Mildenberg 2018-01-16 16:50 https://fahrplan.events.ccc.de/congress/2017/Fahrplan/ 34c3 2017-12-27 2017-12-31 4 00:15 2017-12-27T11:00:00+01:00 11:00 00:30 Saal Adams 34c3-9292-eroffnung_tuwat CCC lecture de Daß sich mit Kleinkomputern trotzalledem sinnvolle Sachen machen lassen, die keine zentralisierten Großorganisationen erfordern, glauben wir. Daß die innere Sicherheit erst durch Komputereinsatz möglich wird, glauben die Mächtigen heute alle. Daß Komputer nicht streiken, setzt sich als Erkenntnis langsam auch bei mittleren Unternehmen durch. Daß durch Komputereinsatz das Telefon noch schöner wird, glaubt die Post heute mit ihrem Bildschirmtextsystem in “Feldversuchen” beweisen zu müssen. Daß der “personal computer” nun in Deutschland dem videogesättigten BMW Fahrer angedreht werden soll, wird durch die nun einsetzenden Anzeigenkampagnen klar. Daß sich mit Kleinkomputern trotzalledem sinnvolle Sachen machen lassen, die keine zentralisierten Großorganisationen erfordern, glauben wir. Damit wir als Komputerfrieks nicht länger unkoordiniert vor uns hinwuseln, tun wir wat und treffen uns am 27.12.17 in Leipzig, Seehausener Allee 1 (TAZ-Hauptgebäude) ab 11:00 Uhr. Wir reden über internationale Netzwerke – Kommunikationsrecht – Datenrecht (Wem gehören meine Daten?) – Copyright – Informations- u. Lernsysteme – Datenbanken – Encryption – Komputerspiele – Programmiersprachen – processcontrol – Hardware – und was auch immer. false Tim Pritlove 2017-12-27T11:30:00+01:00 11:30 01:00 Saal Adams 34c3-9270-dude_you_broke_the_future Art & Culture lecture en We're living in yesterday's future, and it's nothing like the speculations of our authors and film/TV producers. As a working science fiction novelist, I take a professional interest in how we get predictions about the future wrong, and why, so that I can avoid repeating the same mistakes. Science fiction is written by people embedded within a society with expectations and political assumptions that bias us towards looking at the shiny surface of new technologies rather than asking how human beings will use them, and to taking narratives of progress at face value rather than asking what hidden agenda they serve. In this talk, author Charles Stross will give a rambling, discursive, and angry tour of what went wrong with the 21st century, why we didn't see it coming, where we can expect it to go next, and a few suggestions for what to do about it if we don't like it. We're living in yesterday's future, and it's nothing like the speculations of our authors and film/TV producers. As a working science fiction novelist, I take a professional interest in how we get predictions about the future wrong, and why, so that I can avoid repeating the same mistakes. Science fiction is written by people embedded within a society with expectations and political assumptions that bias us towards looking at the shiny surface of new technologies rather than asking how human beings will use them, and to taking narratives of progress at face value rather than asking what hidden agenda they serve. In this talk, author Charles Stross will give a rambling, discursive, and angry tour of what went wrong with the 21st century, why we didn't see it coming, where we can expect it to go next, and a few suggestions for what to do about it if we don't like it. false Charles Stross 2017-12-27T12:45:00+01:00 12:45 01:00 Saal Adams 34c3-9092-ladeinfrastruktur_fur_elektroautos_ausbau_statt_sicherheit Warum das Laden eines Elektroautos unsicher ist Security lecture de Wir retten das Klima mit Elektroautos — und bauen die Ladeinfrastruktur massiv aus. Leider werden dabei auch Schwachstellen auf allen Ebenen sichtbar: Von fehlender Manipulationssicherheit der Ladesäulen bis hin zu inhärent unsicheren Zahlungsprotokollen und kopierbaren Zahlkarten. Ladesäulenhersteller und Ladenetzbetreiber lassen ihre Kunden im Regen stehen — geht das schnelle Wachstum des Marktanteils zu Lasten der Kundensicherheit? Eine (AC-)Ladesäule ist eigentlich nur eine glorifizierte Drehstromsteckdose. Mit einem Autosimulator (vgl. https://evsim.gonium.net) kann man auf vielen Parkplätzen Strom beziehen, zum Beispiel um Waffeln zu backen: https://www.youtube.com/watch?v=pUEp3uWAWqY Mit diesem Simulator habe ich mir verschiedene Ladesäulen sowie ihre Backend-Kommunikation angeschaut. An den meisten Ladesäulen im öffentlichen Raum weist man sich mittels NFC-Chipkarte aus. Über das “Open Charge Point Protocol” (OCPP) (vgl. http://www.openchargealliance.org/protocols/ocpp/ocpp-15/) redet die Ladesäule dann mit einem Backend und prüft, ob der Ladevorgang freigeschaltet werden darf. Leider weisen sowohl die verwendeten Chipkarte als auch das OCPP-Protokoll selbst gravierende Mängel auf: Es ist mit geringen Aufwand möglich, auf fremde Kosten zu laden. Böswillige Ladesäulenbetreiber könnten Ladevorgänge protokollieren und später “virtuelle” Ladevorgänge simulieren, um zusätzlichen Umsatz zu generieren. Ladesäulen sind teilweise über das Internet erreichbar und können ferngesteuert werden: Ein laufender Ladevorgang kann aus der Ferne abgebrochen werden. Wer physischen Zugriff auf Ladestationen hat kann diese beliebig umkonfigurieren und so z.B. alle Informationen für das Klonen von Ladekarten abschnorcheln. Der Vortrag stellt die Funktionsweise der Abrechnungssysteme dar und zeigt Proof of Concept-Implementationen verschiedener Angriffe. CC BY 4.0 false Mathias Dalheimer Waffeln an der Elektrotankstelle backen EVSim: Ein einfacher Elektroauto-Simulator 2017-12-27T14:00:00+01:00 14:00 01:00 Saal Adams 34c3-8874-gamified_control China's Social Credit Systems Ethics, Society & Politics lecture en In 2014 China’s government announced the implementation of big data based social credit systems (SCS). The SCS will rate online and offline behavior to create a score for each user. One of them is planned to become mandatory in 2020. This lecture will review the current state of governmental and private SCS and different aspects of these systems. Imagine living in a society where your actions will be rated and formed into a score. Where your online or offline behavior, work performance and attitude towards littering or ignoring red lights will be included in it. And that score will define your job, your ability to get a loan, your general chances, and your life. But don't be scared, it won't be like Orwell's frightening Big Brother. It will be like an all-embracing game, a huge MMORPG. You can do tasks to better your score. What sounds like dystopian fiction or just a teaser for a “Black Mirror” episode became a real life option in 2014, when China's Communist Party (CP) published a “Planning Outline for the Construction of a Social Credit System (2014-2020)”. The CP announced the system to be mandatory for every Chinese person in 2020. It is no theoretical babbling about something happening in a far future: The CP started experimenting with such social credit systems (SCS) in different regions soon after, allowed the private development of such systems, and was cited to become world leader of SCS. While the official goal of the SCS is to level economic development and to bring harmony, sincerity and trust to the whole country, the question is what the “side effects” might be. Starting with a review of the current state of social credit systems (SCS) in China, examples of their functions and examples of consequences of their existence will be provided. This information will be embedded into a short walk through the People's Republic's Internet landscape, its big players like the BAT (Baidu, Alibaba, and Tencent), and the CP's digital policies. In the following this will be set it in relation to current ideological turns and the CP's announcement to become the world leader in SCS. China's SCS is seen as an extreme example of a tendency that has developed in most industrialized countries. It displays what can be drawn from the huge amount of information provided by ICTs and so-called “social media”. And it can show possible consequences of the combination of big data and nearly endless storage on one hand and evaluation by algorithms on the other. From the point of view that this aspect of digitalization is not a problem of the Chinese but for all of us, it will lead to the question how critical thinking and dissenting actions can develop in a reality that is constantly rating behavior to create a score that is defining vast parts of your life. Ending in a discussion on possibilities of big data based social rating and social control and modes of resistance. CC BY 4.0 false Katika Kühnreich /system/events/logos/000/009/225/large/citl.jpg?1508105076 2017-12-27T15:15:00+01:00 15:15 01:00 Saal Adams 34c3-9225-how_risky_is_the_software_you_use CITL: Quantitative, Comparable Software Risk Reporting Ethics, Society & Politics lecture en Software vendors like to claim that their software is secure, but the effort and techniques applied to this end vary significantly across the industry. From an end-user's perspective, how do you identify those vendors who are effective at securing their software? From a vendor's perspective, how do you identify those techniques which are effective at improving security? Presenting joint work with Sarah Zatko, mudge, Patrick Stach, and Parker Thompson. Where are the longitudinal studies showing a large body of binaries with and without stack guards, or source fortification, or some other proposed best practice, and the resulting difference in exploitability? Where are the studies and reports on software content and safety, so that consumers can minimize their risk and make informed choices about what software is worth the risk it adds to an environment? We at CITL are working to fill in these blind spots, so that security professionals can back up their recommendations with solid scientific findings, and consumers can be empowered to better protect themselves. We'll be talking about the automated static analysis and fuzzing frameworks we're developing and presenting early results from our large scale software testing efforts. CC BY 4.0 false Tim Carstens & Parker Thompson CITL /system/events/logos/000/009/289/large/fingerprint.png?1512172889 2017-12-27T16:30:00+01:00 16:30 01:00 Saal Adams 34c3-9289-die_lauschprogramme_der_geheimdienste Ethics, Society & Politics lecture de Der NSA-BND-Untersuchungsausschuss des Deutschen Bundestags ist zu Ende. Da bietet es sich an, nun auf die gesammelten Geheimdienstskandale und die Reaktionen auf die Enthüllungen zurückzublicken. Die Erkenntnisse aus dem Ausschuss betreffen die Massenüberwachung und den Kabelverkehr, die Selektoren und die Geheimdienstkontrolle, den Drohnenkrieg und die „Spionage unter Freunden“. Über all das wollen wir sprechen und auch darüber, warum Edward Snowden nicht als Zeuge gehört wurde. false Hans-Christian Ströbele Constanze Kurz 2017-12-27T18:30:00+01:00 18:30 01:00 Saal Adams 34c3-9285-qualityland Lesung Ethics, Society & Politics lecture de Willkommen in QualityLand, in einer nicht allzu fernen Zukunft: Alles läuft rund - Arbeit, Freizeit und Beziehungen sind von Algorithmen optimiert. Trotzdem beschleicht den Maschinenverschrotter Peter Arbeitsloser immer mehr das Gefühl, dass mit seinem Leben etwas nicht stimmt. Wenn das System wirklich so perfekt ist, warum gibt es dann Drohnen, die an Flugangst leiden, oder Kampfroboter mit posttraumatischer Belastungsstörung? Warum werden die Maschinen immer menschlicher, aber die Menschen immer maschineller? Marc-Uwe Kling hat die Verheißungen und das Unbehagen der digitalen Gegenwart zu einer verblüffenden Zukunftssatire verdichtet, die lange nachwirkt. Visionär, hintergründig – und so komisch wie die Känguru-Trilogie. false Marc-Uwe Kling 2017-12-27T19:45:00+01:00 19:45 01:00 Saal Adams 34c3-9247-der_pc-wahl-hack Analyse einer Wahlsoftware CCC lecture de Hacker des Chaos Computer Clubs (CCC) haben eine in mehreren Bundesländern zur Erfassung und Auswertung der kommenden Bundestagswahl verwendete Software auf Angriffsmöglichkeiten untersucht. Die Analyse ergab eine Vielzahl von Schwachstellen und mehrere praktikable Angriffsszenarien. Diese erlauben die Manipulation von Wahlergebnissen auch über die Grenzen von Wahlkreisen und Bundesländern hinweg. Die untersuchte Software „PC-Wahl“ wird seit mehreren Jahrzehnten für die Erfassung, Auswertung und Präsentation von Wahlen auf Bundes-, Landes- und Kommunalebene eingesetzt. https://ccc.de/de/updates/2017/pc-wahl https://ccc.de/de/updates/2017/pc-wahl-again https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf false Linus Neumann Martin Tschirsich Thorsten Schröder 2017-12-27T21:15:00+01:00 21:15 00:30 Saal Adams 34c3-8969-die_sprache_der_uberwacher Wie in Österreich über Sicherheit und Überwachung gesprochen wird Ethics, Society & Politics lecture de So intensiv wie 2017 wurde der Themenkomplex rund um Sicherheit und Überwachung in Österreich noch nie diskutiert. Das Thema ist in Hauptabendnachrichten und Leitartikeln angekommen. Die Diskussion rund um die geplante Einführung eines Sicherheitspakets, das sich bei näherer Betrachtung als ein reines Überwachungspaket entpuppt, bietet jede Menge Analysematerial: Öffentlich ausgetauschte (Schein-)Argumente, falsche Analogien und unpassende Sprachbilder haben die Debatte geprägt. In diesem Talk werden die Sprache der so genannten Sicherheitspolitiker (es sind in der Tat nur Männer) analysiert und ihre Argumente auf den Prüfstand gestellt. Drei Sätze des österreichischen Innenministers Wolfgang Sobotka stehen exemplarisch für die Qualität der Sicherheitsdiskussion in Österreich. Zu Beginn des Jahres 2017 rechtfertigte er seine Pläne für die Ausweitung der Videoüberwachung mit folgendem Argument: "Ein Beispiel: Vor meiner Haustüre lag – vor vielen Jahren – immer wieder menschlicher Kot. Als ich eine Kamera aufgestellt habe, war das sofort vorbei." Mitte des Jahres sagte er in einem Interview: "Die Sicherheit steht über der Politik". Und als sein Überwachungspaket zu scheitern drohte, griff er in die unterste Schublade und holte diesen Satz hervor: „Alle innerhalb und außerhalb des Parlaments, die gegen diese gesetzlichen Anpassungen sind, planen einen Anschlag auf die Sicherheit der Österreicher.“ Zwischen diesen argumentativen Großtaten gab es noch jede Menge anderer Misstöne, die entkräftet, entschärft und gerade gerückt werden müssen, um die Diskussion auf eine tragfähige Basis zu stellen. CC BY 4.0 false Thomas Lohninger Werner Reiter Angelika Adensamer www.überwachungspaket.at www.epicenter.works /system/events/logos/000/008/805/large/nomorp-logo-square.png?1512294178 2017-12-27T22:00:00+01:00 22:00 00:30 Saal Adams 34c3-8805-die_fabelhafte_welt_des_mobilebankings Security lecture de Bisher wurden Angriffe gegen App-basierte TAN-Verfahren und Mobilebanking von betroffenen Banken eher als akademische Kapriole abgetan. Sie seien, wenn überhaupt, nur unter Laborbedingungen und dazu unter wiederkehrend hohem manuellen Aufwand zu realisieren. Um diese Sichtweise zu korrigieren, haben wir das Programm Nomorp entwickelt, das in der Lage ist, zentrale Sicherungs- und Härtungsmaßnahmen in weltweit 31 Apps vollautomatisch zu deaktivieren und somit Schadsoftware Tür und Tor öffnet. Unter den Betroffenen stellen deutsche Unternehmen mit 20 Finanz-Apps die größte Fraktion. <p> Die in großen Schritten voranschreitende Abschaffung der unabhängigen Zwei-Faktor-Authentifizierung bei App-basierten Bankgeschäften hat die Anforderungen an die technischen Sicherungsmaßnahmen erhöht. Sich der konzeptionellen Angreifbarkeit der Verfahren bewusst, suchen die Banken ihre Apps durch Speziallösungen Dritter abzusichern. Diese Produkte sind mittlerweile zum integralen Bestandteil vieler Banking-Apps geworden und sollen deren Sicherheit im Falle eines kompromittierten Geräts garantieren. </p> <p> Im Finanzbereich allgemein, gerade aber im Feld der deutschen Banking-Apps, ist das sog. <em>Promon SHIELD</em> des norwegischen Herstellers <em>Promon</em> eine bekannte Sicherheitslösung, die durch ihre hohe Beliebtheit bei allen Instituten der deutschen Bankenlandschaft besticht. Insbesondere bei den Apps der Sparkassen-Finanzgruppe und den Volksbanken-Raiffeisenbanken ist das <em>Promon SHIELD</em> mittlerweile zum Dreh- und Angelpunkt der Sicherheitsarchitektur geworden. Als solches findet es sich nicht nur in deren Banking- und pushTAN-Apps, sondern auch in zehn weiteren Apps wieder. Aber auch bei den Privatbanken ist das Produkt geschätzt und wird unter anderem von der Commerzbank oder auch der Fidor Bank eingesetzt. Auch das Bayerische Landesamt für Finanzen, seines Zeichens verantwortlich für <em>Elster</em>, setzt auf <em>Promon</em>. </p> <p> Mit <em>Nomorp</em> haben wir ein Werkzeug geschaffen, das die durch das <em>Promon SHIELD</em> eingeführten Sicherungs- und Härtungsmaßnahmen in weltweit 31 Finanz-Apps vollständig deaktivieren und zum Teil sogar umkehren kann. <em>Nomorp</em> arbeitet dabei vollautomatisch, geräte- und versionsunabhängig. Seine Anwendung führt oft dazu, dass neben klassischer App-Härtung auch etablierte Best Practices wie Zertifikats-Pinning oder auch das verschlüsselte Ablegen von sensiblen Kundendaten nicht mehr existieren. Obwohl der Fokus auf dem Marktführer Android liegt, wird der Vortrag ebenfalls zeigen, dass sich entscheidende Teile des Angriffs auf die entsprechenden iOS-Apps übertragen lassen. </p> CC BY 4.0 false Vincent Haupert Nomorp: No More Protection 2017-12-27T22:45:00+01:00 22:45 00:30 Saal Adams 34c3-9279-dprk_consumer_technology Facts to fight lore Security lecture en The DPRK has largely succeeded at hiding its consumer technology. While versions of the desktop operating system, Red Star, have leaked, the mobile equivalent hasn't, and there remains little knowledge of the content available on the intranet. Let's fix that! Previous talks at CCC, including <a href="https://media.ccc.de/v/31c3_-_6253_-_en_-_saal_2_-_201412292115_-_computer_science_in_the_dprk_-_will_scott">CS in the DPRK</a>, <a href="https://media.ccc.de/v/32c3-7174-lifting_the_fog_on_red_star_os">Lifting the fog on RedStar OS</a>, and <a href="https://media.ccc.de/v/33c3-8143-woolim_lifting_the_fog_on_dprk_s_latest_tablet_pc">Woolim: Lifting the fog on DPRK's latest Tablet</a>, have given us a taste of what technology in Pyongyang looks like. Unfortunately, we've ended up in a less-than-optimal stalemate: while technical artifacts are taken outside of the country, there remains a significant hesitation to release them - after all, knowledge is power, and the unknown unknowns outweigh the potential benefits. We'll explain the current state of consumer technology in Korea in a bit more depth, and then explore some of the unique quirks. The focus will be on understanding that there is a significant, but not well known, internal market, and that it's keeping up with the west closer than we might expect. CC BY 4.0 false Will Scott Gabe Edwards /system/events/logos/000/009/273/large/logo-small.png?1510161321 2017-12-27T23:30:00+01:00 23:30 01:00 Saal Adams 34c3-9273-kracking_wpa2_by_forcing_nonce_reuse Security lecture en We introduce key reinstallation attacks (KRACKs). These attacks abuse features of a protocol to reinstall an already in-use key, thereby resetting nonces and/or replay counters associated to this key. We show that our novel attack technique breaks several handshakes that are used in a WPA2-protected network. All protected Wi-Fi networks use the 4-way handshake to generate fresh session keys. The design of this handshake was proven secure, and over its 14-year lifetime no weaknesses have been found in it. However, contrary to this history, we show that the 4-way handshake is vulnerable to key reinstallation attacks. In such an attack, the adversary tricks a victim into reinstalling an already in-use key. This is achieved by manipulating and replaying handshake messages. When the victim reinstalls the key, the associated incremental nonce and replay counter is reset to its initial value. Apart from breaking the 4-way handshake, we also show that our key reinstallation attack breaks the group key and Fast BSS Transition (FT) handshake. The impact of our attacks depend on both the handshake being targeted, and the data-confidentiality protocol in use. Simplified, against AES-CCMP, an adversary can replay and decrypt packets, but cannot forge packets. Still, this makes it possible to hijack TCP streams and inject malicious data into them. Against WPA-TKIP and GCMP, the impact is catastrophic: an adversary can replay, decrypt, and forge arbitrary packets. Rather surprisingly, GCMP is especially affected because it uses the same authentication key in both communication directions. Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android and Linux: it forces the client into using a predictable all-zero encryption key. CC BY 4.0 false Mathy Vanhoef Website about the research The research paper Vulnerability detection scripts Slides of presentation at 34c3 /system/events/logos/000/009/091/large/IMG_3723.jpg?1508087598 2017-12-28T00:45:00+01:00 00:45 01:30 Saal Adams 34c3-9091-all_creatures_welcome work in progress beta preview of the documentary CCC film de ALL CREATURES WELCOME is a documentary film about the communities of the digital age. It shows the possibilities of new paths and new perspectives for society by using hacking as a mind-set. A downright utopian idea is being brought to life, created by all participants of the Chaos Communication Events. On planet nerd, at the epicenter of technical and social change, ALL CREATURES WELCOME explores and reflects new ways of dealing with the digitalization of the world and the resulting reformation of sociocultural conduct. Sandra Trostel started filming the documentary at the Chaos Communication Camp in 2015, followed by shootings at 32c3 and 33c3. At the congress she will show a work in progress beta version of the movie. Furthermore she will give a quick overview of the formation process, the status and the future of the project. And, maybe most importantly: She will answer all the questions of the people who helped to realize this movie! Also watch out for the accomying self-organized sessions: Chaos Communication Choir and All Creatures Welcome. Proprietary! true Sandra Trostel All Creatures Welcome Website /system/events/logos/000/009/188/large/cadus_logo_app_web_vorlage.jpg?1508101533 2017-12-27T11:30:00+01:00 11:30 01:00 Saal Borg 34c3-9188-hacking_disaster mit Krisenintervention den Kapitalismus hacken Resilience lecture de Gesundheit als entscheidender Teil von Glück und Zufriedenheit ist bis in ihre kleinsten Teilbereiche „durchkapitalisiert“. Und dieser Prozess macht auch vor humanitärer Hilfe und Krisenintervention nicht halt. In diesem Talk gehen wir auf verschiedene Beispiele ein und erklären, wie CADUS mit seinem Makerspace versucht, dieses Problem auf vielen Ebenen zu hacken. Die NGO CADUS steht mit ihrer Arbeit praktisch täglich vor der Problemlage, dass die Gesundheit als entscheidender Teil von Glück und Zufriedenheit bis in ihre kleinsten Teilbereiche „durchkapitalisiert“ ist. Das heißt, dass beispielsweise technische Gerätschaften, deren Technik an und für sich eher einfach ist und die auf Erkenntnissen basiert, die nicht mehr die Neuesten und längst nicht mehr als revolutionär zu bezeichnen sind, extrem teuer sind. Für viele ist diese Tatsache ganz „normal“. Das ist sie aber nur, weil einerseits der „Mythos“ der ultra teuren medizinischen Technologie weiter fleißig von den beteiligten Unternehmen genährt wird und andererseits diese produzierenden Unternehmen den Markt praktisch global kontrollieren. Darüber hinaus sitzen diese medizintechnisch produzierenden Firmen häufig selbst in den entscheidenden Kommissionen und Gremien und können so über die Marktentwicklung, etwaige Grenzwerte, Abgabezahlen und somit letztlich auch die Preisentwicklung (mit)bestimmen. Dieses praktisch kartellierte oder zumindest dem erhärteten Lobbyismusverdacht unterliegende Vorgehen missfällt uns deutlich. Günstigere Lösungen für bspw. Vitalparametermonitoring können dementsprechend somit gar nicht erst produziert werden und auf den Markt kommen. Ein weiteres Beispiel für vornehmlich kapitalistisch-geleitete Zustände in den Bereichen Gesundheit, Versorgung und Krisenintervention, die hauptsächlich durch Lobbyismus, kontrollierte Marktzugänge und maximal gewinnorientiertes Interesse einiger Weniger bestimmt werden, konnte erst kürzlich bei der Krisenversorgung nach dem Hurrikan, der weite Teile der Gesellschaft und des Lebens auf Puerto Rico lahmlegte, beobachtet werden. Den Hafen von Puerto Rico dürfen nur Schiffe unter amerikanischer Flagge anfahren, eine rein wirtschaftsrelevante Regelung. Nach dem Hurrikan kamen durch diese Regelung tagelang weder Wasser, Treibstoff noch andere Hilfslieferungen an, und die Bevölkerung wurde sinnlos weiterem Leid ausgesetzt. Ganz ähnlich wie das Beispiel der Erstversorgung der Puerto Ricaner*innen nach dem Hurrikan ist auch das dritte Beispiel gelagert: Der Luftraum über dem Mittelmeer ist einerseits der weltweit am besten überwachte Luftraum; andererseits sehen wir seit Jahren keine Verbesserung in der Seenotrettung Geflüchteter. Im Gegenteil – die Lage spitzt sich immer weiter zu, und immer wieder geraten Boote mit hunderten Menschen darauf in Seenot und unzählige Menschen sterben. Drei Beispiele, drei Lösungsansätze, wie CADUS und andere Organisationen wie Sea Watch und die HPI Hardware, Dienstleistungen und Informationsflüsse hacken, um Krisenintervention und Basisgesundheitsdienstleistungen für alle Menschen möglich zu machen. Im CADUS-Makerspace in Berlin wird an diversen Lösungen bereits gebastelt. Der Talk dient nicht nur zur Information und zum Anregen von Diskussionen, sondern ist auch ein konkreter Aufruf zur aktiven Teilhabe. CC BY 4.0 false Sebastian Jünemann 2017-12-27T12:45:00+01:00 12:45 00:30 Saal Borg 34c3-9159-demystifying_network_cards Things you always wanted to know about NIC drivers Hardware & Making lecture en Network cards are often seen as black boxes: you put data in a socket on one side and packets come out at the other end - or the other way around. Let's have a deeper look at how a network card actually works at the lower levels by writing a simple user space driver from scratch for a 10 Gbit/s NIC. Packet processing in software is currently undergoing a huge paradigm shift. Connection speeds of 10 Gbit/s and beyond created new problems and operating systems couldn't keep keep up. Hence, there has been a rise of frameworks and libraries working around the kernel, sometimes referred to as kernel bypass or zero copy (the latter is a misnomer). Examples are DPDK, Snabb, netmap, XDP, pf_ring, and pfq. The first part of the talk looks at the background and performance of the kernel network stack and what changes with these new frameworks. They break with all traditional APIs and present new paradigms. For example, they usually provide an application exclusive access to a network interface and exchange raw packets with the app. There are no sockets, they don't even offer a protocol stack. Hence, they are mostly used for low-level packet processing apps: routers, (virtual) switches, firewalls, and annoying middleboxes "optimizing" your connection. It's now feasible to write quick prototypes of packet processing and forwarding apps that were restricted to dedicated hardware in the past, enabling everyone to build and test high-speed networking equipment with a low budget. These concepts are slowly creeping into operating systems and software routers/switches: FreeBSD ships with netmap today, XDP is coming to Linux, Open vSwitch can be compiled with a DPDK backend, pfSense is adopting DPDK as well, ... We need to look at the architecture of these frameworks to better understand what is coming for us. Most of these frameworks build on the original drivers that have been growing in complexity: a typical driver for a 10 or 40 Gbit/s NIC is in the order of 50,000 lines of code nowadays. Hundreds of thousands of lines of code are involved when handling a packet in a typical operating system, and tens of thousands when using one of these new frameworks. Reading and understanding so much code is quite tedious, so the obvious question is: How hard can it be to implement a driver for a modern 10 Gbit/s NIC from scratch while ignoring all of the existing software layers? Turns out that it's not very hard: I've written <a href="https://github.com/emmericp/ixy">ixy</a>, a user space driver for 10 Gbit/s NICs from the Intel 82599 family (X520, X540, X550) from scratch in about 1000 lines of C code. The second part of the talk focuses on user space drivers and the Intel 82599 architecture as it is easy to understand, has a great datasheet, and the core functionality is in the driver as opposed to a magic black-box firmware. <a href="https://github.com/emmericp/ixy">ixy</a> is a full user space driver: you get your raw packets delivered directly into your application and the operating system doesn't even know the NIC exists. User space drivers are also very hackable, you get direct access to the full hardware in your application in user space making it really easy to test out new features, no pesky kernel code needed. This is why it's important to have a simple driver like <a href="https://github.com/emmericp/ixy">ixy</a>: for hacking and educational purposes. Core functionality of the driver such as handling DMA buffers is never far away when writing an ixy app: you typically only need to look beneath one layer to see the guts of the driver. For example, when you send out a packet you call a transmit function that directly modifies a ring buffer of DMA descriptors. Check out the code of <a href="https://github.com/emmericp/ixy">ixy on GitHub</a>! CC BY 4.0 false Paul Emmerich ixy on GitHub slides.pdf 2017-12-27T13:30:00+01:00 13:30 00:30 Saal Borg 34c3-9233-uncovering_british_spies_web_of_sockpuppet_social_media_personas Ethics, Society & Politics lecture en The Joint Threat Research Intelligence Group (JTRIG), a unit in one of Britain’s intelligence agencies, is tasked with creating sockpuppet accounts and fake content on social media, in order to use "dirty tricks" to "destroy, deny, degrade [and] disrupt" enemies by "discrediting" them. In this talk, we reveal some of that content, in relation to infiltrating activists groups around the world, including during the Arab spring and Iranian revolution. In 2011, I was unknowingly messaged on an IRC channel by a covert agent from the UK’s Government Communications Headquarters (GCHQ), who was investigating the hacktivist groups of Anonymous and LulzSec. Later that year, I was arrested (and banned from the Internet) for my involvement in LulzSec. Then, in 2014, I discovered through a new Snowden leak[1] that GCHQ had targeted Anonymous and LulzSec, and the person that messaged me was a covert GCHQ employee, pretending to be a hacktivist. Because I was myself targeted in the past, I was aware of a key detail, a honeypot URL shortening service setup by GCHQ, that was actually redacted in the Snowden documents published in 2014. This URL shortening service enabled GCHQ to deanonymize another hacktivist and discover his real name and Facebook account, according to the leaked document. Using this key detail, I was able to discover a network of sockpuppet Twitter accounts and websites setup by GCHQ, pretending to be activists during the Arab spring of 2011 and Iranian revolution of 2009, and we published an article about it last summer in Motherboard as a piece of investigative journalism. This talk will: - go into detail about how and why GCHQ setup a network of fake social media accounts, blogs, honeypot proxies and news sites during revolutionary events; - reveal new details about other fake websites that GCHQ setup in other parts of the world for different purposes. The people responsible, the Joint Threat Research Intelligence Group (JTRIG), is a group within GCHQ that has the aim of "using online techniques to make something happen in the real or cyber world". To fulfill this aim, a wide but basic array of technological tools and software are used at JTRIG’s disposal, as detailed in the published document titled "JTRIG tools and techniques"[2]. These tools include "DEADPOOL", described as a "URL shortening service", and "HUSK", a "secure one-to-one web based dead-drop messaging platform". How can seemingly innocent web services be used as honeypots to conduct signal intelligence, being part of something more sinister? CC BY 4.0 false Mustafa Al-Bassam Motherboard: British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents [1] Exclusive: Snowden Docs Show UK Spies Attacked Anonymous, Hackers [2] JTRIG tools and techniques (pdf) 2017-12-27T14:15:00+01:00 14:15 00:30 Saal Borg 34c3-8916-der_netzpolitische_wetterbericht Wird es Regen geben? Ein Ausblick auf die neue Legislaturperiode Ethics, Society & Politics lecture de Deutschland hat gewählt, man weiß nur noch nicht, wer regieren wird. Bis Weihnachten könnte ein Koalitionsvertrag verhandelt worden sein, vielleicht auch später. Was sind die zu erwartenden großen Debatten der neuen Legislaturperiode? Der Vortrag will dazu einen Wetterbericht abliefern, über die aktuellen Vorhaben, die noch aus der digitalen Agenda abgearbeitet werden und vor allem auf die Akteure, Interessen und Konfliktfelder der zu erwartenden kommenden netzpolitischen Debatten. Von Plattform-Regulierung über KI-Regulierung bis hin zur Frage der Produkthaftung. CC BY 4.0 false Markus Beckedahl 2017-12-27T15:00:00+01:00 15:00 00:30 Saal Borg 34c3-8915-how_can_you_trust_formally_verified_software Resilience lecture en Formal verification of software has finally started to become viable: we have examples of formally verified microkernels, realistic compilers, hypervisors etc. These are huge achievements and we can expect to see even more impressive results in the future but the correctness proofs depend on a number of assumptions about the Trusted Computing Base that the software depends on. Two key questions to ask are: Are the specifications of the Trusted Computing Base correct? And do the implementations match the specifications? I will explore the philosophical challenges and practical steps you can take in answering that question for one of the major dependencies: the hardware your software runs on. I will describe the combination of formal verification and testing that ARM uses to verify the processor specification and I will talk about our current challenge: getting the specification down to zero bugs while the architecture continues to evolve. This is an overview of the 6 year project to create (and publicly release) formal specifications of the Arm processor architecture. The meat of the talk consists of the things I have done to make the specification correct: - testing the specification with the test programs that Arm uses as part of the sign-off criteria for processors - formally validating processor pipelines against the specification (which has the side-effect of finding bugs in the spec) - formally verifying properties of the specification - getting lots of different users - they all find different bugs There are a lot of things that you can do with a formal specification: binary analysis, proving compilers or OSes correct, driving a superoptimizer, etc. so I hope that this will inspire the audience to go off and do something amazing with Arm's specification. CC BY 4.0 false Alastair Reid ARM's v8-A machine readable architecture specification HTML files from ARM's v8-A specification Tools to dissect ARM's v8-A specification Things you can do with the specification Slides: How can you trust formally verified software file /system/events/logos/000/009/147/large/Unbenannt.png?1514317242 2017-12-27T15:45:00+01:00 15:45 00:30 Saal Borg 34c3-9147-unleash_your_smart-home_devices_vacuum_cleaning_robot_hacking Why is my vacuum as powerful as my smartphone? Hardware & Making lecture en Did you ever want to run your own IoT cloud on your IoT devices? Or did you ever wonder what data your vacuum cleaning robot is transmitting to the vendor? Why a vacuum cleaning robot needs tcpdump? Nowadays IoT devices are getting more and more powerful and contain a lot of sensors. As most devices are connected directly to the vendor and transmit all data encrypted to the cloud, this may result in privacy issues. An IoT device with no internet connection lacks numerous features or is even unusable. We want to change that. We show you how to root a Xiaomi vacuum cleaning robot in order to get access to the underlying Linux operating system(Ubuntu 14.04 LTS), <b>**without opening the device or tampering the warranty seals**</b>. Furthermore, we will have a look into the vendors cloud interface and its commands, and will show you how to de-attach the device from the cloud and connect it to your local Smart Home system. Finally, we will demonstrate how to run Smart Home software directly on the vacuum cleaning robot itself. We will give you a detailed tour through the hardware and software components of the Xiaomi vacuum robot (generation 1). We will also publish a non-invasive method to get root access to your vacuum robot. After talking about the rooting procedure, we will discuss the internals of the robot. For example, the robot uses a so called SLAM (Simultaneous Localization and Mapping) system with LIDAR (Light Detection And Ranging) and various other sensors to create maps of your apartment. These maps are used, among other things, to calculate the best cleaning path. We will show you what these maps look like and how they are stored in the robot. At the end, we will discuss which data are created and uploaded to the vendor, and why this may be a big privacy issue. We will also prove why it is a bad idea to leave IoT devices in an unconfigured state. CC BY 4.0 false Dennis Giese DanielAW http://dontvacuum.me Presentation with animations Presentation with animations (28.12) 2017-12-27T16:30:00+01:00 16:30 01:00 Saal Borg 34c3-8762-inside_intel_management_engine Security lecture en Positive Technologies researchers Maxim Goryachy and Mark Ermolov have discovered a vulnerability that allows running unsigned code. The vulnerability can be used to activate JTAG debugging for the Intel Management Engine processor core. When combined with DCI, this allows debugging ME via USB. Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals. The PCH carries communication between the processor and external devices; therefore, Intel ME has access to some critical data on the computer, and the ability to execute third-party code allows compromising the platform completely. Researchers have been long interested in such capabilities, but recently we have seen a surge of interest in Intel ME. Intel provides its engineers with the ability to perform ME debugging via JTAG, in addition to allowing third-party developers to debug ISH via DCI (as previously discussed by us at 33с3). Anyone could use the vulnerability we have found to activate JTAG debugging for ME. In our presentation, we will describe the built-in ME debugging mechanism and how to activate it with the help of this vulnerability. CC BY 4.0 false Maxim Goryachy Mark Ermolov How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine Some a public information about it Previous talk about DCI on 33c3 2017-12-27T18:30:00+01:00 18:30 01:00 Saal Borg 34c3-9194-bildung_auf_dem_weg_ins_neuland CCC lecture de An unseren Schulen besteht ein großes Defizit hinsichtlich der Vermittlung digitaler Mündigkeit. Da mittlerweile weitgehender Konsens besteht, dass an Schulen bezüglich digitaler Technologien mehr passieren muss, reagiert die Bildungspolitik und integriert neue Medien in die Bildungspläne. Auf Basis unserer Erfahrungen, die wir im Rahmen vom Chaos Macht Schule gesammelt haben, diskutieren wir die aktuellen bildungspolitischen Entwicklungen. Im Rahmen von Chaos Macht Schule geben wir seit über 10 Jahren Workshops, in denen wir uns in der thematischen Schnittmenge von Technik und Gesellschaft bewegen. Denn eine zeitgemäße Bildung, bei der die digitale Mündigkeit der Schülerinnen und Schüler im Mittelpunkt steht, scheint in der Schullandschaft auch 2017 immer noch in weiter Ferne. Sowohl die Schulen, die Wirtschaft als auch die Politik reagieren zwar langsam auf die bestehenden Defizite. Doch viele aktuelle bildungspolitische Entwicklungen adressieren die grundlegenden Probleme nicht, lösen sie nur unzureichend oder setzen aus unserer Sicht falsche Schwerpunkte. In unserem Talk diskutieren wir aktuelle blidungspolitische Entwicklungen im Kontext unserer Erfahrungen an Schulen. Dabei legen wir dar, welche Schwerpunkte aus unserer Sicht in Schulen gesetzt werden sollten, um die nachfolgende Generation auf eine fortschreitend digitalisierte Welt vorzubereiten. CC BY 4.0 false benni dorina steffen Chaos Macht Schule „Chaos macht Schule“: Forderungen für digitale Bildung an Schulen 2017-12-27T19:45:00+01:00 19:45 01:00 Saal Borg 34c3-9106-pointing_fingers_at_the_media The Bundestagswahl 2017 and Rise of the AfD Ethics, Society & Politics lecture en The German election in September 2017 brought a tectonic shift to the layout of German politics. With the AfD in parliament far-right illiberalism has reached the mainstream. We investigate the communicative developments underlying this rise. Using web-scraping and automated content analysis, we collected over 10.000 articles from mainstream-news and far-right blogs, along with over 90GBs of Tweets and thousands of Facebook-Posts. This allows us a deep insight into how public discourse works in 2017 Germany. The Bundestagswahl 2017 was an earthquake to Germany's political landscape. With the AfD an illiberal and openly xenophobic party became the third-largest force in parliament. Its rise over just four years is unlike anything seen in Germany before. The new media landscape has often been touted as a key component of the rise of the AfD. More than any other party the AfD has made frequent use of the "populist playbook" -- stirring controversy through inflammatory rhetoric before back-pedalling and slamming the "Lügenpresse" (mendacious press). More than this, though, no other party has been as successful in directly connecting to and communicating with followers on Facebook to spread their "real" messaging outside mainstream media channels. Likewise, the proliferation of distinctly right-wing, rabble-rousing "news"-blogs and spread of these "news" on social media have given the far right an unfiltered platform to communicate with supporters. This has fundamentally shaken what scholars know about mass communication and agenda setting processes during elections. Still, despite many analyses and investigations we do not really know what actually went on during the 2017 campaign in Germany. Lots of attention has been devoted to the question if the AfD received too much space for presenting itself vis-a-vis the other parties in mainstream and social media channels. Yet, to our knowledge, no systematic investigation of these dynamics has been undertaken in Germany. We attempt here to undertake this investigation. Starting in early July of 2017 we used Python-based automated web scraping to access eight German-language "news"-blogs popular within networks of the extreme political right. Between July and September we collected almost 4500 articles from these right-leaning sites. In addition, using the Facebook-Graph-API we collected the shares and likes of each post from the Facebook-presences of those same blogs (where available). Simultaneously, we also collected mainstream media content. Using the Factiva and Lexis-Nexis news databases, we downloaded and parsed almost 6000 texts from both print as well as online media for the same period of time. Finally, to help capture public sentiment during the campaign, we collected all German tweets from Mid-August onward (roughly 90 GBs of data) alongside Google search trends data. The texts from these three ecosystems - right-wing fringe blogs, mainstream media, and public internet search and sentiment data - serve as data to use automated content analysis, build topic and machine learning models, and run time series cross sectional analyses to understand the possible relationships between and within each area. This allows us to understand the co-integrated processes between media/public spheres and identify what was talked about, when it was talked about, and how it was talked about. Overall these data allow us to paint picture of campaign discourse in Germany. We can present answers to a number of questions: Did the AfD actually receive a disproportionate amount of attention? Do these separate media ecosystems influence one another? Who leads, who follows? How do political elites interact with the public via old and new media? Who is driving topics? Overall, this project presents a snapshot of the campaigning season for Germany in the year 2017. We unveil the dynamics brought about by new forms of public discourse. ============ About the researchers who collected and analysed this data: Alexander Beyer initially attended Eberhard-Karls-University in Tübingen, and is now a PhD-student at <A HREF="http://www.sfu.ca/politics.html">Simon-Fraser-University</A>in Vancouver. His research focuses on the communications strategies of right-wing parties and the strategic responses of mainstream parties to these extremists. He is also interested in automated data collection, as well as network and text analysis. Denver McNeney (<A HREF="https://twitter.com/denvermcTwitter/">@DenverMc</A>) is a Ph.D. Candidate at the Centre for the Study of Democratic Citizenship at McGill University and works as a data scientist at a language processing startup in Vancouver. McNeney’s research primarily focuses on the sources and consequences of heterogeneity in public opinion. Additional work focuses on automated text analyses and text-as-data approaches alongside time series and panel quantitative methodologies. <A HREF="http://www.sfu.ca/~sweldon/">Prof. Steven Weldon</A> heads the research team on Political Extremism and Democracy in which Alexander Beyer and Denver McNeney are working. He is a Professor of Political Science and the Director for the Centre for the Study of Public Opinion and Political Representation at Simon Fraser University in Vancouver, Canada. He spent a year as a Fulbright-Scholar in Potsdam. His research focuses on political representation, European integration, political behaviour, and diversity and multiculturalism. CC BY 4.0 false alebey Slides for the Presentation 2017-12-27T21:00:00+01:00 21:00 01:00 Saal Borg 34c3-8724-defeating_not_petya_s_cryptography Security lecture en In this presentation we will outline our findings about (Not)Petya's crypto flaws and how we were able to exploit them to decrypt infected computers. At the end of June 2017, a malware outbreak plagued Ukraine and other parts of the world. The threat, quickly dubbed NotPetya after striking similarity to Petya had been discovered, encrypted infected systems at boot-level. A deeper analysis of NotPetya's cryptography revealed several rookie mistakes that enabled us to recover the encrypted hard drives. This talk gives some insights into NotPetya's flawed cryptography and how we were able to exploit them to eventually decrypt the infected hard drives. CC BY 4.0 false Sebastian Eschweiler 2017-12-27T22:15:00+01:00 22:15 01:00 Saal Borg 34c3-8950-microarchitectural_attacks_on_trusted_execution_environments Security lecture en Trusted Execution Environments (TEEs), like those based on ARM TrustZone or Intel SGX, intend to provide a secure way to run code beyond the typical reach of a computer’s operating system. However, when trusted and untrusted code runs on shared hardware, it opens the door to the same microarchitectural attacks that have been exploited for years. This talk provides an overview of these attacks as they have been applied to TEEs, and it additionally demonstrates how to mount these attacks on common TrustZone implementations. Finally, we identify new techniques which allow us to peer within TrustZone TEEs with greater resolution than ever before. The goals of this talk are twofold. First, it will build up an understanding of microarchitectural attacks, Trusted Execution Environments, and the existing research into the two. The talk assumes only basic knowledge of processor operation, and presents the information needed to understand the many variants of attacks against the cache and more. We will also cover key similarities and differences between ARM TrustZone and Intel SGX technologies and how these can be abused by microarchitectural attacks. This is a relatively new field of research, but it is growing quickly, and we hope to explain the significant contributions and accomplishments that have been achieved already. The second goal of the talk is to demonstrate how to perform these attacks in practice. We will take the TrustZone-based TEE implementation on the Nexus 5X as an example and explain how to write software which performs these side-channel attacks. We then push beyond the existing research and develop new methods to perform attacks on ARM TrustZone with greater precision than seen before. Our setup is relatively easy to implement, and we aim for this demonstration to encourage and enable further research into the software running within these trusted environments. By the end of the talk, the audience will recognize the risks presented by microarchitectural attacks and the ease with which issues can be exploited. We hope to leave the audience appreciating the tension between processor security and performance and understanding the difficulty of truly securing a Trusted Execution Environment from this powerful class of attack. CC BY 4.0 false Keegan Ryan 2017-12-27T23:30:00+01:00 23:30 01:00 Saal Borg 34c3-9064-the_ultimate_apollo_guidance_computer_talk Hardware & Making lecture en The Apollo Guidance Computer ("AGC") was used onboard the Apollo spacecraft to support the Apollo moon landings between 1969 and 1972. This talk explains "everything about the AGC", including its quirky but clever hardware design, its revolutionary OS, and how its software allowed humans to reach and explore the moon. The AGC was an early digital computer specifically designed for the Apollo moon missions. The Command Module and the Lunar Module each contained one AGC. First built in 1965 from 5600 integrated circuits, it was one of the first minicomputers, beating commercial machines like the PDP-8 in weight (32 kg) and power consumption (55 W). The Apollo program's size and weight limitations as well as the requirements for real-time guidance, navigation and control were pushing 1960s technologies to their limits. As a 15 bit one's complement big-endian accumulator machine with 36 kilo-words of ROM and 2 kilo-words of RAM, its design seems very foreign from today's perspective. The operating system was real-time, priority-based cooperative/preemptive and fault-tolerant, supporting interpreted virtual machines – practically inventing many of these concepts. This talk explains all the hardware details of the AGC: Its machine language, counters, timers, I/O, display and keyboard, as well as its implementation using integrated circuits, core memory and "core rope" ROM. The talk goes on to explain the software: interrupt handling, the core set, the wait list, the alarm system, the interpreter, and the actual user software, providing, among other things, guidance, navigation and control (GNC) services. The audience will get a good understanding of hardware and software design in the 1960s, and appreciate the innovations driven by the Apollo program. CC BY 4.0 false Michael Steil Christian Hessmann 2017-12-27T11:30:00+01:00 11:30 01:00 Saal Clarke 34c3-9271-lobby-schlacht_um_die_eprivacy-verordnung Die EU hat die Wahl: Schutz von Menschen oder von Geschäftsmodellen? Ethics, Society & Politics lecture de In der EU wird gerade über eine Verordnung verhandelt, die für die Vertraulichkeit der elektronischen Kommunikation verbindliche und zeitgemäße Regeln schaffen soll. Diese „ePrivacy-Verordnung“ könnte in absehbarer Zeit die letzte Möglichkeit sein, dem informationellen Kontrollverlust EU-weit politisch etwas entgegenzusetzen. Google analysiert die Mails seiner Kunden, Facebook wertet WhatsApp-Kontakte aus, Tracker verfolgen Bewegungen durch das Netz und auch durchs Einkaufszentrum. Die Verwertung persönlichen Informationen, die bei der digitalen Kommunikation jeden Tag gesammelt werden, ist das dominante Geschäftsmodell der digitalen Welt. Eine Wahl haben Nutzerinnen oft nicht, wenn sie auf die großen Dienste angewiesen sind: „Take it or leave it; data or die“ lautet das Grundprinzip der kommerziellen Überwachung. Während digitale Bürgerrechtsorganisationen auf eine starke Regulierung hoffen, warnt die Werbe- und Trackingindustrie davor, dass „das Internet, wie wir es kennen“, in Gefahr ist: Müssen Tracker künftig „Do not track“ respektieren? Dürfen bald auch Mobilfunkanbieter unser Kommunikationsverhalten unbegrenzt auswerten? Kommt ein echtes Recht auf Verschlüsselung? Wird die Vorratsdatenspeicherung auf Messenger ausgeweitet? Wer sich in Brüssel am Ende durchsetzt, wird auch in der Öffentlichkeit entschieden. false Ingo Dachwitz 2017-12-27T12:45:00+01:00 12:45 00:30 Saal Clarke 34c3-8768-end-to-end_formal_isa_verification_of_risc-v_processors_with_riscv-formal Resilience lecture en Formal hardware verification (hardware model checking) can prove that a design has a specified property. Historically only very simple properties in simple designs have been provable this way, but improvements in model checkers over the last decade enable us to prove very complex design properties nowadays. riscv-formal is a framework for formally verifying RISC-V processors directly against a formal ISA specification. In this presentation I will discuss how the complex task of verifying a processor against the ISA specification is broken down into smaller verification problems, and other techniques that I employed to successfully implement riscv-formal. Formal hardware verification (hardware model checking) can prove that a design has a specified property. This is different from simulation, which can only demonstrate that a property holds for some concrete traces (sets of inputs). Historically only very simple properties in simple designs have been provable this way, but improvements in model checkers over the last decade enable us to prove very complex design properties nowadays. riscv-formal is a framework for formally verifying RISC-V processors directly against a formal ISA specification. (The ISA specification used in riscv-formal is itself formally verified against Spike , the official RISC-V simulator and "golden reference" implementation.) riscv-formal can be made to work with any existing processor design, all that is needed is to add an additional RVFI (RISC-V formal interface) trace port to the core. riscv-formal by default uses the open source SymbiYosys toolchain to perform the formal proofs, but it should be compatible with all major HDL formal verification flows. In this presentation I will discuss how the complex task of verifying a processor against the ISA specification is broken down into smaller verification problems in riscv-formal, how to implement RVFI, how integrate a core with riscv-formal, and what kind of bugs can be detected using our method. Most of the proofs performed by riscv-formal are bounded proofs, i.e. it is only proven that the properties hold for the first N cycles after reset. But with a sufficiently large N we can create high confidence that in fact all relevant states can be reached within the bound of the proof and that therefore the bounded case is a sufficient proxy for the more general unbounded case. Abstractions, cut-points, and blackboxing can further help extend the effective bound of the proof. The presentation also touches on those techniques. CC BY 4.0 false Clifford Wolf riscv-formal RISC-V /system/events/logos/000/009/027/large/Title_screen_Dig_Assassination.001.jpeg?1508057316 2017-12-27T13:30:00+01:00 13:30 00:30 Saal Clarke 34c3-9027-the_work_of_art_in_the_age_of_digital_assassination Art & Culture lecture en My talk explores the interconnected nature of war and culture. It does so through the context of technology and political discourse in contemporary art. With a view from the battle fields of the Middle East, both real and imagined, I attempt to dissect how the political discourse of academia and the art world trickles down to everyday discussions. A simple word such as "assassination" becomes rife with racism when its etymology can be linked to anti-Muslim propaganda that originated during the Crusades. And today assassination is the primary political tool of the West to negotiate with Muslim radicals, even violating their own rules of citizenship, constitutional, and human rights protections in the process. With this backdrop, we see how the artistic works of such diverse artists such as Chris Marker, Chris Burden, Haroun Farouki, Anish Kapoor, and Banksy have evolved to reflect the political discourse of the moment. The digital advancements of the war zone, I argue, are reflected in the diametrically opposed peaceful spaces of the gallery, museum, or art house cinema. As the digital defeats analogue, the act of killing becomes disconnected from the killer, with democracies spreading thei blame over systemic failures rather than facing the reality of death. CC BY 4.0 false Saud Al-Zaid Previous Talk Title_screen_Dig_Assassination.001.jpeg 2017-12-27T14:15:00+01:00 14:15 00:30 Saal Clarke 34c3-8919-wtfrance Decrypting French encryption law Ethics, Society & Politics lecture en France is part of the top countries trying to destroy encryption, especially through backdoor obligations, global interceptions, and effort to get access to master keys. French law already criminalises the use of encryption, imposing heavier penalties on people using it or regarding them as general suspects. How can we oppose this trend? What political role for developers? Contrary to popular opinion, the worst security legislation is not always coming from right-wing governments like Poland or Hungary but also from the 'social' democracies of liberal markets strengthening their supremacy by striving for authoritarian power. France is part of the top countries trying to destroy encryption, especially through backdoor obligations. Despite advices of all digital security experts, French officials are still speaking out against encryption, systematically using the fight against terrorism as a pretext. As a result, French law considers people using encryption as guiltier than others, imposing heavier penalties on people using it or regarding them as general suspects. Legislators also aim at obliging firms to hand over the uncrypted version of a communication or even the encryption key if possible. The period for data retention of encrypted communication is much longer than for non encrypted communications. After giving a brief historical summary of the french anti-crypto legislation, this talk will issue the possibilities to oppose this trend. Especially enquiring about what political role developers could play, this should definitely be understood as a call for action. CC BY 4.0 false Agnes Okhin 2017-12-27T15:00:00+01:00 15:00 00:30 Saal Clarke 34c3-9055-science_is_broken How much can we trust science in light failed replications, bogus results and widespread questionable research practices? Science lecture en We're supposed to trust evidence-based information in all areas of life. However disconcerting news from several areas of science must make us ask how much we can trust scientific evidence. The field of psychology is faced with a crisis where many results that were trusted for decades are called into question. Obviously bogus results like one trying to prove that precognition is real can be created with the existing scientific standards. In replication attempts in preclinical cancer research more than 90 percent of study results could not be confirmed. Pharmaceutical companies are constantly under attack for questionable research methods. The scientist John Ioannidis asked more than ten years ago "Why most scientific research findings are false". These aren't just single incidents, they show much deeper problems in the way science is performed today. Scientific results get published if they yield to "positive" results and land in the drawer if the results are "negative", giving an incomplete and often skewed picture. In many fields scientific studies are never replicated. Scientific incentive structures like the Impact Factor prefer sensational results more than rigorous scientific standards. But there's also some move into the right direction. Trials registers or registered reports can prevent or at least detect many questionable research practices. The replication crisis has led some fields to put more emphasis on repetitions of important results. Appart from the fact that we get a wrong picture of reality these shortcomings of science also are undeserved munition for those who'd like to reject the scientific principle as a whole. How broken is science - and what can be done to make more scientific results true? CC BY 4.0 false hanno Linklist with many more resources on the covered topics Slides 2017-12-27T15:30:00+01:00 15:30 00:30 Saal Clarke 34c3-9030-algorithmic_science_evaluation_and_power_structure_the_discourse_on_strategic_citation_and_citation_cartels Science lecture en Quantitative science evaluation, such as university rankings, rely on man-made algorithms and man-made databases. The modelling decisions underlying this data-driven algorithmic science evaluation are, among other things, the outcome of a specific power structure in the science system. Power relations are especially visible, when negotiated during processes of boundary work. Therefore, we use the discourse on 'citation cartels', to shed light on a specific perception of fairness in the scientific system, as well as on the actors who are in charge. While doing so, we draw analogies to the discourse on search engine optimization. Scientific evaluation as governance technique is conducted through different instruments which have intended and unintended effects. One aspect of evaluation is the measurement of research quality through the performance of scientific publications, for example, how often they are cited. The design of such performance indicators is one core task of bibliometrics as a discipline. There is incidence that citation-based performance indicators might have side effects on citation behaviour. Those effects have to be considered by the bibliometrics community. On the one hand, they have to be considered with regard to indicator design aiming at achieving validity of measurement. On the other hand, and maybe more important, they have to be considered with regard to indicator use and its effect on science and society. We find some of this behavioural adaptation analogously in the development of search engine optimization (SEO). Search engine rankings share one core principle with citation-based indicators: that relevance (quality) is understood to be measurable through incoming links (citations) to a website (publication). The discourse on SEO and which strategies are to be regarded as white hat SEO or black hat SEO led to a more or less stable set of 'allowed' activities, which are approved by the search engine monopolist Google. Citation-based performance indicators are also the aim of optimization activities. One activity, which is believed to be undertaken by scientific journals, is the establishment of 'citation cartels' (groups of journals, which agree on mutually citing each other to boost their indicators). This form of strategic citation is widely regarded as morally corrupt. Beyond this specific type, there is an ongoing debate, which citation strategies are to be regarded scientific misconduct, and therefore threatening the 'fairness' of performance indicators. In our talk, we will outline the discourse on strategic citation with examples, which show concerns or label some strategies as unethical, and some which demand detection and punishment of questionable behaviour. We especially point out that the request to embank strategic citation is often addressed to the publication database provider Thomson Reuters. Proceeding from this point, this opens up a new perspective on power structures in the science system. CC BY 4.0 false J. Hartstein Teresa Isigkeit Franziska Sörgel 2017-12-27T16:30:00+01:00 16:30 01:00 Saal Clarke 34c3-8936-1-day_exploit_development_for_cisco_ios Security lecture en Year 2017 was rich in vulnerabilities discovered for Cisco networking devices. At least 3 vulnerabilities leading to a remote code execution were disclosed. This talk will give an insight on exploit development process for Cisco IOS for two of the mentioned critical vulnerabilities. Both lead to a full takeover of the target device. Both PowerPC and MIPS architectures will be covered. The presentation will feature an SNMP server exploitation demo. On March 17th, Cisco Systems Inc. made a public announcement that over 300 of the switches it manufactures are prone to a critical vulnerability that allows a potential attacker to take full control of the network equipment. This damaging public announcement was preceded by Wikileaks' publication of documents codenamed as "Vault 7" which contained information on vulnerabilities and description of tools needed to access phones, network equipment and even IOT devices. Cisco Systems Inc. had a huge task in front of them - patching this vast amount of different switch models is not an easy task. The remediation for this vulnerability was available with the initial advisory and patched versions of IOS software were announced on May 8th 2017. I decided to reproduce the steps necessary to create a fully working tool to get remote code execution on Cisco switches mentioned in the public announcement. Another big vulnerability was disclosed in June 2017. This was a remote code execution vulnerability in an SNMP service affecting multiple Cisco routers and switches. I will share the techniques and tools I used while researching vulnerable Cisco switches and routers. Reverse engineering and debugging IOS under PowerPC and MIPS architectures will be the focus of this talk. We all heard about modern exploit mitigation techniques such as Data Execution Prevention, Layout Randomization. But just how hardened is the network equipment? And how hard is it to find critical vulnerabilities in network devices? CC BY 4.0 false Artem Kondratenko Twitter Blog /system/events/logos/000/008/720/large/john_dee.png?1505986121 2017-12-27T18:30:00+01:00 18:30 01:00 Saal Clarke 34c3-8720-ios_kernel_exploitation_archaeology Security lecture en This talk presents the technical details and the process of reverse engineering and re-implementation of the evasi0n7 jailbreak's main kernel exploit. This work was done in late 2013, early 2014 (hence the "archaeology" in the title), however, it will provide insight into the kernel debugging setup for iOS devices (iDevices), the encountered difficulties and how they were overcome, all of which can be useful for current iOS kernel vulnerability research. The evasi0n7 jailbreak was released by the evad3rs on 22nd December 2013 targeting 7.0 to 7.1b3 iOS devices (iDevices). This talk documents the reverse engineering process of evasi0n7's main kernel exploit, which was performed in order to not only understand the underlying vulnerability, but more importantly to document the exploitation techniques the evad3rs have utilized. The talk will initially focus on the kernel debugging setup (a very important but often ignored step in device/embedded exploitation talks), the encountered problems and how they were overcome. I will then explain the underlying vulnerability, and the reverse engineering of the implemented exploitation techniques. Finally, I will present a detailed step by-step re-implementation of the kernel exploit. CC BY 4.0 false argp 2017-12-27T19:45:00+01:00 19:45 00:30 Saal Clarke 34c3-8964-watching_the_changing_earth warning: gravity ahead Science lecture en For a few decades by now, satellites offer us the tools to observe the whole Earth with a wide variety of sensors. The vast amount of data these Earth observations systems collect enters the public discourse reduced to a few numbers, numbers like 3 or even 300. So, how do we know the amount of ice melting in the arctic or how much rain is falling in the Amazon? Are groundwater aquifers stable or are they are being depleted? Are these regular seasonal changes or is there a trend? How can we even measure these phenomena on a global scale? This talk will provide one possible answer: gravity. The melting of ice during the summer and the regrowth of ice shields in winter or any variation of mass on the surface of the Earth and inside the Earth, in general, are reflected in the change of its gravity field. By monitoring the gravity field from space, we can infer the mass variations necessary to result in the measured gravity changes. Satellite missions like GRACE (Gravity Recovery and Climate Experiment) offer us a monthly view of the Earth's changing gravity field since 2002. Providing a look into the mass redistribution driven geophysical processes, climate, and human civilisation. Furthermore, the combination of gravity with additional types of measurements allows us to get a better understanding of our planet. The objective of this presentation is not to discuss the last significant decimal in some indicator of climate change. A look at the gravity field offers much more information, e. g., continental and global hydrology, changing ocean currents, mass flow in the mantle. This talk will give a brief introduction into space geodetic techniques used to monitor the gravity field of the Earth with a focus on the GRACE mission, its scientific results and applications. I will explain their working principle and the process which leads to a mathematical representation of the gravity field. We will look at a few selected examples, and try to answer the questions as mentioned above. Fortunately, the necessary data products are freely available. Additionally, there are services which spare us the math and offer tools to generate visualisations for a straightforward approach to this topic. CC BY 4.0 false manuel Minimum working example on GitHub (work in progress) Resources from the presentation (V1.1) /system/events/logos/000/008/948/large/eye2.png?1511198911 2017-12-27T20:30:00+01:00 20:30 00:30 Saal Clarke 34c3-8948-low_cost_non-invasive_biomedical_imaging An Open Electrical Impedance Tomography Project Hardware & Making lecture en An open source biomedical imaging project using electrical impedance tomography. Imagine a world where medical imaging is cheap and accessible for everyone! We'll discuss this current project, how it works, and future directions in medical physics. Current medical imaging machines such as MRI scanners are large, expensive and very rarely used preventatively as scans are done when symptoms have already occurred. A better healthcare for the future would include affordable high resolution body scans for everyone, which caused no harm to the body and enable us to track changes through machine learning algorithms. Electrical Impedance Tomography is an electrical current mapping technique enabling the reconstruction of 2D slices of the human body that is both non-invasive and completely safe (non-ionizing). It’s an exciting and active area of research with new techniques coming out all the time to reach higher resolution imaging. The range of applications are huge and include measuring lung volume, muscle and fat mass, gestural recognition based on muscle movement, bladder or stomach fullness, breast and kidney cancer, hemorrhage detection and even monitoring the depth of anesthesia in patients. I’ll talk about the state of research on each of these applications. Currently there is no readily available platform to enable rapid development and collaboration in this area. Unfortunately this means very few people outside of biomedical engineering R&D have been able to experiment with it. This talk presents a new system in development that enables real-time electrical impedance tomography experimentation. I will present the hardware, python test bench and explanation of how the reconstruction algorithms work, then move to potential future directions and applications of this project. Democratizing novel sensing technology opens the way to better collaborations and faster innovation to increase human healthspan. CC BY 4.0 false Jean Rintoul on Github Mailing List Open Biomedical Imaging Talk Slides 2017-12-27T21:15:00+01:00 21:15 00:30 Saal Clarke 34c3-8710-relativitatstheorie_fur_blutige_anfanger Raum, Zeit, Licht und Gravitation, wie hängt das zusammen? Science lecture de Jeder kennt sie, kaum jemand versteht sie wirklich, die vielleicht berühmteste Gleichung der Welt: E=mc^2 Was hat es damit auf sich, was ist die spezielle- und was die allgemeine Relativitätstheorie? Wie kann man sicher sein, dass das wirklich stimmt? Bleibt die Zeit stehen, wenn man sich mit Lichtgeschwindigkeit bewegt? Was ist das Zwillings-Paradoxon und dehnt sich das Universum aus, oder werden wir einfach nur immer kleiner? Lasst und mal so richtig Gas geben und mit 300.000 Sachen pro Sekunde durch die Welt staunen. Lasst uns eine Zeitmaschine bauen und die Raumzeit verbiegen bis es knirscht. Die Relativitätstheorie und besonders die allgemeine Relativitätstheorie ist relativ schwer zu verstehen. Na und? Alles ist relativ, oder doch nicht? CC BY 4.0 false Steini /system/events/logos/000/009/190/large/twitter_arabic.jpg?1508101856 2017-12-27T22:00:00+01:00 22:00 00:30 Saal Clarke 34c3-9190-catch_me_if_you_can_internet_activism_in_saudi_arabia Ethics, Society & Politics lecture en Activists in Saudi Arabia have been able to celebrate important victories like the recent lifting of the ban on women driving in September 2017 but have to fight on a lot of other front lines at the same time. Websites are blocked on a large scale and many activists are sent to jail on the grounds of a loosely used cybercrime law. This talk will give some insight into the current social and political strife happening on the Saudi Internet from a first-hand-perspective using some of the data collected in a collaboration with the OONI project. There is a simple reason why the Internet and social media have such an important role in the current struggle for social and political change: About 75 percent of the Saudi population are younger than 30 years old and basically everyone is online all the time: 75 percent of the Saudis have a smartphone and Saudi Twitter users account for 40 percent of all Twitter users in the whole Arab world. Life in the Kingdom is strongly influenced by the conflict between conservative-religious groups on one side and liberal activists on the other side who are trying to further democratic values, women's rights, free speech and freedom of religion. While the government is restricting public discourse, activists are pushing for reforms and are trying to make their voices heard. This activism and so-called „overstepping of red lines“ comes at a price: Many have heard of the blogger Raif Badawi, who has been imprisoned in Saudi Arabia since 2012 and sentenced to 10 years in jail and 600 lashes for setting up a website that criticises religious figures. But fewer people are familiar with the cases of activists like Waleed Abulkhair, Ashraf Fayadh, Hamza Kashgari, Mariam al-Otaibi, Loujain AlHathloul and many others who are often charged and sentenced to prison for tweets or websites that they have put up under a very elastic clause in Saudi Arabias cyber crime law. This talk strives to give some insight into the darkness of the current state of affairs on the Saudi internet as well as to show some of the rays of hope: 1) We will have a look at Saudi Arabias cyber crime law which was instituted in 2007 and has since been amended multiple times: Now online newspapers and bloggers have to obtain a license and the government can monitor social media platforms to subsequently charge people for cyber crime or cyber terrorism for „promoting“ adultery, homosexuality, atheism or criticizing the government or religious figures. 2) While living in Saudi Arabia I collaborated with the OONI Project (Open Observatory of Network Interference: https://ooni.torproject.org/) to take measure of the extent of censorship and blocked websites in the Kingdom. In this talk we'll look at the method that I used to collect this data as well as the gathered information and what we can conclude from this about the state of Internet censorship in Saudi Arabia. 3) And finally: Not all is lost. With years of relentless social media campaigns and the online organization of protest and dissent, activists are despite all the hardships they have suffered able to celebrate victories from time to time - like the recent lifting of the ban on women driving or the first participation of women in local elections. CC BY 4.0 false Noujoum 2017-12-27T22:45:00+01:00 22:45 00:30 Saal Clarke 34c3-8908-doping_your_fitbit Firmware modifications faking you fitter Security lecture en Security architectures for wearables are challenging. We take a deeper look into the widely-used Fitbit fitness trackers. The Fitbit ecosystem is interesting to analyze, because Fitbit employs security measures such as end-to-end encryption and authentication to protect user data (and the Fitbit business model). Even though this goes beyond security mechanisms offered by other fitness tracker vendors, reverse-engineering the trackers enables us to launch practical attacks against Fitbit. In our talk, we demonstrate new attacks including wireless malware flashing on trackers as well as “unlocking” the trackers to work independent from the Fitbit cloud. We explain the Fitbit security architecture, including the most important communication paradigms between tracker, app, and server. Our talk focuses on the tracker itself and its wireless interfaces, nevertheless it is important to understand the roles of the other components to successfully imitate them. Custom firmware makes fitness trackers the ultimate geek toy, including the possibility to improve security and privacy. We show how we reverse-engineered the wireless firmware flashing process, as well as setting up a Nexmon-based environment for developing custom firmware. A short demo shows how wireless flashing works, including potentials of the modified firmware. We also release a smartphone application supporting a subset of the demonstrated attacks, including the possibility for users to extract some of their fitness tracker data without sharing it with Fitbit. This is a huge step towards privacy on wearables. Apart from the app we will also release everything necessary to patch your Fitbit firmware, enabling users to develop more secure mechanisms protecting their data. CC BY 4.0 false jiska DanielAW fitness-app fitness-firmware Slides 2017-12-27T23:30:00+01:00 23:30 01:00 Saal Clarke 34c3-8974-practical_mix_network_design Strong metadata protection for asynchronous messaging Resilience lecture en We shall explain the renewed interest in mix networks. Like Tor, mix networks protect metadata by using layered encryption and routing packets between a series of independent nodes. Mix networks resist vastly more powerful adversary models than Tor though, including global passive adversaries. In so doing, mix networks add both latency and cover traffic. We shall outline the basic components of a mix network, touch on their roles in resisting active and passive attacks, and discuss how the latency impacts reliability, application design, and user experience. Interest in privacy technologies has surged over the previous decade, due in part to the Snowden revelations as well as earlier revelations of warrantless wiretaping by the NSA. Tor has justifiably received considerable attention for protecting location metadata when using existing Internet protocols. We believe the time is right though to deploy far stronger systems that cover more specific use cases, especially email and monetary transactions. There are serious limitations to the adversary models addressed by Tor, which manifests today as website fingerprinting attacks, but easily extend to devastating attacks on most use cases, including messaging systems like Briar and Ricochet. Academics have proposed various anonymity technologies with far stronger threat models than Tor, but by far the most deployable and efficient option remains mix networks, which date to the founding of anonymity research by David Chaum in 1981. Tor was inspired by mix networks and shares some superficial similarities, but mix networks' are vastly stronger if they judiciously add latency and cover traffic. There are several historical reasons why mixnets lost popularity and why Tor's onion routing won. Namely, Tor is low latency and really good at being usable. This is in contrast to mix networks which are essentially an unreliable packet switching network. Historically mix networks achieved enough mix entropy by using long delays whereas it is becoming more widely understood that there exists a tradeoff between legit traffic, decoy traffic and latency. We believe a strong anonymity network is urgently needed so that individuals can retain a core of control over what metadata they expose to traffic analysis. We further suspect the world is ready to pay for deploying it, and developing the specialized applications to exploit it, both for messaging privacy and for privacy preserving financial systems like ZCash or Taler. CC BY 4.0 false David Stainton jeffburdges Katzenpost mixnet specification documents The Loopix Anonymity System Katzenpost source code repositories The Panoramix Project website slides /system/events/logos/000/009/276/large/forensic-arch.png?1511039939 2017-12-27T11:30:00+01:00 11:30 01:00 Saal Dijkstra 34c3-9276-forensic_architecture Forensic Architecture is an independent research agency that undertakes historical and theoretical examinations of the history and present in articulating notions of public truth. Art & Culture lecture en In recent years, the group Forensic Architecture began using novel research methods to undertake a series of investigations into human rights abuses. The group uses architecture as an optical device to investigate armed conflicts and environmental destruction, as well as to cross-reference a variety of evidence sources, such as new media, remote sensing, material analysis, witness testimony, and crowd-sourcing. In this talk, Eyal Weizman provides, for the first time, an in-depth introduction to the history, practice, assumptions, potentials, and double binds of this practice. Today, the group provides crucial evidence for international courts and works with a wide range of activist groups, NGOs, Amnesty International, and the UN. Forensic Architecture has not only shed new light on human rights violations and state crimes across the globe, but has also created a new form of investigative practice that bears its name. The group uses architecture as an optical device to investigate armed conflicts and environmental destruction, as well as to cross-reference a variety of evidence sources, such as new media, remote sensing, material analysis, witness testimony, and crowd-sourcing. In Forensic Architecture, Eyal Weizman provides, for the first time, an in-depth introduction to the history, practice, assumptions, potentials, and double binds of this practice. Included in this volume are case studies that traverse multiple scales and durations, ranging from the analysis of the shrapnel fragments in a room struck by drones in Pakistan, the reconstruction of a contested shooting in the West Bank, the architectural recreation of a secret Syrian detention centre from the memory of its survivors, a blow-by-blow account of a day-long battle in Gaza, and an investigation of environmental violence and climate change in the Guatemalan highlands and elsewhere. Weizman’s Forensic Architecture, stunning and shocking in its critical narrative, powerful images, and daring investigations, presents a new form of public truth, technologically, architecturally, and aesthetically produced. Their practice calls for a transformative politics in which architecture as a field of knowledge and a mode of interpretation exposes and confronts ever-new forms of state violence and secrecy. false Eyal Weizman http://www.forensic-architecture.org/ 2017-12-27T12:45:00+01:00 12:45 01:00 Saal Dijkstra 34c3-8784-emmc_hacking_or_how_i_fixed_long-dead_galaxy_s3_phones A journey on how to fix broken proprietary hardware by gaining code execution on it Security lecture en How I hacked Sasmung eMMC chips: from an indication that they have a firmware - up until code execution ability on the chip itself, relevant to a countless number of devices. It all started when Samsung Galaxy S3 devices started dying due to a bug in their eMMC firmware. I will cover how I figured out there's a firmware inside the chip, how I obtained it, and my journey to gaining code execution on the chip itself &mdash; up until the point in which I could grab a bricked Galaxy S3, and fix it by software-only means. <p>Few years ago Samsung Galaxy S3 devices started dying all around the world (a phenomenon known as "Galaxy S3 Sudden Death"). The faulty hardware was pinpointed to its eMMC chip (made by Samsung). eMMC are basically SD cards in BGA form soldered to the PCB, but as it apperas - they hide a CPU and a firmware inside.</p> <p>Samsung eMMC chips support some vendor-specific, undocumented eMMC commands. By doing some guesswork and finding the right sequence of commands I was able to dump the entire RAM (and firmware) of the eMMC chip, which appears to sport an <i>ARM Cortex-M3</i> chip inside. But how can we know what causes the device to fail?</p> <p>Samsung has written a Linux patch which patches the eMMC's RAM in order to fix the problem. However, investigating the patch itself reveals that it does nothing more than jumping to an infinite loop when something goes wrong. We needed a more inherent fix. By utilizing Samsung's own vendor-specific commands, we can write the eMMC's RAM in order to achieve code execution, or even write to the eMMC's NAND flash memory directly. We can update its firmware and fix the problem altogether.</p> <p>However, when a device is bricked, how do we even get to send commands to its soldered eMMC chip by software-only means? I will show a working exploit against Samsung's boot-loader to be able to send commands to the eMMC chip.</p> <p>Nevertheless, this is not enough. A bricked device usually means that the eMMC is now in an infinite loop and won't accept and eMMC commands. Although it appears to be a dead-end, there's a way: by triggering a power reset on the eMMC chip, there's a time window in which the chip boots itself. There's a way to stop the eMMC chip from loading its own firmware, instead putting itself in some "recovery mode". I was finally able to execute my own code on the faulty chip.</p> <p>The research not only applies to Galaxy S3 devices (which are obviously old), as it appears to be relevant for new Samsung eMMC chips, even though they have a slightly different firmware, which will be briefly overviewed.</p> CC BY 4.0 false oranav Initial research when Galaxy S3 devices died /system/events/logos/000/009/021/large/download.jpeg?1514390337 2017-12-27T14:00:00+01:00 14:00 01:00 Saal Dijkstra 34c3-9021-squeezing_a_key_through_a_carry_bit No bug is small enough Security lecture en The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations. We show how to build a full practical key recovery attack on top of it, capable of targeting JSON Web Encryption. <p>Carry bugs are fairly common, and usually too small to have big impact, or so they are considered. This one was no exception.</p> <p><a href="https://github.com/golang/go/issues/20040">Go issue #20040</a> affected the optimized x86_64 assembly implementation of scalar multiplication on the NIST P-256 elliptic curve in the standard library.</p> <p><code>p256SubInternal</code> computes <code>x - y mod p</code>. In order to be constant time it has to do both the math for <code>x &gt;= y</code> and for <code>x &lt; y</code>, it then chooses the result based on the carry bit of <code>x - y</code>. The old code chose wrong (<code>CMOVQNE</code> vs <code>CMOVQEQ</code>), but most of the times compensated by adding a carry bit that didn't belong in there (<code>ADCQ</code> vs <code>ANDQ</code>). Except when it didn't, once in a billion times (when <code>x - y &lt; 2^256 - p</code>). <a href="https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c">The whole patch is 5 lines.</a></p> <p>The bug was found by a Cloudflare engineer because it caused ECDSA verifications to fail erroneously but the security impact was initially unclear. We devised an adaptive bug attack that can recover a scalar input to <code>ScalarMult</code> by submitting attacker-controlled points and checking if the result is correct. Elliptic Curve Diffie-Hellman involves a secret scalar, a peer-provided point, and fails to establish a key if the result is incorrect.</p> <p>We reported this to the Go team, Go 1.7.6 and 1.8.2 were issued and the vulnerability was assigned <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8932">CVE-2017-8932</a>.</p> <p>At a high level, this P-256 ScalarMult implementation processes the scalar in blocks of 5 bits. We can precompute points that trigger the bug for each specific 5 bit value, and submit them. When the protocol fails, we learned 5 key bits, and we move on to the next 5, Hollywood style. In about 500 submissions on average we recover the whole key.</p> <p>The precomputation involves a lot of unusable points and edge cases, but by modifying the optimized assembly implementation and generating points intelligently, we can produce a full round of points in seconds on 1000 machines (or spot instances). Each round depends on the previous ones, so must be computed live during each attack.</p> <p>Normal ECDH does not offer an attacker multiple attempts against the same scalar, making the attack impossible. However, a variant of ECDH with a static scalar is used as a public key encryption scheme, for example in JSON Web Encryption. The attack can fully recover the private key in that scenario.</p> <p>No bug is small enough.</p> CC BY 4.0 false Filippo Valsorda Recording Slide deck Demo 2017-12-27T15:15:00+01:00 15:15 01:00 Saal Dijkstra 34c3-9034-bbss_and_early_internet_access_in_the_1990ies Modems, FIDO, Z-Netz, Usenet, UUCP, SLIP and ISDN Art & Culture lecture en This talk explains how individuals were able to communicate globally in the 1990ies using self-organized networks of BBSsin networks like FIDO and Z-Netz, before individual access to the Internet was possible. It also covers the efforts of non-profit organizations to provide individual access to Internet Mail+News via UUCP and later via IP during that period. This talk covers how individuals could participate in local, regional and global message-based data communications in the 1990ies. It covers the technologies used to access such networks, both on the infrastructure (BBS) side, as well as on the user/client side. At the same time, the talk is a bit of a personal journey from <ul> <li>accessing dial-up BBSs using accoustinc coupler and modem</li> <li>becoming CoSysop of a BBS and learning about how to operatie BBSs</li> <li>being a Node/Point in message based communications networks like Z-Netz and FIDO</li> <li>using UUCP to participate in Internet mail/news (Usenet)</li> <li>working in the technical team of Kommunikationsnetz Franken e.V. to set up a community-based ISP with modem and ISDN dial-up banks, satellite based Usenet feeds, analog leased lines ISDN-SPV.</li> <li>helping getting Germany's alleged first Internet Cafe (we then called it an Online Bistro) connected</li> </ul> CC BY 4.0 false LaForge FidoNet Homepage Z-Netz Kommunikationsnetz Franken e.V. /system/events/logos/000/008/900/large/Screen_Shot_2017-10-12_at_10.06.22_PM.png?1507842403 2017-12-27T16:30:00+01:00 16:30 01:00 Saal Dijkstra 34c3-8900-tightening_the_net_in_iran The Situation of Censorship and Surveillance in Iran, and What Should Be Done Ethics, Society & Politics lecture en How do Iranians experience the Internet? Various hurdles and risks exist for Iranians and including outside actors like American technology companies. This talk will assess the state of the Internet in Iran, discuss things like the threats of hacking from the Iranian cyber army; how the government are arresting Iranians for their online activities; the most recent policies and laws for censorship, surveillance and encryption; and the policies and relationships of foreign technology companies like Apple, Twitter and Telegram with Iran, and the ways they are affecting the everyday lives of Iranians. This talk will effectively map out how the Internet continues to be a tight and controlled space in Iran, and what efforts are being done and can be done to make the Iranian Internet a more accessible and secure space. How do Iranians experience the Internet? Various hurdles and risks exist for Iranians and including outside actors like American technology companies. This talk will assess the state of the Internet in Iran, discuss things like the threats of hacking from the Iranian cyber army; how the government are arresting Iranians for their online activities; the most recent policies and laws for censorship, surveillance and encryption; and the policies and relationships of foreign technology companies like Apple, Twitter and Telegram with Iran, and the ways they are affecting the everyday lives of Iranians. This talk will effectively map out how the Internet continues to be a tight and controlled space in Iran, and what efforts are being done and can be done to make the Iranian Internet a more accessible and secure space. Break down of the talk: What threats exist for Iranians online? A discussion of the various bodies that police the Internet in Iran will be discussed, including the Iranian Cyber Police (FATA), Gerdab (the Revolutionary Guards Cyber Police), and the loosely affiliated government network of the Iranian Cyber Army, and how they have been tracking, arresting, and hacking into the online activities of various Iranians inside and outside of the country. Government Internet policies The talk will briefly overview the quagmire that is Internet policy and law, including the bodies that regulate the Internet, such as the Supreme Council of Cyberspace, and various laws such as the Cyber Crimes Laws, the censorship of various encryption tools, new policies on censorship and data collection, and the Internet policies under the new Minister of ICT, Mohammad-Javad Azari Jahromi, a former member of the Ministry of Intelligence and architect of Iran’s online surveillance infrastructure. Foreign Technology Companies Apple is not officially present in Iran, and does not want to get involved in financial transactions with Iranian banks. As a result, it’s been removing the applications of Iranians off it’s app store, to the detriment of all lot of Internet services Iranians with iPhones can access. Telegram has long been rumoured to be cooperating with the Iranian government. This past year they moved their CDN servers inside Iran, citing concerns for the security of Telegram data from the Iranian government. Telegram is one of the only social media platforms not censored in Iran, but now Iran’s hardline politicians are threatening to sue Pavel Durov. Additionally, the new Minister of ICT has said they will be engaging Twitter in negotiations to unfilter the platform in Iran. Twitter is refusing to comment on whether they are engaging or will work with the government. This portion of the talk will try to understand the dangers and responsibilities companies have to keeping the Internet safe and accessible to Iranians. CC BY 4.0 false Mahsa Alimardani Last Talk Given on the Topic at 32C3 Latest Vice Motherboard Articles on Iranian Internet Controls Profile at the Oxford Internet Institute Profile at Global Voices Advox Talk at Re:Publica 2015 One Report from the Tightening the Net Series Presenter Has Written 2017-12-27T18:30:00+01:00 18:30 01:00 Saal Dijkstra 34c3-8789-lets_break_modern_binary_code_obfuscation A semantics based approach Security lecture en Do you want to learn how modern binary code obfuscation and deobfuscation works? Did you ever encounter road-blocks where well-known deobfuscation techniques do not work? Do you want to see a novel deobfuscation method that learns the code's behavior without analyzing the code itself? Then come to our talk and we give you a step-by-step guide. This talk might be interesting for you if you love reverse engineering or binary security analysis. We present you modern code obfuscation techniques, such as opaque predicates, arithmetic encoding and virtualization-based obfuscation. Further, we explain state-of-the-art methods in (automated) deobfuscation [1] as well as how to break these [2]. Finally, we introduce a novel approach [3] that learns the code's semantics and demonstrate how this can be used to deobfuscate real-world obfuscated code. [1] https://www.ieee-security.org/TC/SP2015/papers-archived/6949a674.pdf [2] https://mediatum.ub.tum.de/doc/1343173/1343173.pdf [3] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-blazytko.pdf CC BY 4.0 false Tim Blazytko Moritz Contag code Slides file /system/events/logos/000/009/040/large/Post-Snowden-Nails-Aram-Bartholl-13-small.jpg?1508088598 2017-12-27T19:45:00+01:00 19:45 00:30 Saal Dijkstra 34c3-9040-access_to_bodies Ein Leitfaden für post-humane Computer- und Körperanwendungen Art & Culture lecture de Cyborgs und Body Enhancement sind typisch männlich dominierte Thematiken (Terminator etc). Im Gegensatz dazu ist zB die weiblich konotierte Beautybranche auch hochtechnisiert. Körper und Technologie sind auf verschiedenen Ebenen hier schon eng verzahnt. Diese beiden Bereiche zusammenzubringen ist FUN. Stehen Computer eigentlich auf rosa? Der menschliche Körper ist eine sich ständig verändernde Situation, der sich den äusseren, gesellschaftlichen Bedingungen anpasst. Das Thema Cyborgs und Bodyenhancement ist hochaktuell, dabei ist das Smartphone bereits teil unserer Anatomie und mein Gehirn hat die Instagram denkweise verinnerlicht. Der Computer ist perfekt, der Mensch nicht. Das jedenfalls ist das gängige Narrativ und deswegen versucht Mensch sich beständig zu verbessern um eins mit dem Computer zu werden. Aber Verbesserung ist nur ein Argument, um Lösungen zu verkaufen. Wie sieht ein Körper aus der keiner Logik einer ständigen Verbesserung folgt? In meinem Talk spreche ich über alternative Körpererweiterungen und Schönheitsideale. Meine Arbeiten sind Prothesen, die nicht dazu dienen fehlende Körperteile zu ersetzen, sondern nicht-ökonomische, nicht-funktionale, nicht-logische Möglichkeiten zu simulieren. Anhand einer Reihe von Beispielen, Projekten und Arbeiten möchte ich gerne dieses Spannungsfeld darlegen. CC BY 4.0 false Nadja Buttendorf Nadja Buttendorf - Artist Website Youtube Channel Nadjas Nail Art Residency 2017-12-27T20:30:00+01:00 20:30 00:30 Saal Dijkstra 34c3-9278-ecstasy_10x_yellow_twitter_120mg_mdma Shipped from Germany for 0.1412554 Bitcoins Art & Culture lecture en Artists !Mediengruppe Bitnik talk about recent works around bots and the online ecosystems that has been forming around them. Through the lens of their recent works around algorithms and bots, !Mediengruppe Bitnik offer a look into some of the technologies shaping our day-to-day. Retracing their explorations into the Darknets with Random Darknet Shopper, !Mediengruppe Bitnik will talk about the shopping bot which linked the darknet directly to the art space. With a weekly budget of $100 in Bitcoins, the bot went shopping on the deep web where it randomly bought items like cigarettes, keys, trousers or a Hungarian passport scan and had them sent directly to exhibition spaces in Switzerland, the UK and Slovenia. In a more recent series of works !Mediengruppe Bitnik use the hacked online dating site Ashley Madison as a case study to talk about the current relationship between human and machine, Internet intimacy and the use of virtual platforms to disrupt and defraud. CC BY 4.0 false !Mediengruppe Bitnik !Mediengruppe Bitnik /system/events/logos/000/008/797/large/socialcooling-ccc.png?1512667444 2017-12-27T21:15:00+01:00 21:15 00:30 Saal Dijkstra 34c3-8797-social_cooling_-_big_data_s_unintended_side_effect How the reputation economy is creating data-driven conformity Ethics, Society & Politics lecture en What does it mean to be free in a world where surveillance is the dominant business model? Behind the scenes databrokers are turning our data into thousands of scores. This digital reputation is increasingly influencing our chances to find a job, a loan or even a date. Researchers are pointing out that, as people become aware of this reputation economy, it is generating a culture where self-censorship and risk aversion are the new normal. How do we deal with these chilling effects? I suggest we take the comparison of oil and data all the way: If oil leads to global warming, then data leads to Social Cooling. Social Cooling is an accessible narrative about the large scale chilling effects are starting to become visible, and whose effects countries like China are actively embracing. Here in the west studies show a rise in self-censorship and a growing culture of risk-aversion. For example, after the Snowden revelations fewer people visit Wikipedia pages about subjects like terrorism. We see doctors hesitating to operate on patients because a death will lower their score. This comparison is not meant to scare, but to give us hope: our move away from oil offers us a valuable blueprint on how to deal with this issue. In this talk we’ll go into the narratives we need. In a data-driven world, a good story can still be the best hack. CC BY 4.0 false Tijmen Schep SocialCooling.com 2017-12-27T22:00:00+01:00 22:00 00:30 Saal Dijkstra 34c3-9205-bootstomp_on_the_security_of_bootloaders_in_mobile_devices Security lecture en In our paper we present a novel tool called BootStomp able to identify security vulnerabilities in Android bootloaders (such as memory corruptions) as well as unlocking vulnerabilities. During its evaluation, BootStomp discovered 6 previously unknown vulnerabilities across 4 different bootloaders. Finally BootStomp has been open-sourced to help the security community. Modern mobile bootloaders play an important role in both the function and the security of the device. They help ensure the Chain of Trust (CoT), where each stage of the boot process verifies the integrity and origin of the following stage before executing it. This process, in theory, should be immune even to attackers gaining full control over the operating system, and should prevent persistent compromise of a device’s CoT. However, not only do these bootloaders necessarily need to take untrusted input from an attacker in control of the OS in the process of performing their function, but also many of their verification steps can be disabled (“unlocked”) to allow for development and user customization. Applying traditional analyses on bootloaders is problematic, as hardware dependencies hinder dynamic analysis, and the size, complexity, and opacity of the code involved preclude the usage of many previous techniques. In this paper, we explore vulnerabilities in both the design and implementation of mobile bootloaders. We examine bootloaders from four popular manufacturers, and discuss the standards and design principles that they strive to achieve. We then propose BootStomp , a multi-tag taint analysis resulting from a novel combination of static analyses and dynamic symbolic execution, designed to locate problematic areas where input from an attacker in control of the OS can compromise the bootloader’s execution, or its security features. Using our tool, we find six previously-unknown vulnerabilities (of which five have been confirmed by the respective vendors), as well as rediscover one that had been previously reported. Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks. Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT. We conclude by proposing simple mitigation steps that can be implemented by manufacturers to safeguard the bootloader and OS from all of the discovered attacks, using already-deployed hardware features. CC BY 4.0 false Audrey Dutcher BootStomp BootStomp paper /system/events/logos/000/009/072/large/internet-map-justice.jpg?1512841766 2017-12-27T22:45:00+01:00 22:45 00:30 Saal Dijkstra 34c3-9072-bgp_and_the_rule_of_custom How the internet self-governs without international law Ethics, Society & Politics lecture en When bad actors can simply move servers from country to country, why does the internet remain reasonably civil ? How does one get on, or get kicked off, of the internet ? Why do fraud and child abuse websites regularly get shut down but thepiratebay remains living ? I will explain BGP, the protocol that knits the internet together, also covering the world of last resort hosting, bulletproof hosting and high profile cases of servers that were taken offline and servers which could not be taken offline despite significant effort. <p>We have been taught that someone must be in charge, there must be a supreme court of arbitration, otherwise chaos will reign. But we have before us an example of a network which does not have any supreme court, nor any official law or governing body besides ICANN.</p> <p>The internet is made up of tens of thousands of organizations (known as Autonomous Systems) who interconnect with one another voluntarily in what are known as peering agreements. Over 99% of all peering agreements are handshake agreements with no written contract and providers trust one another to follow social norms which are present within the internet community.</p> <p>Certain behavior such as denial of service attacks, email spam, and malware propagation are generally recognized as anti-social and autonomous systems which are dedicated to these types of business have in the past found themselves disconnected by their providers and unable to find anyone who will connect with them.</p> <p>Some hosting providers describe themselves as "bulletproof" or "last resort" hosting, providers who will host websites which are not able to find hosting in other places. Bulletproof hosting charges large sums of money and then allow their customers to do anything (including sending of spam and malware), last resort hosting providers by contrast often reach out to high profile organizations who have been disconnected by their original provider for political reasons.</p> <p>This system without explicit rules has proven to be highly favorable to freedom of speech while still managing to prevent some types of activity which is generally recognized as bad. In the development of new federated apps, we can learn from the successes of BGP and the challenges which it has faced over the past 40 years.</p> CC BY 4.0 false Caleb James DeLisle bgp_and_the_rule_of_custom.pdf /system/events/logos/000/008/998/large/Clarion_Alley_by_Oren_Rozen.jpg?1514026545 2017-12-27T23:30:00+01:00 23:30 01:00 Saal Dijkstra 34c3-8998-die_gottliche_informatik_the_divine_computer_science Die Informatik löst formale (mathematisch modellierte) Probleme ganz vorzüglich – doch nun soll sie alle anderen Probleme auch noch lösen / Computer science nicely solves formally modelled problems – now it is believed to solve everything else too Ethics, Society & Politics lecture de Die Informatik ist scheinbar das neue Göttliche, das den Klimawandel, die Kriminalität, unser fehlendes Wissen über das Gehirn, den globalen Terror, dichter werdenden Stadtverkehr, die Energieprobleme und die Armut der Welt lösen kann; und zwar mit der Blockchain, mit künstlicher Intelligenz, mit der Cloud und mit Big-Data. Doch inwiefern ist die Informatik überhaupt in der Lage, derartige Probleme hoher gesellschaftlicher Relevanz anzugehen? In diesem Vortrag soll versucht werden, Teile der riesigen Wunschliste an die Informatik mit ihren tatsächlichen aktuellen Möglichkeiten in Einklang zu bringen sowie die ökonomischen Motivationen und Rahmenbedingungen einzubeziehen. <span style="color:grey;">Computer science seems to be the new divine element that can solve climate change, crime, our lack of knowledge about the brain, global terror, urban traffic, our energy issues and world poverty; with blockchain, with artificial intelligence, with the cloud and big data. But to what extent is computer science even able to address such problems of high societal relevance? In this lecture an attempt will be made to reconcile parts of the huge wish list to computer science with its actual current possibilities and to include the economic motivations and conditions.</span> <strong>DE</strong> (<a href="#langderr">EN below</a>): Der bekannte Computerpionier und Gesellschaftskritiker Prof. Dr. Joseph Weizenbaum sagte einst sinngemäß: „Früher übergab man ein Problem dem Computer, wenn man es verstanden hatte. Heute ist es anders herum“. Gründe dafür scheinen eine geradezu magische Technikgläubigkeit, ein merkwürdiges Missverständnis der Funktionsweise heutiger Computer, ein immer größer werdender finanzieller Druck auf die öffentliche Hand und ein weit verbreitetes, technisch-reduziertes – man könnte fast sagen 'kybernetisches' – Welt- und Menschenbild zu sein. Da gewinnt Googles künstliche Intelligenz Alpha-Go gegen den professionellen südkoreanischen Go-Spieler Lee Sedol und schon wird der Abgesang auf das menschliche Gehirn angestimmt. Doch dass Sedol für das Match ein paar Tassen Kaffee verstoffwechselte, aber Alpha-Go die Energie einer Kleinstadt, zeigt, dass die Lage geringfügig komplizierter ist. Ähnliche fehlleitende Ungenauigkeiten finden sich auch bezüglich der berühmten Geheimsprache der Facebook-Bots bis hin zu den Möglichkeiten von „smart contracts“ in der Blockchain. Dies sind Beispiele, wie missverstandene Computerfähigkeiten und Fehlzuschreibungen eine tatsächlich sinnvolle Diskussion über den Nutzen weltweit vernetzter Computersysteme verhindern. Derartige Diskussionen sind jedoch mitnichten rein akademisch oder philosophisch, sondern in der Wirkung gesellschaftlich hoch brisant. Denn wie an der aktuellen Predictive-Policing-Thematik zu erkennen ist, erzeugt der Glaube an die Überlegenheit der Technik nunmehr harte soziale Realitäten für die betroffenen 'Datenopfer', aber keine nennenswerten positiven Ergebnisse für die Sicherheit. Gleiches gilt für die automatisierte, sogenannte „intelligente“, Videoüberwachung mit Verhaltenserkennung, die perspektivisch flächendeckend in Deutschland angedacht ist: der Glaube an solche Systeme vergrößert zwar immens den Kassenstand der Hersteller und Anbieter, aber verkleinert in gleicher Weise die Freiheit und Freiräume eines jeden Menschen im öffentlichen Raum. Genau das sind die tatsächlichen Auswirkungen eines unwidersprochenen, blinden Computeroptimismus', der zudem von finanziellen Motivationen getrieben ist und in der Folge kontinuierlich unsere Gesellschaft umprägt. Für eine Digitalisierung im Sinne der Freiheit und der gesellschaftlichen Weiterentwicklung müssen die Erwartungen an die Informatik folglich neu justiert werden und das im Zusammenhang mit wirtschaftlichen und politischen Machtverhältnissen. <span style="color:grey;"><strong id="langderr">EN</strong>: The well-known computer pioneer and society critic Prof. Dr. Joseph Weizenbaum once said, "Once upon a time, a problem was presented to the computer after it was understood. Today it's the other way around." Reasons for this seem to be an almost magical belief in technology, a strange misunderstanding of the functioning of today's computers, an ever-increasing financial pressure on the public sector and a widespread, technically-reduced – one could almost say 'cybernetic' – world view and concept of what's human. Not only since Google's artificial intelligence Alpha-Go won against the professional South Korean Go player Lee Sedol many techno-optimists celebrate the inferiority of the human brain. But Sedol metabolized a few cups of coffee for the match whereas Alpha-Go needed the energy of a small town; this shows that the matter is slightly more complicated. Similar misleading inaccuracies can be found regarding the 'famous' secret language of the Facebook bots or regarding the possibilities of "smart contracts" in the blockchain. These are examples of how misunderstood computer abilities and faulty ascription prevent a meaningful debate on the benefits of globally networked computer systems. However, such discussions are by no means purely academic or philosophical; they are socially highly explosive in their effect. As can be seen from the current addoption of Predictive Policing, the belief in the superiority of technology now creates harsh social realities for the affected 'data victims', but no noteworthy positive results for actual public security. The same applies to the automated "intelligent" video surveillance systems with behavioral detection – probably rolled-out nationwide in Germany: the belief in such systems immensely increases the cash influx of manufacturers and suppliers, but at the same time it reduces the freedom of each person in public space. These are the actual effects of an unchallenged 'blind computer optimism' driven by financial motivations which consequently transforms our society. For a Digitalization supporting freedom and social development, expectations of information technology must be readjusted in the context of economic and political power relations.</span> CC BY 4.0 false Rainer Rehak Kurzer Artikel: Die Macht der Vermenschlichung und die Ohnmacht der Begriffe 2017-12-27T20:15:00+01:00 20:15 1:45 Lecture room 11 self organized sessions meeting de Daily A/V Angel Meeting: Feedback and Shift Distribution Jwacalex https://c3voc.de https://events.ccc.de/congress/2017/wiki/index.php/Session:A/V_Angel_Meeting 2017-12-27T15:30:00+01:00 15:30 1:30 Lecture room 11 self organized sessions meeting en Meetup for everyone who identifies as queer and/or feminist and/or trans* or otherwise non-{white+male+straight+cis}. We will network with each other, exchange projects and ideas and talk about the QueerFeministGeeks assembly. This meetup is open to people of all genders, but please be mindful of how much space you are taking up and let those this meeting is intended for take priority. We try to be newbie- and introvert-friendly, so please do come even if you don't know anybody yet! See our Code of Conduct below. Ayke https://events.ccc.de/congress/2017/wiki/index.php/Session:Queer_Feminist_Geeks_Gathering 2017-12-27T18:30:00+01:00 18:30 1:40 Lecture room 11 self organized sessions discussion en Connecting people who run Tor relays, people who would like to run Tor relays, and people generally interested in what we are doing. Nicoo https://events.ccc.de/congress/2017/wiki/index.php/Session:Tor_relays_operators_meetup 2017-12-27T17:00:00+01:00 17:00 1:30 Lecture room 11 Translation Angel Meeting Day 1 self organized sessions meeting en Daily orga meeting of the Translation Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Translation_Team 2017-12-27T12:45:00+01:00 12:45 0:45 Seminar room 14-15 Angel meeting Day 1 self organized sessions meeting en Daily meetings of the Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Angel_Meeting 2017-12-27T16:30:00+01:00 16:30 0:45 Seminar room 14-15 Angel meeting Day 1 self organized sessions meeting en Daily meetings of the Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Angel_Meeting 2017-12-27T17:15:00+01:00 17:15 0:45 Seminar room 14-15 Introduction meeting for new angels Day 1 self organized sessions meeting en Daily meetings of the Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Angel_Meeting 2017-12-27T21:00:00+01:00 21:00 0:30 Seminar room 14-15 self organized sessions de Meeting for everybody who operated or used Modem/Dialup based BBSs in the good old days. https://events.ccc.de/congress/2017/wiki/index.php/Session:BBS_SysOP/User_meetup 2017-12-27T15:00:00+01:00 15:00 1:00 Seminar room 14-15 self organized sessions workshop de CMS Tutoren Briefing https://events.ccc.de/congress/2017/wiki/index.php/Session:Chaos_Macht_Schule_L%C3%B6tworkshop https://events.ccc.de/congress/2017/wiki/index.php/Session:CMS_Tutoren_Briefing 2017-12-27T18:30:00+01:00 18:30 1:00 Seminar room 14-15 self organized sessions talk en This talk is an introduction into Information Security Management Systems (ISMS) as based on ISO27001. ISMS are the way companies or organisations organize their IT security in a top-down approach. It is a beginner level talk for people who want to learn more about this topic or want to work with ISMS. http://docdro.id/qRIyH1v https://events.ccc.de/congress/2017/wiki/index.php/Session:How_companies_manage_their_security:_Introduction_into_Information_Security_Management_Systems 2017-12-27T20:00:00+01:00 20:00 1:00 Seminar room 14-15 self organized sessions workshop de Künstliche Intelligenz ist voll im Kommen. Aber manche philosophischen Probleme lassen sich einfach nicht wegprogrammieren. This Session is about artificial intelligence and its philosophical implications. We discuss some interesting dilemmas. https://events.ccc.de/congress/2017/wiki/index.php/Session:Ki%2BPhilosophie 2017-12-27T20:00:00+01:00 20:00 1:00 Lecture room 12 the teachers meeting self organized sessions meeting de After a great start at the 33c3, the teachers meeting continues this year! Gigo https://events.ccc.de/congress/2017/wiki/index.php/Session:Lehrerstammtisch 2017-12-27T21:00:00+01:00 21:00 0:30 Lecture room 12 self organized sessions meeting en Meeting for new subtitles angels. This is the one you need to be confirmed as a subtitles angel. http://c3subtitles.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Subtitles-Engelmeeting 2017-12-27T15:00:00+01:00 15:00 0:30 Lecture room 12 self organized sessions meeting en Meeting for new subtitles angels. This is the one you need to be confirmed as a subtitles angel. http://c3subtitles.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Subtitles-Engelmeeting 2017-12-27T16:00:00+01:00 16:00 2:30 Lecture room 12 self organized sessions hands-on en Privacy is the space in which ideas are developed, to retreat into whenever you want. This space is not only physical but digital as well. Governments and companies don't want to respect that so we become active ourselves. The goal of this hands-on session is to pass on knowledge about protecting yourself in the digital space. This can include encrypted communication, preventing being tracked while browsing the web and general security advice for computers and smartphones. Dawning-sun https://www.cryptoparty.in/34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:%E2%80%9CHow_To_Survice_34C3%E2%80%9D_CryptoParty 2017-12-27T09:00:00+01:00 09:00 1:00 Seminar room 13 self organized sessions workshop de We'll do some Yoga to calm our minds and move them bodies. Birdy1976 https://www.yogatoessfeld.ch/team/martin-voegeli-springer/ https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Hitchhiker%27s_Towel-Yoga 2017-12-27T10:00:00+01:00 10:00 0:45 Seminar room 13 self organized sessions hands-on de Taskwarrior is Free and Open Source Software that manages your TODO list from the command line. It is flexible, fast, and unobtrusive. It does its job then gets out of your way. Birdy1976 https://taskwarrior.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Taskwarrior_For_Dummies 2017-12-27T17:30:00+01:00 17:30 2:00 Seminar room 13 self organized sessions workshop en The LEAP Encryption Access project is dedicated to giving all Internet users access to secure communications. Our focus is on adapting encryption technology to make it easy to use and widely available. Not only end users deserve useable programs, the barriers to entry for aspiring service providers are pretty high. LEAP's goal is to transform the existing frustration and failure into an automated and straightforward process. Varac Meskio https://leap.se https://events.ccc.de/congress/2017/wiki/index.php/Session:Bitmask/LEAP_workshop 2017-12-27T15:30:00+01:00 15:30 1:00 Seminar room 13 self organized sessions Haecksen meeting: initiate 34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Initiate_34c3 2017-12-27T16:30:00+01:00 16:30 1:00 Seminar room 13 self organized sessions Introduction to LaTeX https://www.latex-project.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Introduction_to_Latex 2017-12-27T17:30:00+01:00 17:30 2:00 Seminar room 13 self organized sessions workshop hands-on en LEAP is a non-profit dedicated to giving all internet users access to secure communication. Our focus is on adapting encryption technology to make it easy to use and widely available. The LEAP Encryption Access project is dedicated to giving all Internet users access to secure communications. Our focus is on adapting encryption technology to make it easy to use and widely available. Not only end users deserve useable programs, the barriers to entry for aspiring service providers are pretty high. LEAP's goal is to transform the existing frustration and failure into an automated and straightforward process. This session will help you with any questions how to install an provider instance on one or more remote servers. Varac Meskio https://leap.se https://events.ccc.de/congress/2017/wiki/index.php/Projects:LEAP 2017-12-27T19:45:00+01:00 19:45 1:30 Seminar room 13 self organized sessions Meetup of people interested about Security Without Borders. Sobotny vecer https://securitywithoutborders.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Security_Without_Borders 2017-12-27T17:00:00+01:00 17:00 1:00 CCL Hall 3 self organized sessions talk Design in free software & open source is improving in recent years, but we still have a lot to do. If we want people to use free software, it needs to be as simple & easy to use as proprietary counterparts. The Open Source Design collective pushes design in free software. We organize design tracks at well-known events like FOSDEM and FOSSASIA, have a job board to get designers involved, provide open design resources to developers and designers and more. Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:Design_in_Free_Software_%26_Open_Source 2017-12-27T19:00:00+01:00 19:00 1:00 CCL Hall 3 self organized sessions talk en The presentation is an up-to-date summary of everything XMPP. It starts with the question of why we need decentralized communication protocols like XMPP followed by a rough introduction to how XMPP works. However, as the average visitor of 33C3 has heard of XMPP before, the talk is primarily about the innovations that XMPP has experienced in recent years and an outlook on what will happen next. Finally, there are hints on what to do to get started with XMPP. https://events.ccc.de/congress/2017/wiki/index.php/Session:Jabber/XMPP:_the_past,_the_presence_and_the_future 2017-12-27T14:00:00+01:00 14:00 1:00 CCL Hall 3 self organized sessions talk en NewPipe currently is a FLOSS youtube frontend for android. We will talk about the development this and next year, and do a little AMA afterwards. Eal https://newpipe.schabi.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Newpipe 2017-12-27T18:00:00+01:00 18:00 1:00 CCL Hall 3 self organized sessions talk It's p≡p again. This time, we wanna show some previews on a new piece of software: Thunderbird. We're cypherpunks going for mass encryption - followed by mass anonymization. We've just started to get the first pieces of software out that do email encryption standards like GPG and S/MIME (and MOAR to come!) without additional interaction by the users - they shall just communicate as they always used to, the rest is done by software. Thunderbird is one of the most commonly used tools for encrypting emails, e.g. taught at cryptoparties worldwide. Their organizers calculate at least with an hour to have all participants sending and receiving encrypted emails. This will change soon, with the help of pretty Easy privacy as an enhancement of pretty good privacy. We'll run through some basics of the pEp concepts and its architecture, go into some of the tech behind it and show how it works - especially on the example of Thunderbird. Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:Pretty_Easy_privacy_(p%E2%89%A1p)_for_Thunderbird_via_Enigmail:_How_it_works! 2017-12-27T15:00:00+01:00 15:00 1:00 CCL Hall 3 BigBrotherAwards - a great tool to build awareness and have fun (Digitalcourage e.V.) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-27T16:00:00+01:00 16:00 1:00 CCL Hall 3 Will the monetary system change? Privacy and Risk implications of digital currencies, and decentralized digital monetary systems (nsb) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-27T13:00:00+01:00 13:00 1:00 CCL Hall 3 self organized sessions talk en Free Open Source Software often fails to gain wider traction due to focusing on its technical aspects over other aspects. While Documentation, Design and Marketing quickly fall behind. Let's have a look at basic steps we can take as free software maintainers to offer potential contributors access to visual assets the same way we offer them access to our source code. We are going to make the process easy by introducing Identihub, a self hosted solution for visual asset hosting licensed under the AGPL v3 license. We will go through easily making your SVG files convertable for non designers without the need to send files back and forth via email. Eal http://identihub.co https://demo.identihub.co https://github.com/uracreative/identihub https://events.ccc.de/congress/2017/wiki/index.php/Session:Self-host_your_visual_assets_with_Free_Software 2017-12-27T20:00:00+01:00 20:00 1:00 CCL Hall 3 self organized sessions talk en Most people think about the big American data silos when talking about social networking. But there is a world outside these silos, where FreeSoftware empowers the networking of people and organisations. In this talk I would like to show you a glimpse of this world, what advantages it offers and how it can be used to reach even those entangled in the siloes. Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:Social_Networking,_powered_by_FreeSoftware 2017-12-27T21:00:00+01:00 21:00 1:00 CCL Hall 3 self organized sessions talk en Digital certificates appear in many unexpected places ranging from logging in to Websites (SSL/TLS) to downloading software from reliable sources (MD5). This session discovers those places, and explains in terms accessible to ordinary users the various functions that digital certificates fulfill in those places. What is the added-value of encryption with certificates over mere log-ins? Will passwords prevail in the future, or will it be Facebook/Google log-ins, encryption in the hands of users, the blockchain or something altogether different? Talk will be documented afterwards as PDF on Website below under 2017 Dec.27. Eal http://www.thomasruddy.eu https://events.ccc.de/congress/2017/wiki/index.php/Session:The_many_applications_of_digital_certificates 2017-12-27T16:20:00+01:00 16:20 0:40 Chaos West Stage cancelled self organized sessions workshop en https://events.ccc.de/congress/2017/wiki/index.php/Session:Daygame_-_meeting_girls_(and_boys)_in_daily_situations 2017-12-28T00:00:00+01:00 00:00 3:30 Chaos West Stage CouchSofa DJ set self organized sessions other de Come over and meet us at our cozy music lounge in hall 2! Proudly presented by Chaos West Bam https://events.ccc.de/congress/2017/wiki/index.php/Session:Klangteppich 2017-12-28T03:30:00+01:00 03:30 2:00 Chaos West Stage faheus DJ set self organized sessions other de Come over and meet us at our cozy music lounge in hall 2! Proudly presented by Chaos West Bam https://events.ccc.de/congress/2017/wiki/index.php/Session:Klangteppich 2017-12-27T15:00:00+01:00 15:00 0:45 Chaos West Stage secushare.org self organized sessions talk en Deeper aspects of the design of secushare, presented by t3sserakt and xrs. T3sserakt http://secushare.cheettyiapsyciew.onion https://events.ccc.de/congress/2017/wiki/index.php/Session:Modeling_Trust_in_a_Distributed_Private_Social_Network 2017-12-27T19:30:00+01:00 19:30 0:30 Chaos West Stage self organized sessions talk en This half-hour talk will spend time answering the five most asked questions, accept and answer five more and explain the state of the hardware wallet project. https://getmonero.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Monero_Hardware_Development 2017-12-27T19:00:00+01:00 19:00 0:30 Chaos West Stage self organized sessions talk en Developing a Monero Wallet for Android. Process, Tools, People. https://monerujo.io https://events.ccc.de/congress/2017/wiki/index.php/Session:Monerujo_-_Android_Monero_Wallet 2017-12-27T16:00:00+01:00 16:00 0:25 Chaos West Stage self organized sessions talk en Certificate authorities suck, but the proposed replacements (e.g. DNSSEC/DANE) aren't so great either. We think Namecoin can help here, and the code is working and released! JeremyRand https://events.ccc.de/congress/2017/wiki/index.php/Session:Namecoin_as_a_Decentralized_Alternative_to_Certificate_Authorities_for_TLS 2017-12-27T21:00:00+01:00 21:00 1:00 Chaos West Stage including 50 subsystems of GNUnet self organized sessions talk en How can distributed systems be the decentralized alternative we have been hoping for? And why are blockchains only one out of fifty building blocks of a distributed Internet? LynX Grothoff https://gnunet.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Privacy-Oriented_Distributed_Networking_for_an_Ethical_Internet 2017-12-27T22:00:00+01:00 22:00 0:45 Chaos West Stage Our chance to avoid cloud computing? self organized sessions talk en We tried to make federation scale. We failed. We realized that cloud computing cannot be beaten by federated networks. Let's scale up distributed systems while maintaining metadata protection and privacy. LynX http://secushare.cheettyiapsyciew.onion https://events.ccc.de/congress/2017/wiki/index.php/Session:Scalable_and_privacy-respectful_distributed_systems 2017-12-27T14:30:00+01:00 14:30 0:30 Chaos West Stage secushare.org self organized sessions talk en 1. the *cover traffic* from file sharing, DHT and eventually multicast; 2. the *framing* of application data, 3. *mixnets* for high-latency applications. LynX http://secushare.cheettyiapsyciew.onion/anonymity https://events.ccc.de/congress/2017/wiki/index.php/Session:Three_Ways_to_Enhance_Metadata_Protection_Beyond_Tor 2017-12-27T16:00:00+01:00 16:00 0:15 Hive Stage Intro Meeting self organized sessions meeting de Hive Stage Opening https://events.ccc.de/congress/2017/wiki/index.php/Session:Hive_Stage_Introduction 2017-12-27T22:00:00+01:00 22:00 1:30 Komona Aquarius self organized sessions workshop de Alle Menschen sind gleich, aber manche sind gleicher: Vom neuen Polizisten-Sonderstrafrecht und der Notwendigkeit unabhängiger Demobeobachtung und ihrer Technik. https://events.ccc.de/congress/2017/wiki/index.php/Session:Alle_Menschen_sind_gleich,_aber_manche_sind_gleicher. 2017-12-27T16:00:00+01:00 16:00 2:00 Komona Aquarius self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Disrupt! 2017-12-27T14:00:00+01:00 14:00 2:00 Komona Aquarius self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Hedonist_International_Networking_Meeting 2017-12-27T12:00:00+01:00 12:00 2:00 Komona Aquarius self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Mietsh%C3%A4usersyndikat_was_ist_das%3F 2017-12-27T14:00:00+01:00 14:00 2:00 Komona Coral Reef self organized sessions en justice and peace without the police Ronne Mübeck https://events.ccc.de/congress/2017/wiki/index.php/Session:(what_is)_Transformative_Justice_for_Communities 2017-12-27T16:00:00+01:00 16:00 2:00 Komona Coral Reef Hands-On self organized sessions workshop en How to use OpenPGP with Enigmail and Thunderbird. If there is time left we can do keysigning afterwards. Bring your laptops Bobo PK https://events.ccc.de/congress/2017/wiki/index.php/Session:Cryptoparty 2017-12-27T20:00:00+01:00 20:00 2:00 Komona Coral Reef self organized sessions hands-on en We will make transculent, super cheap, 3D models of our bodyparts or other stuff you bring. Kids friendly but parents should attend because the cutting out needs some help of an adult. Please bring scissors and LEDs. I will hopefully have more then one scissor there but just to be sure. It takes about 30 minutes to copy a fullsize adult leg. We will have two hours so you can make an entire body, or what ever you want. http://anneundfrederick.de/wp-content/uploads/2014/07/Kirchenbesucher-aus-Frischhaltefolie.jpg https://events.ccc.de/congress/2017/wiki/index.php/Session:Ultra_low-budget_3D_models_that_can_be_decorated_with_LEDs 2017-12-27T20:00:00+01:00 20:00 2:00 Komona D.Ressrosa self organized sessions de Ein Gedankenanstoss zur Frage ob Clubs auch als soziale und kulturelle Bildungsinstitute funktionieren könnten und wie/wer so ausgelegte Clubs gegebenenfalls finanzieren kann. https://events.ccc.de/congress/2017/wiki/index.php/Session:Clubkultur,_was_ist_das_eigentlich_und_wer_soll_denn_das_bezahlen%3F 2017-12-27T22:00:00+01:00 22:00 1:00 Komona D.Ressrosa self organized sessions workshop de Tontechnik für blutige Anfänger - wie man bei einem Konzert laut macht, einen Podcast aufnimmt, und was es mit diesen DACs und ganzen lustigen Steckern auf sich hat. Offen für viele Fragen, Inhalt richtet nach den Zuhörern! https://events.ccc.de/congress/2017/wiki/index.php/Session:Hauptsache_laut! 2017-12-27T12:00:00+01:00 12:00 2:00 Komona D.Ressrosa self organized sessions workshop de https://events.ccc.de/congress/2017/wiki/index.php/Session:Reclaim_Club_Culture:_Privileges_in_and_through_Club_Culture 2017-12-27T16:00:00+01:00 16:00 2:00 Komona D.Ressrosa self organized sessions discussion Jukebox Utopia (WiseUp) und Lukas Fakegruber (Shituationist Institute) erörtern das künstlerische, gemeinschaftliche und radikale Potential von Rave. http://bl.wiseup.de/ http://si-blog.net/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Reclaim_Club_Culture:_Soundradikalit%C3%A4t_und_Clubkommunalit%C3%A4t_(Jukebox_Utopia_(WiseUp)_und_Lukas_Fakegruber_(Shituationist_Institute)) 2017-12-27T18:00:00+01:00 18:00 2:00 Komona D.Ressrosa self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:SPREE:PUBLIK/Nonstop_Schwitzen 2017-12-27T14:00:00+01:00 14:00 2:00 Komona D.Ressrosa self organized sessions workshop de Wenn die "Neue Rechte" einen so erfolgreichen "Kulturkampf" führt - können wir das als Kukturschaffende nicht eigentlich viel besser? https://events.ccc.de/congress/2017/wiki/index.php/Session:Wenn_die_%22Neue_Rechte%22_einen_so_erfolgreichen_%22Kulturkampf%22_f%C3%BChrt_-_k%C3%B6nnen_wir_das_als_Kukturschaffende_nicht_eigentlich_viel_besser%3F 2017-12-27T20:00:00+01:00 20:00 2:00 Komona Blue Princess self organized sessions discussion en We will have a discussion of modern day anarchism, "anarcho-hacker" roots, and new social struggles, new culture from the old 1936 to new 2017 the fight continues - Also a place to organize actions on i2p and join our international collective: https://hispagatos.org/ - https://anarcho-hacker.info we will help people install i2p software on your GNU/Linux system. We will most likely start with the Submedia.TV documentary "hacking the system". Rek2 https://hispagatos.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Anarchist_hackers_-_Hispagatos_International_anarchist-hacker_collective 2017-12-27T16:00:00+01:00 16:00 1:30 Komona Blue Princess self organized sessions meeting en Annual meeting of the members of GNUnet e.V. Grothoff LynX https://gnunet.org/ev https://events.ccc.de/congress/2017/wiki/index.php/Session:GNUnet_e.V._annual_meeting 2017-12-27T15:00:00+01:00 15:00 1:00 Komona Blue Princess self organized sessions discussion de Mitte des Jahres 2017 wurde (mehr oder weniger) öffentlich, dass die Innenministerkonferenz (IMK) hinter verschlossenen Türen und abseits kritischer Fragen und Diskussionen beschlossen hat, ein Musterpolizeigesetz als Vorlage für alle Polizeien bzw. alle Polizeigesetze Deutschlands zu erarbeiten. Ein solcher Entwurf wird vermutlich weitreichende Folgen haben und hebelt die Instanz der kritischen Öffentlichkeit weitgehend aus. Dieses Treffen soll den am Thema Interessierten dazu dienen, sich gemeinsam auf den Stand der Dinge zu bringen und ggf. weitere Überlegungen zum Umgang mit diesem Prozess zu entwickeln. https://events.ccc.de/congress/2017/wiki/index.php/Session:Musterpolizeigesetz 2017-12-27T18:00:00+01:00 18:00 2:00 Komona Blue Princess self organized sessions workshop en Usertesting TALEnet (kathia) https://events.ccc.de/congress/2017/wiki/index.php/Session:Usertesting_TALEnet 2017-12-27T13:00:00+01:00 13:00 4:00 Kidspace Trickfilm Workshop self organized sessions workshop de Trickfilm-Workshop: Mach deinen eigenen Trickfilm! Du kannst dafür eigene Zeichnungen, Scherenschnitte und Bildhintergründe erstellen und am Computer animieren. Die Filme könnt ihr später auf Trixmix.tv sehen und herunterladen. Auf Trixmix.tv kann jeder eigene Trickfilme online erstelen. Alle Zeichungen aus dem kollektiv erstellten Bildwörterbuch können dafür verwenden. Viel Spaß! Die Webseite ist zusammen mit Trickmisch.de, einer Sprachschule von uns für Ankommende mit Hilfe von Trickfilmen entstanden. http://www.trickmisch.de http://www.trixmix.tv https://events.ccc.de/congress/2017/wiki/index.php/Session:Trickmisch 2017-12-27T12:00:00+01:00 12:00 01:00 Open Infra Stage 34c3-ffc-41-stage_setup_training_for_our_stage_angels other false Andi Bräu Clemens Peter Sascha 2017-12-27T13:00:00+01:00 13:00 01:00 Open Infra Stage 34c3-ffc-40-icebreaker_warmup performance false txtfile 2017-12-27T14:00:00+01:00 14:00 00:30 Open Infra Stage 34c3-ffc-39-vorstellung_der_assembly_just_humans lecture en false 2017-12-27T14:30:00+01:00 14:30 00:30 Open Infra Stage 34c3-ffc-38-altermundi_community_network_experiences_in_latin_america lecture en false Gui Isa 2017-12-27T15:00:00+01:00 15:00 00:30 Open Infra Stage 34c3-ffc-37-guifi_net lecture en false Pau 2017-12-27T15:30:00+01:00 15:30 00:15 Open Infra Stage 34c3-ffc-36-tota_toilets_on_the_air Informationen über Amateurfunk-Contest und wie auch nicht-Funkamateure mitmachen können lecture de false hax404 2017-12-27T16:00:00+01:00 16:00 00:45 Open Infra Stage 34c3-ffc-35-new_freifunk_firmware_approaches lecture en false andrenarchy 2017-12-27T17:00:00+01:00 17:00 00:45 Open Infra Stage 34c3-ffc-34-radio_lockdown_update lecture en false kaerF 2017-12-27T18:00:00+01:00 18:00 00:45 Open Infra Stage 34c3-ffc-33-a_simulator_for_sketching_mesh_net_routing_algorithms lecture en false mwarning 2017-12-27T19:00:00+01:00 19:00 00:45 Open Infra Stage 34c3-ffc-32-ffdn_a_federation_of_diy-isps_in_france_and_belgium what we do, how we do it and plans for the future lecture en false Adrien 2017-12-27T20:00:00+01:00 20:00 00:45 Open Infra Stage 34c3-ffc-31-t-minus_zero The first days in the life of the "Flying Laptop" satellite lecture en false INCO 2017-12-27T21:00:00+01:00 21:00 00:45 Open Infra Stage 34c3-ffc-30-nuclear_power_in_space lecture en false TP1024 2017-12-27T15:00:00+01:00 15:00 0:40 Assembly:Bogonauten Sketchnotes – how to communicate with your future self self organized sessions workshop de Vorträge mitschreiben und sich Notizen machen ist immer gut. Kritzeln macht Spaß. Sketchnotes verbinden dieses. Wir möchten euch zeigen was sketch-noting ist, wie man selbst zum Chaos-Stenograf wird und dass Sketchnotes tatsächlich in vielerlei Hinsicht eine effektive Art sind sich Wichtiges so zu notieren, dass man später etwas damit anfangen kann. Tuwat und kommuniziere mit deinem zukünftigen Ich! Für alle die es nicht mehr abwarten können hier schonmal ein paar Links: https://de.wikipedia.org/wiki/Sketchnotes https://re-publica.com/en/session/sketchnotes-einsteiger-1 Trema Akrühl Feitastic Ludger https://events.ccc.de/congress/2017/wiki/index.php/Session:Chaos-Notizen 2017-12-27T13:00:00+01:00 13:00 1:00 Assembly:Physikfachschaft Rostock Quantum Theory Explained From ¦0> self organized sessions talk de Quantum mechanics is a fascinating field of science. That's why we'd like to give you an introduction to the basics and at the same time show you some of the coolest effects that come out of very simple calculations. Feel free to bring lots of questions! KiNaudiz Kaminazuki https://events.ccc.de/congress/2017/wiki/index.php/Session:Collapsing_Cats_Towards_Infinity 2017-12-27T12:15:00+01:00 12:15 0:15 CCL Hall 2 Interview self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T14:00:00+01:00 14:00 1:00 CCL Hall 2 Erfolgsstory oder Armutszeugnis - Breitbandpolitik in Deutschland self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T16:05:00+01:00 16:05 0:25 CCL Hall 2 Live-Beitrag in Leonardo self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T11:00:00+01:00 11:00 0:20 CCL Hall 2 Der 34C3 self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T16:35:00+01:00 16:35 0:25 CCL Hall 2 Live-Beitrag in Forschung Aktuell self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T11:20:00+01:00 11:20 0:25 CCL Hall 2 Der 34C3 self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T17:00:00+01:00 17:00 1:00 CCL Hall 2 Studiogespräch self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T12:00:00+01:00 12:00 0:15 CCL Hall 2 Interview self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-27T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en We make tempeh at 34c3. Algoldor https://foodhackingbase.org/wiki/Tempeh_making_34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Introduction_to_Tempeh_Making 2017-12-27T16:00:00+01:00 16:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en Learn how to make Kimchi. Algoldor https://foodhackingbase.org/wiki/Kimchi_making_34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Traditional_Kimchi_Making 2017-12-27T22:00:00+01:00 22:00 2:00 Assembly:Foodhackingbase self organized sessions Whisky Tasting @ FHB Bigmac https://foodhackingbase.org/wiki/34c3_whisky_tasting https://events.ccc.de/congress/2017/wiki/index.php/Session:Whisky_Tasting_@_FHB 2017-12-27T13:00:00+01:00 13:00 0:45 Assembly:Jugend hackt How to Let's Play /Makey-Makey self organized sessions workshop de Wir zeigen wie man mit freier Software ansprechende Let's Plays gestalten kann. In der Planung sind Let's Plays für Minecraft und dem Worldpainter für Minecraft Welten! Es gehen aber auch alle anderen bereits installierten Spiele, die gerne gespielt werden! Kinder ab 10 Jahren, die gerne ihre eigenen let's Plays erstellen möchten! Maximal 4-6 Kids, ausser wir bekommen noch Helfer! Wir gehen davon aus das Kids ihre eigene Geräte mitbringen! Bisher haben wir den Workshop immer auf Laptops geprobt! Die Software kann unter folgenden Quellen geladen und anschließend installiert werden: * Screenrecording Software https://obsproject.com/ (Linux,OSX und Windows) * Freie Bildbearbeitungssoftware https://www.gimp.org/ (Linux,OSX und Windows) '''Achtung!''' Für die Installation wird ein Administratorenpasswort des Rechners benötigt. Natürlich darf bei jeder Session auch begeistert zugesehen werden und wer kein adäquates Gerät dabei hat wird sicher auch einmal die Möglichkeit bekommen zu spielen! Die Anmeldung erfolgt vor Ort und falls die Zeit im Jugendhack Assembly abgelaufen ist finden wir mit Sicherheit noch eine ecke im Kidspace wo wir nach Lust und Laune weiter experimentieren können! Rupi Rhs 1 https://events.ccc.de/congress/2017/wiki/index.php/Session:How_to_Let%27s_Play 2017-12-27T13:00:00+01:00 13:00 1:45 Esszimmer Tag 1 self organized sessions de Für Kinder ab 10 Jahren, die gerne ihre eigenen let's Plays erstellen möchten! Maximal 4-6 Kids, ausser wir bekommen noch Helfer! Wir gehen davon aus das Kids ihr eigene Geräte mitbringen! Zur installation der Software (https://obsproject.com/) werden unter umständen kurz Eltern (Passort beauftragte) benötigt! Wir hatten Let's Plays für minecraft oder worldpainter geplant! Es gehen aber auch alle anderen bereits installierten Spiele. Ralf (CMS) Rupi https://events.ccc.de/congress/2017/wiki/index.php/Session:Howto_Let%27s_Play 2017-12-27T15:00:00+01:00 15:00 0:45 Esszimmer Day 1 self organized sessions en Wikidata is an open source knowledge base where volunteers from all around the world add and structure data to describe our complex reality, based on sources, just as Wikipedia. Discover how Wikidata works, how you can improve and reuse the data, how the community works and which tools they use. Auregann https://events.ccc.de/congress/2017/wiki/index.php/Session:Introduction_to_Wikidata 2017-12-27T20:00:00+01:00 20:00 2:00 Esszimmer self organized sessions workshop en Let's paint *very* tiny pictures! I'll give you an introduction to the techniques and principles of pixel art, as well as useful hints, learning resources and software recommendations. After that, we'll paint a few 16x16 pixel-sized pictures together. If you use Twitter, you'll like this format, as well! :) Blinry https://morr.cc/pixel-art-workshop/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Pixel_Art_Workshop 2017-12-27T16:00:00+01:00 16:00 0:45 Esszimmer Day 1 self organized sessions workshop en Discover the powerful query tool of Wikidata! With a few lines of SPARQL, you can browse any information contained in Wikidata, create wonderful list such as the list of inventors killed by their own inventions, or the list of the biggest cities having female mayors. Build maps, graphs, and other datavisualizations based on open knowledge. Lucas Werkmeister https://query.wikidata.org https://tinyurl.com/wdqs-34c3-1 https://events.ccc.de/congress/2017/wiki/index.php/Session:Query_Wikidata_in_SPARQL 2017-12-27T17:00:00+01:00 17:00 0:45 Esszimmer self organized sessions hands-on en If you have an idea for a query using Wikidata but aren’t sure how to write it, or just want to hang out and discuss the Query Service with fellow-minded people, join us! Lucas Werkmeister https://events.ccc.de/congress/2017/wiki/index.php/Session:Request_a_query 2017-12-27T18:00:00+01:00 18:00 0:45 Esszimmer self organized sessions discussion de Leipzig bietet nun GTFS - dank der Wikicon und dem Congress. Aber wie sieht es in anderen Städten mit offenen Nahverkehrsdaten aus? Wie schon letztes Jahr bei der Open Transport Session trifft sich die "Neigungsgruppe ÖPNV" um über Open Data im ÖPNV-Bereich und wie man da ran kommt und was man damit anstellt zu diskutieren. Robbi5 Ubahnverleih Stk Vavoida https://pad.okfn.de/p/offene-fahrplandaten-34c3 https://pad.okfn.de/p/offene-fahrplandaten-33c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:RettedeinenNahverkehr 2017-12-27T17:30:00+01:00 17:30 2:30 Assembly:HardwareHackingArea Day 1 self organized sessions workshop en The Intro to Arduino shield is a simple kit which plugs into an Arduino Uno or similar. It includes a button, light sensor (LDR) and red green blue LED. The LED can be controlled as a digitial or an analog output, the button is a digitial input and the sensor is an analog input. Hammes Hacks http://hammeshacks.com/intro/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Intro_to_Arduino_Shield_Soldering_and_Programing 2017-12-27T17:00:00+01:00 17:00 6:59 Assembly:HardwareHackingArea Day 1 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2017/wiki/index.php/Session:LearnToSolder 2017-12-27T13:00:00+01:00 13:00 1:30 Assembly:HardwareHackingArea Day 1 - Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-27T17:00:00+01:00 17:00 1:30 Assembly:HardwareHackingArea Day 1 Session 3 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-27T15:00:00+01:00 15:00 1:30 Assembly:HardwareHackingArea Day 1 Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-27T12:00:00+01:00 12:00 55:23 self organized sessions game de just play some rounds hedgwars or hack some funny mods together https://github.com/c3d2/hedgewars_mods/wiki https://events.ccc.de/congress/2017/wiki/index.php/Session:Lets_play_Hedgewars! 2017-12-27T17:40:00+01:00 17:40 1:00 self organized sessions game de this session is about coming together to share your printed or self made sticker with same interest people. bring them: artistic ones, political ones, storytelling ones, yout tagsticker, your favorite sticker materials, whatever. how many? from 1 to endless items. exchange them with sticker loving people. whatever you want to bring in. alle die bock haben sollen ihre sticker zur session mitbringen. egal ob 1 oder 1000- bring mit. je nach nachfrage können wir uns noch einmal am 30.12. treffen. spot is da wo klassembly cornert. welche sticker denn? (fast) alle! -- künstlerisch, kritisch, politisch, whatever. oder eben dein altes stickerbuch von früher. damit deine sticker bald überall ausser nur daheim kleben. Lisi 0ne.raw https://events.ccc.de/congress/2017/wiki/index.php/Session:Sticker_meet_up 2017-12-27T14:30:00+01:00 14:30 1:00 Assembly:TeaHouse State of website censorship in France and elsewhere ? self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-27T16:00:00+01:00 16:00 0:45 Assembly:TeaHouse Hackerfleet Operating System self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-27T17:00:00+01:00 17:00 1:00 Assembly:TeaHouse HACKING ANXIETY!!1!11 self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-27T19:00:00+01:00 19:00 1:30 Assembly:TeaHouse Dr. Peng saves the world self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-27T13:00:00+01:00 13:00 0:45 Assembly:TeaHouse Welcome to the TeaHouse self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-27T15:00:00+01:00 15:00 1:00 Hive Conference self organized sessions hands-on Current and future Tiptoi hackers meet to teach, learn, hack and exchange ideas. http://tttool.entropia.de/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Tiptoi-Hacking 2017-12-27T15:30:00+01:00 15:30 1:00 Assembly:Milliways self organized sessions workshop en PGP/gpg is good for one thing, encrypting and decrypting messages. For everything else, it relies on a very broken concept called the "web of trust". In this workshop, we'll take a look at specific issues with the web of "trust", and discuss what kinds of architecture changes could be needed to fix them. Target audience is anyone who has ever signed a key or used the keyservers. Please bring a computer and be ready to code. Aestetix https://events.ccc.de/congress/2017/wiki/index.php/Session:Unfucking_the_Web_of_%22Trust%22 2017-12-28T11:30:00+01:00 11:30 01:00 Saal Adams 34c3-8879-mobile_data_interception_from_the_interconnection_link Security lecture en Many mobile network operators rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, also Diameter offers a rich functionality set, which can be also exploited and misused, if the network is not properly protected. We will show in this lecture, how data interception (MiM) can be done via the diameter based interconnection link. Ever since the public revelation of global surveillance and the exploits targeting the mobile communication backend and in particular the interconnection network that links operators to each other, the general awareness of security and privacy in telecommunication industry has increased. Misusing the technical features of mobile core network technology - specifically the Signaling System 7 (SS7) has disclosed numerous ways to locate, track and manipulate the routine cellular activities of cellphone users e.g. as shown by Karsten Nohl and Tobias Engel in 2008 and 2014. In fact, the SMS-based key recovery mechanism becoming vulnerable because of the SS7 vulnerabilities, like we saw in the recent mTAN attack in spring 2017 in Germany. Many mobile network operator rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, Diameter inherits many functionalities and traits of the SS7 network. Therefore, some attacks are also possible there e.g. location tracking, DoS or SMS interception in LTE by abusing the Diameter-based interconnection. In this talk, we dig deeper into the Diameter interconnection to uncover how data connections can be intercepted from the interconnection link using the diameter based interfaces that are open to the interconnection network. We will show how a subscriber profile can be manipulated to allow resetting of the access point configuration and by that allow a classical man-in-the middle attack for data communications. We first discuss the current status of interconnection or mobile telephony core network security and explain the basic interfaces. This will then be followed by outlining the data collection attacks and the interception attacks, which exploit and combine information from several interfaces. Both authors have a realistic insight on the actual deployment reality and security status of the interconnection network. We discuss the practicalities of such attacks with the help of screenshots, network logs and wireshark traces during this talk. We will conclude the talk with solutions for countermeasures in the interconnection edge nodes, proper security configurations in LTE networks, GSMA protection standards for monitoring and strategies for improvising filtering policies of firewalls that defend the system from roaming abuses Ever since the public revelation of global surveillance and the exploits targeting the mobile communication backend and in particular the interconnection network that links operators to each other, the general awareness of security and privacy in telecommunication industry has increased. Misusing the technical features of mobile core network technology - specifically the Signaling System 7 (SS7) has disclosed numerous ways to locate, track and manipulate the routine cellular activities of cellphone users e.g. as shown by Karsten Nohl and Tobias Engel in 2008 and 2014. In fact, the SMS-based key recovery mechanism becoming vulnerable because of the SS7 vulnerabilities, like we saw in the recent mTAN attack in spring 2017 in Germany. Many mobile network operator rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, Diameter inherits many functionalities and traits of the SS7 network. Therefore, some attacks are also possible there e.g. location tracking, DoS or SMS interception in LTE by abusing the Diameter-based interconnection. In this talk, we dig deeper into the Diameter interconnection to uncover how data connections can be intercepted from the interconnection link using the diameter based interfaces that are open to the interconnection network. We will show how a subscriber profile can be manipulated to allow resetting of the access point configuration and by that allow a classical man-in-the middle attack for data communications. We first discuss the current status of interconnection or mobile telephony core network security and explain the basic interfaces. This will then be followed by outlining the data collection attacks and the interception attacks, which exploit and combine information from several interfaces. Both authors have a realistic insight on the actual deployment reality and security status of the interconnection network. We discuss the practicalities of such attacks with the help of screenshots, network logs and wireshark traces during this talk. We will conclude the talk with solutions for countermeasures in the interconnection edge nodes, proper security configurations in LTE networks, GSMA protection standards for monitoring and strategies for improvising filtering policies of firewalls that defend the system from roaming abuses CC BY 4.0 false Dr. Silke Holtmanns file 2017-12-28T12:45:00+01:00 12:45 01:00 Saal Adams 34c3-8811-beeinflussung_durch_kunstliche_intelligenz Über die Banalität der Beeinflussung und das Leben mit Algorithmen Science lecture de Eine wissenschaftliche Perspektive auf die achtlose Anwendung der Algorithmen des maschinellen Lernens und der künstlichen Intelligenz, z.B. in personalisierten Nachrichtenempfehlungssystemen oder Risikosoftware im US-Justizsystem. Der Vortrag bietet einen Überblick über die aktuellen Entwicklungen in den Bereichen Künstliche Intelligenz und Maschinelles Lernen. Der Fokus liegt dabei vor allem auf der zumeist unbewussten Beeinflussung von Nutzerinnen und Nutzern durch personalisierte Nachrichtenempfehlungen, fake news sowie Bild-, Audio- und Videomanipulation. Die Forschung zeigt, dass ein Großteil der Nutzerinnen und Nutzer von sozialen Netzwerken wie Facebook sich der Tatsache, dass ihre Nachrichten zunehmend von Algorithmen ausgewählt und eingeschränkt werden, nicht bewusst ist. Wir erkunden, welche Folgen diese gläsernen Echokammern haben und wie leicht sie Nutzerinnen und Nutzer beeinflussen können. Ein Großteil der Daten, die diese Beeinflussung ermöglichen, entstehen dabei unbewusst und beiläufig. Sie können aber Rückschlüsse auf Vorlieben und Verhalten der Nutzerinnen und Nutzer ermöglichen. Wie banal diese Daten sein können, veranschaulicht der Versuch von Banken, Kreditwürdigkeit anhand von Postleitzahlen vorherzusagen. Ein ambitioniertes Beispiel bietet Prof. Dr. Michal Kosinski, ein Psychologe aus Stanford, der behauptet, dass er die sexuelle Orientierung eines Menschen an seinem Gesicht erkennen kann. Die Beispiele zeigen wie die statistischen Werkzeuge des Maschinellen Lernens zunehmend von Laien verwendet werden, die die Richtigkeit ihrer Vorhersagen nur bedingt einschätzen können und die die Grenzen der Werkzeuge nicht hinreichend verstehen. Nichtsdestotrotz werden zunehmend Entscheidungen automatisiert auf Basis von Daten getroffen. Diese Entscheidungen treffen dabei vordergründig Algorithmen, die objektiv scheinen. Sie lernen aber alle Verzerrungen (Biases), die in den Daten angelegt sind. Alarmierendes Beispiel hierfür ist die Nutzung von Algorithmen im US-Justizsystem, wo eine Risikosoftware namens COMPAS systematisch Weiße bevorteilt und Afroamerikaner benachteiligt. Ziel des Vortrages ist es, Möglichkeiten der Beeinflussung durch Künstliche Intelligenz aufzuzeigen und Zuhörerinnen und Zuhörer in die Lage zu versetzen, Chancen und Gefahren dieser Entwicklungen zu bewerten. CC BY 4.0 false Hendrik Heuer KRN Karen Ullrich Webseite Hendrik Heuer Webseite Slides file 2017-12-28T14:00:00+01:00 14:00 01:00 Saal Adams 34c3-8860-deep_learning_blindspots Tools for Fooling the "Black Box" Resilience lecture en In the past decade, machine learning researchers and theorists have created deep learning architectures which seem to learn complex topics with little intervention. Newer research in adversarial learning questions just how much “learning" these networks are doing. Several theories have arisen regarding neural network “blind spots” which can be exploited to fool the network. For example, by changing a series of pixels which are imperceptible to the human eye, you can render an image recognition model useless. This talk will review the current state of adversarial learning research and showcase some open-source tools to trick the "black box." This talk aims to: - present recent research on adversarial networks - showcase open-source libraries for fooling a neural network with adversarial learning - recommend possible applications of adversarial networks for social good This talk will include several open-source libraries and research papers on adversarial learning including: Intriguing Properties of neural networks (Szegedy et al., 2013): https://arxiv.org/abs/1312.6199 Explaining and Harnessing Adversarial Examples (Goodfellow et al., 2014) https://arxiv.org/abs/1412.6572 DeepFool: https://github.com/LTS4/DeepFool Deeppwning: https://github.com/cchio/deep-pwning CC BY 4.0 false Katharine Jarmul /system/events/logos/000/009/262/large/Chaosknoten.png?1508669943 2017-12-28T15:15:00+01:00 15:15 02:30 Saal Adams 34c3-9262-jahresruckblick_des_ccc_2017 tuwat CCC lecture de Staatstrojaner, Vorratsdaten, automatisierte Biometriesammlungen, PC-Wahl – wir geben einen Überblick über die Themen, die den Chaos Computer Club 2017 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte und anstehende Diskussionen reden. false frank Constanze Kurz nexus Linus Neumann 2017-12-28T18:30:00+01:00 18:30 01:00 Saal Adams 34c3-9058-everything_you_want_to_know_about_x86_microcode_but_might_have_been_afraid_to_ask An introduction into reverse-engineering x86 microcode and writing it yourself Security lecture en Microcode is an abstraction layer on top of the physical components of a CPU and present in most general-purpose CPUs today. While it is well-known that CPUs feature a microcode update mechanism, very little is known about its inner workings given that microcode and the update mechanism itself are proprietary and have not been throughly analyzed yet. We close this gap by both analyzing microcode and writing our own programs for it. This talk will give an insight into our results and how we achieved them, including live demos of what we can do and technical details. Given the complexity of modern instruction sets hardware vendors moved to hardware designs incorporating complex decode units. A single instruction of the complex outwardfacing instruction set is translated to multiple instructions of the simpler internal architecture. While it is possible to do this translation in hardware alone, some instructions would require huge amounts of space on the silicon and increase costs. These complex instructions are instead decoded using a software-like approach called microcode. While processing such an instruction, the CPU internally evaluates a sequence of operations, micro-ops, which decode the complex instruction into the corresponding simpler operations that are performed by the hardware. In the light of the existence of hardware bugs such as the infamous Pentium fdiv bug, hardware vendors developed a process to fix those errors without requiring a CPU replacement. However the microcode is stored in a ROM on the CPU die and can not be changed after production. Also relatively simple or often used instructions are still decoded in hardware. The update is instead achieved using microcode updates, which intercept certain instructions and replace their faulty implementation with a new, fixed version. These updates are applied either by the BIOS/UEFI or the operating system during early bootup. While the update process is well documented, the Linux kernel offers a module for it, and the updates are provided by the CPU vendors, the actual semantics of microcode are proprietary. Most update mechanisms are protected by signatures or other cryptographic primitives. However there were some indications that older CPU models (until around 2013) do not have a strong cryptographic protection and thus would accept custom updates. Given this chance we started to analyze the behavior of the CPU given our own updates and used these observations to infer the semantics of microcode. After some time we reverse-engineered enough of the semantics to write our own microcode programs. These programs range from very simple proof of concepts to stealthy backdoors and defensive primitives. As an additional approach we also performed hardware analysis. By delayering the CPU and imaging it with both an optical and an electron microscope we could locate and read out the ROM containing the microcode. After processing and reordering the physical connections we retrieved the hardwired microcode of the CPU. This gave us more information on what can be done with microcode and allowed more insights into the intended behavior than our reverse-engineering approach. In this talk we will first start with a (short) crash course in CPU architecture and where microcode is used in practice. We will then cover our reverse engineering methods and how we were able to discover the semantics of x86 microcode. We then demonstrate, also with live demos, this knowledge with multiple microcode programs that implement both defensive measures as well as provide an attacker with hard to detect backdoors. Lastly we will discuss security problems and possible solutions to protect against them. We also provide example microcode programs for your own CPUs (use at your own risk) and a kernel patch to apply them on a Linux system. Also we will have some systems with us so you can try your hand at writing some microcode yourself. CC BY 4.0 false Benjamin Kollenda Philipp Koppe Usenix talk and presentation Philipp Koppe Uni page Marc Fybriak Uni page Slides, nearly final 2017-12-28T19:45:00+01:00 19:45 01:00 Saal Adams 34c3-8941-console_security_-_switch Homebrew on the Horizon Security lecture en Nintendo has a new console, and it's more secure than ever. The Switch was released less than a year ago, and we've been all over it. Nintendo has designed a custom OS that is one of the most secure we've ever seen, making the game harder than it has ever been before. In this talk we will give an introduction to the unique software stack that powers the Switch, and share our progress in the challenge of breaking it. We will talk about the engineering that went into the console, and dive deep into the security concepts of the device. The talk will be technical, but we aim to make it enjoyable also for non-technical audiences. CC BY 4.0 false plutoo derrek naehrwert Switchbrew Wiki 2017-12-28T21:00:00+01:00 21:00 01:00 Saal Adams 34c3-8782-intel_me_myths_and_reality Security lecture en Many claims were made recently about purpose and capabilities of the Intel ME but with all the buzz it is not always clear what are facts and what is just speculation. We'll try to clear the fog of misunderstanding with research based on investigations of ME firmware and practical experiments on ME-equipped hardware. We would like to cover the most common claims about the ME, based in part on the new research done in the few last years such as complete recovery of the proprietary Huffman compression which previously hindered research into some parts of the ME firmware, as well as describe what steps can ordinary users take to reduce the attack surface exposed by the ME. Some of the claims we plan to cover: • It's a backdoor made for NSA and serves no useful purpose • It is always on even if the PC is turned off • It can read all data on PC/spy on the user • It can't be disabled • It can lock the PC with a command sent over the air • It a black box which can't be audited because it's closed source • End users can't do anything about it. Together with the talk we're planning to make available detailed notes on reverse engineering of the ME firmware with some pointers to the identified functionality for other interested researchers. CC BY 4.0 false Igor Skochinsky Nicola Corna past ME presentations me_cleaner project Presentation Slides 2017-12-28T22:15:00+01:00 22:15 01:00 Saal Adams 34c3-9075-latticehacks Fun with lattices in cryptography and cryptanalysis Security lecture en Lattices are an extremely useful mathematical tool for cryptography. This talk will explain the basics of lattices in cryptography and cryptanalysis. It’s an exciting time for public-key cryptography. With the threat of practical quantum computers looming in the next few decades, it’s high time to replace the systems that can be broken by a quantum computer with ones that remain secure even if the attacker has a quantum computer. However, this is easier said than done – there is no consensus what replacements should be chosen and how secure the systems are. NIST has just started a 5-7 year competition with the target to recommend a portfolio of post-quantum encryption and signature schemes. Considerations will be speed, bandwidth, and of course security. Several of the submissions are based on lattices. At our current level of understanding, lattice-based cryptography offers relatively small public keys for both encryption and signatures, while having good performance and reasonably sized ciphertexts and signatures. While these features are nice and make us want to know more about lattices, that world can be a scary place full of discussions of Minkowski bounds, Gaussian distributions, and orthogonalized bases. We will show how these schemes work in accessible terms. Lattices have been used in cryptography for more than thirty years, but for most of that only as a tool to attack systems, starting with knapsack systems in the early 80’s. Lattices can also be used to break conventional public-key cryptosystems such as RSA or Diffie-Hellman when they are incorrectly implemented. This talk will explain these fun attacks in concrete terms, with code you can run at home. Algorithms will be presented as Python/Sage code snippets and will already be online before the talk at https://latticehacks.cr.yp.to. This is a joint presentation by Daniel J. Bernstein, Nadia Heninger, and Tanja Lange, surveying work by many people. CC BY 4.0 false djb Tanja Lange Nadia Heninger https://latticehacks.cr.yp.to /system/events/logos/000/008/955/large/indy-avatar.png?1507974683 2017-12-28T23:30:00+01:00 23:30 01:00 Saal Adams 34c3-8955-all_computers_are_beschlagnahmt Zum Verbot von Indymedia linksunten Ethics, Society & Politics lecture de Im August 2017 wurde Indymedia linksunten vom Bundesinnenminister verboten. Rechtsanwältin Kristin Pietrzyk berichtet von den Razzien, von der Zusammenarbeit zwischen Polizei und Geheimdiensten und gibt Einblick in das juristische Vorgehen gegen Verbot und Zensur. Die wichtigste linksradikale Nachrichtenplattform linksunten.indymedia.org wurde im August 2017 von Bundesinnenminister Thomas de Maizière verboten. Um das Presserecht auszuhebeln, nutzte das Innenministerium das Vereinsrecht. Kurzerhand erklärten sie einige ihnen bekannte Freiburger Autonome zu Mitgliedern eines Vereins „Indymedia linksunten” und das Autonome Zentrum KTS Freiburg zum „Vereinsheim“. Um überhaupt erst gerichtsfeste Belege für das Vereinsverbot und die Zuordnung der Betroffenen zu diesem Verein zu beschaffen, wurden vier Wohnungen und das „Vereinsheim” durchsucht. Das aufgefundene Geld wurde kurzerhand als „Vereinsvermgögen“ deklariert und beschlagnahmt. Die beschlagnahmten Computer sollen von einer „Task Force“ des LKA Baden-Württemberg, der Bundespolizei und dem Bundesamt für Verfassungsschutz „dekryptiert“ und im Erfolgsfall vom Inlandsgeheimdienst ausgewertet werden. Eigentlich müsste anhand des Beispiels Indymedia linksunten politisch über Presse- und Meinungsfreiheit diskutiert werden. Über gezielte Verfassungsschutzhetze im Vorfeld des Verbots und über den Fallout des G20-Gipfels in Hamburg. Über den Aufstieg der rechtsradikalen AfD und einen deutschen Wahlkampf im Herbst 2017. Stattdessen wird der Fall als Folge eines Verwaltungsakts des Bundesinnenministeriums vor dem Bundesverwaltungsgericht in Leipzig verhandelt. Kristin Pietrzyk ist Rechtsanwältin aus Jena und vertritt dabei einen der Betroffenen. Neben den juristischen wird sie auch auf folgende Fragen eingehen: Was hat eine verdeckte Kameraüberwachung mit einer linksradikalen Nachrichtenseite zu tun? Was können Fußnoten in Ermittlungsakten über Informanten des Bundesamtes für Verfassungsschutz erzählen? Wieso liegt die Stickersammlungen jetzt beim Geheimdienst? Und warum wurde eigentlich nicht der alte BKA-Trick angewandt, durch den Zielpersonen mitten in der Nacht ihre Rechner freiwillig entschlüsseln? CC BY 4.0 false Kristin Pietrzyk All Computers Are Beschlagnahmt: Folien der Präsentation /system/events/logos/000/009/007/large/1567.png?1508021391 2017-12-29T00:45:00+01:00 00:45 02:00 Saal Adams 34c3-9007-hacker_jeopardy Zahlenraten für Geeks Entertainment other de The Hacker Jeopardy is a quiz show. The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again. CC BY 4.0 false Sec Ray /system/events/logos/000/009/256/large/tuwat_lt.png?1513277521 2017-12-28T11:30:00+01:00 11:30 02:00 Saal Borg 34c3-9256-lightning_talks_day_2 CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit the Lightning Talks Wikipage at <a href="https://events.ccc.de/congress/2017/wiki/index.php/Static:Lightning_Talks">https://events.ccc.de/congress/2017/wiki/index.php/Static:Lightning_Talks</a> CC BY 4.0 false gedsic bigalex /system/events/logos/000/009/296/large/01_A_Contemporary_Delphic_Oracle.png?1512478209 2017-12-28T13:45:00+01:00 13:45 00:30 Saal Borg 34c3-9296-why_do_we_anthropomorphize_computers ...and dehumanize ourselves in the process? Art & Culture lecture en A talk on waiting for the technological rapture in the church of big data. The paralysing effect of hiding the human hand in software through anthropomorphising computers and dehumanising ourselves. Marloes de Valk is a software artist and writer in the post-despair stage of coping with the threat of global warming and being spied on by the devices surrounding her. Surprised by the obsessive dedication with which we, even post-Snowden, share intimate details about ourselves with an often not too clearly defined group of others, astounded by the deafening noise we generate while socializing with the technology around us, she is looking to better understand why. false Marloes de Valk Texts and projects 2017-12-28T14:30:00+01:00 14:30 00:30 Saal Borg 34c3-8806-the_seizure_of_the_iuventa How search and rescue in the mediterranean was criminalized Ethics, Society & Politics lecture en The ship „Iuventa“ of the organization „Jugend Rettet“ was seized on August 2nd 2017 by the Italian authorities. The accusations: facilitating illegal immigration, organized crime and possession of weapons. What followed was a smear campaign that had seldomly been seen before. Against „Jugend Rettet“ and all the other NGOs that do search and rescue (SAR) in the mediterranean sea. After a short introduction in which we will explain what the civil search and rescue fleet does, we will describe the events that culminated in the seizure of the „Iuventa“. Which surveillance and intelligence techniques were used by the authorities to gather evidence. Evidence that has not been found, because it does not exist. We will describe who initiated the investigation against „Jugend Rettet“ and show how fascists, secret service and police worked hand in hand to stop the „Iuventa“ from saving people from drowning. The seizure of the „Iuventa“ was neither the begin nor the end of a smear campaign to discredit the work done by the civil search and rescue fleet. It was a small part in much bigger game played by the european union to discredit the work of the NGOs working in the mediterranean. In our talk we will explain why there is such a big interest by the European states to hinder their work and how the European Union is actually breaking international law to do so. Starting with a Frontex strategy paper from January 2016 we will describe how the European Union tries to externalize their borders onto the African continent. To places where there are no cameras or eye witnesses to show the European public the deadliness of their borders. Finally we’d like to discuss what is still possible despite the growing pressure by the european states. How can we fight fortress Europe? How do we defend us against the accusations? What have we reached? What can we still reach? Kathrin has been operating in search & rescue projects in the Aegean and Mediterranean for the last 21 months, since August 2016 she is supporting Jugend Rettet as Field Coordinator, RHIB driver and Head of Mission. 2017 she trained and briefed all crews that operated on the Iuventa and joined a number of missions off the Libyan coast - including the last one in which the ship was seized. She was confronted not only with the fact that Jugend Rettet had been subject to surveillance by Italian authorities over months but also with the confiscation of her personal belongings including laptop and cell phones. Ever since she continued fighting along with Jugend Rettet against a legal, political and media campaign that aims to criminalise civil search and rescue organisations. Hendrik has been on rescue missions with different NGOs since autumn 2016. He joined Jugend Rettet in June and July 2017 for two consecutive missions as RHIB driver and RHIB team lead. He was part of one of the missions where an undercover investigator raised accusations against the crew. Since the seizure of the Iuventa he is busy working with the team that is fighting the accusations and the media campaign against civil search and rescue organisations. CC BY 4.0 false Hendrik Kathrin Jugend Rettet Blaming the rescuers - Criminalising solidarity,re-enforcing deterrence Death By Rescue - The lethal effects of the EU's policy of non-assictance The left to die boat - The deadly drift of a migrants’ boat in the Central Mediterranean Missing Migrants - Tracking deaths along migratory routes Presentation 2017-12-28T15:15:00+01:00 15:15 01:00 Saal Borg 34c3-8735-spy_vs_spy_a_modern_study_of_microphone_bugs_operation_and_detection Ethics, Society & Politics lecture en In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection. Most of what the general public knows about microphones bugs comes from movies and other fictional sources, which usually is far from real. An example of these inaccuracies is the public speculation made by the Counselor of the United States President, Kellyanne Conway, who expressed that a microwave oven can spy as a camera; the answer is NO, as refuted in article by WIRED. The current literature about microphones bugs is disturbingly scarce, leaving most people to believe the myths distributed by the media. One of the goals of this work is to debunk the fictional beliefs around mics bugs by performing a thorough study and real life experiments with them. This paper is divided into three phases. First, we perform a survey of the state-of-the-art of mic bugs and their characteristics. Second, we develop our own free software detection tool, called Salamandra. Third, we perform several real life experiments on placing and detecting bugs to examine how difficult it was. Finally, we conclude with a thorough analysis of our experience. The first phase makes a deep survey of all the civilian-accessible microphone bugs. It takes into account physical characteristics, frequencies, transmission modes, battery options, operational lifetime, operational listening distance, easiness of listening by the operator, advantages & disadvantages, configurations if any, and easiness of detection by various means. The end goal of the first phase is to show the difficulty in using microphone bugs. The second phase presents our free software, SDR-based tool to detect hidden microphones called Salamandra. Although a professional microphone search usually requires more complex hardware, we show that a simple SDR USB device and our tool can be used to detect the mic bugs accurately. Moreover, Salamandra has a novel location feature to find mics quickly; a feature that is not available in most commercial detectors. The two most important limitations of the hardware detection solutions are their false detection of mics and their false positive detections of ghost mics. Salamandra uses several novel techniques to detect mics by taking advantage of its execution in a computer, including continuous discovery and location of mics. The third phase consists in a group of offensive/defensive experiments on placing and detecting bugs in real life. While one of the researchers places the mics and tries to listen to meaningful spoken passwords, the other runs Salamandra to try to know if there was a mic and where. These real life experiments shone light about the difficulty of placing mics and how easy is to find them. As far as we know this work is one of the few on the topic of analyzing the real performance of placing and detecting spying microphones. The main contributions of this paper are: • As far as we know, the first scientific research on the topic of real life spy microphones. • A novel free software SDR-based detection tool to locate microphone bugs, called Salamandra. A tool trained with real experiments. • The first comparison of mic bugs characteristics, ranges and performance, based on field experiments in real life scenarios. • The first experiments of real-life placing and detection of mics to analyze their performance, quality and time to detection. • The first analysis of spy mics audio quality and improvement. CC BY 4.0 false Veronica Valeros Sebastian Garcia Salamandra Mic Detection Tool Spy vs. Spy - A modern study of microphone bugs operation and detection /system/events/logos/000/009/193/large/a2081262357_10.jpg?1511161524 2017-12-28T16:30:00+01:00 16:30 01:00 Saal Borg 34c3-9193-internet_of_fails Where IoT has gone wrong Ethics, Society & Politics lecture en Expect current examples of IoT fails that I collected during my work as a journalist in regards of privacy and security. What do such fails mean for society? What are possible solutions and what can customers do? The internet of things (IoT) is growing. A lot of (mobile) network operators talk about „next big thing“: A world of always-on devices. So far, IoT is more a wide range of disaster plots with a lot of security and privacy concerns that are a danger for the internet rather than they are the world-saving development the tech guys predict. One example: connected (sex) toys. Some countries already banned them or are planning to ban them. Another example are digital home assistants that tend to change our sense of privacy. But what can we do? We can’t stop the development, but we can make products safer. In my talk I am going to present current examples where IoT fails in terms of privacy, security and use case. Rather than going into technical detail of „How did that hack work out?“ I want to concentrate on the ethical and practical problems that arise out of connecting everything. I also want to focus on how consumers can influence the market and what we all can do as a society. For example: Currently manufacturers take care primarily of their business to bring the products quickly to the market, and less to the safety of it. In my talk, I would like to show some examples and explain why this becomes the problem for all of us - and what regulators plan to stop that. As customers we are also not doomed, we can help to stop this internet of fails. CC BY 4.0 false Barbara Wimmer Blog Entry about "Best of IoT Fails" Slides for the talk (final) 2017-12-28T18:30:00+01:00 18:30 01:00 Saal Borg 34c3-9297-the_snowden_refugees_under_surveillance_in_hong_kong A Rapidly Emerging Police State and Imminent Deportation to Sri Lanka and Philippines Ethics, Society & Politics lecture en The Snowden Refugees’ actions to protect the world’s most significant whistle blower of the 21st Century, amounts to an expression of Political Opinion. Since September 2016, the Snowden Refugees have been systematically targeted and persecuted by the Hong Kong government based on that political opinion. After the Oliver Stone film “Snowden” was released in September 2016, the world learned about Edward Snowden having been provided a safe haven and refuge in Hong Kong by the destitute “Snowden Refugees”. Instead of being recognized as brave individuals who selflessly protected Mr Snowden, the Hong Kong government launched a systematic campaign to harass, oppress and punish the Snowden Refugees, with a view to deport them from Hong Kong as quickly as possible. By October 2017, the Hong Kong government had utilized the Social Welfare Department, its Swiss based Contractor International Social Services, and the Immigration Department to target and punish the Snowden Refugees. These well-planned systemic efforts escalated with the Hong Kong police targeting the Snowden Refugees, instead of providing protection to them. The Hong Kong government has been aggressively seeking to rapidly remove Vanessa and her stateless daughter to the Philippines under conditions of a nation-wide state of emergency, martial law in Mindanao and a recently catalyzed nation-wide civil war with the National People’s Army. In the name of a war on drugs, President Duterte directed the well-planned and systematic use of torture, arbitrary arrest and detention, enforced disappearances and extra-judicial killings of tens of thousands of innocent civilians including politicians, with no end in sight. His actions amount to crimes against humanity. The Hong Kong government also seeks to deport the Sri Lankan Snowden Refugees to a country accused of having committed war crimes, crimes against humanity and genocide, with its current Prime Minister Ranil Wickremesinghe accused of being complicit in war crimes and crimes against humanity. Today Sri Lanka is plagued by systemic use of torture, arbitrary arrest and detention, enforced disappearances and extrajudicial killings with no end in sight. In the above context, the Hong Kong government has failed to protect the Snowden Refugees and in fact have taken steps to put them in harms’ way both in Hong Kong and their countries of origin. false Robert Tibbo Edward Snowden /system/events/logos/000/008/730/large/dissection.jpg?1506211135 2017-12-28T19:45:00+01:00 19:45 01:00 Saal Borg 34c3-8730-taking_a_scalpel_to_qnx Analyzing & Breaking Exploit Mitigations and Secure Random Number Generators on QNX 6.6 and 7.0 Security lecture en In this talk we will present a deep-dive analysis of the anatomy of QNX: a proprietary, real-time operating system aimed at the embedded market used in many sensitive and critical systems, particularly within the automotive industry. We will present the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX versions up to and including 6.6 and the brand new 64-bit QNX 7.0 (released in March 2017) and uncover a variety of design issues and vulnerabilities. QNX is a proprietary, closed-source, Unix-like real-time operating system aimed at the embedded market. It is found in everything from BlackBerry products, carrier-grade routers and medical devices to military radios, UAVs and nuclear powerplants. On top of that, it dominates the automotive market and is found in millions of cars. While some prior security research has discussed QNX, mainly as a byproduct of BlackBerry mobile research, there is no prior work on QNX exploit mitigations or its secure random number generators. This talk seeks to close that gap by presenting the first reverse-engineering and analysis of the exploit mitigations, secure random number generators and memory management internals of QNX. We dissect the NX / DEP, ASLR, Stack Cookies and RELRO mitigations as well as the /dev/random and kernel PRNGs. We subsequently uncover a variety of design issues and vulnerabilities in these mitigations and PRNGs, which have significant implications for the exploitability of memory corruption vulnerabilities on QNX as well as the strength of its cryptographic ecosystem. Finally, we provide information on available patches and hardening measures available to defenders seeking to harden their QNX-based systems against the discussed issues. CC BY 4.0 false Jos Wetzels Ali Abbasi /system/events/logos/000/009/287/large/matrix.jpg?1511566913 2017-12-28T21:00:00+01:00 21:00 01:00 Saal Borg 34c3-9287-trugerische_sicherheit Wie die Überwachung unsere Sicherheit gefährdet Ethics, Society & Politics lecture de Wie steht es um die Sicherheitsversprechen, die mit dem Einsatz von neuen Überwachungsinstrumenten abgegeben werden? Welche Unterminierung der Sicherheit kann durch Überwachung eigentlich entstehen? false Peter Schaar 2017-12-28T22:15:00+01:00 22:15 01:00 Saal Borg 34c3-9207-opening_closed_systems_with_glitchkit 'Liberating' Firmware from Closed Devices with Open Source Hardware Hardware & Making lecture en Systems that hide their firmware-- often deep in readout-protected flash or hidden in encrypted ROM chips-- have long stymied reverse engineers, who often have to resort to inventive methods to understand closed systems. To help reduce the effort needed to get a foothold into a new system, we present GlitchKit-- an open source hardware and firmware solution that significantly simplifies the process of fault-injecting your way into a new system -- and of fault-injecting firmware secrets out! This talk presents the development completed thus far, demonstrates the use of GlitchKit in simple attacks, and invites participation in the development of our open-source tools. Work by a variety of authors has demonstrated the vulnerability of hardware peripherals to fault-injection-driven firmware-disclosure attacks [1]-- or in other words: glitching attacks that cause devices to 'accidentally' disclose their own firmware. A common form of this attack exploits the behavior of hardware peripherals as they send out bits of read-only memory-- by inducing a glitch at the end of a communication, transmitters can often be inticed to transmit memory beyond the end of the scheduled communcation, often leaking firmware and other device secrets. For glitching attacks to function properly, glitches must be precisely timed relative to communication events-- a requirement that often requires reverse engineers to develop purpose-built glitch-triggering hardware. GitchKit helps to relieve this burden-- providing an easy, context-aware glitching toolkit that can synchronize glitch events to a variety of communications events, including events generated by common protocols such as USB. GlitchKit builds atop existing open-source software and hardware-- including the GreatFET communications multitool, the FaceDancer USB-hacking toolkit, and the ChipWhisperer fault-injection toolkit-- and provides an entirely-open-source stack for easy glitching-- hopefully making it easier for you to get your hands on that elusive piece of firmware! This talk presents the theory behind firmware-disclosure glitching, and aims to help every hacker start using open-source tools to start opening up closed systems. Accordingly, we discuss the current state of the GlitchKit project, describe in detail how it can be used to 'break open' existing closed systems, and provide live demonstration of GlitchKit features. [1] e.g, http://scanlime.org/2016/10/scanlime015-glitchy-descriptor-firmware-grab/ CC BY 4.0 false ktemkin dominicgs GreatFET Project FaceDancer Project Slides /system/events/logos/000/008/938/large/logo-still.jpg?1512323213 2017-12-28T23:30:00+01:00 23:30 00:30 Saal Borg 34c3-8938-home_distilling Theory and practice of moonshining and legal distilling Hardware & Making lecture en This talk covers the theory, legality and economics of home distilling. We present the theoretical background of mashing, fermenting and distilling alcohol as well as the legal framework for home distilling in Germany from 2018 on. Our theory part covers both the biochemical and physical principles of fermenting fruit mash to alcohol, of distilling this alcohol to a fine spirit and best practices of how to gain maximum output at the best taste. The legal and regulations part shows how to do this process legally under the new German alcohol law of 2018, and how to avoid serious health risks, a.k.a. explosions and burn prevention. The theoretical part will close with a short introduction on the economics of craft distilling, in terms of time consumption and financial investments necessary to get up and running. CC BY 4.0 false freibrenner Home Distilling - 34C3 /system/events/logos/000/008/946/large/logo2.png?1507937665 2017-12-29T00:00:00+01:00 00:00 00:30 Saal Borg 34c3-8946-schnaps_hacking from apple to schnaps -- a complete diy-toolchain Hardware & Making lecture en This talk covers the theory, the required tools and how to make them, and the process of turning apples into juice, ferment them, and enrich the alcohol content of the product. We will present our high-pressure, drm-free juice press which we used to turn our hand picked apples into juice. Then we present a simple setup to ferment the juice (or other stuff, maybe even mate ;) ) to turn it into an alcoholic beverage. You will learn about the precise steps you need to avoid, in order to not build a still. We will also talk about all the details of a totally hypothetical distilling process, and the results that could have been achieved. Finally we will show you a method to increase the alcohol content of a beverage without distilling it ("ice-rifing"), and talk about our results. We will cover the relevant measuring equipment as well as the theory behind each of these steps, as we go through them. CC BY 4.0 false Nero Lapislucis sir wombat 2017-12-29T00:45:00+01:00 00:45 02:00 Saal Borg 34c3-9298-hacker_jeopardy_stream Zahlenraten für Geeks (Stream) Entertainment other de The Hacker Jeopardy is a quiz show. -- Stream true /system/events/logos/000/009/268/large/graph-middle.png?1513191891 2017-12-28T11:30:00+01:00 11:30 01:00 Saal Clarke 34c3-9268-social_bots_fake_news_und_filterblasen Therapiestunde mit einem Datenjournalisten und vielen bunten Visualisierungen Ethics, Society & Politics lecture de „Angriff der Meinungsroboter“ und „Gefangen in der Filterblase“ titelten die deutschen Medien. Doch was ist wirklich daran? Der Datenjournalist Michael Kreil hat ein Jahr lang 4500 Bots, 1,6 Mio. Twitter-Accounts, 400 Mio. Tweets und 50 Mio. Onlineartikel gesammelt und ausgewertet. Mit Scrapern, Neuronalen Netzwerken, Visualisierungstools, mit der Unterstützung von Experten und 600 Twitterusern hat er sich auf die Suche nach Social Bots, Fake News, Hate Speech und Filterblasen gemacht, um herauszufinden, ob sie existieren, wie sie funktionieren und ob sie ein Problem darstellen. Im Rahmen seinen Vortrages wird er die Ergebnisse, die Methoden, die Rohdaten und den Quellcode veröffentlichen. CC BY 4.0 false Michael Kreil 2017-12-28T12:45:00+01:00 12:45 01:00 Saal Clarke 34c3-8885-we_should_share_our_secrets Shamir secret sharing: How it works and how to implement it Security lecture en Backing up private keys in a secure manner is not straightforward. Once a backup has been compromised you need to refresh all your key material. For example, the disclosure of a private key of a Bitcoin wallet gives access to the coins inside. This makes it unattractive to store a complete backup of your private key(s) with your bank or your spouse. The better option would be to split the key into multiple parts. The recommended way to do this securely is to use the Shamir secret sharing scheme. This talk provides a detailed breakdown of how the scheme works and explains how it is implemented in C in a new library called SSS. <p> Shamir secret sharing is a mechanism that securely splits private keys or passwords into independent parts. These parts do not give away the secret on their own. Instead, the user defines the minimal amount of shares needed to restore the original secret. In this way, there is no need to trust a <em>single</em> entity. Additionally, compromise or loss of one share does not mean a compromise or loss of the entire secret. This makes it very suitable for backing up private keys, such as Bitcoin keys. Shamir secret sharing can also be used for passing on your secrets to your trusted successors, in case you get hit by a bus. </p> <p> In this talk, I will explain in detail how the scheme works. Although it is provably secure for confidentiality, we will see how it fails for integrity and how to fix that. While Shamir published his article almost 30 years ago, most existing libraries for Shamir secret sharing are still implemented poorly in terms of security and side-channel resistance. </p> <p> I will talk about writing the definitive library for Shamir secret sharing. We will choose suitable parameters and implement the scheme in C. We will see a couple of tricks that cryptographers use for building fast algorithms while still maintaining side-channel resistance. In the end, we (hope to) have produced a robust algorithm ready for easy integration into your favorite project. </p> <p> Basic understanding of some mathematical topics (such as group theory) may be helpful for this talk, but is not required. </p> CC BY 4.0 false Daan Sprenkels SSS on GitHub Daan Sprenkels - We Should Share Our Secrets 2017-12-28T14:00:00+01:00 14:00 01:00 Saal Clarke 34c3-9237-reverse_engineering_fpgas Dissecting FPGAs from bottom up, extracting schematics and documenting bitstream formats Hardware & Making lecture en In this talk I describe the basic makeup of FPGAs and how I reverse engineered the Xilinx 7 Series and Lattice iCE40 Series together with the implications. FPGAs are used in many applications ranging from networking, wireless communications to high performance computing, ASIC prototyping and so forth. They would be perfect to create true open source hardware but we would still be bound to use proprietary toolchains provided by the manufacturers. To generate a valid configuration file this toolchain needs to know every single wire, switch, possible connection, logic block and the corresponding bits to configure each them. In other words you are required to have the blueprints of the FPGA in your toolchain to be able to do the place&routing and generation of the bitstream file from your netlist. Naturally manufacturers do not like to disclose this information, possibly because someone could reverse engineer valuable intellectual property cores. I will explain each component used in FPGAs from Lattice and Xilinx, like switchboxes, the interconnect, logic blocks, memory blocks. Furthermore I will talk about how I reverse engineered the 7 Series from Xilinx and the iCE40 from Lattice. At the end I will demonstrate how to create your own bitstream by hand, implementing a small logic circuit and testing it live on a Zynq 7000 FPGA from Xilinx. CC BY 4.0 false MathiasL 2017-12-28T15:15:00+01:00 15:15 01:00 Saal Clarke 34c3-8920-electromagnetic_threats_for_information_security Ways to Chaos in Digital and Analogue Electronics Security lecture en For non specialists, Electromagnetic Pulse weapons (EMP) are fantasy weapons in science fiction movies. Interestingly, the susceptibility of electronic devices to electromagnetic interference has been advertised since the 90’s. Regarding the high integration of sensors and digital systems to control power-grids, telecom networks and automation infrastructures (e.g. Smart-grids, Industrial Control Systems), the intrinsic vulnerability of electronic devices to electromagnetic interference is of fundamental interest. In the context of IT Security, few studies have been carried out to understand how the effects may be a significant issue especially in the far-field region (distance between the transmitter’s antenna and the target with regard to the wavelength/central frequency). Most studies in Emanation Security (EMSEC) are related to near-field probing for side-channel and fault injection attacks assuming a close physical access to the targeted devices. In this paper, we propose a methodology to detect, classify and correlate the effect induced during the intentional exposure of analogue and digital systems to electromagnetic interference. Applying this methodology, the implication of the effects for the IT security world will be discussed with regards to the attacker profile needed to set-up a given scenario. CC BY 4.0 false @EMHacktivity José Lopes Esteves /system/events/logos/000/008/721/large/rocket.png?1505989330 2017-12-28T16:30:00+01:00 16:30 01:00 Saal Clarke 34c3-8721-blinkenrocket How to make a community project fly Hardware & Making lecture en The Blinkenrocket is a DIY SMD Soldering Kit that was designed to teach different manufacturing and soldering skills. A lot of work on both Hardware and Software was done in CCC erfas namely shackspace, chaosdorf and metalab. The kit is used in workshops since 1.5 years at the chaos macht schule events and is very successful in its purpose. Creating this project was plenty of work and there is so much to show and tell around it, it will blow your mind. In 2016 we made BLINKENROCKET fly. In this talk you'll learn about our journey, the lessons we learned and get insights that you can leverage to skyrocket your own soldering kit. Blinkenrocket is a badge-type electronic in the shape of the famous fairy dust rocket aimed at teaching different skills of soldering to kids as well as young adults. Once the kit it soldered, custom animations and scrolltext can be created at <a href="http://blinkenrocket.de">blinkenrocket.de</a> and uploaded using your audio port. Blinkenrocket is designed to: - teach different skills of soldering (SMD, trough hole, stencils, reflow) - be CHEAP so it can be used at school events - be 100% open source, EVERYTHING is available online under open source licensed terms - provide extensive information targeted to kids as well as young adults - be extendable - it will sell in a BUY ONE / GIVE ONE program to support future growth and donations to workshops. this way people who can not afford it are not excluded from learning how to solder. CC BY 4.0 false overflo muzy blinkenrocket github Der Zerhacker Youtube /system/events/logos/000/008/725/large/collin.jpg?1506177578 2017-12-28T18:30:00+01:00 18:30 01:00 Saal Clarke 34c3-8725-inside_android_s_safetynet_attestation_attack_and_defense Security lecture en SafetyNet Attestation is the primary platform security service on Android. Until recently you had to use third party tools or implemented your own app integrity checks and device rooting checks. Today you can use Android's SafetyNet Attestation infrastructure to ensure the integrity of your application and the user's device. Unfortunately, SafetyNet Attestation is not well documented by Google. This talk is split into three parts. Part one provides a deep dive into SafetyNet Attestation how it works. Part two is a guide on how to implement and use it for real world applications. This is based on the lessons learned from implementing SafetyNet Attestation for an app with a large install base. The talk will provide you with everything you need to know about Android’s SafetyNet Attestation and will help you to implement and use it in your app. Part three presents attacks and bypasses against SafetyNet Attestation. The attack method targets not only SafetyNet but other similar approaches. New tools and techniques will be released at this talk. CC BY 4.0 false Collin Mulliner /system/events/logos/000/009/070/large/worldcheck-4-1498254190.gif?1513378145 2017-12-28T19:45:00+01:00 19:45 01:00 Saal Clarke 34c3-9070-financial_surveillance Exposing the global banking watchlist Ethics, Society & Politics lecture en Faced with new responsibilities to prevent terrorism and money laundering, banks have built a huge surveillance infrastructure sweeping up millions of innocent people. Investigative journalists Jasmin Klofta and Tom Wills explain how, as part of an international collaboration, they exposed World-Check, the privately-run watchlist at the heart of the system. An accidental leak granted a rare opportunity for journalists to examine a database used to make decisions affecting people and organisations all over the world. They include a mosque that had its bank account shut without explanation, activists blacklisted for a peaceful protest, and ordinary citizens whose political activities were secretly catalogued. We will show how we used data mining, OSINT and traditional investigative techniques to analyse the World-Check database and discover the human impact of this Kafkaesque system, which is used by almost every major bank and many other institutions including law enforcement agencies. The resulting story made front page news in the UK, Germany, Belgium, Italy, the Netherlands and the USA. We will also ask whether we really want banks to be held responsible for the crimes of their customers? Are Financial Intelligence Units a sensible precaution, or are they pre-crime agencies? CC BY 4.0 false Jasmin Klofta Tom Wills 2017-12-28T21:00:00+01:00 21:00 01:00 Saal Clarke 34c3-9250-the_making_of_a_chip Hardware & Making lecture en You are surrounded by ICs. Yet you probably don't know much about how such a chip is made. This talk is an introduction to the world of chip fabrication from photolithography over ion implantation to vapor deposition of the connections This talk is a tour through the fabrication of an integrated circuit, an electronic chip. You will see the basics of the different techniques used in the process: - photolithography ("photolitho") - etching - ion implantation - vapor deposition and how they are combined: - photolitho and etching to selectively remove material - photolitho and implantation to form doped semiconductors that form transistors - photolitho and vapor deposition to form the connections that turn the transistors into gates I will touch the underlying semiconductor physics only very briefly to give an idea why this layout makes sense. This talk is meant to give you a glimpse into the world of IC fabrication. I will not talk about things that are particularly new, this knowledge has been around since at least 1990. But it is still interesting since the processes are still used for every IC in production today yet not widely known outside the semiconductor industry. I won't touch IC development (none of the points mentioned <a href=https://en.wikipedia.org/wiki/Integrated_circuit_development>here</a>). If you're interested in that <a href=https://media.ccc.de/v/c4.openchaos.2017.06.cpu-design-fuer-einsteiger-und-risc-v>on development</a> and a <a href=https://media.ccc.de/v/RNJNXM>low-level view on an FPGA</a> may be your thing. CC BY 4.0 false Ari The making of a chip - slides 2017-12-28T22:15:00+01:00 22:15 01:00 Saal Clarke 34c3-9135-aslr_on_the_line Practical cache attacks on the MMU Security lecture en Address Space Layout Randomization (ASLR) is fundamentally broken on modern hardware due to a side-channel attack on the Memory management unit, allowing memory addresses to be leaked from JavaScript. This talk will show how. Address space layout randomization (ASLR) has often been sold as an important first line of defense against memory corruption attacks and a building block for many modern countermeasures. Existing attacks against ASLR rely on software vulnerabilities and/or on repeated (and detectable) memory probing. In this talk, we show that neither is a hard requirement and that ASLR is fundamentally insecure on modern cache- based architectures, making ASLR and caching conflicting requirements (ASLR xor Cache, or simply AnC). To support this claim, we describe a new EVICT+TIME cache attack on the virtual address translation performed by the memory management unit (MMU) of modern processors. Our AnC attack relies on the property that the MMU's page-table walks result in caching page-table pages in the shared last-level cache (LLC). As a result, an attacker can derandomize virtual addresses of a victim's code and data by locating the cache lines that store the page-table entries used for address translation. Relying only on basic memory accesses allows AnC to be implemented in JavaScript without any specific instructions or software features. We show our JavaScript implementation can break code and heap ASLR in two major browsers running on the latest Linux operating system with 28 bits of entropy in 150 seconds. We further verify that the AnC attack is applicable to every modern architecture that we tried, including Intel, ARM and AMD. Mitigating this attack without naively disabling caches is hard, since it targets the low-level operations of the MMU. We conclude that ASLR is fundamentally flawed in sandboxed environments such as JavaScript and future defenses should not rely on randomized virtual addresses as a building block. CC BY 4.0 false brainsmoke paper (PDF) Project page slides 2017-12-28T23:30:00+01:00 23:30 01:00 Saal Clarke 34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur An AES encrypted radio system Security lecture en Hoermann BiSecur is a bi-directional wireless access control system “for the convenient and secure operation of garage and entrance gate operators, door operators, lights […]” and smart home devices. The radio signal is AES-128 encrypted and the system is marketed to be “as secure as online banking”. In comparison to conventional and often trivial to break wireless access control systems, the system should thus make it practically infeasible to clone a genuine transmitter so that attackers can get unauthorized access. We used the low-cost CCC rad1o software defined radio (SDR) platform to intercept and analyze the wireless radio signal. We took apart several Hoermann BiSecur hand transmitters and subsequently utilized a vulnerability in the microcontroller to successfully extract the firmware. In order to conduct a security audit, the extracted firmware was disassembled and analyzed so that the encryption mechanism, the key material, the cryptographic operations as well as the RF interface could be reverse engineered. Our security analysis shows that the overall security design is sound, but the manufacturer failed to properly initialize the random seed of the transmitters. As a result, an attacker can intercept an arbitrary radio frame and trivially compute the utilized encryption key within less than a second. Once the key is known to the attacker, a genuine transmitter can be cloned with an SDR platform such as the CCC rad1o. In addition to unauthorized operation of gates and doors, there is a likely (although currently untested) impact on Smart Home appliances that use the BiSecur system. We tested a total of 7 hand transmitters from 3 different model series and with manufacturing dates between 2015 and 2017. All analyzed hand transmitters shared the same static random seed and were found to be vulnerable to our attack. The vulnerability can easily be fixed so that future hand transmitters and radio transmission are protected from our attack. In our CCC talk we plan to give a step-by-step presentation on how we analyzed and subsequently broke the Hoermann BiSecur system. This includes the following topics: - Overall system overview - Radio signal analysis with the CCC rad1o SDR platform - Reverse engineering of the radio signal - Hardware analysis of BiSecur transmitters - Firmware extraction from the microcontroller by exploiting a security flaw in the PIC18F controller - Firmware disassembly and reverse engineering with IDA Pro - Analysis results providing a technical overview of how the BiSecur system operates including the encryption scheme (with AES-128 at its core) and RF operations - Presentation of our attacks (signal cloning of genuine transmitters) - Live-Hacking Demo with the CCC rad1o SDR platform - Suggested security fix CC BY 4.0 false Markus Muellner Markus Kammerstetter Uncovering Vulnerabilities in Hoermann BiSecur /system/events/logos/000/009/290/large/1011783_10154799296605083_8572860066039740959_n.jpg?1512252028 2017-12-28T11:30:00+01:00 11:30 00:30 Saal Dijkstra 34c3-9290-visceral_systems Approaches to working with sound and network data transmissions as a sculptural medium. Art & Culture lecture en This talk considers the visceral relationship one can have towards intangible media, notably sound and network data transmissions. Sarah presents a selection of her work demonstrating these synesthetic relationships, ranging from experiments in bio and fiber arts to interface design and educational tools for demystifying computer networking technology. false Sarah Grant http://www.chootka.com/ visceral-systems.pdf file /system/events/logos/000/008/814/large/mfmw.jpg?1507405188 2017-12-28T12:15:00+01:00 12:15 00:30 Saal Dijkstra 34c3-8814-making_experts_makers_and_makers_experts Hardware & Making lecture en Over the past year, we have been developing open source wheelchair add-ons through user research, ideation, design, prototyping and testing. We present the outcome and insights from the process. The project started one year ago with a wheelchair hackathon at MakerFaire. Driven by ideas of the users, we intensively worked on three topics: transport and storage, driving in the snow and lighting. In particular, following criteria played a central role: feasibility, time spent on DIY production, costs, aesthetics and impact on wheelchair users. From numerous ideas and prototypes, two products have gained resonance amongst users - OPEN LIGHTS, a wheelchair lighting feature and OPEN TRAILER, a wheelchair trailer. The project is completely open source and can be reproduced by users themselves with DIY rapid prototyping technologies. The designs and files can be downloaded for free under Creative Commons License. It is important to us that the products can be easily and inexpensively replicated so that as many wheelchair users can benefit from them. CC BY 4.0 false Daniel Wessolek Isabelle Dechamps Made For My Wheelchair 2017-12-28T13:00:00+01:00 13:00 00:30 Saal Dijkstra 34c3-8865-digitale_bildung_in_der_schule 5.-Klässlerinnen, die über die Millisekunden für einen delay()-Aufruf diskutieren! Gibt es nicht? Doch, gibt es! Hardware & Making lecture de „5.-Klässlerinnen, die über die Millisekunden für einen delay()-Aufruf diskutieren! Gibt es nicht? Doch, gibt es!“ Ein Modellprojekt mit sieben Schulen in Aachen hat diese Frage untersucht – wir haben die Schülerinnen und Schüler begleitet und würden gerne darüber berichten, denn wir wissen jetzt: Programmieren macht ihnen Spaß! Von Januar bis Juni diesen Jahres haben sich sieben Schulen, 14 mutige Lehrerinnen und Lehrer und 223 neugierige Schülerinnen und Schüler einer ganz besonderen Herausforderung gestellt: In ein bis zwei Doppelstunden löten die Schüler sich einen eigenen kleinen Roboter zusammen und programmieren ihn anschließend textuell in C/C++! Kann das überhaupt funktionieren? Macht den Kindern das Spaß? Lernen sie auch tatsächlich etwas? Hierüber möchte ich euch gerne Näheres erzählen :) CC BY 4.0 false Katja Bach Folien Digitale Bildung in der Schule 2017-12-28T13:45:00+01:00 13:45 00:30 Saal Dijkstra 34c3-8953-think_big_or_care_for_yourself On the obstacles to think of emergent technologies in the field of nursing science Ethics, Society & Politics lecture en In German nursing science the dominant position on emergent technologies demands the removal of machines from caring environments („Entmaschinisierung“). In contrast to this, European research policy heavily focus on developing new health and social technologies to solve societal issues like a skill shortage in nursing. Thinking about technology in nursing science cannot but be conflicted. In this talk we first expose requirements for particularly conceptualizing the application of technological systems in care work settings. Further we will give an overview on main arguments against digital technologies in care with an example of a current research project in the field of Augmented Reality in care work. In the first part of this talk we will introduce current positions of German nursing science and German nurses on emergent technologies. For German nursing scientists the main element of nursing is the relationship between the patient and their nurse. One central aspect of this relationship is communication. Corporal [“Leib”] perception is stressed as well as implicit or tacit knowledge. Nursing experts are presumed to use these kinds of knowledge to guide their action. It is argued that digitalization stands in the way of using these kinds of non-discursive knowledge, as digital technology is only able to display discursive knowledge. Thus, care logic and logic of technology are described as incommensurable. Nevertheless, usage of electronic health records is increasing. Furthermore, a wide range of prototypes are developed as they are conceived as solutions regarding existing problems at least from certain points of view. E.g. Smart Devices can be used to support blood sampling or the documentation process. We will show you a prototype which is part of our research project, to offer you the possibility to get your own ideas of advantages and disadvantages. In the second part of this talk the theoretical premises of main arguments against technology will be revealed and a counterperspective will be introduced. The progress of biotechnologies in some way stimulates a slowly growing mutual interest of the humanities and natural sciences. Notwithstanding in nursing science there is still a hostile attitude against if not a categorical denial of technologies ranging from robotic systems to smart home technologies and even the PC. Emergent technologies are mistakenly seen as strongly (and only) bound to medicine and hence being hopelessly fought. On closer consideration it becomes obvious that the theoretical premises of this perspective are deeply linked to the idea of human exceptionalism. In their (neo-) humanistic vindication nursing scientists seek to set themselves free from the influence of medicine as a dominant discipline. CC BY 4.0 false AKO Hanna Wüller file /system/events/logos/000/009/196/large/dtrace-pony.jpg?1508102936 2017-12-28T14:30:00+01:00 14:30 00:30 Saal Dijkstra 34c3-9196-may_contain_dtraces_of_freebsd Resilience lecture en Systems are getting increasingly complex and it's getting harder to understand what they are actually doing. Even though they are built by human individuals they often surprise us with seemingly bizarre behavior. DTrace lights a candle in the darkness that is a running production system giving us unprecedented insight into the system helping us to understand what is actually going on. We are going implement `strace`-like functionality, trace every function call in the kernel, watch the scheduler to its thing, observer how FreeBSD manages resources and even peek into runtime systems of high level programming languages. If you ever wondered what software is doing when you are not looking, this talk is for you. DTrace is an incredibly useful tool for safely inspecting whole systems without impacting overall performance as much as other mechanisms. It's open source and available on a wide variety of operating systems like FreeBSD, MacOS, Solaris, illumos and NetBSD. It can be used for debugging, reverse engineering or for just learning to understand the system. I'm going to introduce DTrace and its D language by digging down into the inner workings of FreeBSD itself as it runs (e.g. memory and process management, locking infrastructure and scheduling) as well as user processes. On top of that I will use DTrace itself to illustrate how DTrace is doing its work. We are also going to take a look at some of DTraces' internals like some of the design decisions as well as the byte code that is being executed in the kernel. CC BY 4.0 false raichoo DTrace Website 2017-12-28T15:15:00+01:00 15:15 01:00 Saal Dijkstra 34c3-8980-netzpolitik_in_der_schweiz Die aktuellen Auseinandersetzungen über digitale Freiheitsrechte Ethics, Society & Politics lecture de Gleich in drei Gesetzen drohen Netzsperren. Staatstrojaner und Massenüberwachung bis ins WLAN sind mit der Einführung der Überwachungsgesetze BÜPF und NDG vorgesehen. E-Voting soll auf Biegen und Brechen durchgesetzt werden. Nur garantierte Netzneutralität lässt weiter auf sich warten. Im Vortrag versuchen wir, Einsichten in die aktuellen netzpolitischen Auseinandersetzungen in der Schweiz zu geben und Handlungsmöglichkeiten aufzuzeigen. Folgende Themen möchten wir aufgreifen und gemeinsam einen Blick in die Zukunft werfen: <ul> <li>Auswirkungen des neuen BÜPF: Eine Einschätzung für die Praxis ab dem 1.3.2018</li> <li>Netzsperren im Geldspielgesetz (und anderswo): Wie steht es um das Referendum?</li> <li>Beschwerde gegen die Kabelaufklärung: Strategisch klagen für Freiheitsrechte</li> <li>E-Voting: Auf Biegen und Brechen</li> <li>Netzneutralität: Ungenügende Transparenzpflichten</li> <li>Datenschutzgesetz: Wie ist der Stand der Debatte?</li> </ul> Im Anschluss an den Vortrag findet eine weiterführende Diskussions- und Fragesession im <a href="https://events.ccc.de/congress/2017/wiki/index.php/Cluster:Rights_%26_Freedoms">Rights &amp; Freedoms Orbit</a> statt. Es werden Personen von einigen aktiven Organisationen in der Schweiz (wie CCC-CH, CCCZH, Digitale Gesellschaft Schweiz, Piratenpartei Schweiz) anwesend sein. CC BY 4.0 false Kire Patrick Stählin Martin Steiger Präsentation /system/events/logos/000/008/832/large/TESLA_cavity.jpg?1507978586 2017-12-28T16:30:00+01:00 16:30 01:00 Saal Dijkstra 34c3-8832-free_electron_lasers ...or why we need 17 billion Volts to make a picture. Science lecture en Wouldn’t it be awesome to have a microscope which allows scientists to map atomic details of viruses, film chemical reactions, or study the processes in the interior of planets? Well, we’ve just built one in Hamburg. It’s not table-top, though: 1 billion Euro and a 3km long tunnel is needed for such a ‘free electron laser’, also called 4th generation synchrotron light source. I will talk about the basic physics and astonishing facts and figures of the operation and application of these types of particle accelerators. Most people have heard about particle accelerators, most prominently LHC, at which high energy particles are brought to collision in order to study fundamental physics. However, in fact most major particle accelerators in the world are big x-ray microscopes. The latest and biggest of these synchrotron radiation sources which was built is the European XFEL. A one billion Euro ‘free electron laser’, based on a superconducting accelerator technology and spread out 3km beneath the city of Hamburg. The produced x-ray pulses allow pictures, for example from proteins, with sub-atomic resolution and an exposure time short enough to enable in-situ studies of chemical reactions. This talk aims to explain how particle accelerators and in particular light sources work, for what reason we need these big facilities to enable new types of science and why most of modern technology would be inconceivable without them. CC BY 4.0 false Thorsten /system/events/logos/000/008/758/large/IMG_0505.JPG?1506513641 2017-12-28T18:30:00+01:00 18:30 01:00 Saal Dijkstra 34c3-8758-how_to_drift_with_any_car (without your mom yelling at you) Security lecture en Lots of research are arising from the fairly unexplored world of automative communications. Cars are no longer becoming computers, they are fully connected networks where every ECU exchanges and operates the vehicles at some point. Here is an introduction of my immersion and discussions with my car, and how I finally managed to drift (a bit) with my mom's FWD Fiat 500c. This talk is not only about security, but about hacking and video games. Many video games are about driving cars, whether it is for racing, or heisting and escaping the police. In this talk, we will explain how the user experience could actually be improved by connecting a car to a video game and turning it into a game controller. We will discuss about these connected systems, how car components interact with one another, the different protocols, or anything that came to us during this journey. However there was one important constraint during all that experience: no car could be dismantled nor modified. The main goal of this analysis was to try doing something out of the data which could be freely recovered while plugging itself to the OBD-II port of a car. As mentioned, this resulted in the possibility of controlling a video game car through the real car, like a simulator, without the need of modifying anything in the car itself. Unfortunately, this requires a lot of gasoline to have the engine powered on and run. Moreover, gasoline is really expensive in France. So we looked for a way to reduce that cost. We actually found a nice device on the Internet to optimize the amount of gasoline used by the engine. Apparently, it works by connecting to the OBD-II port and reconfigures the engine’s ECU. We looked into that to understand what was actually going on… and try to reduce the cost of the drifting. The following points will be mentioned during the presentation: ECUs CAN bus OBD-II (DTCs/PIDs) On-top-of-CAN protocols UDS (Diagnostic/Security session) Reverse engineering: the meanings of CAN messages Using a real car as a simulator, for poories Minor details about how to create a custom game controller OBD dongle reverse engineering CC BY 4.0 false Guillaume Heilles P1kachu file file 2017-12-28T19:45:00+01:00 19:45 00:30 Saal Dijkstra 34c3-9077-humans_as_software_extensions Will You Be My Plugin? Art & Culture lecture en While technology is often described as an extension of our bodies, this talk will explore a reversed relationship: Bodies and minds of digital laborers (you and me and basically everybody else) as software extensions that can be easily plugged in, rewired, and discarded. I will approach this topic from an artist's point of view. From CAPTCHAS as micro jobs for training AI to people having to pretend to be bots, from gig work to APIs for programming people – we are extending computational systems by offering our bodies, our senses, and our cognition. To some degree, this has been true for most kind of work for a long time. However, with software creeping into every aspect of our lives, and with algorithmic systems modulating and optimizing flows constantly, being plugged in and then generating data, or being modulated by data analysis, has become ubiquitous (workers never leaving the factory?). In this talk, I will address the condition of being a software extension within the framework of my artistic practice and research by introducing artworks and discussing e.g. the survival creativity of gig workers on hyper-competitive online platforms; the surveilled workplace; AI as a global assembly line. Against this backdrop, I will also speculate about possible interventions inside these environments. CC BY 4.0 false Sebastian Schmieg /system/events/logos/000/009/275/large/9365_1_2017_AFRO_FEST.jpg?1510570320 2017-12-28T20:30:00+01:00 20:30 00:30 Saal Dijkstra 34c3-9275-afro_tech Afrofuturism, Telling tales of speculative futures Art & Culture lecture en Inke Arns will present speculative projections of the future and current developments in the field of digital technologies by artists and inventors from different countries in Africa, the African diaspora and many other actors in the USA and Europe. The project examines science-fiction narratives and concepts of technology that function according to their own rules rather than conforming with dominant western narratives. A key source of inspiration for the artworks on display is Afrofuturism, a movement that emerged in the mid-twentieth century against the backdrop of the African-American community's historical experience of racism and discrimination. Telling tales of speculative futures, it opened up a space for a distinct history, and hence emancipation, self-empowerment and individual freedom. The concepts, ideas and aesthetics of Afrofuturism soon spread from the USA to the rest of the world, influencing countless artists – also in German-speaking countries – with whose experiences they strongly resonated. false Inke Arns http://www.hmkv.de/ Slides 2017-12-28T21:15:00+01:00 21:15 00:30 Saal Dijkstra 34c3-9222-the_noise_protocol_framework Security lecture en The <a href="https://noiseprotocol.org">Noise Protocol Framework</a> is a toolkit for 2-party secure-channel protocols. Noise is used by WhatsApp for client-server communication, by the WireGuard VPN protocol, and by the Lightning Network. In this talk I'll describe the rationale behind such a framework, and how you can use it to build simple, efficient, and customized secure-channel protocols. Noise provides a simple pattern language and naming scheme for 2-party DH-based cryptographic handshakes, covering the different possibilities for client and/or server authentication, post/pre-specified peers, identity-hiding, and 0-RTT encryption. These patterns are easily compiled into linear sequences of cryptographic operations using your favorite ECDH, hash, and cipher functions. Extensions are in the works for additional cryptographic choices, e.g. post-quantum options for "hybrid forward-secrecy", as well as negotiation frameworks. CC BY 4.0 false Trevor Perrin Slides 2017-12-28T22:00:00+01:00 22:00 01:00 Saal Dijkstra 34c3-9006-implementing_an_llvm_based_dynamic_binary_instrumentation_framework Security lecture en This talk will go over our efforts to implement a new open source DBI framework based on LLVM. We'll explain what DBI is used for, how it works, the implementation challenges we faced and compare a few of the existing frameworks with our own implementation. We have been using DBI frameworks in our work for a few years now: to gather coverage information for fuzzing, to break whitebox cryptography implementations used in DRM or to simply assist reverse engineering. However we were dissatisfied with the state of existing DBI frameworks: they were either not supporting mobile architectures, too focused on a very specific use cases or very hard to use. This prompted the idea of developing QBDI which has been in development for two years and a half. With QBDI we wanted to try a modern take on DBI framework design and build a tool crafted to support mobile architectures from the start, adopting a modular design enabling its integration with other tools and that was easy to use by abstracting all the low-level details from the users. In this talk we will review the motivation behind the usage of a DBI. We will explain its core principle and the main implementation challenges we faced. We will go through a few of the existing frameworks (Intel Pin, Valgrind, DynamoRIO) and compare our implementation choices with theirs. Finally, we will demo our framework and showcase its integration inside Frida. We also plan to open source our framework under a permissive free software license (Apache 2) during the conference. CC BY 4.0 false Charles Hubain Cédric Tessier QBDI website Slides Slides 2017-12-28T23:15:00+01:00 23:15 00:30 Saal Dijkstra 34c3-9044-growing_up_software_development From Hacker Culture to the Software of the Future Resilience lecture en Hacker culture overcomes limitations in computer systems through creativity and tinkering. At the same time, hacker culture has shaped the practice of software development to this day. This is problematic - techniques effective for breaking (into) a computer systems are not necessarily suitable for developing resilient and secure systems. It does not have to be this way: We can approach software development as a methodical, systematic activity rather than tinkering, and teach it accordingly. I'll review my experience teaching these methods for the past 18 years and give some suggestions on what *you* may do. <p> Hacker culture, which originated CCC (or vice versa?), overcomes limitations in computer systems through creativity and tinkering. Many activities of the hacker community have focussed on discovering weaknesses of IT systems, and creativity and tinkering have been enormously successful at this endeavour. At the same time, hacker culture has shaped the practice of software development to this day. This is problematic - techniques effective for breaking (into) a computer systems are not necessarily suitable for developing resilient and secure systems. The long, long list of vulnerabilities with always the same root causes bears testament to this. Thus, ironically, the very techniques hackers have used to discover and fight vulnerabilities are responsible for them in the first place. </p> <p> It does not have to be this way: It is possible to construct resilient software systematically, greatly reducing the risk of failure. However, this requires significant changes in culture, methodology, and the tools we use to develop software. We need to approach software development as a methodical, systematic activity rather than tinkering, and teach it accordingly. This will lead to a set of systematic, proven methods that lead to robust and correct software. This talk will introduce available methods, tools, and languages supporting such methodologies: program by design, type-based modelling, mathematics, and functional programming. I'll review my experience teaching these methods for the past 18 years and give some suggestions on what *you* may do. </p> CC BY 4.0 false Mike Sperber Slides file /system/events/logos/000/009/150/large/robotmusic2.jpg?1508098174 2017-12-29T00:00:00+01:00 00:00 00:30 Saal Dijkstra 34c3-9150-robot_music The Robots Play Our Music and What Do We Do? Art & Culture lecture en Once full automation hits, we will have a lot of free time on our hands. This project demonstrates early explorations in computer generated music via robot hands, old computers and generative algorithms. While the robot performs, we sit next to it and invite people for a conversation about robots being “creative” and “stealing our jobs”. “Robot Music” is an ongoing robotic research project between artists Goto80 and Jacob Remin centered around automation, creation and loss of control. The project was initiated in 2017 and has been shown in other forms at Illutron (Copenhagen), Algomech Festival (Sheffield) and Internetdagarna (Stockholm). In this installment at CCC robotic arms play music on a Commodore 64 and other sound machines. The robot loads songs that we have made and re-works them live by changing the notes, instruments, arrangements, effects and by applying a general “robot cool” to the mix. While the robot performs, we sit next to it to talk to people about robots being “creative” and “stealing our jobs”. For CCC we will bring two robots. One for performing and one for hacking. We are inviting all hackers to join our conversation, and we are excited to meet people with skills within robotics, programming, neural networks for music composition and live coding. CC BY 4.0 false jacob remin goto80 Robot Music Robot Music slides from presentation 2017-12-28T20:15:00+01:00 20:15 1:45 Lecture room 11 self organized sessions meeting de Daily A/V Angel Meeting: Feedback and Shift Distribution Jwacalex https://c3voc.de https://events.ccc.de/congress/2017/wiki/index.php/Session:A/V_Angel_Meeting 2017-12-28T12:30:00+01:00 12:30 0:45 Lecture room 11 Wie sicher ist der beA? self organized sessions talk de Ab dem 1.1.2018 wird das besondere elektronische Anwaltspostfach (beA), quasi DE-Mail für Anwälte, verpflichtend eingeführt, Anwälte müssen darüber Schriftsätze empfangen. In diesem talk möchte ich grob skizzieren, wie das System funktioniert und wie es um die Sicherheit bestellt ist. Md https://events.ccc.de/congress/2017/wiki/index.php/Session:BeA_-_das_neue_Anwaltspostfach 2017-12-28T18:30:00+01:00 18:30 1:45 Lecture room 11 Heaven can't wait self organized sessions hands-on de Chorsingen und Aufnahme eines Chorstückes für den Film "All creatures welcome" Piko https://events.ccc.de/congress/2017/wiki/index.php/Session:Chaos_Communication_Choir 2017-12-28T11:00:00+01:00 11:00 1:00 Lecture room 11 Talk + brainstorming self organized sessions workshop en Non-governmental organizations such as Greenpeace, Amnesty International or Peta utilize more or less legal forms of activism for informing the public, influencing policy-makers and gaining visibility. However, NGOs' digital activism, or e-activism, is still in its infancy. In this talk we present examples of e-activism and discuss their risk, impact and techniques. In the second half of the talk the audience is invited to brainstorm and/or propose novel concepts. https://events.ccc.de/congress/2017/wiki/index.php/Session:E-activism_for_NGOs 2017-12-28T15:00:00+01:00 15:00 2:00 Lecture room 11 Beginner self organized sessions workshop de TBD Lil-Missy https://kinkygeeks.de https://events.ccc.de/congress/2017/wiki/index.php/Session:KinkyGeeks_Bondage_Workshop 2017-12-29T00:00:00+01:00 00:00 2:00 Lecture room 11 self organized sessions en Ki https://events.ccc.de/congress/2017/wiki/index.php/Session:Meetup_for_members_of_r0p334c3 2017-12-28T13:15:00+01:00 13:15 0:45 Lecture room 11 Last years development & discussion self organized sessions workshop en '''''UPDATE'': We changed the room, now 15 minutes later and in room 11!''' A workshop on the development of Schleuder, the crypto mailinglist manager: what's new in version 3, the new web-interface, what will be next, etc. Depending on the attendee's wishes, we can also take time to answer questions, discuss ideas, or provide practical help with problems. Paz https://schleuder.nadir.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Schleuder 2017-12-28T22:00:00+01:00 22:00 2:00 Lecture room 11 self organized sessions other de Wir machen hier ein kleines alternativ nerdiges Workout. ;) Mehr verraten wir nicht. Magic Karl Weber Hermine Minnie https://events.ccc.de/congress/2017/wiki/index.php/Session:Sport_f%C3%BCr_Nerds 2017-12-28T17:00:00+01:00 17:00 1:30 Lecture room 11 Translation Angel Meeting Day 2 self organized sessions meeting en Daily orga meeting of the Translation Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Translation_Team 2017-12-28T19:30:00+01:00 19:30 0:30 Lecture room 11 FreeBSD on desktops and laptops self organized sessions de Vater https://events.ccc.de/congress/2017/wiki/index.php/Session:TrueOS_install_demo 2017-12-28T14:00:00+01:00 14:00 1:00 Lecture room 11 Lecture/discussion self organized sessions en This is a story of when the Dutch secret service knocked on my door just after OHM2013, what some of the events that lead up to this, our guesses on why they did this and how to create an environment where we can talk about these things instead of keeping silent. DrWhax2 https://events.ccc.de/congress/2017/wiki/index.php/Session:When_the_Dutch_secret_service_knocks_on_your_door 2017-12-28T13:00:00+01:00 13:00 3:00 Seminar room 14-15 e-mail end-to-end encryption ... for humans! self organized sessions workshop en Introduction and practical demonstration to Autocrypt, an implemented specification for convenient e-mail end-to-end encryption. Bring your Android phone or Laptop to get installed with in-development releases of Autocrypt-capable clients (Delta/Android, K-9 Mail, Enigmail) and try it out with us! There are opportunities to help and feedback work to developers for future implementation. Day 2 - 13:00 - Seminar Room 14-15 Olgawolga Xeniax Compl4xx https://autocrypt.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Autocrypt 2017-12-28T16:00:00+01:00 16:00 1:00 Seminar room 14-15 self organized sessions meeting de This is a meetup for all people participating in the mastodon network or maybe want to do so in the future. We also use it as an opportunity for a small get-together for the people using the chaos.social instance. Nazco https://events.ccc.de/congress/2017/wiki/index.php/Session:Chaos.social_and_mastodon_meetup 2017-12-28T17:30:00+01:00 17:30 0:30 Seminar room 14-15 self organized sessions meeting de Lasst uns über den geplanten Staatstrojaner für den Verfassungsschutz in Hessen sprechen (www.hessentrojaner.de). Wir wollen ein wenig auf die bisherigen Geschehnisse zurückblicken und natürlich auch über das weitere Vorgehen reden. Natürlich freuen wir uns auch über Besucher aus anderen Bundesländern (insb. aus NRW ;)). Fluxx http://www.hessentrojaner.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Hessentrojaner_Meetup 2017-12-28T11:30:00+01:00 11:30 0:50 Seminar room 14-15 self organized sessions talk en How a mathematical breakthrough made at the end of the 17th century is the workhorse of the artificial neural networks of today IngoBlechschmidt https://events.ccc.de/congress/2017/wiki/index.php/Session:How_does_artificial_intelligence_accomplish_the_feat_of_learning%3F_(Wondrous_Mathematics) 2017-12-28T20:45:00+01:00 20:45 1:30 Seminar room 14-15 self organized sessions workshop en Ideas of the anarchism existed before the network, however hacker's community willingly took anarchism appreciating its dedication to individual and collective freedom. With this session we will have a quick look on history of anarchism and the present of the anarchist struggle in the social and political sphere around the world. This is a short presentation with a discussion round. http://abcdd.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Introduction_into_anarchism 2017-12-28T18:00:00+01:00 18:00 1:00 Seminar room 14-15 OParl Einführung self organized sessions discussion de OParl ist ein Datenstandard für kommunale Entscheidungen, welche in Ratsinformationssystemen gespeichert werden. Mit den Daten kann man Transparenz und Beteiligung vor Ort fördern. Auf dem 33C3 stand der Standard in den Kinderschuhen, nun findet er zunehmend Verbreitung. Wir - ein Team der Open Knowledge Foundation - wollen den Stand der Dinge präsentieren gemeinsam über die Zukunft reden: Anwendungen, Standard-Weiterentwicklung, weitere Verbreitung. Anschließend ab 19:00 gibt es einen technischen Workshop zu OParl. https://oparl.org https://events.ccc.de/congress/2017/wiki/index.php/Session:OParl:_ein_Datenstandard,_um_politische_Entscheidungen_transparent_zu_machen 2017-12-28T19:30:00+01:00 19:30 1:00 Seminar room 14-15 Pirates Meetup self organized sessions discussion de Connecting people who are members of one of the many Pirate Parties worldwide, people who would like to join, and people generally interested in what we are doing. It is a meetup and networking event for the members, the members of the board and we will discuss freely what is going on. Utzer https://events.ccc.de/congress/2017/wiki/index.php/Session:Pirate_Parties_Members_Meetup 2017-12-28T20:30:00+01:00 20:30 1:00 Lecture room 12 backer meeting and open discussion self organized sessions meeting de In this meeting FilmGizmo will give everybody interested a quick overview of the formation process, the status and the future of the documentary project ALL CREATURES WELCOME. And, maybe most importantly: She will answer all the questions of the people who help to realize this movie and the ones who want to become part of it in an open discussion! Gizmo http://www.allcreatureswelcome.net https://events.ccc.de/congress/2017/wiki/index.php/Session:All_Creatures_Welcome 2017-12-28T19:45:00+01:00 19:45 0:45 Lecture room 12 self organized sessions talk en Matrix is an open protocol for real-time communication. It not only provides a way to build messengers like riot.im, but it also allows bridging other messengers like IRC, Slack, Gitter, Telegram, etc. Exul https://github.com/exul/matrix-rocketchat https://events.ccc.de/congress/2017/wiki/index.php/Session:Bridging_messengers_with_Matrix.org 2017-12-28T18:30:00+01:00 18:30 1:00 Lecture room 12 self organized sessions discussion en Discussion about the state of the decentralized web Mwarning https://events.ccc.de/congress/2017/wiki/index.php/Session:Decentralized_Web 2017-12-28T14:00:00+01:00 14:00 1:15 Lecture room 12 “Plötzlich Wissen!”: Eine etwas andere Art der Wissenschaftskommunikation self organized sessions workshop de Gehen drei Wissenschaftler und eine Handpuppe in eine Kneipe...und sprechen über Wissenschaft mit Bezug auf Meere und Ozeane. Genau das machen wir, also Julia Schnetzer, Inga Marie Ramcke und André Lampe. Wir sprechen mit Menschen (fast) aller Altersklassen und Hintergründe und haben nicht nur unseren flauschigen Kollegen, den Dugong Dilhan - eine Gabelschwanzseekuh - sondern auch Experimente mit Meeresbezug und aktuelle Forschungsthemen im Gepäck. Natürlich freuen wir uns ebenso über persönliche Fragen, die wir sehr gern aus unserer Perspektive, also meist aus dem Leben eines Wissenschaftlers, beantworten. Unser Versuch, mit Leuten von der Straße über Wissenschaft zu sprechen, hat uns oft mit unvorhersehbaren Fragen und Situationen überrascht. Wir nennen unsere Arbeit in der Wissenschaftskommunikation deshalb auch #harteformate und möchten euch einen ersten Einblick und Diskussionsmöglichkeit über diese Form von WissKomm geben. Vielleicht wagt ihr euch dann auch an ungewohnte Zielgruppen, die mit ein wenig charmanter Arbeit zu tollen Gesprächspartnern werden und deren Neugier für euer Thema geweckt wird. AndereLampe http://ploetzlichwissen.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Gehen_drei_Wissenschaftler_in_eine_Kneipe 2017-12-28T15:30:00+01:00 15:30 1:00 Lecture room 12 self organized sessions Geschichten aus dem Krieg (Ullli and melzai talking about parenting with day job and small children) https://events.ccc.de/congress/2017/wiki/index.php/Session:Geschichten_aus_dem_Krieg 2017-12-28T17:00:00+01:00 17:00 1:00 Lecture room 12 self organized sessions HTML, CSS and a little bit of JavaScript - Web-Programming for Beginners https://events.ccc.de/congress/2017/wiki/index.php/Session:HTML,_CSS_and_a_little_bit 2017-12-28T11:00:00+01:00 11:00 1:30 Lecture room 12 self organized sessions workshop de Wissenschaftler wissen auch nicht alles. Ist ja klar. Aber wie finden die dann Antworten auf Fragen, wenn sie es auch nicht genau wissen? Wir machen mit euch eine kleine Redaktionssitzung und erklären euch, wie wir - Inga und André vom Wissenschaftskommunikationsprojekt „Plötzlich Wissen!“ - bei Fragen vorgegangen sind, die wir von Menschen auf der Straße gestellt und auf unserem Blog beantwortet haben. Wir sind beide Wissenschaftler und zeigen euch, wie ihr vorgehen könnt, wenn ihr auch mal an so eine Frage geratet. Wir recherchieren und diskutieren gemeinsam über eine Frage, die wir bis zum Workshop auch nicht kannten: weil sie nämlich von euch kommt! Wo finde ich gute Informationen? Welche Quelle ist seriös? Wo sollte ich lieber vorsichtig sein? Lasst und das gemeinsam rausfinden! Ab 11:00 Uhr Workshop 60-90 Minuten. Ab 10 Jahren! AndereLampe http://ploetzlichwissen.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Junghackertag_Wissenschaftsschnitzeljagd 2017-12-28T13:00:00+01:00 13:00 0:30 Lecture room 12 self organized sessions meeting en Meeting for new subtitles angels. This is the one you need to be confirmed as a subtitles angel. http://c3subtitles.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Subtitles-Engelmeeting 2017-12-28T09:00:00+01:00 09:00 1:00 Seminar room 13 self organized sessions workshop de We'll do some Yoga to calm our minds and move them bodies. Birdy1976 https://www.yogatoessfeld.ch/team/martin-voegeli-springer/ https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Hitchhiker%27s_Towel-Yoga 2017-12-28T15:00:00+01:00 15:00 2:00 Seminar room 13 self organized sessions meeting A warm and welcoming place for people who think they might be a little communist. http://telekommunisten.net https://events.ccc.de/congress/2017/wiki/index.php/Session:Commie_Curious 2017-12-28T13:00:00+01:00 13:00 1:00 Seminar room 13 self organized sessions Language Confusion - Programming Languages for Beginners https://events.ccc.de/congress/2017/wiki/index.php/Session:Language_Confusion 2017-12-28T10:00:00+01:00 10:00 3:00 Seminar room 13 self organized sessions workshop en A workshop about running your own Numerical Weather Prediction (NWP) model. Tecer https://www.hacknology.de/vortrag/2016/wrf/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Numerical_Weather_Prediction_Tutorial 2017-12-28T17:00:00+01:00 17:00 1:00 Seminar room 13 Polyamory [n:n] Relationships - A beginner's guide to many-to-many relationships self organized sessions workshop en Polyamory (n:n) Relationships - A beginner's guide to many-to-many relationships Sycret.Soul https://twitter.com/SycretSoul https://events.ccc.de/congress/2017/wiki/index.php/Session:Polyamory_-_Guide 2017-12-28T14:00:00+01:00 14:00 1:00 Seminar room 13 self organized sessions workshop en Sorting data by formulas with spreadsheet programs (Libre Office Calc, MS Excel) will be in English or German, depending on who is attending, if necessary dual language wird in Englisch oder Deutsch abgehalten, abhänging von den Teilnehmern, wenn notwendig zweisprachig https://events.ccc.de/congress/2017/wiki/index.php/Session:Sorting_data_by_formulas 2017-12-28T18:00:00+01:00 18:00 1:00 Seminar room 13 self organized sessions meeting en We're a bunch of people who participated in the game jam "Ludum Dare" this year. Whether you're curious about video game development, or a seasoned indie game developer – let's meet, talk about our experiences, and play each others' games! :) Blinry https://events.ccc.de/congress/2017/wiki/index.php/Session:Video_Game_Development_Meetup 2017-12-28T19:00:00+01:00 19:00 3:00 Seminar room 13 Do we need it at all? self organized sessions workshop en Das moderne Justizsystem ist nicht älter als ein paar hundert Jahre. Massive Knastkomplexe, benutzt zur Bestrafung und Unterjochung von ungehorsamen Teilen der Gesellschaft, sind Alltag in kapitalistischen Ländern. Die Privatisierung der Knäste ändert das Konzept der Bestrafung in ein profitables Geschäft mit Gefangenen, welche heutzutage nicht nur Kleidung für Polizei und Militär herstellen, sondern auch in alltäglichen Bereichen von Lebensmittelherstellung, Autoteileproduktion bis zur Arbeit im Callcenter deines Internet-Providerseingesetzt werden. In diesem Workshop möchten wir uns mit den verschiedenen Begriffen, die Knäste mit sich bringen, kritisch auseinander setzen. Wie erfahren wir dieses staatliche System von Gerechtigkeit? Welche gesellschaftlichen Ideen von Strafe existieren? Was sind andere Ansätze um mit sozialen Konflikten umzugehen? Gibt es überhaupt eine Alternative zu Knästen? Wir denken ja und wir hoffen die Türen der Knäste zu öffnen, indem wir über eine Zukunft mit leeren Zellen nachdenken. https://events.ccc.de/congress/2017/wiki/index.php/Session:Workshop_on_prison_and_justice_system 2017-12-28T18:00:00+01:00 18:00 1:00 CCL Hall 3 self organized sessions talk en A surprisingly simple problem turns out to be a major security risk: Downloading publicly accessible files from web servers with private data. Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:Hacking_with_wget 2017-12-28T22:00:00+01:00 22:00 1:00 CCL Hall 3 Ligntning Talks Self Organized Session self organized sessions talk Self Organized Lightning Talks to give the Waitlist for the Big thing a Chance (Organizer Zem) Zem https://events.ccc.de/congress/2017/wiki/index.php/Session:Lightning_Talks_Self_Organized 2017-12-28T21:00:00+01:00 21:00 1:00 CCL Hall 3 self organized sessions talk en Mathematicians work at the heart of most emerging technologies. Their work is re-shaping the world, and yet they have little knowledge, appreciation or training in ethical awareness. I am working to change this, and bring about a serious discussion in the mathematical community about the social impact mathematicians can have. My name is Maurice Chiodo, and I am a postdoctoral researcher in mathematics at the University of Cambridge. You can contact me at: mcc56 AT cam DOT ac DOT uk , or on twitter: @mauricechiodo https://cueims.soc.srcf.net/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Mathematicians_acting_amorally_-_how_they_harm_society 2017-12-28T11:00:00+01:00 11:00 2:00 CCL Hall 3 self organized sessions workshop en In this workshop about Open Research/Science we want to first identify what we can do to improve any aspect of Open Research/Science (like Open Access, Open Educational Resources, Open Peer Review, Open Data, ...). We then pick one or more of these aspects and start working on solutions (Hackathon-style). The workshop is an excellent place to connect with other people who are interested in making research and science more open. Bring your own ideas and make sure to add them to https://hackmd.io/CYMwRgjApgxgbBAtMMtEBYCGwlgEzAAciYcwA7BJuoeiAMyZA===?both (even better if you do so before the event)! Andrenarchy Pseyfert https://events.ccc.de/congress/2017/wiki/index.php/Session:Open_Science/Research_Workshop 2017-12-28T14:00:00+01:00 14:00 1:00 CCL Hall 3 self organized sessions talk en *** ATTENTION: TALK IS CANCELLED *** Navigating our cities using free software community based mobile apps in 'private mode' might sound like an easy task in 2017, but with a little research you will be quickly disappointed. There are related platforms out there, but some of them are lacking good User Experience, others are not community lead or are getting away from the free software freedoms due to their partnerships with companies that do not respect our privacy online. These are only some of the reasons the CityZen app was born in Tirana, as an OSM based Android app that helps us navigate our cities without tracking our location and activities. CityZen aims to be empowered by the community in terms of development and promotion and as a digital wallet for cryptocurrency used to make payments for goods and services from POIs easily through the app. Soon CityZen will apply blockchain as a decentralized process for the management of the cryptocoin based revenue that will be gathered through the app making it one of the few platforms out there used to help you find physical POIs and buy goods without giving away your real identity.* Eal http://www.cityzenapp.co https://events.ccc.de/congress/2017/wiki/index.php/Session:Privacy_aware_city_navigation_with_Free_Software 2017-12-28T19:30:00+01:00 19:30 0:30 CCL Hall 3 Algorithmic transaprency (EFF) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-28T13:00:00+01:00 13:00 1:00 CCL Hall 3 Take e-voting away from Europe (Hermes Center) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-28T15:00:00+01:00 15:00 1:00 CCL Hall 3 Digital security training for newbies (EFF) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-28T19:00:00+01:00 19:00 0:30 CCL Hall 3 Who has your back? An update on how companies protect user data (EFF) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-28T16:00:00+01:00 16:00 2:00 CCL Hall 3 Diskussion zur Netzpolitik in der Schweiz 2018 (Digitale Gesellschaft CH) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-28T14:00:00+01:00 14:00 1:00 CCL Hall 3 The upsurge of exceptional state politics and the downfall of digital human rights in Turkey (Alternatif Bilisim) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-28T21:00:00+01:00 21:00 1:00 Chaos West Stage self organized sessions game en 🙈 🙉 🙊 You Know Stuff ☐ ☒ ☑ Answer nerdy questions on your notebook / smartphone and win a (small) price 😸 😹 😻 Birdy1976 https://kahoot.it/ https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Nerd_Game_Show 2017-12-28T18:45:00+01:00 18:45 0:25 Chaos West Stage self organized sessions talk en Namecoin aims to support anonymous name registrations, but our approach isn't to simply implement the Monero or Zcash anonymity features as consensus rules. I'll explain why we're taking a very different approach. JeremyRand https://events.ccc.de/congress/2017/wiki/index.php/Session:A_Blueprint_for_Making_Namecoin_Anonymous 2017-12-28T18:00:00+01:00 18:00 0:40 Chaos West Stage self organized sessions talk en In this talk we'll explore Bisq—a decentralized, peer-to-peer bitcoin exchange that allows people to trade bitcoin for national currencies like US dollars and Euros, as well as for other cryptocurrencies like Litecoin, Monero and Namecoin. Bisq has been in development since early 2014 and in production since mid-2016, with a no-compromises approach to security, privacy and censorship resistance. https://bisq.network https://events.ccc.de/congress/2017/wiki/index.php/Session:Bisq_-_A_decentralized_bitcoin_exchange 2017-12-28T20:00:00+01:00 20:00 0:45 Chaos West Stage self organized sessions hands-on en Aufbau eines HackLabs auf VM und oder Hardware basis für jedes Budget! Nanooq https://chaos-west.de/wiki/index.php?title=Diskussion:34C3/B%C3%BChne/Slots#D_Town.2C_Christopher:_Aufbau_eines_HackLabs_auf_VM_und_oder_Hardware_basis_f.C3.BCr_jedes_Budget.21 https://events.ccc.de/congress/2017/wiki/index.php/Session:D_Town,_Christopher:_Eigenes_HackLab_bauen! 2017-12-28T22:00:00+01:00 22:00 2:00 Chaos West Stage self organized sessions de Bring your own bear Nanooq https://chaos-west.de/wiki/index.php?title=Diskussion:34C3/B%C3%BChne/Slots#Haecksen_BringYourOwnBear_Happy_Hour https://events.ccc.de/congress/2017/wiki/index.php/Session:Haecksen:_BringYourOwnBear_Happy_Hour 2017-12-29T00:00:00+01:00 00:00 2:00 Chaos West Stage DJ PorCus DJ set self organized sessions other de Come over and meet us at our cozy music lounge in hall 2! Proudly presented by Chaos West Bam https://events.ccc.de/congress/2017/wiki/index.php/Session:Klangteppich 2017-12-29T02:00:00+01:00 02:00 2:00 Chaos West Stage dray DJ set self organized sessions other de Come over and meet us at our cozy music lounge in hall 2! Proudly presented by Chaos West Bam https://events.ccc.de/congress/2017/wiki/index.php/Session:Klangteppich 2017-12-28T17:30:00+01:00 17:30 0:25 Chaos West Stage self organized sessions talk en Namecoin for Tor Onion Service Naming (And Other Darknets?): Fixing the usability issues caused by the longer v3 onion services. (Code is working and released.) JeremyRand https://events.ccc.de/congress/2017/wiki/index.php/Session:Namecoin_for_Tor_Onion_Service_Naming_(And_Other_Darknets%3F) 2017-12-28T19:15:00+01:00 19:15 0:45 Chaos West Stage self organized sessions talk en Nextcloud 13, about to be released, will include end-to-end encryption. We've come up with a way to encrypt files on the client without the server having any way to gain access to the plain text format, despite the server facilitating the sharing and such. In the talk we'll explain what we wanted to achieve and how we did it - input very much welcome, of course. https://nextcloud.com/endtoend https://events.ccc.de/congress/2017/wiki/index.php/Session:Nextcloud_End_to_End_Encryption 2017-12-28T15:30:00+01:00 15:30 0:20 Chaos West Stage self organized sessions talk en A timestamp proves that a message existed prior to some point in time; timestamps are occasionally referred to as “proofs-of-existence”. Being able to prove that data existed prior to a point in time is surprisingly useful. Let’s look at some use-cases to understand how Bitcoin Blockchain can help out here. We can have a hands on afterwards at the Bitcoin Assembly with Bitcoin Core Dev Peter Todd. Rootzoll https://events.ccc.de/congress/2017/wiki/index.php/Session:OpenTimestamps:_Scalable,_Trustless,_Distributed_Timestamping_with_Bitcoin 2017-12-28T17:00:00+01:00 17:00 1:00 Hive Stage self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Hacks/Hackers_Meetup 2017-12-28T14:00:00+01:00 14:00 0:45 Hive Stage self organized sessions workshop en How does Wikidata work, and how can I access it? Internals, Data models, APIs. Brightbyte https://www.wikidata.org/wiki/Wikidata:Data_access https://events.ccc.de/congress/2017/wiki/index.php/Session:Infrastructure_of_Wikidata 2017-12-29T00:00:00+01:00 00:00 5:30 Hive Stage self organized sessions other en We'll watch all of Serial Experiments Lain. Open to everyone! https://myanimelist.net/anime/339/Serial_Experiments_Lain https://events.ccc.de/congress/2017/wiki/index.php/Session:Lain_Marathon 2017-12-28T18:00:00+01:00 18:00 0:45 Hive Stage self organized sessions talk en Du kennst Wikipedia. Aber wer zur Hölle sind Wikimedia, MediaWiki, Wikidata? Was machen die? Was können sie für dich tun? Bonus: FAQ - Was du schon immer über WikiP/Media wissen wolltest, aber dich nie zu fragen trautest. Brightbyte https://events.ccc.de/congress/2017/wiki/index.php/Session:WikiWat! 2017-12-28T14:00:00+01:00 14:00 2:00 Komona Aquarius self organized sessions talk de https://events.ccc.de/congress/2017/wiki/index.php/Session:Bier_%26_Bass 2017-12-28T22:00:00+01:00 22:00 1:00 Komona Aquarius Elekroinstallation done wrong (Bilder schlechter E-Installation) self organized sessions talk de Fotosesseion über falsch gemachte Elektroinstallationen (Gruselkabinett) Eleitung https://events.ccc.de/congress/2017/wiki/index.php/Session:Elektrogruselkabinett 2017-12-28T20:00:00+01:00 20:00 1:30 Komona Aquarius self organized sessions hands-on en If by any chance you listened to the unicorn from ToSeBit on day 1 and want to know how it looks like on the other side this is your moment to get a look behind the curtain. I am making electronic 8bit music with my old Game Boy DMG and a program called Nanoloop. It is a 16 step looper that turns your old console into a fully fetched 4 channel synthesizer. I will play a bit around and show you what the program does and how it sounds and you will get your hands on if you want Bobo PK http://nanoloop.de/ https://events.ccc.de/congress/2017/wiki/index.php/Session:How_to_make_chiptune_with_a_Game_Boy_DMG 2017-12-28T16:00:00+01:00 16:00 2:00 Komona Aquarius self organized sessions Webmind https://events.ccc.de/congress/2017/wiki/index.php/Session:IT_%E2%80%93_technological_offensive_and_social_revolution 2017-12-28T18:00:00+01:00 18:00 2:00 Komona Aquarius self organized sessions workshop Dieser Workshop soll zeigen, wie es möglich ist mit eigenen Mitteln DJ-Controller/MIDI-Controller zu bauen. Gleichzeitig wird ein Einblick in die Open-Source DJ-Software MIXXX gezeigt und wie mit einem DIY-Controller mit eben jener Musik aufgelegt werden kann. Die wichtigsten Hardware Komponenten zum DIY-Controller bauen werden kurz vorgestellt. https://events.ccc.de/congress/2017/wiki/index.php/Session:Open_Source_DJing 2017-12-28T12:00:00+01:00 12:00 1:00 Komona Aquarius self organized sessions meeting en Since many years in several European countries the mix of hacking and politics had produced national gatherings and local spaces to express contents and share ideas (e.g. Plug'n'Politix Connect Congresses, hackon, Noisy^2, Backbone409, Italian and Iberian Hackmeetings). We think it would be great to bring the grassroot spirit and the critical view that drove these experiences to a bigger level, as it happened many years ago now in Pula (Croatia). We are proposing to whoever shares our self-managed non-institutional grassroot approach to subscribe a mailing list (thk@autistici.org) and try to create an European gathering on hacking and politics, to share experiences and ideas without being forced within political nor linguistic borders. Maxigas https://trans.hackmeeting.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TransHackMeeting 2017-12-28T18:00:00+01:00 18:00 1:00 Komona Coral Reef self organized sessions discussion en Discussion: A summary of my 3 years of work as privacy officer in the students committee peppered with anecdotes. I would like to meet other students and privacy officers and share experiences with them. Bobo PK https://events.ccc.de/congress/2017/wiki/index.php/Session:A_summery_of_my_work_as_privacy_officer_in_the_students_committee 2017-12-28T16:00:00+01:00 16:00 2:00 Komona Coral Reef self organized sessions meeting de Endstation is a group founded in early summer 2017 in Berlin on the matter of video surveillance in public space. Our main focus are the face recognition tests by German security authorities and the German train company (DB). We have been active during this year informing the public, press and people passing through the train station Südkreuz (test area) and protesting publicly. We consist of two things: the active group meeting regularly in Berlin and the mailing list which grew rapidly during this year. The idea of our meetup is to talk in real life to those people on the mailing list and to other people interested in our action. We will meet at 1Komona BIKINI (not Coral reef) Contact best via twitter @ENDSTATIONSUEDX http://endstation.jetzt/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Endstation_Meetup 2017-12-28T16:00:00+01:00 16:00 2:00 Komona Coral Reef self organized sessions workshop en Hedonist International Networking Meeting & Workshop for 2018s Congress Convoy (All Interested Creatures welcome!) https://events.ccc.de/congress/2017/wiki/index.php/Session:Hedonist_International_Networking_Meeting%2BWorkshop_for_2018s_Congress_Convoy 2017-12-28T22:00:00+01:00 22:00 2:00 Komona Coral Reef meeting room self organized sessions meeting en All creatues welcome to our networking gathering. Exchange experience, struggles and strategies from different actions, cities and countries. Establish new connections. Gather with fellows. Bring snacks and drinks. Alles allen. Katze https://events.ccc.de/congress/2017/wiki/index.php/Session:Komona_networking_gathering 2017-12-28T12:45:00+01:00 12:45 1:15 Komona Coral Reef self organized sessions workshop en We will learn mental models and techniques that anybody can use to learn how to draw and improve. You will not think of drawing as an entirely abstract, fuzzy process anymore. Also, we are going to draw cute animals. https://events.ccc.de/congress/2017/wiki/index.php/Session:Learning_to_draw_for_techies 2017-12-28T12:00:00+01:00 12:00 0:45 Komona Coral Reef Day 2 self organized sessions workshop en Hacktivism from time to time leads to imprisonment and repressions. There are several people right now siting in jail that consider themselves anarchist or did actions that are supported by anarchist community. Not to let those people alone in prison we would like to have every day 1 hour around the table, where we get to know the stories of imprisoned activists and write them some words of support with postcards/letters. You don't need any special skills for that. The postcards will be there for you. http://abcdd.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Letter_writing_to_prisoners,_sitting_in_jail_for_hacking 2017-12-28T22:00:00+01:00 22:00 1:40 Komona Coral Reef self organized sessions meeting en http://board.net/p/34c3-libraries https://events.ccc.de/congress/2017/wiki/index.php/Session:Paper_and_non-paper_libraries_exchange 2017-12-28T20:00:00+01:00 20:00 2:00 Komona Coral Reef self organized sessions workshop en Spieleberatung https://events.ccc.de/congress/2017/wiki/index.php/Session:Structures_for_self_organised_societies 2017-12-28T14:00:00+01:00 14:00 2:00 Komona Coral Reef self organized sessions workshop en session: We don't need new texts - we need new languages (Ronne Mübeck) https://events.ccc.de/congress/2017/wiki/index.php/Session:We_dont_need_new_texts_-_we_need_new_languages 2017-12-28T12:00:00+01:00 12:00 2:00 Komona D.Ressrosa self organized sessions workshop de Thomas Schoenberger, Polymath, Composer and Historian has created the first ever YouTube treasure map. What began as a quest to gather some of the most interesting minds and souls on this planet has now become a garden we can all tend together. Let us share ideas and clues together. cryptographic puzzles, classical music, visuals, phi, privacy, golden ratio, leonardo da vinci, wisdom, history, alchemy, treasure map, https://www.youtube.com/user/thomasschoenberger/videos https://events.ccc.de/congress/2017/wiki/index.php/Session:A_personal_epiphany_and_endless_inspection!_Meet_Sophia! 2017-12-28T20:00:00+01:00 20:00 2:00 Komona D.Ressrosa self organized sessions workshop en Alternatives Wirtschaften (Mar) https://events.ccc.de/congress/2017/wiki/index.php/Session:Alternatives_Wirtschaften 2017-12-28T13:30:00+01:00 13:30 0:30 Komona D.Ressrosa self organized sessions meeting Du hast mal die Drei Fragezeichen gehört und möchtest deine alten Kassetten loswerden? Du bist ein Fan der drei Fragezeichen? Du suchst Gleichgesinnte oder hoffst, dass jemand seine alten Kassetten nicht mehr benötigt? ;-) Nia https://events.ccc.de/congress/2017/wiki/index.php/Session:Die_Drei_Fragezeichen_%3F%3F%3F_-_Fans_treffen_sich! 2017-12-28T16:00:00+01:00 16:00 2:00 Komona D.Ressrosa self organized sessions workshop de Vorführung und Workshop: Digitales Graffiti auf Facebook (Lukas, Tobi) #netgraffiti https://events.ccc.de/congress/2017/wiki/index.php/Session:Digitales_Graffiti_auf_Facebook 2017-12-28T22:00:00+01:00 22:00 2:00 Komona D.Ressrosa meeting room self organized sessions meeting en All creatues welcome to our networking gathering. Exchange experience, struggles and strategies from different actions, cities and countries. Establish new connections. Gather with fellows. Bring snacks and drinks. Alles allen. Katze https://events.ccc.de/congress/2017/wiki/index.php/Session:Komona_networking_gathering 2017-12-28T18:00:00+01:00 18:00 1:00 Komona D.Ressrosa self organized sessions workshop de MASKIERTE GRUPPENDYNAMIK (Henk) https://riot.im/app/#/room/#maskdyn34c3:matrix.org https://events.ccc.de/congress/2017/wiki/index.php/Session:MASKIERTE_GRUPPENDYNAMIK_(Henk) 2017-12-28T19:00:00+01:00 19:00 1:00 Komona D.Ressrosa self organized sessions workshop de Sind wir schon cyborgs oder warum wir eine kulturelle techno-Revolution brauchen! (Anna) https://events.ccc.de/congress/2017/wiki/index.php/Session:Sind_wir_schon_Cyborgs%3F 2017-12-28T14:00:00+01:00 14:00 2:00 Komona D.Ressrosa self organized sessions workshop de Wie produziere ich mein eigenes Hörspiel mit Hilfe von freeware & free sounds (Benni) https://events.ccc.de/congress/2017/wiki/index.php/Session:Wie_produziere_ich_mein_eigenes_H%C3%B6rspiel 2017-12-28T20:00:00+01:00 20:00 2:00 Komona Blue Princess self organized sessions discussion en We will have a discussion of modern day anarchism, "anarcho-hacker" roots, and new social struggles, new culture from the old 1936 to new 2017 the fight continues - Also a place to organize actions on i2p and join our international collective: https://hispagatos.org/ - https://anarcho-hacker.info we will help people install i2p software on your GNU/Linux system. We will most likely start with the Submedia.TV documentary "hacking the system". Rek2 https://hispagatos.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Anarchist_hackers_-_Hispagatos_International_anarchist-hacker_collective 2017-12-28T13:00:00+01:00 13:00 1:00 Komona Blue Princess self organized sessions discussion en In these crictical days of net surveillance and abusing exploitation of users' data for private businesses profit, we need more than ever, to run and manage our own infrastructure for web and email services. In this session we want to discuss which solutions we are using for control panels, to manage accounts for our users, and let our users self-manage the services. Rama https://events.ccc.de/congress/2017/wiki/index.php/Session:Hosting_Control_Panels_for_self-managed_infrastructure 2017-12-28T22:00:00+01:00 22:00 2:00 Komona Blue Princess meeting room self organized sessions meeting en All creatues welcome to our networking gathering. Exchange experience, struggles and strategies from different actions, cities and countries. Establish new connections. Gather with fellows. Bring snacks and drinks. Alles allen. Katze https://events.ccc.de/congress/2017/wiki/index.php/Session:Komona_networking_gathering 2017-12-28T18:00:00+01:00 18:00 1:30 Komona Blue Princess self organized sessions discussion de We would like to invite you to discuss with us the possibilities of an Online-Radio-Station today. We are a group of cultural creators, musicians, artists, designers, social innovators and hackers based in Leipzig passionate to create a new non commercial Online-Radio-Station. We would like to consider the concept of the radio in the terms of modularity, adaptation to your everyday routines and moods and the impact it could have on the local scene connecting various projects, the alternative music scene, cultural institutions and events in a judicious and sensitive way. We're trying to figure in which ways it could and should be adapted to our current times without loosing its inherent qualities. https://events.ccc.de/congress/2017/wiki/index.php/Session:Radio_Neu 2017-12-28T16:00:00+01:00 16:00 1:20 Komona Blue Princess self organized sessions en Book launch of Technological Sovereignty, Volume 2 by Calafou contributors. Presentation of the concept, contents and process. Round table with some of the authors and contributors. Call for distributors and translators. Book is available at the event. Maxigas https://sobtec.gitbooks.io/sobtec2/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Sobtec2launch 2017-12-28T14:00:00+01:00 14:00 2:00 Komona Blue Princess self organized sessions Ronne Mübeck https://events.ccc.de/congress/2017/wiki/index.php/Session:We_don%27t_need_new_texts_-_we_need_new_languages 2017-12-28T10:00:00+01:00 10:00 8:00 Kidspace Lötworkshop self organized sessions workshop de Lötworkshop, der Teil des Junghackertags ist Bausätze Löten B https://www.ccc.de/schule https://events.ccc.de/congress/2017/wiki/index.php/Session:Chaos_Macht_Schule_L%C3%B6tworkshop 2017-12-28T15:00:00+01:00 15:00 2:00 Kidspace Throwies Basteln self organized sessions hands-on de Ein Throwie ist eine LED, die durch eine Knopfzellenbatterie zum Leuchten gebracht wird und an die man einen Magneten klebt. https://events.ccc.de/congress/2017/wiki/index.php/Session:Throwies 2017-12-28T12:00:00+01:00 12:00 4:00 Kidspace Trickfilm Workshop self organized sessions workshop de Trickfilm-Workshop: Mach deinen eigenen Trickfilm! Du kannst dafür eigene Zeichnungen, Scherenschnitte und Bildhintergründe erstellen und am Computer animieren. Die Filme könnt ihr später auf Trixmix.tv sehen und herunterladen. Auf Trixmix.tv kann jeder eigene Trickfilme online erstelen. Alle Zeichungen aus dem kollektiv erstellten Bildwörterbuch können dafür verwenden. Viel Spaß! Die Webseite ist zusammen mit Trickmisch.de, einer Sprachschule von uns für Ankommende mit Hilfe von Trickfilmen entstanden. http://www.trickmisch.de http://www.trixmix.tv https://events.ccc.de/congress/2017/wiki/index.php/Session:Trickmisch 2017-12-28T12:00:00+01:00 12:00 00:45 Open Infra Stage 34c3-ffc-27-demining_immer_noch_handarbeit lecture de false Sebastian 2017-12-28T13:00:00+01:00 13:00 01:00 Open Infra Stage 34c3-ffc-26-satnogs_hands-on Operating a global ground station network lecture false Nikos Roussos Pierros Papadeas 2017-12-28T14:00:00+01:00 14:00 01:00 Open Infra Stage 34c3-ffc-25-dmr_im_amateurfunk Einführung und praktische Anwendung im Brandmeister Netz lecture false planlos 2017-12-28T15:00:00+01:00 15:00 00:45 Open Infra Stage 34c3-ffc-23-qaul_net_internet_independent_freifunk-compatible_mesh_communication_app en false Math spacecookie 2017-12-28T16:00:00+01:00 16:00 00:45 Open Infra Stage 34c3-ffc-22-nfrastructure_from_public_welfare_to_commons lecture false vgrass 2017-12-28T17:00:00+01:00 17:00 00:15 Open Infra Stage 34c3-ffc-44-funken_mit_der_iss lightning_talk de false Lars 2017-12-28T19:00:00+01:00 19:00 00:30 Open Infra Stage 34c3-ffc-46-kommunikationsstandards_im_gesundheitswesen lecture de false Plaste 2017-12-28T20:30:00+01:00 20:30 00:45 Open Infra Stage 34c3-ffc-18-gemeinutzigkeit_fur_freifunk lecture de false Markus, ffda 2017-12-28T14:00:00+01:00 14:00 01:30 Meetup Domo 34c3-ffc-24-knotenkunde Seile für 10 Personen vorhanden oder eigene Seile mitbringen. workshop false Iuv Nico 2017-12-28T16:00:00+01:00 16:00 01:00 Meetup Domo 34c3-ffc-21-moonbird_operator_briefing workshop false Ralf 2017-12-28T17:00:00+01:00 17:00 00:45 Meetup Domo 34c3-ffc-20-vorstellung_offener_erfahrungsaustausch (Landes-)Förderungen (NRW, NDS, Sachsen-Anhalt, Berlin, Thüringen, ..) meeting de false Arwed 2017-12-28T18:00:00+01:00 18:00 01:00 Meetup Domo 34c3-ffc-28-political_advocacy_for_community_networks_at_the_eu_level state of play and perspectives meeting false Felix 2017-12-28T11:00:00+01:00 11:00 1:00 Assembly:Kidspace Workshop self organized sessions game de Hi, wir wollen gemeinsam ein Spiel entwickeln. Genauer gesagt machen wir einen pen&paper mini "Game Jam". Hierbei finden sich normalerweise aus allen Disziplinen der Gamesbranche Beteiligte zusammen um in einem lockeren Umfeld Spiele/Spielideen zu entwickeln. Ich möchte dieses Konzept gerne mit Kindern umsetzen; ohne Computer ;0) Es geht um Grundlegende Spielmechanismen und deren Kreative Umsetzung. Ich freue mich auf viele motivierte Kinder ;o) Lydia https://events.ccc.de/congress/2017/wiki/index.php/Session:%22Pen%26Paper%22_Game_Jam 2017-12-28T12:00:00+01:00 12:00 1:00 Assembly:Kidspace Workshop self organized sessions game de Hi, wir wollen gemeinsam ein Spiel entwickeln. Genauer gesagt machen wir einen pen&paper mini "Game Jam". Hierbei finden sich normalerweise aus allen Disziplinen der Gamesbranche Beteiligte zusammen um in einem lockeren Umfeld Spiele/Spielideen zu entwickeln. Ich möchte dieses Konzept gerne mit Kindern umsetzen; ohne Computer ;0) Es geht um Grundlegende Spielmechanismen und deren Kreative Umsetzung. Ich freue mich auf viele motivierte Kinder ;o) Lydia https://events.ccc.de/congress/2017/wiki/index.php/Session:%22Pen%26Paper%22_Game_Jam 2017-12-28T16:00:00+01:00 16:00 1:00 Assembly:Kidspace Workshop self organized sessions game de Hi, wir wollen gemeinsam ein Spiel entwickeln. Genauer gesagt machen wir einen pen&paper mini "Game Jam". Hierbei finden sich normalerweise aus allen Disziplinen der Gamesbranche Beteiligte zusammen um in einem lockeren Umfeld Spiele/Spielideen zu entwickeln. Ich möchte dieses Konzept gerne mit Kindern umsetzen; ohne Computer ;0) Es geht um Grundlegende Spielmechanismen und deren Kreative Umsetzung. Ich freue mich auf viele motivierte Kinder ;o) Lydia https://events.ccc.de/congress/2017/wiki/index.php/Session:%22Pen%26Paper%22_Game_Jam 2017-12-28T16:00:00+01:00 16:00 2:00 Assembly:Kidspace self organized sessions workshop de postapokalyptische fidget spinner basteln aus alten kugellagern und (elektro)schrott. making postapocalyptic fidget spinner from old bearings and (electronic)scrap. upcycling workshop https://p0stap0calyptic.wordpress.com/fidgetspinnerworkshop/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Postapocalyptic_fidget_spinner_workshop 2017-12-28T20:00:00+01:00 20:00 0:45 Esszimmer self organized sessions discussion de Audible Magic Corp., a US producer of media filtering software (see DE Wikipedia:https://de.wikipedia.org/wiki/Audible_Magic) is currently touring the policy makers in Brussels, who are about to decide whether there will be a general rule to implement content pre-filtering on all digital platforms with significant amounts of user-generated content. Such filters are meant – at least at the current stage – to prevent copyright infringements by keeping infringing content from being uploaded to the platforms. They can, of course, later also be used to censor any other kind of recognisable content, and thus pose a massive threat to freedom of speech on the net. But even for the copyright-related purpose they are probably unsuitable, as they cannot process, let alone weigh the context of an upload, as a human can. Therefore the exceptions & limitations built into copyright law would become practically irrelevant, once such a net-wide filtering infrastructure based on automated filtering is in place. In this session we want to discuss whether and how the technology behind Audible Magic's filtering solutions can be hacked in order to analyse its capabilities and shortcomings. If successful, this analysis could greatly influence the policy discussions on the EU level, that will enter a crucial phase in early 2018. John Weitzmann (WMDE) https://events.ccc.de/congress/2017/wiki/index.php/Session:(Wie)_Audible_Magic_hacken%3F 2017-12-28T12:00:00+01:00 12:00 0:45 Esszimmer Calliope Workshop 1 self organized sessions workshop de Kinder ab 8 Jahren sind herzlich willkommen ihre ersten Erfahrungen mit dem Programmieren zu machen. Wer an Tag 3 oder 4 noch Lust auf Calliope Workshops hat, der ruft einfach mal an: DECT: 8843 oder mobile: null eins sechs drei 362 534 0 DerMicha http://calliope.cc https://events.ccc.de/congress/2017/wiki/index.php/Session:Calliope_Workshops 2017-12-28T13:00:00+01:00 13:00 1:00 Esszimmer Calliope Workshop 2 self organized sessions workshop de Kinder ab 8 Jahren sind herzlich willkommen ihre ersten Erfahrungen mit dem Programmieren zu machen. Wer an Tag 3 oder 4 noch Lust auf Calliope Workshops hat, der ruft einfach mal an: DECT: 8843 oder mobile: null eins sechs drei 362 534 0 DerMicha http://calliope.cc https://events.ccc.de/congress/2017/wiki/index.php/Session:Calliope_Workshops 2017-12-28T14:00:00+01:00 14:00 2:00 Esszimmer self organized sessions workshop de Bei CryptoParties kommen alle zusammen und tauschen praktische Tipps aus, z.B. welcher Messenger sicherer ist, wie ein gutes Passwort funktioniert oder wie Du anonym im Internet surfen kannst. Keine Anmeldung erforderlich und sehr gern eigenes Gerät mitbringen. Offen für alle, ganz besonders alle ohne Vorkenntnisse! Nomi http://cryptoparty.in https://events.ccc.de/congress/2017/wiki/index.php/Session:CryptoParty_f%C3%BCr_Kinder_und_Jugendliche 2017-12-28T16:00:00+01:00 16:00 1:45 Esszimmer self organized sessions workshop de How to improve learning and teaching with open education and digital tools? In the past year, volunteers in self-organized edulabs started to develop new concepts, tools and materials to foster participation in schools. In this workshop we discuss our experiences with improving the edu system so far, and want to invite you to start/build/share/connect your own projects. NMarkus Mavo http://www.edulabs.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Edulabs-Workshop 2017-12-28T19:00:00+01:00 19:00 0:45 Esszimmer OParl-Workshop (technisch) self organized sessions discussion de OParl ist ein Datenstandard für kommunale Entscheidungen, welche in Ratsinformationssystemen gespeichert werden. Mit den Daten kann man Transparenz und Beteiligung vor Ort fördern. Auf dem 33C3 stand der Standard in den Kinderschuhen, nun findet er zunehmend Verbreitung. Wir - ein Team der Open Knowledge Foundation - wollen den Stand der Dinge präsentieren gemeinsam über die Zukunft reden: Anwendungen, Standard-Weiterentwicklung, weitere Verbreitung. Anschließend ab 19:00 gibt es einen technischen Workshop zu OParl. https://oparl.org https://events.ccc.de/congress/2017/wiki/index.php/Session:OParl:_ein_Datenstandard,_um_politische_Entscheidungen_transparent_zu_machen 2017-12-28T18:00:00+01:00 18:00 1:00 Assembly:Physikfachschaft Rostock What Lasers Are And How They Work self organized sessions talk de Lasers are a relatively young technology. Nowadays they are an essential part of our world's technology, but have you ever wondered how they work? We are here to tell you! KiNaudiz Kaminazuki https://events.ccc.de/congress/2017/wiki/index.php/Session:A_Solution_To_A_Problem_That_Did_Not_Exist_50_Years_Ago 2017-12-28T15:00:00+01:00 15:00 0:30 Assembly:Physikfachschaft Rostock self organized sessions talk de Music theory can seem overly complicated due to a lot of old vocabulary that's not as easy to understand nowadays. But using Hilbertspace theory we might be able to create a universal language for music theory that's easy to understand for anyone – anyone who is familiar with higher mathematics, that is. KiNaudiz https://events.ccc.de/congress/2017/wiki/index.php/Session:Hilbertspace_Theory_%E2%80%93_Music_Theory%27s_New_Clothes 2017-12-28T20:00:00+01:00 20:00 1:00 Hall 3 self organized sessions talk en Tracking users and managing their online identity across multiple services is the cornerstone of the dominance of the Internet by the big OTTs. Currently, Google, Facebook and other companies who live off user data monetization are the only ones offering Internet-wide single-sign-on services to average users; these services build more walled gardens which give no choice, no rights and no freedoms to the users. This is why it is strategically important to create an open alternative: a federated, public, free identity infrastructure for the Internet that would give users the same level of convenience and security, but empower them to choose their identity provider and control which personal information is shared and to whom. The session will open with a general presentation, including data, of how the big OTTs are growing and focusing their revenue sources on advertising and on tracking online identities, centralizing the economy of the Internet and of the world, to prove how crucial this issue is. Then, the talk will discuss introduce the work done within the DomainID/iNetID project to create a decentralized public identity infrastructure for the open Internet, going into technical details on the proposed architecture, and looking for community feedback and participation. Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:A_public_identity_infrastructure_to_defend_the_open_Internet 2017-12-28T14:00:00+01:00 14:00 2:00 Assembly:Jugend hackt self organized sessions hands-on de Zwischen 14:00 und 16:00 könnt ihr im Werkstattraum der Jugend hackt Assembly vorbeikommen (direkt neben dem Kidsspace). Dort bauen wir lustige, blinkende Alpaka Karten. Es bedarf keinerlei Vorkenntnisse und man kann einfach vorbei kommen. Eine Karte zu basteln dauert zwischen 10 und 15 Minuten, also perfekt um sich zwischendurch die Zeit zu vertreiben. Wir basteln die Karten so lange der Vorrat reicht :) Rinhia https://jugendhackt.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Alpaka-Party 2017-12-28T13:00:00+01:00 13:00 3:30 Assembly:HardwareHackingArea Day 2 self organized sessions workshop en ''Learn Arduino using TV-B-Gone as an example project''<br /> <br /> You've probably heard lots about '''Arduino'''. But if you don't know what it is, or how you can use it to do all sorts of cool things, then this fun and easy workshop is for you. As an example project, we'll be creating a '''TV-B-Gone''' remote control out of an '''Arduino''' you can take home with you.<br /> <br /> ''(This is one of many cool things happening throughout 34C3 in the huge '''Hardware Hacking Area!)'''''<br /> <br /> This workshop will be given twice<br />(both identical):<br /> &nbsp;&nbsp;&nbsp;Day 2: 28-Dec, 1pm - 4:30pm<br /> &nbsp;&nbsp;&nbsp;Day 3: 29-Dec, 1pm - 4:30pm<br /> Maltman23 http://cornfieldelectronics.com/cfe/projects/tvbg_arduino/tvbg_arduino_workshop.php https://events.ccc.de/congress/2017/wiki/index.php/Session:ArduinoForTotalNewbies 2017-12-28T17:30:00+01:00 17:30 2:30 Assembly:HardwareHackingArea Day 2 self organized sessions workshop en The Intro to Arduino shield is a simple kit which plugs into an Arduino Uno or similar. It includes a button, light sensor (LDR) and red green blue LED. The LED can be controlled as a digitial or an analog output, the button is a digitial input and the sensor is an analog input. Hammes Hacks http://hammeshacks.com/intro/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Intro_to_Arduino_Shield_Soldering_and_Programing 2017-12-28T11:00:00+01:00 11:00 12:59 Assembly:HardwareHackingArea Day 2 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2017/wiki/index.php/Session:LearnToSolder 2017-12-28T11:00:00+01:00 11:00 1:30 Assembly:HardwareHackingArea Day 2 Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-28T22:00:00+01:00 22:00 1:00 Assembly:HardwareHackingArea Synth Meetup & Jam self organized sessions hands-on en Let's bring some synths, talk about them and have a fun jam session! Tiefpunkt https://events.ccc.de/congress/2017/wiki/index.php/Session:Synth_Jam 2017-12-28T20:00:00+01:00 20:00 1:00 Assembly:HardwareHackingArea self organized sessions discussion en Could Berlin benefit from a new hackerspace? Let us all discuss! https://events.ccc.de/congress/2017/wiki/index.php/Session:Workshop:_Can_Berlin_benefit_from_a_new_hackerspace%3F 2017-12-28T21:00:00+01:00 21:00 2:00 Assembly:Foodhackingbase self organized sessions meeting de Beer Tasting @ FHB Salomonderossi https://foodhackingbase.org/wiki/34c3_beer_tasting https://events.ccc.de/congress/2017/wiki/index.php/Session:Beer_Tasting_@_FHB 2017-12-28T19:00:00+01:00 19:00 1:30 Assembly:Foodhackingbase self organized sessions meeting en https://foodhackingbase.org/wiki/34c3_cheese_rendez-vous https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Cheese_Rendez-vous 2017-12-28T20:30:00+01:00 20:30 1:30 Assembly:Foodhackingbase self organized sessions meeting en https://foodhackingbase.org/wiki/34c3_cheese_rendez-vous https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Cheese_Rendez-vous 2017-12-28T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on en At this workshop you will learn how to make your own kefir ferments using the kefir grain culture. https://foodhackingbase.org/wiki/Kefir_making_34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Kefir_Making 2017-12-28T14:00:00+01:00 14:00 0:45 Assembly:Dolphin Emulator self organized sessions game en Play wireless multiplayer games with us, especially Mario Kart. Also pull out your Switches while waiting for talks. If enough people are around you can find wireless Mario Kart multiplayer matches to join. Look out for neon JoyCons in the audience. If there is no host to join, host your own match https://events.ccc.de/congress/2017/wiki/index.php/Session:Bring_your_own_Nintendo_Switch 2017-12-28T16:00:00+01:00 16:00 1:00 Hive Conference Calliope Workshop 3 self organized sessions workshop de Kinder ab 8 Jahren sind herzlich willkommen ihre ersten Erfahrungen mit dem Programmieren zu machen. Wer an Tag 3 oder 4 noch Lust auf Calliope Workshops hat, der ruft einfach mal an: DECT: 8843 oder mobile: null eins sechs drei 362 534 0 DerMicha http://calliope.cc https://events.ccc.de/congress/2017/wiki/index.php/Session:Calliope_Workshops 2017-12-28T17:00:00+01:00 17:00 1:00 Hive Conference Calliope Workshop 4 self organized sessions workshop de Kinder ab 8 Jahren sind herzlich willkommen ihre ersten Erfahrungen mit dem Programmieren zu machen. Wer an Tag 3 oder 4 noch Lust auf Calliope Workshops hat, der ruft einfach mal an: DECT: 8843 oder mobile: null eins sechs drei 362 534 0 DerMicha http://calliope.cc https://events.ccc.de/congress/2017/wiki/index.php/Session:Calliope_Workshops 2017-12-28T14:00:00+01:00 14:00 1:00 Hive Conference self organized sessions meeting de We will meet at the c-base conference room Day 2, 14:00 Muck https://childgrowthmonitor.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Child_Growth_Monitor 2017-12-28T10:00:00+01:00 10:00 1:00 Hive Conference self organized sessions workshop en We will document tongue twisters by writing them down, recording them being spoken, and translating them into other languages. https://thomaslevine.com/scm/langrompiloj/dir?ci=tip https://events.ccc.de/congress/2017/wiki/index.php/Session:Tongue_twisters_(Zungenbrecher) 2017-12-28T09:00:00+01:00 09:00 8:00 Assembly:Chaos West self organized sessions workshop de "Chaos macht Schule" (CmS) Blinkenrocket Lötworkshop / Blinkenrocket Soldering workshop Mx https://events.ccc.de/2017/12/15/einladung-zum-junghackertag-auf-dem-34c3/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Chaos_macht_Schule_L%C3%B6tworkshop 2017-12-28T10:10:00+01:00 10:10 1:20 CCL Hall 2 "Progmmieren lernen mit Raspberry Pi und Co." self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-28T13:00:00+01:00 13:00 0:30 CCL Hall 2 Interview mit Kathrin Meuthen von deloitte self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-28T16:35:00+01:00 16:35 0:25 CCL Hall 2 Live-Beitrag in Forschung Aktuell self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-28T17:00:00+01:00 17:00 1:00 CCL Hall 2 Studiogespräch self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-28T16:00:00+01:00 16:00 2:00 Assembly:MOiN - Mehrere Orte im Norden Day 2 - First Workshop self organized sessions workshop en We will buld wallets made of ductape (or german Gaffer). This will take you around 2h. We will have some examples walltets and a lot of ductape. You need todo the rest by yourself and the help of the other people. Here is an example:https://www.wikihow.com/Make-a-Duct-Tape-Wallet https://events.ccc.de/congress/2017/wiki/index.php/Session:Diy-ductape-wallets 2017-12-28T19:00:00+01:00 19:00 3:00 Assembly:TAMI Smart candies workshop self organized sessions workshop en Smart candy, workshop for idiots. Yair99 http://idiot.io https://events.ccc.de/congress/2017/wiki/index.php/Session:Electrodibles 2017-12-28T21:00:00+01:00 21:00 1:45 Assembly:Free Software Foundation Europe self organized sessions hands-on en A session about ethics and technics on mobile phones, about flashing, modifying and taking back control by using Free Software. We like to exchange latest knowledge about freedom on mobile devices and have 4 Fairphones 2 to hack and dissamble. Also bring your own device to showcase. Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:Flashing_(Fair-)phones_with_Custom_Roms,_F-Droid_etc. 2017-12-29T00:45:00+01:00 00:45 0:45 self organized sessions game de Freundliches Flunkyballmatch nach bremer Regeln: https://www.spielwiki.de/Flunkyball#Bremen Spielbier: 0,33 Stubbi-Flaschen (DIN 6199); bitte pro Spieler 3 Stk. mitbringen. Treffen: 29.12. 00:45 Uhr (die Nacht von Tag 2 auf Tag 3, parallel zum Hacker-Jeopardy) Throw-Off: 01:00 Uhr Ort: Seeufer Merkurbrunnen in der Nähe vom Haupteingang --- Friendly game of Flunkyball, Bremen rules apply: https://www.spielwiki.de/Flunkyball_Eng Game beer: 0.33L short bottle (DIN 6199); please bring 3 beers per player. Meet: 29th Dec. 12:45 am (the night of day 2 to day 3, same time as Hacker-Jeopardy) Throw-Off: 01:00 am Location: lakeside of "Merkurbrunnen" close to the main entrance LeDoc https://events.ccc.de/congress/2017/wiki/index.php/Session:Flunkyball 2017-12-28T22:15:00+01:00 22:15 1:00 self organized sessions game We (the university flunkyball team from Paderborn) are going to play some nice games of flunkyball. ApolloLV http://upb-flunkyteam.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Flunkyball_Day_2 2017-12-28T17:00:00+01:00 17:00 2:00 self organized sessions meeting en A discussion forum on removing bugs from apples, helping them grow, and releasing them into the wild. Argp@zfree.racing Q@iokit.racing https://events.ccc.de/congress/2017/wiki/index.php/Session:IOSRE 2017-12-28T20:00:00+01:00 20:00 3:00 self organized sessions other de A Karaoke Vehikel that drives around the congress in the evening. https://events.ccc.de/congress/2017/wiki/index.php/Session:Karaoke-Taxi 2017-12-28T12:30:00+01:00 12:30 1:00 self organized sessions discussion en Curious about what Oi4P is and how we do it? Come chat! Find us at the intersection of sociology, politics and law. Oooor here: https://34c3.c3nav.de/l/labitat/ http://www.oi4p.com https://events.ccc.de/congress/2017/wiki/index.php/Session:Meet_OptIn4Privacy 2017-12-28T23:00:00+01:00 23:00 0:01 self organized sessions de https://gitlab.com/chaos-siegen/oektion/vortrag-g20-gg20 https://events.ccc.de/congress/2017/wiki/index.php/Session:Nanooq:_G20_und_GG%C2%A720 2017-12-28T17:45:00+01:00 17:45 0:30 For twinks to meet! self organized sessions meeting de Meetup for all the twinks! Establishing new friendships and exchanging cuddles, we try to be newbie- and introvert-friendly, so you can come even if you don't know anybody yet! We might find someone to go get dinner together after we met! Gecko https://events.ccc.de/congress/2017/wiki/index.php/Session:Twink_Geeks_Gathering_-_Flausch_f%C3%BCr_Jungs 2017-12-28T22:00:00+01:00 22:00 2:00 Assembly:TeaHouse self organized sessions meeting en A gathering of lainons at the TeaHouse https://lainchan.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Lainchan_Meetup 2017-12-28T16:00:00+01:00 16:00 1:00 Assembly:TeaHouse Let's talk about practicalities of internet censorship circumvention self organized sessions talk en Let's talk about practicalities of internet censorship circumvention, from the perspective of the reader/user, and from the perspective of the publisher. From the point of view of the reader/user, there is Tor, there are VPNs, there are proxies. While useful and effective, these tools are often illegal, and blocked, in a rising number of countries. Centralized appstores also are obviously revealing themselves as a problem (no surprise to many Internet activists) by blocking VPN apps in certain areas as requested by governments (like Apple in China). From the point of view of the publisher, a solution is needed that does not require the readers/users to install specific software. Requiring or expecting a large population of people to install Tor Browser has proved not to be a workable solution, for example. Domain fronting is in its infancy, browsers still do not support it, and we have seen SNI-based blocking of TLS traffic in the wild - not to mention, it relies on large, centralized providers to front for you. Again, this can mean a government has a way of pushing your content off of the Net simply by using the pressure points of a given large provider. Mobile apps might be a solution, but again, they require cooperation of large appstores. There really doesn't seem to be a good solution. Rysiek https://events.ccc.de/congress/2017/wiki/index.php/Session:Let%27s_talk_about_practicalities_of_internet_censorship_circumvention 2017-12-28T13:00:00+01:00 13:00 1:00 Assembly:TeaHouse Unwind with a Mate self organized sessions workshop de Uninterrupted Mate drinking sessions during the first three days of the Congress during the day time. Whether you just want to drink a Mate between sessions, learn how to make one or take a fresh mate with hot water to a thermos. stop by. We will be there to attend to all of your mate tea needs and answer questions. http://www.metamate.cc https://events.ccc.de/congress/2017/wiki/index.php/Session:Mate_Making_%26_Drinking 2017-12-28T16:00:00+01:00 16:00 1:00 Assembly:TeaHouse [https://events.ccc.de/congress/2017/wiki/index.php/Session:Let%27s_talk_about_practicalities_of_internet_censorship_circumvention Let's talk about practicalities of internet censorship circumvention] ([[User:Rysiek]]) self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T17:30:00+01:00 17:30 1:00 Assembly:TeaHouse Draw me crypto self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T19:00:00+01:00 19:00 1:00 Assembly:TeaHouse Stories from the Frontlines self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T20:30:00+01:00 20:30 0:45 Assembly:TeaHouse Radio Dabanga Massive audience engagement in (human rights/humanitarian) reporting self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T13:00:00+01:00 13:00 1:00 Assembly:TeaHouse Meta Mate self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T23:00:00+01:00 23:00 1:00 Assembly:TeaHouse CiTiZEN KiNO #69 : Electric Sheep REvisited x2 self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T14:30:00+01:00 14:30 0:45 Assembly:TeaHouse Glider Ink: hacker movement in the popular culture self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-28T17:00:00+01:00 17:00 1:00 Assembly:ChaosZone self organized sessions meeting de A user and maintainer meetup about NixOS, an advanced Linux distribution based on the Nix package manager. Makefu Mic92 https://nixos.org https://events.ccc.de/congress/2017/wiki/index.php/Session:NixOS_Meetup 2017-12-28T16:00:00+01:00 16:00 1:00 Assembly:Bitcoin self organized sessions hands-on en Exploit Smart Contracts on the Ethereum Blockchain. Capture the flag. Bring your Laptop. https://ethernaut-devcon3.zeppelin.solutions/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Smart_Contract_Hacking 2017-12-28T15:15:00+01:00 15:15 1:30 Assembly:Stratum 0 self organized sessions game en We want to play a quick and fun game of Nomic. Nomic is a game where all the rules of the game can be changed by the players. MentalShirt https://events.ccc.de/congress/2017/wiki/index.php/Session:Speed_Nomic 2017-12-28T15:00:00+01:00 15:00 3:00 Assembly:VR A-Frame Workshop self organized sessions de Introduction into Mozilla A-Frame at the VR-Assembly https://events.ccc.de/congress/2017/wiki/index.php/Session:VR-Workshop 2017-12-28T19:30:00+01:00 19:30 1:00 Assembly:VoidLinux self organized sessions meeting ab Meet and greed with other void users and gals from the core team. Gottox https://voidlinux.eu https://events.ccc.de/congress/2017/wiki/index.php/Session:VoidLinux_User_Meetup 2017-12-28T10:00:00+01:00 10:00 1:30 Assembly:Weisswurscht.is self organized sessions hands-on de Es gibt 100 Portionen (2 Weißwürste, 1 Breze, süßer Senf). Spendenempfehlung 3€. Einweggeschirr vorhanden. We will provide 100 servings of bavarian veal sausages (2 sausages, 1 pretzel, sweet mustard). Recommended donation 3€. Disposable plates and cutlery are available. Exxess https://events.ccc.de/congress/2017/wiki/index.php/Session:Weisswurstfr%C3%BChst%C3%BCck /system/events/logos/000/008/922/large/minkorrekt.jpg?1507903697 2017-12-29T11:30:00+01:00 11:30 02:00 Saal Adams 34c3-8922-methodisch_inkorrekt Die Wissenschaftsgala vom 34C3 Entertainment other de Der IgNobelpreis ist eine Auszeichnung, um wissenschaftliche Leistungen zu ehren, die „Menschen zuerst zum Lachen, dann zum Nachdenken bringen“ („to honor achievements that first make people laugh, and then make them think“). Wir erklären die Preisträger 2017 in gewohnter Minkorrekt-Manier. Es geht um Kaffeetrinken, flüssige Katzen und ganz viele primäre Geschlechtsteile. Eigentlich ein Podcast, der alle 14 Tage erscheint. Gelegentlich aber auch auf Bühnen. Aber immer im Dienste der Wissenschaft. Echt jetzt. It works, bitches! CC BY 4.0 false Nicolas Wöhrl @ReinhardRemfort Minkorrekt 32c3 2017-12-29T13:45:00+01:00 13:45 00:30 Saal Adams 34c3-9291-regulating_autonomous_weapons The time travelling android isn’t even our biggest problem Ethics, Society & Politics lecture en Depending on the definition, autonomous weapon systems do not and might never exist, so why should we care about killer robots? It is the decline of human control as an ongoing trend in military systems and the incapacity of computing systems to „understand“ human beings and the nature of war that is worrisome. Therefore, the envisaged military advantages come at a price as the technology raises legal, ethical, and security concerns. The good news: Scientists and NGOs have taken up these concerns and States address the issue within the UN Convention on Certain Conventional Weapons (CCW), where a ban of the development and use of autonomous weapons is possible. The bad news: States Parties might not find a consensus for a necessary regulation. The talk will discuss these pressing issues to support civil society in addressing the regulation of lethal autonomous weapons (LAWS). false Anja Dahlmann Campaign to Stop Killer Robots UN Convention on Certain Conventional Weapons (CCW) 2017-12-29T14:30:00+01:00 14:30 00:30 Saal Adams 34c3-9095-antipatterns_und_missverstandnisse_in_der_softwareentwicklung Eine Geschichte voller Missverständnisse Ethics, Society & Politics lecture de Anhand von Anekdoten aus 20 Jahren Softwareentwicklung versucht der Vortrag herauszuarbeiten, was in der Praxis zu scheiternden Projekten führt. Es geht nicht um Programmierfehler sondern um Fehler in der Herangehensweise, den Prozessen, falsche Anreize, etc. Bei den Antipatterns geht es um Dinge, die aus den falschen Gründen gemacht werden -- etwa einen Monolithen in eine Microservice-Architektur überführen, aber dann bei einem verteilen Monolithen rauskommen. Ein gemeinsames Muster ist, dass man mit chirurgischer Präzision die Vorteile eines Ansatzes gezielt umgeht, aber großzügig jeden einzelnen Nachteil mitnimmt. CC BY 4.0 false Fefe 2017-12-29T15:15:00+01:00 15:15 01:00 Saal Adams 34c3-8994-vintage_computing_for_trusted_radiation_measurements_and_a_world_free_of_nuclear_weapons Hardware & Making lecture en Eliminating nuclear weapons will require trusted measurement systems to confirm authenticity of nuclear warheads prior to their dismantlement. A new idea for such an inspection system is to use vintage hardware (Apple IIe/6502) instead of modern microprocessors, reducing the attack surface through simplicity. In the talk, we present and demo a custom open hardware measurement system based on gamma spectroscopy. Twenty-five years after the end of the Cold War, there are still about 15,000 nuclear weapons in the arsenals of the nine nuclear weapon states. After an era of transparency, cooperation, and confidence-building in the 1990s, progress in nuclear arms control has slowed down in the 2000s and is currently in a crisis. The newly negotiated Treaty on the Prohibition of Nuclear Weapons (“Ban Treaty”) and the 2017 Nobel Peace Prize have given new attention to the enduring threat posed by these weapons and the urgency of further reductions. Any further progress toward nuclear disarmament will have to rely on robust verification mechanisms, especially while there is limited trust among relevant states. This requires trusted measurement systems to confirm the authenticity of nuclear warheads based on their radiation signatures. These signatures are considered sensitive information, the systems have to be designed to protect them. To accomplish this task, so-called “information barriers” have been proposed. These devices process the sensitive information acquired during an inspection, but only display results in a pass/fail manner. Traditional inspection systems rely on complex electronics both for data acquisition and processing. Several research efforts have produced prototype systems following fundamentally different design philosophies, but it has proven difficult to demonstrate that hidden switches and side channels do not exist. After almost 30 years of research and development, no viable and widely accepted system has emerged. We pursue a fundamentally different approach: Our prototype of an inspection system uses vintage hardware built around a 6502 processor. The processor uses 8-micron technology (about 600 times larger than current 14-nanometer technology) and has only about 3500 transistors. Vintage hardware may have a number of important advantages for applications where two parties need to simultaneously establish trust in the hardware used. CPUs designed in the distant past, at a time when their use for sensitive measurements was never envisioned, drastically reduce concerns that the other party implemented backdoors or hidden switches on the hardware level. Today, the design of the 6502 is de-facto open source, and several projects have explored the hardware in great detail (visual6502.org, monster6502.com). The technology is so basic that it would be difficult or impossible to surreptitiously implement extra functionalities that could be used to leak secret information. For the same reason, however, using vintage hardware also comes at a price, as the performance of the inspection system is limited, and data acquisition and processing has to be designed and highly optimized accordingly. In this talk, we demonstrate the performance of the inspection system in an actual inspection setting. For this purpose, we built a prototype system using an Apple IIe and a custom-made open-source data-processing board connected to a sodium-iodide radiation detector for low-resolution gamma spectroscopy. Data processing and analysis is exclusively done on the Apple IIe hardware. In inspection mode, the Apple IIe is used as an information barrier, and the result of the analysis is simply displayed by a green/red (pass/fail) LED on the data-processing board. To wrap up, we discuss the broader context required for verifying deeper cuts in the nuclear arsenals and demonstrate the system as part of a notional inspection scenario, including its capability to detect basic cheating scenarios, in which a dishonest party presents an invalid item that has a different radiation signature. CC BY 4.0 false Moritz ALX Slides 2017-12-29T16:30:00+01:00 16:30 01:00 Saal Adams 34c3-9240-cryptocurrencies_smart_contracts_etc_revolutionary_tech short answer: Yes! Ethics, Society & Politics lecture en Bitcoin arrived eight years ago, and has now spawned a dazzling array of follow-on technologies, including smart contracts, censorship-resistant computation, trustless databases (“blockchains”) and more. This talk attempts to highlight a few of the most significant developments in both technology and in society's response to it, including some nation-state governments banning cryptocurrencies and/or launching their own cryptocurrencies. This talk will briefly summarize in broad strokes what previously-impossible technologies have now been proven and deployed (starting with Bitcoin), as well as the general outlines of nascent technologies are currently under development. It will also briefly outline the evolution of the market and the social response to these technologies, such as the ICO boom and the varying reactions of different populations and governments. It will also draw out a few examples that illustrate the situation in more detail, such as the recent crackdown by the Chinese government, the deployment and evolution of Ethereum, and the massive investment into new technologies which is being fueled by the ICO boom. CC BY 4.0 false Zooko /system/events/logos/000/009/086/large/BorderCrossingPrivacyLogo.png?1508086324 2017-12-29T18:30:00+01:00 18:30 01:00 Saal Adams 34c3-9086-protecting_your_privacy_at_the_border Traveling with Digital Devices in the Golden Age of Surveillance Ethics, Society & Politics lecture en Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Digital searches at national borders can reach our personal correspondence, health information, and financial records, allowing an affront to privacy and dignity which is inconsistent with the values of a free society. While privacy and security is important for any traveler, this has become a critical issue for international conferences and their attendees, who shouldn’t need to trade off an invasive search for participating in important conversations. This talk will discuss the both the legal and policy issues with border searches, as well as technological measures people can use in an effort to protect their data. This talk will begin with an overview of the legal and policy issues surrounding border crossings, where many countries will conduct more invasive searches than their constitutions would otherwise allow. The discussion will include examples of countries that can require you to enter passwords to decrypt data on your laptop and will examine your social media and cloud data, and provide advice on which countries may require more extensive precautions. This includes the challenges of entering the United States in the time of Trump, discussing the recent changes to policy for visitors entering the country, what your rights are as a visa holder, and details about EFF’s lawsuit to challenge the policy. Turning to the practical, the talk will discuss techniques to help protect your data, from basic precautions like backups and externally stored data, to more advanced advice about encryption and password strategies, secure boot processes, as well as data hygiene - how to travel clean, and still have access to important information on the other side. This will cover what border agents are theoretically capable of doing to compromise devices, and what precautions you can take to secure your data before this interaction occurs. The discussion will include advice about laptops, mobile phones, flash drives, digital cameras, and other common digital data devices. While critical, technological protections are not enough, so we will also discuss the practicalities of interacting with border agents. Finally, we will discuss what people can do to keep themselves informed, and stay active in the fight for a better future. CC BY 4.0 false Kurt Opsahl William Budington 2017-12-29T19:45:00+01:00 19:45 01:00 Saal Adams 34c3-8968-are_all_bsds_created_equally A survey of BSD kernel vulnerabilities. Security lecture en In this presentation I start off asking the question „How come there are only a handful of BSD security kernel bugs advisories released every year?“ and then proceed to try and look at some data from several sources. It should come as no surprise that those sources are fairly limited and somewhat outdated. The presentation then moves on to try and collect some data ourselves. This is done by actively investigating and auditing. Code review, fuzzing, runtime testing on all 3 major BSD distributions [NetBSD/OpenBSD/FreeBSD]. This is done by first investigating what would be good places where the bugs might be. Once determined, a detailed review is performed of these places. Samples and demos will be shown. I end the presentation with some results and conclusions. I will list what the outcome was in terms of bugs found, and who – based on the data I now have – among the three main BSD distributions can be seen as the clear winner and loser. I will go into detail about the code quality observed and give some pointers on how to improve some code. Lastly I will try and answer the question I set out to answer („How come there are only a handful of BSD security kernel bugs advisories released every year?“). CC BY 4.0 false Ilja van Sprundel bsd_kern_vulns.pptx 2017-12-29T21:00:00+01:00 21:00 01:00 Saal Adams 34c3-8896-tiger_drucker_und_ein_mahnmal Neues vom Zentrum für Politische Schönheit Ethics, Society & Politics lecture de Flüchtlingsfressende Tiger in Berlin, zum Diktatorensturz aufrufende Flugblätter in Istanbul und ein Mahnmal das den Rechtsextremisten Björn Höcker in seinem Thüringer Dorf heimsucht: Viel ist geschehen, seit das Zentrum für Politische Schönheit vor 3 Jahren auf dem Kongress gesprochen hat. Grund genug mal wieder Bericht zu erstatten, aus dem Nähkästchen zu plaudern und unveröffentlichtes Material mit euch zu begutachten. Aber Vorsicht: das ZPS ist die einzige Organisation die von Björn Höcke das Gütesiegel "terroristische Vereinigung" verliehen bekommen hat. Es könnte also lustig werden. CC BY 4.0 false Stefan Pelzer Philipp Ruch Morius Enden 2017-12-29T22:15:00+01:00 22:15 01:00 Saal Adams 34c3-8965-decoding_contactless_card_payments An Exploration of NFC Transactions and Explanation How Apple Pay and Android Pay Work Security lecture en This talk will dive into the techniques and protocols that drive contactless card payments at the Point of Sale. We will explore how Apple Pay works on a technical level and why you are able to 'clone' your credit card onto your phone. Building upon previous C3 talks on the topics of EMV and ICC payments, we will learn about different NFC payment options, why legacy will never die and how the individual card brands have specified their payment workflows. Contactless payments are gaining more momentum every day and even though Apple Pay is not yet available in Germany, you are able to use your new contactless credit card at an increasing number of locations. This trend is not likely to stop anytime soon and it is time to understand what is going on the lower layers. To jumpstart the discussion, we will first have a look at all the parties involved in a card transaction and where they are placed in the communication and decision chain. From there we are comparing the differences between a chip (ICC) and a contactless (NFC) transaction. Afterwards we are ready to look at Apple Pay, Android Pay and other card emulations. Even though they provide the same features on first look, they work fundamentally different on the technical level. We will learn about storing sensitive transaction information offline on the device in a Secure Element (SE) or online with your service provider utilizing Hosted Card Emulation (HCE). In the end, we will take a short look at how contactless payments might influence our future, why legacy is still king and if tokenization might just save your day one time. CC BY 4.0 false Simon Eumes 2017-12-29T23:30:00+01:00 23:30 01:00 Saal Adams 34c3-9176-this_is_not_a_proposal_about_mass_surveillance Analysing the terminology of the UK’s Snooper’s Charter Ethics, Society & Politics lecture en In November 2016 the UK has passed the Investigatory Powers Act (aka Snooper’s Charter). This act unprecedentedly extends surveillance powers of the state – p.e. legalising the hacking of devices or forcing Internet Service Providers to collect web browsing histories – one does not even need to be suspected of a crime. This talk investigates the choice of words of the parliamentary debates and reveals how euphemistic and understating terminology discloses the extent of surveillance and justifies the causeless intrusion into everyone’s privacy. Much research has been dedicated to analysing the rhetorics of political discourse but this talk focuses on the semantics of surveillance discourse from a corpus linguistic perspective. Corpus linguistics is the study of language based on examples of real life language use and works with large amount of data. In this talk I will analyse the context of keywords which are used in the parliamentary debates and the respective media coverage concerning the passing of the Snooper’s Charter. Using methods of corpus linguistics I want to show how central terms are constructed entirely different in these two spheres. While newspaper articles present the inconvenient consequences of this legislation and classify the proposed measures in categories which are familiar to the reader, the parliamentary debates open up new categories for practices known as mass surveillance and deny the existence of the latter. Let me assure you that this does not meet the criteria of doublethink... CC BY 4.0 false Lisa file Slides /system/events/logos/000/008/993/large/Nougatbytes_logo_text_quadrat.png?1508096370 2017-12-30T00:45:00+01:00 00:45 01:30 Saal Adams 34c3-8993-nougatbytes_11 Die geekige Wort- & Bilderrätselspielshau ist zuЯück Entertainment other de Zwei Teams mit rauchenden Köpfen und ein johlendes Publikum raten sich durch unsere dritte Wortspielhölle der IT, Informatik und digitalen Gesellschaft. Wer bei vielschichtigen (Anm. d. R.: „haarsträubenden“!) Assoziazionsbilderrätseln freudiges Synapsenfunkeln und feuchte Augen bekommt oder aber bei Gehirnschmerz und Um-die-Ecke-Denk-Beulen trotzdem feiert, ist bei uns zu Hause. Allgemeiner Aufruf: Für die erste Runde Nougatbytes wollen wir die Teams im Voraus anheuern. Wenn Ihr Mitmachlust verspürt und Euch auf unsere Couch traut, so bildet Banden zu dritt bis fünft gebt euch nen Namen und lasst uns wissen, warum ihr Lust auf Kopfsalat habt: couchplatz@nougatbytes.de Links / Videos: Nougatbytes 1 und 10 https://media.ccc.de/v/26c3-3671-de-nougatbytes_-_ein_wortspiel_bunt_und_in_stereo https://media.ccc.de/v/29c3-5037-de-en-nougatbytes10_h264 http://nougatbytes.de CC BY 4.0 false Rainer Rehak Benks Video zu Nougatbytes 01 Video zu Nougatbytes 10 Nougatbytes Website /system/events/logos/000/009/257/large/tuwat_lt.png?1513277584 2017-12-29T11:30:00+01:00 11:30 02:00 Saal Borg 34c3-9257-lightning_talks_day_3 CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit the Lightning Talks Wikipage at <a href="https://events.ccc.de/congress/2017/wiki/index.php/Static:Lightning_Talks">https://events.ccc.de/congress/2017/wiki/index.php/Static:Lightning_Talks</a> CC BY 4.0 false gedsic bigalex /system/events/logos/000/008/989/large/IMG_20171014_174810_2.jpg?1508009000 2017-12-29T13:45:00+01:00 13:45 00:30 Saal Borg 34c3-8989-nabovarme_opensource_heating_infrastructure_in_christiania Freetown Christiania´s digitally controlled/surveyed heating system. 350 users Hardware & Making lecture en Project “Nabovarme” (meaning “neighbour heating”) has transformed private heating necessity into a social experiment build on OpenSource software/hardware and social empowerment by transforming heat consumers into Nabovarme Users and letting them take ownership to infrastructure and consumption. Christiania - a child of hippie thinking and direct democracy, est. 1971 900 inhabitants, 210 houses, 24 hectares land, 1 km from the danish parliament and the royal palace Local common ownership to ALL infrastructure: houses, roads, electricity, water, sewers, fiber LAN, park and lakes Nabovarme (started 2001) has connected more than half of Christiania Previously heating was based on private wood burning stoves, coal burning stoves and oilheaters, Nabovarme has created a transition towards common heating systems based on burning wood pellets. Nabovarme has transformed the heating infrastructure into a social experiment built on OpenSource software/hardware and social empowerment and is transforming passive heat consumers into active Nabovarme Users -making everyone take ownership of the infrastructure and a goal of optimizing usage for economic and climate reasons. Current technologies for heating systems are proprietary and full of protocols hidden behind NDA's. Our project has unlocked a broad range of devices so data and control now is in the hands of the users - and not sent out of the community. The project is a cross competence endeavor where equal amounts of plumbing, infrastructure building and digging, electronics and software has been needed to fulfill the task. The project tells the story about: A society embracing OpenSource before the term was declared Communities going together and creating a common heating solution to lower the environmental impact and risk of fire and increase the level of autonomy. The creation of a custom fitted, self administered payment model. We have liberated devices controlling the production of heat (NBE Pellet system, Kamstrup meter systems) and made devices (MeterLogger) used for metering heat and electricity consumption using open source. We are in the process of bringing easy readable consumption data to the focus of christiania citizens - for all of us to take climate action. CC BY 4.0 false Johannes Valbjorn Emmerik Nabovarme application document (Google docs) Application pdf MeterLogger pcb in heating meter Nabovarme burner MeterLogger device network topology file /system/events/logos/000/008/923/large/Long_wordmark.png?1507904134 2017-12-29T14:30:00+01:00 14:30 00:30 Saal Borg 34c3-8923-ooni_let_s_fight_internet_censorship_together The Open Observatory of Network Interference Resilience lecture en How can we take a stand against the increasing shadow of Internet censorship? With OONI Probe you can join us in uncovering evidence of network interference! During this talk we will give you an overview of the challenges people around the world face when accessing the internet. In 2017, we have witnessed multiple cases of Internet censorship being used as a tool to suppress controversial political views. We've also seen increasing censorship of conversations between individuals, reflected by the blocks on chat networks like WhatsApp and Signal. OONI, the Open Observatory of Network Interference is a project for documenting and revealing these violations of Internet Connectivity. In 2017, we released mobile applications, reported on policy changes, expanded our testing to detect throttling, and now process close to 100,000 measurements from over 200 countries each month. We'll share how we're thinking about increasing transparency and accountability around the issues of access and censorship, and how you can join this growing, open, movement. CC BY 4.0 false Arturo Filastò (hellais) OONI homepage /system/events/logos/000/008/869/large/Mankins2.jpg?1514415500 2017-12-29T15:15:00+01:00 15:15 00:30 Saal Borg 34c3-8869-saving_the_world_with_space_solar_power or is it just PEWPEW?! Science lecture en Space Solar Power station, such as SPS Alpha, could overcome some issues that renewable energy plants on Earth suffer of structural basis when challenges such as energy transfer from orbit to Earth are solved. But will this solve the Earth's problems in a peaceful way? The increasing demand on energy seems to be one of the greatest challenges for modern society. [1,2] Power generation approaches of the 20th century, such as coal, oil, or nuclear plants come with certain issues limiting the scalability and/or questioning even the approach itself since they may harm nature and environment on a longterm time scale. Renewable energy generated e.g. with solar cells, wind mills, or tidal stations are on the rise but they usually depend to certain locations, weather, storage capabilities, and in some cases even on political climates. [3] Space based Solar Power generation [4,5] overcomes some of these issues: solar cells in orbit are independent of atmospheric influences and weather (e.g. clouds), solar harvesting satellites can be placed in orbit so they always face sun and generate power continuously, and there is enough space to scale the plants in order to serve the power demands. Solar power is an infinite power source (at least in the time scale for humanity) The bottle neck with this approach, however, is the transfer of the power from orbit to Earth. But if solved, this technology can supply power to locations on Earth, that are remotely located, that lack other power generation capabilities (e.g. due to a natural catastrophe), or that come with varying demands on power consumption. Some questions still remain: Is it possible to transfer power wireless over such a long distance with a sufficient efficiency? [6-8] How would that influence life on Earth? And who is in charge of the orbital death laser?!? [1] https://data.worldbank.org/indicator/EG.USE.ELEC.KH.PC [2]https://www.theguardian.com/environment/2017/aug/28/electricity-demand-in-southern-europe-to-soar-with-air-con-say-climate-scientists (http://www.pnas.org/content/114/38/E7910) [3] https://unearthed.greenpeace.org/2015/12/23/three-problems-transitioning-renewables-how-to-fix/ [4] https://en.wikipedia.org/wiki/Space-based_solar_power [5] https://www.nasa.gov/directorates/spacetech/niac/mankins_sps_alpha.html [6] https://en.wikipedia.org/wiki/Wireless_power_transfer [7] https://www.cio.com/article/3129027/space/wireless-power-systems-could-one-day-beam-electricity-from-space.html [8] https://www.rfglobalnet.com/doc/japanese-scientists-develop-long-distance-wireless-power-transmission-0001 CC BY 4.0 false anja sjunk Glaser Patent 1973 SPS Alpha report 2012 Japanese Approach JAXA report of 2004 Chinese CAST MR-SPS Approach 2017-12-29T15:45:00+01:00 15:45 00:30 Saal Borg 34c3-8877-drones_of_power_airborne_wind_energy Science lecture en Airborne wind energy is the attempt to bring the digital revolution to the production of energy. It means that we convert the power of high-altitude winds into electricity by autonomously controlled aircraft which are connected to the ground via a tether. This technology can be a key element to finally power the world by clean energy only. In this talk we will explain the physical foundations, give an overview of the current status and show you how to build an experimental system by yourself: it involves hacking an off-the-shelf model aircraft and its autopilot based on the open and free Ardupilot framework. It is hard to argue that energy is not the very heart of humankind’s major challenge. Up to now it is largely unscratched by a digital revolution -- the main power sources of the world are remarkably dumb. We are about to change this. In this talk, we will present what we think will disrupt energy production. We're not talking about retrofitting the power grid with yet some more insecure 'smart' component. This is about predictably available renewable energy called Airborne Wind Energy (AWE): autonomous flying drones at high altitudes can harvest the wind’s energy cheaper than any wind turbine, and most importantly: it can be done almost everywhere and almost all the time, solving the two major technological and geopolitical challenges of sustainable energy production, which has rattled the world for decades. We are convinced that humans should power the world by clean energy only, and we think AWE can be a key element to do just that. In this talk, we will cover the physical foundations, introduce a few of the control algorithms and the challenges associated with very strong forces acting on very light objects. We will also shed a light on the progress of leaders in the field such as Ampyx Power and Google Makani. But there is more to it: Using the `AWEsome' project, we will show you how to build an open source wind drone for yourself by hacking a model plane and its autopilot based on the open and free Ardupilot framework. While its energy production will be rather limited, it serves a lot of useful purposes: For example, it paves the way to test crazy new ideas of start, landing and flight modes on a cheap disposable platform and is a training playground for flight operations. Maybe by the time of the next Chaos Communication Camp, you will have joined us and we can fly our wind energy harvesting robots together -- and save the world, all at the same time. CC BY 4.0 false Christoph AWEsome webpage 2017-12-29T16:30:00+01:00 16:30 01:00 Saal Borg 34c3-8851-don_t_stop_til_you_feel_it Artistic interventions in climate change Science lecture en This talk will report on my current research in bringing to bear multiple knowledges on problem spaces around the environment and digital culture, and in so doing questioning both the prevailing knowledge hierarchy and the institutionalisation of knowledge production. To connect with the environment, for instance, do we need to connect with how it feels? This talk draws on works exploring both the marine environment and food, using knowledge from science, art, culture, instinct and history to create happenings and instances that break out the border of "me" and "my environment" to create an empathic response linking what we traditionally consider to be inside and outside. This will be demonstrated in the context of two artistic works - The Coral Empathy Device and Vital | Flows. We exist within a set of rules about the value of knowledge - a hierarchy of knowledge that places quantified data at the top and the “lower” senses at the bottom. The neglect of other forms of knowledge – aesthetic, embodied, cultural and more – has created a void in our socio-political and environmental relations that has been filled by emotive, populist rhetoric that undermines the validity of the knowledge we have. Post-truth practices are answering a gap that arises from our reliance on cognitive knowledge as the main valid form of knowledge – including datafication of everything – particularly in politics. As an alternative I propose we augment this cognitive and data derived knowledge with more emotionally connecting knowledges, to achieve a more integrated understanding of the world, and to once again embark on a quest for a type of truth. When we live close to the land we experience empathy with the land. It has recently been said that indeed our present mode of life has led to the “death of empathy”. The Coral Empathy Device uses principles of embodied learning to explore whether physical sensation curated by an artist can evoke interspecies empathy in a human for a coral – a creature at once so similar and so alien to us. The artwork creates a discomforting experience that challenges the visitor’s embodied experience to leverage the fact that “the body schema is the converting system of perception and action”. By bridging the gap between the way we perceive and the way coral perceives, can we connect with the marine environment in a new way? Can we foster action by creating knowledge of another species within the body as a whole? Vital | Flows is an ongoing work drawing knowledge about food from multiple sources - DIY science, phenomenology, instinct, culture - to explore the ephemeral nature of boundaries between self and other. This paper will report the results of open sourcing these methods, working with London communities who will use them to explore food and its meaning. This open source artistic research methodology for exploring environmental topics creates a platform for rhyzomic growth of selfactualised research that brings together and brings the best out of online and offline knowledge sharing. This is an exploration in breaking down the boundaries between inside and outside "myself", redefining the concept of the individual to incorporate the reality of our permeability. By achieving this through melding knowledge from quantification, embodiment, aesthetics and more, can we reach a new understanding of the place of self and other? CC BY 4.0 false iamkat The Coral Empathy Device Kat Austen Vital l Flows 2017-12-29T18:30:00+01:00 18:30 01:00 Saal Borg 34c3-9184-a_hacker_s_guide_to_climate_change_-_what_do_we_know_and_how_do_we_know_it An introduction to the basics of climate research and what we can do about climate change Science lecture en Climate change has long ceased to be news to many people, but it is increasingly shaping humanity's reality. This talk sheds light on the changes in the climate system and their consequences. We introduce the basics and discuss possible actions in response. I. Understanding the Climate System We begin with the physical basics, guided by visualizations rather than focussing on the math. What do we know about the workings of climate? How do we know? We also consider the reliability of our knowledge in detail, as well as open questions yet to answer. What are the bio-physical consequences? What are the socio-economic ones? II. Hacking the Climate Next, we discuss leverage points to hack the climate system itself - climate engineering. Many ideas have been proposed, such as removing greenhouse gases or changing the radiative budget with other means. Most of these attempts are not more than a workaround. Nevertheless, some of these are discussed much more seriously among climate scientist than the public realizes. III. Hacking the System We conclude with examples of what could be effective solutions to the climate problem and what we can do – hacking our political and economic system rather than the earth system. How can individuals contribute? What societal changes do we need? CC BY 4.0 false Katja Bigge (seyru) Sven Willner Robert Gieseke OpenClimateData Slides 2017-12-29T19:45:00+01:00 19:45 01:00 Saal Borg 34c3-9178-on_the_prospects_and_challenges_of_weather_and_climate_modeling_at_convection-resolving_resolution Science lecture en The representation of thunderstorms (deep convection) and rain showers in climate models represents a major challenge, as this process is usually approximated with semi-empirical parameterizations due to the lack of appropriate computational resolution. Climate simulations using kilometer-scale horizontal resolution allow explicitly resolving deep convection and thus allow for an improved representation of the water cycle. We present a set of such simulations covering Europe and global computational domains. Finally, we discuss challenges and prospects climate modelers face on heterogeneous supercomputers architectures. Today the evidence for global climate change is unequivocal, and the human influence is clear. Therefore the focus of young researchers has shifted from assessing whether the Planet is warming towards envisioning how a warmer world might look like. For instance, basic physical principles suggest that the hydrological cycle of Planet Earth will likely undergo dramatic changes. However, understanding and describing the involved processes, estimating future changes, and assessing the underlying uncertainties has proven to be difficult and complex. In this effort, numerical simulations of the weather and climate system are a useful research tool. Weather and climate modeling involves solving the governing equations of atmospheric motion on a numerical mesh and employing semi-empirical parameterizations that treat the processes not represented explicitly. For example, the parameterizations typically include treatments for thunderstorms and rain showers (deep convection). These processes are fundamental to the climate system since they vertically redistribute moisture, heat, and momentum, but so far they could not be resolved explicitly, due to the coarse gird spacing of the mesh (resolution) employed in the current generation of climate models. In the recent year's power constrains in the domain of supercomputing have lead to heterogeneous node designs mixing conventional multi-core processors and accelerators such as graphics processing units (GPU’s). These machines posses properties beneficial for weather and climate codes and hence allow refining the resolution of the involved computational mesh to the kilometer scale. Convective clouds can then be represented explicitly (convection-resolving) and the models can be formulated much closer to physical first principles. However, to exploit the capabilities of these supercomputers, model codes have to be ported, a challenging task the weather and climate modeling community is struggling with. We discuss prospects and challenges climate modelers face on these new supercomputers and highlight the potential for addressing key open science questions. The presentation is illustrated with simulations recently accomplished using a new version of the Consortium for Small-Scale Modeling weather and climate model (COSMO), capable of exploiting these heterogeneous supercomputer architectures. Using results form a then-year-long climate simulation on a computational domain covering Europe (1536x1536x60 grid points) we highlight some of the added value of the approach regarding the representation of precipitation processes. Furthermore, we explore the gap between the currently established regional simulations and global simulations by scaling the GPU accelerated version of the COSMO model to a near-global computational domain. References: Fuhrer, O., Chadha, T., Hoefler, T., Kwasniewski, G., Lapillonne, X., Leutwyler, D., Lüthi, D., Osuna, C., Schär, C., Schulthess, T. C., and Vogt, H.: Near-global climate simulation at 1 km resolution: establishing a performance baseline on 4888 GPUs with COSMO 5.0, Geosci. Model Dev. Discuss., https://doi.org/10.5194/gmd-2017-230, in review, 2017. Leutwyler, D., Lüthi, D., Ban, N., Fuhrer, O., and Schär, C.: Evaluation of the Convection-Resolving Climate Modeling Approach on Continental Scales, J. Geophys. Res. Atmos., 122, doi:10.1002/2016JD026013 Leutwyler, D., Fuhrer, O., Lapillonne, X., Lüthi, D., and Schär, C., 2016: Towards European-scale convection-resolving climate simulations with GPUs: a study with COSMO 4.19, Geosci. Model Dev., 9, 3393-3412, doi:10.5194/gmd-9-3393-2016. CC BY 4.0 false David Leutwyler Snapshots of an extratropical cyclone at three climate model resolutions /system/events/logos/000/008/935/large/magpie2.png?1508104090 2017-12-29T21:00:00+01:00 21:00 00:30 Saal Borg 34c3-8935-simulating_the_future_of_the_global_agro-food_system Cybernetic models analyze scenarios of interactions between future global food consumption, agriculture, landuse, and the biogeochemical cycles of water, nitrogen and carbon. Science lecture en How can we feed a growing world population within a resilient Earth System? This session will present results from our cybernetic computer models that simulate how future trends in population growth, diets, technology and policy may change the global land cover, freshwater usage, the nitrogen cycle and the climate system, and how more sustainable pathways can be reached. We want to discuss how our computer models and our data can be made accessible and usable by a broader community, and which new ways exist to visualize key insights and provide decision support to our society. We will also showcase some interactive physical installations that have been developed jointly with a group of art students to visualize future scenarios. Potsdam Institute for Climate Impact Research is specialized on simulations of the Earth System using supercomputing facilities, pushing the cybernetic concepts of the 20st century to the next level. Dozens of researchers jointly coded for more than a decade a number of Integrated Assessment Models that simulate the complex interactions between humans and the environment in great detail, drawing concepts from both natural and social sciences. Building such computer-supported macroscopes allow us to make the vast complexity of the Earth System comprehensible and supports decision makers in finding sustainable pathways into the future. This session will address the question: How can we feed a growing world population within a resilient Earth System? It will present results from our cybernetic computer models that simulate how future trends in population growth, diets, technology and policy may change the global land cover, freshwater usage, the nitrogen cycle and the climate system, and how more sustainable pathways can be reached. We want to discuss how our computer models and our data can be made accessible and usable by a broader community, and which new ways exist to visualize key insights and provide decision support to our society. We will also showcase some interactive physical installations that have been developed jointly with a group of art students to visualize future scenarios. CC BY 4.0 false Benjamin Leon Bodirsky A scenario of global croplands in the year 2050 presentation file 2017-12-29T21:45:00+01:00 21:45 00:30 Saal Borg 34c3-9138-closing_the_loop_reconnecting_social-technologial_dynamics_to_earth_system_science Science lecture en International commitment to the appropriately ambitious Paris climate agreement and the United Nations Sustainable Development Goals in 2015 has pulled into the limelight the urgent need for major scientific progress in understanding and modelling the Anthropocene, the tightly intertwined social-techno-ecological planetary system that humanity now inhabits. The Anthropocene qualitatively differs from previous eras in Earth’s history in three key characteristics: (1) There is planetary-scale human agency. (2) There are social and economic networks of teleconnections spanning the globe. (3) It is dominated by planetary-scale social-ecological feedbacks. Bolting together old concepts and methodologies cannot be an adequate approach to describing this new geological era. Instead, we need a new paradigm in Earth System science that is founded equally on a deep understanding of the physical and biological Earth System – and of the economic, technological, social and cultural forces that are now an intrinsic part of it. It is time to close the loop and bring socially mediated dynamics and the technosphere explicitly into theory, analysis and computer models that let us study the whole Earth System. CC BY 4.0 false Jonathan Donges 2017-12-29T22:30:00+01:00 22:30 00:30 Saal Borg 34c3-9063-ensuring_climate_data_remains_public Science lecture en How do we keep important environmental and climate data accessible amidst political instability and risk? What even counts as an “accessible” dataset? Could we imagine better infrastructures for vital data? By describing the rapid data preservation efforts of U.S. environmental data that started in the wake of the recent election, I’ll address these questions and the new and existing issues that preservation surfaced about the vulnerability of data infrastructures. I'll focusing on specific projects, including the work of EDGI, that is trying to address these challenges by creating alternate forms of access and infrastructure! Climate change data often relies on state-supported scientific research infrastructure-- ranging from agency data centres, satellites, and the compute clusters powering climate, air, and water modelling. Days after the 2016 US election, scholars and activists mobilized to preserve both environmental data and the research infrastructure generating it. While rapid data preservation efforts encouraged many people to act, we are faced with long-standing vulnerabilities in data infrastructure. In this talk I will describe the range of groups involved in data preservation efforts that have been ongoing since November 2016, unpack some of the recent and long-standing issues with data preservation, and speak to the ways people are actively addressing these challenges. In particular, I’ll talk about an organization I am a member of, the Environmental Data and Governance Initiative (EDGI), a distributed network of academics and non-profits that has engaged in a range of projects including guerilla archiving of federal datasets, ongoing monitoring of content changes on environmental and energy websites, and contributing to growing conversations around Environmental Data Justice. CC BY 4.0 false dcwalk EDGI Homepage EDGI GitHub Slides Data Together /system/events/logos/000/008/741/large/Menge.png?1506974840 2017-12-29T23:15:00+01:00 23:15 00:45 Saal Borg 34c3-8741-treibhausgasemissionen_einschatzen Wieviel CO2 macht <...>? Ungefähr? Science lecture de Alles was wir jeden Tag tun erzeugt Treibhausgase. Für eine vernünftige/moralische/ökologische Entscheidung, um mit anderen Handlungsoptionen brauchbar vergleichen zu können, muss man wissen - wieviel? Ungefähr zumindest? Für Einsteiger. Keine Formeln, wenig Mathematik/Physik. Kurzvorstellung einiger für nicht-Fachleute verständlicher Werkzeuge, um Treibhausgasemissionen einschätzen zu können:<ul> <li>Globales Emissionsmodell integrierter Systeme (GEMIS) und Probas</li> <li>Environmental Product Declaration</li> <li>Ein Guter Tag hat 100 Punkte</li> </ul> Anhand der Werkzeuge gucken wir uns mal ein paar typische und ein paar überraschende Alltagsbeispiele an:<ul> <li>Bus oder Bahn oder Auto oder Flugzeug?</li> <li>Aufzug oder Treppe - was ist klimafreundlicher?</li> <li>Leitungswasser oder Flaschenwasser?</li> <li>Elektroautos und die Studie aus Schweden?</li> <li>Amazon oder Kaufhaus?</li> <li>Fleisch, Rotwein, Käse?</li> </ul> Hier werden keine kompletten, korrekten Ökobilanzen errechnet, sondern es geht darum, alltagstaugliche Entscheidungshilfen vorzustellen. Die Berücksichtigung kompletter Prozessketten vom Bohrloch bis zur Entsorgung machen wir aber trotzdem. CC BY 4.0 false Gunnar Thöle GEMIS (Windows oder WINE / Crossoverbenötigt) Ein guter Tag hat 100 Punkte ProBas The Life Cycle Energy Consumption and Greenhouse Gas Emissions from Lithium-Ion Batteries Auch spannend: Noch mehr Alltagsgegenstände mit Luftballons GEMIS-Datensatz - Entpacken und in Gemis öffnen Auch spannend: CO2-Emissionen einer Tasse Tee in Luftballons Auch spannend: CO2-Emissionen von Bier in Luftballons Folien (Stand 29.12.17) 2017-12-29T11:30:00+01:00 11:30 00:30 Saal Clarke 34c3-9047-taxation Ethics, Society & Politics lecture en Taxation, the most "boring" #34c3 talk, but hey it's the economy stupid, and you pay for it! We will a provide a quick overview of the international taxation system. Explaining what a Double Irish Sandwich is. Why international corporations like Google only pays 2.4% taxes. And how your favourite tech companies (Google, Amazon, Apple, Microsoft, ... ) evaded billions in taxes. This tax-dodging costs the European Union more than $50 billion. Annually. We bring this numbers into perspective. And why you pay more. And how you should discuss that topic, since it defines how our society will be. You might heard about #LuxLeaks, #PanamaPapers, or other frivilous tax activites. This talk gives a overview about one the most urgend policy issues legal tax holes for big corporation, how big their score is, in relation to your own tax rate (across Europe) and why it should concern you. Duh you pay for it. And why you should get active. We will present the launch of a European-wide anti-tax evasion campaign beginning of May 2017. Ireland's decision to phase out the Double Irish tax loophole doesn't mean the country is giving up on tax competition, or that U.S. multinationals will now bring more of their foreign earnings home. The reason affected tech companies are so calm about it is that they know Ireland will do whatever it takes to keep them. And it's not just Ireland ... "Revelations of the extent of tax avoidance by multinationals based on exploitation of the arm’s length system prompted a rear-guard action by the OECD described as the base erosion and profit shifting (BEPS) programme but the programme deliberately avoids any principled re-examination of norms underlying the international tax regime or any consideration of a shift from residence to source-based taxation." And the icing on the cake: We will present you the Stachanow of Capitalism: The only employee (on a mere 44.000 Euro annual salary) of ExxonMobil Spain: 9.9 billion Euro in net profits in 2 years. CC BY 4.0 false vavoida Video from previous talk /system/events/logos/000/009/056/large/chip.png?1508072969 2017-12-29T12:15:00+01:00 12:15 00:30 Saal Clarke 34c3-9056-bringing_linux_back_to_server_boot_roms_with_nerf_and_heads Resilience lecture en The NERF and Heads projects bring Linux back to the cloud servers' boot ROMs by replacing nearly all of the vendor firmware with a reproducible built Linux runtime that acts as a fast, flexible, and measured boot loader. It has been years since any modern servers have supported Free Firmware options like LinuxBIOS or coreboot, and as a result server and cloud security has been dependent on unreviewable, closed source, proprietary vendor firmware of questionable quality. With Heads on NERF, we are making it possible to take back control of our systems with Open Source Software from very early in the boot process, helping build a more trustworthy and secure cloud. The NERF project was started by Ron Minnich (author of LinuxBIOS and lead of coreboot at Google) in January 2017 with the goal to bring Linux back to the BIOS by retaining a minimal set of PEI modules for memory controller initialization and replacing the entirety of the server vendor's UEFI DXE firmware with a reproducibly built Linux runtime. It has been ported to a few different manufacturer's servers, demonstrating the general portability of the concept. NERF is fast - less than twenty second boot times, versus multiple minutes. It's flexible - it can make use of any devices, filesystems and protocols that Linux supports. And it's open - users can easily customize the boot scripts, fix issues, build their own runtimes and reflash their firmware with their own keys. The Heads runtime was started by Trammell Hudson (author of Thunderstrike and Magic Lantern) and was presented last year at 33c3. It is a slightly more secure bootloader that uses Linux, the TPM, GPG and kexec to be able to load, measure, verify and execute the real kernel. As part of porting Heads to work with NERF on server platforms, it now includes tools like Keylime to allow severs to remotely attest to user controlled systems that the NERF/Heads firmware matches what they expect, as well as network and iSCSI drivers for diskless compute node servers. In this talk we'll provide an overview of the NERF project, the currently supported server mainboards, and the continued development on the Heads runtime that allows more trust in the servers that make up the cloud. CC BY 4.0 false Trammell Hudson Installing NERF Heads at 33C3 /system/events/logos/000/008/818/large/mod.png?1507475784 2017-12-29T13:00:00+01:00 13:00 00:30 Saal Clarke 34c3-8818-designing_pcbs_with_code Is designing circuits with code instead of CAD the future of electronic design automation? Hardware & Making lecture en An overview and history of various tools and languages that allow you to use code rather than CAD software to design circuits. For anyone used to expressing their ideas with code using a CAD tool to design electronics can be an even more frustrating exercise than normal. If you are a programmer thinking about getting into designing circuits or if you have ever thought "I could easily solve this with a for-loop" when using KiCad then this talk is for you. We will cover the short history of ideas of using code to describe electronic circuits and culminate in some of the presenter's own experiments in this area. CC BY 4.0 false Kaspar PHDL SKiDL PyCircuit netlistsvg Electro Grammar RepliCAD Kitspace.org 2017-12-29T13:45:00+01:00 13:45 00:30 Saal Clarke 34c3-9110-history_and_implications_of_drm From tractors to Web standards Ethics, Society & Politics lecture en Digital Restrictions Management (DRM) is found everywhere from music to cars and, most recently, World Wide Web Consortium recommendations. How did we get here and where are we going with DRM? Who really owns not just your tools, but your experiences when someone (or something) else is controlling access to the data and access around them? We'll attempt to answer these questions, and more, in a historical overview, contemporary analysis, and look towards the future. This talk will cover a range of technologies and use (and failure) cases in how digital experiences are being restricted and controlled by "rights holders." It will also touch on what it means to be a rights holder, and how that's affecting digital media and technology. This talk is aimed at a general audience, and will be tackling these topics at a basic level, with the aim to create shared language and understanding. CC BY 4.0 false Molly de Blanc 2017-12-29T14:30:00+01:00 14:30 00:30 Saal Clarke 34c3-9125-net_neutraliy_enforcement_in_the_eu Ethics, Society & Politics lecture en After four years of advocacy and lobbying to enshrine net neutrality principles in law in Europe, we can now examine the first full year of enforcement of the new rules. We will compare the enforcment of net neutrality in the individual EU member states, showcase a few of the more creative net neutrality violations and demonstrate what civil society can do to keep the Internet neutral. Enforcing net neutrality also requires network measurement tools that can detect discrimination; we will discuss what progress Europe has made in this regard. Net neutrality is the principle that all data transfers on the internet should be treated equally. It gives users the right to choose the content and services they wish to see and use online and prevents ISPs from acting as gatekeepers. Net neutrality also guarantees equal access to the global Internet to all ideas, innovations and opinions without centralised control. Since August 2016, the EU has had a regulatory regime protecting net neutrality that now has to be enforced by the national telecoms' regulatory authorities. Unfortunately, we observe very different results in different EU member states with Germany presenting a particularly negative example. In this context, our NGO epicenter.works has focused its enforcement work on a product of Deutsche Telekom called "StreamOn". We will showcase our work on that product analysing the offer, raising awareness, submitting complaints with the regulator, and speaking at the annual general meeting of Deutsche Telekom AG. This presentation is intended for everyone interested in net neutrality and particularly for those that want to become active in safeguarding it. CC BY 4.0 false Thomas Lohninger /system/events/logos/000/009/036/large/estrofem03_%281%29.jpg?1508068464 2017-12-29T15:15:00+01:00 15:15 01:00 Saal Clarke 34c3-9036-open_source_estrogen From molecular colonization to molecular collaboration Art & Culture lecture en Collaborative and interdisciplinary research, Open Source Estrogen combines biohacking and artistic intervention to demonstrate the entrenched ways in which estrogen is a biomolecule with institutional biopower. It is a form of biotechnical civil disobedience, seeking to subvert dominant biopolitical agents of hormonal management, knowledge production, and anthropogenic toxicity. Thus, the project initiates a cultural dialogue through the generation of DIY/DIWO (do-it-yourself/do-it-with-others) for the detection and extraction of estrogen, and contextualized as kitchen performance and queer body worship. A collaborative, interdisciplinary research project, Open Source Estrogen combines biohacking and speculative design to demonstrate the entrenched ways in which estrogen is a biomolecule with institutional biopower. It is a form of biotechnical civil disobedience, seeking to subvert dominant biopolitical agents of hormonal management, knowledge production, and anthropogenic toxicity. The project begins with a speculative question: what if it was possible to make estrogen in the kitchen? From this seed arises more fundamental questions about who is producing hormones, whose bodies are affected, and how environmental hormones exist already as a state of toxicity. While issues of body and gender sovereignty are deeply at stake, endocrine disruptors termed ‘xenoestrogens’ pervade our environments due to petrochemical agro-industrial and pharmaceutical forces. These xeno-molecules change the morphology of our bodies and bodies of non-human species, evidencing a malleability inherent to nature but alien to our prescribed notions of (eco)heteronormalcy. In response to the “molecular queering” performed by estrogen, facilitated by dominant hegemonic forces, the project initiates a public dialogue through DIY/DIWO (do-it-yourself/do-it-with-others) biohacking and artistic intervention. Using speculative design, iterative workshopping, and kitchen performance, Open Source Estrogen employs these tactics to create new subjectivities for living in an increasingly queer world. From capitalist xeno-forces arise xeno-solidarities, capable of collectively hacking the systems of hormonal colonization. CC BY 4.0 false maggic Open Source Estrogen Estrofem! Lab /system/events/logos/000/009/182/large/upsat.jpg?1508100936 2017-12-29T16:30:00+01:00 16:30 00:30 Saal Clarke 34c3-9182-upsat_-_the_first_open_source_satellite Going to space the libre way Science lecture en During 2016 Libre Space Foundation a non-profit organization developing open source technologies for space, designed, built and delivered UPSat, the first open source software and hardware satellite. UPSat is the first open source software and hardware satellite. The presentation will be covering the short history of Libre Space Foundation, our previous experience on upstream and midstream space projects, how we got involved in UPSat, the status of the project when we got involved, the design, construction, verification, testing and delivery processes. We will also be covering current status and operations, contribution opportunities and thoughts about next open source projects in space. During the presentation we will be focusing also on the challenges and struggles associated with open source and space industry. CC BY 4.0 false Pierros Papadeas UPSat website Libre Space Foundation /system/events/logos/000/009/189/large/satnogs.png?1508101655 2017-12-29T17:00:00+01:00 17:00 00:30 Saal Clarke 34c3-9189-satnogs_crowd-sourced_satellite_operations Satellite Open Ground Station Network Science lecture en An overview of the SatNOGS project, a network of satellite ground station around the world, optimized for modularity, built from readily available and affordable tools and resources. We love satellites! And there are thousands of them up there. SatNOGS provides a scalable and modular platform to communicate with them. Low Earth Orbit (LEO) satellites are our priority, and for a good reason. Hundreds of interesting projects worth of tracking and listening are happening in LEO and SatNOGS provides a robust platform for doing so. We support VHF and UHF bands for reception with our default configuration, which is easily extendable for transmission and other bands too. We designed and created a global management interface to facilitate multiple ground station operations remotely. An observer is able to take advantage of the full network of SatNOGS ground stations around the world. CC BY 4.0 false Nikos Roussos website /system/events/logos/000/009/253/large/fullsizeoutput_aad-300x133.jpeg?1511566347 2017-12-29T18:30:00+01:00 18:30 02:00 Saal Clarke 34c3-9253-inside_afd Entertainment performance de Herbst 2017. Irgendwo in Deutschland. Die führenden Köpfe der AfD träumen von der parlamentarischen Machtübernahme und dem schleichenden Sieg im Kampf um die Deutungshoheit von Begrifflichkeiten. Doch dann kommt alles ganz anders. Ihr Visionär und Hauptredner ist plötzlich verschwunden und an seiner Stelle betritt ein afrikanisches Chamäleon die politische Bühne. Die zunächst als Krise wahrgenommene Situation entpuppt sich für die AfD als große Chance, sich tief in der Gesellschaft zu verankern. Ein moderner Barbarossa-Mythos entsteht. Doch die Rechnung wurde ohne das Chamäleon gemacht… Nach monatelanger Recherche erforscht das nö theater in „Inside AfD“ die Strategien und Mechanismen der Zeitgeistpartei. Gleichzeitig werden Fragen nach einem wirkungsvollen Umgang und der unfreiwilligen Instrumentalisierung durch die AfD gestellt. Das nö theater wendet sich in „Inside AfD“ vom klassischen Dokumentartheater ab und sucht Antworten in einer lyrischen Entzauberung. Entstanden ist eine symbolische und sprachliche Achterbahnfahrt durch die BRD im postfaktischen Zeitalter. Eine Koproduktion mit dem Polittbüro Hamburg true Felix Höfner Lucia Marek Janosch Slim 2017-12-29T21:00:00+01:00 21:00 00:30 Saal Clarke 34c3-8952-running_gsm_mobile_phone_on_sdr SDR PHY for OsmocomBB Hardware & Making lecture en Since SDR (Software Defined Radio) becomes more popular and more available for everyone, there is a lot of projects based on this technology. Looking from the mobile telecommunications side, at the moment it's possible to run your own GSM or UMTS network using a transmit capable SDR device and free software like OsmoBTS or OpenBTS. There is also the srsLTE project, which provides open source implementation of LTE base station (eNodeB) and moreover the client side stack (srsUE) for SDR. Our talk is about the R&D process of porting the existing GSM mobile side stack (OsmocomBB) to the SDR based hardware, and about the results we have achieved. There is a great open source mobile side GSM protocol stack implementation - OsmocomBB project. One could be used for different purposes, including education and research. The problem is that the SDR platforms were out of the hardware the project could work on. The primary supported hardware for now are old Calypso based phones (mostly Motorola C1XX). Despite they are designed to act as mobile phone, there are still some limitations, such as the usage of proprietary firmware for DSP (Digital Signal Processor), which is being managed by the OsmocomBB software, and lack of GPRS support. Moreover, these phones are not manufactured anymore, so it's not so easy to find them nowadays. Taking the known problems and limitations into account, and having a strong desire to give everyone the new possibilities for research and education in the telecommunications scope, we decided to write a 'bridge' between OsmocomBB and SDR. Using GNU Radio, a well known environment for signal processing, we have managed to get some interesting results, which we would like to share with community on the upcoming CCC. CC BY 4.0 false Vadim Yanitskiy ptrkrysik SDR Osmocom project srsLTE project OpenBTS project GR-GSM project GNU Radio project /system/events/logos/000/009/025/large/IMG-20171005-WA0001.jpg?1508054652 2017-12-29T21:45:00+01:00 21:45 00:30 Saal Clarke 34c3-9025-electroedibles Open Source Hardware for Smart Candies Hardware & Making lecture en Electroedibles is an experiment with “edible” hardware that explores the limits of interaction between our tongue and circuits to mock the present fantasies of Internet of (Every)thing. This project initiated by the hardware lab at Shenkar College of Arts and Tel Aviv Makerspace consists from series of workshops, in which participants combine simple circuits (lickometer with LED, vibration motor or piezo) with recipes for candy making (hard candy based on syrups or gummy or corn starch molds). The circuits are casted in candy “molds” to serve different ideas defined by the participants: extreme hardware fetishist lollipops, philosophical props into sensory perception, post-colonial critique of the sugar cane addiction and slavery, scientific interest in triggering taste buds etc. This probe into the edible hardware is also a celebration of the DIY culture of sharing behind cooking, but also Open Source Hardware that bridges the divisions between the kitchen, the hardware studio and the science lab. Instead of applying science and technology to cooking and tasting (typical for molecular gastronomy & haute cuisine), the electroedibles use the experiences of candy cooking and to engage with different science and technology issues in enjoyable and funny ways. CC BY 4.0 false Denisa Kera yair reshef Zohar Messeca-Fara Documentation of the October 2017 workshop Documentation of June 2017 workshop Idiot lab weblog Presentation of the talk 2017-12-29T22:30:00+01:00 22:30 00:30 Saal Clarke 34c3-9045-extended_dna_analysis Political pressure for DNA-based facial composites Science lecture en In 2017, the federal states of Baden-Wurttemberg and Bavaria suggested the extension of the law on the analysis of forensic DNA. Up to now, DNA fingerprinting in forensic settings may, in addition to non-coding features of DNA, only analyze the chromosomal sex of the person, but not any other openly visible feature. Bavaria and Baden-Wurttemberg, under the leadership of CSU and the Green party, are pushing forward to analyze DNA found at crime scenes regarding hair color, eye color, skin color and in the case of Bavaria even geographical ethnicity. Extended DNA analysis, or “DNA facial composite” is seen as an impartial witness to the crime and, in the eyes of the states’ government, would help solve crimes. But would it? Ever since TV shows such as CSI or NCIS have become popular, DNA evidence has gained a reputation for an infallible method of crime solving. However, similar to fingerprints, DNA evidence up to now only serves as a method of matching the DNA at a crime scene to a suspect. So what if there are no suspects? In theory, DNA possesses all the information on what a human being would look like. Does that mean we could construct a facial composite from blood spots, semen or saliva? While the term “DNA facial composite” may imply so, the science of it is still in its infancy. We can determine a likely eye, hair and skin color and a geographic ethnicity from the DNA. In some cases even more features. This could, depending on the case, lead investigations to the right suspect - but down a very dangerous path. Genetic information is subject to the laws of privacy. For one, instead of having a crime and finding as suspect, extended DNA analysis leads to an investigation into a crime, where there is no suspect, but a range of “non-suspect persons of interest” that are connected to the case only by their appearance. The presumption of innocence is vital to a democracy. Putting people of similar appearance – or even ethnical groups – into the focus of investigation, is likely to spark even more xenophobic movements in Germany. Information on skin color correlates with medical information such as skin cancer risk, but also risk for heart disease. This medical information is especially protected by law. What is worse, the technology could lead investigations to the wrong “non-suspect person of interest”. Just as hair color may change with age, so may for instance the appearance of a person’s gender. Not all genetic information is directly seen in the phenotype. Adding up to this, the data correlating genes to geographic ethnicity is only as good as the data of people who have contributed to the database in the first place. If DNA analysis is to be implemented in Germany – and it very well might be – we need to push for hard data protection laws and strict rules when and where it may be applied. CC BY 4.0 false _Adora_Belle_ Extended DNA Analysis 2017-12-29T23:15:00+01:00 23:15 00:30 Saal Clarke 34c3-9134-es_sind_die_kleinen_dinge_im_leben_ii was alles geht und wie man anfängt, mit Mikroskopen Science lecture de Jeder weiß ungefähr was man mit einem Mikroskop tun kann: Kleine Dinge ansehen. Aber wie geht das genau, was braucht man dafür und gibt es da nicht eine Möglichkeit, dass da digitale Bilder rauspurzeln? Das hier soll eine Einführung sein, und zwar in die Grundlagen von Mikroskopen, wo der Unterschied zu anderen Optiken (Fotografie, Teleskope) ist und wie man zu Hause mit einfachen Mitteln schöne Bilder machen kann. Was kann man sinnvolles an den Nachwuchs verschenken, was taugen Anstreck-Dinger für das Smartphone oder USB-Mikroskope, wie fange ich zu Hause mit Mikroskopie an und was kann man überhaupt so alles betrachten? Quasi Micsorcopy 101. Manch einer hat Erinnerungen an Mikroskope aus der Schule, vielleicht hat auch einer noch irgendwo ein Mikroskop aus einem Experimentierkasten zu hause, manche kennen eigentlich nur Bilder aus den Medien – aber eine Vorstellung davon was ein Mikroskop ist hat irgendwie jeder: Es vergrößert Dinge. Ein Gerät, das nur für den Zweck gebaut wurde die kleinen Dinge zu vergrößern, bringt ein paar Besonderheiten mit sich im Bezug auf Optik und Abbildung. Ich möchte erklären was das Besondere an einem Mikroskop-Objektiv ist, was die Begriffe Field of View, nummerische Apertur, Bildfeldwölbung, Auflösung und Vergrößerung bedeuten und, vor allem, was dass für eine Anwendung zu Hause heißt. Es gibt einiges an Geräten zu kaufen. Ich möchte aufzeigen was günstige USB-Mikroskope leisten können, was die Ansteck-Mikroskope für Smartphones taugen, worauf bei „Kindermikroskopen“ zu achten ist und was man davon auch selber bauen könnte. Und es soll erklärt werden wie man digitale Bilder erhält, mit günstiger (oder selbstgemachter) Hardware und offener Software. Außerdem sollen ein paar Anwedungszwecke vorgestellt werden. Nicht nur die Biologie liefert einen Grund zum Mikroskop zu greifen, auch Elektronik, die Innereien von Computerchips, chemische Prozesse und Dinge aus der Materialwissenschaft lohnen sich unter dem Mikroskop zu betrachten. Ich werde mehrere Mikroskope mitbringen, um einiges vom oben genannten direkt auf der Bühne zu zeigen und das ein oder andere Selbsgebastelte vorstellen. Außerdem bringe ich Proben mit – ich will nicht nur Bilder zeigen, sondern auch wie sie gemacht werden. CC BY 4.0 false André Lampe USB-Mikroskope: Dos & Don'ts beim Kauf DIY Wassertropfen-Mikroskop 2017-12-30T00:00:00+01:00 00:00 00:30 Saal Clarke 34c3-9111-public_fpga_based_dma_attacking Hardware & Making lecture en Most thought Direct Memory Access (DMA) attacks were a thing of the past after CPU vendors introduced IOMMUs and OS vendors blocked Firewire DMA. At least until the PCILeech direct memory access attack toolkit was presented a year ago and quickly became popular amongst red teamers and governments alike. A year later the situation has improved but some firmware and operating systems still remain vulnerable by default. The hardware used to perform the attacks was however limited both in capabilities and supply. FPGA support was introduced and made available to the public to overcome these problems. In this talk I will subvert kernels, defeat full disk encryption and spawn system shells - all by using affordable publically available FPGAs and open source software! CC BY 4.0 false Ulf Frisk PCILeech FPGA Presentation Slides /system/events/logos/000/009/024/large/Wi-fi_Holography_-_Augmented_Reality.jpg?1514315894 2017-12-29T11:30:00+01:00 11:30 01:00 Saal Dijkstra 34c3-9024-holography_of_wi-fi_radiation Can we see the stray radiation of wireless devices? And what would the world look like if we could? Science lecture en Holography of Wi-Fi radiation Philipp Holl [1,2] and Friedemann Reinhard [2] [1] Max Planck Institute for Physics [2] Walter Schottky Institut and Physik-Department, Technical University of Munich When we think of wireless signals such as Wi-Fi or Bluetooth, we usually think of bits and bytes, packets of data and runtimes. Interestingly, there is a second way to look at them. From a physicist's perspective, wireless radiation is just light, more precisely: coherent electromagnetic radiation. It is virtually the same as the beam of a laser, except that its wavelength is much longer (cm vs µm). We have developed a way to visualize this radiation, providing a view of the world as it would look like if our eyes could see wireless radiation. Our scheme is based on holography, a technique to record three-dimensional pictures by a phase-coherent recording of radiation in a two-dimensional plane. This technique is traditionally implemented using laser light. We have adapted it to work with wireless radiation, and recorded holograms of building interiors illuminated by the omnipresent stray field of wireless devices. In the resulting three-dimensional images we can see both emitters (appearing as bright spots) and absorbing objects (appearing as shadows in the beam). Our scheme does not require any knowledge of the data transmitted and works with arbitrary signals, including encrypted communication. This result has several implications: it could provide a way to track wireless emitters in buildings, it could provide a new way for through-wall imaging of building infrastructure like water and power lines. As these applications are available even with encrypted communication, it opens up new questions about privacy. CC BY 4.0 false Friedemann Reinhard Our lab Our article (open access) 2017-12-29T12:45:00+01:00 12:45 01:00 Saal Dijkstra 34c3-9105-coming_soon_machine-checked_mathematical_proofs_in_everyday_software_and_hardware_development Resilience lecture en Most working engineers view machine-checked mathematical proofs as an academic curiosity, if they have ever heard of the concept at all. In contrast, activities like testing, debugging, and code review are accepted as essential. They are woven into the lives of nearly all developers. In this talk, I will explain how I see machine-checked proofs enabling new everyday activities for developers of computer software and hardware. These activities have the potential to lower development effort dramatically, at the same time as they increase our assurance that systems behave correctly and securely. I will give a cosmological overview of this field, answering the FAQs that seem to stand in the way of practicality; and I will illustrate the principles with examples from projects that you can clone from GitHub today, covering the computing stack from digital hardware design to cryptographic software and applications. <p>Today's developers of computer software and hardware are tremendously effective, compared to their predecessors. We have found very effective ways of <b>modularizing</b> and <b>validating</b> our work. The talk is about ammunition for these activities from a perhaps-unexpected source.</p> <p><b>Modularity</b> involves breaking a complex system into a hierarchy of simpler pieces, which may be written and understood separately. Structured programming (e.g., using loops and conditionals instead of <tt>goto</tt>s) helps us read and understand parts of a single function in isolation, and data abstraction lets us encapsulate important functionality in objects, with guarantees that other code can only access the private data by calling public methods. That way, we can convince ourselves that the encapsulated code upholds certain essential properties, <i>regardless of which other code it is linked with</i>. Systematic unit testing also helps enforce contracts for units of modularity. Each of these techniques can be rerun automatically, to catch regressions in evolving systems, and catch those regressions in a way that accurately points the finger of responsibility to particular modules.</p> <p><b>Validation</b> is an important part of development that encompasses testing, debugging, code review, and anything else that we do to raise our confidence that the system behaves as intended. Experienced engineers know that validation tends to take up the majority of engineering effort. Often that effort involves mentally taxing activities that would not otherwise come up in coding. One example is thinking about test-case coverage, and another is including instrumentation that produces traces to consult during debugging.</p> <p>It is not hard for working developers to imagine great productivity gains from better ways to break systems into pieces or raise our confidence in those pieces. The claim I will make in this talk is that a key source of such insights has been neglected: <b>machine-checked mathematical proofs</b>. Here the basic functionality is an ASCII language for defining mathematical objects, stating theorems about them, and giving proofs of theorems. Crucially, an algorithm checks that purported proofs really do establish the theorems. By going about these activities in the style of programming, we inherit usual supporting tools like IDEs, version control, continuous integration, and automated build processes. But how could so esoteric a task as math proofs call for that kind of tooling, and what does it have to do with building real computer systems?</p> <p>I will explain a shared vision to that end, developed along with many other members of my research community. Let me try to convince you that all of the following goals are attainable in the next 10 years.</p> <ul> <li>We will have complete computer systems implementing moderately complex network servers for popular protocols, <i>proved to implement those protocols correctly, from the level of digital circuits on up</i>. We will remove all deployed code (hardware or software) from the trusted computing base, shifting our trust to much smaller specifications and proof checkers.</li> <li>Hobbyists will be able to design new embedded computing platforms by mixing and matching open-source hardware and software components, also mixing and matching <i>the proofs</i> of these components, <i>guaranteeing no bugs at the digital-abstraction level or higher</i>, with <i>no need for debugging</i>.</li> <li>New styles of library design will be enabled by the chance to attach a <i>formal behavioral specification</i> to each library. For instance, rank-and-file programmers will able to assemble their own code for cryptographic protocols, with code that looks like reference implementations in Python, but <i>getting performance comparable to what experts handcraft in assembly today</i>. Yet that benefit would come with <i>no need to trust that library authors have avoided bugs or intentional backdoors</i>, perhaps even including <i>automatic proofs of cryptographic security properties</i>.</li> </ul> <p>Main technical topics to cover to explain my optimism:</p> <ul> <li>The basic functionality of <i>proof assistants</i> and why we should trust their conclusions</li> <li>How to think about system decomposition with specifications and proofs, including why, for most components, we do not need to worry about specification mistakes</li> <li>The different modes of applying proof technology to check or generate components</li> <li>The engineering techniques behind cost-effective proof authoring for realistic systems</li> <li>A hardware case study: <a href="https://github.com/mit-plv/kami">Kami</a>, supporting component-based digital hardware authoring with proofs</li> <li>A software case study: <a href="https://github.com/mit-plv/fiat-crypto">Fiat Cryptography</a>, supporting correct-by-construction auto-generation of fast code for elliptic-curve cryptography</li> <li>Pointers to where to look next, if you would like to learn more about this technology</li> </ul> CC BY 4.0 false Adam Chlipala /system/events/logos/000/008/940/large/PI_logo.jpg?1512384539 2017-12-29T14:00:00+01:00 14:00 01:00 Saal Dijkstra 34c3-8940-policing_in_the_age_of_data_exploitation Ethics, Society & Politics lecture en What does policing look like in the age of data exploitation? This is the question we at Privacy International have been exploring for the past two years. Our research has focused on the UK where the population has been used as guinea pigs for ever more invasive modern approaches to policing. In this talk we will discuss our findings with you and avenues for change. Society is changing – the cities we live in, the way we communicate, the objects we carry, what we reveal about ourselves has evolved – and law enforcement across the world is desperately trying to catch up. From mobile phone extraction to social media intelligence, police forces have been trying to take advantage of an environment that is largely unregulated. With 51,000 cameras run by the police London is arguably the most surveilled city in the world. We have focused our research in a country that has effectively become a playing ground for law enforcement and corporations wishing to sell technologies offering the police unprecedented access to people’s life. The deals are safely signed behind closed doors and the general population has been left out of this debate. Privacy International has been trying to shed light on these new trends. By conducting research, FOI requests and legal actions we are attempting to document this new environment. Trials of facial recognition have taken place at football matches and Notting Hill Carnival. They will continue to test this technology on the public and the next year will see a rapid uptake of a variety of predictive policing tools throughout UK police forces. The rush to extract data from mobile phones continues without oversight resulting in serious crime investigations being undermined by poor practices. Next on the horizon is IoT and how the police can get their hands on data in your homes. We hope to create the opportunity for you to join our research project and start documenting what data and policing looks like in your country. CC BY 4.0 false Eva Blum--Dumontet Millie Wood /system/events/logos/000/009/028/large/democracia.jpg?1513769881 2017-12-29T15:15:00+01:00 15:15 01:00 Saal Dijkstra 34c3-9028-internet_censorship_in_the_catalan_referendum Overview of how the state censored and how it got circumvented Ethics, Society & Politics lecture en On October 1st the Catalan society held a referendum to decide if they wanted to stay part of the Spanish state or create an independent state. This talk will explain the internet censorship which took place in the weeks before the referendum, on the very same day as well as in the timer after the referendum. The talk will focus on the methods used by the state to carry out the censorship. These included websites informing about the referendum and information about the polling station each citizen had to use. I will describe how the censorship got circumvented and give an insight in the systems developed to facilitate an easy cloning of the information. On the day of the referendum it was expected that the Spanish police will close down polling stations. Therefor a global census accessible via internet was introduced which allowed the vote at any polling station. I will describe how this global census was organised to block people from voting twice. I will explain in which different ways the census got attacked by the Spanish state. And of course what we can learn from the state censorship to create more resilient infrastructures. CC BY 4.0 false Matthias Recording of the talk Slides 2017-12-29T16:30:00+01:00 16:30 01:00 Saal Dijkstra 34c3-9195-avatar Towards an open source binary firmware analysis framework Security lecture en Avatar² is an open source framework for dynamic instrumentation and analysis of binary firmware, which was released in June 2017. This talk does not only introduce avatar², but also focuses on the motivation and challenges for such a tool. Dynamic binary instrumentation and analysis are valuable assets for security analysis and testing, and while a variety of tools exist for desktop software, the tooling landscape for analysing low-level binary firmware directly interacting with hardware is relatively empty. This talk will first outline the key problems for developing dynamic firmware analysis tools and pinpoint different approaches to overcome those problems. The core of this talk, however, focuses on avatar², an open source framework built to ease firmware reversing and security analysis. In more detail, avatar² utilizes partial emulation to enable transparent analysis of firmware, and while the main firmware is executed inside the emulator, I/O operations to and from the hardware are commonly relayed to the actual hardware or the emulator. To realize this complex orchestration, avatar² enables communication and state synchronization between a variety of popular tools, such as Qemu, OpenOCD, GDB, PANDA and angr. While the declared scope of avatar² the is analysis of embedded firmware, this talk will also show that the framework can also be useful in other contexts, such as scripting gdb in python from outside gdb, or loading the state of a concretely executed binary into angr. CC BY 4.0 false nsr avatar2 - the source code slides file 2017-12-29T18:30:00+01:00 18:30 01:00 Saal Dijkstra 34c3-9142-resilienced_kryptographie Security lecture de Die Sicherheitsdesaster bei der Schlüsselgenerierung in TPM Chips und bei der Minix 3 basierten Intel ME Implementierung zeigen, dass das Vertrauen in hardwaregestützte Coputersicherheit grundlegend hinterfragt werden muss. Die Robustness in feindlicher Umgebung kann mit anspruchsvolleren kryptographische Verfahren mathematisch abgesichert erhöht werden. Kryptographie hilft gegen sehr mächtige Angreifer. Wenn jedoch Fehler bei der Schlüsselgenerierung gemacht werden oder Hardwarebackdoors schwer aufdeckbaren Angriffe ermöglichen, bricht das gesamte Sicherheitsfundament. Die Sicherheitsdesaster bei der Schlüsselgenerierung in TPM Chips und bei der Minix 3 basierten Intel ME Implementierung zeigen, dass das Vertrauen in hardwaregestützte Coputersicherheit grundlegend hinterfragt werden muss. Es gibt eine Reihe von einfachen mathematischen Hacks, um auch zukünftige Angriffsmethoden nachhaltig zu erschweren. Auch die Robustness in feindlicher Umgebung kann mit anspruchsvolleren kryptographische Verfahren mathematisch abgesichert erhöht werden. CC BY 4.0 false ruedi cforler 2017-12-29T19:45:00+01:00 19:45 01:00 Saal Dijkstra 34c3-8842-zamir_transnational_network_und_zagreb_dairy Das erste computer netzwerk in Krieg (Jugoslavia 1992-1997) Ethics, Society & Politics lecture de Die Geschichte des ZAMIR Transnational Network und meines Zagreb-Diary (http://www.wamkat.de/diaries1/zagreb-diary) zwischen 1991 und 1995 im früheren Jugoslawien. Es war das erste Computernetzwerk in einer Kriegsregion, das alle Friedens-, Frauen-, Menschenrechts- und humanitäre Aktivisten und alle anderen Menschen in dem Kriegsgebiet miteinander und der Außenwelt verbunden hat. Zwischen 1991 und 1995 habe ich aktiv mitgeholfen, die Idee eines Computer-Netzwerks in einem Kriegsgebiet zu verwirklichen. Mit Unterstützung von Bionic, CCC und anderen Gruppen wurden im Gebiet des früheren Jugoslawien etwa ein Dutzend Hubs aufgebaut, die damals fast 20.000 Benutzer im Kriegsgebiet mit der Außenwelt und - quer über die wechselnden Fronten - auch miteinander verbunden haben: Das ZAMIR Transnational Network. Ich habe in der Zeit jeden Tag mein elektronisches Tagebuch publiziert (http://www.wamkat.de/diaries1/zagreb-diary), was manchmal von einigen hunderttausend Menschen gelesen wurde und viel dazu beigetragen hat, ein aktives, humanitäres grassroots-Netzwerk aufzubauen. Von den damaligen Schwierigkeiten möchte ich gern berichten, die sich heute kaum noch jemand vorstellen kann, obwohl es eigentlich noch gar nicht so lange her ist. Davon, wie wir die Probleme gelöst haben (oder nicht) und was sich daraus ergeben hat. Über die Dinge, die wir damit erreicht haben. Und darüber, was für mich und andere schließlich daraus geworden i CC BY 4.0 false Wam (P.J.H.F.) Kat ZaMirNET (Wikipedia) /system/events/logos/000/009/104/large/Decryption_mix_net.png?1508154980 2017-12-29T21:00:00+01:00 21:00 01:00 Saal Dijkstra 34c3-9104-how_alice_and_bob_meet_if_they_don_t_like_onions Survey of Network Anonymisation Techniques Resilience lecture en There exists no such thing as a perfect anonymity network with low latency, low bandwith consumption which provides strong anonymity. Popular anonymisation networks rightfully focus on Web browsing, because that is the most popular application on todays Internet. The most popular anonymisation network is, rightfully so, Tor. You might, however, not have the requirements that mandate the use of the Tor network and thus are looking for alternatives. In this talk, we present alternatives to the popular Tor anonymisation network and examine what they achieve and how they differ. With the popularity of the Web came the popularity of anonymisation communication networks (ACNs) catering for the Web context. That means in particular low latency. Generally, though, anonymisation networks can be classified by different properties such as anonymity goals, strength of adversary or application area. In this talk we present alternative ACNs to the popular Tor network and their goals. We explain their architectures, properties, and how they achieve anonymity. In particular, we will look at JonDonym, I2P, Freenet, and GNUnet as well as ongoing research projects such as Loopix, Vuvuzela, and Riffle. We will see that once you understand your requirements, you can optimise your choice of anonymisation networks according to your needs. CC BY 4.0 false Tobias Mueller Erik Matthias 2017-12-29T22:15:00+01:00 22:15 01:00 Saal Dijkstra 34c3-9119-ein_festival_der_demokratie Von Technik, Kollaborationen und Erreichtem zum G20-Gipfel 2017 Resilience lecture de Erfahrungen und Details zu den zwei kritischen Medienprojekten FC/MC (alternatives Medienzentrum im Herzen der Stadt) und THERE IS NO TIME (Live-Talks am Rande des Sperrgebiets und über die Stadt verteilte Video-Empfangsstationen) und ihrer Kollaboration mit dem VOC zum G20 Gipfel in Hamburg. <b>Info</b> Als im Sommer 2016 klar wurde, dass ein in einem Jahr die Avatare der 20 größten Industriestaaten nach Hamburg kommen würden, entwickelten die Gruppen um die Projekte FC/MC und THERE IS NO TIME, zunächst unabhängig und später im Austausch miteinander, zwei komplementäre Medienformate, die den G20-Gipfel begleiten sollten. FC/MC als Plattform für kritische Berichterstattung und Bereitstellung von Infrastruktur für diese, TINT mit eigens produzierten Live-Talks, orientiert an den Punkten der offiziellen Gipfelagenda, und einem Netzwerk von Empfangsstationen in der ganzen Stadt. Beide Gruppen arbeiteten dabei mit dem VOC und weiteren Hackern aus dem CCC zusammen, um die produzierten Inhalte zu verteilen sowie die Technische infrastruktur für das FCMC zu schaffen. <b>Why tho?</b> Erfahrungsgemäß verläuft die Berichterstattung zu Events wie dem G20 oft tendenziös und eng am Narrativ der offiziellen Polizeiberichte. Auch rückblickend ist dies in Anbetracht von Repression und Umgang mit Polizeigewalt ein augenscheinliches Problem. Eine Auseinandersetzung mit den Themen, die beim Gipfel verhandelt werden oder werden sollten, findet in der Regel nicht statt oder verliert sich im Rausch des Spektakels. Sowohl der mangelnden Qualität und der Behinderung von Berichterstattung, als auch dem Fehlen einer verständlichen Auseinandersetzung mit den politischen Inhalten dieses "Festivals der Demokratie" wollten wir etwas entgegensetzen. <b>Proposal</b> Im Talk möchten wir aus unterschiedlichen Perspektiven von unseren Erfahrungen berichten. Von technischen Hürden, von Arbeit in Gruppenstrukturen, von Organisation, Schwierigkeiten und Erfolgen: Als FC/MC (mit großem Aufgebot an Infrastruktur und Raum im Herzen von Hamburg) und als TINT (mit einem schwimmenden Studio auf einem Hamburger Kanal und den Relays bis in die Sperrgebiete) Es geht darum ein verständliches Bild zu zeichnen von dem, was in Hamburg während und vor dem Gipfel bei uns passiert ist und erreicht wurde. Zum anderen um Erkenntnisse für die Zukunft: Was hat es gebracht und wie können, sollten und wollen wir weiter machen? Dabei wollen wir besonders die Fruchtbarkeit von Kollaborationen dieser Art, in unserem Fall zwischen Aktivist_innen, Künstler_innen und Hacker_innen unterstreichen. CC BY 4.0 false Daniel Möring (TINT Kollektiv) h01ger nuriye@thereisnotime.net maren@nadir.org Oliver Gemballa FC/MC THERE IS NO TIME /system/events/logos/000/009/288/large/Screen_Shot_2017-11-27_at_21.00.25.png?1513536151 2017-12-29T23:30:00+01:00 23:30 01:00 Saal Dijkstra 34c3-9288-deconstructing_a_socialist_lawnmower Obsolete Technologies + Critical Material Studies in Media Art Art & Culture lecture en Darsha Hewitt is a Canadian artist working in new media and sound. She is known for her examinations of communication technology in the domestic sphere and her use of DIY aesthetics and practices as an artistic method. She makes electromechanical sound installations, drawings, audio-visual works, how-to videos and experimental performances with handmade electronics. Through deconstruction and experimentation with failed and obsolete technology, her work demystifies hidden systems within machines as a way to trace-out structures of economy, power and control embedded throughout capitalist culture. Alongside her artistic practice, Darsha is presently a fellow at the Berlin Centre for Advanced Studies in Arts and Sciences (BAS) in the Graduate School at the Art University of Berlin and a Guest Professor in New Media and Sound Art at the Karlsruhe University of Art and Design. From 2015-16 she shared a joint guest professorship in New Media with Aram Bartholl at the Art University of Kassel. She is also a Lecturer in the Media Arts Environments Research Chair at the Bauhaus University Weimar. Her do-it-yourself electronics workshops are an integral part of her discipline and are presented internationally. Her work in this field was a subject in the Music, Digitization, Mediation: Towards Interdisciplinary Music Studies project based in the Faculty of Music at Oxford University. Darsha is a collaborating facilitator of the Music Makers Hack Lab with Create Digital Music . false Darsha Hewitt http://www.darsha.org 2017-12-29T20:15:00+01:00 20:15 1:45 Lecture room 11 self organized sessions meeting de Daily A/V Angel Meeting: Feedback and Shift Distribution Jwacalex https://c3voc.de https://events.ccc.de/congress/2017/wiki/index.php/Session:A/V_Angel_Meeting 2017-12-29T12:00:00+01:00 12:00 1:00 Lecture room 11 self organized sessions workshop de gruppen von menschen die gemeinsam dinge tun lassen sich oft weiter demokratisieren als "nur" basisdemokratie zu machen. konsensdemokratie ist nicht nur möglich, sondern mittelfristig sogar effizienter und stressfreier. mehr spaß macht sie auch :-) http://www.premium-cola.de/kollektiv/workshop https://events.ccc.de/congress/2017/wiki/index.php/Session:Angewandte_konsensdemokratie 2017-12-29T19:00:00+01:00 19:00 1:15 Lecture room 11 self organized sessions talk en Current approaches to Communities on the Internet are ad hoc and technocratic. Communities suffer because they are either too small to administrate themselves, too large to usefully share, trust and maintain the faith. Another failure mode is Identity - most of systems fail in that they are allocative approaches built for the interests of states or corporations, and fail to capture benefits for the ‘identified’. Some systems like PKI even go further and impose all the failure modes on the users, leaving the users no incentive to participate and every incentive to ignore the system. Webs of trust showed early promise but failed due to too much decentralisation - links with little meaning and no sharing meant little. Today we can now combine several approaches derived from diverse histories: Internet’s web of trust & PKI coupled with Kenya’s chamas added to the administration capabilities of blockchain. The combination can solve the Identity problem and unchain the social savings of a continent to enable and empower their growth. A trip from CAcert over African Chamas through blockchains to Community Katzazi Iang http://chamapesa.com https://events.ccc.de/congress/2017/wiki/index.php/Session:Future_of_Communities_-_Unchained_Chamas! 2017-12-29T13:00:00+01:00 13:00 2:00 Lecture room 11 self organized sessions Haecksenbreakfast (female* only) https://events.ccc.de/congress/2017/wiki/index.php/Session:Haecksenbreakfast 2017-12-29T23:59:00+01:00 23:59 1:30 Lecture room 11 Advanced self organized sessions workshop de TBD Lil-Missy https://kinkygeeks.de https://events.ccc.de/congress/2017/wiki/index.php/Session:KinkyGeeks_Bondage_Workshop 2017-12-30T02:30:00+01:00 02:30 2:00 Lecture room 11 Open Rope Jam self organized sessions workshop de TBD Lil-Missy https://kinkygeeks.de https://events.ccc.de/congress/2017/wiki/index.php/Session:KinkyGeeks_Bondage_Workshop 2017-12-29T10:00:00+01:00 10:00 2:00 Lecture room 11 Polyamory (n:n) Relationships - Discussion self organized sessions discussion en Polyamory (n:n) Relationships - Discussion https://twitter.com/SycretSoul https://events.ccc.de/congress/2017/wiki/index.php/Session:Polyamory_-_n2n_relationships_extended 2017-12-29T17:00:00+01:00 17:00 2:00 Lecture room 11 self organized sessions meeting de Das alljährliche Regiotreffen auf dem Congress. Das unterhaltsame MUSS für alle Regiovertreter der Erfas und Chaostreffs, wobei selbstverständlich auch interessierte Zaungäste bei diesem spannenden Chaosfamilienspaß herzlich willkommen sind! ;) https://ccc.de/regional https://events.ccc.de/congress/2017/wiki/index.php/Session:Regiotreffen 2017-12-29T22:00:00+01:00 22:00 1:59 Lecture room 11 self organized sessions discussion en Questions & Answers session with the Tor project Arma https://torproject.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Tor_Q%26A 2017-12-29T15:00:00+01:00 15:00 2:00 Lecture room 11 In-depth self organized sessions workshop en WireGuard is a next generation secure network tunnel, which uses state of the art cryptography. This workshop will discuss what WireGuard is, the cryptography behind it, some interesting kernel engineering tricks it uses, and how you too can use it. There will be copious quantities of free stickers. The session will be fairly open and free form. The creator of WireGuard will have an endless quantity of material of his own to present, but more generally, we'll open it up to whatever people want to discuss and collaborate on. If you're interested in kernel programming, networking, cryptography, or security, this is a key workshop to attend. https://www.wireguard.com/ https://events.ccc.de/congress/2017/wiki/index.php/Session:WireGuard 2017-12-29T15:00:00+01:00 15:00 1:30 Seminar room 14-15 self organized sessions meeting de CCC-CH GV / Gettogether Vimja https://www.ccc-ch.ch/gettogether.html https://events.ccc.de/congress/2017/wiki/index.php/Session:CCC-CH_GV 2017-12-29T16:30:00+01:00 16:30 1:00 Seminar room 14-15 using sexting, consent, and memes to bring crypto to the masses self organized sessions workshop en A workshop on taking cryptoparties to different settings and working with other communities to bridge gaps on understanding of how privacy, encryption, and free software is relevant to them. This workshop will start with a case study on teaching secure communications for sexting and the role of listening and finding overlapping values. https://events.ccc.de/congress/2017/wiki/index.php/Session:Cryptoparties,_specialized_content,_and_creative_outreach 2017-12-29T22:00:00+01:00 22:00 2:00 Seminar room 14-15 Learn to be an even better Herald! self organized sessions workshop en Ijon https://events.ccc.de/congress/2017/wiki/index.php/Session:Improv_Workshop_by_Yussef 2017-12-29T14:00:00+01:00 14:00 1:00 Seminar room 14-15 Fix your pancreas with a soldering iron 👩‍🏭 self organized sessions meeting de Type 1 diabetes meetup. Lets discuss experiences and learnings with Continuos glucose monitoring (CGM), the open artificial pancreas system (OpenAPS) and looping in general. Bring your T1D hardware! Melle https://events.ccc.de/congress/2017/wiki/index.php/Session:Insulin_hackers_meetup 2017-12-29T18:30:00+01:00 18:30 1:00 Seminar room 14-15 self organized sessions talk en What if money worked like the Internet, with all currencies and payment networks connected together? Interledger is an open payment protocol inspired by TCP/IP that could be the foundation for an "Internet of Value". This session presents Interledger, streaming and chunked payments, and demonstrates how the protocol can connect any type of currency or ledger. We'll discuss the implications for the business model of the Internet and the very nature of money. Emschwartz https://interledger.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Interledger:_Streaming_Micropayments_%2B_Connecting_(Crypto)Currencies 2017-12-29T12:30:00+01:00 12:30 1:30 Seminar room 14-15 An introduction to the Latin language self organized sessions talk en This workshop, targeted at beginners but open to all levels, will explore reasons to learn Latin as well as introducing the fundamentals of the Latin Language itself. Aestetix https://events.ccc.de/congress/2017/wiki/index.php/Session:Lingua_Latina 2017-12-29T17:30:00+01:00 17:30 1:00 Seminar room 14-15 Translation Angel Meeting Day 3 self organized sessions meeting en Daily orga meeting of the Translation Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Translation_Team 2017-12-29T19:30:00+01:00 19:30 2:00 Seminar room 14-15 self organized sessions workshop de Wie erklärt man Menschen ohne Technikfachwissen, dass Massenüberwachung eine schlechte Idee ist? Wir wollen uns weitere coole Aktionsideen, Narrative und Analogien überlegen, mit denen man das Thema greifbar und emotional machen kann. Am Anfang zeigen wir vermutlich, was wir bis jetzt so gemacht haben (digitale-freiheit.jetzt) und geben ein bisschen Input. http://digitale-freiheit.jetzt https://events.ccc.de/congress/2017/wiki/index.php/Session:Tuwat!_gegen_%C3%9Cberwachung 2017-12-29T13:00:00+01:00 13:00 1:00 Lecture room 12 self organized sessions meeting de Binärgewitter Hörertreffen auf dem 34c3 Makefu http://krepel.us https://events.ccc.de/congress/2017/wiki/index.php/Session:Bin%C3%A4rgewitter_H%C3%B6rertreffen 2017-12-29T23:59:00+01:00 23:59 2:00 Lecture room 12 self organized sessions workshop en An introduction to computer forensics, how to use some tools and how to avoid being detected by some of them ;) Hunter2 https://events.ccc.de/congress/2017/wiki/index.php/Session:Computer_Forensics_introduction_%2B_Q%26A 2017-12-29T11:30:00+01:00 11:30 1:00 Lecture room 12 self organized sessions talk en Since Gödel's celebrated work we know: The rules of mathematics are incomplete. There are true statements for which we have proof that they don't have a proof and there are statements for which we can arbitrarily decide whether they are true or not. Learn more about this curious state of affairs in the session! IngoBlechschmidt https://events.ccc.de/congress/2017/wiki/index.php/Session:Faith_in_mathematics_(Wondrous_Mathematics) 2017-12-29T17:00:00+01:00 17:00 1:00 Lecture room 12 self organized sessions workshop en Come for an introduction to Qubes OS, the reasonably secure operating system. Core developers and contributors will be there to answer any questions you have! https://www.qubes-os.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Intro_to_Qubes_OS 2017-12-29T18:00:00+01:00 18:00 1:30 Lecture room 12 self organized sessions discussion en Despite the dense and controversial history of psychedelics, since around 2000 in Europe and United States researchers have reopened investigations into the potential therapeutic applications of these drugs. However, today a variety of psychedelic uses exist both within and outside of medicine. According to numerous press reports, in Rolling Stones, Wired Magazine, Vice, Marie Claire, The Economist, Forbes, The Washington Post, The Guardian and many other journals, Microdosing Psychedelics appears to gain in popularity within different social spheres, especially in professional fields such as informatics and information technologies. It is also supported for its therapeutic dimension, as we can see it in the book of the lawyer and novelist Ayelet Waldman, A Really Good Day, who explains that microdosing helped her to recover from a depression, and, finally, according to the data collected up till now by the psychologist James Fadiman or the information on current scientific research provided by the association The Third Wave. From a comprehensive and non-evaluative sociological perspective, this self-organized session will be dedicated to the current variety of (non-) therapeutic uses of psychedelics, and will aim to share experiences and opinions related to the theme of microdosing psychedelics. https://events.ccc.de/congress/2017/wiki/index.php/Session:Microdosing_Psychedelics:roundtable_discussion 2017-12-29T19:30:00+01:00 19:30 1:30 Lecture room 12 self organized sessions workshop en A lab about practical attacks on different routing protocols (RIPv2, OSPFv2 and BGP), using GNS3 network simulation tool for creating the virtual lab and for testing the various attacks. Illordlo http://asseenonyp.com https://events.ccc.de/congress/2017/wiki/index.php/Session:Network_hacks_for_smart_attacks 2017-12-29T21:00:00+01:00 21:00 1:00 Lecture room 12 self organized sessions discussion en You have organised a CryptoParty in the past or maybe you've been pondering the idea of organising one? Join us to discuss the main challenges you met and what the most rewarding part of the process was. How did you plan your event and how did you spread the word about it? What was the geographical, political and cultural context you worked in? What were the main challenges you had to overcome? What was the feedback you received? What went well and what could be done to do even better? Sharing answers to these questions might help us improve as a community. Fabio https://cryptoparty.in https://events.ccc.de/congress/2017/wiki/index.php/Session:Organising_a_CryptoParty,_reports_and_experiences_from_the_field 2017-12-29T14:00:00+01:00 14:00 3:00 Lecture room 12 self organized sessions hands-on en You use your smartphone more than any other computer in your posession? You wonder if you are in control over your device and your data? Is it the manufacturer, the networt carrier, the OS developer, or the app developers? In this workshop we will shine some light into these questions. We will give you advise how to choose freedom and start to take back control over your mobile devices by installing Replicant. Replicant is a truly freedom and privacy-respecting OS based on Android. You will learn how to install Replicant on variety compatible Android devices (replicant.us/supported-devices.php). You can ask questions and can also participate with your own devices. We will provide a number of compatible devices to experiment with. Eal N0airc0n Tiberiu http://replicant.us https://events.ccc.de/congress/2017/wiki/index.php/Session:Replicant_Install_Fest 2017-12-29T10:00:00+01:00 10:00 0:45 Seminar room 13 self organized sessions talk de Learning in science fiction movies. This talk is just for fun… And yes, there will be school violence ;-) Birdy1976 https://b76.ch/9633 https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Dreams_of_the_Future 2017-12-29T09:00:00+01:00 09:00 1:00 Seminar room 13 self organized sessions workshop de We'll do some Yoga to calm our minds and move them bodies. Birdy1976 https://www.yogatoessfeld.ch/team/martin-voegeli-springer/ https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Hitchhiker%27s_Towel-Yoga 2017-12-29T22:00:00+01:00 22:00 1:30 Seminar room 13 This driver is not one of ours. self organized sessions workshop de Sharing some results from dissecting and re-implementing a rootkit. Aim was and is to understand the decisions of the orginal authors. Work is based on a re-implementation of a well-known implant. Previous Experience in Reversing Malware strongly recommended. Bring a Win7x64 system and IDA Pro. https://events.ccc.de/congress/2017/wiki/index.php/Session:Experience_in_dissecting_malware 2017-12-29T20:00:00+01:00 20:00 1:00 Seminar room 13 self organized sessions discussion In association with the installation in the Art & Play space, we will attempt to apply some of McLuhan's ideas to some of the other themes, objects, and ideas presented at 34C3 http://westdenhaag.nl/exhibitions/17_09_McLuhan https://events.ccc.de/congress/2017/wiki/index.php/Session:Feedback!_Marshall_McLuhan_and_the_Congress 2017-12-29T13:00:00+01:00 13:00 1:00 Seminar room 13 self organized sessions meeting de (German) Mitgliederversammlung des Fördervereins Gentoo e.V. Sping https://gentoo-ev.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Gentoo_e.V._Mitgliederversammlung 2017-12-29T19:00:00+01:00 19:00 1:00 Seminar room 13 Network & drink self organized sessions meeting Meet some security people from all over the world, connect & chat, exchange frustrating or fun work-related stories & have a drink with us! Gathering can continue in the party area ;) 5ettings https://events.ccc.de/congress/2017/wiki/index.php/Session:IT-Security_Meetup 2017-12-29T17:00:00+01:00 17:00 1:00 Seminar room 13 Creative Writing Workshop self organized sessions hands-on en It's a creative writing workshop. Interested participants will deal with this year's theme of #tuwat - do something. Don't wait for whatever you are waiting for. You can be active. You can change the world. You could even write a book. Jinxx https://events.ccc.de/congress/2017/wiki/index.php/Session:Let%27s_hack_words 2017-12-29T18:00:00+01:00 18:00 1:00 Seminar room 13 self organized sessions workshop en We are some of the core Nextcloud developers and offer to give insights to development related questions. Do you want to know about specific components in the server? Do you need ideas how to tackle an issue with your app? Or do you need some help getting started? Then this is the right place for you. Blizzz https://nextcloud.com https://events.ccc.de/congress/2017/wiki/index.php/Session:Nextcloud_Dev_Q%26A 2017-12-29T16:00:00+01:00 16:00 1:00 Seminar room 13 A toolbox to make it work self organized sessions workshop en Polyamory (n:n) Relationships - A toolbox to make it work Sycret.Soul https://twitter.com/SycretSoul https://events.ccc.de/congress/2017/wiki/index.php/Session:Polyamory_-_Toolbox 2017-12-29T15:00:00+01:00 15:00 1:00 Seminar room 13 self organized sessions workshop en This workshop is about building tools for detecting – and fixing – human rights violations that occur in the production of electronics products. I'll give an introductory talk on social hotspot analyses, and then we'll discuss projects and potential applications that could aid in changing the current, dire state of affairs. Xian https://events.ccc.de/congress/2017/wiki/index.php/Session:The_Human_Rights_Footprint_of_Electronics 2017-12-29T14:00:00+01:00 14:00 1:00 Seminar room 13 self organized sessions discussion en Are you developing some kind of system to analyse, detect or avoid the spread of fake news, the effect of filter bubbles, echo chambers and all that crap that comes along with misinformation? Or are you an enthusiast willing to join forces? This session is here to put us in contact, debate, show others what has been done so far. Can we design protocols to integrate different tools? How can we coordinate and avoid reinventing the wheel? Come and share your findings! MichaelKreil https://events.ccc.de/congress/2017/wiki/index.php/Session:Tuwat!_gegen_Fake_News 2017-12-29T21:00:00+01:00 21:00 1:00 Seminar room 13 Gathering of XMPP developers self organized sessions meeting en Gathering of XMPP developers Marvin https://events.ccc.de/congress/2017/wiki/index.php/Session:XMPP 2017-12-29T14:00:00+01:00 14:00 1:00 CCL Hall 3 self organized sessions workshop de Just a short recap of the status of the current Datenschleuder Rincewind https://events.ccc.de/congress/2017/wiki/index.php/Session:Datenschleuder 2017-12-29T16:00:00+01:00 16:00 1:00 CCL Hall 3 self organized sessions Today, French and UK governments are implementing some of the worst infringing surveillance laws in the world. Activist lawyers bringing litigation to challenge these laws will look at how to fight the spread of these models to the rest of Europe and the world and what the alternative should look like in a context where fears of terrorism influence government policy and result in measures that are beyond what is necessary and proportionate. To do so let's have an overview of the measures' main elements that we tackle in the UK and France and our strategies and tactics. Eal https://exegetes.eu.org/en/ https://privacyinternational.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Fixing_mass_surveillance:_one_court_case_at_a_time! 2017-12-29T22:00:00+01:00 22:00 1:00 CCL Hall 3 self organized sessions discussion en Hackbases are similar to hackerspaces, but people also live in them. The 4th yearly self-org session will present the existing ones, common lessons, and the tools to organize new ones. You should come if you're interested in different ways of living to: have a job + pay rent. http://board.net/p/34c3-hackbases https://events.ccc.de/congress/2017/wiki/index.php/Session:Hackbases_yearly_meeting_(coliving_hackerspace_projects) 2017-12-29T13:00:00+01:00 13:00 1:00 CCL Hall 3 Information security theater vs. Investigative journalism (Rysiek, OCCRP) self organized sessions talk en Banning strong cryptography or rolling out pervasive network surveillance are just some of many policy ideas proposed or instituted not only in oppressive regimes, but also in stable democracies. Tools developed by three-letter-agencies end up in the hands of oppressive regimes, and 0-day hoarding creates a market for exploits, which puts journalists and their sources in danger. Arguing against these very often proves difficult, as it is usually anchored in democratic principles and philosophical arguments -- something we all understand, but which is also much less concrete and easy to grasp than the terrorist threat du jour, so vividly exemplifying the purported need for the proposed measures. Having been involved in such policy discussions for many years, and having been working daily with journalists around the globe, I'd like to talk about very concrete examples of *why* the democratic principles are in place, and offer concrete arguments to all policy hackers out there who need them to fend off the current flavor of information security theater measures. Rysiek https://events.ccc.de/congress/2017/wiki/index.php/Session:Information_security_theater_vs._Investigative_journalism 2017-12-29T19:00:00+01:00 19:00 1:00 CCL Hall 3 self organized sessions talk en Eal http://publiccode.eu https://events.ccc.de/congress/2017/wiki/index.php/Session:Public_Money%3F_Public_Code! 2017-12-29T17:30:00+01:00 17:30 0:30 CCL Hall 3 Are NAT translations respecting proportionality and data retention principles? (Hermes Center) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-29T15:00:00+01:00 15:00 1:00 CCL Hall 3 Onlincensorship.org: social media content takedowns (EFF) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-29T14:00:00+01:00 14:00 1:00 CCL Hall 3 Digital Anonimity for Whistleblowing (Hermes Center) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-29T18:00:00+01:00 18:00 1:00 CCL Hall 3 DYI: Net Neutrality enforcement in the EU (Epicenter.works) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-29T17:00:00+01:00 17:00 0:30 CCL Hall 3 Strategic litigation in Germany- complaints to stop mass surveillance (Ulf Buermeyer, GFF) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-29T21:00:00+01:00 21:00 1:00 CCL Hall 3 Wie die flächendeckendeGesichtserkennung sich in unser Datenschutzgesetz eingeschlichen hat (Frank, Datenschutzraum) (in German) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-29T21:30:00+01:00 21:30 2:30 Chaos West Stage self organized sessions meeting en The 34C3 concludes and we will honor the first three teams. Then there will be ample opportunity to discuss challenges, CTF in general and drink beer. Andy https://34c3ctf.ccc.ac/announcements/ https://events.ccc.de/congress/2017/wiki/index.php/Session:34C3_CTF_Afterparty 2017-12-29T19:15:00+01:00 19:15 1:00 Chaos West Stage self organized sessions talk de In dieser Session wird euch der Online-Editor iD vorgestellt werden, mit dem ihr zu OpenStreetMap beitragen könnt. Nakaner https://www.openstreetmap.de/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Einf%C3%BChrung_in_den_OpenStreetMap_Online-Editor_iD 2017-12-29T13:30:00+01:00 13:30 0:30 Chaos West Stage self organized sessions talk en Worldview change and and critique are two related topics which can both be approached as a hunt for security vulnerabilities. In this talk, I will present a model for "inflitrating misconceptions" to upgrade worldviews, and I will show how this is similar to an enantiodromial model of conceptual critique. http://andersaamodt.com/oeuvre.php https://events.ccc.de/congress/2017/wiki/index.php/Session:Hacking_Worldviews_/_Hacking_Abstractions 2017-12-29T17:00:00+01:00 17:00 0:45 Chaos West Stage self organized sessions de The assembly will try to collect your tool-stories, the mysterious setup of your most mundane tasks or the most elaborate (yet unfinished) projects to code where others have been using pen and paper for ages. In workshops we will tell our own stories and help you to become as addicted to the command line as we are. Most important, we will be there for all our fellow addicts of tool-chain-optimisation to have yet another endless discussion on the advantages of shell X, editor Y, or the usefulness of using graph databases for shopping lists. Nanooq http://www.ccchb.de/wiki/34c3_Assembly_Habitual_Automation https://events.ccc.de/congress/2017/wiki/index.php/Session:Inj4n:_Habitual_Automation_-_Because_we_have_to_script 2017-12-30T00:00:00+01:00 00:00 2:00 Chaos West Stage Raoul Funkler DJ set self organized sessions other de Come over and meet us at our cozy music lounge in hall 2! Proudly presented by Chaos West Bam https://events.ccc.de/congress/2017/wiki/index.php/Session:Klangteppich 2017-12-30T02:00:00+01:00 02:00 2:00 Chaos West Stage Project Poltergeist DJ set (Alexeyan) Dark & Noisy Techno self organized sessions other de Come over and meet us at our cozy music lounge in hall 2! Proudly presented by Chaos West Bam https://events.ccc.de/congress/2017/wiki/index.php/Session:Klangteppich 2017-12-29T16:00:00+01:00 16:00 0:45 Chaos West Stage self organized sessions talk de Quelle von Datensätzen, Logistik von Big Data, Bildung effizienter Features, Principal Component Analysis und andere statistische Methoden, Clustering, Neuronale Netzwerke vs. Deep Learning, Wie interpretiere ich Daten, Präsentation von Ergebnissen Nanooq https://chaos-west.de/wiki/index.php?title=Diskussion:34C3/B%C3%BChne/Slots#Haecksen_BringYourOwnBear_Happy_Hour https://events.ccc.de/congress/2017/wiki/index.php/Session:Limlug:_In_der_Weihnachtsb%C3%A4ckerei_-_Data_Science_und_Kekse 2017-12-29T20:20:00+01:00 20:20 0:30 Chaos West Stage self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:On_Scripting 2017-12-29T14:00:00+01:00 14:00 0:40 Chaos West Stage self organized sessions talk en SecureDrop is an free software whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by Freedom of the Press Foundation. https://securedrop.org https://events.ccc.de/congress/2017/wiki/index.php/Session:SecureDrop 2017-12-29T21:00:00+01:00 21:00 0:20 Chaos West Stage self organized sessions talk en A short presentation on a new approach to writing programs inspired by graphical calculi developed for quantum protocols (amongst others). http://statebox.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Statebox_-_compositional_smart_contracts_through_category_theory 2017-12-29T14:45:00+01:00 14:45 1:15 Chaos West Stage self organized sessions talk en youbroketheinternet/wefixthenet session to discuss and report progress on a secure, private post-Snowden era Internet Forthy http://youbroketheinternet.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Ybti%2Bwefixthenet 2017-12-29T18:00:00+01:00 18:00 0:25 Chaos West Stage Peer-to-Peer in JavaScript Against the Centralization of the Internet self organized sessions talk en youbroketheinternet/wefixthenet session to discuss and report progress on a secure, private post-Snowden era Internet Forthy http://youbroketheinternet.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Ybti%2Bwefixthenet 2017-12-29T18:30:00+01:00 18:30 0:30 Chaos West Stage Die Programmiersprache Forth self organized sessions talk en youbroketheinternet/wefixthenet session to discuss and report progress on a secure, private post-Snowden era Internet Forthy http://youbroketheinternet.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Ybti%2Bwefixthenet 2017-12-29T14:30:00+01:00 14:30 0:45 Hive Stage self organized sessions talk de Many museums, archives and libraries are still reluctant to share their data. Actually it is our data as it is often public domain and or financed with public money. Yet many still hesitate. #openGLAM is an international movement to motivate Galleries, Libraries, Archives and Museums to share digitized cultural heritage and make it open for reuse. GLAM data is so attractive for reuse. Events as Coding da Vinci ( https://codingdavinci.de/about/ ) or happenings as GIF IT UP ( http://blog.europeana.eu/2017/11/winners-of-gif-it-up-2017/ ) do show some examples. Where to find open GLAM data and how to convince GLAMs to open up. see presentation here https://commons.wikimedia.org/wiki/File:34C3_CdV_OpenGLAM_(1).pdf Fischerdata https://codingdavinci.de/about/ https://events.ccc.de/congress/2017/wiki/index.php/Session:How_to_turn_museums_into_open_data_hubs 2017-12-29T16:30:00+01:00 16:30 0:20 Hive Stage teaser self organized sessions en Wikidata is an open source knowledge base where volunteers from all around the world add and structure data to describe our complex reality, based on sources, just as Wikipedia. Discover how Wikidata works, how you can improve and reuse the data, how the community works and which tools they use. Auregann https://events.ccc.de/congress/2017/wiki/index.php/Session:Introduction_to_Wikidata 2017-12-29T17:00:00+01:00 17:00 1:00 Hive Stage from zero to upstream in 60 minutes self organized sessions workshop This Workshop will walk you through the whole process of performing a package update in nixpkgs. After this workshop you should be good to go to contribute to nixpkgs yourself. Mic92 https://nixos.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Packaging_in_Nixpkgs 2017-12-29T15:30:00+01:00 15:30 0:45 Hive Stage self organized sessions talk en How does Wikimedia serve a hundred thousand Wikipedia pages second? Brightbyte https://wikitech.wikimedia.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:WikiTech 2017-12-29T23:00:00+01:00 23:00 0:50 Komona Aquarius self organized sessions talk de Fotosesseion über falsch gemachte Elektroinstallationen (Gruselkabinett) Eleitung https://events.ccc.de/congress/2017/wiki/index.php/Session:Elektrogruselkabinett 2017-12-29T20:00:00+01:00 20:00 2:00 Komona Aquarius self organized sessions other de Ausgehend vom Workshop im letzten Jahr die angewandte Malediktion anwenden: offener Wettkampf, mehrere Runden nach K.O.-System, wer wird der*die Rohrspatz? https://events.ccc.de/congress/2017/wiki/index.php/Session:Kreatives_Beschimpfen_Pt._2:_Es_gibt_kein_Battle 2017-12-29T15:00:00+01:00 15:00 1:00 Komona Aquarius self organized sessions talk de Wie navigiere ich ein Schiff? Was gilt es auf hoher See zu beachten. https://events.ccc.de/congress/2017/wiki/index.php/Assembly:Just_Humans https://events.ccc.de/congress/2017/wiki/index.php/Session:Nautik-1x1/Wie_fahre_ich_ein_Schiff 2017-12-29T12:00:00+01:00 12:00 1:30 Komona Aquarius self organized sessions other en Tom Sachs and his team re-build things. For example they rebuilt a space-suit, and other objects that they copied from NASA. He sais,"he puts the same effort into his work, as the people at NASA have put into sending the first human to the moon". The Tom Sachs films are often directed by Van Neistat (the brother of the youtube star Casey Neistat), and have a documentary style, and the tone of an instruction video. Despite their often pro-US-empire tone, they are a great example for beautiful and creative knowledge sharing via moving images. Andorra http://www.tenbullets.com https://events.ccc.de/congress/2017/wiki/index.php/Session:Screening:_Tom_Sachs_-_Color,_Love_Letter_To_Plywood,_How_To_Sweep,_Spacecamp 2017-12-29T16:00:00+01:00 16:00 2:00 Komona Aquarius self organized sessions Webmind https://events.ccc.de/congress/2017/wiki/index.php/Session:Smart_Cities_-_reality_or_fata_morgana_%3F 2017-12-29T20:00:00+01:00 20:00 1:00 Komona Coral Reef self organized sessions meeting en Informal exchange for anyone interested in Dat project, Beaker browser and the decentralized web in general. We can get you started with hosting you own website via Dat and beaker browser and talks about all things related to the Dat ecosystem and the wider decentralized web. https://datproject.org https://beakerbrowser.com/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Dat,_Beaker_browser_and_decentralized_web 2017-12-29T16:00:00+01:00 16:00 2:00 Komona Coral Reef self organized sessions workshop en https://events.ccc.de/congress/2017/wiki/index.php/Session:Hedonist_International_Networking_Meeting_Workshop_for_2018s_Congress_Convoy 2017-12-29T12:00:00+01:00 12:00 0:45 Komona Coral Reef Day 3 self organized sessions workshop en Hacktivism from time to time leads to imprisonment and repressions. There are several people right now siting in jail that consider themselves anarchist or did actions that are supported by anarchist community. Not to let those people alone in prison we would like to have every day 1 hour around the table, where we get to know the stories of imprisoned activists and write them some words of support with postcards/letters. You don't need any special skills for that. The postcards will be there for you. http://abcdd.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Letter_writing_to_prisoners,_sitting_in_jail_for_hacking 2017-12-29T18:00:00+01:00 18:00 2:00 Komona Coral Reef self organized sessions workshop en TALEnet bidirectional Q&A (kathia) https://events.ccc.de/congress/2017/wiki/index.php/Session:TALEnet_bidirectional_QA 2017-12-29T16:00:00+01:00 16:00 2:00 Komona D.Ressrosa self organized sessions workshop en Workshop: Bookmaking, binding with glue or staples (Andorra) https://events.ccc.de/congress/2017/wiki/index.php/Session:Bookmaking,_binding_with_glue_or_staples 2017-12-29T12:00:00+01:00 12:00 1:30 Komona D.Ressrosa self organized sessions workshop hands-on en LEAP is a non-profit dedicated to giving all internet users access to secure communication. Our focus is on adapting encryption technology to make it easy to use and widely available. The LEAP Encryption Access project is dedicated to giving all Internet users access to secure communications. Our focus is on adapting encryption technology to make it easy to use and widely available. Not only end users deserve useable programs, the barriers to entry for aspiring service providers are pretty high. LEAP's goal is to transform the existing frustration and failure into an automated and straightforward process. This session will help you with any questions how to install an provider instance on one or more remote servers. Varac Meskio https://leap.se https://events.ccc.de/congress/2017/wiki/index.php/Projects:LEAP 2017-12-29T12:00:00+01:00 12:00 1:30 Komona D.Ressrosa self organized sessions hands-on en This session will help you with any questions how to install an provider instance on one or more remote servers. Varac https://leap.se https://events.ccc.de/congress/2017/wiki/index.php/Session:LEAP_Platform_for_VPN_and_email_providers 2017-12-29T18:00:00+01:00 18:00 2:00 Komona D.Ressrosa self organized sessions workshop de MASKIERTE GRUPPENDYNAMIK (Henk) https://events.ccc.de/congress/2017/wiki/index.php/Session:MASKIERTE_GRUPPENDYNAMIK 2017-12-29T20:00:00+01:00 20:00 2:00 Komona D.Ressrosa self organized sessions workshop de Warum D. Trump tickt wie er tickt (Oskar) https://events.ccc.de/congress/2017/wiki/index.php/Session:Warum_Trump_tickt_wie_er_tickt 2017-12-29T14:00:00+01:00 14:00 2:00 Komona D.Ressrosa self organized sessions workshop de Workshop: Wie produziere ich mein eigenes Hörspiel mit Hilfe von freeware & free sounds (Benni) https://events.ccc.de/congress/2017/wiki/index.php/Session:Wie_produziere_ich_mein_eigenes_H%C3%B6rspiel_mit_Hilfe_von_freeware_free_sounds 2017-12-29T16:00:00+01:00 16:00 1:30 Komona D.Ressrosa self organized sessions workshop en It is possible to create books with rather simple tools. In this workshop I will present how I bind books and what are important things to remember when doing so. Maybe we can share our experience with producing printed matter, and collect some qualities that books have. The Book or Booklet still is a great way to pass on knowledge or information. If requested the workshop will be held in english, otherwise in german. DEU: Schon mit einfachen Materialien lassen sich Bücher herstellen. Ich werde zeigen wie ich Bücher mit Klebebindung herstellen, und die Dinge ansprechen die es dabei zu beachten gibt. Vielleicht können wir unsere Erfahrungen über das Büchermachen austauschen. Bücher und Hefte sind nachwievor sehr praktische Mittel um Informationen oder Wissen zu teilen. Andorra https://events.ccc.de/congress/2017/wiki/index.php/Session:Workshop:_Bookmaking,_binding_with_glue_or_staples 2017-12-29T14:00:00+01:00 14:00 2:00 Komona Blue Princess Try out Delta Chat with us ... usable like Telegram, but decentralized and with open community self organized sessions workshop en Compl4xx Xeniax https://delta.chat/en/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Delta_Chat 2017-12-29T21:00:00+01:00 21:00 1:30 Komona Blue Princess Participatory performance self organized sessions other de Enter the world of techno-spirituality. Perceive your future in extended condition. Choose to learn about your future from a human (extended) or a machine (express). Komona Blue Princcess http://homepage-bbb.com https://events.ccc.de/congress/2017/wiki/index.php/Session:Express_and_Extended_Taro_Sessions_with_Binaural_Music 2017-12-29T16:00:00+01:00 16:00 6:00 Komona Blue Princess #SinsForLife self organized sessions hands-on #SinsForLife feiert alle SünderInnen, die sich mit Akten des Widerstands gegen die herrschende Zustände auflehnen. Mach mit und werde Teil unserer Enzyklopädie. https://twitter.com/SinsForLife https://events.ccc.de/congress/2017/wiki/index.php/Session:SINS_for_LIFE 2017-12-29T12:00:00+01:00 12:00 1:00 Kidspace Workshop self organized sessions game de Hi, wir wollen gemeinsam ein Spiel entwickeln. Genauer gesagt machen wir einen pen&paper mini "Game Jam". Hierbei finden sich normalerweise aus allen Disziplinen der Gamesbranche Beteiligte zusammen um in einem lockeren Umfeld Spiele/Spielideen zu entwickeln. Ich möchte dieses Konzept gerne mit Kindern umsetzen; ohne Computer ;0) Es geht um Grundlegende Spielmechanismen und deren Kreative Umsetzung. Ich freue mich auf viele motivierte Kinder ;o) Lydia https://events.ccc.de/congress/2017/wiki/index.php/Session:%22Pen%26Paper%22_Game_Jam 2017-12-29T16:00:00+01:00 16:00 1:00 Kidspace Workshop self organized sessions game de Hi, wir wollen gemeinsam ein Spiel entwickeln. Genauer gesagt machen wir einen pen&paper mini "Game Jam". Hierbei finden sich normalerweise aus allen Disziplinen der Gamesbranche Beteiligte zusammen um in einem lockeren Umfeld Spiele/Spielideen zu entwickeln. Ich möchte dieses Konzept gerne mit Kindern umsetzen; ohne Computer ;0) Es geht um Grundlegende Spielmechanismen und deren Kreative Umsetzung. Ich freue mich auf viele motivierte Kinder ;o) Lydia https://events.ccc.de/congress/2017/wiki/index.php/Session:%22Pen%26Paper%22_Game_Jam 2017-12-29T13:00:00+01:00 13:00 2:00 Kidspace Siebdruck für Kids self organized sessions hands-on Bring your own shirt - We bring the rocket Der @dondario bringt Siebdruck zum @C3Kidspace Rocket Drucken mit. Sagt ihr mal euren Eltern, dass sie euch dafür ein T-Shirt, Body oder Strampler einpacken. Alternativ gibt es in der Nähe des #34c3 aber auch Kinder-Klamotten zu kaufen. https://events.ccc.de/congress/2017/wiki/index.php/Session:Siebdruck 2017-12-29T12:45:00+01:00 12:45 00:45 Open Infra Stage 34c3-ffc-17-librerouter_demo Lessons learned developing open source hardware for the global south lecture en false Gui 2017-12-29T13:30:00+01:00 13:30 00:30 Open Infra Stage 34c3-ffc-45-hear_what_you_like_to_hear Hear what you like to hear is a citizen science project intitiated by myself as an hearing restricted person. In this session I want to introduce to our research approach and present the Open Master Hearing Aid on a Raspberry Pi 3. false Peggy 2017-12-29T14:00:00+01:00 14:00 01:00 Open Infra Stage 34c3-ffc-15-how_technologies_can_habe_a_social_and_humanitarian_impact lecture de false 2017-12-29T15:00:00+01:00 15:00 00:45 Open Infra Stage 34c3-ffc-13-an_in_depth_look_at_apt_signals lecture en false ar3itrary 2017-12-29T16:00:00+01:00 16:00 00:45 Open Infra Stage 34c3-ffc-12-in_elon_we_trust A look into NewSpace beyond SpaceX lecture en false VanillaChief 2017-12-29T17:00:00+01:00 17:00 00:15 Open Infra Stage 34c3-ffc-11-a_firmware_wizard_for_lede_openwrt_images lecture en false mwarning 2017-12-29T17:30:00+01:00 17:30 00:45 Open Infra Stage 34c3-ffc-10-can_helium-3_save_our_ass lecture en false TP1024 2017-12-29T18:30:00+01:00 18:30 01:00 Open Infra Stage 34c3-ffc-9-freifunk_google_summer_of_code_2017 lecture en Gabriel: Implementing Pop-Routing in OSPF Paul: Lede Attended Sysupgrade Arne: Extending LoxiGen and ONOS to enable SDN control of wireless switches via OpenFlow false Andi Bräu Paul Arne Gabriel 2017-12-29T19:30:00+01:00 19:30 00:30 Open Infra Stage 34c3-ffc-8-diy_networks_in_toronto lecture en false Ben Garry Udit 2017-12-29T20:15:00+01:00 20:15 00:30 Open Infra Stage 34c3-ffc-29-freifunk_video_portal lecture false Andi Bräu Collins 2017-12-29T21:00:00+01:00 21:00 00:30 Open Infra Stage 34c3-ffc-6-freiwurst Hier geht es um die Wurst! lecture de false Apex jab 2017-12-29T16:00:00+01:00 16:00 02:00 Meetup Domo 34c3-ffc-14-freifunk_edulabs_workshop workshop de Sprint (Lern-/Vortragsmaterial, Workshopformate) Wie kann freifunk in den Schulunterricht eingebunden werden? OER, Formate, Ideen false Markus Monic yanosz 2017-12-29T20:30:00+01:00 20:30 00:30 Meetup Domo 34c3-ffc-7-free_digital_territories Reisebericht über Freie Netzwerke in Brasilien lecture de false Peggy 2017-12-29T22:00:00+01:00 22:00 04:00 Meetup Domo 34c3-ffc-5-infra-drinkup other Please bring spirits/specialties from you area ... Local is the new social :) false 2017-12-29T13:30:00+01:00 13:30 02:30 Workshop Area 34c3-ffc-16-freifunk-openmppt_loten_soldering workshop false Elektra 2017-12-29T16:30:00+01:00 16:30 02:30 Workshop Area 34c3-ffc-42-soldering_your_spaceship Introduction to soldering techniques for space applications workshop en What do you do if you need soldering that survives the hich accelerations of a rocket launch and then 10 year in vacuum and zero-g? Take a look at soldering techniques used for high-reliability use cases and try some of them out yourself! false INCO 2017-12-29T19:00:00+01:00 19:00 3:00 Assembly:Anarchist self organized sessions meeting de Liquers for donation! Revo https://events.ccc.de/congress/2017/wiki/index.php/Session:A-NOC:_Handmade_Shots 2017-12-29T13:00:00+01:00 13:00 3:30 Assembly:HardwareHackingArea Day 3 self organized sessions workshop en ''Learn Arduino using TV-B-Gone as an example project''<br /> <br /> You've probably heard lots about '''Arduino'''. But if you don't know what it is, or how you can use it to do all sorts of cool things, then this fun and easy workshop is for you. As an example project, we'll be creating a '''TV-B-Gone''' remote control out of an '''Arduino''' you can take home with you.<br /> <br /> ''(This is one of many cool things happening throughout 34C3 in the huge '''Hardware Hacking Area!)'''''<br /> <br /> This workshop will be given twice<br />(both identical):<br /> &nbsp;&nbsp;&nbsp;Day 2: 28-Dec, 1pm - 4:30pm<br /> &nbsp;&nbsp;&nbsp;Day 3: 29-Dec, 1pm - 4:30pm<br /> Maltman23 http://cornfieldelectronics.com/cfe/projects/tvbg_arduino/tvbg_arduino_workshop.php https://events.ccc.de/congress/2017/wiki/index.php/Session:ArduinoForTotalNewbies 2017-12-29T17:30:00+01:00 17:30 2:30 Assembly:HardwareHackingArea Day 3 self organized sessions workshop en The Intro to Arduino shield is a simple kit which plugs into an Arduino Uno or similar. It includes a button, light sensor (LDR) and red green blue LED. The LED can be controlled as a digitial or an analog output, the button is a digitial input and the sensor is an analog input. Hammes Hacks http://hammeshacks.com/intro/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Intro_to_Arduino_Shield_Soldering_and_Programing 2017-12-29T11:00:00+01:00 11:00 12:59 Assembly:HardwareHackingArea Day 3 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2017/wiki/index.php/Session:LearnToSolder 2017-12-29T19:30:00+01:00 19:30 1:30 Assembly:HardwareHackingArea Day 3 Session 3 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-29T11:00:00+01:00 11:00 1:30 Assembly:HardwareHackingArea Day 3 Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-29T17:30:00+01:00 17:30 1:30 Assembly:HardwareHackingArea Day 3 Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-29T14:00:00+01:00 14:00 3:00 self organized sessions hands-on de Let's climb some walls! Tiefpunkt https://events.ccc.de/congress/2017/wiki/index.php/Session:Bouldering 2017-12-29T19:30:00+01:00 19:30 2:30 self organized sessions discussion en we're researching how we can fabricate integrated circuits ourself Ari https://events.ccc.de/congress/2017/wiki/index.php/Session:Chipmaking 2017-12-29T23:20:00+01:00 23:20 1:00 self organized sessions game Flunkyball on the third day. The Flunkyball team from Paderborn is playing again! ApolloLV http://upb-flunkyteam.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Flunkyball_Day_3 2017-12-29T20:00:00+01:00 20:00 3:00 self organized sessions other de A Karaoke Vehikel that drives around the congress in the evening. https://events.ccc.de/congress/2017/wiki/index.php/Session:Karaoke-Taxi 2017-12-30T00:30:00+01:00 00:30 0:30 self organized sessions other en Tired of egoshooters? Feeling the need for better graphics, realistic physics and surround sound? Join the big Nerf-Gun Battle at 34c3! Come around - bring your own device - get shot! https://events.ccc.de/congress/2017/wiki/index.php/Session:NerfgunBattle 2017-12-29T17:40:00+01:00 17:40 1:00 self organized sessions game de this session is about coming together to share your printed or self made sticker with same interest people. bring them: artistic ones, political ones, storytelling ones, yout tagsticker, your favorite sticker materials, whatever. how many? from 1 to endless items. exchange them with sticker loving people. whatever you want to bring in. alle die bock haben sollen ihre sticker zur session mitbringen. egal ob 1 oder 1000- bring mit. je nach nachfrage können wir uns noch einmal am 30.12. treffen. spot is da wo klassembly cornert. welche sticker denn? (fast) alle! -- künstlerisch, kritisch, politisch, whatever. oder eben dein altes stickerbuch von früher. damit deine sticker bald überall ausser nur daheim kleben. Lisi 0ne.raw https://events.ccc.de/congress/2017/wiki/index.php/Session:Sticker_meet_up 2017-12-29T22:00:00+01:00 22:00 1:30 self organized sessions hands-on de This is the seventh incarnation of the popular whisky evening. It's fairly simple: If you enjoy good whisky with nice people, or are planing to do so, join us. We'll have the virtual chimney fire going. Blackspear https://events.ccc.de/congress/2017/wiki/index.php/Session:Whisky 2017-12-29T14:00:00+01:00 14:00 1:00 Assembly:Dolphin Emulator self organized sessions game en Play wireless multiplayer games with us, especially Mario Kart. Also pull out your Switches while waiting for talks. If enough people are around you can find wireless Mario Kart multiplayer matches to join. Look out for neon JoyCons in the audience. If there is no host to join, host your own match https://events.ccc.de/congress/2017/wiki/index.php/Session:Bring_your_own_Nintendo_Switch 2017-12-29T14:00:00+01:00 14:00 1:00 Hive Conference Calliope Workshop 5 self organized sessions workshop de Kinder ab 8 Jahren sind herzlich willkommen ihre ersten Erfahrungen mit dem Programmieren zu machen. Wer an Tag 3 oder 4 noch Lust auf Calliope Workshops hat, der ruft einfach mal an: DECT: 8843 oder mobile: null eins sechs drei 362 534 0 DerMicha http://calliope.cc https://events.ccc.de/congress/2017/wiki/index.php/Session:Calliope_Workshops 2017-12-29T18:00:00+01:00 18:00 1:00 Hive Conference self organized sessions meeting de A game-changing app to detect malnutrition Muck https://childgrowthmonitor.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Child_Growth_Monitor_Meetup_Day_3 2017-12-29T15:00:00+01:00 15:00 1:00 Hive Conference Congress Maritime Hacker Meetup self organized sessions meeting en Maritime hackers meetup! Riot https://events.ccc.de/congress/2017/wiki/index.php/Session:Maritime_Hackers 2017-12-29T17:00:00+01:00 17:00 1:00 Hive Conference self organized sessions meeting en Meeting other users (and developers) of qutebrowser The Compiler https://www.qutebrowser.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Qutebrowser_meetup 2017-12-29T17:00:00+01:00 17:00 3:30 In front of main entrance (at the pond) Be critical, be massy. Tuwat für den Radverkehr! self organized sessions outside Be critical, be massy – #tuwat für den Radverkehr! Die Critical Mass Leipzig fährt jeden letzten Freitag im Monat auf einer kleinen Tour durch Leipzig. Bring dein Fahrrad mit oder leihe dir ein Nextbike aus und komme um 17 Uhr gemeinsam mit anderen Kongress-Teilnehmern in einer so genannten Mini-Mass zur CM Leipzig. Wir treffen uns auf dem neuen Messegelände zwischen dem Haupteingang und dem Messesee. https://criticalmass.in/leipzig/2017-12-29 https://events.ccc.de/congress/2017/wiki/index.php/Session:Critical_Mass_Leipzig 2017-12-29T16:00:00+01:00 16:00 1:00 Assembly:TeaHouse Full disk encryption on Virtual Private Servers self organized sessions talk en An explanation of the CryptOps project https://cryptops.com https://events.ccc.de/congress/2017/wiki/index.php/Session:CryptOps:_Moving_to_a_world_with_encrypted_VPSs_only 2017-12-29T18:00:00+01:00 18:00 0:30 Assembly:TeaHouse Discussion self organized sessions discussion en If you were interested in the talk low cost non invasive biomedical imaging, come and continue the discussion on medical physics and imaging technologies at this discussion session! https://events.ccc.de/congress/2017/wiki/index.php/Session:Open_Source_Biomedical_Imaging 2017-12-29T13:00:00+01:00 13:00 0:45 Assembly:TeaHouse The future of Digital Security education self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-29T14:30:00+01:00 14:30 1:00 Assembly:TeaHouse Fuck Off Google! "Google campus" out of Kreuzberg self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-29T16:00:00+01:00 16:00 1:00 Assembly:TeaHouse [https://events.ccc.de/congress/2017/wiki/index.php/Session:CryptOps:_Moving_to_a_world_with_encrypted_VPSs_only CryptOps: Moving to a world with encrypted VPSs only] self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-29T19:00:00+01:00 19:00 2:00 Assembly:TeaHouse Breaking Bad Crypto self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-29T17:00:00+01:00 17:00 1:00 CCL Hall 2 Studiogespräch self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-29T16:35:00+01:00 16:35 0:25 CCL Hall 2 Live-Beitrag in Forschung Aktuell self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-29T13:15:00+01:00 13:15 1:30 Esszimmer self organized sessions workshop de Digital Humanities research developed computational methods to attribute anonymous texts with Open Source tools. Participants will learn about the methodological foundations of authorship attribution, its possibilities and its limitations. They will then apply it hands-on to a sample text collection and / or own examples (you can bring your own text). No programing experience is required, having the R programming language installed previously would be helpful. Pielstroem https://hackmd.okfn.de/34c3-stylometrie?view https://events.ccc.de/congress/2017/wiki/index.php/Session:Deanonymization_and_Author_Recognition_with_Digital_Humanities-Tools 2017-12-29T15:00:00+01:00 15:00 0:45 Esszimmer self organized sessions meeting de Treffen aller bereits aktiven und zukünftigen Nutzer*innen von FragDenStaat - wir diskutieren Planungen des kommenden Jahres, kommende Informationsfreiheitsgesetze und, tada, die FragDenStaatApp! Arne http://FragDenStaat.de https://events.ccc.de/congress/2017/wiki/index.php/Session:FragDenStaat-User-Treffen 2017-12-29T16:00:00+01:00 16:00 0:45 Esszimmer Tag 3 self organized sessions de Für Kinder ab 10 Jahren, die gerne ihre eigenen let's Plays erstellen möchten! Maximal 4-6 Kids, ausser wir bekommen noch Helfer! Wir gehen davon aus das Kids ihr eigene Geräte mitbringen! Zur installation der Software (https://obsproject.com/) werden unter umständen kurz Eltern (Passort beauftragte) benötigt! Wir hatten Let's Plays für minecraft oder worldpainter geplant! Es gehen aber auch alle anderen bereits installierten Spiele. Ralf (CMS) Rupi https://events.ccc.de/congress/2017/wiki/index.php/Session:Howto_Let%27s_Play 2017-12-29T20:00:00+01:00 20:00 0:45 Esszimmer self organized sessions workshop en How does Wikidata work, and how can I access it? Internals, Data models, APIs. Brightbyte https://www.wikidata.org/wiki/Wikidata:Data_access https://events.ccc.de/congress/2017/wiki/index.php/Session:Infrastructure_of_Wikidata 2017-12-29T17:00:00+01:00 17:00 0:45 Esszimmer Day 3 self organized sessions en Wikidata is an open source knowledge base where volunteers from all around the world add and structure data to describe our complex reality, based on sources, just as Wikipedia. Discover how Wikidata works, how you can improve and reuse the data, how the community works and which tools they use. Auregann https://events.ccc.de/congress/2017/wiki/index.php/Session:Introduction_to_Wikidata 2017-12-29T12:00:00+01:00 12:00 0:50 Esszimmer self organized sessions meeting en You're working in a library and interested in digital education? You're wondering how to share hacking culture in libraries? Come to the meetup! Learn how to code with children, experiment electronics with Legos, create digital and free content in the library, empower the audience about digital rights, hack your library... many inspiring examples already exist. Auregann will open the discussion with a short presentations of projects that happened in French libraries over the last year, then we will be free to discuss any topic you would enjoy. Auregann https://events.ccc.de/congress/2017/wiki/index.php/Session:Meetup:_hack_your_library 2017-12-29T21:00:00+01:00 21:00 1:00 Esszimmer self organized sessions de Ein buntes Potpourri aus Kunst, Computer und Kuriositäten mit Bleeptrack und blinry. Lasst uns euch nerdsnipen! Bleeptrack Blinry https://events.ccc.de/congress/2017/wiki/index.php/Session:Operation_Mindfuck 2017-12-29T18:00:00+01:00 18:00 0:45 Esszimmer Day 3 self organized sessions workshop en Discover the powerful query tool of Wikidata! With a few lines of SPARQL, you can browse any information contained in Wikidata, create wonderful list such as the list of inventors killed by their own inventions, or the list of the biggest cities having female mayors. Build maps, graphs, and other datavisualizations based on open knowledge. Lucas Werkmeister https://query.wikidata.org https://tinyurl.com/wdqs-34c3-1 https://events.ccc.de/congress/2017/wiki/index.php/Session:Query_Wikidata_in_SPARQL 2017-12-29T19:00:00+01:00 19:00 0:45 Esszimmer self organized sessions hands-on en If you have an idea for a query using Wikidata but aren’t sure how to write it, or just want to hang out and discuss the Query Service with fellow-minded people, join us! Lucas Werkmeister https://events.ccc.de/congress/2017/wiki/index.php/Session:Request_a_query 2017-12-29T14:00:00+01:00 14:00 2:00 Assembly:Foodhackingbase self organized sessions hands-on cs You will learn how take care properly about our kombucha culture (mother/SCOBY) brewing lovely beverage of your own so you can continue to do that at home or your local hackerspace. https://foodhackingbase.org/wiki/Kombucha_is_easy_34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Kombucha_is_Easy 2017-12-29T19:00:00+01:00 19:00 1:30 Assembly:Foodhackingbase self organized sessions meeting cs Korean Healing Table is a social dining event which is prepared by people interested in the subject. https://foodhackingbase.org/wiki/Korean_healing_table_34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Korean_Healing_Table 2017-12-29T16:00:00+01:00 16:00 3:00 Assembly:Foodhackingbase self organized sessions hands-on cs Together we will prepare variety of Korean dishes resulting in a lovely dinner. https://foodhackingbase.org/wiki/Korean_healing_table_prep_34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:Food_Hacking:_Korean_healing_table_prep 2017-12-29T16:00:00+01:00 16:00 0:45 Assembly:Jugend hackt How to Let's Play /Makey-Makey self organized sessions workshop de Wir zeigen wie man mit freier Software ansprechende Let's Plays gestalten kann. In der Planung sind Let's Plays für Minecraft und dem Worldpainter für Minecraft Welten! Es gehen aber auch alle anderen bereits installierten Spiele, die gerne gespielt werden! Kinder ab 10 Jahren, die gerne ihre eigenen let's Plays erstellen möchten! Maximal 4-6 Kids, ausser wir bekommen noch Helfer! Wir gehen davon aus das Kids ihre eigene Geräte mitbringen! Bisher haben wir den Workshop immer auf Laptops geprobt! Die Software kann unter folgenden Quellen geladen und anschließend installiert werden: * Screenrecording Software https://obsproject.com/ (Linux,OSX und Windows) * Freie Bildbearbeitungssoftware https://www.gimp.org/ (Linux,OSX und Windows) '''Achtung!''' Für die Installation wird ein Administratorenpasswort des Rechners benötigt. Natürlich darf bei jeder Session auch begeistert zugesehen werden und wer kein adäquates Gerät dabei hat wird sicher auch einmal die Möglichkeit bekommen zu spielen! Die Anmeldung erfolgt vor Ort und falls die Zeit im Jugendhack Assembly abgelaufen ist finden wir mit Sicherheit noch eine ecke im Kidspace wo wir nach Lust und Laune weiter experimentieren können! Rupi Rhs 1 https://events.ccc.de/congress/2017/wiki/index.php/Session:How_to_Let%27s_Play 2017-12-29T13:15:00+01:00 13:15 1:45 Assembly:Free Software Foundation Europe self organized sessions workshop en Eal https://events.ccc.de/congress/2017/wiki/index.php/Session:Join_us_now_-_a_choir_to_perform_the_Free_Software_song 2017-12-29T17:00:00+01:00 17:00 1:00 Assembly:FOSSASIA self organized sessions discussion en Discuss how to use Nitrokey, GnuPG, email encryption, the Nitrokey device, roadmap. The meeting takes place in hall 2 in front of the Hall Inspector glass cabine. https://www.nitrokey.com/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Nitrokey_Q%26A 2017-12-29T18:18:00+01:00 18:18 2:00 Assembly:Kidspace self organized sessions workshop de postapokalyptische fidget spinner basteln aus alten kugellagern und (elektro)schrott. making postapocalyptic fidget spinner from old bearings and (electronic)scrap. upcycling workshop https://p0stap0calyptic.wordpress.com/fidgetspinnerworkshop/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Postapocalyptic_fidget_spinner_workshop 2017-12-29T19:00:00+01:00 19:00 0:30 Assembly:Physikfachschaft Rostock qRNGesus self organized sessions de Short presentation of my Bachelor project about a quantum random number generator by homodyne measurement of the quadratures of the lowest energy vacuum state. Kaminazuki https://events.ccc.de/congress/2017/wiki/index.php/Session:QRNG_-_More_Random_than_Pinkie_Pie 2017-12-29T15:00:00+01:00 15:00 0:20 Assembly:Physikfachschaft Rostock self organized sessions talk de Was ist eine Schauvorlesung, was ist sie bei uns? Was soll das? Kröte https://events.ccc.de/congress/2017/wiki/index.php/Session:Schauvorlesung_Physik 2017-12-29T16:00:00+01:00 16:00 1:00 Assembly:CCC-CH (Or whenever I am around) self organized sessions meeting de Small demos of small Tesla Coils that create small lightnings and plasma flames. Ceemos https://events.ccc.de/congress/2017/wiki/index.php/Session:Real_Life_Magic:_Tesla_Coils 2017-12-29T16:00:00+01:00 16:00 4:00 Komona BIKINI self organized sessions workshop en #SinsForLife feiert alle SünderInnen, die sich mit Akten des Widerstands gegen die herrschende Zustände auflehnen. Mach mit und besuche uns am 29.12.2017 von 16-22h im BIKINI/Blue Princess von Komona. https://events.ccc.de/congress/2017/wiki/index.php/Session:SinsForHumanity 2017-12-29T22:00:00+01:00 22:00 2:00 Assembly:Milliways self organized sessions meeting en Bring whiskey to participate Mc.fly https://events.ccc.de/congress/2017/wiki/index.php/Session:Whiskeyleaks 2017-12-30T11:30:00+01:00 11:30 00:30 Saal Adams 34c3-9031-mietshausersyndikat_den_immobilienmarkt_hacken Wie man ein Haus kaufen kann ohne es zu besitzen Resilience lecture de Das Mietshäusersyndikat ist eine nicht-kommerzielle Kooperative mit dem Ziel, Bereiche von selbstorganisiertem Wohnen zu schaffen, ohne selbst Vermieter zu werden. Wohnverhältnisse sind meist von Privatbesitz geprägt: die Eigentuemer wollen ihre Immobilien gewinnbringend vermieten. Diejenigen, die mieten, sind stark abhängig: die Mieten können in die Höhe getrieben werden und wer nicht zahlen kann, fliegt raus. Um diese Struktur zu konterkarieren, hat sich das Mietshäusersyndikat entwickelt. Hier sind Hausprojekte lose organisiert, deren Häuser nicht in Privathand sind und damit die erwähnten Abhängigkeiten wegfallen. Aber wie ist das bei dem heutigen Immobilienmarkt möglich? Häuser nicht im Privateigentum und nicht mit dem Ziel, Gewinn zu erwirtschaften? Das Statut von 1992 vom Mietshäusersyndikat benennt das Ziel„die Entstehung neuer selbstorganisierter Hausprojekte zu unterstützen und politisch durchzusetzen: Menschenwürdiger Wohnraum, das Dach überm Kopf, für alle.“ Häuser, die von Projektgruppen aus dem Mietshäusersyndikat heraus gekauft werden, sollen für Menschen da sein, nicht für den Profit, und sollen auch nie wieder in den Immobilienmarkt zurück gehen. Inzwischen umfasst das Mietshäusersyndikats-Netzwerk mehr als 125 Häuser, die bei niemandem im Privatbesitz sind und die von den Bewohnenden selbst verwaltet werden. Sobald eine Gruppe von Menschen, die zusammen wohnen wollen, eine Immobilie gefunden haben, können sie sich Beratung beim Mietshäusersyndikat holen und gemeinsam wird geschaut, wie das Haus vom Immobilienmarkt genommen und wie umgesetzt wird, dass Keiner/m das Haus gehört und auch nicht wieder Privateigentum werden wird. Wie genau das ganze funktionieren kann, wird im Vortrag mit anschließender Diskussion erläutert. CC BY 4.0 false Anita Hopes Mietshäusersyndikat Homepage /system/events/logos/000/008/714/large/fragdenstaat_square.png?1511170446 2017-12-30T12:15:00+01:00 12:15 00:30 Saal Adams 34c3-8714-schreibtisch-hooligans Informationsfreiheit trotz CSU Ethics, Society & Politics lecture de Wie umgehen mit politischer Ohnmacht? Das Informationsfreiheitsgesetz bietet einige Ansätze: Es macht es auch für juristische Laien möglich, gegen Behörden vorzugehen, die das Recht brechen. Wir kämpfen gegen die Ohnmacht: Dieses Jahr haben wir alle Gesetzentwürfe aller Bundesministerien und Lobby-Stellungnahmen dazu befreit. Wir haben uns mit der Berliner Partypolizei angelegt - prost! - und 13 Behörden verklagt, darunter die Polizei Köln, das Innenministerium und das Verteidigungsministerium. Und wir haben einen Weg gefunden, zwei Behörden zu verklagen, die eigentlich sonst keine Auskunft geben ... CC BY 4.0 false Arne Semsrott /system/events/logos/000/008/831/large/blare-big.png?1507559296 2017-12-30T13:00:00+01:00 13:00 00:30 Saal Adams 34c3-8831-trustzone_is_not_enough Hijacking debug components for embedded security Security lecture en This talk deals with embedded systems security and ARM processors architecture. Most of us know that we can perform security with the ARM TrustZone framework. I will show that most ARM processors include debug components (aka CoreSight components) that can be used to create efficient security mechanisms. Embedded security is still a hot topic. For several years, ARM have proposed its TrustZone framework. With some colleagues, we have studied how we could use debug components available in most ARM processors to create security mechanisms targeting a wide range of attacks (buffer overflows, ROPs…) with minimal performance overheads. We use CoreSight debug components in with a technique called dynamic information flow tracking (aka DIFT) which allow us to monitor the execution of an application at runtime. Compared to existing works, we show that there’s no need to modify the main processor (existing binaries will be compatible!). Furthermore, we used a coprocessor implemented in reconfigurable logic (FPGA chip) to speedup the DIFT process. This ARM/FPGA combo is up to 90% faster than related techniques in terms of instrumentation time. Furthermore, as the ARM CPU has not been modified (while existing works do modify it…), the final user doesn’t have to recompile all his/her programs to be compatible with our approach. We will also show a few clues to indicate how we could target multi-threaded/multi-processor architectures as it is the case of most embedded systems by now. CC BY 4.0 false Pascal Cotret main.pdf /system/events/logos/000/008/961/large/Tractor_Starlit_Sky.jpg?1507988065 2017-12-30T13:45:00+01:00 13:45 00:30 Saal Adams 34c3-8961-0en_1en_auf_dem_acker Was die Sensor & Automatisierungstechnik in der Landwirtschaft heute schon leisten kann – Ein Einblick Science lecture de Die Dynamik der globalen Agrarmärkte hat sich in den letzten Jahren verstärkt und birgt neue Herausforderungen für die Landwirte. Hoffnungsträger sind ähnlich wie in anderen Branchen auch Sensor- & Datenverarbeitungstechnik sowie das Internet: Produktionsprozesse steuern sich selbst, Anhänger werden halbautomatisch mittels Bilderkennung beladen, Maschinen kommunizieren mittels Maschinen und Fahrzeuge steuern sich weitestgehend schon jetzt autonom. Die Dynamik der globalen Agrarmärkte hat sich in den letzten Jahren verstärkt und birgt neue Herausforderungen für die Landwirte. Ebenso ändert sich das vielfach verbreitete Berufsbild des Landwirts oder des Bauers zunehmend hin zu einem landwirtschaftlichen Unternehmer, der das komplette Spektrum des aktuellen Standes des Technik einzusetzen vermag. Themen wie Ressourcenknappheit, Veränderungen im Klima sowie die weltweit steigende Nachfrage nach Nahrungsmitteln und nachwachsenden Rohstoffen zwingen dabei auch in Deutschland die Bauern bzw. landwirtschaftlichen Unternehmer über neue Strategien und Arbeitstechniken nachzudenken um Produktivität und Effizienz zu steigern. Die rasante Entwicklung in der Sensor- & Datenverarbeitungstechnik in Verbindung mit dem Internet ist dabei einer der Schlüssel der helfen kann den aktuellen Herausforderungen der Landwirtschaft zu begegnen. Dabei sind – ohne dass ein Großteil der Bevölkerung dies vermuten würde – gerade in der Landwirtschaft und dem landwirtschaftlichen kommunalen Dienstleistungssektor große Fortschritte in Arbeitsabläufen und Arbeitserledigungen vollzogen worden. Es darf dabei – gänzlich modern & smart von Landwirtschaft 4.0 gesprochen werden: Produktionsprozesse steuern sich selbst, Anhänger werden halbautomatisch mittels Bilderkennung beladen, Maschinen kommunizieren mittels Maschinen und Fahrzeuge steuern sich weitestgehend schon jetzt autonom. CC BY 4.0 false Fritz - Dietrich Burghardt Lecture-Abstract Vortrags_Slides_final /system/events/logos/000/009/172/large/logo.png?1508099921 2017-12-30T14:30:00+01:00 14:30 00:30 Saal Adams 34c3-9172-fuck_dutch_mass-surveillance_let_s_have_a_referendum Forcing the Netherlands to publicly debate privacy and the intelligence agencies Ethics, Society & Politics lecture en Dutch intelligence agencies will soon be allowed to analyse bulk data of civilians on a massive scale, by intercepting internet traffic and through real-time access to all kinds of databases. They will also start hacking third-parties. My friends and I want to stop this. We started an action to enforce a referendum on the law. Surprisingly, it worked! How do we get most out of this opportunity? In this talk I will discuss what the new spying law means for the Netherlands, how we campaigned to get 400k+ signatures, and the future course of the debate and campaign for the referendum (which is due in March). Finally, I would like to do a call to action, nationally and internationally. The main concerns about the law are: the allowance of untargeted interception on a potentially massive scale. (Which the AIVD is framing as not being mass-surveillance, you judge for yourself.) This sparked an outcry from human rights activists, journalists, doctors, and others. Also, the hacking of third-parties is very uncool and has not yet been the subject of a strong public debate. Both edges of the political spectrum are supporting the initiative, which shows how the erosion of privacy affects us all. Thus, our campaign tries to reach out to everyone. Now that the privacy debate is mainstream and #woke again, Team-Intelligence-Agencies is showing their teeth. But we’re biting back, even though we realize that we are five kids (and back-up) fighting something way bigger than ourselves. This means that we really need your support! You can help on so many levels that I won’t write them down, so I guess you should come see this talk. CC BY 4.0 false niinja English background article Our site /system/events/logos/000/008/740/large/snet.png?1510930869 2017-12-30T15:15:00+01:00 15:15 01:00 Saal Adams 34c3-8740-the_internet_in_cuba_a_story_of_community_resilience Get a unique tour of some of the world’s most unusual networks, led by a Cuban hacker Resilience lecture en Internet access in Cuba is notoriously restrictive. ETECSA, the government-run teleco, offers 60 wireless hotspots in parks and hotels, allowing foreigners and citizens alike to "visit" the Internet for only $1/hour… That’s what most tourists know about the Internet in Cuba, but of course, that can't be the whole story! In this talk, we'll take a deeper look at what life is like for Cuban hackers, and we’ll get to tour a vibrant set of community-driven networks that typical tourists never see. The story that emerges is an inspiring view of what communities can (and can’t) accomplish in the face of adversity. Internet access in Cuba is a study in resilience. By the official numbers, the island seems hopelessly disconnected: Cuba ranked last in the Americas in the ITU’s 2016 ICT development index, having only 5.6% household Internet penetration, and international bandwidth per user measures a mere 572 bits/s. Yet Cubans have developed a number of bottom-up, community-oriented responses to these limitations. This talk will focus on three indigenous networks that aren't seen by the typical tourist. These include “El Paquete”, a sneaker-net distribution of media files that’s passed around the country on USB sticks and hard drives, and which may be Cuba’s largest source of private employment. There is also the Cuban educational network, which connects more than 20 higher education institutions around the country. Perhaps most unusual is Havana’s “Street Network”, or SNET, a vast unsanctioned IP network, constructed by volunteers using salvaged equipment. Though entirely isolated from the Internet, the SNET connects over 50,000 residential users across the capital city, and it’s home to a vibrant community and hundreds of websites. In describing these three systems, we'll draw lessons about what is necessary for network communities to survive and thrive in the island’s challenging environment, including places where flexibility and compromise have been essential. Cuba presents a highly unusual regulatory and technological environment, and the approaches that have succeeded there are both inspiring and demonstrative of what communities can (and can't) accomplish through organic, distributed networks. CC BY 4.0 false Will Scott kopek 2017-12-30T16:30:00+01:00 16:30 01:00 Saal Adams 34c3-8888-security_nightmares_0x12 CCC lecture de Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2018 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen. false frank Ron /system/events/logos/000/009/293/large/171122_34C3_Logotype_Plus.png?1512980841 2017-12-30T17:30:00+01:00 17:30 00:45 Saal Adams 34c3-9293-abschluss #tuwat CCC lecture de DE: Damit wir als Komputerfrieks nicht länger unkoordiniert vor uns hinwuseln, tun wir wat und treffen uns! EN: To keep us computer freaks from puttering about aimlessly any longer, we’re doin’ somethin’ and will meet! false sva tuwat.txt (die Einladung) tuwat.txt (das Protokoll, PDF) /system/events/logos/000/009/258/large/tuwat_lt.png?1513277604 2017-12-30T11:30:00+01:00 11:30 02:00 Saal Borg 34c3-9258-lightning_talks_day_4 CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit the Lightning Talks Wikipage at <a href="https://events.ccc.de/congress/2017/wiki/index.php/Static:Lightning_Talks">https://events.ccc.de/congress/2017/wiki/index.php/Static:Lightning_Talks</a> CC BY 4.0 false gedsic bigalex /system/events/logos/000/008/937/large/briar_logo_circle.gif?1507923487 2017-12-30T13:45:00+01:00 13:45 00:30 Saal Borg 34c3-8937-briar Resilient P2P Messaging for Everyone Resilience lecture en Briar is a peer-to-peer messaging app that is resistant to censorship and works even without internet access. The app encrypts all data end-to-end and also hides metadata by utilizing Tor onion services. Around the world communication is increasingly monitored and restricted. If communication can not be eavesdropped on, it is often blocked entirely. Less advanced states even block the entire internet nation-wide. We need to develop tools that are more resilient to these threats. Communication and expression needs to be free. Censorship should not be possible. Even if the internet was taken down, people should still be able to communicate. This presentation will introduce Briar a resilient messaging app. Its goal is to enable people in any country to create safe spaces where they can debate any topic, plan events, and organize social movements. Briar does not rely on servers. It connects people directly peer-to-peer and does not care how data is exchanged. Currently, it has plugins for Bluetooth, WiFi and Tor. The latter is used for long-distance communication over the internet and is supposed to not leak metadata. Briar aims to be secure and easy to use at the same time. An Android app is currently in beta. Support for other platforms is planned. Since Briar works peer-to-peer, there is no single universal truth in it. Each group of people might have a different view on the available data depending on their connectivity. This opens up some interesting technical and usability problems that you do not encounter in centralized systems where the server is the authority. CC BY 4.0 false Torsten Grote Briar Homepage 2017-12-30T14:30:00+01:00 14:30 00:30 Saal Borg 34c3-9295-privacy_shield_-_lipstick_on_a_pig Ethics, Society & Politics lecture en In 2015 the Court of Justice of the European Union (CJEU) has overturned the EU-US data sharing system called „Safe Harbor“ over US mass surveillance, as disclosed by Edward Snowden. Only months later the European Commission agreed with the US government to replace it with the so-called “Privacy Shield”, despite the existence of PRISM and Upstream surveillance. Why the new deal is nothing but the old “Safe Harbor”, what we can learn for the documents exchanged between the EU and the US and why it will very likely be overturned as soon as it reached the CJEU again. false Max Schrems 2017-12-30T15:15:00+01:00 15:15 01:00 Saal Borg 34c3-8911-34c3_infrastructure_review How does the CCC run a conference? CCC lecture en In this traditional lecture, various teams provide an inside look at how this Congress‘ infrastructure was planned and built. You’ll learn what worked and what went wrong, and some of the talks may even contain facts! Also, the NOC promises to try and not have the network fail in the middle of the NOC presentation this time. CC BY 4.0 false Leon /system/events/logos/000/009/281/large/elahi_tt_screenshot_sf.jpg?1512696796 2017-12-30T16:30:00+01:00 16:30 01:00 Saal Borg 34c3-9281-tracking_transience Art & Culture lecture en Hasan Elahi is an interdisciplinary artist working with issues in surveillance, privacy, migration, citizenship, technology, and the challenges of borders. An erroneous tip called into law enforcement authorities in 2002 subjected Elahi to an intensive investigation by the FBI and after undergoing months of interrogations, he was finally cleared of suspicions. After this harrowing experience, Elahi conceived “Tracking Transience” and opened just about every aspect of his life to the public. Predating the NSA’s PRISM surveillance program by half a decade, the project questions the consequences of living under constant surveillance and continuously generates databases of imag- ery that tracks the artist and his points of transit in real-time. Although initially created for his FBI agent, the public can also monitor the artist’s communication records, banking transactions, and transportation logs along with various intelligence and government agencies who have been confirmed visiting his website. false Hasan Elahi Hasan Elahi /system/events/logos/000/008/853/large/5812589_%282%29.png?1507697853 2017-12-30T11:30:00+01:00 11:30 00:30 Saal Clarke 34c3-8853-international_image_interoperability_framework_iiif_kulturinstitutionen_schaffen_interoperable_schnittstellen_fur_digitalisiertes_kulturgut Science lecture de Neue Standards wie IIIF (http://iiif.io) ermöglichen es, digitalisiertes Kulturgut (Gemälde, Bücher, Handschriften, Fotografien, Karten u.s.w.) interoperabel und maschinenlesbar verfügbar zu machen. Darauf aufsetzend können nicht nur ansehnliche Präsentationen erstellt werden, insbesondere ermöglicht IIIF es, institutionsübergreifend Daten verknüpfbar zu machen und virtuelle Arbeitsoberflächen einrichtungsunabhängig zu realisieren. Dem Linked Data Prinzip folgend, sind alle Daten standardisiert identifizierbar und nutzbar. Es existieren bereits viele leistungsfähige Open Source Anwendungen für IIIF. Der Talk führt in IIIF ein und zeigt viele anschauliche Beispiele, die bedeutende Werke aus namhaften Einrichtungen weltweit enthalten. Die freie Verfügbarkeit bildbasierter Dokumente ist von grundlegender Bedeutung für die Verbreitung kulturellen Wissens sowie für Forschung und Lehre. Digitalisate historischer Gemälde, Zeichnungen, Bücher, Zeitschriften, Handschriften, Karten, Schriftrollen, Fotografien und Archivmaterialien online bereitzustellen, macht es möglich, deren Inhalte ortsunabhängig und bei optimalem Schutz der physisch empfindlichen Originale großen Nutzerkreisen zur Verfügung zu stellen. Dies wird durch neue Standards wie IIIF nun auch maschinenlesbar möglich. War bis vor wenigen Jahren die Betrachtung dieser Werke nur auf isolierten, institutionellen Websites möglich, so beschäftigt sich seit 2011 eine wachsende internationale Gemeinschaft von Forschungsbibliotheken, Museen und Archiven mit der Konzeption und Standardisierung einer interoperablen Technologie zur institutionsübergreifenden Bereitstellung von Digitalisaten im Internet unter der Bezeichnung International Image Interoperability Framework (IIIF, http://iiif.io). Aufgrund seiner starken Orientierung an Linked Open Data und der interoperablen Bereitstellung aller Ressourcen über HTTP ist es mit IIIF möglich, Daten zu verknüpfen und virtuelle Arbeitsumgebungen zu realisieren, die Digitalisate von Servern unterschiedlicher Einrichtungen unter einer Oberfläche vereinen. So ist es beispielsweise möglich, Werke, die sich an völlig unterschiedlichen Orten weltweit befinden, in einer IIIF-basierten Oberfläche virtuell nebeneinander zu legen, sie zu betrachten und mit ihnen zu arbeiten. Dabei ermöglicht IIIF auch das Anlegen und Weitergeben von Annotationen, die ebenfalls nach dem Prinzip von Linked Data modelliert sind. IIIF kann die Grundlage für institutionsübergreifende wissenschaftliche Arbeitsumgebungen sein. Der Talk soll in IIIF allgemein einführen, sowie konkrete Datenquellen und Anwendungen vorstellen. Der Talk wird viele anschauliche Beispiele enthalten, die Werke von internationaler Bedeutung einbeziehen. Zugleich will der Talk auch einladen, an der Weiterentwicklung dieser neuen Standards und Technologien mitzuwirken, sowie IIIF-kompatible Open Source Anwendungen zu entwerfen oder weiterzuentwickeln. Leander Seige ist Bereichsleiter für Digitale Dienste der Universitätsbibliothek Leipzig, hat dort, neben vielen anderen Open Source-basierten IT-Infrastrukturprojekten, auch IIIF als neue Standardtechnologie zur Bereitstellung von Digitalisaten eingeführt. Die Universitätsbibliothek Leipzig bewahrt eine der größten Altbestandssammlungen in Deutschland mit einem breiten Spektrum historischer Materialien, die nach und nach per IIIF bereitgestellt werden, bevorzugt unter CC0. Leander Seige engagiert sich darin, IIIF auch in Kooperationsprojekten mit anderen Einrichtungen zu etablieren. Privat betreibt Leander Seige einen Server, der frei verfügbare Digitalisate von Gemälden, Zeichnungen und anderen Kunstwerken dem IIIF-Standard entsprechend aufbereitet und anbietet. CC BY 4.0 false Leander Seige http://iiif.io/ IIIF Slides 34C3 Leander Seige /system/events/logos/000/009/014/large/Darwin_Tree_1837.png?1508037129 2017-12-30T12:15:00+01:00 12:15 00:30 Saal Clarke 34c3-9014-whwp Walter Höllerer bei WikiPedia Science lecture de Vorstellung der Dissertation "WHWP - Walter Höllerer bei WikiPedia". Es wurde ein einzelner Artikel in der deutschen WikiPedia untersucht. Es wird dargestellt, welchen Einfluss die beteiligten Autoren auf die Qualität des WikiPedia-Artikels über Walter Höllerer hatten und weiterhin haben. Dafür wurden 113 Veränderungen durch 89 Autoren einzeln untersucht und bezüglich ihrer Relevanz bewertet. Es wurden auch die Entwicklungen berücksichtigt, die seit der französischen Encyclopédie zur Online-Enzyklopädie WikiPedia geführt haben. Daraus ist eine bisher einzigartige Arbeit über die Produktion von Wissen und Wissenssammlungen entstanden. Die Dissertation "WHWP - Walter Höllerer bei WikiPedia" ist eine medienwissenschaftliche Untersuchung. Es wurden sprachwissenschaftliche Methoden zur Untersuchung eines enzyklopädischen Artikels in der deutschsprachigen Online-Enzyklopädie WikiPedia angewandt. Besonders interessant ist diese Arbeit, weil ein ausführlicher und für den WikiPedia-Artikel über Walter Höllerer umfassender Blick hinter die Kulissen der WikiPedia-Inszenierung gezeigt wird. Jede einzelne Veränderung des Artikels wurde dokumentiert und bewertet. Die beteiligten Autoren wurden an ihren Aktivitäten erkannt und durch weitere, online verfügbare Informationen individuell charakterisiert. Walter Höllerer war ein deutscher Literaturwissenschaftler, Professor an der TU-Berlin, Mitglied der Gruppe 47, Gründer des Literarischen Colloquium Berlin und der Sprach- / Literaturzeitschriften "Sprache im technischen Zeitalter" und "Akzente". Die Arbeit zeigt deutlich, wie einfach es ist, durch öffentlich verfügbare Daten Aktivitätsmuster zu erkennen und damit Aussagen über die Relevanz der Aktivitäten verschiedener WikiPedia-Autoren machen zu können. Die Arbeit ist in einem allgemeinverständlichen Stil angefertigt. Es gibt viele Tabellen und Grafiken, damit Leser-Innen die Vorgehensweise nachvollziehen und sämtliche Fundstücke selbst recherchieren können. Im Laufe der acht Jahre dauernden Recherchen für diese Arbeit wurden im Backstagebereich der WikiPedia einige Überraschungen gefunden und ein paar Mythen entzaubert. CC BY 4.0 false friederb WHWP - Walter Höllerer bei WikiPedia /system/events/logos/000/009/202/large/matteo-michel4_small.jpg?1514625585 2017-12-30T13:00:00+01:00 13:00 00:30 Saal Clarke 34c3-9202-openpower_-_the_current_state_of_commercial_openness_in_cpu_development is there no such thing as open hardware? Hardware & Making lecture en How does developing future processors with yesterdays capabilities work out today? CPU development is something out of focus these days. In this lecture I would like to show the state-of-the-art processor development flow of POWER processors from the first initial ideas to post-silicon testing. Apart from x86 Intel products there have been initiatives across the hardware industry to form some alternative business model. I would like to show if and how this compares to real open principals. This talk should first give a brief overview of how processor development is done these days and which steps are required to get to working products at the end of the day, what is needed from a technical perspective, how many people are involved during the process and which process steps are required. Second it should show which requirements are out there for server/cloud products and their customers. Third it should address why there is this openPOWER initiative and what it all means in regards to hardware development. It should show more detailed information the ideas behind this group of different hardware suppliers and universities. It will definitely not end up in an promotional talk but more look behind the curtains how open this format really is and if it can be used by real people at the end or if it only applies to commercial entities. CC BY 4.0 false Matteo Michel file /system/events/logos/000/009/286/large/iRD.png?1511860063 2017-12-30T13:45:00+01:00 13:45 00:30 Saal Clarke 34c3-9286-institutions_for_resolution_disputes Rosa Menkman investigates video compression, feedback, and glitches Art & Culture lecture en The institutions of Resolution Disputes [iRD] call attention to media resolutions. While a ’resolution’ generally simply refers to a standard (measurement) embedded in the technological domain, the iRD reflect on the fact that a resolution is indeed a settlement (solution), but at the same time a space of compromise between different actors (objects, materialities and protocols) who dispute their stakes (framerate, number of pixels etc.) within the growing digital territories. Rosa Menkman is a Dutch artist, curator and researcher. In 2011 Menkman wrote the Glitch Moment/um, a little book on the exploitation and popularization of glitch artifacts (published by the Institute of Network Cultures), co-facilitated the GLI.TC/H festivals in both Chicago and Amsterdam and curated the Aesthetics symposium of Transmediale 2012. false Rosa Menkman http://beyondresolution.info 2017-12-30T14:30:00+01:00 14:30 00:30 Saal Clarke 34c3-9087-organisational_structures_for_sustainable_free_software_development Resilience lecture en What kind of organisational structures exist for free software projects? What funding sources? How can you avoid pitfalls with funding, support volunteers, and stay a happy family? We will look at various options for structuring projects on an organisational level, the protections (and dangers) of legal entities, and the difficulties of meeting the expectations of financial backers while keeping the volunteers and the community alive. Moritz will draw from his experience with dozens of Free Software projects and funding sources, both from the perspective of a funder and as recipient of grants, contracts and donations. CC BY 4.0 false mo torservers.net Renewable Freedom Foundation Center for the Cultivation of Technology Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure / Nadia Eghbal Nadia Eghbal: Rebuilding The Cathedral (Strangeloop Conference) The Lemonade Stand: guide to financial support for open source Jono Bacon: Art of Community Ubuntu Wiki: Building Community ZDNet: Launch of the Core Infrastructure Initiative Next Generation Internet: ICT-24 February 2017: Three new FOSS umbrella organizations in Europe Choose a Foundation The Commons Conservancy Frederic Laloux: Reinventing Organizations Wiki CoBudget OpenCollective Steve McConnell: Software Estimation Paul Graham: Maker's Schedule, Manager's Schedule Joel Spolsky: Human Task Switches Considered Harmful Donaella Maedows: Thinking in Systems David Callahan: The Givers Mancur Olson: The Logic of Collective Action 2017-12-30T15:15:00+01:00 15:15 01:00 Saal Clarke 34c3-9085-uncertain_concern How Undocumented Immigrants in the US Navigate Technology Ethics, Society & Politics lecture en Over 11 million undocumented immigrants live in the United States today. Immediately after taking office, the Trump administration issued two executive orders pumping resources into border and immigration enforcement agencies, heightening fears of deportation, harassment, and family separation among immigrant communities. In the following months reports emerged of increased immigration enforcement activity and hints about the deployment of new high-tech methods by the immigration enforcement agency. I will discuss the current state of immigration enforcement in the US and associated surveillance capabilities, the results of a study with undocumented immigrants about their technology practices, and the takeaways for the technology and privacy community in supporting communities of heightened risk. In this talk, I will first discuss the current state of immigration enforcement in the United States, including recent immigration policy changes, known surveillance capabilities of enforcement agencies, and recent efforts by these agencies that hint at an expansion of technical sophistication. I will then discuss lessons and insights from a series of interviews we conducted with undocumented immigrants and immigrant rights organizations about this community’s technology practices, risk awareness, and security and privacy behavior online. We find that in the face of acute risk of detention, harassment, and deportation, this community is well-versed in managing risks offline. Their most common strategies for managing risk online—self-censorship and controlling access to spaces—are largely the same techniques used in the physical world. However, the immigrants we interviewed are extremely uncertain about the effectiveness of their defenses against adversaries online, which are typically conceptualized as nebulous and all-knowing. We find that managing privacy and immigration status disclosure, a responsibility that rests not only with individuals but in communities, is more complex online. This is in part due to a diminishing sense of control online over where and how information is exposed. Furthermore, this community places a surprising amount of trust in the platforms that host their community spaces, which exposes a potentially dangerous gap in understanding about information collection and use by companies. Based on our findings, I will discuss what technologists, security tool developers, and activists should be aware of in order to more effectively support communities of heightened risk in protecting themselves online. CC BY 4.0 false Allison McDonald 2017-12-30T16:30:00+01:00 16:30 01:00 Saal Clarke 34c3-8848-type_confusion_discovery_abuse_and_protection Security lecture en Type confusion, often combined with use-after-free, is the main attack vector to compromise modern C++ software like browsers or virtual machines. Typecasting is a core principle that enables modularity in C++. For performance, most typecasts are only checked statically, i.e., the check only tests if a cast is allowed for the given type hierarchy, ignoring the actual runtime type of the object. Using an object of an incompatible base type instead of a derived type results in type confusion. Attackers have been abusing such type confusion issues to compromise popular software products including Adobe Flash, PHP, Google Chrome, or Firefox, raising critical security concerns. We discuss the details of this vulnerability type and how such vulnerabilities relate to memory corruption. Based on an LLVM-based sanitizer that we developed, we will show how to discover such vulnerabilities in large software through fuzzing and how to protect yourself against this class of bugs. C++ is popular in large software projects that require both the modularity of object-oriented programming and the high efficiency offered by low-level access to memory and system intrinsics. Examples of such software are Google Chrome, Microsoft Windows, Mozilla Firefox, or Oracle's JVM. Unfortunately, C++ enforces neither type nor memory safety. This lack of safety leads to type confusion vulnerabilities that can be abused to attack programs. Type confusion arises when the program interprets an object of one type as an object of a different type due to unsafe typecasting, leading to reinterpretation of memory areas in different contexts. For instance, a program may cast an instance of a parent class to a descendant class, even though this is not safe if the parent class lacks some of the fields or virtual functions of the descendant class. When the program subsequently uses these fields or functions, it may use data, say, as a regular field in one context and as a virtual function table (vtable) pointer in another. Exploitable type confusion bugs have been found in a wide range of software products, such as Adobe Flash (CVE-2015-3077), Microsoft Internet Explorer (CVE-2015-6184), PHP (CVE-2016-3185), and Google Chrome (CVE-2013-0912). According to Microsoft, type confusion is the 4th most common vulnerability type in their bug bounty program (after use-after-free, memory corruption, and heap out-of-bounds read) with the majority of type confusion bugs also fitting into one of the earlier categories. We have developed an extension to the Clang/LLVM compiler that detects type-confusion bugs with low overhead and high coverage. Our prototype consists of two parts: an object tracing facility and typecasting verification. Such an enforcement mechanism is useful as a runtime monitor and online defense mechanism to protect applications against attacks. In a development setting, the mechanism can be combined with a fuzzing framework to detect type confusion before the underlying memory corruption triggers. In this talk we will first discuss how type safety protects against type confusion-based attacks. We will then introduce our prototype implementation and show how it actively defeats realistic attacks. Finally, we show how to leverage type safety in a fuzzing framework to find security vulnerabilities faster. We will release all components as open-source. We introduce the concept of a type sanitizer that checks all casts in an application (replacing static casts with fully explicit runtime checks) and show how we have developed a low-overhead framework for these checks. Building on this framework we argue that it can be used as a runtime monitor in an always on configuration to protect users against attacks and how developers, security researchers, and hackers can use it to find new vulnerabilities in real software. The expected audience includes people interested in system software, reverse engineering, fuzzing, type confusion-based attacks, and memory corruption-based attacks and their defense mechanisms. General programming and low-level knowledge is expected but the talk will be self contained and does not expect the audience to know the upcoming defense mechanisms or attacks. CC BY 4.0 false gannimo ACM CCS'17 paper Open-source prototype 2017-12-30T11:30:00+01:00 11:30 00:30 Saal Dijkstra 34c3-8949-library_operating_systems reject the default reality^W abstractions and substitute your own Resilience lecture en Traditional models of application development involve talking to an underlying operating system through abstractions of its choosing. These abstractions may or may not be a good fit for your language or application, but you have no choice but to use them - you can only layer more abstractions on top of them, to try to lessen the pain of a bad match. Library operating systems let you write applications that use better abstractions in your own language - either someone else's abstractions, or your own. This talk is an overview of library operating systems that focuses on the benefits to application developers. Interfacing with lower-level systems using familiar abstractions, rather than alien ones, is a thing of joy -- in testing, reasoning, modification, and participation. Operating systems programming doesn't have to be an arcane black art requiring a totally different set of skills from your day-to-day application development. It can be comprehensible, documentable, testable, and hackable with your everyday tools. Operating systems hacking is in reach! Examples (when appropriate) will be given using the MirageOS library operating system, which is written in OCaml, but principles discussed are applicable to other library operating systems projects including IncludeOS in C++, HaLVM in Haskell, and many others. CC BY 4.0 false Mindy Preston 2017-12-30T12:15:00+01:00 12:15 00:30 Saal Dijkstra 34c3-9094-modern_key_distribution_with_claimchain A decentralized Public Key Infrastructure that supports privacy-friendly social verification Resilience lecture en ClaimChain is a Public Key Infrastructure unique in that it can operate in fully decentralized settings with no trusted parties. A vouching mechanism among users, similar to the Web of Trust, assists with social authentication but without revealing the users' social graph. High-integrity data structures prevent equivocation and help detect compromises; the protocol can support generic claims (conventional PGP, modern OTR/Signal etc.); and a prototype evaluation indicates that ClaimChain can scale. Blockchain holds a big promise for Public Key Infrastructure (PKI) designs. Prominent systems, such as Keybase and CONIKS, tend to be centralized, something that eases the update of keys and provides good availability. Centralized designs, however, require users to trust that the source of authority acts honestly at all times, and does not perform surveillance.<br> ClaimChain is a decentralized PKI design, where users maintain repositories of claims implemented as hash chains: data structures that allow for efficient verification of the integrity and authenticity of their content. Claims relate to the key material of the owners, or their beliefs about public keys of others. In the latter case, cross-referencing serves as a way of efficient and verifiable vouching about states of other users. In practice, such information would reveal the social graph of the chain owners and even their communication patterns. To solve this privacy issue, we use cryptographic verifiable random functions to derive private identifiers that are re-randomized on each chain update, encrypted to a given set of authorized readers. In that way, chain owners can not present different views to authorized readers of the same contact. ClaimChain allows to detect chain compromises, manifested as forks of hash chains, and to implement various social policies for deriving decisions about the latest state of users in the system.<br> Evaluation of a prototype implementation indicates that ClaimChain can scale to accommodate the needs of large groups at an acceptable computational and bandwidth overhead cost. Interoperability with PGP makes it possible for users to gradually deploy ClaimChain locally. Email providers that wish to adopt ClaimChain will participate as an additional factor in the social authentication process. Arguably, ClaimChain constitutes an example that decentralization in combination with modern cryptography allow for increased robustness to adversarial central authorities, and offer comparable availability, as well as more options for supporting privacy. CC BY 4.0 false prometheas ClaimChain website ClaimChain paper 34C3 slide deck 2017-12-30T13:00:00+01:00 13:00 00:30 Saal Dijkstra 34c3-9148-italy_s_surveillance_toolbox Research on Monitoring Italian Government Surveillance Capabilities by means of Transparency tools Ethics, Society & Politics lecture en This project aims to take advantage of the availability of public procurement data sets, required by anticorruption transparency laws, to discover government surveillance capabilities in Italy. In this talk I'll present a mixed-strategy approach, based on transparency and privacy activism, to uncover government capabilities analyzing procurement data of Ministry of Interior, Justice and Defense that are allowed by law to buy and use surveillance products and services. This project will present manifold outcomes, such as the mapping of surveillance capabilities, monitoring governmental expenditures, discovering governmental project codenames, providers and peculiar participants of surveillance related tenders. The project will take advantage of the new italian FOIA laws by asking for: - all invoices of each company that we found out selling surveillance technologies to the government - all technical and economic offers of all the contractors related to surveillance technologies Preliminary findings of the prototyping phase have been presented at the Freedom Not Fear 201, where we described the strategy we are using and talked about some early results showing documents we received with a FOIA requests: the Ministry of Interior provided us with 85 invoices issued by Area SpA, an italian surveillance company known for selling surveillance technology to Egypt. Thus, with this project, we’ll try to shed light on the use of surveillance technologies providing a public database of knowledgeable information that can help to hold governments accountable for violations of human rights. In this talk I'll show early results in: - Mapping surveillance capabilities of the Government - Updating a database of companies selling surveillance tech - Discovering official resellers of other foreign surveillance companies - Detailing governmental expenditures for surveillance technologies CC BY 4.0 false boter Italy's Surveillance Toolbox file 2017-12-30T14:30:00+01:00 14:30 00:30 Saal Dijkstra 34c3-9249-hardening_open_source_development Resilience lecture en <p>As authors it is our responsibility to build secure software and give each other the chance to verify and monitor our work. Various flaws in development toolchains that allow code execution just by viewing or working in malicious repositories question the integrity of development environments and as such our projects as a whole.</p> <p>This talk will discuss practical solutions for both technical and social challenges of collaboration.</p> <p>Not only the software we build can be flawed, but also its dependencies, our tools or just the process of building it.<br/> Vulnerabilities in shell-integrations, code linters, package managers or compilers can become dangerous vectors of malware infection for developers. Beyond that risk we see software shipped straight from the developers editor to a repository, through the build chain, across the CDN, referenced from the package registry, almost directly to the user. Since even our favorite package managers have demonstrated large scale malware delivery, there is reason to seriously question our ability to guarantee our own products safefy at all.</p> <p>Deciding to distrust our own equipment and abilities leads us to find solutions that work based on collaboration to gain safety against failure or fraud. Cleanly defined merge and release processes with automated quality enforcement and distributed quorum based verification are essential mitigations that allow others to verify our work. By sharing lessons learned from 15 years of building software in open-source and enterprise environments I want to raise awareness for security in the development process and present practical solutions.</p> false gronke 2017-12-30T15:15:00+01:00 15:15 01:00 Saal Dijkstra 34c3-9113-mqa_-_a_clever_stealth_drm-trojan A critical look on a new audio Format Security lecture en Master Quality Authenticated (MQA) is a new audio format promising studio sound at home and no DRM. We take a critical look both at the sound-quality aspects as well as on the DRM story of MQA. Master Quality Authenticated (MQA) is an audio format introduced in 2014 promising to deliver studio sound at home. Marketed aggressively mostly to audiophiles two claims are central to MQA: no DRM and better sound through “deblurring temporal inaccuracies” introduced by ADCs and DACs in the signal chain. MQA is backed by the three major labels Warner, Universal and Sony and has support by a number of indie label rights agencies as well as by the Recording Industry Association of America. Rollout has started in 2016 and at IFA 2017 the major labels asserted their backing for the format. Streaming services Tidal, Deezer and Pandora as well as Groovers (Korea) 7digital and HDmusicstream offer MQA-streaming at a higher price-point as their regular offerings (20.- per month instead of 10). Companies like Onkyo, Pioneer, Sony, Rotel and NAD offer hifi-products supporting MQA and some smartphone makers like LG incorporated it too. MQA consists of a container format and a licensing regime for audio DACs. MQA files will play on any redbook-capable device and can be freely copied. The lowest bit of the file is used to store compressed spectral content above 24k and a control bit. If a MQA licensed DAC detects an MQA file it will “unfold” the high-rez content and turn on a blue light on the DAC. A lot of effort for a switching on a blue light ;) This talk will both scrutinize the DRM-regime of MQA and the sound-quality narrative. In the context of the latter we will look at MQAs assertion that the Shannon-Nyquist theorem is inadequate for audio-sampling as it purportedly introduces “temporal inaccuracies.” MQA claims to have incorporated “new psychoacoustic research” and advances beyond Shannon-Nyquist in sampling theory. The exact nature of this innovations remain unclear as MQA technology is proprietary and no independent third-party research is available. We will discuss these claims and show the status of the numerous MQA reverse-engineering efforts. So far it is know that MQA is PCM-based, uses minimum-phase filters and destructive compression for parts of the spectrum. It also lowers the available dynamic range and exhibits no behaviour proving any of their claims made in the marketing material. Still MQA at least managed to get the almost unequivocal support of the audio-press and at the same time is hotly debated online. With regards to the DRM aspect we will look at the marketing strategy of MQA and show how the company so far successfully controlled the narrative by narrowing the understanding of DRM to copying. The MQA DRM uses a both symmetric encryption as well as a PKI-component to authenticate files and devices. The DRM involves a clever mix of permissive licensing towards behaviour like copying while discriminating access by level of quality. Here we will discuss in how far such licensing design might be a model for future DRM-deployments and marketing. Finally we will discuss the systemic dimension of MQA in the context of music-streaming and control over assets like content, playback-devices (DACs) and licenses. With the platforms controlling the streaming market and playback devices (iPhone, Amazon smart speakers etc) on the one side, the record companies owning the content on the other side, MQA seems to attempt to establish licensing leverage for the content owners. CC BY 4.0 false Christoph Engemann Anton.schlesinger@studio-singer.de MQA Wikipedia 2017-12-30T16:30:00+01:00 16:30 01:00 Saal Dijkstra 34c3-8956-scada_-_gateway_to_s_hell Hacking industrial control gateways Security lecture en Small gateways connect all kinds of fieldbusses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system. Companies often utilize small gateway devices to connect the different field-busses used in industrial control systems (such as Modbus, RS232 etc) to TCP/IP networks. Under the hood, these devices are mostly comprised of ARM-based mini computers, running either custom, tiny operating systems or uClinux/Linux. The talk will look at the security aspects of these gateways by examining known and unfixed vulnerabilities like unchangeable default credentials, protocols that do not support authentication, and reverse engineering and breaking the encryption of firmware upgrades of certain gateways. The talk will consist of a theoretical part, an introduction on how to reverse-engineer and find vulnerabilities in a firmware-blob of unknown format, and a practical part, showcasing a live ICS environment that utilizes gateways, from both the IP and the field-bus side, to pivot through an industrial control system environment: Demonstrating how to potentially pivot from a station in the field up to the SCADA headquarters, permanently modifying the firmware of the gateways on the way. CC BY 4.0 false Thomas Roth 2017-12-30T14:00:00+01:00 14:00 2:00 Lecture room 11 self organized sessions talk en Last year, the workshop was called: Can't touch this: Introduction to self defense for women Learn the legal frame of self defence in Germany/Switzerland, the communication patterns of threat/violence and five easy techniques to avoid sexual harassment and to counter physical attacks. Nia https://events.ccc.de/congress/2017/wiki/index.php/Session:Can%27t_touch_this_2:_Introduction_and_more_about_self_defense_and_communication_for_humans 2017-12-30T16:00:00+01:00 16:00 1:30 Lecture room 11 self organized sessions talk Learn about nutrition and substitution by a professional food scientist! Nia https://events.ccc.de/congress/2017/wiki/index.php/Session:Healthy_food_hack:_Tasty_food_%3D_Unhealthy_food%3F 2017-12-30T12:00:00+01:00 12:00 2:00 Lecture room 11 Beginner #2 self organized sessions workshop de TBD Lil-Missy https://kinkygeeks.de https://events.ccc.de/congress/2017/wiki/index.php/Session:KinkyGeeks_Bondage_Workshop 2017-12-30T10:30:00+01:00 10:30 1:30 Lecture room 11 self organized sessions other de Nach der großen Nachfrage gibt es jetzt noch einmal den Nerdworkout. Jetzt neu mit Dehnübungen (aber alten Geschichte). Wir machen hier ein kleines alternativ nerdiges Workout. ;) Magic Karl Weber Minnie Hermine https://events.ccc.de/congress/2017/wiki/index.php/Session:Sport_f%C3%BCr_Nerds_2! 2017-12-30T15:00:00+01:00 15:00 1:30 Seminar room 14-15 self organized sessions talk de Demokratische Schulen sind die wohl radikalsten Schulen in Sachen Freiheit des Lernens und Mitbestimmung der Schüler*innen die es auf der Welt gibt. Jede Woche trifft sich die Schulversammlung (alle Schüler und Lehrer) und entscheidet über alle Angelegenheiten der Schule. Welche Lehrer*innen werden eingestellt? Wie ist der Finanzplan für nächstes Jahr? aber auch "Müssen die Schuhe ausgezogen werden, wenn man aufs Lesesofaklettert?" Dabei hat jeder Schüler und jede Lehrerin genau eine Stimme. Die Schüler*innenschaft ist also in der klaren Mehrheit. Kurse gibt es nur als freiwilliges Angebot. Gelernt wird jeden Tag, wo wann wie was und mit wem man will! Der Autor hat einige Monate an einer demokratische Schule verbracht, gründet die demokratische Schule Luana Augsburg und ist im Europaverband der demokratischen Schulen aktiv. Der Vortrag dauert etwa 60min und wurde schon oft von mir gehalten. Im Anschluss bleibt maximal 30min Zeit für Fragen. Kontakt: k.g@luana-augsburg.de http://www.luana-augsburg.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Demokratische_Schule_-_Praxisbericht 2017-12-30T16:30:00+01:00 16:30 0:30 Seminar room 14-15 self organized sessions discussion en Eco Hacker Farm is an umbrella organization that helps to set up and support, new and existing projects that combine hackerspaces with permaculture farms to provide a sustainable living space for people to experience a way of life that is not necessarily dependent on the system but using appropriate, open source and low cost technological solutions. We have one community at the moment that is based north west of berlin in the coutryside. We currently have one big open source app development to make a permaculture garden planner. We would love to talk to and share ideas with like minded people. https://wiki.ecohackerfarm.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Ecohackerfarm_a_cross_between_hackbase/hackerspace_and_permaculture_farm 2017-12-30T12:00:00+01:00 12:00 1:00 Seminar room 14-15 Mobilize the People for a Rights-Respecting Internet self organized sessions discussion en We tried mass demonstrations against surveillance, and failed. We are trying to stop it one court case at a time. But we could campaign for a kind of Internet that technically cannot be surveilled. And we can make it a legal requirement for a Next Generation Internet. LynX http://youbroketheinternet.cheettyiapsyciew.onion/#legislation https://events.ccc.de/congress/2017/wiki/index.php/Session:Make_Mass_Surveillance_Impossible_Again 2017-12-30T17:00:00+01:00 17:00 2:00 Seminar room 14-15 round 2 self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Responsible_Packaging_2 2017-12-30T14:00:00+01:00 14:00 1:00 Seminar room 14-15 self organized sessions other de it's all about stories and songs. for my show on community radio upper austria, i am looking for people who tell me their favorite random story which is connected to a specific song. i will record it and might use it for my radio show. // any language is welcome :-) Astroid https://www.fro.at/sendungen/fenstergeschichten/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Tell_me_a_story 2017-12-30T13:00:00+01:00 13:00 1:00 Lecture room 12 self organized sessions hands-on de Learn how to use a free, privacy-friendly IPv6-ready dynDNS service with DNSSEC and LE support. Also, learn about desec, an open-source DNS hosting stack with a RESTful API and see it in action. Nilsnilsnils https://github.com/desec-io/desec-stack https://events.ccc.de/congress/2017/wiki/index.php/Session:DynDNS_and_DNS_with_DNSSEC,_IPv6_and_RESTful_API 2017-12-30T11:30:00+01:00 11:30 1:00 Lecture room 12 self organized sessions discussion de Interaktiver Workshop (HandsOn) zur Unterscheidung von Kryotowährungen, von Beginnern für Beginner. Folgende Themen möchten wir behandeln: Entwicklung, Fork/Vertrauen und Unterscheidungskriterien Mellon SuitedDodo https://events.ccc.de/congress/2017/wiki/index.php/Session:Einf%C3%BChrung_in_Blockchain 2017-12-30T12:30:00+01:00 12:30 0:30 Lecture room 12 self organized sessions talk de Dieser Talk ist eine Wiederholung vom letzten Jahr. Es wird sich kurz mit den Probleme der Inflation in MMORPGs auseinandergesetzt und in reale Probleme eingeführt. Karl Weber Magic https://events.ccc.de/congress/2017/wiki/index.php/Session:Inflationsph%C3%A4nomene_und_-probleme_in_MMORPGs 2017-12-30T14:00:00+01:00 14:00 0:30 Lecture room 12 self organized sessions talk en Vlad Zamfir is one of the Lead architects of Proof of Stake and Sharding for Ethereum. He has deep insights into these topics and many others at the philosophical and game theoretical heart of the blockchain world, plus he sounds really smart when he talks ;-) http://www.ethereum.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Sharding_and_Proof_of_Stake_-_Vlad_Zamfir 2017-12-30T14:30:00+01:00 14:30 2:30 Lecture room 12 self organized sessions hands-on en Privacy is the space in which ideas are developed, to retreat into whenever you want. This space is not only physical but digital as well. Governments and companies don't want to respect that so we become active ourselves. The goal of this hands-on session is to pass on knowledge about protecting yourself in the digital space. This can include encrypted communication, preventing being tracked while browsing the web and general security advice for computers and smartphones. Dawning-sun https://www.cryptoparty.in/34c3 https://events.ccc.de/congress/2017/wiki/index.php/Session:%E2%80%9CHow_To_Survice_34C3%E2%80%9D_CryptoParty 2017-12-30T10:00:00+01:00 10:00 0:45 Seminar room 13 self organized sessions de We'll talk about fiction and non-fiction books. Birdy1976 https://b76.ch/?s=hacker%2Bdigest https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Hacker%E2%80%99s_Digest 2017-12-30T09:00:00+01:00 09:00 1:00 Seminar room 13 self organized sessions workshop de We'll do some Yoga to calm our minds and move them bodies. Birdy1976 https://www.yogatoessfeld.ch/team/martin-voegeli-springer/ https://events.ccc.de/congress/2017/wiki/index.php/Session:42birds:_Hitchhiker%27s_Towel-Yoga 2017-12-30T16:30:00+01:00 16:30 1:00 Seminar room 13 self organized sessions other de SingWat - CCChoir in der Glashalle Coco https://events.ccc.de/congress/2017/wiki/index.php/Session:CCChoir_Flashmob 2017-12-30T20:00:00+01:00 20:00 0:50 Seminar room 13 self organized sessions talk en A presentation about the use of iOS Private APIs and their security risks and making use of undocumented or barely known iOS features. https://github.com/MTJailed https://events.ccc.de/congress/2017/wiki/index.php/Session:IOS_Private_Frameworks:_Unboxing_your_iDevice 2017-12-30T14:00:00+01:00 14:00 1:30 Seminar room 13 Klick Klack self organized sessions hands-on de Come and try out mechanical keyboards and talk about all things keyboard related. Feel free to bring your own. https://events.ccc.de/congress/2017/wiki/index.php/Session:Mechanical_Keyboard_Meetup 2017-12-30T15:30:00+01:00 15:30 1:00 Seminar room 13 it's time self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Responsible_Packaging 2017-12-30T11:00:00+01:00 11:00 1:00 Seminar room 13 self organized sessions Meetup of people interested about Security Without Borders. Sobotny vecer https://securitywithoutborders.org/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Security_Without_Borders 2017-12-30T13:15:00+01:00 13:15 0:45 Seminar room 13 Translation Team Wrapup self organized sessions meeting en Daily orga meeting of the Translation Angel crew. https://events.ccc.de/congress/2017/wiki/index.php/Session:Translation_Team 2017-12-30T13:00:00+01:00 13:00 1:00 CCL Hall 3 self organized sessions discussion en This session is part of our research about surveillance and censorship in Crimea after Russian annexation. Basically, life's very hard there - people get arrested every other week, devices are seized and searched. A specific blocklist has been developed for Crimea, especially targeting Tatar minority. However, the usage of encrypted communication tools stays very scarce and very few trainings happen there. Let's get together and think about all the beautiful and necessary tips to help activists, journalists, NGO people who live in Crimea, or the brave humans who still go there. Xeniax https://events.ccc.de/congress/2017/wiki/index.php/Session:Digital_Security_for_activists_in_Crimea 2017-12-30T12:00:00+01:00 12:00 1:00 CCL Hall 3 self organized sessions discussion de Blackspear https://events.ccc.de/congress/2017/wiki/index.php/Session:How_to_be_excellent_to_each_other_-_a_discussion 2017-12-30T15:00:00+01:00 15:00 1:00 CCL Hall 3 Live demo + short-term vision + long-term vision self organized sessions talk en Interested in harnessing the power of the internet to enable large numbers of like-minded individuals -- especially activists journalists, and non-profits -- to join forces to solve important world problems? Come to this session to learn how the Pursuance Project is building open source, end-to-end encrypted software based on the experiences and vision of our founder, formerly-imprisoned activist and journalist Barrett Brown! (This talk was moved from Day 2 to Day 4.) Elimisteve https://PursuanceProject.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Revolutionizing_Large-scale_Digital_Activism_with_Barrett_Brown%27s_Pursuance_Project 2017-12-30T14:00:00+01:00 14:00 1:00 CCL Hall 3 How to use public procurement datasets to monitor government surveillance capabilities (Hermes Center) self organized sessions talk de Rights & Freedoms Cluster Stage Programme https://events.ccc.de/congress/2017/wiki/index.php/Session:Rights%26Freedoms 2017-12-30T18:15:00+01:00 18:15 10:00 Chaos West Stage self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Abbau_/_Disassembly 2017-12-30T17:30:00+01:00 17:30 0:45 Chaos West Stage self organized sessions talk de https://events.ccc.de/congress/2017/Fahrplan/events/9293.html Nanooq https://events.ccc.de/congress/2017/Fahrplan/events/9293.html https://events.ccc.de/congress/2017/wiki/index.php/Session:Abschluss_(sva)_Streaming 2017-12-30T16:05:00+01:00 16:05 0:55 Chaos West Stage self organized sessions talk en There are several Ethereum Superstars at this conference, they are congregating on the Chaos West Stage to answer all of your questions about the decentralized world computer. :-D http://www.ethereum.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Ethereum_AMA 2017-12-30T17:00:00+01:00 17:00 0:30 Chaos West Stage Building Transparent Communities with Smart Contracts self organized sessions talk en Giveth is a radically transparent, not-for-profit community developing open source projects aimed at DAO-fying the non-profit world and building the future of giving. Q&A after a short talk. https://giveth.io/join/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Giveth:_Decentralizing_the_Non-Profit_World 2017-12-30T15:15:00+01:00 15:15 0:50 Chaos West Stage self organized sessions discussion de Honigdachs ist das Podcast-Angebot des Leipziger Bitcoin-Stammtisches, in dem monatlich vertieft auf einzelne Themen rund um Bitcoin eingegangen wird. Hintergründig, praxisnah und meinungsstark richten sich die einzelnen Folgen sowohl an Einsteiger, wie auch an erfahrene Bitcoin- und Blockchain-Interessierte. Auf dem 34C3 machen wir einen Rückblick über das Jahr und den Kongress und wagen einen Ausblick auf das kommende Jahr 2018. Rootzoll https://coinspondent.de/news-nachrichten/bitcoin-podcasts/honigdachs-der-bitcoin-podcast-aus-leipzig/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Honigdachs-Podcast_LIVE 2017-12-30T14:00:00+01:00 14:00 1:00 Chaos West Stage self organized sessions talk en So you've probably heard that there is this relatively new thing called cryptocurrencies, supposedly some kind of revolutionary "magic internet money", which is gaining a lot of attention (and insane valuations) lately. But what is a crytocurrency anyway? does it work exactly? Most importantly - why does it work like that? Instead of answering these questions directly, we will answer them and more, by putting our Satoshi Nakamoto hats and inventing our own cryptocurrency from scratch. https://events.ccc.de/congress/2017/wiki/index.php/Session:Magic_Internet_Money 2017-12-30T13:00:00+01:00 13:00 0:30 Chaos West Stage self organized sessions talk en Secure Scuttlebutt is a database protocol for unforgeable append-only message feeds. "Unforgeable" means that only the owner of a feed can update that feed, as enforced by digital signing (see Security properties). This property makes Secure Scuttlebutt useful for peer-to-peer applications. Secure Scuttlebutt also makes it easy to encrypt messages. tl;dr instead of objectivity, singletons, and consensus, SSB (scuttlebutt) embraces subjectivity, social networks and local trust Yangwao https://www.scuttlebutt.nz/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Scuttlebutt_introduction 2017-12-30T13:30:00+01:00 13:30 0:25 Chaos West Stage self organized sessions talk en Jordi Baylina presents his plan to deploy personal servers to build a decentralized infrastructure for any area. If you want to help, join Giveth's Riot channel and lets build the decentralized revolution together. https://giveth.io/join/ https://events.ccc.de/congress/2017/wiki/index.php/Session:The_gateway_to_decentralization:_Personal_Servers 2017-12-30T16:00:00+01:00 16:00 1:00 Komona Aquarius self organized sessions talk en Heart of Code: Creating a feminist Hackspace http://www.heartofcode.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Heart_of_Code_-_Creating_a_feminist_hackspace 2017-12-30T14:00:00+01:00 14:00 2:00 Komona Aquarius self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:Hedonist_International_Networking_Meeting_%26_Workshop_for_2018s_Congress_Convoy_(All_Interested_Creatures_welcome!) 2017-12-30T18:00:00+01:00 18:00 2:00 Komona Aquarius self organized sessions https://events.ccc.de/congress/2017/wiki/index.php/Session:RHIZOM_festival:_an_intro_to_everything_for_everyone_for_nothing 2017-12-30T12:00:00+01:00 12:00 0:45 Komona Coral Reef Day 4 self organized sessions workshop en Hacktivism from time to time leads to imprisonment and repressions. There are several people right now siting in jail that consider themselves anarchist or did actions that are supported by anarchist community. Not to let those people alone in prison we would like to have every day 1 hour around the table, where we get to know the stories of imprisoned activists and write them some words of support with postcards/letters. You don't need any special skills for that. The postcards will be there for you. http://abcdd.org https://events.ccc.de/congress/2017/wiki/index.php/Session:Letter_writing_to_prisoners,_sitting_in_jail_for_hacking 2017-12-30T17:00:00+01:00 17:00 1:00 Komona D.Ressrosa self organized sessions en NOTE: this talk has been moved to day 30, 5pm. Install DHCP implementations that leak less identifying information. http://dhcpap.github.io https://events.ccc.de/congress/2017/wiki/index.php/Session:DHCP_Anonymity 2017-12-30T14:00:00+01:00 14:00 2:00 Komona D.Ressrosa self organized sessions workshop en Session: Freedom, Software and UserExperience in selforganised housing Projects (kehehehehe) https://events.ccc.de/congress/2017/wiki/index.php/Session:Freedom,_Software_and_UserExperience_in_selforganised_housing_Projects 2017-12-30T18:00:00+01:00 18:00 1:30 Komona D.Ressrosa self organized sessions workshop de Slides...: https://speakerdeck.com/julled/raves-34c3 Shameless Plug...: To receive a message when we do our next open air rave in Berlin subscribe our mailinglist (at the bottom of the page): http://oscillating.space/freeopenairs/ Either for a proper squat rave or for a demonstration - to empower people to reclaim space in the city, they need the right and cheap tools to do it. To achieve this, i want to share my recent experiences in building a loud and cheap (&lt;200€ is possible) mobile sound system. First, i will give you an overview on all the important parts of a sound system and show you whats important for getting enough energy to power the amplifiers for a full night. I will also give you an overview on which amplifiertechnologies exist, and which fit best for our purpose. Afterwards i will show you how to choose the right speakers to get the biggest bang for the buck. https://events.ccc.de/congress/2017/wiki/index.php/Session:How_to_build_a_mobile_soundsystem_for_protests/raves 2017-12-30T16:00:00+01:00 16:00 1:30 Komona D.Ressrosa (some started at structure.pages.de) self organized sessions meeting en After watching social implosions in several activist groups and organizations, it's time to develop better antibodies. The future needs us to stop failing all the time. Some of us have started the Structures Working Group. LynX http://structure.pages.de https://events.ccc.de/congress/2017/wiki/index.php/Session:Join_a_Task_Force_for_Civil_Coexistence,_Preventive_Justice_and_Liquid_Democracy 2017-12-30T20:00:00+01:00 20:00 2:00 Komona D.Ressrosa self organized sessions workshop en Storytelling as a DJ (Mar) https://events.ccc.de/congress/2017/wiki/index.php/Session:Storytelling_as_a_DJ 2017-12-30T13:20:00+01:00 13:20 0:40 Komona D.Ressrosa self organized sessions discussion de Learn about my idea which wants to revolutionize how the eveyday Joe/Joanne develops his/her own opinion on any political issues. Bring in your own thoughts, ideas, questions. https://events.ccc.de/congress/2017/wiki/index.php/Session:Tinder_for_Arguments_%E2%80%93_Rethinking_everyday_political_opinion_formation 2017-12-30T12:45:00+01:00 12:45 0:45 Komona Blue Princess self organized sessions talk Discusssion about Chinas social credit system *! CANCELLED !* https://events.ccc.de/congress/2017/wiki/index.php/Session:Chinas_social_credit_system_!_CANCELLED_! 2017-12-30T11:00:00+01:00 11:00 1:00 Kidspace Workshop self organized sessions game de Hi, wir wollen gemeinsam ein Spiel entwickeln. Genauer gesagt machen wir einen pen&paper mini "Game Jam". Hierbei finden sich normalerweise aus allen Disziplinen der Gamesbranche Beteiligte zusammen um in einem lockeren Umfeld Spiele/Spielideen zu entwickeln. Ich möchte dieses Konzept gerne mit Kindern umsetzen; ohne Computer ;0) Es geht um Grundlegende Spielmechanismen und deren Kreative Umsetzung. Ich freue mich auf viele motivierte Kinder ;o) Lydia https://events.ccc.de/congress/2017/wiki/index.php/Session:%22Pen%26Paper%22_Game_Jam 2017-12-30T13:15:00+01:00 13:15 00:30 Open Infra Stage 34c3-ffc-43-wie_freifunken_in_der_asylindustrie Notizen aus der Partizipationsforschung lecture de false Tim 2017-12-30T14:00:00+01:00 14:00 02:00 Open Infra Stage 34c3-ffc-3-freifunk-hilft_workshop workshop de Status, Bedarfe, Herausforderungen, neue Ziele? false Peggy Monic 2017-12-30T16:00:00+01:00 16:00 00:15 Open Infra Stage 34c3-ffc-47-kadnode lecture en KadNode is a simple approach for a decentralized DNS system that builds on top of the established Public Key Infrastructure (PKI), but can also use public keys and content hashes as links. KadNode is a P2P DNS resolver for decentralized DNS. false mwarning 2017-12-30T16:15:00+01:00 16:15 00:45 Open Infra Stage 34c3-ffc-48-freifunk_battlemesh gamification show performance en we will have two teams with each up to 5 players (and aditionally their relative assisants) with wifi mesh nodes, to fight in teams to get first mesh contact to a far distance computer systems, just like the fairy dust skyrocket or the next dancefloor. false Ufo 2017-12-30T17:00:00+01:00 17:00 00:30 Open Infra Stage 34c3-ffc-2-closing_session podium false 2017-12-30T17:30:00+01:00 17:30 02:00 Open Infra Stage 34c3-ffc-1-deconstruction other false 2017-12-30T14:00:00+01:00 14:00 02:00 Meetup Domo 34c3-ffc-4-erste_hilfe_kurs workshop de false Elisa 2017-12-30T19:00:00+01:00 19:00 1:00 Assembly:Anarchist Second meeting, same topics, partly different people self organized sessions en We will meet to discuss about these days during 34c3 and what we need for the (no)future Rama Maxigas https://events.ccc.de/congress/2017/wiki/index.php/Session:Anarchist_Aseembly_of_the_Anarchist_Assembly 2017-12-30T16:30:00+01:00 16:30 0:30 First meeting, same topics, partly different people self organized sessions en We will meet to discuss about these days during 34c3 and what we need for the (no)future Rama Maxigas https://events.ccc.de/congress/2017/wiki/index.php/Session:Anarchist_Aseembly_of_the_Anarchist_Assembly 2017-12-30T13:05:00+01:00 13:05 0:55 CCL Hall 2 Dlf Kultur - Breitband self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-30T14:15:00+01:00 14:15 0:30 CCL Hall 2 "tuwat!" - Der 34C3 in Leipzig self organized sessions de DLF https://events.ccc.de/congress/2017/wiki/index.php/Session:DLF 2017-12-30T15:00:00+01:00 15:00 1:00 Assembly:Open Knowledge Assembly self organized sessions en EITI transparency in extractive industries Vavoida https://events.ccc.de/congress/2017/wiki/index.php/Session:EITI_transparency 2017-12-30T13:00:00+01:00 13:00 2:30 Assembly:HardwareHackingArea Day 4 self organized sessions workshop en The Intro to Arduino shield is a simple kit which plugs into an Arduino Uno or similar. It includes a button, light sensor (LDR) and red green blue LED. The LED can be controlled as a digitial or an analog output, the button is a digitial input and the sensor is an analog input. Hammes Hacks http://hammeshacks.com/intro/ https://events.ccc.de/congress/2017/wiki/index.php/Session:Intro_to_Arduino_Shield_Soldering_and_Programing 2017-12-30T11:00:00+01:00 11:00 3:59 Assembly:HardwareHackingArea Day 4 self organized sessions workshop en Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br /> <br /> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span> Maltman23 https://events.ccc.de/congress/2017/wiki/index.php/Session:LearnToSolder 2017-12-30T10:00:00+01:00 10:00 3:00 Assembly:HardwareHackingArea self organized sessions workshop de Build your own MAKERbuino game console (kids session, ages 11+) Nh cham https://events.ccc.de/congress/2017/wiki/index.php/Session:MAKERbuino_DIY_game_console_building_session 2017-12-30T11:00:00+01:00 11:00 1:30 Assembly:HardwareHackingArea Day 4 Session 1 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-30T13:00:00+01:00 13:00 1:30 Assembly:HardwareHackingArea Day 4 Session 2 self organized sessions workshop en Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building a working power supply. Anyone can do it. Yes, even you who never touched anything electronic before. 90-100mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there will be a PAPER!!1! signup list in the hardware hacking area. Kliment https://events.ccc.de/congress/2017/wiki/index.php/Session:Surface_mount_electronics_assembly_for_terrified_beginners 2017-12-30T15:00:00+01:00 15:00 1:00 Assembly:Haecksen self organized sessions Closing meeting of the Haecksen https://events.ccc.de/congress/2017/wiki/index.php/Session:Outro 2017-12-30T13:00:00+01:00 13:00 0:20 Assembly:TeaHouse εxodus reveals hidden trackers in Android applications self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-30T14:00:00+01:00 14:00 0:20 Assembly:TeaHouse Collection and clustering of 6,900 tweets censored in European countries in 2017 self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-30T15:00:00+01:00 15:00 0:30 Assembly:TeaHouse want to talk about the new c.h.an.g.e. location self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-30T12:00:00+01:00 12:00 0:30 Assembly:TeaHouse Updating Security in a Box self organized sessions meeting en Sanpi https://teahouse.homecomputing.fr/ https://events.ccc.de/congress/2017/wiki/index.php/Session:TeaHouse 2017-12-30T14:00:00+01:00 14:00 0:45 Esszimmer self organized sessions en In this talk/discussion/fish bowl, we'd like to explore the reasons for the decline of user-contributed content in commons-based peer production of Free Knowledge – or to put it more simply: You had a Wikipedia account in 2007, but what happened? How come you don't update your blog anymore? Feel free to join us. Notes of the session: https://etherpad.wikimedia.org/p/tuwat Johl https://events.ccc.de/congress/2017/wiki/index.php/Session:Why_did_we_stop_contributing_to_knowledge_on_the_internet