and privacy models. In general, the main advantage of the ultrasound technology compared to already existing solutions is that it does not require any specialized equipment (unlike wifi and bluetooth), while it remains inaudible to humans. For this reason, the technology is already utilized in a number of different real-world applications, such as device pairing, proximity detection, and cross-device tracking. From a technical perspective, ultrasound tracking is based an ecosystem featuring multiple participating entities (e.g., the users, the advertisers, the content providers, the tracking provider). In this talk, we will present the first comprehensive and in-depth security analysis of ultrasound tracking technology and the surrounding ecosystem. More specifically, we will provide visibility within the ecosystem’s walled garden, examine the different facets of the ultrasound technology, explain how it is currently used in the real world, and subsequently evaluate the privacy and security of the technology itself and the existing deployments. Based on our findings, we will then introduce a new class of attacks against ultrasound tracking mechanisms, along with analysis of real-world Android apps featuring ultrasound frameworks. In particular, we will show how an ultrasound cross-device tracking framework can be abused to perform stealthy de-anonymization attacks (e.g., to unmask users who browse the Internet through anonymity networks such as Tor), to inject fake or spoofed audio beacons, and to leak users’ private information. In the mitigation part of our talk, we will outline immediately deployable defenses that empower practitioners, researchers, and everyday users to protect their privacy. In particular, we will release a browser extension and an Android permission module that enable users to selectively suppress frequencies falling within the ultrasonic spectrum. In the last part of our talk, we would like to engage in discussion with the audience regarding the standardization of ultrasound beacons, and share our design of a flexible OS-level API that addresses both the effortless deployment of ultrasound-enabled applications and the existing privacy and security problems. CC BY 4.0 false Vasilios Mavroudis Federico Maggi /system/events/logos/000/007/945/large/Screen_Shot_2016-09-29_at_12.19.54_PM.png?1475176968 2016-12-29T18:30:00+01:00 18:30 01:00 Saal 6 33c3-7945-decoding_the_lora_phy Dissecting a Modern Wireless Network for the Internet of Things Security lecture en LoRa is an emerging Low Power Wide Area Network, a new class of wireless technology designed to connect everything from streetlights to intelligent mousetraps. I will discuss the design and security implications of LPWANs, dive deep into the LoRa PHY, and demonstrate sniffing and injection with an open source LoRa transceiver built on commodity Software Defined Radio tools. This talk will demonstrate techniques for decoding the LoRa PHY layer and will introduce gr-lora, an open source implementation of the protocol. LoRa is a Low Power Wide Area Network (LPWAN), an emerging class of wireless technology optimized for embedded and Internet of Things focused applications. LoRa is unique because it uses a chirp spread spectrum modulation that encodes data into RF features more commonly encountered in RADAR systems. LoRa is also designed to operate in unlicensed ISM frequency bands, both avoiding costly spectrum licensing requirements and democratizing long-range network infrastructure to consumers and new commercial operators alike. After briefly introducing the audience to LPWANs, I will walk through the SDR and DSP techniques required to demodulate and decode LoRa packets. In addition I will discuss gr-lora, an open-source implementation of the PHY that can be leveraged to design LoRa security test tools and drive future research. CC BY 4.0 false Matt Knight gr-lora: an open source GNU Radio OOT transceiver that speaks LoRa LoRa Slides from DEFCON 24 Wireless Village /system/events/logos/000/008/280/large/logo.png?1475267099 2016-12-29T20:30:00+01:00 20:30 00:30 Saal 6 33c3-8280-von_alpakas_hasenbaren_und_einhornern_uber_anerkennungskultur Wie Wertschätzung in (Tech-)Communities gelingen kann Ethics, Society & Politics lecture de Wie würdigen verschiedene Tech-Communities das ehrenamtliche Engagement ihrer Mitglieder? Wie lassen sich gewünschte Lernprozesse verstärken? Was sind unsere Erfahrungen bei Jugend hackt? Und was haben Badges damit zu tun? Wir wollen verschiedene Möglichkeiten von Anerkennung ehrenamtlicher Arbeit beleuchten und unsere eigenen Erfahrungen mit Jugend hackt, einer vier Jahre jungen Tech-Community von Jugendlichen und deren MentorInnen, teilen. Das Ziel des Talks ist, euch dabei zu helfen, Lernprozesse um Motivationsfaktoren in euren eigenen Tech-/FOSS-Communities besser zu unterstützen, verschiedenste Erfahrungen zusammenzutragen und existierende Ideen weiterzuentwickeln. Communities, insbesondere im FOSS-Bereich, können ohne ehrenamtliches Engagement kaum überleben. Doch die Anerkennung und Wertschätzung dieses Engagements kommt häufig zu kurz. Gleichzeitig kommen immer wieder Open-Source-Projekte, auf denen unsere technische und zivilgesellschaftliche Infrastruktur aufbaut, zum Erliegen. Doch was ist, wenn sich das Problem nicht mit Geld lösen lässt? Wir gehen in unserem Talk der These nach, dass Anerkennungskultur nicht nur durch vorrangig technische Lösungen (wie z. B. Geld oder auch meritokratische Herangehensweisen), sondern auch durch soziale Lösungen entsteht. Bei Jugend hackt haben wir seit vier Jahren die Möglichkeiten, verschiedenste Formen von Anerkennungskultur und Wertschätzung zu erproben. Wir möchten diese Erfahrungen mit euch teilen und mit Anerkennungsformen anderer Communities vergleichen und dabei Erfolgsfaktoren und Hinderungsgründe sichtbar machen. Außerdem werden wir folgende Fragen beantworten: Wie weit reicht intrinsische Motivation? Welche Würdigungen gibt es außer Geld? Wie funktioniert Lernen und gegenseitige Motivation in solchen Communities? Und was haben (Open) Badges damit zu tun? CC BY 4.0 false Maria Reimer Daniel seitz Paula Glaser Robert Alisch Jugend hackt 2016-12-29T21:15:00+01:00 21:15 00:30 Saal 6 33c3-8412-from_server_farm_to_data_table Art & Culture lecture en Early digital computers were the size of rooms. While the devices have gotten smaller, because of the increasingly networked nature of technology the room has gotten bigger--it's ceased having walls and started to cover the ocean floor and ascend into low earth orbit. While Neal Stephenson may have cornered this living-inside-a-computer narrative in 1996 with "Mother Earth, Mother Board", in the past twenty years the seams of the network have become even more opaque, subsumed into The Cloud and other problematic abstractions. This talk will mostly be about different approaches to documenting, comprehending, and thinking about network infrastructure and the ways that the visual vernacular of technologies shape their history and politics. false Ingrid Burrington 2016-12-29T22:00:00+01:00 22:00 00:30 Saal 6 33c3-8263-hacking_collective_as_a_laboratory Hackers' knowledge studied by sociologist of science Science lecture en Talk presents findings from sociological investigation on hacking collectives. I will try to answer the question whether hacking collectives are laboratories, as seen by sociology of science. I will also show some peculiar traits of hacking collective, beneficial both for sciences and societies. Perhaps academia needs hackers more than it’s willing to admit? Someone said: “Give me the laboratory and I will raise the world!” and sociologists of science are still easier found in laboratories than in libraries. Laboratories discover or co-create almost every part of modern lives: starting from material issues, through health, energy and computers. First part of the talk will review some findings from studies of laboratories conducted by sociologists. We will see how certain elements of hacking ethos could be reprised in CERN or energy lab. I will also show some findings about well recognized effects in science, which are also valid in the open-source communities. Perhaps actual details of science resembles hacking more than hackers suspect? Second part will focus on comparisons between knowledge about laboratories and results from my study of hacking communities. I will try to compare hacking and scientific roles of fact, error and humour. We will see how sociology uses term “black box” and how social history of sexual diseases might help us to untangle some discussions in IT security. Third part wil briefly focus on the possible futures of formal laboratories, hacking collectives and other social institutions. I will discuss how ethical stances on hacking knowledge might rescue academic knowledge from itself.I will show how hacking collectives fit into some frameworks shaping near future of science. How hackers are necessary in coming data revolution? Why do we need instabilities? CC BY 4.0 false Ezi Research methods, sources and ethical issues. /system/events/logos/000/008/191/large/talk.jpg?1475247464 2016-12-29T22:45:00+01:00 22:45 00:30 Saal 6 33c3-8191-the_12_networking_truths Art & Culture lecture en In *The 12 Networking Truths* Swedish artist Jonas Lund will discuss how he has attempted to subvert the contemporary art world system by using different types of exploits to gain an upper hand against the competition. From designing an algorithm for art production to data mining art world personalities, the artist will describe how he has incorporated a classic programming mindset in an otherwise logic-free environment. The 12 Networking Truths refers to RFC 1925 - The Twelve Networking Truths, a memo posted on the 1st of April 1996, positioned as revealing the fundamental truths underlying all network protocol designs. The truths include statements such as ‘It Has To Work.’ and ‘Good, Fast, Cheap: Pick any two (you can’t have all three).’. This memo will be the underlying story line throughout the talk, as each truths has a corresponding position within the artist’s artistic practice. ome of the works that will be addressed and talked about in this talk: The Fear Of Missing Out http://jonaslund.biz/works/the-fear-of-missing-out/ Showroom MAMA presents The Fear Of Missing Out, the latest exhibition by Swedish artist Jonas Lund (SE, 1984). The title derives from a social network induced anxiety condition. One brought on by trying to keep up with a rapidly moving world. A fear of constantly being one-step behind, in the wrong place, and missing out on the most exciting events. The Fear Of Missing Out proposes that it is possible to be one step ahead of the art world by using well-crafted algorithms and computational logic. The works in the show are the result of a computer algorithm written by Lund. By analysing and categorizing a wide range of artworks, by the most successful contemporary artists, a set of instructions were generated explaining, step by step, how to make the most successful works of art. The artist then simply made the work following the instructions. In The Fear of Missing Out, important categories from the art world such as authenticity, artistry, talent, and creativity are questioned. The title also refers to the urge to be a part of a transparent information society made up of an overarching digital network. Flip City http://jonaslund.biz/works/flip-city/ Steve Turner Contemporary is pleased to present Flip City, a solo exhibition by Amsterdam-based artist Jonas Lund, who will present a group of paintings that are inspired by the current appetite for process-based abstraction; the related trend of collectors/investors buying such works to flip them quickly for a profit; and the central role that Los Angeles has played in both realms. For Flip City, Lund will create forty digital paintings, of which a selection will be on view during the run of the exhibition and the others will be presented at art fairs in Europe, Latin America and the United States during the next twelve months. Each work has elements sampled from paintings by other emerging artists, yet Lund’s works are so thoroughly remixed that only a very astute observer might see familiar passages. Lund will install a GPS tracking device on the stretcher bar of each painting so that he can track its movements and approximate whereabouts. He will also maintain a website with this information in the years to come. STRINGS ATTACHED http://jonaslund.biz/works/strings-attached/ Steve Turner is pleased to present Strings Attached, a solo exhibition by Amsterdam-based artist Jonas Lund which will feature 24 text-based paintings that relate to the current “bubble moment” in contemporary art. Each work uses text that restricts the transfer of ownership in some way, such as “This painting may never be sold at auction” or “This painting must be resold by March 21, 2017.” Lund uses fabric wallpaper as backgrounds for the works, and their messages have been painted by a sign painter according to Lund’s directions. As a group, the 24 paintings encompass contradictory efforts made by gallerists who both want to fuel market momentum for their artists while trying to shield them from the damaging effects of quick-profit speculation. CC BY 4.0 false Jonas Lund Artists Website 2016-12-29T23:30:00+01:00 23:30 00:30 Saal 6 33c3-8214-ethics_in_the_data_society Power and politics in the development of the driverless car Ethics, Society & Politics lecture en This talk presents the idea that ethics as logic that can be programmed into machines doesn’t seem to work; perhaps, ethics is something else. This talk is about what that something else may be – power. (This talk is not about the Trolley Problem! But it will mention why it shouldn’t apply to the driverless car.) No one is quite sure what ethics in big data really means, so it’s important that we have conversations about what is it and is not. Ethics is thought of as something that can be programmed into machines because our notions of ethics are often based on logical reasoning. (What if ethics were about natural language processing?) Based on ongoing research about the development of artifical intelligence in the driverless car, this talk describes how „ethics“ is being deployed to shape the idea of accountability in the context of the law and insurance; it is presented as a problem to be solved by software; it is an imagined space of „cybernetic success“; and it is a proxy vocabulary for the relationship between humans and machines working together. This talk is about how the emergence of this new technology is reshaping what ethics means in a data society. CC BY 4.0 false mayameme 2016-12-29T15:00:00+01:00 15:00 1:00 Saal 6 self organized sessions discussion en Daily meeting for all VOC Angels. Jwacalex V0tti Felixs https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Engelmeeting /system/events/logos/000/000/391/large/cyber.jpg?1482576980 2016-12-29T12:15:00+01:00 12:15 01:30 Sendezentrumsbühne 33c3-391-cybermorningshow Die Morningshow für alle Nerds und Nicht nerds. Full cyber show Sendezentrumsbühne other de In der CyberMorningshow passiert viel. Aber meist nichts sinnvolles. Die Cyber Morningshow ist eine Bunte Mischung aus Musik, Moderation und Gästen. Wir laden euch ein 1,5h lang mit uns auf der Bühne über CYBER zu reden und sich dabei selbst nicht zu ernst zu nehmen. Musik gibt's dabei von Couchsofa, die Moderation übernimmt td00 false td00 couchsofa marudor Tii Hackover Cybermorningshow /system/events/logos/000/000/387/large/horst_die_podcast_quadrat.png?1482672791 2016-12-29T14:15:00+01:00 14:15 00:45 Sendezentrumsbühne 33c3-387-horst_-_die_podcast Dinge die zu sagen sind Sendezentrumsbühne other de Die erste Folge "Horst - die Podcast" live vom 33C3. Meine Gäste sind: Michaela Lehr, Philip Jocks und Reinhold Remscheid. Michaela ist Entwicklerin und Frau. Eine Kombination die manchmal für Verwirrung sorgt. In welchen Bereichen Michaela arbeitet und welcher Umgang mitunter gepflegt wird sind 2 Themen die ich gerne mit Michaela besprechen möchte. Philip Jocks ist derjenige, der Das Kongressmotto "works for me" zwischen Tür und Angel raus gehauen hat.Ein kurzer Einblick in das Seelenleben eines Mottogebers. Reinhold Remscheid. Wer ist dieser Mensch hinter der Kunstfigur Reinhard Remford? Was treibt ihn an und wer ist für die absurden Drehbücher verantwortlich? Das klärt der Schauspieler Reinhold Remscheid excklusiv auf. false die_horst @FischaelaMeer @FiLiS Reinhold Remscheid /system/events/logos/000/000/395/large/wrint_realitaetsabgleich_2014_200.jpeg?1480174449 2016-12-29T15:30:00+01:00 15:30 01:00 Sendezentrumsbühne 33c3-395-realitatsabgleich inklusive privater Verkaufsshow Sendezentrumsbühne podium de The show where Holger Klein and Toby Baier talk about their realities (and sometimes sell stuff they bought but don't need). Diese Sendung in der Holger Klein und Toby Baier ihre Realitäten abgleichen (und Kram verkaufen, den sie mal gekauft haben aber nicht brauchen) false Toby Baier Holgi WRINT Realitätsabgleich /system/events/logos/000/000/408/large/aQFHaOid_400x400.png?1481125181 2016-12-29T17:00:00+01:00 17:00 01:00 Sendezentrumsbühne 33c3-408-genusscast_live live schmeckts besser Sendezentrumsbühne other de Der Genusscast LIVE auf dem @33c3 - maha und heckpiet. Probieren $dinge auf der Bühne und lassen das Publikum teilhaben Der Genusscast LIVE auf dem @33c3 - maha und heckpiet. Probieren $dinge auf der Bühne und lassen das Publikum teilhaben false heckpiet Homepage /system/events/logos/000/000/389/large/Bina%CC%88rgewitter-Logo-j.png?1479408821 2016-12-29T18:30:00+01:00 18:30 01:30 Sendezentrumsbühne 33c3-389-binargewitter_live Sicherheit durch Ignoranz Sendezentrumsbühne other de Binärgewitter ist ein Live Podcast der sich Schwerpunktmäßig mit Linux, Open Source, IT Sicherheit und dem Web beschäftigt. Neben dem Üblichen wie finden wir den 33C3 und was ist in den letzten Wochen passiert werden wir versuchen versuchen Live OS/2 Warp, ReactOS, CoreOS, NixOS, Haiku, Hannah Montana Linux (aka obskure Betriebssysteme) zu installieren und unsere Eindrücke zu schildern. Am Ende wird per Applaus entschieden.... false Ingo Ebel madmas makefoo Binärgewitter /system/events/logos/000/000/375/large/technische-aufklaerung-cover-1400.jpg?1478439084 2016-12-29T20:30:00+01:00 20:30 01:00 Sendezentrumsbühne 33c3-375-technische_aufklarung_live Rückblick auf 2016 und Quiz Sendezentrumsbühne other de Wir blicken auf die Ereignisse rund um den Geheimdienst-Untersuchungsausschuss im Jahr 2016 zurück und veranstalten ein Quiz für die HörerInnen. Seit über zwei Jahren ermittelt der Geheimdienst-Untersuchungsausschuss des Bundestages zur globalen Überwachungsaffäre. Allein in diesem Jahr fanden 21 öffentliche Sitzungen statt. In den Massenmedien ist der Ausschuss allerdings kaum noch ein Thema und zwischendurch wurde auch noch das neue BND-Gesetz beschlossen, das viele bisher illegale Praktiken des Auslandsnachrichtendienstes legalisiert. Wir blicken zurück auf das Jahr 2016 und sprechen über unsere Eindrücke aus dem #NSAUA. Am Ende gibt es ein Quiz, bei dem die aufmerksamsten HörerInnen ihr Wissen unter Beweis stellen können. false Jonas Schönfelder Felix Betzin Daniel Lücking Anna Biselli Cbass Stella Schiffczyk Webseite Twitter /system/events/logos/000/000/407/large/CoverS03Wiki.png?1480537179 2016-12-29T22:00:00+01:00 22:00 01:20 Sendezentrumsbühne 33c3-407-puerto_patida Rätsel & Rollenspiel Sendezentrumsbühne other de Eine Kandidat:in aus dem Publikum kämpft live um ihr überleben. Dazu muss Sie knifflige Rätsel lösen. Motto: Sterben oder eine coole Sau sein! Das grimme-nominierte Live-Rollenspiel Puerto Patida sucht sich eine Kandidat:in aus dem Publikum, die in einer spannenden Geschichte auf kuriose Charaktere treffen wird. Dabei versucht sie mehrere Rätsel zu lösen um nicht von einer übergroßen Spinne oder einem Gourmet-Kannibalen gefressen zu werden, um von einer verrückten Insel wieder fliehen zu können. false Johannes (ohneQ) schaarsen Toby Baier Jan Gießmann Puerto Patida Puerto Patida • Wiki Aufzeichnung vom 32c3 /system/events/logos/000/000/414/large/minkorrekt.jpg?1482759521 2016-12-30T00:15:00+01:00 00:15 01:00 Sendezentrumsbühne 33c3-414-ubertragung_methodisch_inkorrekt Sendezentrumsbühne de Wir übertragen live ins Sendezentrum: Wer hat diese Jungs wieder rein gelassen?! Nicolas Wöhrl und Reinhard Remfort sind eine Gefahr für Leib und Leben. Unter dem Deckmantel der Wissenschaftskommunikation machen sie auf der Bühne alles das, was sie an der Uni nie gewagt hätten. Dazu sprechen sie über aktuelle wissenschaftliche Themen. Laaaangweilig! Wer will denn sowas sehen? Unstrukturiert, abschweifend, hoffnungslos subjektiv und immer garantiert methodisch inkorrekt. Live-Übertragung: Eigentlich ein Podcast der alle 14 Tage erscheint. Nach dem großen Erfolg auf dem Kongress im letzten Jahr wird diesmal eine noch größere Show abgezogen: Experimente die mal interessant, mal fragwürdig sind. Wissenschaftler die mal belehrend und mal unzurechnungsfähig sind. Wissenschaftliche Studien die mal nobelpreisverdächtig und mal zweifelhaft sind. Wissenschaft auf der Showbühne. It works, bitches! false /system/events/logos/000/000/403/large/nHrbp8sU.jpg?1480282038 2016-12-29T12:00:00+01:00 12:00 00:55 Podcastingtisch 33c3-403-podcastpat_innen_talk_iii Mach mit am Podcastingtisch! Podcastingtisch meeting de Egal wie alt - alle können Podcasts produzieren. Hast Du auch schon überlegt, mit dem Podcasten anzufangen? Am Podcastingtisch kann man das Podcasten gleich ausprobieren. Die Podcastpat_innen sind ein selbstorganisiertes Communityprojekt und wollen Anfänger_innen beim Start ihres eigenen Podcasts unterstützen. Setz Dich mit zu uns an den Podcastingtisch und frag alles zum Podcasten, was Du gerne wissen möchtest. Vielleicht willst Du selbst mit den Podcasting beginnen? Wir brainstormen, denken nach und hören zu. Am Tisch begrüsst Euch heute u.a. Daniel Meßner... Es sind weitere Podcastpat_innen vor Ort: Sprich uns an! false Daniel Meßner Nele Infos zu den Podcastpat_innen /system/events/logos/000/000/386/large/slw600x600_h.png?1479058497 2016-12-29T13:00:00+01:00 13:00 00:55 Podcastingtisch 33c3-386-sliding_windows Live from 33C3 Podcastingtisch other de "Sliding Windows" ist ein Interview-Audiocast zu Themen professioneller IT mit Thorsten Butz. Erfahren Sie mehr auf "www.slidingwindows.de". false Thorsten Butz /system/events/logos/000/000/379/large/logo.png?1478853259 2016-12-29T14:00:00+01:00 14:00 00:45 Podcastingtisch 33c3-379-aua-uff-code_goes_zeitsprung Ein Podcast crossover über die Geschichte des Bugs Podcastingtisch performance de Daniel vom Zeitsprung und Stefan von Aua-uff-Code setzen sich an einen Tisch und machen eine Crossover Episode zur Geschichte des Bugs. false informatom Daniel Meßner /system/events/logos/000/000/385/large/tis_logo.png?1478984129 2016-12-29T15:00:00+01:00 15:00 01:00 Podcastingtisch 33c3-385-the_insnider_-_mein_erstes_mal_congres #33c3 Ausgabe Podcastingtisch other de Mein erstes (zweites) Mal... auf dem Congress. Wie ist es so das erste Mal auf dem Congress zu sein? Schon auf dem 32c3 hat MacSnider mit einigen Erst(und zweit)-lingen darüber gesprochen was sie sich vom Congress erhofft haben und erlebt haben. false MacSnider Malik teenagersexjohnny Mein erstes Mal Congress #32c3 /system/events/logos/000/000/374/large/14094056452c70.jpg?1478361643 2016-12-29T16:00:00+01:00 16:00 01:00 Podcastingtisch 33c3-374-der_alljahrliche_nerdkunde_und_bits_of_berlin_crossover_rudelpodcast Podcastingtisch podium de Der alljährliche Nerdkunde / Bits of Berlin Rudelpodcast. Mit dabei: Bitboxer, Essy, Nerdbabe, Lucas, Bascht und Dirk. Im ersten Jahr wurden wir noch ungläubig bestaunt, als wir mit einer recht großen Gruppe an Menschen einen Podcast produzieren wollten. Mittlerweile ist unser Rudelpodcast vom CCC in Hamburg eine lieb gewonnene Tradition. false Bitboxer /system/events/logos/000/000/409/large/zwangschast_400x400.jpg?1482435912 2016-12-29T17:00:00+01:00 17:00 01:00 Podcastingtisch 33c3-409-zwangschast Da fallen auch der Muräne nur schlechte Wortwitze ein. Podcastingtisch other de false Thomas Ritter Ferdinand /system/events/logos/000/000/381/large/damals-tm-podcast_400x400.png?1478882603 2016-12-29T19:00:00+01:00 19:00 01:30 Podcastingtisch 33c3-381-raumfahrt_damals Countdown & damals™ présentant Podcastingtisch other de 90 Minuten Podcasten über die Raumfahrt™, damals false ajuvo damals-tm-podcast /system/events/logos/000/000/419/large/5CudNaw5_400x400.jpg?1482855753 2016-12-29T20:30:00+01:00 20:30 01:30 Podcastingtisch 33c3-419-wikistammtisch Podcastingtisch de WikiStammtisch ist ein Podcast aus der Wikipedia-Galaxie. Die dunkle Materie bilden die Millionen Leser:innen und Benutzer:innen. In dieser Podcast-Runde sprechen zufällig ausgewählte Benutzer:innen über „ihre“ Wikipedia. false Sebastian Wallroth /system/events/logos/000/000/421/large/ClrUqMO8_400x400.jpg?1482929731 2016-12-29T22:00:00+01:00 22:00 01:00 Podcastingtisch 33c3-421-damalstm Taschenrechner Podcastingtisch de false ajuvo Kathrin Leinweber /system/events/logos/000/000/422/large/UMwjeS2Z_400x400.jpg?1482940637 2016-12-29T23:00:00+01:00 23:00 01:00 Podcastingtisch 33c3-422-oktahedron_zcash Podcast about protocols&systems Podcastingtisch false 2016-12-29T17:00:00+01:00 17:00 2:00 Hall A.1 self organized sessions meeting de Das alljährliche Regiotreffen auf dem Congress Telegnom Sva https://ccc.de/regional https://events.ccc.de/congress/2016/wiki/Session:33c3_Regiotreffen 2016-12-29T12:00:00+01:00 12:00 1:30 Hall A.1 self organized sessions workshop de thesen: gruppen von menschen lassen sich oft weiter demokratisieren als "nur" basisdemokratie zu machen. konsensdemokratie ist nicht nur möglich, sondern mittelfristig sogar effizienter und stressfreier. mehr spaß macht sie auch :-) Uwe premium http://www.premium-cola.de/kollektiv/workshop https://events.ccc.de/congress/2016/wiki/Session:Angewandte_konsensdemokratie 2016-12-29T20:00:00+01:00 20:00 2:00 Hall A.1 self organized sessions meeting de A small get-together of all on-site CTF Teams which participated in the 33C3 CTF. AndyC4 https://events.ccc.de/congress/2016/wiki/Session:CTF_Aftershow 2016-12-29T15:00:00+01:00 15:00 1:00 Hall A.1 Meet & Greet self organized sessions meeting de Room A.2: Dedicated workshop area for women* and other minorities. Meet people, learn new things, discuss topics, host your own workshop here! We still have open slots :) Haecksen Melzai http://many.haecksen.org/mediawiki/index.php/33C3 https://events.ccc.de/congress/2016/wiki/Session:Haecksenraum 2016-12-29T19:00:00+01:00 19:00 1:00 Hall A.1 self organized sessions meeting de LOC Teardown Meeting. Psy https://events.ccc.de/congress/2016/wiki/Session:LOC_Teardown_Meeting 2016-12-29T16:00:00+01:00 16:00 1:00 Hall A.1 Get pseudonymized self organized sessions hands-on en Come and fetch the first PoPCoin at 33c3! Often on the internet there is a trade-off between anonymity and accountability. For privacy and security reasons, a lot of users want to stay anonymous. But this contradicts services like Wikipedia who want to make sure that their content is of high quality and so need a certain kind of accountability of the users. Ineiti https://pop.dedis.ch https://events.ccc.de/congress/2016/wiki/Session:PoParty 2016-12-29T17:00:00+01:00 17:00 2:30 Hall A.1 self organized sessions en upcoming screening of NB, with director and presenters of 33c3 session Vavoida https://events.ccc.de/congress/2016/wiki/Session:Screening_%26_discussion_NB 2016-12-30T00:30:00+01:00 00:30 1:00 Hall A.1 self organized sessions meeting en all travelers of a certain skill will be invited to join their respective convention Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_c 2016-12-29T13:30:00+01:00 13:30 2:30 Hall A.1 self organized sessions hands-on en We shall teach visitors to integrate the GNU Taler merchant software for anonymous web payments into existing web platforms. We're happy to advise visitors interested in setting up GNU Taler exchanges as well, including discussions about integrating the exchange with blockchain based currencies. We will not have teaching materials handy for the exchange software however. Jeffburdges http://taler.net https://events.ccc.de/congress/2016/wiki/Session:Taler_workshop 2016-12-29T22:00:00+01:00 22:00 1:30 Hall A.1 self organized sessions hands-on de This is the sixth incarnation of the popular whisky evening. It's fairly simple: If you enjoy good whisky with nice people, or are planing to do so, join us. We'll have the virtual chimney fire going. Blackspear https://events.ccc.de/congress/2016/wiki/Session:Whisky 2016-12-29T16:00:00+01:00 16:00 2:00 Hall B Do it, do it NOW! self organized sessions meeting de Binärgewitter Hörertreffen auf dem 33c3 http://http%3B//krepel.us https://events.ccc.de/congress/2016/wiki/Session:Bin%C3%A4rgewitter_H%C3%B6rertreffen 2016-12-29T19:45:00+01:00 19:45 0:30 Hall B Angel meeting day 3 self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-29T13:00:00+01:00 13:00 1:00 Hall B Angelmeeting day 3 self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-29T15:00:00+01:00 15:00 1:00 Hall B self organized sessions de Wie bekommen wir mehr Fahrplandaten von Verkehrsbünden, mehr GTFS von ÖPNV-Anbietern ... Stk Vavoida http://tobeannounced https://events.ccc.de/congress/2016/wiki/Session:OffeneFahrplanDaten 2016-12-29T12:00:00+01:00 12:00 1:00 Hall B self organized sessions de Internal Schiko-Meeting Melzai https://events.ccc.de/congress/2016/wiki/Session:Schiko-Meeting 2016-12-29T20:45:00+01:00 20:45 3:00 Hall B Slam room self organized sessions other en Listen to social engineering attack stories from fellow hackers. Presented in a poetry slam style! Or present your social engineering experience or fictional story on how to deceive or manipulate people. Uebelhacker Anna Fuchs Ysf https://events.ccc.de/congress/2016/wiki/Session:Social_Engineering_Poetry_Slam 2016-12-29T18:00:00+01:00 18:00 1:30 Hall B self organized sessions discussion en *** Follow Up Session*** We want to follow up on the discussion about strategies to make "mainstream" people care about surveillance and privacy. (mainstream = outside of hacker community/tech bubble) Everyone is welcome to join! Vikvik https://events.ccc.de/congress/2016/wiki/Session:Strategien,_%C3%9Cberwachungsskepsis_in_die_Mitte_der_Gesellschaft_zu_tragen_/_Anti_Surveillance_Campaigning_Targeted_at_the_Masses 2016-12-29T14:00:00+01:00 14:00 0:50 Hall B self organized sessions talk en You couldn't tie your shoelaces if we lived in four dimensions! And spheres would be much smaller than you would think. We'll take you on a short tour of these and other curious phenomena which unfold in four dimensions. Iblech MatthiasHu https://events.ccc.de/congress/2016/wiki/Session:The_curious_world_of_four-dimensional_geometry_(Wondrous_Mathematics) 2016-12-29T12:00:00+01:00 12:00 1:10 Hall C.1 introduction of the project, q&a, discussion self organized sessions meeting de ALL CREATURES WELCOME is an essayistic documentary on new paths and new perspectives in the digital age, using hacking as a mind-set to counter the atmosphere of fear and helplessness of the post-Snowden era. I will introduce you to the project and let you see behind the curtain of an independent movie production. Let's talk about the difficulties of financing, creative commons and artistic freedom. www.sandratrostel.de/ACW Gizmo http://www.sandratrostel.de https://events.ccc.de/congress/2016/wiki/Session:All_Creatures_Welcome 2016-12-29T20:00:00+01:00 20:00 0:15 Hall C.1 self organized sessions talk en This talk will serve as a short introduction to the Fedora Project. Our mission is to lead the advancement of free and open source software and content as a collaborative community. We produce a well-known GNU/Linux distribution, Fedora. Get to know more about us as well as explore contribution opportunities! Giannisk http://fedoraproject.org https://events.ccc.de/congress/2016/wiki/Session:An_Introduction_to_the_Fedora_Project 2016-12-29T16:00:00+01:00 16:00 0:45 Hall C.1 self organized sessions meeting de Das Gettogether des CCC-CH am 33c3 Vimja https://www.ccc-ch.ch https://events.ccc.de/congress/2016/wiki/Session:CCC-CH_Gettogether 2016-12-29T14:00:00+01:00 14:00 1:00 Hall C.1 self organized sessions discussion en Hackers, Designers, Journalists in Newsrooms unite! Present your latest work, discuss your plans for 2017 and connect! Stwe https://events.ccc.de/congress/2016/wiki/Session:DDJ-Chaos-Meetup 2016-12-29T13:15:00+01:00 13:15 0:45 Hall C.1 self organized sessions talk en In the coming years, the EU is determined to bring its industries to the digital market and acquire a leading position on the global tech market. In order to achieve this ambitious goal of allowing Europe's "own Google or Facebook" to emerge, the EU has come up with several political and legislative proposals that obviously cannot overlook software. Three or more magic letters combined in an acronym have, therefore, the power to either support innovation and fair competition, or drown the EU in its vendor lock-in completely. The terms "open standards", "open platforms", and Free Software are being used more and more often but does it mean that the EU is "opening" up for software freedom for real? My talk will explain how several current EU digital policies interact with Free Software, and each other, and what does it mean to software freedom in Europe. Polina Malaja is the policy analyst of the Free Software Foundation Europe. Eal https://events.ccc.de/congress/2016/wiki/Session:DSM,_EIF,_RED:_Acronyms_on_the_EU_level_and_why_they_matter_for_software_freedom 2016-12-29T17:00:00+01:00 17:00 1:00 Hall C.1 self organized sessions talk en Design in free software & open source is improving in recent years, but we still have a lot to do. If we want people to use free software, it needs to be as simple & easy to use as proprietary counterparts. The Open Source Design collective pushes design in free software. We organize design tracks at well-known events like FOSDEM and FOSSASIA, have a job board to get designers involved, provide open design resources to developers and designers and more. Eal http://opensourcedesign.net https://events.ccc.de/congress/2016/wiki/Session:Design_in_Free_Software_%26_Open_Source 2016-12-29T15:00:00+01:00 15:00 1:00 Hall C.1 self organized sessions talk de Philip von Freifunk Rheinland gibt einen Ein- und Überblick über die aktuellen Entwicklungen zur VDS, den aktuellen Status der Klage sowie Infos zu unserem Antrag auf Aussetzung und den Konsequenzen für unseren Backbone (AS201701). Pberndro https://freifunk-rheinland.net https://events.ccc.de/congress/2016/wiki/Session:Freifunk_und_die_VDS 2016-12-29T23:00:00+01:00 23:00 1:00 Hall C.1 self organized sessions talk en Grampa is telling tales from dark past. When looking at the documentation of the Atari 2600 VCS (one of the first console for video games), you'll notice a lot of fuck ups. These are there for a cause. Let me show you some of them and explain w y they are a more clever than you might expect. SvOlli https://events.ccc.de/congress/2016/wiki/Session:Fucked-up_For_A_Cause 2016-12-29T18:15:00+01:00 18:15 1:30 Hall C.1 self organized sessions discussion en **How to CryptoParty** CryptoParties have been organized all over the world for more than four years. The goal of this session is to help anyone interested to organize one themselves. Dawning-sun https://www.cryptoparty.in/organize/howto https://events.ccc.de/congress/2016/wiki/Session:How_to_Organize_a_CryptoParty 2016-12-29T15:30:00+01:00 15:30 0:30 Hall C.1 self organized sessions meeting de Die Computertruhe sammelt gespendete, gebrauchte Computer, um sie wieder instand zu setzen und an Menschen weiterzugeben, die sich selbst keine leisten können. Computertruhe https://computertruhe.de https://events.ccc.de/congress/2016/wiki/Session:Meet_the_Computertruhe_e._V. 2016-12-29T15:00:00+01:00 15:00 0:15 Hall C.1 self organized sessions hands-on en Scapy is a powerful Python-based interactive packet manipulation program and library. It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. This talk will show you Scapy basics in 15 minutes ! Guedou https://github.com/secdev/scapy https://events.ccc.de/congress/2016/wiki/Session:Scapy_in_15_minutes 2016-12-29T20:15:00+01:00 20:15 2:30 Hall C.1 Orga room self organized sessions other en Listen to social engineering attack stories from fellow hackers. Presented in a poetry slam style! Or present your social engineering experience or fictional story on how to deceive or manipulate people. Uebelhacker Anna Fuchs Ysf https://events.ccc.de/congress/2016/wiki/Session:Social_Engineering_Poetry_Slam 2016-12-29T20:00:00+01:00 20:00 1:30 Hall C.2 self organized sessions meeting en Want to build it and search for people to collaborate Dörthe http://animamundi.blogsport.de https://events.ccc.de/congress/2016/wiki/Session:Create_a_rocket_and_reach_orbit 2016-12-29T15:00:00+01:00 15:00 1:30 Hall C.2 self organized sessions talk en Why hack machines, when you can hack people? A talk postulating a new type of hacker, the 'Eris': a blackhat sociologist who social engineers groups rather than individuals. Certain group ideologies or behaviors allow easy manipulation, and politically active communities like the hacker community will be in the targets in the coming era. Colum http://cjpaget.co.uk https://events.ccc.de/congress/2016/wiki/Session:Eris_Rising 2016-12-29T14:30:00+01:00 14:30 0:30 Hall C.2 self organized sessions talk de Here is a short Talk about Inflation in MMORPGs, with discussion at the end. Slides can be found at http://www-stud.informatik.uni-frankfurt.de/~orgac3/docs/Inflationsphaenomene_und_probleme_in_MMORPGs.pdf Karl Weber Magic http://www-stud.informatik.uni-frankfurt.de/~orgac3/docs/Inflationsphaenomene_und_probleme_in_MMORPGs.pdf https://events.ccc.de/congress/2016/wiki/Session:Inflation_in_MMORPGs 2016-12-29T18:00:00+01:00 18:00 1:30 Hall C.2 Ich glaube an konflikt sonst glaube ich an nichts. self organized sessions talk de Ich glaube an konflikt sonst glaube ich an nichts. https://events.ccc.de/congress/2016/wiki/Session:Meier_3 2016-12-29T17:00:00+01:00 17:00 1:00 Hall C.2 self organized sessions discussion en Nootropics (also called smart drugs, neuro enhancers ...) are substances that improve one or more aspects of cognitive performance. Bring your noots, notes, and laptops. HairyFotr Dcht00 http://pad.totalism.org/p/33c3-nootropics https://events.ccc.de/congress/2016/wiki/Session:Nootropics 2016-12-29T12:30:00+01:00 12:30 1:30 Hall C.2 self organized sessions talk de Barbarossa https://github.com/FreifunkHochstift/ffho-salt-public https://events.ccc.de/congress/2016/wiki/Session:SOSDF(H)B:_Salt-Orchestrated_Software_Defined_Freifunk_(Hochstift)_Backbone:_DataCenter_und_Carrier_Techniken_f%C3%BCr_Freifunk_abgucken 2016-12-29T11:00:00+01:00 11:00 1:00 Hall C.2 self organized sessions talk de Statusupdate from Freifunk Rheinland Backbone (AS201701). Was war, was ist, was wird. Barbarossa Takt Lars ThomasDOTwtf https://ffrl.de https://events.ccc.de/congress/2016/wiki/Session:State_of_the_InterNAT_-_Freifunk_Rheinland_AS201701_Update 2016-12-29T22:00:00+01:00 22:00 1:30 Hall C.2 self organized sessions en You operate Tor relays? You don't, but you have questions? Come meet us! Notes: https://pads.ccc.de/torpad Nicoo https://events.ccc.de/congress/2016/wiki/Session:Tor_Relays_Operators_Meetup 2016-12-29T14:00:00+01:00 14:00 0:30 Hall C.2 Diabetes Tech Meetup self organized sessions meeting en How to improve the therapy of type 1 diabetes. Melle Iksypsilon https://events.ccc.de/congress/2016/wiki/Session:Type_1_Diabetes_Hacking 2016-12-29T11:00:00+01:00 11:00 1:00 Hall C.3 self organized sessions hands-on en Click for a German and an English description. Learn the legal frame of self defence in Germany/Switzerland, and five easy techniques to avoid sexual harassment and to counter physical attacks, including an optional hands-on-experience. Note: This workshop is of course open to all creatures. It is however not an introduction on how to become Rambo and beat up other people, so please do not expect something like this. It was labeled "for women" as it was usually done by that name for different audiences which were women-focused. On following the instructions closely, it is practically impossible to hurt yourself during the workshop so don't be afraid! NinaLaFleur https://events.ccc.de/congress/2016/wiki/Session:Can%27t_touch_this:_Introduction_to_self_defense_for_women 2016-12-29T19:00:00+01:00 19:00 1:00 Hall C.3 self organized sessions meeting en IPFS is a peer-to-peer hypermedia protocol to make the web faster, safer, and more open. This meet up is open to anyone who is interested in it. Brodo https://ipfs.io/ https://events.ccc.de/congress/2016/wiki/Session:IPFS_Meetup 2016-12-29T12:00:00+01:00 12:00 1:30 Hall C.3 The ESP 8266 WiFi SoC self organized sessions workshop en Getting started with the Internet of Things using the ESP8266 WiFi SoC. A basic how-to for beginners by beginners: - which software you need to install - how to flash the NoceMCU Firmware - how to start with your first small LUA script, connecting the WiFi module to the world - bring your laptop with you and try out ... Prerequisites: Java (all), Python2.7 (Linux & OS X) TobiOrNotTobi Trema https://github.com/ToBOrNotToB/workshop https://events.ccc.de/congress/2016/wiki/Session:IoT_by_beginners_for_beginners:_Getting_started_with_NodeMCU 2016-12-29T14:00:00+01:00 14:00 3:00 Hall C.3 self organized sessions workshop en Do you think science is as open, transparent and reproducible as it could be? Are we using the full potential of digitalization and the internet for our research. Are non-scientist sufficiently aware of and embedded into the scientific process? We want to discuss all this and want to hear your voice and experiences! Open Access, Open Data, Open Notebooks, Open Source, Open Educational Resources Citizen science - those topics and more will be in the center of this participant-driven meeting. More importantly we want to connect people interested in a more open and better science. Konrad Aleimba Rupi Iimog http://science.okfn.org/ https://events.ccc.de/congress/2016/wiki/Session:Open_Science_Workshop 2016-12-29T20:30:00+01:00 20:30 1:00 Hall C.3 self organized sessions workshop en Short workshop on the new version of Schleuder, the crypto mailinglist manager: what's new, what's different, how to set it up, etc. Also a possibility to shoot questions at or get help from the developers. Paz https://schleuder.nadir.org/ https://events.ccc.de/congress/2016/wiki/Session:Schleuder_v3 2016-12-29T21:30:00+01:00 21:30 1:00 Hall C.3 intro self organized sessions workshop en SpinalHDL workshop to install tools and do some experiments with them. Dolu1990 http://spinalhdl.github.io/SpinalDoc/ https://events.ccc.de/congress/2016/wiki/Session:SpinalHDL 2016-12-29T22:30:00+01:00 22:30 2:00 Hall C.3 self organized sessions meeting de Students networks from all over Germany and Europe are present at 33C3. We want to meet up and talk, share DIY-ISP experience, and get more people to join SNT regularly. Toothstone https://www.studentennetze.de/ https://events.ccc.de/congress/2016/wiki/Session:StudNetzTreffen 2016-12-29T17:00:00+01:00 17:00 2:00 Hall C.3 self organized sessions hands-on de Enter this Workshop to get a sample of your very own glow-in-the-dark pet! We will be playing around with Aliibvibrio Fischeri, a bioluminescent bacterium living all over the world's oceans. A.Vibrio.F. https://events.ccc.de/congress/2016/wiki/Session:Your_own_Glowing_Micropet! 2016-12-29T10:00:00+01:00 10:00 0:42 Hall C.4 self organized sessions discussion en If your favoured website / podcast misses an RSS feed this discussion is for you! I'll show how-to extract the necessary data from the page and build your very own feed with it. Birdy1976 https://events.ccc.de/congress/2016/wiki/Session:42birds:_Missing_RSS_Feed%3F_Create_Your_Own! 2016-12-29T23:00:00+01:00 23:00 1:00 Hall C.4 self organized sessions other en This CiTiZEN KiNO episode (#59) "Strategies For Turtle Islands" we examine the ways of seeing all our global struggles through the native americans' current resistance to the fossil fuels industry, climate terror and various aspects of a technotopian society disconnected from the environments and resources we require for autonomous being. In an interviews with the indigenous drone pilots at Standing Rock in Dakota we begin to hear a new language evolving around the use of technology to "defend the sacred" and reclaim physical territories! Other curated media will link the new technological colonialism to our own reservations of displaced spirits and disembodied times. Mini Waconi / Water is Life ! Podinski http://www.XLterrestrials.org/plog https://events.ccc.de/congress/2016/wiki/Session:CiTiZEN_KiNO:_Strategies_For_Turtle_Islands 2016-12-29T15:00:00+01:00 15:00 2:00 Hall C.4 self organized sessions workshop en This is a cultural experiment and ongoing project to develop an open source toolkit for creating ‘new religions’. Lu cyp Kyravram https://events.ccc.de/congress/2016/wiki/Session:DIY_Religion 2016-12-29T19:00:00+01:00 19:00 1:00 Hall C.4 Presentations and Discussion self organized sessions discussion en dn42 is a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun! This session will start with an introduction to dn42, followed by some short presentations from participants about their projects with dn42 and will finish with free-form discussion about where to take the network in the future. Irl Ana http://dn42.net/ https://events.ccc.de/congress/2016/wiki/Session:Dn42:_Decentralised_Network_42 2016-12-29T14:00:00+01:00 14:00 0:30 Hall C.4 self organized sessions talk de Hilft uns Technologie, uns besser zu verstehen? Oder sind Mensch und Technik nicht vergleichbar? Wir präsentieren eine Theorie des US-amerikanischen Philosophen Daniel Dennett, die "intuition pumps". Er geht davon aus, dass technologische Phänomene dabei helfen, den menschlichen Geist zu veranschaulichen und ihn immer besser zu erklären. Diesen intuition pump möchten wir zunächst erklären und Möglichkeiten und Grenzen dieser Theorie aufzeigen, um anschließend zur Diskussion überzugehen. CaySpells PJay https://events.ccc.de/congress/2016/wiki/Session:Erkl%C3%A4rt_Technik_den_Menschen%3F 2016-12-29T20:15:00+01:00 20:15 1:00 Hall C.4 Creating C3-like events all over the world! self organized sessions meeting de During 31C3 we founded Hackers Without Borders e.V. for a reason, but then we lost the main reason. This is the first MV since then, and we'll figure out how and if we go on. Please join us with your ideas! The e.V. is about creating events (and HowTo create such events) in the C3 "free and open source way" all over the world. Examples are http://hillhacks.in/ and http://hackbeach.in/ and their "kids" anthillhacks (no website) and http://sciencehack.in/ Find a 7-min-intro on what this is about on: https://media.ccc.de/v/DS2016-7782-lightning_talks#video&t=3915 Sva https://hillhacks.in/hwb https://events.ccc.de/congress/2016/wiki/Session:Hackers_without_borders 2016-12-29T21:30:00+01:00 21:30 1:30 Hall C.4 self organized sessions workshop en Come by to learn about Qubes OS, the privacy- & security-focused operating system! Mfc https://www.qubes-os.org https://events.ccc.de/congress/2016/wiki/Session:Intro_to_Qubes_OS:_A_reasonably_secure_operating_systerm 2016-12-29T11:00:00+01:00 11:00 3:00 Hall C.4 self organized sessions workshop en A workshop about running your own Numerical Weather Prediction (NWP) model. Tecer https://www.hacknology.de/vortrag/2016/wrf/ https://events.ccc.de/congress/2016/wiki/Session:Numerical_Weather_Prediction_Tutorial 2016-12-29T18:00:00+01:00 18:00 0:45 Hall C.4 self organized sessions workshop de OParl ist eine Initiative zur Standardisierung des offenen Zugriffs auf parlamentarische Informationssysteme in Deutschland. Das Ziel von OParl ist die Schaffung einer Standard-API für den Zugang zu öffentlichen Inhalten in kommunalen Ratsinformationssystemen, damit die Inhalte daraus im Sinne von Open Data für möglichst viele verschiedene Zwecke eingesetzt werden können. Cardea Robbi5 https://oparl.org https://events.ccc.de/congress/2016/wiki/Session:OParl:_Politik_vor_Ort_maschinenlesbar 2016-12-29T17:00:00+01:00 17:00 1:00 Hall C.4 self organized sessions discussion de Filter Bubbles und Elitenhass sorgen dafür, dass große Teile der Trump- & AfD-Wähler*innenschaft nicht mehr mit klassischem Campaigning politischer Institutionen demokratisch integriert werden können. Wir ahnen: Die soziale Bewegung der Zukunft, die sich gegen den alten Hass stellt, hört den Menschen zu, lässt sie teilhaben und mitbestimmen, erzählt positive Geschichten des Miteinanders und organisiert eigene Modelle des Zusammenlebens. Und: Sie ist vornehmlich digital. Meingrundeinkommen https://events.ccc.de/congress/2016/wiki/Session:Soziale_Bewegung_als_Plattform 2016-12-29T18:00:00+01:00 18:00 2:15 Hall F self organized sessions en Blocked for Film Screenings by Content Team https://events.ccc.de/congress/2016/wiki/Session:Film-Abend 2016-12-29T21:00:00+01:00 21:00 3:00 Hall F self organized sessions en Blocked for Film Screenings by Content Team https://events.ccc.de/congress/2016/wiki/Session:Film-Abend 2016-12-29T18:00:00+01:00 18:00 2:15 Hall F self organized sessions en Blocked for Film Screenings by Content Team https://events.ccc.de/congress/2016/wiki/Session:Film-Blocker 2016-12-29T21:00:00+01:00 21:00 3:00 Hall F self organized sessions en Blocked for Film Screenings by Content Team https://events.ccc.de/congress/2016/wiki/Session:Film-Blocker 2016-12-29T14:00:00+01:00 14:00 1:00 Hall F self organized sessions de Mitgliederversammlung des Gentoo e.V. Sping https://www.gentoo-ev.org/wiki/Main_Page https://events.ccc.de/congress/2016/wiki/Session:Gentoo_e.V._Mitgliederversammlung 2016-12-29T20:15:00+01:00 20:15 0:45 Hall F Kurzfilm screening self organized sessions other de Kurzfilm-Screening 61 Tage - Deutschland auf der Flucht - Was wäre, wenn WIR fliehen müssten!? DerNiko http://www.facebook.com/61tagefilm https://events.ccc.de/congress/2016/wiki/Session:Kurzfilm-Screening:_%2261-Tage%22_Deutschland_auf_der_Flucht 2016-12-29T21:00:00+01:00 21:00 3:00 Hall F self organized sessions en 18:00 Zero Days 20:00 61 Tage 21:00 Traceroute 23:30 National Bird See https://events.ccc.de/2016/12/28/33c3-movie-night-33c3-filmabend/ https://events.ccc.de/congress/2016/wiki/Session:Movie_Night 2016-12-29T18:00:00+01:00 18:00 2:15 Hall F self organized sessions en 18:00 Zero Days 20:00 61 Tage 21:00 Traceroute 23:30 National Bird See https://events.ccc.de/2016/12/28/33c3-movie-night-33c3-filmabend/ https://events.ccc.de/congress/2016/wiki/Session:Movie_Night 2016-12-29T15:45:00+01:00 15:45 2:15 Hall F self organized sessions game de für den workshop siehe: https://events.ccc.de/congress/2016/wiki/index.php?title=Session:Shitty_Robot_-_Workshop Fluktusdukt Konfusius https://events.ccc.de/congress/2016/wiki/Session:Shitty_Robot_/Hebocon_Battle 2016-12-29T23:30:00+01:00 23:30 2:30 Hall F self organized sessions other Special 33c3 preview screening - National Bird with director Sonia Kennebeck http://nationalbirdfilm.com/ Vavoida http://nationalbirdfilm.com/ https://events.ccc.de/congress/2016/wiki/Session:Special_33c3_preview_screening_-_National_Bird 2016-12-29T15:15:00+01:00 15:15 0:30 Hall F self organized sessions meeting en The Angelmeeting for the subtitles Angels. If you want to be approved as a subtitles Angel, please visit! If you are one already, this is the easiest way to meet and manage shifts etc. Welcome to the Subtitles Angelmeeting! Cube https://c3subtitles.de/ https://events.ccc.de/congress/2016/wiki/Session:Subtitles-Angelmeetings 2016-12-29T12:00:00+01:00 12:00 2:00 Hall F self organized sessions hands-on en The Syncrypt development team is at 33c3. Come by and ask us anything related to Syncrypt or encryption. If you have ideas for possible integrations with syncrypt and other software, we're open to your suggestions and feedback. Just want to chat and have a beer with us? No problem, we've got you covered! Lordi Bakkdoor https://syncrypt.space https://events.ccc.de/congress/2016/wiki/Session:Syncrypt_User_Meetup 2016-12-29T20:30:00+01:00 20:30 1:00 Hall 13-14 self organized sessions talk en On Signal, XMPP and the future of decentralized services. Eal https://www.int21.de/slides/33c3-decentralized/#/ https://events.ccc.de/congress/2016/wiki/Session:Are_decentralized_services_unable_to_innovate%3F 2016-12-29T19:00:00+01:00 19:00 0:40 Hall 13-14 IceBreaker Day 3 self organized sessions de How to provide some congress feeling to your people at home ? Congress Everywhere events in hackerspaces usually happen at evening as public viewing of congress talks. Such a livestream-only link provides very limited "congress feelings". In your local timezone, the events do start with a major break, where no talk happens and therefore no livestream is sent out Let's fill this break with meet and greet between your congress site and your hackerspace at home. Myon https://events.ccc.de/congress/2016/wiki/Session:Congress_Everywhere_Greet_%26_Meet 2016-12-29T14:00:00+01:00 14:00 1:00 Hall 13-14 self organized sessions talk en Only about 3% of contributors in free software are women (even though 25% of software developers are) – a considerable gap compared to male contributors. There are many reasons for this, and some we want to talk about are: - Is the environment friendly enough? - What can free software projects & companies do to fix the gap? - Why do we need the diversity? Greta Doçi is an ICT engineer, active in Wikimedia and the Albanian open source community. Jan-Christoph Borchardt is an interaction designer working on Nextcloud and Open Source Design. They both want to push gender diversity in free & open source software. Eal https://events.ccc.de/congress/2016/wiki/Session:Gender_diversity_in_the_Free_Software_community 2016-12-29T12:00:00+01:00 12:00 1:30 Hall 13-14 self organized sessions workshop en Ideas of the anarchism existed before the network, however hacker's community willingly took anarchism appreciating its dedication to individual and collective freedom. With this session we will have a quick look on history of anarchism and the present of the anarchist struggle in the social and political sphere around the world. This is a short presentation with a discussion round. Tmnt https://abcdd.org https://events.ccc.de/congress/2016/wiki/Session:Introduction_Into_Anarchism 2016-12-29T17:00:00+01:00 17:00 2:00 Hall 13-14 self organized sessions workshop de Wie bekomme ich schnell und einfach Informationen, die bei Behörden lagern - Verträge, Vermerke und E-Mails zwischen Beamten? Wie kann ich sie für politisches Engagement nutzen? Und was mache ich, wenn Behörden mich mit Gebühren und Gesetzestexten abschrecken wollen? Ich stelle die Plattform FragDenStaat vor und einige wirksame Werkzeuge, mit denen ihr genau die Infos bekommt, die ihr haben wollt. Eal http://FragDenStaat.de https://events.ccc.de/congress/2016/wiki/Session:Meine_erste_IFG-Anfrage 2016-12-29T22:00:00+01:00 22:00 1:30 Hall 13-14 self organized sessions workshop en OpenPGP use cases beyond email encryption and authentication. * monkeysphere for ssh: checking sshd fingerprints automatically * monkeysphere for sshd: replacing ssh key-based authentication * schleuder2, schleuder3, webschleuder: encrypted mailing list software (incl. CLI and web GUI) * pass: flat-file based personal password manager * keyringer: flat-file based password manager for groups * mandos: LUKS passphrase server on local networks * Bring Your Own: if you know about other use cases of OpenPGP (apart from encrypting files), come and say... The workshop will start with a small intro on the tools, and we can go deeper into one or the other depending on the interest from the audience. Some developers of some tools mentioned above will be probably at the workshop, or available on IRC. Maxigas http://relay70.metatron.ai https://events.ccc.de/congress/2016/wiki/Session:OpenPGP_use_cases_beyond_email 2016-12-30T00:30:00+01:00 00:30 1:00 Hall 13-14 self organized sessions meeting en all travelers of a certain skill will be invited to join their respective convention Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_c 2016-12-30T01:30:00+01:00 01:30 1:00 Hall 13-14 self organized sessions meeting en all travelers of a certain skill will be invited to join their respective convention Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:Skillconvention_c 2016-12-29T16:00:00+01:00 16:00 1:00 Hall 13-14 self organized sessions talk en Eal https://wiki.fsfe.org/Events/Berlin/2016-05-12 https://events.ccc.de/congress/2016/wiki/Session:The_Federation 2016-12-29T19:40:00+01:00 19:40 0:50 Hall 13-14 day 3, evening meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-29T15:10:00+01:00 15:10 0:50 Hall 13-14 day 3, afternoon meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-29T14:00:00+01:00 14:00 1:00 Assembly:3D Hackspace self organized sessions workshop en Never used a 3D printer? No idea how to use CAD? This workshops is for you. From ABS to Z-Axis, you'll learn basics of 3D printing. Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_beginners 2016-12-29T18:00:00+01:00 18:00 1:00 Assembly:3D Hackspace self organized sessions hands-on de REGISTRATION NEEDED: I'll bring an industrial grade 3D scanner and you'll be able to get free high resolution scans of yourself, your friends etc... Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_scan_yourself 2016-12-29T20:00:00+01:00 20:00 1:00 Assembly:Freifunk self organized sessions workshop en * Some Theory on radio propagation and antennas * Which antenna is suitable for which scenario * Examples: calculation the virtual wireless backbone in Munich * Analysing Wifi signals (RF) with the and different antennas.Bring your Rad1o with running firmware and a SMA connector (I will bring SMA/RP-SMA apaptors). Install e.g. Gqrx. Fredi https://events.ccc.de/congress/2016/wiki/Session:Antennas_an_Wave_Propagation 2016-12-29T15:00:00+01:00 15:00 0:30 Assembly:Freifunk self organized sessions other de Calm down and have a chat with us Monic https://events.ccc.de/congress/2016/wiki/Session:Coffee_Break 2016-12-29T14:00:00+01:00 14:00 0:45 Assembly:Freifunk self organized sessions hands-on de Viele der unter freifunk.net angebotenen Dienste benötigen Wartung und Weiterentwicklung. Wer sich hier engagieren möchte, kommt einfach vorbei. Andibraeu https://events.ccc.de/congress/2016/wiki/Session:Freifunk_Webteam_Meetup 2016-12-29T16:00:00+01:00 16:00 1:30 Assembly:Freifunk self organized sessions discussion en * Exchange with Imma & Eben from Refugees Emancipation e.V. about learnings/experiences * Freifunk für Flüchtlinge - Erfahrungen, Vorgehen, Umsetzung, Tuning, Sponsoren (pkoerner81929) * Ideas regarding freifunk-hilft.de Andibraeu Pkoerner81929 Monic https://freifunk-hilft.de https://events.ccc.de/congress/2016/wiki/Session:Freifunk_hilft 2016-12-29T18:00:00+01:00 18:00 1:00 Assembly:Freifunk self organized sessions talk en Freifunk was an Organisation at GSoC2016. We'll show the results of our 8 students. And we want to start collection ideas for GSoC 2017 Andibraeu https://events.ccc.de/congress/2016/wiki/Session:Freifunk@GSoC2016 2016-12-29T14:00:00+01:00 14:00 2:00 self organized sessions hands-on en Let's climb some walls! Tiefpunkt https://events.ccc.de/congress/2016/wiki/Session:Bouldering 2016-12-29T16:00:00+01:00 16:00 1:00 self organized sessions discussion en This is the follow-up discussion on the lecture in the official program: The proper relationship of technology and politics and thereby the percentage each covers in the Congress schedule have been the subject of an evergreen debate at the floor and in the corridors of the Chaos Communication Congress. Rather than taking a position in this debate, we are asking how the two have been co-articulated in talks so far by CCC participants? In order to answer this question, we are analysing the available titles and abstracts of Congress talks from 1984 until now. This ongoing research seeks to identify changing trends, significant outliers, apparent patterns and common threads throughout the years. We also wonder if it is possible to identify turning points in the narrative. The empirical data is contextualised by reflections on the shifting ground of technology, politics and society in the world during the long history of the CCC, as well as by qualitative reflections of attendants. We are inviting the audience to help us with the latter by joining in a follow-up discussion after the presentation. Maxigas https://relay70.metatron.ai https://events.ccc.de/congress/2016/wiki/Session:Der_33_Jahrer%C3%BCckblick:_Technology_and_Politics_in_Congress_Talks,_from_1984_to_now_--_Post-Lecture_Discussion! 2016-12-29T19:00:00+01:00 19:00 0:30 Meeting point: In front of the ball pit in the Kidspace self organized sessions other en Let's juggle! Everyone is welcome, no matter if you never touched a juggling ball or if you are a professional stage juggler – let's teach each other! MEETING POINT: In front of the ball pit in the Kidspace (Floor 3, in front of Hall 1. Yes, we asked.) PLEASE be careful not to step on children! Blinry https://events.ccc.de/congress/2016/wiki/Session:Juggling_Flashmob 2016-12-29T15:00:00+01:00 15:00 1:00 self organized sessions meeting en This is a spontaneous(ly organized) get-together for users of ROS(.org) - the Robot Operating System - and similar lifeforms. Let's come together, exchange use-cases, experience, flames and praise and your favorite software bug. At least one PCL and one MoveIt maintainer will be around. We will meet in front of Workshop Halls A and B. V4hn https://events.ccc.de/congress/2016/wiki/Session:ROS_users_meeting 2016-12-29T19:00:00+01:00 19:00 3:00 Day 3 *FULL* self organized sessions game de A short introductory session for the cyberpunk role-playing game of Shadowrun. SnakeBDD https://rpgzweinull.de/profile/tomorrowland https://events.ccc.de/congress/2016/wiki/Session:Shadowrun 2016-12-29T15:00:00+01:00 15:00 3:00 Simple Nomic Session 1 self organized sessions workshop en 4 simple rules: # The name of the game is Nomic. # The rules are to be applied in the order as written here. # The rules can be changed. # The first to reach 100 points wins. Takes place in Room E in the right back. Hat super Spaß gebracht. Trapicki https://events.ccc.de/congress/2016/wiki/Session:Simple_Nomic 2016-12-29T21:00:00+01:00 21:00 0:30 self organized sessions talk de Ethische Fragen zu autonomen Fahr- und Flugzeugen. Bernd Sieker gibt kurzen Vortrag und dann Diskussion, Fragerunde. Reticuleena https://events.ccc.de/congress/2016/wiki/Session:Speakers%27_Sofa:_Autonomes_Fahren 2016-12-29T10:00:00+01:00 10:00 1:00 Assembly:Mozilla Introductory component of programming 'the Embedded Tessel Platform' self organized sessions workshop de In this hour, we introduce and explore JavaScript and Rust programming on low power embedded computers. Turning our attention to telemetry (sensors), and telecommand (actuators), we create a minimal but realistic IoT system using building blocks on loan for the duration of the workshop. Michaesc https://edu-europalab.rhcloud.com/ https://events.ccc.de/congress/2016/wiki/Session:Browsing_JS_on_Embedded 2016-12-29T17:00:00+01:00 17:00 1:00 Assembly:Freiwurst self organized sessions hands-on en come over to the Freiwurst assembly, play with our cyberthingy and enjoy some Freiwurst. Apex https://www.freiwurst.net https://events.ccc.de/congress/2016/wiki/Session:Cyberthingy 2016-12-29T17:00:00+01:00 17:00 1:00 Assembly:Chaostreff Flensburg self organized sessions hands-on en We will make wallets out of duct-tape allday at our assembly. Join us and make your own in just a few minutes! Roikiermedia Scammo https://events.ccc.de/congress/2016/wiki/Session:DIY_Duct-Tape_Wallets 2016-12-29T20:00:00+01:00 20:00 4:00 Assembly:Scottish Consulate Social and Hacking Gathering self organized sessions discussion en dn42 is a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun! This session will start with an introduction to dn42, followed by some short presentations from participants about their projects with dn42 and will finish with free-form discussion about where to take the network in the future. Irl Ana http://dn42.net/ https://events.ccc.de/congress/2016/wiki/Session:Dn42:_Decentralised_Network_42 2016-12-29T12:00:00+01:00 12:00 2:00 Assembly:Foodhackingbase self organized sessions workshop en You can learn why we build the incubator up and why you should do the same! Algoldor https://foodhackingbase.org/wiki/Experimental_Incubator https://events.ccc.de/congress/2016/wiki/Session:Experimental_Incubator_Set_Up 2016-12-29T19:00:00+01:00 19:00 1:30 Assembly:Foodhackingbase Session I. self organized sessions other en If you love cheese this event will make you very very happy! Algoldor https://foodhackingbase.org/wiki/Cheese_rendezvous_33c3 https://events.ccc.de/congress/2016/wiki/Session:FHB_Cheese_Rendezvous_33c3 2016-12-29T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en During this Hands on Workshop you will learn how to properly take care about your kombucha culture brewing lovely beverage of your preferred taste. Algoldor https://foodhackingbase.org/wiki/Recipe:Kombucha_brewing_manual_-_short_workshop_form https://events.ccc.de/congress/2016/wiki/Session:Kombucha_is_Easy 2016-12-30T01:55:00+01:00 01:55 1:00 Assembly:Flunkyground late-night game day 3 self organized sessions game en Playing Flunkyball together. Organized by the UPB Flunkyteam. Flunkyball is a common german drinking game for all ages. ApolloLV http://upb-flunkyteam.de https://events.ccc.de/congress/2016/wiki/Session:Flunkyball 2016-12-29T12:30:00+01:00 12:30 1:30 Assembly:Anarchist Village (verschoben) self organized sessions discussion en In December the online magazine magazin.ch published an article in which it describes scientist drawing conclusions from what people like on facebook. These studies seem to be used for voter manipulation during the last US elections. We describe the methods used, the claims made and what the effect on activist policies might be. Scribe https://events.ccc.de/congress/2016/wiki/Session:Freedom_fries_-_a_discussion_about_Big-Data,_Facebook_and_cambridge_analytica_claiming_to_have_made_Trump_president_of_the_US 2016-12-29T12:00:00+01:00 12:00 2:00 Assembly:Anarchist Village PAST self organized sessions hands-on en Instant Matrix Games is a framework for the rapid development of an educational or analytical environment. Klemens https://events.ccc.de/congress/2016/wiki/Session:Instant_Matrix_Games 2016-12-29T17:00:00+01:00 17:00 2:00 Assembly:Anarchist Village FUTURE self organized sessions hands-on en Instant Matrix Games is a framework for the rapid development of an educational or analytical environment. Klemens https://events.ccc.de/congress/2016/wiki/Session:Instant_Matrix_Games 2016-12-29T14:30:00+01:00 14:30 2:00 Assembly:Anarchist Village PRESENT self organized sessions hands-on en Instant Matrix Games is a framework for the rapid development of an educational or analytical environment. Klemens https://events.ccc.de/congress/2016/wiki/Session:Instant_Matrix_Games 2016-12-29T19:30:00+01:00 19:30 3:00 Assembly:Anarchist Village self organized sessions game en NEW SESSION Scheduled! strategic game in the star trek universe. Also a demonstration of serious games as teaching and/or analysis tool. Klemens https://events.ccc.de/congress/2016/wiki/Session:Klingon_War_of_Succession 2016-12-29T11:00:00+01:00 11:00 0:40 Assembly:Anarchist Village OpenOversight self organized sessions talk en OpenOversight aims to maintain a database of police officers and provide a digital gallery that allows the public to identify the name and badge number of a police officer they would like to file a misconduct complaint about. Bmeson Redshiftzero http://openoversight.lucyparsonslabs.com https://events.ccc.de/congress/2016/wiki/Session:OpenOversight 2016-12-29T19:30:00+01:00 19:30 1:00 Assembly:Mensch meier and friends Handbuch über Aneignungen von Freiräumen in der Stadt self organized sessions talk de Die Freiraumfibel ist ein Handbuch über Aneignungsformen von urbanen Räumen und ihren rechtlichen Frameworks. Wir werden das Handbuch und seine Inhalte vorstellen, erzählen wie und warum wir das Buch erstellt haben und zu einer kritischen Diskussion über die Fibel einladen. Dabei interessieren uns folgende Fragen: Braucht es solche Handbücher und wenn ja warum? Was kann die Fibel und was nicht? Was bedeutet "kreative Aneignung von Freiräumen"? etc. Mehr Infos siehe auch unter: http://hidden-institute.org/aktuelles/ oder unter http://stadtstattstrand.de/das-buch-2/ Noja http://hidden-institute.org/aktuelles/ http://stadtstattstrand.de/das-buch-2/ https://events.ccc.de/congress/2016/wiki/Session:Freiraumfiebel_-_Manual_for_self-organisation_in_urban_space 2016-12-29T15:00:00+01:00 15:00 1:00 Assembly:Mensch meier and friends Handbuch über Aneignungen von Freiräumen in der Stadt self organized sessions talk de Die Freiraumfibel ist ein Handbuch über Aneignungsformen von urbanen Räumen und ihren rechtlichen Frameworks. Wir werden das Handbuch und seine Inhalte vorstellen, erzählen wie und warum wir das Buch erstellt haben und zu einer kritischen Diskussion über die Fibel einladen. Dabei interessieren uns folgende Fragen: Braucht es solche Handbücher und wenn ja warum? Was kann die Fibel und was nicht? Was bedeutet "kreative Aneignung von Freiräumen"? etc. Mehr Infos siehe auch unter: http://hidden-institute.org/aktuelles/ oder unter http://stadtstattstrand.de/das-buch-2/ Noja http://hidden-institute.org/aktuelles/ http://stadtstattstrand.de/das-buch-2/ https://events.ccc.de/congress/2016/wiki/Session:Freiraumfiebel_-_Manual_for_self-organisation_in_urban_space 2016-12-30T02:00:00+01:00 02:00 1:30 Assembly:Chaos West b2ag DJ set: Drum and Bass self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-29T23:00:00+01:00 23:00 3:00 Assembly:Chaos West PorCus DJ set: Techno self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-29T20:00:00+01:00 20:00 3:00 Assembly:Chaos West [[User:Tuxinaut|Tuxinaut]] DJ set: Techno self organized sessions other en Come over and meet us at our cozy music lounge in hall 4! Proudly presented by Chaos West, c-base & friends Bam JayDee2202 http://live.ber.c3voc.de:8000/chaoswest_lounge.ogg https://events.ccc.de/congress/2016/wiki/Session:Klangteppich 2016-12-29T20:00:00+01:00 20:00 1:30 Assembly:Chaos West self organized sessions meeting de Chaos macht Schule trifft sich. Wenn ihr Interesse an dem Projekt habt oder selber im Bildungsbereich aktiv seid, kommt vorbei und vernetzt euch! Benni https://www.ccc.de/schule https://events.ccc.de/congress/2016/wiki/Session:Offenes_Chaos_Macht_Schule_Treffen 2016-12-29T11:00:00+01:00 11:00 12:59 Assembly:HardwareHackingArea Day 3 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2016/wiki/Session:LearnToSolder 2016-12-29T16:30:00+01:00 16:30 1:30 Assembly:HardwareHackingArea Day 3 - Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-29T18:30:00+01:00 18:30 1:30 Assembly:HardwareHackingArea Day 3 - Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-29T16:00:00+01:00 16:00 0:45 Assembly:MuCCC self organized sessions meeting de Lehrerstammtisch! Teacher's meeting! Auf der Suche nach Kollegen rufe ich hiermit den ersten CCC-Lehrerstammtisch aus! Wir treffen uns an Tag 3 um 16:00 Uhr am MuCCC-Assebly. Je nachdem, wie viele kommen, suchen wir uns dann spontan einen besseren Ort. Looking for colleages, I hereby create the CCC Teacher's-meeting. We'll meet at day 3 at 4pm at the MuCCC-Assembly. Depending on the number of people we might then look for a better place. Gigo https://events.ccc.de/congress/2016/wiki/Session:Lehrerstammtisch 2016-12-29T17:00:00+01:00 17:00 1:30 Assembly:C-base Meet & Greet self organized sessions meeting en Come and present your idea/software/hardware/... or get inspired by other hackers' projects! Riot https://events.ccc.de/congress/2016/wiki/Session:Maritime_Hackers 2016-12-29T15:00:00+01:00 15:00 0:20 Assembly:Speakers Sofa self organized sessions talk de Warum IT-Sicherheit & Datenschutz in der Praxis nicht funktionieren. Reticuleena https://events.ccc.de/congress/2016/wiki/Session:Speaker%27s_Sofa:_IT-Sicherheit 2016-12-29T16:30:00+01:00 16:30 0:20 Assembly:Speakers Sofa self organized sessions talk de Smart City meets Mobilitätssystem: "Kauft Euren ÖPNV" Warum? Reticuleena https://events.ccc.de/congress/2016/wiki/Session:Speaker%27s_Sofa:_Kauft_Euren_%C3%96PNV 2016-12-29T15:30:00+01:00 15:30 0:20 Assembly:Speakers Sofa self organized sessions talk de Was man alles machen könnte, wenn man wirklich Terror bekämpfen wollte. Reticuleena https://events.ccc.de/congress/2016/wiki/Session:Speaker%27s_Sofa:_Terrorbek%C3%A4mpfung 2016-12-29T16:00:00+01:00 16:00 0:20 Assembly:Speakers Sofa self organized sessions talk en Decision making in times of censorship: True story of a native Turk in time of putsch and censorship Reticuleena https://events.ccc.de/congress/2016/wiki/Session:Speakers%27s_Sofa:_True_Story_of_a_native_Turk_in_time_of_censorship 2016-12-29T16:00:00+01:00 16:00 1:30 Anti Error Lounge self organized sessions meeting en Members of the French strategic litigation team "les Exegetes" (related to La Quadrature and the non-for-profit ISP French Data Network) would be keen on meeting people involved with strategic litigation to exchange dos and don'ts as well as to learn to know other initiatives around Europe (or elsewhere of course)! Tink Hugo https://exegetes.eu.org/ https://events.ccc.de/congress/2016/wiki/Session:The_Exegetes_%26_strategic_litigation_in_Europe 2016-12-29T21:00:00+01:00 21:00 0:45 Anti Error Lounge self organized sessions other de see title Reisende http://thereisnogame.de https://events.ccc.de/congress/2016/wiki/Session:There_is_no_birthday_party 2016-12-29T15:00:00+01:00 15:00 2:00 Assembly:VOC In English or German self organized sessions discussion de Talk with us about the new open "standard" DASH - Dynamic Adaptive Streaming over HTTP. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Get_to_know_DASH_-_Dynamic_Adaptive_Streaming_over_HTTP 2016-12-29T17:00:00+01:00 17:00 2:00 Assembly:VOC In English or German self organized sessions discussion de Talk with us about the new open "standard" DASH - Dynamic Adaptive Streaming over HTTP. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Get_to_know_DASH_-_Dynamic_Adaptive_Streaming_over_HTTP 2016-12-29T15:00:00+01:00 15:00 2:00 Assembly:VOC In English or German... self organized sessions hands-on de Get to know the SDI - Serial digital interface. We have a test set-up deployed and try different new things with it. We talk about DASH and SDI etc. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Get_to_know_the_Serial_digital_interface_SDI 2016-12-29T17:00:00+01:00 17:00 2:00 Assembly:VOC In English or German... self organized sessions hands-on de Get to know the SDI - Serial digital interface. We have a test set-up deployed and try different new things with it. We talk about DASH and SDI etc. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Get_to_know_the_Serial_digital_interface_SDI 2016-12-29T15:00:00+01:00 15:00 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T15:15:00+01:00 15:15 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T15:30:00+01:00 15:30 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T14:15:00+01:00 14:15 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T15:45:00+01:00 15:45 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T14:30:00+01:00 14:30 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T14:45:00+01:00 14:45 0:15 Assembly:VOC English or German hands-on self organized sessions hands-on de We cut and post-process the recorded tracks LIVE, come by and join for discussion and small workshop panels in German or English. NeoFisch https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Video_Post-Processing_Cutting_Videos_with_Donuts 2016-12-29T19:30:00+01:00 19:30 0:30 Assembly:VOC In German or English. self organized sessions discussion de GStreamer based application mixing/compositing live video and audio from various sources. Successor of DVswitch and gst-switch. Tailored to the needs of the C3VOC. In German or English. You can find the source here: https://github.com/voc/voctomix (GitHub - voc/voctomix: Full-HD Software Live-Video-Mixer in python) NeoFisch https://c3voc.de https://events.ccc.de/congress/2016/wiki/Session:Voctomix 2016-12-29T16:00:00+01:00 16:00 0:30 Assembly:VOC In German or English. self organized sessions discussion de GStreamer based application mixing/compositing live video and audio from various sources. Successor of DVswitch and gst-switch. Tailored to the needs of the C3VOC. In German or English. You can find the source here: https://github.com/voc/voctomix (GitHub - voc/voctomix: Full-HD Software Live-Video-Mixer in python) NeoFisch https://c3voc.de https://events.ccc.de/congress/2016/wiki/Session:Voctomix 2016-12-29T22:00:00+01:00 22:00 3:00 Assembly:Milliways self organized sessions meeting en As always milliways is doing its nice whiskyleaks again. Mc.fly https://milliways.info/pad/p/33c3-whiskyleaks https://events.ccc.de/congress/2016/wiki/Session:Whiskyleaks 2016-12-30T11:30:00+01:00 11:30 00:30 Saal 1 33c3-8170-the_economic_consequences_of_internet_censorship Why Censorship is a Bad Idea for Everyone Ethics, Society & Politics lecture en Internet censorship today is widespread, both by governments and by private entities. Much of the discussion so far has focused on political and social effects of this censorship. However, censorship also has a clear effect on the economic structure of society that has not been explored. When censorship increases the cost of information, it also increases the cost of doing business as a whole. At the same time, however, censorship can also serve as protectionism. How large and pervasive the impact on an economic system is, is difficult to gauge. Even more so, getting reliable information about censorship and its economic effects is a real challenge. This talk seeking to establish a link between censorship and economic performance and is based on my PhD project in Economics at the University of Duisburg-Essen. Censorship is “the control of the information and ideas circulated within a society”. Governments have tried to control information for as long as they have existed, but new technologies have changed censorship significantly. Internet censorship today is widespread. Governments and companies differ in both the extent of their censorship and the technical implementation. I conceptualize censorship as falling on a continuum between the theoretical ideal state of “no censorship”, most closely approximated by Iceland (Freedom on the Net 2014) and pervasive censorship and isolation, like in North Korea. In the series of papers I am currently writing as part of my PhD in Economics, I focus on both theoretical arguments on the possible costs (and benefits?) of censorship for economies, and try to construct a reliable estimate. Having a background in China was a main motivation for this project, as censorship is so wide-spread there. The US has recently dubbed “The Great Firewall” protectionism, but did not further elucidate what is meant by this. The economic effects of internet censorship have not been studied comprehensively yet. However, with our move towards an information society, and the rise of an “internet industry”, censorship is clearly becoming more important. We see censorship shaping entire industries in countries like China, where the government outsourced some of its censorship activities to select firms. Even beyond extreme examples of censorship like China, the impact on economic activities in a society seems self-evident. In this talk, I touch on the theoreotical model I am developing, and try to estimate the economic effects of censorship. In doing so, I also try to understand which forms of censorship are most costly for an economy. I believe that societies currently loose a lot of economic welfare through censorship, in addition to the social and political costs that have been focused on previously. In addition, I focus on the difficulties in obtaining data for such a politically-sensitive topic. CC BY 4.0 false Toni 2016-12-30T12:15:00+01:00 12:15 00:30 Saal 1 33c3-8324-the_high_priests_of_the_digital_age Ethics, Society & Politics lecture en The High Priests of the Digital Age Are Working Behind Your Back to Make You Confess, and Repent. Just as 18th century priests enforced total surveillance measures on masturbators, the new priests of the digital age are listening to your confessions and forcing you into puritanical repentance. Who doesn’t have a relative, a friend, a colleague, who broke up because of an iMessage showing up on the wrong device, fooled by the iCloud, by a suspicious Facebook like, or a Pokemon caught in the wrong neighborhood? I want to make the claim that a new system of surveillance, organized by the new priests of our digital age, are slyly acting behind our back to make us conform to a new form of puritan morality. At the beginning of the 18th century, masturbation suddenly became a topic of intense reflection. In the Enlightenment Encyclopedia it is described as the new disease of a wounded conscience and a heinous sin. Surprisingly, the Christian Church was not responsible. It had, until then, never regarded masturbation as anything other than a marginal problem for adult men (and especially monks). The people responsible for making masturbation a sin were economists, who worried about the consequences of masturbation for productivity in an economy that depended on the endless desire for more. The condemnation of masturbation spread, and in no time, doctors were making scientific claims to prove the dangers of masturbation, while priests made it their new obsession. In the confessional, the sinners had to avow everything, not only their reprehensible actions, but their reprehensible dreams, the languorous images that crossed their consciousness, the birth of desire in their troubled mind. The priests demanded to know it all, the most inner thoughts of the masturbators. The sinner was meant to keep his own mind under surveillance. Today, we believe that we have overcome this obscure period. Masturbation is widely accepted as a healthy sexual practice. But most importantly, our liberal democracies strongly posit that public ethics should remain neutral regarding sexuality, and that each one of us is free to have the sexuality that we prefer, enjoy, and that no institution is authorized to morally judge us for our sexual activities. Yet, I want to make the claim that a new system of surveillance, organized by the new priests of our digital age, are slyly acting behind our back to make us conform to a new form of puritan morality. Just as the 18th century priests did in their Churches, the high priests of the digital age listen to our confessions, record them, and eventually make us repent. Who doesn’t have a relative, a friend, a colleague, who broke up because of an iMessage showing up on the wrong device, fooled by the iCloud, by a suspicious Facebook like, or a Pokemon caught in the wrong neighborhood? The economic interests of having us behave morally are numerous: the best customer is predictable, and who is more predictable than an obedient child, or a pious wife or husband? From the pithy history of masturbation to real life break-ups, I will demonstrate the dark connections between digital surveillance, neoliberal economics and morality. I am a researcher at Columbia University and Sciences Po Paris in political philosophy. I am an expert of the Snowden case and digital surveillance. This will be my first talk on masturbation. CC BY 4.0 false catchthewhistle 2016-12-30T13:00:00+01:00 13:00 00:30 Saal 1 33c3-8221-genetic_codes_and_what_they_tell_us_and_everyone_else Science lecture en The genome – the final frontier – or just a complex mess of letters? Somewhere in there, our eye or skin color is hidden. But also, diseases can be diagnosed or predicted by analyzing the genome. More and more research is committed to finding clues for diseases in our genes. The opportunity is clear: If I know about a disease I might get ahead of time, I could possibly intervene before it starts. Yet: How accurate are these predictions and how meaningful are they? And more importantly: What happens to my genetic data once it has been decoded? Genetic data is quite valuable, but not just for researchers, but also for health insurances, other insurers, law enforcement and employers. However, that genomic data can always be re-identified, since it is a unique pattern. Therefore, genomic data needs to be secured. In my talk, I would like to point out the possibilities which have arisen by whole genome sequencing, that is the complete decoding and analysis of one person’s genome. This milestone of biological research is important for medical advances such as personalized medicine. But it is also subject to commercialization. For ever more decreasing prices, one person can easily sequence their own genome and get access to information on heritage and possible risks of genetic diseases. This means that private companies are accumulating massive amounts of whole genome data. Additionally, third parties could send in probes of other people, which they can get quite easily. But how do we interpret the data? Even though people tend to believe that the genome holds many answers to diseases and risks, this has been a misconception. For most diseases, the environment, lifestyle and maybe even just bad luck play a much more important role. Still, many researchers are trying to analyze more and more genomes, especially in cancer research. Genetic predispositions for cancer are usually quite small probabilities, so a large sample size is needed to get reliable results. The limitless demand for more data is problematic on its own; however, getting informed consent from donors is also a problem. Once sequenced, one whole genome sequence can be about 150GB in size, which causes problems for transmitting and analyzing it. Today, genomes are shared via cloud or, interestingly, on hard drives via post. But international exchange of data also means that different legal and data security standards are mixed. Whole Genome Sequencing provides us with opportunities for medical and biological science, but with challenges in ethics and privacy. CC BY 4.0 false _Adora_Belle_ Präsi3.pptx file /system/events/logos/000/008/092/large/33c3_vortrag_Logo_2.png?1475267182 2016-12-30T13:45:00+01:00 13:45 00:30 Saal 1 33c3-8092-datenschutzgrundverordnung_rechte_fur_menschen_pflichten_fur_firmen_chancen_fur_uns Schärft das Schwert der Transparenz! Ethics, Society & Politics lecture de Ziel des Vortrages ist es, einen Überblick über die neuen aus der Datenschutzgrundverordnung entstehenden Rechte von Betroffenen (also Du mein*e junge*r Jedi) zu geben und dabei aufzuzeigen, an welchen Stellen Musik für uns drin sein kann. Die Ausgangslage ist: Im Mai 2018 wird die Datenschutzgrundverordnung in Kraft treten und bis zu diesem Zeitpunkt sind entsprechende Umsetzungen in Institutionen und Firmen zu implementieren. Die DSGVO bringt für uns alle einige neue bzw. erweiterte Rechte gegenüber Institutionen/Organisationen mit, welche es aktiv zu nutzen gilt. Unter der These, daß es durch die signifikante Erhöhung von Straf-/Bußgeldsanktionen bei Datenschutzverstößen zu einer Erhöhung der „Datenschutz-Compliance-Bereitschaft“ in Firmen kommen wird, ergeben sich spannende Möglichkeiten für Aktivisten auf dem Spielfeld, mit dem Schwert der Transparenz positiv auf das Bruttosozial-Datenschutzniveau einzuwirken, indem Druck durch Erhöhung des Penalty-Risikos aufgebaut wird. <TL/DR.Extended> Die DSGVO soll die in die Jahre gekommene Datenschutzrichtlinie 95/46/EG nicht nur ersetzen, sondern endlich für die lange angestrebte Vollharmonisierung sorgen. Hierzu setzt sie unmittelbar für alle Mitgliedsstaaten anwendbares Recht. Am 14. April 2016 ist die von Kommission, Rat und Parlament erarbeitete Kompromissfassung der bisherigen Entwurfstexte verabschiedet worden. Zu den wesentlichen Neuerungen gehören demnach umfassende Transparenzpflichten, das Recht auf Vergessenwerden, das Recht auf Datenportabilität, eine Niederlegung der Grundsätze von Datenschutz „by design“ und „by default“ sowie ein ausgesprochen drastisches Sanktionsregime. Betroffenenrechte sind Ansprüche und Gestaltungsmöglichkeiten, die den Berechtigten aufgrund ihrer Betroffeneneigenschaft zukommen und einen hinreichend konkreten, idealerweise vollstreckungsfähigen Inhalt besitzen. Die beabsichtigte Stärkung der Betroffenenrechte erschöpft sich nicht allein in der Formulierung neu erdachter Einzelansprüche, sondern verleiht ihnen auch insgesamt mehr Gewicht. Die anhand des Bundesdatenschutzgesetzes entwickelte und in der Lehre bewährte Systematisierung nach fünf Zielrichtungen gilt unterdessen fort: Permissionsrechte gestatten Datenverarbeitungen, die an sich ausgeschlossen wären; Interventionsrechte vermögen bestimmte Datenverarbeitungen zu verhindern; Informationsrechte vermitteln ein Bild darüber, was mit den Daten geschieht; Petitionsrechte verbriefen Beschwerdemöglichkeiten und Kompensationsrechte gewähren Schadensersatz bzw. Entschädigung. Die neuen Vorschriften haben unmittelbaren Einfluss auf die Datenschutzorganisation. Nach ErwGr Nr. 59 und dem darauf aufbauenden Art. 12 DSGVO gilt es, Modalitäten festzulegen, die es einer betroffenen Person ermöglichen, die ihr zustehenden Rechte wahrzunehmen, darunter insbesondere auch Mechanismen, die dafür sorgen, dass sie unentgeltlich den Zugang zu Daten, deren Berichtigung bzw. Löschung beantragen oder von ihrem Widerspruchsrecht Gebrauch machen kann. Anträge sollen spätestens innerhalb eines Monats beantwortet werden, Ablehnungen sind zu begründen. Diese Pflichten sind unsere Chancen. ;) Im Vortrag wird auf die unten im angehangenen PNG aufgeführten 5 Zielrichtungen und die enthaltenen Unterelemente erläutert und Ideen für ähnliche Systeme wie FragDenStaat oder Selbstauskunft.net dargestellt. Das strategische Ziel ist es, das Sanktionspotential für Firmen und Institutionen zu erhöhen und durch gesteigertes Risikobewusstsein Bewegung für Budgets freizusetzen und damit das Brutto-Datenschutzniveau gesamteuropäisch zu verbessern. Aufbau des Vortrags: a) Intro: Datenschutz, warum machen wir das? b) Erfahrungswerte aus/mit größeren Firmen c) Mainpart: Was ändert sich für Betroffene in der EU DSGVO? d) Call to Action: Angebote für niederschwellig nutzbare Rechte, Ausübungssystem für Betroffene (FragDenStaat-ähnlich) CC BY 4.0 false derPUPE Folien_-_DSGVO-Rechte_für_Menschen_-_ Pflichten_für_Firmen_-_Chancen_für_uns_-_33c3_talk_derPUPE file 2016-12-30T14:30:00+01:00 14:30 01:00 Saal 1 33c3-8445-warum_in_die_ferne_schweifen_wenn_das_ausland_liegt_so_nah Erinnerungen aus dem virtuellen Ausland in Frankfurt, Germany Ethics, Society & Politics lecture de Der Vortrag stellt die in Deutschland zulässigen Überwachungsmaßnahmen des Internetverkehrs aus rechtlicher und operativer Sicht dar und versucht, die sich aus den Erkenntnissen des NSA-Untersuchungsausschusses ergebenden Fragen auf die gelebte Praxis anzuwenden. Der Vortrag beleuchtet die Hintergründe der Klage des DE-CIX gegen die heute verwendeten G10-Anordnungen und die sich durch das neue Gesetz zur Ausland-Ausland-Fernmeldeaufklärung ergebenden Änderungen zur Überwachung im Inland. Die Probleme des Grundrechtsschutzes in einem „Bulk Collection“-Umfeld werden ebenso erörtert wie die technischen Möglichkeiten einer Filterung und des sich hieraus ergebenden Zahlen- und Mengengerüsts zur Überwachung. false Klaus Landefeld /system/events/logos/000/008/029/large/Screen_Shot_2016-09-29_at_7.31.41_AM.png?1475159522 2016-12-30T16:00:00+01:00 16:00 01:00 Saal 1 33c3-8029-the_ultimate_game_boy_talk Hardware & Making lecture en The 8-bit Game Boy was sold between 1989 and 2003, but its architecture more closely resembles machines from the early 1980s, like the Commodore 64 or the NES. This talk attempts to communicate "everything about the Game Boy" to the listener, including its internals and quirks, as well as the tricks that have been used by games and modern demos, reviving once more the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge. The Nintendo Game Boy was an 8-bit handheld gaming console that competed with the SEGA Game Gear and the Atari Lynx. Compared to its competition, it had very little RAM (8 KB) and no color support (4 shades of gray at 160x144). It was succeeded by the Game Boy Color, which fixed this main shortcoming, but shared the same architecture. During the 14 year life span of the 8 bit Game Boy platform, game programmers kept understanding the hardware better and better, and continued finding new tricks for better graphics effects, such as sprite multiplexing, parallax and palette effects. This talk explains all the hardware details of the Game Boy: The programming model of the 8080/Z80-like LR35902 CPU, the system's sound, timer and I/O functionality, and programming details as well as common tricks involving the graphics processor ("PPU"), which was specifically designed for LCD output. The listener will get a good understanding of 8 bit programming and creative programming on extremely limited hardware, as well as common tricks that can be generalized to other systems. CC BY 4.0 false Michael Steil 2016-12-30T17:15:00+01:00 17:15 01:00 Saal 1 33c3-8413-security_nightmares_0x11 CCC lecture de Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2017 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen. false frank Ron 2016-12-30T18:30:00+01:00 18:30 00:30 Saal 1 33c3-8428-33c3_closing_ceremony CCC lecture de false Nicolas Wöhrl @ReinhardRemfort /system/events/logos/000/008/225/large/Slice.png?1482770208 2016-12-30T12:15:00+01:00 12:15 00:30 Saal 2 33c3-8225-beyond_virtual_and_augmented_reality From Superhuman Sports to Amplifying Human Senses Science lecture en With recent development in capture technology, preserving one's’ daily experiences and one's’ knowledge becomes richer and more comprehensive. Furthermore, new recording technologies beyond simple audio/video recordings become available: 360° videos, tactile recorders and even odor recorders are becoming available. . The new recording technology and the massive amounts of data require new means for selecting, displaying and sharing experiences. Sharing experiences and knowledge have always been essential for human development. They enable skill transfers and empathy. Over history, mankind developed from oral traditions to cultures of writing. With the ongoing digital revolution, the hurdles to share knowledge and experiences vanish. Already today it is, for example, technically feasible to take and store 24/7 video recordings of one's’ life. While this example creates massive collections of data, it makes it even more challenging to share experiences and knowledge with others in meaningful ways. A recurring theme in science fiction literature is the download of the abilities of another human to one's mind. Although current cognitive science and neuroscience strongly suggest that this is impossible, as our minds are embodied; we believe that skill transfer and effective learning will accelerate tremendously given recent technological trends; just to name a few of the enabling technologies, human augmentation using virtual/augmented reality, new sensing modalities (e.g. affective computing) and actuation (e.g. haptics), advances in immersive storytelling (increasing empathy, immersion, communication) etc. The talk starts with sensing and actuation technology, giving an overview about them and discussing how they can be used. I’m discussing several novel upcoming sensing modalities for VR and AR, first of all eye movement analysis for interaction and activity recognition, introducing the pupil eye tracker (open source eye tracker from pupil labs), affective wear (one of our research to track facial expressions on affordable smart glasses) to J!NS MEME (EOG glasses that can detect how much you are reading and how attentive you are). In the next part of the talk I go into details about actuation.Here I especially discuss haptics. From the TECHTILE Toolkit (a rapid prototyping haptic toolkit from two of my colleagues Kouta Minamizawa and Masashi Nakatani) to the REZ Infinite Haptic Suit. In the end, I give an outlook on projects that push the limits for experience sharing and skill transfer: the Swiss Cybathlon and the Japanese Super Human Sports Society. I’m a researcher in the wearable computing, AR and VR field organizing a Dagstuhl Seminar on a similar topic, I’m also a founding member of the Japanese Super Human Sports Society. CC BY 4.0 false Kai Kunze Bubble Jumper (Superhuman Sports Example) Affective Wear (detecting facial expressions using smart glasses) /system/events/logos/000/008/238/large/50mu.png?1475259394 2016-12-30T13:00:00+01:00 13:00 00:30 Saal 2 33c3-8238-retail_surveillance_retail_countersurveillance 50 most unwanted retail surveillance technologies / 50 most wanted countersurveillance technologies Art & Culture lecture en From geo-magnetic tracking for smartphones to facial recognition for email marketing, from physical shopping cart fingerprinting to computer vision algorithms that use your clothing as metadata, this talk will explore the emerging landscape of hyper-competitive retail surveillance. Instead of dramatizing these technologies which can lead to calcification and normalization, the aim of this talk is to energize discourse around building creative solutions to counter, adapt to, or rethink emerging surveillance technologies. <p>Retail surveillance technologies are often overshadowed by more threatening government surveillance technologies, but retail surveillance presents a different kind of threat. It forms the foundation for bottom-up surveillance of personal data that would otherwise be too difficult for a government surveillance program to collect. Data including your most personal photos, messages, and movements are routinely collected and sold by commercial services. Retail surveillance also poses risks for data breaches and leaks and enables new forms of psychological and behavioral monitoring that aim to influence and control the behaviors of "consumers".</p> <p>The biggest concern today, <a href="https://www.theguardian.com/technology/2015/may/25/philip-zimmermann-king-encryption-reveals-fears-privacy">said</a> Phil Zimmerman (2015), is not software backdoors, but the petabytes of information being hoarded by the likes of Google and Facebook. Silent Circle co-founder Mike Janke has also <a href="http://www.bbc.co.uk/programmes/p033l4k6">voiced concern</a> over this type of surveillance and data collection warning that "the data companies of the world have more data on you than GCHQ does, absolutely."</p> <p>This talk will survey current and emerging trends and technologies used in retail surveillance with the goal of enabling others to create a more informed retail-surveillance threat model, countersurveillance workarounds, and knowledge for protest/democratic participation.</p> false Adam Harvey /system/events/logos/000/008/248/large/IMG_3259.JPG?1481097468 2016-12-30T13:45:00+01:00 13:45 00:30 Saal 2 33c3-8248-rebel_cities Towards A Global Network Of Neighbourhoods And Cities Rejecting Surveillance Ethics, Society & Politics lecture en Cities are emerging as a space for local action and local change but also as dangerous spaces where social engineering, exclusion by design and privatised policing take place rapidly, without adequate frames to catch up and assure fundamental rights. Is the city the answer to a new digital ecosystem, with effective mechanisms to enforce it, in the local government powers? Sophisticated surveillance systems are approved by, funded by and deployed by local authorities, Cities are emerging as the spaces where everything is controlled by invisible technology, almost imperceptible in daily life. Those surveillance cameras now visible on street corners are replaced by systems of constant monitoring integrated in the landscape. Cities of sensors collecting our data all day long, where each movement is registered and stored, where decisions are automated and dehumanised. Monetised to optimise consumption, predict behaviour. Control people and the local and micro local level. But cities are also the spaces where a different form of politics is emerging, from Rome to Barcelona, from Madrid to Paris, citizens are taking back the domestic infrastructure. Is there the answer for digital sovereignty? Today, cities of sensors collecting our data all day long, where each movement is registered and stored, where decisions are automated and dehumanised. Monetised to optimise consumption, predict behaviour. Control people. The benefits of not knowing who decides and why, stand to be gained by the same conglomerate who bets on this vision. A few companies developing software, hardware and capacities in countries that can be counted on one hand. A market of US$8 billion, which is expected to grow tenfold by the year 2020. Although discourses keep feeding the imaginary, descriptions of cameras detecting pickpockets, this is something radically different. Matrices that combine lots of data in real-time. This vision for the city of the future, promoted by a small group of technology conglomerates, is one where quality of life is directly proportional to the predictability and homogeneity of its inhabitants, clashing with the struggle for diversity and diverse behaviors. To achieve this vision, much more is sacrificed than privacy. We pawn off our security to those in the sealed-off control room. It is to sacrifice the purest form of democracy we have, our right to protest freely and anonymously in the town square. The talk will explore how local surveillance systems are rapidly expanding across Latin America and Asia. Much earlier and faster than the regulatory frameworks for adequate protection of privacy and personal data. Without democratic mechanisms, community or neighbourhood consultations to determine their necessity or appropriateness. The talk will also look into the public policy and budgetary implications of the surveillance city, when contracts that are signed tie the hands of more than one public institution, borrowing from future municipal budgets, with a coordinated marketing and data machinery that does not offer solid evidence to prove effectiveness. Public authorities assure us that cameras, scenario modelling and mass surveillance will eliminate the problem of insecurity, advancing these over other public policies meant to attack extreme poverty and inequality of access to basic services, as well as the recovery of public space. The studies that vouch for the effectiveness of surveillance as a crime reduction measure are incomplete; they do not take local internal and external factors into account, and cannot be applied to different contexts. The talk will also look into current efforts to reverse the smart city model into a humane city and how the local power could be the formula to challenge the surveillance space and take back our fundamental rights. CC BY 4.0 false renataavila Rebel Cities  – Towards A Global Network Of Neighbourhoods And Cities Rejecting Surveillance 2016-12-30T14:30:00+01:00 14:30 00:30 Saal 2 33c3-8040-privatisierung_der_rechtsdurchsetzung Was der Anti-Terror-Kampf von der Urheberrechtsdurchsetzung lernen kann Ethics, Society & Politics lecture de 2016 drehte der Anti-Terror-Kampf in der EU auf. Nicht nur im Rahmen der Anti-Terror-Richtlinie wurde über neue Wege diskutiert, wie man das Netz verstärkt unter Kontrolle bringen kann. Im Forum Internet treffen sich seit einem Jahr EU-Vertreter mit Vertretern der großen US-Plattformen, um über freiwillige Kooperationen zu verhandeln. Damit soll der Rechtsstaat umgangen und die Terrorbekämpfung ohne notwendige demokratische Kontrolle teilweise privatisiert werden. Die Vorgehensweise ist dabei aus der Urheberrechtsdurchsetzung und gescheiterten Handelsabkommen wie ACTA bekannt. Und mit der Hate-Speech-Debatte haben Regierungsvertreter zugleich das richtige Erpressungswerkzeug, um die Plattformen zur Kooperation zu bewegen: Wenn sie nicht mitmachen, haften sie einfach. Der Vortrag möchte über die aktuellen Entwicklungen aufklären und die Parallelen zwischen Anti-Terror-Kampf, Urheberrechtsdurchsetzung und Hate-Speech-Debatte berichten. CC BY 4.0 false Markus Beckedahl 2016-12-30T17:15:00+01:00 17:15 01:00 Saal 2 33c3-7978-surveilling_the_surveillers About military RF communication surveillance and other activist art & technology projects Art & Culture lecture en In the last years, technology-savvy artists and technologists have taken over the art world with works addressing current societal and political issues. Their works are located at the intersection between art, technology and activism and are dealing with a variety of problems like free speech, freedom of movement, military and governmental power, corporate and governmental surveillance to name just a few. This talk will present relevant works in this field and will draw connections between critical art and regulatory power, warfare, surveillance, electronic waste, electronic self-defense and the re-appropriation of architectural and technological artifacts in militant ways. In the first part of this presentation, I will talk about critical technological art in general and its connections to (defensive) architecture, electronic and physical warfare and international power relations, with a special focus on surveillance, borders, and international contracts. In the latter part I am going to exemplify these concepts by showing important works in their fields, like artistic counter-survellance installations, passive reconnaissance walks through metropolitan cities, forensic analysis of HDDs discarded as electronic waste and so on. I will also show some of my personal works in this field, ranging from passive radio antenna stations towards universal modems to transform existing conductive architecture into a computer network. As a hybrid between computer scientist and media artist, I am creating works at the intersection of engineering, sculpture and formal aesthetics, which investigate power relations between citizens and technology, and often also the relations between citizens and the state. In my latest works, I am pondering how technology can be capable of re-democratizing public space, and how the issues surrounding the creation of private spaces through technological means can be artistically addressed. As a computer scientist, I have worked in high-tech environments and published scientific articles in the fields of artificial intelligence and digital culture. CC BY 4.0 false mare Artist website 2016-12-30T11:30:00+01:00 11:30 01:00 Saal G 33c3-8404-community Social Life & Life in the early 21st century Art & Culture lecture en Mitch Altman (born December 22, 1956) is a San Francisco-based hacker and inventor, best known for inventing TV-B-Gone, as featured speaker at hacker conferences, as international expert on the hackerspace movement, and for teaching introductory electronics workshops. He is also Chief Scientist and CEO of Cornfield Electronics. false Mitch /system/events/logos/000/008/089/large/YNMibW_C.jpg?1482827548 2016-12-30T12:45:00+01:00 12:45 02:15 Saal G 33c3-8089-lightning_talks_day_4 Lightning Talks CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit <a href="https://events.ccc.de/congress/2016/wiki/Static:Lightning_Talks">the Lightning Talks Wikipage</a>. CC BY 4.0 false gedsic bigalex 2016-12-30T16:00:00+01:00 16:00 01:00 Saal G 33c3-8243-33c3_infrastructure_review The usual extremely factual look behind the scenes of this event CCC lecture en NOC, POC, VOC and QOC show interesting facts and figures as an excuse to present all the mischief they’ve been up to this year. CC BY 4.0 false Leon 2016-12-30T13:45:00+01:00 13:45 00:30 Saal 6 33c3-8064-the_transhumanist_paradox Deciding between technological utopias in a liberal state Ethics, Society & Politics lecture en How does a pluralist society – a society built to accommodate our irreconcilable differences – make a choice about the technological future of mankind? How can a liberal state dedicated to upholding individual liberty interfere in technological progress, and why should it? Do we really want to leave our technological futures in the hands of the major AI researchers – Google, Facebook, and the US Defense Department? I argue that our political system is designed not to deal with the questions raised by the transhumanist movement, and that without a major overhaul of political liberalism, technological progress will escape democratic oversight. For the first time in history we have the ability to choose what it means to be human, and yet our liberal pluralist societies preclude substantive debate about our collective future. Modern liberal states are based upon the assumption that there is no single best way to live, and that for the state to endorse a substantive vision of the good life is to open the door to totalitarianism. On matters of personal conviction – human nature, our place in the cosmos, and our ultimate goals – liberal states want us to agree to disagree. However, we cannot simply agree to disagree about transhumanism because our individual choices will affect the entire species. If you decide to upload your brain onto a computer and abandon your biological body, you are choosing what is essential to humanity: you are defining human nature. If, on the other hand, the government bans technological enhancement, it is also imposing a vision of humanity. Thus, only once liberalism abandons the pretense of neutrality can we start imagining alternative technological futures and debating the underlying vision of the good life that will orient our choice. I’m a political theory researcher at Sciences Po, and this talk draws on modern political theories of liberalism, the latest transhumanist literature, and ancient Greek theories of the good life. CC BY 4.0 false Xavier Flory 2016-12-30T14:30:00+01:00 14:30 00:30 Saal 6 33c3-8287-understanding_the_snooper_s_charter Theresa May’s effort to abolish privacy Ethics, Society & Politics lecture en The ‚Investigative Powers Bill‘ is about to become law in the UK. Its provisions, from looking up Internet connection records without a warrant to forcing communication service providers to assist with interception and decryption of data, have caused an outcry in the Western world. But how and why did British politics get here? And, most importantly of all: How could we fight back? Roughly a year ago then home secretary Theresa May presented the ‚Investigative Powers Bill‘ or the so-called Snooper’s Charter. Law enforcement and intelligence agencies will enjoy new powers like bulk hacking while having reinforced their existing rights of mass surveillance. At the same time, a proper form of oversight is all but missing. Other countries such as China have even defended their own terrorism bills pointing at this very piece of legislation. Amid loud privacy and civil right concerns, the Bill has already passed the House of Commons where only 5 % of casted votes opposed it. But, does this reflect the will of the electorate? Is this the lesson from the Snowden revelations that we are going to see more not less infringements on civil rights? The talk will also answer the question how the bill’s provisions compare to other initiatives like the new BND law in Germany or the Patriot Act in the USA. CC BY 4.0 false Hendrik Obelöer Presentation - Understanding the Snooper's Charter 2016-12-30T16:00:00+01:00 16:00 01:00 Saal 6 33c3-8142-virtual_secure_boot Secure Boot support in qemu, kvm and ovmf. Security lecture en Over the last two years secure boot support for virtual machines was added to qemu, kvm (linux kernel) and ovmf (edk2/tianocore). This talk covers the implementation details and the issues we had to deal with along the way. Well, to be exact ovmf (open virtual machine firmware, part of tianocore) has support for the secure boot interfaces for a long time already. But it used to not provide any actual security, the guest os could easily tamper with the secure boot variable storage by simply writing to the (virtual) firmware flash. This is no longer the case now. Making secure boot actually secure was a bigger effort than we initially expected and it required changes in three software projects: kvm got smm emulation support. qemu got smm emulation support, and the q35 chipset emulation needed some fixes and improvements too. ovmf makes use of the smm lockbox now as tamper-resitant storage for secure boot variables (and some other bits). CC BY 4.0 false Gerd Hoffmann 2016-12-30T15:30:00+01:00 15:30 0:30 Saal 6 self organized sessions discussion en Debriefing for VOC A/V Technicans Jwacalex V0tti Felixs https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_A/V_Technican_Debriefing 2016-12-30T15:00:00+01:00 15:00 0:30 Saal 6 self organized sessions discussion en Daily meeting for all VOC Angels. Jwacalex V0tti Felixs https://c3voc.de/ https://events.ccc.de/congress/2016/wiki/Session:VOC_Engelmeeting /system/events/logos/000/000/418/large/chaosradio-icon-300_400x400.jpg?1482846416 2016-12-30T12:00:00+01:00 12:00 02:00 Sendezentrumsbühne 33c3-418-chaosradio Sendezentrumsbühne de Chaosradio ist der unterhaltsame Live-Talk-Radio-Klassiker des Chaos Computer Clubs aus Berlin und eines der ältesten Tech-Radios überhaupt. Chaosradio informiert seit 1995 über wechselnde Themen rund um Technologie und Gesellschaft. false /system/events/logos/000/000/423/large/qx8g3qfa_400x400.jpg?1483049756 2016-12-30T14:10:00+01:00 14:10 00:15 Sendezentrumsbühne 33c3-423-verabschiedung_sendezentrum Das Team sagt auf Wiedersehen Sendezentrumsbühne de Das war's – das Sendezentrum verabschiedet sich vom 33c3 Wir zeigen Euch noch mal, was alles an den vier Tagen bei uns los war und was ihr vielleicht alles verpasst habt. Und wir bedanken uns bei allen Beteiligten. Es wird sehr emotional und traurig. Kommt alle! false Martin Fischer Ulrike Kretzmer Tim Pritlove /system/events/logos/000/000/380/large/cropped-CD-Cover-Web-1400x1400.jpg?1478881923 2016-12-30T12:00:00+01:00 12:00 01:00 Podcastingtisch 33c3-380-countdown_podcast Expedition 33C3 Podcastingtisch other de Raumfahrtthemen auf dem 33C3 Der Countdown Podcast diskutiert alle zwei Wochen über Aktuelles aus der Raumfahrt. Auf dem 33C3 wollen wir über Vorträge, Projekte und mit Leuten reden, die einen Bezug zur Raumfahrt haben. false VanillaChief Frank Wunderlich-Pfeiffer Countdown Podcast Website 2016-12-30T13:00:00+01:00 13:00 0:45 Hall A.1 self organized sessions talk en This talk will be about how I hacked a nano quadcopter, and how (and why) you should too ! This is a small introduction to hardware reverse engineering and embedded programming, from a newby in the hacker world. Salamandar https://geekolloc.fr/site https://events.ccc.de/congress/2016/wiki/Session:How_to_train_-_and_reprogram_-_your_quadcopter 2016-12-30T12:00:00+01:00 12:00 1:00 Hall A.1 self organized sessions talk en An introduction to date/time handling in software and libraries. Every programmer who has had to deal with timezones or the likes knows the pain. This talk gives insight in how to handle these problems in your software properly, how to work around common problems and will show common gotchas. Morricone https://events.ccc.de/congress/2016/wiki/Session:More_than_you_ever_wanted_to_know_about_date/time_handling 2016-12-30T13:00:00+01:00 13:00 1:00 Hall B Abbaumeeting self organized sessions meeting en Knuth https://events.ccc.de/congress/2016/wiki/Session:Engelmeeting 2016-12-30T12:00:00+01:00 12:00 1:00 Hall B self organized sessions de Internal Schiko-Meeting Melzai https://events.ccc.de/congress/2016/wiki/Session:Schiko-Meeting 2016-12-30T14:00:00+01:00 14:00 1:30 Hall B Follow-Up Session, everyone welcome! self organized sessions discussion en *** Follow Up Session*** We want to follow up on the discussion about strategies to make "mainstream" people care about surveillance and privacy. (mainstream = outside of hacker community/tech bubble) Everyone is welcome to join! Vikvik https://events.ccc.de/congress/2016/wiki/Session:Strategien,_%C3%9Cberwachungsskepsis_in_die_Mitte_der_Gesellschaft_zu_tragen_/_Anti_Surveillance_Campaigning_Targeted_at_the_Masses 2016-12-30T16:00:00+01:00 16:00 1:00 Hall C.1 supporting activist camps with network infrastructure self organized sessions meeting en NOC for activist camps. We mount radio links in trees and dig ethernet cabled into the ground =) On activist camps it often is essential to have a good, stable internet connection, not only for the press team. We want to support those activist camps, with our knowledge and manpower. Whoever wants to help is welcome! Txt.file Zaurak Sva https://events.ccc.de/congress/2016/wiki/Session:A-NOC 2016-12-30T12:00:00+01:00 12:00 1:00 Hall C.1 Second meetup: OUTSIDE - in the park! - GLASSHOUSE self organized sessions other en Looking forward to meet new and old friends interested in UnCivilization! We are a group of people interested in intersection of technology & society, politics, activism, art, and critical of techno-optimism. We share a mailing list since 2012, called UnCivilization, inspired (but not otherwise connected to) Dark Mountain "Uncivilization Manifesto", as well as Ursula LeGuin, Derrick Jensen, Heather Marsh, John Zerzan, Naomi Klein, Daniel Quinn, Ursula Franklin, and other feminist, anarchist, anti-supremacist authors. Goal of this meetup is to catch-up, give each other hugs & support, and plan our activities for the next months & years (e.g. another LikaCamp?!) Becha http://unciv.nl https://events.ccc.de/congress/2016/wiki/Session:An_UnCivilization_Commune_ReWilded_Life_Shared_with_Squirrels 2016-12-30T14:00:00+01:00 14:00 0:50 Hall C.1 self organized sessions en "The easy part is getting to space. The hard part is staying there." Crash course on orbital mechanics and introduction to low-energy transfers. Iblech https://events.ccc.de/congress/2016/wiki/Session:How_space_travel_is_revolutionized_with_this_one_weird_trick_from_chaos_theory_(Wondrous_Mathematics) 2016-12-30T13:05:00+01:00 13:05 0:36 Hall C.1 self organized sessions other en 36 min. film. Insiders' views on the wave of protests that have punctuated spring and early summer in France. Lamirale https://events.ccc.de/congress/2016/wiki/Session:So_who_are_the_rioters_%3F 2016-12-30T14:00:00+01:00 14:00 1:00 Hall C.2 Preis, soziale Herausforderung und Chancen der Online-Revolution self organized sessions talk de Seit Jahren schreitet die Digitalisierung weltweit rasant voran und erfasst die Gesellschaften in ausnahmslos allen Lebens- und Arbeitsbereichen. Dennoch sind gerade in hochentwickelten und reichen Ländern wie Deutschland nicht alle in Bezug auf die digitale Infrastruktur gleich gut versorgt. Die Gefällenlage ist kreuz und quer durch die Gesellschaft festzustellen: zwischen Stadt und Land, Jung und Alt, Arm und Reich, Oben und Unten. Welche Strukturen, Folgen, Auswirkungen, aber auch neue Chancen für kollektives Denken und Handeln umfasst die "digitale Armut" in einer Wohlstandsgesellschaft, die seit den Sozialreformen von vor über 10 Jahren noch nie so gespalten scheint wie heute? Spacyarcangel3000 https://events.ccc.de/congress/2016/wiki/Session:Digitale_Armut 2016-12-30T16:00:00+01:00 16:00 1:00 Hall C.2 self organized sessions meeting en Polyamory and Relationship Anarchy - Exchange Jonas Binbash https://events.ccc.de/congress/2016/wiki/Session:Polyamory_and_Relationship_Anarchy 2016-12-30T13:00:00+01:00 13:00 1:00 Hall C.2 self organized sessions discussion de Das frisch geschlüpfte Schmalbart Netzwerk sucht Entwickler für Projekte gegen Populismus in Medien aller Art. Wir haben da ein paar erste Ideen... Diese würde ich gerne vorstellen und Mitstreiter suchen. Kgbvax https://www.schmalbart.de https://events.ccc.de/congress/2016/wiki/Session:Schmalbart_Devs 2016-12-30T12:00:00+01:00 12:00 1:00 Hall C.3 self organized sessions discussion en No one wants to turn out like Ham Radio Deluxe users - blacklisted from using their favourite software (https://www.reddit.com/r/amateurradio/comments/5jf4i2/ham_radio_deluxe_mega_thread/). Let's get together and talk about our favourite hobby and how to do it with real freedom! The conversation will focus mostly on Debian's Hamradio Blend (https://www.debian.org/blends/hamradio/) and the software contained within as that's what the organiser is most familiar with, but I'm more than happy to talk about all things radio, not just the DFSG. Hibby https://events.ccc.de/congress/2016/wiki/Session:Open_Source_in_Amateur_Radio 2016-12-30T14:45:00+01:00 14:45 1:30 Hall C.3 Intro followed by Knowledge, Experience and Script Exchange self organized sessions workshop de I'll present the crazy system we use in our hackerspace to do accounting and Finance controlling. Almost no gui, just plaintext files, hledger, many Python Scripts and some js visualization experiments. If you dislike gnucash because its too easy or too inflexible, this session is for you. Xro http://Hledger.org https://events.ccc.de/congress/2016/wiki/Session:Plaintext_accounting_for_hackerspaces 2016-12-30T13:00:00+01:00 13:00 1:00 Hall C.3 self organized sessions meeting en There are quite a few teledildonic enthusiasts at congress this year. Let's get together and talk about our current projects, favourite projects and what we'd like to see happen as our field expands! Hibby http://www.metafetish.com https://events.ccc.de/congress/2016/wiki/Session:Teledildonics_Meetup 2016-12-30T10:00:00+01:00 10:00 0:42 Hall C.4 self organized sessions hands-on en If you'll ever attend a hackathon, hack day, hackfest or codefest sooner or later you'll have to deal with Git – a free version control system for coders / hackers. Birdy1976 https://b76.ch/9542 https://events.ccc.de/congress/2016/wiki/Session:42birds:_Learn_Version_Control_with_Git 2016-12-30T14:00:00+01:00 14:00 0:30 Hall C.4 self organized sessions discussion de .freifunk - und andere Dienste im Freifunk ICVPN. DNS-Resolver auf Plaste-Routern Yanosz https://wiki.freifunk.net/IC-VPN https://events.ccc.de/congress/2016/wiki/Session:DNS_und_ICVPN_-_.freifunk 2016-12-30T15:30:00+01:00 15:30 1:30 Hall C.4 coding & testing self organized sessions workshop en making and breaking of neuropil :-) we would like to set up an neuropil network together with the participants and try to identify vulnerabilities ... Stephan.schwichtenberg http://www.neuropil.org https://events.ccc.de/congress/2016/wiki/Session:Neuropil 2016-12-30T14:30:00+01:00 14:30 1:00 Hall C.4 introduction & buidling blocks self organized sessions workshop en making and breaking of neuropil :-) we would like to set up an neuropil network together with the participants and try to identify vulnerabilities ... Stephan.schwichtenberg http://www.neuropil.org https://events.ccc.de/congress/2016/wiki/Session:Neuropil 2016-12-30T13:00:00+01:00 13:00 1:00 Hall C.4 self organized sessions discussion en How will your children be educated? Come and learn more about global education policy on IT and contribute with your own vision. In 2015 the global education market was estimated $4.9 (USD) trillion. Technology giants other private enterprises or philanthropists increasingly influence education policy in order to sell their products. I work for Education International, the global federation of education unions and do believe that it is essential to bring experts from IT and education together in order to promote a truly innovative use of technology in education - not driven by profit interests, but by a bigger vision of inclusive and just societies. In this participatory workshop I will provide a brief introduction to what is happening in the global policy sphere to then discuss your ideas and critique. Additionally, we are looking for concrete feedback from critical thinkers in the areas of privacy and copyrights. We are starting with a pilot phase to create a global not-for-profit online network that links already existing teacher networks on a global scale. Nikola http://pad.okfn.org/p/Punished_by_a_robot_teacher%20%22 https://events.ccc.de/congress/2016/wiki/Session:Punished_by_the_robot_teacher%3F_-_Role_of_technology_in_education 2016-12-30T11:00:00+01:00 11:00 2:00 Hall C.4 self organized sessions talk en This workshop/meeting is a follow-up to the "Building a high throughput low-latency PCIe based SDR: Lessons learnt implementing PCIe on FPGA for XTRX Software Defined Radio" talk (https://media.ccc.de/v/33c3-8338-building_a_high_throughput_low-latency_pcie_based_sdr). There will be two parts: 1) Demo of XTRX SDR 2) In-depth discussion about high-throughput PCIe implementation Ipse https://xtrx.io https://events.ccc.de/congress/2016/wiki/Session:XTRX_PCIe_SDR 2016-12-30T13:00:00+01:00 13:00 2:00 Hall 13-14 self organized sessions workshop en Are you a programmer? Do you want to learn cryptography? Well the best way to do it is by breaking some! We will walk through some badly implemented piece of cryptography and tear it apart together. BRING YOUR LAPTOP FiloSottile https://cryptography.training https://events.ccc.de/congress/2016/wiki/Session:Breaking_Bad_Crypto 2016-12-30T18:15:00+01:00 18:15 1:00 Hall 13-14 self organized sessions discussion en Hackbases are similar to hackerspaces but people also live in them. Dcht00 http://pad.totalism.org/p/33c3-hackbases https://events.ccc.de/congress/2016/wiki/Session:Hackbases_5_years 2016-12-30T16:15:00+01:00 16:15 2:00 Hall 13-14 IT-solutions for humanitarian crisis problems self organized sessions workshop en Syrien, ein Land welches innerhalb von 5 Jahren von einem hohen technischen Level zurück in die Steinzeit gebombt wurde. Weite Teile des Landes sind ohne Internet. Telefonnetze sind von unterschiedlicher Qualität und Verfügbarkeit. Viele Regionen des Landes sind auf Grund der Vorherrschaft unterschiedlichster Milizen nicht passierbar für Helfer*innen in der humanitären Arbeit. Nur ein Beispiel, wo es neue Lösungen braucht für humanitäre Notlagen. Wenn wir die Betroffenen nicht selbst erreichen können, wie können wir dann doch mit innovativen Methoden vor Ort Hilfe leisten? CADUS e.V. arbeitet seit über 2 Jahren in verschiedenen Krisenregionen. In dem Workshop dient CADUS als Fallgeberin für akute Problemstellungen in den Regionen vor Ort. In Arbeitsgruppen wollen wir Lösungsmöglichkeiten für (Teil-)Probleme erarbeiten, und deren Durchführbarkeit direkt mit Menschen diskutieren, die den Bogen von der Theorie zur Praxis schlagen können. Cadus http://www.cadus.org https://events.ccc.de/congress/2016/wiki/Session:IT-solutions_for_humanitarian_crisis_problems 2016-12-30T11:00:00+01:00 11:00 1:30 Hall 13-14 self organized sessions workshop en Let's paint *very* tiny pictures! I'll give you an introduction to the techniques and principles of pixel art, as well as useful hints, learning resources and software recommendations. After that, we'll paint a few 16x16 pixel-sized pictures together. If you use Twitter, you'll like this format, as well! :) Blinry https://morr.cc/pixel-art-workshop/ https://events.ccc.de/congress/2016/wiki/Session:Pixel_Art_Workshop 2016-12-30T15:10:00+01:00 15:10 0:50 Hall 13-14 day 4, afternoon meeting self organized sessions en The translation angels (interpreters) meet twice per day to self-organise (day 0, evening to day 4, afternoon) Sebalis https://events.ccc.de/congress/2016/wiki/Session:Translation_meetings 2016-12-30T15:00:00+01:00 15:00 0:00 Assembly:Chaos West !!!! fällt leider aus !!!! self organized sessions workshop de kleiner Einblick in die 12V Solar Strom Versorgung und MPPT-Laderegler gebastel Strom-peter https://events.ccc.de/congress/2016/wiki/Session:12V_SolarPower_%26_Sound 2016-12-30T14:00:00+01:00 14:00 1:00 Assembly:3D Hackspace self organized sessions workshop en Never used a 3D printer? No idea how to use CAD? This workshops is for you. From ABS to Z-Axis, you'll learn basics of 3D printing. Obelix https://events.ccc.de/congress/2016/wiki/Session:3D_printing_for_beginners 2016-12-30T10:00:00+01:00 10:00 2:00 Assembly:Mozilla JavaScript component of programming 'the Embedded Tessel Platform' self organized sessions workshop de In this hour, we introduce and explore JavaScript and Rust programming on low power embedded computers. Turning our attention to telemetry (sensors), and telecommand (actuators), we create a minimal but realistic IoT system using building blocks on loan for the duration of the workshop. Michaesc https://edu-europalab.rhcloud.com/ https://events.ccc.de/congress/2016/wiki/Session:Browsing_JS_on_Embedded 2016-12-30T15:00:00+01:00 15:00 0:30 Assembly:Freifunk self organized sessions other de Calm down and have a chat with us Monic https://events.ccc.de/congress/2016/wiki/Session:Coffee_Break 2016-12-30T13:00:00+01:00 13:00 1:00 Assembly:Freifunk self organized sessions discussion de Wir wollen über die Gemeinnützigkeit im Umfeld von Freifunk sprechen. Insbesondere über Infrastrukturvereine. Mit kurzem update vom F3 Netze e.V. Andibraeu https://events.ccc.de/congress/2016/wiki/Session:Gemeinnuetzigkeit 2016-12-30T13:00:00+01:00 13:00 0:45 Assembly:Freifunk self organized sessions discussion de Wir wollen über die Gemeinnützigkeit im Umfeld von Freifunk sprechen. Insbesondere über Infrastrukturvereine. Mit kurzem update vom F3 Netze e.V. Mayosemmel RedDog Lwm http://freifunk.net https://events.ccc.de/congress/2016/wiki/Session:Gemeinn%C3%BCtzigkeit_im_Freifunk_Umfeld 2016-12-30T13:00:00+01:00 13:00 1:00 Assembly:Anarchist Village self organized sessions discussion en This little talk and big discussion is about ways to evaluate and assess the outcomes of teaching games. Klemens https://events.ccc.de/congress/2016/wiki/Session:Developing_Carana 2016-12-30T13:00:00+01:00 13:00 1:00 Assembly:TEST ASSEMBLY PLEASE IGNORE self organized sessions other en just for testing, ignore me Andi- https://google.com https://events.ccc.de/congress/2016/wiki/Session:Full_schedule_test_session 2016-12-30T14:00:00+01:00 14:00 2:00 Assembly:Mainframe Build your own MQTT based Fridge-Temperature-Sensor self organized sessions workshop de Learn about the ESP8266, a very small and cheap microcontroller with builtin WiFi. Bring your Laptop, ESP8266-Dev-Boards and some sensors are available for donations. MarvinGS https://events.ccc.de/congress/2016/wiki/Session:Getting_started_with_ESP8266_and_IoT 2016-12-30T11:00:00+01:00 11:00 3:59 Assembly:HardwareHackingArea Day 4 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2016/wiki/Session:LearnToSolder 2016-12-30T13:00:00+01:00 13:00 0:20 Assembly:HardwareHackingArea self organized sessions discussion en In my talk I introduced the Nibbletronic, a DIY MIDI wind instrument. In this session I want to discuss the next iteration with you. Ctrapp http://www.schlimme-gegend.de/schlimme-ideen/nibbletronic/ https://events.ccc.de/congress/2016/wiki/Session:NibbleTronic:_Next_Generation 2016-12-30T13:00:00+01:00 13:00 1:30 Assembly:HardwareHackingArea Day 4 - Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-30T15:00:00+01:00 15:00 1:30 Assembly:HardwareHackingArea Day 4 - Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90mins, 20€/kit, avoid caffeine immediately before. Kliment https://events.ccc.de/congress/2016/wiki/Session:Surface_Mount_Electronics_Assembly_for_Terrified_Beginners 2016-12-30T11:00:00+01:00 11:00 1:30 self organized sessions meeting de Fortsetzung der Diskussion vom Lehrerstammtisch Silias https://events.ccc.de/congress/2016/wiki/Session:Lehrmaterial-Plattform_entwerfen 2016-12-30T12:30:00+01:00 12:30 1:30 Talk and workshop (if there's time) self organized sessions workshop en Room A.2, Haecksenraum. Public key cryptography (= asymmetric encryption) and PGP. For beginners, but progressing quickly. Prose https://events.ccc.de/congress/2016/wiki/Session:Public_key_cryptography_and_PGP_for_beginners 2016-12-30T13:00:00+01:00 13:00 1:30 Assembly:Mensch meier and friends self organized sessions meeting de How it is to work with weird, hyped, fascinating and highly commercialized technology such as virtual reality? Short talk (30min) about the headaches which working and playing with VR brings (no, motion sickness that is not the topic). In this frustrating talk I would like to propose VR as an affective medium operating within so called "immersive capitalism"; I would like to discuss VR and its surveillance potential and the experience of producing and consuming VR (a.k.a. "enter through the gift shop"). There is also a possibility to test out my last project (work in progress) "Metaphors for Software Visualization" (room-scale VR). Happy to get your input and feedback. Questions for the discussion: Is there a place (a space) for subversive usage of VR? What is (and can be) subversive in this context? What is VR for you? Noja Lulu http://virtualmaterialism.com/ http://vrsoftwareviz.tumblr.com/ https://events.ccc.de/congress/2016/wiki/Session:VR 2016-12-30T17:15:00+01:00 17:15 1:00 Assembly:VOC MAYBE Meeting, depends on other tasks. self organized sessions discussion de GStreamer based application mixing/compositing live video and audio from various sources. Successor of DVswitch and gst-switch. Tailored to the needs of the C3VOC. In German or English. You can find the source here: https://github.com/voc/voctomix (GitHub - voc/voctomix: Full-HD Software Live-Video-Mixer in python) NeoFisch https://c3voc.de https://events.ccc.de/congress/2016/wiki/Session:Voctomix 2016-12-30T13:00:00+01:00 13:00 1:00 Assembly:VOC In German or English. self organized sessions discussion de GStreamer based application mixing/compositing live video and audio from various sources. Successor of DVswitch and gst-switch. Tailored to the needs of the C3VOC. In German or English. You can find the source here: https://github.com/voc/voctomix (GitHub - voc/voctomix: Full-HD Software Live-Video-Mixer in python) NeoFisch https://c3voc.de https://events.ccc.de/congress/2016/wiki/Session:Voctomix