mkdir; lounges 707; chaos-west 1.0; open-infra 23; wikipaka 0.18; chaoszone 0.14; komona 0.32; sendezentrum 4.5; lightning Holmium; art-play 0.26; cdc 3 36c3 2019-12-27 2019-12-30 4 00:10 https://fahrplan.events.ccc.de/congress/2019/Fahrplan/ https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11223.html 2019-12-27T11:00:00+01:00 11:00 00:30 Ada 36c3-11223-opening_ceremony CCC lecture de Welcome! false bleeptrack blinry https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11220.html 2019-12-27T11:30:00+01:00 11:30 01:00 Ada 36c3-11220-the_case_for_scale_in_cyber_security Security Track Keynote CCC lecture en The impact of scale in our field has been enormous and it has transformed the tools, the jobs and the face of the Infosec community. In this talk we discuss some of the ways in which defense has benefitted from scale, how the industry might be transitioning to a new phase of its growth and how the community will have to evolve to stay relevant. false Vincenzo Iozzo https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10565.html /system/events/logos/000/010/565/large/Screen_Shot_2019-11-13_at_12.17.53_PM.png?1573676286 2019-12-27T12:50:00+01:00 12:50 01:00 Ada 36c3-10565-what_s_left_for_private_messaging Security lecture en It is easier to chat online securely today than it ever has been. Widespread adoption of signal, wire, and the private mode of WhatsApp have led a broader recognition of the importance of end-to-end encryption. There's still plenty of work to be done in finding new designs that balance privacy and usability in online communication. This introduction to secure messaging will lay out the different risks that are present in communications, and talk about the projects and techniques under development to do better. The talk will begin with a threat modeling exercise to be able to concretely talk about the different actors and potential risks that a secure messaging system can attempt to address. From there, we'll dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal (and now the noise framework). The bulk of the talk will focus on the rest of the problem which is more in-progress, and in particular consider the various metadata risks around communication. We'll survey the problems that can arise around contact discovery, network surveillance, and server compromise. In doing so, we'll look at the forays into communication systems that attempt to address these issues. Pond offered a novel design point for discovery and a global network adversary. Katzenpost adapts mixnets to limit the power of network adversaries and server compromise in a different way. Private Information Retrieval (PIR) trades off high server costs for a scheme that could more realistically work with mobile clients. Others, for instance Secure Scuttlebutt attempt to remove the need for infrastructural servers entirely with gossip and partial views of the network, a whole other set of tradeoffs. false Will Scott Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10497.html /system/events/logos/000/010/497/large/Screenshot_2019-12-19_at_15.07.43.png?1576764495 2019-12-27T14:10:00+01:00 14:10 01:00 Ada 36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage Security lecture en So called “0-click” exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such exploits against the iPhone this year. This talk will go into the details of how a single memory corruption vulnerability in iMessage was remotely exploited to compromise an iPhone. The insights gained from the exploitation process will hopefully help defend against such attacks in the future. This talk will dive into the internals of an iMessage exploit that achieves unsandboxed remote code execution on vulnerable devices (all iPhones and potentially other iDevices up to iOS 12.4) without user interaction and within a couple of minutes. All that is necessary for a successful attack in a default configuration is knowledge of the target’s phone number or an email address. Further, the attack is also possible without any visible indicators of the attack displayed to the user. First, an overview of the general iMessage software architecture will be given, followed by an introduction of the exploited vulnerability. Next, a walkthrough of the exploitation process, including details about how the various exploit mitigations deployed on iOS were bypassed, will be presented. Some of the exploitation techniques are rather generic and should be applicable to exploit other vulnerabilities, messengers, and even other platforms such as Android. Along the way, some advice will be shared with the audience on how to bootstrap research in this area. The talk concludes with a set of suggestions for mobile OS and messenger vendors on how to mitigate the demonstrated exploit techniques effectively and hopefully make these kinds of attacks significantly more difficult/costly to perform in the future. While previous experience with iOS userland exploitation will not be required for this talk, some basic background knowledge on memory corruption vulnerabilities is recommended. false Samuel Groß https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10595.html /system/events/logos/000/010/595/large/tresor.png?1571148674 2019-12-27T16:10:00+01:00 16:10 01:00 Ada 36c3-10595-hacker_hin_oder_her_die_elektronische_patientenakte_kommt Security lecture de Herzstück der digitalen Gesundheitsversorgung für 73 Millionen Versicherte ist die hochsichere, kritische Telematik-Infrastruktur mit bereits 115.000 angeschlossenen Arztpraxen. Nur berechtigte Teilnehmer haben über dieses geschlossene Netz Zugang zu unseren medizinischen Daten. Ein "Höchstmaß an Schutz" also, wie es das Gesundheitsministerium behauptet? Bewaffnet mit 10.000 Seiten Spezifikation und einem Faxgerät lassen wir Illusionen platzen und stellen fest: Technik allein ist auch keine Lösung. Braucht es einen Neuanfang? Schon in 12 Monaten können 73 Millionen gesetzlich Versicherte ihre Gesundheitsdaten in einer elektronischen Patientenakte speichern lassen. Dazu werden zurzeit alle Arztpraxen, Krankenhäuser und Apotheken Deutschlands über die neu geschaffene kritische Telematik-Infrastruktur verbunden. Dieses hochverfügbare Netz genügt "militärischen Sicherheitsstandards", bietet ein "europaweit einzigartiges Sicherheitsniveau" und verspricht ein "Höchstmaß an Schutz für die personenbezogenen medizinischen Daten" wie Arztbriefe, Medikamentenpläne, Blutbilder und Chromosomenanalysen. "Wir tun alles, damit Patientendaten sicher bleiben." "Selbst dem Chaos Computer Club ist es nicht gelungen, sich in die Telematik-Infrastruktur einzuhacken." "Nach den Lehren aus PC-Wahl, Ladesäulen und dem besonderen elektronischen Anwaltspostfach brauchen wir kein weiteres Exempel." false Martin Tschirsich cbro - Dr. med. Christian Brodowski Dr. André Zilch https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10883.html /system/events/logos/000/010/883/large/plundervolt.png?1577471483 2019-12-27T17:30:00+01:00 17:30 01:00 Ada 36c3-10883-plundervolt_flipping_bits_from_software_without_rowhammer Security lecture en We present the next step after Rowhammer, a new software-based fault attack primitive: Plundervolt (CVE-2019-11157). Many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. We show that these privileged interfaces can be reliably exploited to undermine the system's security. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. Fault attacks pose a substantial threat to the security of our modern systems, allowing to break cryptographic algorithms or to obtain root privileges on a system. Fortunately, fault attacks have always required local physical access to the system. This changed with the Rowhammer attack (BlackHat USA 2015, CCC 2015), which for the first time enabled an attacker to mount a software-based fault attack. However, as countermeasures against Rowhammer are developed and deployed, fault attacks require local physical access again. In this CCC talk, we present the next step, a long-awaited alternative to Rowhammer, a second software-based fault attack primitive: Plundervolt. Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. In this talk, we show that these privileged interfaces can be reliably exploited to undermine the system's security. We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor's supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. We finally discuss why mitigating Plundervolt is not trivial, requiring trusted computing base recovery through microcode updates or hardware changes. We have responsibly disclosed our findings to Intel on June 7, 2019. Intel assigned CVE-2019-11157 to track this vulnerability and refer to mitigations. The scientific paper on Plundervolt will appear at the IEEE Security & Privacy Symposium 2020. The work is the result of a collaboration of Kit Murdock (The University of Birmingham, UK), David Oswald (The University of Birmingham, UK), Flavio D. Garcia (The University of Birmingham, UK), Jo Van Bulck (imec-DistriNet, KU Leuven, Belgium), Daniel Gruss (Graz University of Technology, Austria), and Frank Piessens (imec-DistriNet, KU Leuven, Belgium). false Daniel Gruss Kit Murdock Website Presentation Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11141.html /system/events/logos/000/011/141/large/justice.JPG?1573953022 2019-12-27T18:50:00+01:00 18:50 01:00 Ada 36c3-11141-geheimdienstliche_massenuberwachung_vs_menschenrechte Ethics, Society & Politics lecture de Der Europäische Menschenrechtsgerichtshof beschäftigt sich nun schon seit Jahren mit der Frage, ob die durch Edward Snowden öffentlich bekanntgewordene geheimdienstliche Massenüberwachung mit der Europäischen Menschenrechtskonvention kompatibel ist. Wie ist der Stand der Dinge? Dieses Jahr gab es zwei neuerliche Anhörungen in Straßburg, die sich mit der britischen und schwedischen Massenüberwachung durch die Geheimdienste auseinandersetzten. Im Vortrag werden die bisher gefällten Urteile und die neuen vorgetragenen Argumente beleuchtet. Insbesondere der britische Fall ist das erste Mal, dass der Gerichtshof nicht nur die Massenüberwachung an der Menschenrechtskonvention misst, sondern auch das Datenkarussell zwischen den Geheimdiensten, namentlich dem GCHQ und der NSA. Wegen der schon Mitte Januar vom Bundesverfassungsgericht anberaumten mündlichen Anhörung zum BND-Gesetz wird sich ein Teil des Vortrags auch mit der deutschen geheimdienstlichen Massenüberwachung beschäftigen. Der CCC hat eine Stellungnahme zur Ausland-Ausland-Fernmeldeaufklärung abgegeben, deren Inhalt kurz zusammengefasst wird. Offenlegung: Ich bin eine der Beschwerdeführerinnen in dem britischen Fall. false Constanze Kurz Privacy not Prism https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10933.html 2019-12-27T20:50:00+01:00 20:50 01:30 Ada 36c3-10933-what_the_world_can_learn_from_hongkong From Unanimity to Anonymity Ethics, Society & Politics lecture en The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from front liners to middle class supporters and left wing activists reveal a movement that has been unfairly simplified in international reporting. The groundbreaking reality is less visible because it must be - obfuscation and anonymity are key security measures in the face of jail sentences up to ten years. Instead of the big political picture, this talk uses interviews with a range of activists to help people understand the practicalities of situation on the ground and how it relates to Hongkong's political situation. It also provides detailed insights into protestors' organisation, tactics and technologies way beyond the current state of reporting. Ultimately, it is the story of how and why Hongkongers have been able to sustain their movement for months, even faced with an overwhelming enemy like China. This is the story of how and why Hongkongers have been able to sustain their movement so long, even faced with an overwhelming enemy like China. The protestors have developed a range of tactics that have helped them minimise capture and arrests and helped keep the pressure up for five months: They include enforcing and maintaining anonymity, both in person and online, rapid dissemination of information with the help of the rest of the population, a policy of radical unanimity to maintain unity in the face of an overwhelming enemy and Hongkongers’ famous “be water” techniques, through which many of them escaped arrest. false Katharin Tai https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10884.html 2019-12-27T22:30:00+01:00 22:30 00:40 Ada 36c3-10884-practical_cache_attacks_from_the_network_and_bad_cat_puns Security lecture en Our research shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With our attack called NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks. Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card. In this talk, we present the first security analysis of DDIO. Based on our analysis, we present NetCAT, the first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server. netcat is also a famous utility that hackers and system administrators use to send information over the network. NetCAT is a pun on being able to read data from the network without cooperation from the other machine on the network. However, we received very mixed reactions on that pun. More details on this in the talk. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019. false Michael Kurth VUSec Project Site Exploit POC Video https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10737.html /system/events/logos/000/010/737/large/32c3-sim-front.jpg?1577525266 2019-12-27T23:30:00+01:00 23:30 01:00 Ada 36c3-10737-sim_card_technology_from_a-z Hardware & Making lecture en Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. This talk aims to be an in-depth technical overview. <p>Today, billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. If at all, people know that once upon a time, they were storing phone books on SIM cards.</p> <p>Every so often there are some IT security news about SIM card vulnerabilities, and SIM card based attacks on subscribers.</p> <p>Let's have a look at SIM card technology during the past almost 30 years and cover topics like <ul> <li>Quick intro to ISO7816 smart cards</li> <li>SIM card hardware, operating system, applications</li> <li>SIM card related specification bodies, industry, processes</li> <li>from SIM to UICC, USIM, ISIM and more</li> <li>SIM toolkit, proactive SIM</li> <li>eSIM</li> </ul> </p> false LaForge Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11177.html /system/events/logos/000/011/177/large/events_logos_000_009_007_large_1567.png?1572194778 2019-12-28T00:50:00+01:00 00:50 02:00 Ada 36c3-11177-hacker_jeopardy Zahlenraten für Geeks Entertainment podium de The Hacker Jeopardy is a quiz show. The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again. false Sec Ray https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10841.html 2019-12-27T11:30:00+01:00 11:30 01:00 Borg 36c3-10841-i_am_system_breaking_the_security_boundary_in_windows_os Security lecture en Nowadays, Windows is still the most popular OS used in the world. It's very important for red teams / attackers to maintain the authority after they get into the OS by penetration test. So they need a vulnerability to hide in windows to escalate their account to system privilege. In this presentation, we will share the methodology about how we started this work to analyze Windows internals. We will explain the inner workings of this technique and how we analyzed ALPC and Component Object Model(COM) in Windows OS. By analyzing historical bugs, we are able to extract their features from multiple vulnerabilities. We will develop an IDA plugin to analyze the execution path of target interfaces. Through this way we could find out the interface that called the specified sensitive operation. In fact, we found a large number of vulnerable modules in the ALPC and COM object, which allows the attacker to cross the security boundary and directly access the system. false Shi Qin Wenxu Wu Haoyu Yang https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10957.html 2019-12-27T12:50:00+01:00 12:50 01:00 Borg 36c3-10957-katastrophe_und_kommunikation_am_beispiel_nord-ost-syrien Humanitäre Hilfe zwischen Propaganda, Information und Spendenwerbung Ethics, Society & Politics lecture de Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien gemeinsam mit Fee Baumann von Heyva Sor A Kurd, live aus Nord-Ost-Syrien Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien. Fand Live-Berichterstattung aus Kriegsgebieten zu Zeiten des 2. Golfkrieges noch überwiegend durch ein paar wenige Journalist*innen, oft “embedded” statt, die für CNN&Co im grünlichen Nachtsicht-Look aus dem Panzer berichteten, kann in den sozialen Medien heute jede*r zur Quelle werden. Auf diese Weise gelangt die Öffentlichkeit an Informationen die vorher nur sehr schwer zu bekommen gewesen wären & schon gar nicht in Echtzeit. Die Quellenvielfalt birgt große Chancen für die Bewertung einer Lage und auch zur Überprüfung von Informationen durch mehrere Quellen oder Image Reverse Suche. Gleichzeitig verbreiten sich Gerüchte und Falschinformationen ebenfalls sehr viel schneller. Zudem können soziale Medien auch gezielt, etwa von Kriegsparteien manipuliert werden. Die Türkei setzte neben Deutschen Panzern etwa auch Bot-Armeen ein, im Ergebnis: Zwar verurteilte ein großteil der Welt den türkischen Einmarsch in Nord-Ost-Syrien, aber Twitter-Hashtags zeichneten zeitweilig ein ganz anderes Bild. Gleichzeitig kann es schon auch mal passieren, dass Türkei nahe Djihadistische Gruppen ausversehen selbst Videos ihrer Kriegsverbrechen prahlerisch ins Netz stellen. Was bedeutet all das für humanitäre Helfende vor Ort, die Twitter & co mittlerweile nicht nur zur Spendenwerbung sondern auch zur Lagebewertung nutzen: Wie kann man in der Praxis damit umgehen, dass sich auf Twitter gegebenenfalls ein ganz anderes Bild zeichnet als vor Ort und vor allem: Welches davon ist näher an der Realität? Darum geht es in diesem Talk am Beispiel des Türkischen Überfalls auf Nord-Ost-Syrien, von Sebastian Jünemann und Ruben Neugebauer von der Hilfsorganisation Cadus, die vor Ort mit mehreren, im wesentlichen medizinischen Projekten aktiv war, sowie Fee Baumann von der Organisation Heyvasor a Kurd, dem kurdischen roten Halbmond. Außerdem werden wir klären wie man sich per Selfie bequem ins Jenseits befördern kann und was sonst noch so für die persönliche Sicherheit zu beachten ist, im Umgang mit modernen Medien in Kriegsgebieten. false Ruben Neugebauer Sebastian Jünemann Cadus https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10993.html /system/events/logos/000/010/993/large/Screenshot_2019-12-15_23.38.02.jpg?1576449509 2019-12-27T14:10:00+01:00 14:10 01:00 Borg 36c3-10993-vom_ich_zum_wir Gesellschaftlicher Wandel in den Reden im Bundestag Ethics, Society & Politics lecture de Ein von Zeit Online entwickeltes Tool macht es möglich, die Plenarprotokolle des Bundestags grafisch und inhaltlich auszuwerten, und zwar seit seiner ersten Sitzung 1949 bis heute. In den 200 Millionen Wörtern zeigen sich historische Zäsuren, sie machen gesellschaftliche und sprachliche Entwicklungen sichtbar: Wie ernst nahm der Bundestag in den vergangenen Jahren den Klimawandel? Wie häufig redeten die Abgeordneten über Datenschutz, über Arbeitslosigkeit, über Rechtsextremismus, über Geflüchtete? Es wird sichtbar und vergleichbar, zu welchem Zeitpunkt welche Themen debattiert wurden, wie sich die politische Aufmerksamkeit über die Jahre verändert hat. Und die Daten belegen, wie die Sprache selbst sich verändert, nicht nur weil neue Themen aufkommen, sondern auch weil sich der Sprachgebrauch wandelt. Am Ende kann das Publikum selbst Wörter vorschlagen und versuchen, die entsprechenden Graphiken zu interpretieren. Die Protokolle des Bundestags decken einen Zeitraum von siebzig Jahren ab. In dieser Zeit hat sich die Bundesrepublik stark verändert und damit natürlich auch die im Bundestag verwendete Sprache. Manche Dinge sind trivial, z.B. dass Flüchtlinge einst Vertriebene waren oder dass mit Computernetzen zusammenhängende Wörter erst in neuerer Zeit auftauchen. Andere überraschen, z.B. dass seit der Wiedervereinigung mehr von Ostdeutschen als von Westdeutschen gesprochen wird. Anhand von einschlägigen Beispielen wollen wir erläutern, wie sich Sprache und mit ihr Politik verändert hat. Wir untersuchen die Rhetorik alter und neuer Rechter, die Rhetorik des "Marktes", der Krisen und natürlich auch die des gepflegten Beschimpfens. Mit dem Tool lässt sich zeigen, welche Debatten groß und wortreich geführt wurden, welche klein und unbedeutend blieben, obwohl es vielleicht wichtig gewesen wäre, über die Themen zu debattieren. Die Sprache ist somit der Zugang zur Analyse der Politik des Parlaments. Woher stammen unsere Daten? Wir haben die Protokolle aller Sitzungen des Deutschen Bundestages analysiert: 4.217 Protokolle aus 19 Legislaturperioden, insgesamt rund 200 Millionen Wörter. Sie stammen aus dem Open Data Portal des Bundestages. Jede Sitzung wird dort von Stenografen genau dokumentiert und auf diesem Portal veröffentlicht. Unsere Auswertung beginnt mit der ersten Sitzung am 7. September 1949 und endet mit der letzten Sitzung vor der Sommerpause 2019 — der Sondersitzung zur Vereidigung von Annegret Kramp-Karrenbauer als Verteidigungsministerin am 24. Juli 2019. false maha Kai Biermann https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10832.html 2019-12-27T16:10:00+01:00 16:10 01:00 Borg 36c3-10832-how_to_break_pdfs Breaking PDF Encryption and PDF Signatures Security lecture en PDF is the most widely used standard for office documents. Supported by many desktop applications, email gateways and web services solutions, are used in all sectors, including government, business and private fields. For protecting sensitive information, PDFs can be encrypted and digitally signed. Assumed to be secure for 15 years, our talk reveals how to break PDF Encryption and how to break PDF Signatures. We elaborated novel attacks leading to critical vulnerabilities in all PDF viewers, most notably in Adobe, Foxit, and Okular. As a result, an attacker can retrieve the plaintext of encrypted PDFs without knowing the password and manipulate the content of digitally signed PDFs arbitrarily while a victim is unable to detect this. The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. It is used to store sensitive information like contracts and health records. To protect this information PDF documents can be encrypted or digitally signed. Thus, confidentiality, authenticity, integrity, and non-repudiation can be achieved. In our research, we show that none of the PDF viewers achieve all of these goals by allowing an attacker to read encrypted content without the password or to stealthily modify the signed content. We analyze the PDF encryption specification and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. In addition, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. All findings have been responsibly disclosed, and the affected vendors were supported during fixing the issues. Our research on PDF security is also available online at https://www.pdf-insecurity.org/. false Fabian Ising Vladislav Mladenov PDF Insecurity Website PDF Signatures Paper PDF Encryption Paper https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11241.html 2019-12-27T17:30:00+01:00 17:30 01:00 Borg 36c3-11241-from_managerial_feudalism_to_the_revolt_of_the_caring_classes David Graeber Art & Culture lecture One apparent paradox of the digitisation of work is that while productivity in manufacturing is skyrocketing, productivity in caring professions (health, education) is actually declining - sparking a global wave of labour struggle. Existing economic paradigms blind us to understanding how economies have come to be organised. We meed an entirely new discipline, based on a different set of values. false David Graeber https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10694.html 2019-12-27T18:50:00+01:00 18:50 01:00 Borg 36c3-10694-intel_management_engine_deep_dive Understanding the ME at the OS and hardware level Security lecture en Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC. The Intel Management Engine, a secondary computer system embedded in modern chipsets, has long been considered a security risk because of its black-box nature and high privileges within the system. The last few years have seen increasing amounts of research into the ME and several vulnerabilities have been found. Although limited details were published about these vulnerabilities, reproducing exploits has been hard because of the limited information available on the platform. The ME firmware is the root of trust for the fTPM, Intel Boot Guard and several other platform security features, controlling it allows overriding manufacturer firmware signing, and allows implementing many background management features. I have spent most of past year reverse engineering the OS, hardware and links to the host (main CPU) system. This research has led me to create custom tools for manipulating firmware images, to write an emulator for running ME firmware modules under controlled circumstances and allowed me to replicate an unpublished exploit to gain code execution. In this talk I will share the knowledge I have gathered so far, document my methods and also explain how to go about a similar project. I also plan to discuss the possibility of an open source replacement firmware for the Management Engine. The information in this talk covers ME version 11.x, which is found in 6th and 7th generation chipsets (Skylake/Kabylake era), most of the hardware related information is also relevant for newer chipsets. false Peter Bosch Introduction the the Management Engine OS, Part 1 Introduction the the Management Engine OS, Part 2 https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10505.html 2019-12-27T20:50:00+01:00 20:50 01:00 Borg 36c3-10505-the_great_escape_of_esxi Breaking Out of a Sandboxed Virtual Machine Security lecture en VMware ESXi is an enterprise-class, bare-metal hypervisor developed by VMware for deploying and serving virtual computers. As the hypervisor of VMware vSphere, which is the world's most prevailing, state-of-the-art private-cloud software, ESXi plays a core role in the enterprise's cloud infrastructure. Bugs in ESXi could violate the security boundary between guest and host, resulting in virtual machine escape. While a few previous attempts to escape virtual machines have targeted on VMware workstation, there has been no public VMware ESXi escape until our successful demonstration at GeekPwn 2018. This is mainly due to the sandbox mechanism that ESXi has adopted, using its customized filesystem and kernel. In this talk, we will share our study on those security enhancements in ESXi, and describe how we discover and chain multiple bugs to break out of the sandboxed guest machine. During the presentation, we will first share the fundamentals of ESXi hypervisor and some of its special features, including its own customized bootloader, kernel, filesystem, virtual devices and so on. Next, we will demonstrate the attack surfaces in its current implementations and how to uncover security vulnerabilities related to virtual machine escape. In particular, we will anatomize the bugs leveraged in our escape chain, CVE-2018-6981 and CVE-2018-6982, and give an exhaustive delineation about some reliable techniques to manipulate the heap for exploitation, triggering arbitrary code execution in the host context. Meanwhile, due to the existence of sandbox mechanism in ESXi, code execution is not enough to pop a shell. Therefore, we will underline the design of the sandbox and explain how it is adopted to restrict permissions. We will also give an in-depth analysis of the approaches leveraged to circumvent the sandbox in our escape chain. Finally, we will provide a demonstration of a full chain escape on ESXi 6.7. false f1yyy https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10942.html /system/events/logos/000/010/942/large/Bildschirmfoto_2019-12-27_um_15.49.38.png?1577458285 2019-12-27T22:10:00+01:00 22:10 01:00 Borg 36c3-10942-uncover_understand_own_-_regaining_control_over_your_amd_cpu Security lecture en The AMD Platform Security Processor (PSP) is a dedicated ARM CPU inside your AMD processor and runs undocumented, proprietary firmware provided by AMD. It is a processor inside your processor that you don't control. It is essential for system startup. In fact, in runs before the main processor is even started and is responsible for bootstrapping all other components. This talk presents our efforts investigating the PSP internals and functionality and how you can better understand it. Our talk is divided into three parts: The first part covers the firmware structure of the PSP and how we analyzed this proprietary firmware. We will demonstrate how to extract and replace individual firmware components of the PSP and how to observe the PSP during boot. The second part covers the functionality of the PSP and how it interacts with other components of the x86 CPU like the DRAM controller or System Management Unit (SMU). We will present our method to gain access to the, otherwise hidden, debug output. The talk concludes with a security analysis of the PSP firmware. We will demonstrate how to provide custom firmare to run on the PSP and introduce our toolchain that helps building custom applications for the PSP. This talk documents the PSP firmware's proprietary filesystem and provides insights into reverse-engineering such a deeply embedded system. It further sheds light on how we might regain trust in AMD CPUs despite the delicate nature of the PSP. false Robert Buhren Alexander Eichner Christian Werling Presentation slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10936.html 2019-12-27T23:30:00+01:00 23:30 01:00 Borg 36c3-10936-inside_the_fake_like_factories How thousands of Facebook, You Tube and Instagram pages benefited from purchased likes and how we reverse engineered facebooks user IDs Ethics, Society & Politics lecture en This talk investigates the business of fake likes and fake accounts: In a world, where the number of followers, likes, shares and views are worth money, the temptation and the will to cheat is high. With some luck, programming knowledge and persistence we obtained thousands of fanpages, You Tube and Instagram account, where likes have been bought from a Likes seller. We were also able to meet people working behind the scenes and we will prove, that Facebook is a big bubble, with a very high percentage of dead or at least zombie accounts. The talk presents the methodology, findings and outcomes from a team of scientists and investigative journalists, who delved into the parallel universe of Fake Like Factories. When you hear about fake likes and fake accounts, you instantly think of mobile phones strung together in multiple lines in front of an Asian woman or man. What if we tell you, that this is not necessarily the whole truth? That you better imagine a ordinary guy sitting at home at his computer? In a longterm investigation we met and talked to various of these so called “clickworkers” - liking, watching, clicking Facebook, You Tube and Instagram for a small amount of money the whole day in their living room. Fortuitously we could access thousand campaigns, Facebook Fanpages, You Tube videos or Instagram accounts. Thousands of websites and accounts, for which somebody bought likes in the past years. But we did not stop the investigation there: We dived deeper into the Facebook Fake Accounts and Fake Likes universe, bought likes at various other Fake Likes sellers. To get the big picture, we also developed a statistical method to calculate the alleged total number of Facebok User IDs, with surprising results. false @sveckert Dennis Tatang pkreissel https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10690.html /system/events/logos/000/010/690/large/logo_4x.png?1571748219 2019-12-27T11:30:00+01:00 11:30 01:00 Clarke 36c3-10690-open_source_is_insufficient_to_solve_trust_problems_in_hardware How Betrusted Aims to Close the Hardware TOCTOU Gap Hardware & Making lecture en While open source is necessary for trustable hardware, it is far from sufficient. This is because “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. This talk helps us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk about ways to potentially close the TOCTOU gap, concluding with a curated set of verifiable components that we are sharing as an open source mobile communications platform – a kind of combination hardware and software distribution – that we hope can be useful for developing and deploying all manner of open platforms that require a higher level of trust and security. The inconvenient truth is that open source hardware is precisely as trustworthy as closed source hardware. The availability of design source only enables us to agree that the designer’s intent can be trusted and is likely correct, but there is no essential link between the hardware design source and the piece of hardware on your desk. Thus while open source is necessary for trustable hardware, it is far from sufficient. This is quite opposite from the case of open source software thanks to projects like Reproducible Builds, where binaries can be loaded in-memory and cryptographically verified and independently reproduced to ensure a match to the complete and corresponding source of a particular build prior to execution, thus establishing a robust link between the executable and the source. Unfortunately, “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. Even if you thoroughly inspect the design source, the factory could modify the design. Even if you audit the factory, the courier delivering the hardware to your desk could insert an implant. Even if you carried the hardware from the factory to your desk, an “evil maid” could modify your machine. This creates an existential crisis for trust – how can we know our secrets are safe if the very hardware we use to compute them could be readily tainted? This talk addresses the elephant in the room by helping us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk about ways to potentially close the TOCTOU gap. When thinking about hardening a system against supply chain attacks, every component – from the CPU to the keyboard to the LCD – must be considered in order to defend against implanted screen grabbers and key loggers. At every level, a trade-off exists between complexity and the feasibility of non-destructive end-user verification with minimal tooling: a system simple enough to be readily verified will not have the equivalent compute power or features of a smartphone. However, we believe that a verifiable system should have adequate performance for a select range of tasks that include text chats, cryptocurrency wallets, and voice calls. Certain high-risk individuals such as politicians, journalists, executives, whistleblowers, and activists may be willing to use a device that forgoes bells and whistles in exchange for privacy and security. With this in mind, the <https://betrusted.io>Betrusted</a> project brings together a curated set of verifiable components as an open source mobile communications platform - a combination open source hardware and software distribution. We are sharing Betrusted with the community in the hopes that others may adopt it as a reference design for developing and deploying all manner of open platforms that require a higher level of trust and security. false bunnie Sean "xobs" Cross Tom Marble https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10852.html /system/events/logos/000/010/852/large/UBA_Koop_4c_neg.jpg?1572008955 2019-12-27T12:50:00+01:00 12:50 01:00 Clarke 36c3-10852-wie_klimafreundlich_ist_software Einblicke in die Forschung und Ausblick in die Umweltzertifizierung! Resilience & Sustainability lecture de Das Umweltbundesamt hat in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es ermöglichen, die Inanspruchnahme von natürlichen Ressourcen durch Software zu reduzieren. Im Vortrag wollen Marina Köhn (Umweltbundesamt) und Dr. Eva Kern (Umwelt-Campus Birkenfeld) die Messergebnisse aus dem Labor der Forschung präsentieren und die entwickelte Methode des Forschungsprojektes erläutern. Weiterhin möchten wir die Inhalte des geplanten Umweltzeichens für Software vorstellen. Das Zusammenwirken von Hard- und Software, also zum Beispiel von Computer und Betriebssystem, ist vergleichbar mit einem Buch und dem Inhalt des Buches. Fehlt ein Teil dieser Einheit, ist der Bestimmungszweck nicht mehr gegeben. Ein Computer ist zusammengesetzt aus verschiedenen Komponenten, die unterschiedliche Aufgaben wahrnehmen. Die Software ist die Logik, die das Ausführen dieser Aufgaben ermöglicht. Zwar ist Software, ähnlich wie Wissen, immateriell, jedoch benötigt sie die Hardwareressourcen, um existieren zu können. Softwareprodukte sind somit ein wesentlicher Bestandteil der Informations- und Kommunikationstechnik (IKT). In den letzten Jahren wurden einige Anstrengungen unternommen, um die IKT nachhaltiger zu gestalten. Beispielsweise wurden die Energieeffizienz der IKT-Produkte gesteigert, Anforderungen an das Energiemanagement der Geräte gestellt und neue ressourcenschonende Hardwarearchitekturen entwickelt. Konkrete Anforderungen an das Design und die Programmierung von Soft-ware, die die Energieeffizienz der Hardware unterstützen, sind bisher nicht vorhanden. Obwohl Hardware und Software, wie oben erläutert, eine Einheit bilden und die Art und Weise der Softwarearchitektur und -programmierung große Auswirkung auf den entsprechenden Hardwarebedarf haben, fehlen konkrete Anforderungen. Das Fehlen der Anforderungen an Softwareprodukten hat zur Folge, dass die Energieeffizienzgewinne der Hardware durch ineffiziente Software oder schlechte Softwarekonzepte nicht oder nur teilweise zum Tragen kommen. Vor diesem Hintergrund hat das Umweltbundesamt in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es ermöglichen, die Inanspruchnahme von natürlichen Ressourcen durch Software zu reduzieren. Im Forschungsprojekt „Entwicklung und Anwendung von Bewertungsgrundlagen für ressourceneffiziente Software unter Berücksichtigung bestehender Methodik“ des Umweltbundesamtes (UBA 2018) wurde zusammen mit dem Öko-Institut, den Umwelt-Campus Birkenfeld und der ETH Zürich eine Bewertungsmethodik entwickelt, anhand derer der Energiebedarf, die Inanspruchnahme von Hardware-Ressourcen sowie weitere umweltbezogene Eigenschaften von Softwareprodukten ermittelt werden können. Der Vergleich verschiedener Softwareprodukte mit gleicher Funktionalität macht deutlich, dass es teils erhebliche Unterschiede zwischen den Produkten gibt. Bei der Ausführung eines Standardnutzungsszenario werden die Unterschiede der Energieeffizienz zwischen den Softwareprodukten erkennbar. Dies ist vor allem vor dem Hintergrund relevant, dass die übermäßige Beanspruchung von Hardware dazu führt, dass die Pro-grammausführung länger dauert und es im schlimmsten Fall dazu führt, dass diese vermeintlich langsame Hardware ausgemustert und durch neue, schnellere Hardware ersetzen wird. Labels und Zertifizierungen, wie es sie seit langem schon für den Bereich der Hardware existieren, gibt es im Softwarebereich jedoch nicht. Das ändert sich demnächst! Wir haben erfolgreich Kriterien für das Umweltzeichen Blauer Engel für energie- und ressourcensparende Software entwickelt. Wir hoffen, dass wir mit dem Umweltzeichen eine Debatte über umweltverträgliche Software auslösen werden und wir hoffen, dass viele Software-Entwickler*innen und Hersteller von Software sich zukünftig an diese Kriterien orientieren. false Marina Köhn Eva Kern Wie klimafreundlich ist Software? - Einblicke in die Forschung und Ausblick in die Zertifizierung! https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11119.html 2019-12-27T14:10:00+01:00 14:10 01:00 Clarke 36c3-11119-energiespeicher_von_heute_fur_die_energie_von_morgen Wohin eigentlich mit all der erneuerbaren Energie? Science lecture de Wir verlassen uns in unserem Alltag permanent auf die Verfügbarkeit von elektrischer Energie. Aber wenn wir vom dauerhaften Betrieb von Kraftwerke, die fossile Energieträger verbrennen, wie stellen wir die Versorgung sicher, wenn nachts kein Wind weht? Elektrolyse oder Pumpspeicherkraftwerk? Superkondensatoren oder mechanische Speicher? Was geht heute überhaupt schon? Ähnlich unklar ist die Zukunft der Mobilität, wenn Verbrennungsmotoren von unseren Straßen verschwinden sollen. Batteriefahrzeug oder Wasserstoffauto? Und bekommt man sein Fahrzeug überhaupt so schnell vollgetankt wie heute mit Benzin? Als eins der größeren Probleme stellt sich die Bereitstellung elektrischer Energie für unsere hoch technologisierte Welt dar. Der Beitrag der aus erneuerbaren Energiequellen gewonnenen elektrischen Energie ist in den letzten Jahrzehnten beständig gestiegen, aber dennoch bleibt ein Problem: wie stellen wir Energie bereit, wenn keine Sonne scheint und kein Wind weht? Ein Überblick über bekannte und weniger bekannte Energiespeicher soll erleichtern, aktuelle Diskussionen der Energie- und Klimapolitik zu verstehen und einzuordnen. Batterien und Akkus liefern seit vielen Jahrzehnten den Strom für vor allem tragbare Geräte: Die allgegenwärtige, nicht wiederaufladbare Alkali-Mangan-Batterie speist Uren, Fernbedienungen, Taschenlampen und Geräte aller Art. Speziell die wiederaufladbare Lithium-Ionen-Batterie hat unsere moderne Welt revolutioniert, aus gutem Grund wurde diese Entwicklung dieses Jahr mit dem Nobelpreis in Chemie ausgezeichnet. Wird diese Technologie die Zukunft der Elektromobilität sein, und den überschüssigen Solarstrom speichern, um ihn nachts wieder zur Verfügung zu stellen? Oder sollte die kaum bekannte Natriumsulfid Batteriechemie der bessere Kandidat sein? Wie macht man aus Solarstrom Wasserstoff, und wie speichert man diesen? Lohnt sich das überhaupt, und wenn ja, wie bekommt man daraus wieder elektrische Energie erzeugt? Aktuell tobt eine erbitterte Debatte, ob die Elektromobilität in Zukunft nun auf reinen Batteriebetried setzen sollte, oder doch das Wasserstoffauto das Rennen machen soll. Gibt es eine klare Antwort darauf, und wie sind die jeweiligen Beiträge von Wissenschaft, Wirtschaft, Politik und Ethik? false Sebastian Pischel https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10760.html 2019-12-27T16:10:00+01:00 16:10 01:00 Clarke 36c3-10760-the_large_hadron_collider_infrastructure_talk Science lecture en The Large Hadron Collider (LHC) is the biggest particle accelerator on Earth. It was built to study matter in more detail than ever before and prove physical theories like the Standard Model of Particle Physics. This talk will focus on the engineering aspects of LHC. How was it built? What makes it tick? Which technologies are needed to create a such powerful machine? This talk will take you on a journey to explore how the most complex machine ever built by humans works. During previous CCCs, several talks described what kind of data the experiments of LHC look out for, how the data is stored, how physicists are analysing data and how they extract their huge discoveries. Often times though, the presence of the particle accelerator itself is taken for granted in light of these findings. That's why this talk will give an in-depth engineering summary about that 'particle accelerator'. We'll shed light on the big technology and engineering problems that had to be solved before being able to build a machine that we take for granted these days. Among other things, we will describe how to cool down several thousand tons of magnets to -271.25°C, how to safely dissipate ~500 MegaJoule of energy in just a fraction of a second, or how to bend a beam of particles around a corner while it's moving along with ~99,9999991% of the speed of light. Of course, we'll also touch on the bits that make collecting the data gathered in all the physics detectors possible in the first place. false sev thasti https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11008.html 2019-12-27T17:30:00+01:00 17:30 01:00 Clarke 36c3-11008-server_infrastructure_for_global_rebellion Resilience & Sustainability lecture en In this talk Julian will outline his work as sysadmin, systems and security architect for the climate and environmental defense movement Extinction Rebellion. Responsible for 30 server deployments in 11 months, including a community hub spanning dozens of national teams (some of which operate in extremely hostile conditions), he will show why community-owned free and open source infrastructure is mission-critical for the growth, success and safety of global civil disobedience movements. An extension of an earlier talk at C-Base Berlin, Julian will give an overview of his own discoveries, platform choices, successes and mistakes meeting the needs of 5-figure at-risk server memberships, from geo-political and legal challenges, to arrest opsec and uptime resilience in the face of powerful adversaries driving attacks on infrastructure and seized activist devices spanning many countries before and during periods of mass civil disobedience. In particular the talk is a call for all sysadmins, opsec and infosec professionals and enthusiasts to rise up and join the fight for current and future generations of all life. false Julian Oliver https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11236.html 2019-12-27T18:50:00+01:00 18:50 01:00 Clarke 36c3-11236-the_internet_of_rubbish_things_and_bodies A review of the best art & tech projects from 2019. With a focus on e-waste Art & Culture lecture en Once you start looking at electronic trash you see it everywhere: in laptops of course but also increasingly in cars, fridges, even inside the bodies of humans and other animals. The talk will look at how artists have been exploring the e-junk invasion. Régine Debatty is a curator, critic and founder of http://we-make-money-not-art.com/, a blog which has received numerous distinctions over the years, including two Webby awards and an honorary mention at the STARTS Prize, a competition launched by the European Commission to acknowledge "innovative projects at the interface of science, technology and art". Régine writes and lectures internationally about the way artists, hackers, and designers use science and technology as a medium for critical discussion. She also created A.I.L. (Artists in Laboratories), a weekly radio program about the connections between art and science for Resonance104.4fm in London (2012–14), is the co-author of the “sprint book” New Art/Science Affinities, published by Carnegie Mellon University (2011) and is currently co-writing a book about culture and artificial intelligence. false Régine Débatty https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10766.html 2019-12-27T20:50:00+01:00 20:50 01:00 Clarke 36c3-10766-digitalisierte_migrationskontrolle Von Handyauswertung, intelligenten Grenzen und Datentöpfen Ethics, Society & Politics lecture de Die sogenannten digitalen Assistenzsysteme des BAMF, „intelligente Grenzen“ in der EU und immer größer werdende Datenbanken: Wer ins Land kommt und bleiben darf, wird immer mehr von IT-Systemen bestimmt. Davon profitiert die Überwachungsindustrie, während Menschen von automatisierten Entscheidungen abhängig werden. Deutschland hat in den letzten Jahren massiv in Technik investiert, um Asylverfahren zu digitalisieren. Biometrische Bilder mit Datenbanken abgleichen, Handys ausgelesen und analysieren, Sprache durch automatische Erkennungssysteme schleifen. Ganz abgesehen von der Blockchain, die alles noch besser machen soll. Doch nicht nur in Deutschland werden zum Zweck der Migrationskontrollen immer mehr Daten genutzt. In Norwegen werden Facebook-Profile Geflüchteter ausgewertet, in Dänemark sogar USB-Armbänder. Die Grenzagentur Frontex soll für „intelligente Grenzen“ sorgen, Datenbanken werden EU-weit ausgebaut und zusammengelegt. Rechtschutzmechanismen versagen größtenteils. Worum es dabei geht? Schnellere Abschiebungen. Wer davon profitiert? Die Überwachungsindustrie. In Vorbereitung von Klageverfahren bringt die Gesellschaft für Freiheitsrechte e.V. (GFF) gemeinsam mit der Journalistin Anna Biselli im Laufe des Dezembers eine Studie heraus, die sich diesem Thema genauer widmet. Die Ergebnisse der Studie wollen Lea Beckmann und Anna Biselli gemeinsam vorstellen und kontextualisieren. Anna Biselli ist Informatikerin und Journalistin und arbeitet seit Jahren zu Fragen der Digitalisierung von Migrationskontrolle. Lea Beckmann ist Juristin und Verfahrenskoordinatorin der Gesellschaft für Freiheitsrechte e.V. (GFF). Die GFF ist eine NGO, die durch strategische Gerichtsverfahren Grund- und Menschenrechte stärkt und zivilgesellschaftliche Partnerorganisationen rechtlich unterstützt. In vielen ihrer Verfahren setzt sich die GFF dabei für Datenschutz und einen verantwortungsvollen Einsatz von Technologie und gegen Diskriminierung ein. false Anna Biselli Lea Beckmann Handyauslesung bei Asylsuchenden https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11031.html /system/events/logos/000/011/031/large/Logo.jpeg?1577136387 2019-12-27T22:10:00+01:00 22:10 01:00 Clarke 36c3-11031-the_kgb_hack_30_years_later Looking back at the perhaps most dramatic instance of hacking of the 1980s and the role it had in shaping the public image of the CCC. Ethics, Society & Politics lecture en This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst). This talk aims to focus on the uncovering of the KGB Hack, which began in 1986 when Clifford Stoll, a systems administrator at the University of California in Berkeley, noticed an intruder in his laboratory’s computer system – and, unlike other admins of the time, decided to do something about it. It took three more years of relentless investigation on Stoll’s part and laborious convincing of the authorities of the United States and the Federal Republic of Germany to trace back the intruder to a group of young men loosely connected to the CCC who worked with the KGB, selling information gained from breaking into US military computers to the Soviet Union. In March of 1989, the widely watched West-German television news program "ARD Im Brennpunkt" informed the public of the “biggest instance of espionage since the Guillaume affair”. It presented a new quality of high tech espionage, undertaken by “computer freaks”, somewhat shady-seeming young men connected to the Chaos Computer Club. The reporting on the KGB Hack had a tremendously negative effect on the public image of hackers in general and the CCC in particular. Now the “computer freaks” were no longer seen as benevolent geeks who pointed out flaws in computer systems - they were criminals, working with the Russians, harming their own country. Sounds familiar? It’s an image which has been lingering until today. false Anja Drephal ARD im Brennpunkt, 02/03/89 "The KGB, The Computer, and Me" (1990 documentary on Clifford Stoll) "Vor 30 Jahren – der KGB-Hack fliegt auf" (German news article) "Von den Anfängen des Cyberwars" (Deutschlandfunk Kultur) Obituary for Karl Koch (1990, German, contains contemporary news articles) "Stalking the Wily Hacker" (paper by Clifford Stoll) "Still Stalking the Wily Hacker" (CTI Summit Keynote 2017) Chaosradio Express 100: Das Internet und die Hacker Slides Intro Video https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10639.html /system/events/logos/000/010/639/large/D-KgqbLWkAAJGbh_r.jpg?1572123608 2019-12-27T23:30:00+01:00 23:30 01:00 Clarke 36c3-10639-let_s_play_infokrieg Wie die radikale Rechte (ihre) Politik gamifiziert Ethics, Society & Politics lecture de Manche Spiele will man gewinnen, andere will man einfach nur spielen. Bei vielen Spielen will man beides. Spielen macht Spaß. Gewinnen auch. Warum also nicht immer und überall spielen? Warum nicht Politik spielen wie einen Multiplayer-Shooter? Mit motivierten Kameraden und ahnungslosen Gegnern? Mit zerstörbarer Umgebung, erfolgreichen Missionen und zu erobernden Flaggen? Teile der radikalen Rechten tun das mit Erfolg. Der Vortrag schaut sich einige Beispiele aus Deutschland und den USA näher an. Wir sprechen von “Spielifizierung”, wenn typische Elemente von Spielmechaniken genutzt werden, um in spielfremden Kontexten motivationssteigernd zu wirken. Während diese Strategie vor allem wirtschaftlich genutzt wird, um Kundenbindung und Mitarbeiterproduktivität zu erhöhen, ist sie auch zu einem zunehmend wichtigen Teil politischer Kultur geworden. Insbesondere Online-Communities verwenden Spielelemente, Memes/Lore und spielnahe Unterhaltungsformate, um ihre sozialen Beziehungen und jene zur Realität zu gestalten und zu strukturieren. Innerhalb solcher Beziehungen war es nur eine Frage der Zeit, bis archetypische NPCs wie der gewöhnliche Troll sich zu Lone-Wolf-Spielercharakteren entwickeln, Rudel bilden und sich in einem stetig wachsenden und ausdifferenzierenden System von Gilden und meritokratischen Jagdverbänden organisieren würden. Die Politisierung solcher neuer Stammesgesellschaften ist eine logische Konsequenz dieser Evolution. Der Vortrag beleuchtet einerseits den US-kulturellen Hintergrund des Feldes: von der Spielmetapher als legitimierenden Rahmen in der “Manosphere”, “#Gamergate” und Operationen der chan-übergreifenden /pol/-Community. Andererseits sucht er Strategien, die darauf abzielen, Teile des politischen Diskurses zu “gamen”, zu kapern und zu verstärken, auch in deutscher Trollkultur auf, vom genreprägenden “Drachengame” bis zu explizit politischen Initiativen wie “Reconquista Germanica”... und dem live gestreamten Terror einer neuen faschistischen Subkultur. false Arne Vogelgesang https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11172.html /system/events/logos/000/011/172/large/mirageos.png?1574601183 2019-12-27T11:30:00+01:00 11:30 01:00 Dijkstra 36c3-11172-leaving_legacy_behind Reducing carbon footprint of network services with MirageOS unikernels Security lecture en Is the way we run services these days sustainable? The trusted computing base -- the lines of code where, if a flaw is discovered, jeopardizes the security and integrity of the entire service -- is enormous. Using orchestration systems that contain millions of lines of code, and that execute shell code, does not decrease this. This talk will present an alternative, minimalist approach to secure network services - relying on OCaml, a programming language that guarantees memory safety - composing small libraries (open source, permissively licensed) to build so-called MirageOS unikernels -- special purpose services. Besides web services, other digital infrastructure such as VPN gateway, calendar server, DNS server and resolver, and a minimalistic orchestration system, will be presented. Each unikernel can either run as virtual machine (KVM, Xen, BHyve, virtio), as a sandboxed process (seccomp which whitelists only 8 system calls), or in smaller containments (GenodeOS, muen separation kernel) -- even a prototypical ESP32 backend is available. Starting with an operating system from scratch is tough, lots of engineering hours have been put into the omnipresent ones. Reducing the required effort by declaring certain subsystems being out of scope -- e.g. hardware drivers, preemptive multitasking, multicore -- decreases the required person-power. The MirageOS project started as research project more than a decade ago at the University of Cambridge, as a minimal guest for Xen written in the functional programming language OCaml. Network protocols (TCP/IP, DHCP, TLS, DNS, ..), a branchable immutable store (similar and interoperable with git) are available. The trusted computing base is roughly two orders of magnitude smaller than contemporary operating systems. The performance is in the same ballpark as conventional systems. The boot time is measured in milliseconds instead of seconds. Not only the binary size of a unikernel image is much smaller, also the required resources are smaller: memory usage easily drops by a factor of 25, CPU usage drops by a factor of 10. More recently we focused on deployment: integration of logging, metrics (influx, grafana), an orchestration system (remote deployment via a TLS handshake, offers console access and an event log) for multi-tenant systems (policies are encoded in the certificate chain). We are developing, mostly thanks to public funding, various useful services: a CalDAV server storing its content in a remote git repository, an OpenVPN client and server, DNS resolver and server (storing zone files in a remote git repository) with let's encrypt integration, a firewall for QubesOS, image viewer mainly for QubesOS, ... The experience while developing such a huge project is that lots of components can be developed and tested by separate groups - and even used in a variety of different applications. The integration of the components is achieved in a type-safe way with module types in OCaml. This means that lots of errors are caught by the compiler, instead of at runtime. false Hannes Mehnert MirageOS website Blog with articles and tutorials robur OCaml slides.7.pdf https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10703.html /system/events/logos/000/010/703/large/archimedes-switcher.png?1571782840 2019-12-27T12:50:00+01:00 12:50 01:00 Dijkstra 36c3-10703-the_ultimate_acorn_archimedes_talk Everything about the Archimedes computer (with zero 'Eureka!' jokes) Hardware & Making lecture en This talk will cover everything about the Acorn Archimedes, a British computer first released in 1987 and (slightly) famous for being the genesis of the original ARM processor. The Archimedes was designed by Acorn in the UK in the mid-1980s, and was released in late 1987 with massive performance for its medium price (and, with the first OS, a hangover-coloured GUI). The machine isn't widely known outside Europe. Even in the UK, it was released just as the IBM PC was taking over, so remained niche. It was built from scratch with four purpose-designed chips, the ARM, the VIDC, the MEMC and the IOC. Looking at each chip, we'll take a hardware and software tour through what is one of the most influential yet little-known modern computers. The talk will detail the video, sound, IO and memory management hardware, alongside the original ARM processor which is quite different to what we have today. The Arc was a pleasure to program, both simple and fast, and we'll look at its software including the quirky operating systems that made the Arc tick, from Arthur to RISC OS and Acorn's mysterious BSD4.3 UNIX, RISCiX. The first models were followed by the lower-end A3000 in 1989, which looked similar to the the Amiga 500 or Atari STE but had around eight times the CPU performance: no sprites, no blitter, no Copper, no problem! ;-) This talk will also share insights from the original chipset designers, with a tour of prototype hardware and unreleased Archimedes models. The audience will get an appreciation for the Arc's elegant design, the mid-1980s birth of RISC processors, and the humble origins of the now-omnipresent ARM architecture. false Matt Evans https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10796.html /system/events/logos/000/010/796/large/3dbrew2.png?1571958345 2019-12-27T14:10:00+01:00 14:10 01:00 Dijkstra 36c3-10796-it_s_not_safe_on_the_streets_especially_for_your_3ds Exploring a new attack surface on the 3DS Security lecture en The 3DS is reaching end of life but has not revealed all its weaknesses yet. This talk will go through the process of reverse engineering an undocumented communication protocol and show how assessing hard-to-reach features yields dangerous results, including remote code execution exploits! <p>Embedded Devices are all around us, talking to each other in ways we often don't even realize. In this talk, we discuss how one such communication mechanism in the 3DS remained unexplored for over seven years as well as the vulnerabilities that were lying dormant as a result.</p> <p>We will explore specific features of the 3DS and talk about their low-level implementation details and about why they were not tested before. Besides, we will walk through the (lengthy) dev process involved in putting together this exploit, and the significant risks involved in devices (even game consoles) having this kind of vulnerability.</p> <p>Finally, we will demonstrate the attack in action.</p> <p>Since the talk will be a bit technical some basic knowledge about network protocols and software exploitation techniques is recommended, but it is aimed to be enjoyable for non-technical audiences as well.<br>One might also take a look at previous talks (32c3 and 33c3) about the 3ds for more in-depth background knowledge.</p> false nba::yoh 3DBrew Wiki Twiter 32c3 - Breaking the 3ds security system by smea, plutto and derrek 33c3 - Nintendo Hacking 2016 - Game Over by naehrwert, derrek and nedwill Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10717.html 2019-12-27T16:10:00+01:00 16:10 01:00 Dijkstra 36c3-10717-was_hat_die_psd2_je_fur_uns_getan Pleiten, Pech und Pannen in der Zahlungsdiensteregulierung Ethics, Society & Politics lecture de Seit dem 14. November ist die letzte Schonfrist zur Umsetzung der Europäischen Richtline 2015/2366 über Zahlungsdienste im Binnenmarkt (neudeutsch PSD2) verstrichen. Das hat erst vielen Banken viel Arbeit gemacht, und macht jetzt vielen Kunden viel Ärger. Warum eigentlich? Dieser Vortrag gibt einen Überblick über die Hintergründe der Zahlungsdiensterichtlinie, das was sie bewirken sollte, und das was sie tatsächlich bewirkt. Der Sicht aus der Regulierungsperspektive wird die tatsächliche Erfahrung als Anwender, und als Entwickler von Open-Source-Software gegenübergestellt. false Henryk Plötz https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10896.html 2019-12-27T17:30:00+01:00 17:30 01:00 Dijkstra 36c3-10896-climate_modelling The Science Behind Climate Reports Science lecture en When climate activists say you should listen to the science they usually refer to reports by the Intergovernmental Panel on Climate Change (IPCC). The IPCC is an Intergovernmental organization (IGO) providing an objective summary of scienctific results regarding climate change, its impacts and its reasons. The simulation of future climate is one fundamental pillar within climate research. But what is behind it? How does the science sector look like? How do we gain these insights, what does it mean? This lecture aims at answering these questions. In particular, it provides an overview about some basic nomenclature for a better understanding of what climate modelling is about.<br> The following topics will be addressed: <ul> <li>Who does climate modelling?<br> Which institutes, infrastructures, universities, initiatives are behind it and which are the conferences climate scientists go to. What background do climate scientists have? </li> <li>What is the difference between climate projections and weather predictions? Why is it called a climate projection and not climate prediction? While climate scientists are not able to predict weather at a specific date in a decade, why does it still make sense to propose general trends under certain conditions? </li> <li>What is a climate model, what is an impact model and what is the difference between these? What are components and features of the different kind of models? Here, some examples will be shortly presented (e.g.atmosphere, ocean, land, sea ice). </li> <li>Quite a few models are open source and freely accessible. If there is time I will shortly show you how you could install an impact model (example mHM) on your local PC. How accessible is the data used for the projections for the IPCC reports?</li> <li>Overview over the used infrastructure (for example JUWELS, a supercomputer in Jülich), programming languages, software components </li> </ul> false karlabyrinth https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11155.html 2019-12-27T18:50:00+01:00 18:50 01:00 Dijkstra 36c3-11155-mathematical_diseases_in_climate_models_and_how_to_cure_them Science lecture en Making climate predictions is extremely difficult because climate models cannot simulate every cloud particle in the atmosphere and every wave in the ocean, and the model has no idea what humans will do in the future. I will discuss how we are using the Julia programming language and GPUs in our attempt to build a fast and user-friendly climate model, and improve the accuracy of climate predictions by learning the small-scale physics from observations. Climate models are usually written in Fortran for performance reasons at the expense of usability, but this makes it hard to hack and improve existing models. Bigger supercomputers can resolve smaller-scale physics and help improve accuracy but cannot resolve all the small-scale physics so we need to take a different approach to climate modeling. In this talk I will discuss why modeling the climate on a computer is so difficult, and how we are using the Julia programming language to develop a fast and user-friendly climate model that is flexible and easy to extend. I will also discuss how we can leverage GPUs to embed high-resolution simulations within a global climate model to resolve and learn the small-scale physics allowing us to simulate the climate more accurately, as the the laws of physics will not change even if the climate does. false Ali Ramadhan Valentin Churavy Oceananigans.jl git repository Mathematical diseases in climate models and how to cure them https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10991.html /system/events/logos/000/010/991/large/sf4_logo_b.png?1572101990 2019-12-27T20:50:00+01:00 20:50 01:00 Dijkstra 36c3-10991-science_for_future What we can and need to change to keep climate change low - the scientist view Science lecture en This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle. The climate crisis is already existing and it is going to become worse. Looking at the pure facts of the changing climate, the acidication of the oceans, the slowly but steady rising of the sea level and the strengthening earth response effects, which make thing worse, it is hard to stay optimistic on the development of human kind on this planet. This lead to the largest social movement in Germany since the second world war fighting for a limitation of climate change to a maximum average temperature increase of 1.5°C. On the other hand, this movement is often disputed. Since the necessary changes are not liked by everyone, the engagement of especially students was attacked also by politicians – even declaring that they should leave such issues to the professionals. At this point scientist for future joined together to support the demands of the students and declare, „they are right“. This support is urgently needed. People have many open questions. The necessary changes are involving all societies in the world. In Germany, one of the most disputed topics is the field of energy, its generation, distribution and use. Is it actually possible to go for 100% renewable energies? What would this lead to? These are typical questions – which are not easy to answer. Other typical questions are more fundamental, since climate sceptics are increasing in their relevance and their social media outreach. Thus a lot of people encouter questions, they cannot answer. This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle. false Bernhard Stoevesandt Scientists for Future Presentation (with additional slides in German) https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10950.html /system/events/logos/000/010/950/large/logo_audio.png?1572083278 2019-12-27T22:10:00+01:00 22:10 01:00 Dijkstra 36c3-10950-warum_die_card10_kein_medizinprodukt_ist Was müssen Medizinproduktehersteller einhalten (und was nicht)? Hardware & Making lecture de Es soll grundlegend erklärt werden, nach welchen Kriterien Medizinprodukte entwickelt werden. Dazu werden die wichtigsten Regularien (Gesetze, Normen, ...) vorgestellt die von den Medizinprodukteherstellern eingehalten werden müssen. Diese regeln, was die Hersteller umsetzen müssen (und was nicht). Hier wird auch die Frage beantwortet, warum beispielsweise die Apple-Watch (oder genauer gesagt nur zwei Apps) ein Medizinprodukt sind aber die card10 nicht. Dieser Vortrag gibt Antworten auf die folgenden Fragen: <ul> <li>Was ist denn überhaupt ein Medizinprodukt?</li> <li>Was steht dazu im Gesetz?</li> <li>Was haben Normen damit zu tun?</li> <li>Was tun die Hersteller überlicherweise um diese Anforderungen umzusetzen?</li> <li>Wie sieht ein typischer Entwicklungsprozess aus?</li> <li>Wie sieht es mit Security und Safety aus?</li> <li>Warum sind Innovationen so schwer?</li> <li>Was passiert nach der Entwicklung?</li> <li>Wer überwacht das alles?</li> </ul> Es wird Schwerpunktmäßig die EU betrachtet um die Dauer des Vortrags nicht zu sprengen. false Phil Podcast - Medical Standard Time Präsentation https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10701.html 2019-12-27T23:30:00+01:00 23:30 01:00 Dijkstra 36c3-10701-select_code_execution_from_using_sqlite --Gaining code execution using a malicious SQLite database Security lecture en SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language. Using our innovative techniques of Query Hijacking and Query Oriented Programming, we proved it is possible to reliably exploit memory corruptions issues in the SQLite engine. We demonstrate these techniques a couple of real-world scenarios: pwning a password stealer backend server, and achieving iOS persistency with higher privileges. Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe. How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database… The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system. In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines. false OmerGull A detailed whitepaper of the vulnerabilities and exploitation technique 36C3-SQLite3-OmerGull.pdf https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11034.html /system/events/logos/000/011/034/large/icon_cropped.png?1577305720 2019-12-27T12:50:00+01:00 12:50 01:00 Eliza 36c3-11034-tales_of_old_untethering_ios_11 Spoiler: Apple is bad at patching Security lecture en This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution. This talk is about achieving unsigned code execution at boot on iOS 11 and using that to jailbreak the device, commonly known as "untethering". This used to be the norm for jailbreaks until iOS 9.1 (Pangu FuXi Qin - October 2015), but hasn't been publicly done since. I will unveil a yet unfixed vulnerability in the config file parser of a daemon process, and couple that with a kernel 1day for full system pwnage. I will run you through how either bug can be exploited, what challenges we faced along the way, and about the feasibility of building a kernel exploit entirely in ROP in this day and age, on one of the most secure platforms there are. false littlelailo https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11195.html /system/events/logos/000/011/195/large/icon.png?1572367132 2019-12-27T14:10:00+01:00 14:10 01:00 Eliza 36c3-11195-phyphox_using_smartphone_sensors_for_physics_experiments An open source project for education, research and tinkering Hardware & Making lecture en Modern smartphones offer a whole range of sensors like magnetometers, accelerometers or gyroscopes. The open source app "phyphox", developed at the RWTH Aachen University, repurposes these sensors as measuring instruments in physics education. When put into a salad spinner, the phone can acquire the relation of centripetal acceleration and angular velocity. Its barometer can be used to measure the velocity of an elevator. And when using two phones, it is easy to determine the speed of sound with a very simple method. In this talk, I will show these possibilities in demonstration experiments, discuss available sensors and their limitations and introduce interfaces to integrate phyphox into other projects. In this talk, the developer of the app "phyphox" at the RWTH Aachen University will first introduce how sensors in smartphones can be used to enable experimentation and data acquisition in physics teaching with several demonstrations on stage. Available sensors and their limitations will be discussed along with interfaces allowing the integration of phyphox into other project, either as a means to access sensor data or to display data from other sources. The app is open source under the GNU GPLv3 licence and available for Android (>=4.0) and iOS (>=8.0). It is designed around experiment configurations for physics education at school and university, allowing for a quick setup with a single tap. At the same time, these configurations may be modified by any user to set up customized sensor configurations along with data analysis and data visualization, defined in an XML format. These configurations are Turing complete and can easily be transferred via QR codes, so an experienced user (teacher) can create a specific configuration and allow less experienced users (students) to use it with ease. false Sebastian Staacks Example experiments https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10709.html 2019-12-27T16:10:00+01:00 16:10 01:00 Eliza 36c3-10709-a_deep_dive_into_unconstrained_code_execution_on_siemens_s7_plcs Security lecture en A deep dive investigation into Siemens S7 PLCs bootloader and ADONIS Operating System. Siemens is a leading provider of industrial automation components for critical infrastructures, and their S7 PLC series is one of the most widely used PLCs in the industry. In recent years, Siemens integrated various security measures into their PLCs. This includes, among others, firmware integrity verification at boot time using a separate bootloader code. This code is baked in a separated SPI flash, and its firmware is not accessible via Siemens' website. In this talk, we present our investigation of the code running in the Siemens S7-1200 PLC bootloader and its security implications. Specifically, we will demonstrate that this bootloader, which to the best of our knowledge was running at least on Siemens S7-1200 PLCs since 2013, contains an undocumented "special access feature". This special access feature can be activated when the user sends a specific command via UART within the first half-second of the PLC booting. The special access feature provides functionalities such as limited read and writes to memory at boot time via the UART interface. We discovered that a combination of those protocol features could be exploited to execute arbitrary code in the PLC and dump the entire PLC memory using a cold-boot style attack. With that, this feature can be used to violate the existing security ecosystem established by Siemens. On a positive note, once discovered by the asset owner, this feature can also be used for good, e.g., as a forensic interface for Siemens PLCs. The talk will be accompanied by the demo of our findings. false Ali Abbasi Tobias Scharnowski https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10601.html /system/events/logos/000/010/601/large/how_not_to_build_robots.jpg?1571198774 2019-12-27T17:30:00+01:00 17:30 01:00 Eliza 36c3-10601-how_not_to_build_autonomous_robots Fables from building a startup in Silicon Valley Ethics, Society & Politics lecture en Over the past 2 years we've been building delivery robots - at first thought to be autonomous. We slowly came to the realization that it's not something we could easily do; but only after a few accidents, fires and pr disasters. We've all seen the TV show Silicon Valley, but have you actually peered underneath the curtain to see what's happening? In this entertaining talk, Sasha will share his first hand experience at building (and failing) a robotics delivery startup in Berkeley. Over the course of 2.5 years this startup built hundreds of robots, delivered thousands of orders, and had one robot stolen. The talk will look over the insanity that's involved with building an ambitious startup around a crazy vision; sharing the ups and downs of the journey. It will also touch up lightly on the technology that drives it and the simplistic approach to AI/machine learning this company took. false Sasha https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10543.html /system/events/logos/000/010/543/large/pq.png?1573524184 2019-12-27T18:50:00+01:00 18:50 01:00 Eliza 36c3-10543-post-quantum_isogeny_cryptography Security lecture en There are countless post-quantum buzzwords to list: lattices, codes, multivariate polynomial systems, supersingular elliptic curve isogenies. We cannot possibly explain in one hour what each of those mean, but we will do our best to give the audience an idea about why elliptic curves and isogenies are awesome for building strong cryptosystems. It is the year 2019 and apparently quantum supremacy is finally upon us [1,2]. Surely, classical cryptography is broken? How are we going to protect our personal communication from eagerly snooping governments now? And more importantly, who will make sure my online banking stays secure? The obvious sarcasm aside, we should strive for secure post-quantum cryptography in case push comes to shove. Post-quantum cryptography is currently divided into several factions. On the one side there are the lattice- and code-based system loyalists. Other groups hope that multivariate polynomials will be the answer to all of our prayers. And finally, somewhere over there we have elliptic curve isogeny cryptography. Unfortunately, these fancy terms "supersingular", "elliptic curve", "isogeny" are bound to sound magical to the untrained ear. Our goal is to shed some light on this proposed type of post-quantum cryptography and bring basic understanding of these mythical isogenies to the masses. We will explain how elliptic curve isogenies work and how to build secure key exchange and signature algorithms from them. We aim for our explanations to be understandable by a broad audience without previous knowledge of the subject. [1] https://www.quantamagazine.org/john-preskill-explains-quantum-supremacy-20191002/ [2] https://www.nature.com/articles/d41586-019-02936-3 false naehrwert https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10784.html 2019-12-27T20:50:00+01:00 20:50 01:00 Eliza 36c3-10784-libresilicon_s_standard_cell_library_de show + tell Hardware & Making lecture de (en) We make Standard Cells for LibreSilicon available, which are open source and feasible. And we like to talk and demonstrate what we are doing. (de) Wir machen Standardzellen für LibreSilicon verfügbar, welche Open Source und nutzbar sind. Wir möchten darüber sprechen und vorführen, was wir tun. (en) LibreSilicon develops a free and open source technology to fabricate chips in silicon and provides all information to use them - or technical spoken - a Process Design Kit (PDK). On one abstraction level higher, user always using with their design compile tools a Standard Cell Library (StdCellLib) with basic blocks like logic gates, latches, flipflops, rams, and even pad cells. From a programmers point of view, as a PDK is comparable to a language like C, the Standard Cell Library becomes comparable to libc. All commercial available Standard Cell Libraries containing a small subset of all useful cells only, limited just by the manpower of the vendor. They are hand-crafted and error-prone. Unfortunately Standard Cell Libraries are also commercial exploited with Non-disclosure agreement (NDAs) and heavily depend on the underlying PDKs. Our aim is to become the first free and open source Standard Cell Library available. The lecture shows, how far we are gone, with makefile controlled press-button solution which generates a substantial number of Standard Cells by automated processing and respecting the dependencies in the generated outputs. (de) LibreSilicon entwickelt eine freie und offene Technologie um Siliziumchips herstellen zu können. Dies umfasst alle notwendigen Informationen dies zu tun, oder technisch gesagt, ein Process Design Kit (PDK - engl: Prozessbauskasten). Die Anwender nutzen überwiegend auf einer Abstraktionsebene höher mit ihren Design Compiler meist jedoch die Standardzellenbibliothek (StdCellLib) mit Basisblöcken wie Logikgattern, Latches, FlipFlops, Speicherzellen oder auch Padzellen. Aus Sicht eines Programmierers wäre das PDK vergleichbar einer Sprachdefinition wie C, die darauf aufsetzende Standardzellbibliothek (StdCellLib) dann vergleichbar mit der libc. Nun enthalten alle nur kommerziell verfügbaren Standardzellenbibliotheken lediglich eine kleine Teilmenge aller nützlichen Zellen, limitiert durch die Arbeitskräfte beim Hersteller. Sie sind handgemacht und fehlerträchtig. Unglücklicherweise sind die kommerziellen Standardzellbibliotheken stark vom PDK abhängig und mit Geheimhaltungsvereinbarungen gepflastert. Unser Ziel ist es, die erste freie und offene Standardzellbibliothek zu werden. Dieser Talk zeigt, wie weit wir bereits gekommen sind, mit Hilfe der Makefile-gesteuerten Lösung eine beachtliche Anzahl an Standardzellen und deren Ausgabeformate als Abhängigkeiten automatisiert zu generieren. false chipforge StdCellLib Repository https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10598.html /system/events/logos/000/010/598/large/Bild1.png?1573823792 2019-12-27T22:10:00+01:00 22:10 01:00 Eliza 36c3-10598-kritikalitat_von_rohstoffen_-_wann_platzt_die_bombe Ein nicht nuklearer Blick auf das Ende der Welt Science lecture de Einführung in das Forschungsfeld der Kritikalitätsanalysen. Anhand der Rohstoffe Tantal, Wolfram, Zinn und Gold werden exemplarisch die quantitativen und qualitativen Indikatoren für eine Versorgungsengpassanalyse vorgestellt. Moderne High-Tech-Produkte benötigen chemische Elemente, die in spezifischen Rohstoffen (z. B. Erze) vorkommen. Dabei unterliegen Verfügbarkeit und Preis dieser Rohstoffe in hohem Maße den Einflussfaktoren der Konzentrationsrisken, politischen Risiken, Angebotsreduktions- und Nachfrageanstiegsrisiken. Da Unternehmen oftmals über Jahre hinweg an bestimmte Rohstoffe gebunden sind, müssen sie den Unsicherheiten mit vielfältigen Strategien begegnen. Vom Abbau und der Verarbeitung bis zur Nutzung und Entsorgung wird die gesamte Wertschöpfungskettenkritikalität bewertet. Dadurch können Verwundbarkeiten von Unternehmen und Ländern durch Rohstoffengpässe objektiv identifiziert und Handlungsempfehlungen definiert werden. Die Kritikalitätsanalyse wird am Beispiel der 3TG-Materialien (Tantal, Wolfram, Zinn und Gold) veranschaulicht. false Martin Hillenbrand Ressourcen.fm-Podcast Präsentation - Martin Hillenbrand https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10875.html 2019-12-27T23:30:00+01:00 23:30 01:00 Eliza 36c3-10875-hack_curio Decoding The Cultures of Hacking One Video at a Time Art & Culture lecture en Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us (Chris Kelty, Gabriella Coleman, and Paula Bialski) have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders, will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. We will begin our talk by telling the audience what drove to build this website and what we learned in the process of collaborating with now over fifty people to bring it into being. After our introduction, we will showcase about 7-10 videos drawn from quite different sources (ads, parodies, movie clips, documentary film, and talks) and from different parts of the world (Mexico, Germany, South Africa, France) in order to discuss the cultural significance of hacking in relation to regional and international commonalities and differences. Finally, we will finish with a short reflection on why such a project, based on visual artifacts, is a necessary corollary to text-based discussions, like books and magazines, covering the history and contemporary faces of hacking. false Gabriella "Biella" Coleman Paula Bialski https://hackcur.io/ 2019-12-27T10:45:00+01:00 10:45 00:15 Chaos-West Bühne U3SAXX https://fahrplan.chaos-west.de/36c3/talk/U3SAXX/ Einfacher Slot de false Chaos-West 2019-12-27T11:00:00+01:00 11:00 00:30 Chaos-West Bühne JRZ3HF https://fahrplan.chaos-west.de/36c3/talk/JRZ3HF/ Einfacher Slot de true Chaos-West 2019-12-27T11:30:00+01:00 11:30 00:20 Chaos-West Bühne LBLBJT https://fahrplan.chaos-west.de/36c3/talk/LBLBJT/ All about computers Einfacher Slot en The Swiss democracy is one of it's kind. Digitization is starting to affect even our most critical processes, such as voting. When a piece of code suddenly gets responsible for democracy, it's only natural that the voices get loud and many questions get raised: Is our democracy at stake? Do we have to fear for our privacy? Is electronic voting even feasible in Switzerland? Is such a solution secure? As part of a mandatory Public Intrusion Test (PIT), the Swisspost released their e-voting source code to the world and started a heated debate - far beyond the Swiss borders. Not only the codebase revealed several problems during the PIT. Interesting scoping, redefining the term "open source" and unreleased security audits were only some of the issues that security researchers faced and caused controversy. In this talk we will have a look at many technical and non-technical aspects of the e-voting solution and PIT from the view of a participating security researcher. false Jannis Kirschner /media/36c3/images/TCNWMW/19-10-25_2-21-35_PM_2965_lUBOOhw.jpg 2019-12-27T12:00:00+01:00 12:00 00:50 Chaos-West Bühne TCNWMW https://fahrplan.chaos-west.de/36c3/talk/TCNWMW/ Klimakatastrophe Doppelter Slot de Seit knapp einem Jahr geht die Fridays for Future Bewegung auf die Straßen und durch die Medien. Nebst Brandenburg und Sachsen hat auch Thüringen einen neuen Landtag gewählt. Für Fridays for Future Thüringen war daher sofort klar: Landtagswahlen sind Klimawahlen und wir müssen handeln! Denn die hier gewählten Volksvertrater\*innen sind die letzten die das Steuer noch herumreißen können. Aber wie läuft das eigentlich wenn wir nur drei Monate haben um vier Streiks zu organisieren? Was gehört überhaupt zu so einem Streik? Was kostet das eigentlich und wie finanzieren wir das? Was fordern wir? Wann schlafen wir? Mit wem gehen wir in ein Bündnis? All diese Fragen werden in diesem Talk von einem Mitglied des Orga-Teams beantwortet. false Moritz Fromm 2019-12-27T13:00:00+01:00 13:00 00:50 Chaos-West Bühne RKMAKL https://fahrplan.chaos-west.de/36c3/talk/RKMAKL/ All about computers Doppelter Slot de In einem Gespräch über die Hackertool-Paragraphen des Strafgesetzbuches in LNP 296 sagte Frank zu Linus: „Damals haben wir juristisch noch ein bisschen was dazugelernt, nämlich dass die Begründung bzw. Erläuterung des Gesetzes in der deutschen Jurisprudenz mit herangezogen wird.“ Diese Kenntnis reicht für das Lesen von Gesetzen und Gerichtsurteilen aus. Für die IT-Sicherheitsforschung und die Analyse beispielsweise leicht auffindbarer Login-Daten bedarf es aber umfangreicherer Kenntnisse. Fragt man dazu einen Juristen, ist die Antwort oft komplex und führt zum "buffer overflow" und einer "brain resource exhaustion" des Fragenden. Damit ForscherInnen beider Gebiete und Interessierte "ressourcenschonender" kommunizieren können und um das juristische Verständnis zu erweitern, fasst dieser Vortrag in einem Überblick die wichtigsten Punkte verständlich zusammen. Betrachtet werden das hauptsächlich Datenschutz- und IT-Sicherheitsrecht, am Rande auch erwähnte, relevante Strafrechtsnormen. Die (prozessuale) Thematik der Hausdurchsuchung bleibt wegen des Talks vom 35c3 (https://media.ccc.de/v/35c3-10018-verhalten_bei_hausdurchsuchungen) außen vor. false Oliver Vettermann 2019-12-27T14:00:00+01:00 14:00 00:20 Chaos-West Bühne MXQBWP https://fahrplan.chaos-west.de/36c3/talk/MXQBWP/ The real basic about Bits and Nibbles Einfacher Slot de In diesem Talk wird es um die Grundlagen von Ansible gehen, warum es für den Vortragenden das beste Werkzeug ist und welche alternativen es noch gibt. Vom ersten Host Inventory im YAML Format über die kleine Rollen (NTP/Fail2Ban) und Playbooks bis hin zum ersten kompletten Einrichten des Rasberry Pi oder Servers mit eigenen Dotfiles und den Basic Paketen die man so braucht. Auch wird drauf eingegangen, wie und warum reproduzierbare Infrastruktur Builds das Leben eines Admins erleichtern können und im Alltag der händischen Arbeit vorzuziehen sind. Abschließen wird der Talk mit dem Thema "Ansible Playbooks aus dem Internet herunterladen oder selbst machen?" und worauf man achten sollte, wenn man Playbooks für mehrere unterschiedliche Linux Distributionen baut. false Heiko Borchers /media/36c3/images/KPKBDU/ArcoLinux_2019-11-24_20-48-54.png 2019-12-27T14:30:00+01:00 14:30 00:20 Chaos-West Bühne KPKBDU https://fahrplan.chaos-west.de/36c3/talk/KPKBDU/ The real basic about Bits and Nibbles Einfacher Slot de Was wäre, wenn das Internet nicht wie ein feudaler Besitz regiert würde? Was wäre, wenn es von und für Leute, die es benutzen, betrieben würde? Ich benutze Freedombone um der Geselschaft sowie auch allen Individuen zu ermöglichen, die Datensouveränität aus dem free-to-use Model des Überwachungskapitalismus zurück zu gewinnen. Durch die Möglichkeit ["Server Apps"] ohne technisches Wissen mit 4 Klicks über einer Web UI zu installieren, ist es möglich, dass Hobby-Admins ohne viel Zeit, sowie auch in Umgang mit Servern und Hosting unerfahrene Menschen nicht bei der Inbetriebnahme scheitern. Somit kann jede Einzelperson oder eine Community das Internet als freies Kommunikationmiittel wieder nutzen.Bei diesem Talk liegt der Fokus auf dem Fediverse, die Vernetztung sozialer Bewegungen und dem nutzen Dienstprogramme. ["Server Apps"](https://freedombone.net/apps.html) Es ist eine Tatsache, dass Mainstream-Software kaputt ist und die Unternehmen, die sie entwickeln, unzuverlässig und datenhungrig sind. Daher ist zu folgern, dass wir einen Bruchpunkt in der Gesichte des menschlichen Informationsaustausches erreicht haben. Die Rückgewinnung der Datensouveränität ist bei Freedombone ein Selbstverständnis. **Du willst also deine eigenen Internetdienste betreiben, aber hast keine Zeit dies umzusetzen?** Die Konfiguration von Diensten wie E-Mail, Chat, VoIP, Websiten, Dateisynchronisation, Wikis, Blogs, soziale Netzwerken (pleroma, zap, pixelfeed, ua.), Medienhosting, Backups, VPN sind an sich schon ein nicht triviales Unterfangen. Das Ziel von \[Freedombones\](https://freedombone.net/) ist es die Konfiguration zu übernehmen. Freedombone ist ein Home-Server-System, mit dem du all diese Dinge von deinem Wohn- oder Hackerzimmer hosten kannst. Für die Einrichtung wird eine .img.xz [Image] auf einen USB Stick geladen. Nach dem ersten Boot ist ein Email Server schon funktionsfähig. Standartmässig sind alle Dienste im Internet über DNS im Clearnet aber auch im Darknet über TOR erreichbar. Freedombone ist ein AGPLv3 Open Source Projekt. [Git](https://code.freedombone.net/bashrc/freedombone) Mein aktuelles Ziel, in diesem Jahr, war die Einbindung von Freifunk. Die Weboberfläche zeigt alle öffentlich bekannten Freifunk Nodes einer lokalen Freifunk Gruppe auf einer Karte an. Der Admin wählt den Konfig einer Freifunk Gruppe. Seit Frühjahr arbeite ich auch an an einem GitlabCI System, welches das Ziel hat die Wartung der Software des Projektes zu erleichtern. false Sw0rdDoom 2019-12-27T16:00:00+01:00 16:00 00:50 Chaos-West Bühne XFXE9Q https://fahrplan.chaos-west.de/36c3/talk/XFXE9Q/ Nicht Computers Doppelter Slot de In den vergangenen Jahren haben sich immer mehr feministische Hackspaces in den verschiedensten Formen gegründet. Warum eigentlich? Was bewegt Menschen dazu, was macht einen feministischen Hackspace überhaupt aus und wie können wir alle davon lernen? Das habe ich in meiner Masterarbeit untersucht und bin dafür durch Deutschland gereist, um mit Mitgliedern feministischer Hackspaces zu sprechen. Im Ergebnis werden die Funktionen feministischer Hackspaces beleuchtet und analysiert, warum diese Räume für ihre Mitglieder so wichtig sind. Um das herauszufinden, habe ich mit dem qualitativen Forschungsstil der „Grounded Theory“ in einem zirkulären Verfahren Interviews geführt und ausgewertet. So habe ich ein Modell entwickelt, das zeigen kann, welche Kernfunktionen Hackspaces haben, welche Faktoren Menschen davon abhalten, in ihrem lokalen Hackspace aktiv zu werden, und wie feministische Hackspaces versuchen, diese Defizite auszugleichen. false Julia 2019-12-27T17:00:00+01:00 17:00 00:20 Chaos-West Bühne EZU78C https://fahrplan.chaos-west.de/36c3/talk/EZU78C/ All about computers Einfacher Slot en Look at ME! - Intel ME Investigation With Intel's Firmware Support Package (FSP) and the recent release of a [redistributable firmware binary](https://edk2.groups.io/g/devel/message/50920/eml) for the Management Engine, it has become possible to share full firmware images for modern x86 platforms and potentially audit the binaries. Yet, reverse engineering, decompilation and disassembly are still not permitted. However, thanks to previous research, we can have a closer look at the binary data and come to a few conclusions. This talk briefly summarizes the fundamentals of developing custom and open source firmware, followed by a quick guide through the process of analyzing the binaries without actually violating the terms to understand a few bits, and finally poses a statement on the political issues that researchers, repair technicians and software developers are facing. false CyReVolt 2019-12-27T17:30:00+01:00 17:30 00:20 Chaos-West Bühne EARPZB https://fahrplan.chaos-west.de/36c3/talk/EARPZB/ All about computers Einfacher Slot en The access to surveillance technology by governments and other powerful actors has increased in the last decade. Nowadays malicious software is one of the tools to-go when attempting to monitor and surveil victims. In contrast, the target of these attacks, typically journalists, lawyers, and other civil society workers, have very few resources at hand to identify an ongoing infection in their laptops and mobile devices. In this presentation we would like to introduce the Emergency VPN, a solution we developed at the Czech Technical University as part of the CivilSphere project. The Emergency VPN is designed to provide a free and high quality security assessment of the network traffic of a mobile device in order to early identify mobile threats that may jeopardize the security of an individual. The presentation will cover the design of the Emergency VPN as a free software project, the instructions of how a user can work with it, and some success cases where we could detect different infections on users. We expect attendees will leave this session with a more clear overview of what the threat landscape looks like, what are the options for users that suspect their phone is infected, and how the Emergency VPN can help in those cases. More information about the Emergency VPN can be found at CivilSphere's website: https://www.civilsphereproject.org false Sebastian Garcia Veronica Valeros 2019-12-27T18:00:00+01:00 18:00 00:50 Chaos-West Bühne 73DECY https://fahrplan.chaos-west.de/36c3/talk/73DECY/ All about computers Doppelter Slot en Firmware protection for Virtual Machines against buggy or malicious hypervisors is a rather new concept that is quickly gaining traction among the major CPU architectures; two years ago AMD introduced Secure Encrypted Virtualization (AMD SEV), and now IBM is introducing Protected Virtualization for the s390x architecture. This talk will present the motivations and the overall architecture of Protected Virtualization, the general challenges for Linux both as a guest and as a hypervisor with KVM and Qemu. The main challenges presented will be, among others: * secure VM startup * attestation * I/O * interrupts * Linux guest support * KVM and Qemu changes * swap and migration While the talk will have some technical content, it should be enjoyable for anyone who tinkers with KVM and virtualization. Knowledge of the s390x architecture is not required. false Janosch Frank Claudio Imbrenda /media/36c3/images/CBGVT9/logo-quadrat-vector.jpg 2019-12-27T19:00:00+01:00 19:00 00:50 Chaos-West Bühne CBGVT9 https://fahrplan.chaos-west.de/36c3/talk/CBGVT9/ Antifaschimus Doppelter Slot de Christchurch, El Paso, Walter Lübcke, Halle – seit 2019 verbinden wir diese Orte und Namen mit rechtem Terror. Auf jeden Anschlag folgte auch in diesem Jahr eine öffentliche Debatte, in der rechter Terror meist als neues Phänomen erscheint. Je größer jedoch die Häufung der Anschläge, desto absurder erscheinen die Worte von „unvorstellbaren Einzelfällen“, begangen von „verrückten Einzeltätern“. Diese Erzählungen haben einen anderen Zweck, als rechten Terror die Grundlage zu entziehen. Sie sollen sagen: ‚Wir hätten es nicht wissen können, hätten nichts tun können und werden auch zukünftig nichts verhindern‘. Dabei ist das Gegenteil der Fall: Rechter Terror hat auch nach 1945 nie aufgehört und obwohl an jedem Fall etwas Spezielles ist, so gibt es doch Gemeinsamkeiten und Kontinuitätslinien. Rechtsterroristen und Rechtsterroristinnen wie etwa der NSU oder Anders Breivik kämpften immer mit den Mitteln der Zeit für die Umsetzung ihrer Ziele: Der Umsturz der Gesellschaft durch massive Gewalt, um ihre wahlweise autoritäre, heteronormative, völkische Vision einer Volksgemeinschaft verwirklichen zu können. Aus dieser Geschichte des rechten Terrors und den gesellschaftlichen Reaktionen darauf können wir lernen ihnen etwas entgegenzusetzen. Caro Keller von NSU-Watch wird anhand exemplarischer Fälle die wichtigen Kontinuitätslinien herausarbeiten. Vor diesem Hintergrund nimmt sie auch den aktuellen rechten Terror, Phänomene wie toxische Männlichkeit oder „Gamification of Terror“ in den Blick. Es wird aufgezeigt, ob und wie wir als Antifaschist*innen und Gesellschaft dieses Wissen gegen rechten Terror einsetzen können. false Caro Keller 2019-12-27T21:00:00+01:00 21:00 00:50 Chaos-West Bühne GZGQK3 https://fahrplan.chaos-west.de/36c3/talk/GZGQK3/ Queer Doppelter Slot de "Eine Regierung hat auch die Pflicht uns vor zukünftigen Regimen zu schützen." Anhand der Rosa Liste möchte ich aufzeigen weshalb das ein wichtiger Grundsatz moderner Demokratien ist. In der Weimarer Republik und der Ersten Republik Österreich wurden Listen angelegt in denen zahlreiche Daten über tatsächliche oder vermeintliche Homosexuelle gesammelt und auf Vorrat gespeichert wurden. In der NS-Diktatur wurden diese Listen genutzt, um eine möglichst große Anzahl Homosexueller in Konzentrationslager (KZ) zu bringen. In diesen bekamen sie den berühmten Rosa Winkel als Kennzeichnung, wodurch sie auch Repressalie von anderen Insassen ausgesetzt waren. Noch heute gilt die Rosa Liste als eines der schlimmsten Beispiele wie auf Vorrat gespeicherte Daten missbraucht werden können. Als Datenschützer und Bisexueller möchte ich näher auf diesen besonderen Teil der Geschichte eingehen und aufzeigen was daraus lernen sollten. false Erwin Ernst 'eest9' Steinhammer 2019-12-27T22:00:00+01:00 22:00 00:50 Chaos-West Bühne RUCJJQ https://fahrplan.chaos-west.de/36c3/talk/RUCJJQ/ Nicht Computers Doppelter Slot en The 21st century will be powered by electricity. I'm a journalist in the field of science and technology reporting. I followed the development of electricity storage and generation for over 10 years. In this talk I will outline the current state of electricity storage technology and its limitations. There is a gap between the intermittent availability of electricity generation and demand for it. Cobalt and Lithium are increasingly limited in supply and their production is often produced using unsustainable means. Alternatives are being development and will be presented. Some of these technologies are in the form of chemical batteries and some use very surprisingly simple technologies. I will be giving an introduction into future technologies for electricity storage currently in development. Some of these are batteries without rare materials and others are not batteries at all. false Frank Wunderlich-Pfeiffer 2019-12-27T23:00:00+01:00 23:00 00:50 Chaos-West Bühne RAFTCU https://fahrplan.chaos-west.de/36c3/talk/RAFTCU/ Antifaschimus Doppelter Slot de Der deutsche Inlandsgeheimdienst bietet seit Jahrzehnten mit seinen Berichten eine interessante Propaganda an. Dieser wollen wir in diesem Talk auf den Zahn fühlen. Dazu ordnen wir die Erwähnungen von linken und antifaschistischen Akteur:innen kritisch ein. Dabei legen wir die Ideologie des sog. Verfassungsschutzes offen. Die Verfassungsschutzämter veröffentlichen jährlich Berichte über ihre Arbeit – auch im Netz. Doch die Berichte wurden zumeist nach 5 Jahre depubliziert. Wir sammeln alte und neue Berichte auf [Verfassungschutzberichte.de](https://vsberichte.de). Mit diesem digitalen Archiv vereinfachen wir die Recherche. Neben einer Suche lassen sich so z. B. Erwähnungen von Begriffen oder Organisationen im zeitlichen Verlauf betrachten. Einige interessante Resultate stellen wir in dem Vortrag vor. false Andreas Krämer Johannes Filter 2019-12-28T00:00:00+01:00 00:00 02:00 Chaos-West Bühne 7CPYCT https://fahrplan.chaos-west.de/36c3/talk/7CPYCT/ Klangteppich Klangteppich de Feinster Deep & Progressive House und wunderschöne visuelle Impressionen aus dem Weltraum laden ein zum grooven, chillen oder sich einfach mal inspirieren zu lassen. Eine Hommage an die Sendung "Space Night" des Bayerischen Rundfunks, gebeamt in die heutige Zeit ! true Stecki /media/36c3/images/JZACMR/885126_10152643499100515_567263813_o.jpg 2019-12-28T02:00:00+01:00 02:00 02:00 Chaos-West Bühne JZACMR https://fahrplan.chaos-west.de/36c3/talk/JZACMR/ Klangteppich Klangteppich de Mit Harald zusammen begeben wir uns auf einen musikalischen Trip auf einem Ambient Klangteppich in Richtung Alpha Centauri, um endlich die Fragen beantwortet zu bekommen, die wir uns alle Stellen: * Ist Liebe in der Nähe von schwarzen Löchern möglich? * War die Mondlandung echt? * Gibt es Schnaps im Weltraum? Wer schon einen Eindruck bekommen will, wie sich so ein Ambient Klangteppich anhört kann schonmal hier reinhören: https://soundcloud.com/boomboombastard/oceanfloor-unreal-ambient-like-miks https://hearthis.at/petrosilius/keintraum/ true petrosilius 2019-12-27T10:00:00+01:00 10:00 01:00 OIO Stage RSGMFF https://talks.oio.social/36c3-oio/talk/RSGMFF/ Entertainment Talk 45 minutes + 10 minutes Q&A de Finales Trockenschwimmen auf der Bühne mit Licht, Ton, Video, Streaming Speaker wird noch gesucht für Powerpoint-Karaoke oder "Autocomplete Texting" (requires audience) false Adorfer 2019-12-27T13:00:00+01:00 13:00 00:55 OIO Stage DQ3DBL https://talks.oio.social/36c3-oio/talk/DQ3DBL/ OIO Talk 45 minutes + 10 minutes Q&A de Eröffnung des OIO, der Bühne und Vorstellung aller Assemblies auf dem OIO false Peter /media/36c3-oio/images/T7XNAT/malta-flugzeug-wasser_VxtX0IJ.jpg 2019-12-27T14:45:00+01:00 14:45 00:25 OIO Stage T7XNAT https://talks.oio.social/36c3-oio/talk/T7XNAT/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A de SearchWing baut eine Rettungsdrohne für die zivilen Rettungsorganisationen im Mittelmeer wie Sea-Watch, Sea-Eye und Resqship. Wir beschreiben den Aufbau, die Tests auf dem Mittelmeer, die Herausforderungen beim Bau und beim Einsatz des autonomen Flugzeugs und werfen einen Blick auf die verwendeten Bilderkennungsalgorithmen. Wir helfen zivilen Rettungsorganisationen im Mittelmeer bei der Suche nach Schiffbrüchigen. In diesem Talk berichten wir von den Schwierigkeiten und Herausforderungen beim Bau einer autonomen Drohne, die für Einsatz im Mittelmeer geeignet ist. Wenn beispielsweise die Akkus auf dem Flughafen Hamburg im sicheren Schrank verbleiben, weil einer vergessen hat die Akkus für den Flug anzumelden... Wir erläutern den technischen Aufbau mit PixRacer Hardware, Mini Talon EPO Rumpf und den anderen Komponenten. Ungewöhnlich im Vergleich zum klassischen Modellflug ist der Long Range Telemetrie Funk, der große Akku (10000 mAh bei 2kg Fluggewicht) und das ganze Salzwasser :-(. Im Februar 2019 waren wir für Tests auf Malta und im Mai 2019 hat Björn dann den ersten Einsatz im Mittelmeer in Zusammenarbeit mit ResQShip e.V. gemacht. Deshalb können wir auch die Einsatzerfahrungen schildern - wie man das Flugzeug auf dem Schiff startet und landet. Zum Einstieg geben wir auch eine Zusammenfassung der Situation der Seenotrettung im Mittelmeer. Unser Flugzeug sammelt im Flug Bilder, die im Anschluss vom Flugzeug geladen und analysiert werden. Um diese manuelle Bildanalyse zu beschleunigen entwickelen wir auch Computer Vision Algorithmen - auch davon werden wir auf dem Talk einen Überblick geben. Eine Person aus dem Computervision-Team (Petrosilius) hatte bereits letztes Jahr auf der Freifunkbühne dazu einen Vortrag gehalten. false Friedrich Beckmann KingBBQ 2019-12-27T16:10:00+01:00 16:10 00:25 OIO Stage JDASEQ https://talks.oio.social/36c3-oio/talk/JDASEQ/ Hardware & Making Talk 20 minutes + 5 minutes Q&A en We take a quick dive into the Highspeed Amateurradio Multimedia NETwork the wireless backbone of the European Amatuerradio Community. It’s uses mostly commercial hardware on it’s own frequencies beneath the 2,4 and 5 GHz wifi bands. The net is routed with it’s own ipv4 private network consisting of multiple 44.xxx.000.000/16 blocs. A short overview on what the Hamnet is and how it came to be. Not forgetting all the challenges of technical and legal kind that come with running and building the Net. false Lars Rokita 2019-12-27T16:45:00+01:00 16:45 00:55 OIO Stage GWFPXV https://talks.oio.social/36c3-oio/talk/GWFPXV/ Ethics, Society & Politics Talk 45 minutes + 10 minutes Q&A en The Democratic People's Republic of Korea (North Korea) is a hot topic in the media. The peninsula is changing rapidly, but how is that reflected in life on the ground? What is it like to live in Pyongyang? Are the externally reported societal changes and developments in technology also visible in everyday life? This talk will describe modern urban life in Pyongyang, and the recent forces driving change. The talk will particularly focus on observations around the state of youth mindset towards change and technology. For example, what are the future elites' attitudes towards entrepreneurship in an officially communist country? What small signals of changing attitudes can we observe that might influence the opening of the county? Presenting the realities of this environment leads us to the demo of consumer technology, and presented that opportunities for both societal change and technological development might be broader than we often see. We will present this deep dive to North Korea from the perspective of two foreigners who have been spending months at a time in Pyongyang and have been studying it since 2012. false Jukka-Pekka Heikkilä /media/36c3-oio/images/C33LPX/qaul-sing-blau_512_X3u9MVw.png 2019-12-27T17:50:00+01:00 17:50 00:25 OIO Stage C33LPX https://talks.oio.social/36c3-oio/talk/C33LPX/ Hardware & Making Talk 20 minutes + 5 minutes Q&A en Concepts, goals, implementations and the lessons learned from rewriting qaul.net decentralized messenger in rust. qaul.net is a Internet independent wifi mesh communication app with fully decentralized messaging, file sharing and voice chat. At the moment we are rewriting the entire application in rust, implementing our experience of 8 years off the grid peer2peer mesh communication, with a mobile first approach and a network agnostic routing protocoll wich can do synchronous as well as delay tolerant messaging. We are currently rewriting qaul.net 2.0 in rust with a new network agnostic routing protocol, identity based routing and delay tolerant messaging. The talk will show our learnings and the journey ahead of us at the alpha stage of the rewrite. * Homepage: https://qaul.net * Code Repository: https://git.open-communication.net/qaul/qaul.net false Mathias Jud 2019-12-27T18:30:00+01:00 18:30 00:45 OIO Stage XHLTUD https://talks.oio.social/36c3-oio/talk/XHLTUD/ Ethics, Society & Politics Talk 45 minutes + 10 minutes Q&A en In this talk we present re:claimID, a decentralized, self-sovereign identity management system. re:claimID allows users to reclaim authority over their identities and personal data. The system is built on top if a state-of-the-art, decentralized directory service: The GNU Name System. Built-in cryptographic mechanisms allow users to selectively disclose personal data and the directory service ensures that this data is accessible to authorized parties even if the user is offline. Through OpenID Connect, integration and use of re:claimID is straight-forward and authorization flows are familiar. In this talk, we present the current state of re:claimID as well as a future roadmap. Today, users are often required to share personal data, like email addresses, to use services on the web. As part of normal service operation, such as notifications or billing, services require access to -- ideally fresh and correct -- user data. Sharing attributes in the Web today is often done via centralized service providers to reduce data redundancy and to give services access to current, up-to-date information even if the user is currently offline. Abuse of this power is theoretically limited by local laws and regulations. But, the past has shown that even well-meaning identity providers struggle to keep user data safe as they become major targets for hackers and nation state actors while striving for monetizing anonymized statistics from these data. We advocate for a new, decentralized way for users to manage their identities for the following reasons: * The current state of omniscient identity providers is a significant threat to the users' privacy. * Users must completely trust the service provider with respect to protecting the integrity and confidentiality of their identity in their interest. * The service provider itself is facing substantial liability risks given the responsibility of securely managing potentially sensitive personal data of millions of users. We present re:claimID, a decentralized identity service with the following properties: * Self-sovereign: You manage your identities and attributes locally on your computer. No need to trust a third party service with your data. * Decentralized: You can share your identity attributes securely over a decentralized name system. This allows your friends to access your shared data without the need of a trusted third party. * Standard-compliant: You can use OpenID Connect to integrate reclaim in your web sites. false dvn 2019-12-27T20:50:00+01:00 20:50 00:25 OIO Stage VSV8Y8 https://talks.oio.social/36c3-oio/talk/VSV8Y8/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A de Eine kurze Erzählung von den Anfängen der Protestbewegung bis heute und darüber hinaus. Wenn eine spontan gebildete Menge an Menschen beginnt die Werkzeuge der Demokratie zu nutzen ist das vorläufige Ergebnis eine der größten Petitionen weltweit und über 200.000 kreativ Protestierende auf den Straßen Europas. War es das schon oder kommt da noch etwas? Welche Auswirkungen haben demokratische Werkzeuge wie Petitionen und Demonstrationen? Kann man die nächsten Proteste voraussehen oder wie entstehen Wellen der Aufmerksamkeit? Hat sich eine neue Empörung zum ersten oder zum letzen Mal aufgetan? Von vernetzen Livestreams während der Proteste bis zu Community Aktionen wie Meme-Events und Briefraids. false segal Thomas Knebl 2019-12-27T21:20:00+01:00 21:20 00:25 OIO Stage MMB78C https://talks.oio.social/36c3-oio/talk/MMB78C/ Hardware & Making Talk 20 minutes + 5 minutes Q&A en ##### Motivation In the digital age the privacy has become an important matter. But with the current digital payment methods the privacy of the user is not guaranteed. To avoid the data sharing, the Taler team implemented a digital form of cash. ##### Project To demonstrate the payment system we developed an interface for a snack machine based on GNU Taler. This implementation allows the customer to pay with a smartphone app via NFC or QR-Code. ##### Team The project was realized by Taler in cooperation with two students from Bern University of Applied Sciences. In the talk the audience will become a little insight into the GNU Taler Project and the aim of the developed Snack Machine Interface. The approach to develop an interface between the Taler Backend and the snack machine will be explained as well as the challenges which come with such a project. Further the implemented hard- and software stacks are presented. false Dominik Hofer 2019-12-27T15:00:00+01:00 15:00 00:30 DLF- und Podcast-Bühne TAZX9D https://fahrplan.das-sendezentrum.de/36c3/talk/TAZX9D/ DLF- und Podcast-Bühne Normale Länge en 36c3-Spezial mit Interviews Wie klimafreundlich ist Software? Zu Gast: Maria Köhn und Eva Kern, UBA false DLF-Team 2019-12-27T16:35:00+01:00 16:35 00:25 DLF- und Podcast-Bühne W3AZEP https://fahrplan.das-sendezentrum.de/36c3/talk/W3AZEP/ DLF- und Podcast-Bühne Normale Länge de Live-Sendung vom 36c3 Live-Sendung vom 36c3 false DLF-Team 2019-12-27T17:00:00+01:00 17:00 00:30 DLF- und Podcast-Bühne LECPDG https://fahrplan.das-sendezentrum.de/36c3/talk/LECPDG/ DLF- und Podcast-Bühne Normale Länge de 36c3-Spezial mit Interviews vom Congress phyphox. Using smartphone sensors for experiments. Zu Gast: Dr. Sebastian Staacks, RWTH Aachen false DLF-Team 2019-12-27T17:30:00+01:00 17:30 01:00 DLF- und Podcast-Bühne 8G7QZH https://fahrplan.das-sendezentrum.de/36c3/talk/8G7QZH/ DLF- und Podcast-Bühne Normale Länge de Manfred, Jan und Peter interviewen Gäste Ein 36c3-Spezial unseres bekannten Studiogesprächs. false DLF-Team 2019-12-27T19:15:00+01:00 19:15 01:00 DLF- und Podcast-Bühne NZR3VR https://fahrplan.das-sendezentrum.de/36c3/talk/NZR3VR/ DLF- und Podcast-Bühne Normale Länge de In diesem Talk werden erstmalig Ergebnisse einer Online-Studie mit 653 Podcastproduzierenden vorgestellt. Seitdem vor etwa 15 Jahren die ersten Podcasts im deutschsprachigen Raum produziert und veröffentlicht wurden, ist die Zahl podcastender Personen enorm gestiegen – ein Ende des Wachstums ist nicht abzusehen. Dennoch sind Podcaster_innen bisher kaum Gegenstand psychologischer Forschung geworden. Wie lassen sich deutschsprachige Podcastproduzierende charakterisieren? Was sind die zentralen Motive, die dazu führen, mit dem Podcasten zu beginnen? Gibt es Geschlechterunterschiede? Auf Basis einer Stichprobe von 653 Podcaster_innen sollen diese Fragen erstmals für den deutschsprachigen Raum beantwortet werden. false Christiane Attig 2019-12-27T20:30:00+01:00 20:30 01:00 DLF- und Podcast-Bühne 9ASKAV https://fahrplan.das-sendezentrum.de/36c3/talk/9ASKAV/ DLF- und Podcast-Bühne Normale Länge de Der Einmischen Podcast ist für ein paar Rant und sich eher Aufregen bekannt unser Politiklehrer Thomas ist da eher der zynische Pol der Podcastszene. Beide versuchen in dem kleinen Jahresrückblick mal die Aufreger auf ein Minimum zu senken. Unterhaltung garantiert. Der Einmischen Podcast ist für ein paar Rant und sich eher Aufregen bekannt unser Politiklehrer Thomas ist da eher der zynische Pol der Podcastszene. Beide versuchen in dem kleinen Jahresrückblick mal die Aufreger auf ein Minimum zu senken. Unterhaltung garantiert. false Jenny Advi 2019-12-27T21:45:00+01:00 21:45 01:00 DLF- und Podcast-Bühne UDRLSJ https://fahrplan.das-sendezentrum.de/36c3/talk/UDRLSJ/ DLF- und Podcast-Bühne Normale Länge de Ein gemütlicher Schnack unter Ingenieuren warum die Elektromobilität nicht ins Rollen kommt und warum Wasserstoff noch nicht so richtig in Deutschland explodiert ist. Wir werden aus unseren Erfahrungen mit Elektromobilität, der Freude der Wartezeit auf ein Auto und anderen Problemchen schnacken. Sollten wir nicht von einem E-Roller oder Sofa überfahren worden sein vorher ^^ Wer auch ein E Auto hat oder sich über ERoller aufregen will darf gerne dazukommen. Das große Och Menno Special zur Elektromobilität. false ochmenno 2019-12-27T23:00:00+01:00 23:00 01:30 DLF- und Podcast-Bühne Y3VESL https://fahrplan.das-sendezentrum.de/36c3/talk/Y3VESL/ DLF- und Podcast-Bühne Normale Länge de Jenny Günther, Moritz Klenk, Nicolas Wöhrl und Stefan Schulz laden alle anwesenden Podcaster und Podcasthörer zum 2. Podcast-Selbstkritiktreffen ein. Jenny Günther, Moritz Klenk, Nicolas Wöhrl und Stefan Schulz laden alle anwesenden Podcaster und Podcasthörer zum 2. Podcast-Selbstkritiktreffen ein. Im vergangenen Jahr haben wir die eher schweren Themen diskutiert - Formate & Finanzen. Dieses Jahr rücken wir etwas näher an den Alltag am Aufnahmegerät heran: Wir möchten über Workflows reden, die Organisation von Sendungen, den Umgang mit Gästen und Publikum. Auf der Bühne wird wieder ein leerer Stuhl stehen. Alle, die gehört werden wollen, werden gehört. Jenny Günther ist Politpodcasterin mit Herz, Moritz Klenk ist Monologpodcaster mit Doktortitel, Nicolas Wöhrl ist Spaßpodcaster mit Feuertornado, Stefan Schulz ist Fernsehpodcaster ohne Sendeschluss. false Stefan Schulz Jenny Nicolas Moritz Klenk /media/36c3/images/P3M9YV/fish_Kopie.jpg 2019-12-28T00:40:00+01:00 00:40 01:00 DLF- und Podcast-Bühne P3M9YV https://fahrplan.das-sendezentrum.de/36c3/talk/P3M9YV/ DLF- und Podcast-Bühne Normale Länge de Das Wissenschaftskommunikations-Assembly trifft sich auf dem 36c3 um über Wissenschaftskommunikation zu sprechen. Und über andere Themen die ihnen am Herzen liegen. Wir kommunizieren über den einen oder anderen Weg Wissenschaft. Physik, Chemie, Biologie, Pharmazie... Doch schauen wir uns das viele Unwissen in der Welt an, dann scheint das noch nicht auszureichen. Wie können wir Wissenschaft noch besser an die Frau oder den Mann bringen? Wie können wir überhaupt das Interesse dafür wecken? In der Politik gibt es zwar bereits Pläne, die Kommunikation zu verbessern, das Grundsatzpapier des Bundesministeriums für Bildung und Forschung (BMBF) über Wissenschaftskommunikation ist nur ein Beispiel dafür. Nur wirft dies auch die Befürchtung auf, dass Kommunikation dann von eh schon überlasteten, drittmittelfinanziert-prekären Doktorandinnen aufgeladen wird. Oder, dass sie als Freizeitvergnügung betrachtet wird. Oder, dass die hohen Anforderungen für gute Kommunikation unterschätzt werden. Oder, dass Wissenschaftskommunikation als Instrument der Akzeptanzbeschaffung verwendet wird. Richtig ist aber, dass alle von Wissenschaftskommunikation profitieren könnten. Wir möchten uns darüber austauschen, wie Wissenschaft unserer Meinung nach kommuniziert werden sollte. Und auch, welche Themen gerade jetzt mehr Aufmerksamkeit finden sollten. Eine Betrachtung von Wissenschaftler*innen, die gleichzeitig Wissenschaftskommunikator*innen sind - eine Kombination die immer noch recht selten ist. false Anna Müllner André Lampe Nicolas 2019-12-27T10:00:00+01:00 10:00 00:45 WikiPaka WG: Esszimmer A3ZPHC https://cfp.verschwoerhaus.de/36c3/talk/A3ZPHC/ Community Meetup en Welcome Ceremony for the ChaosPatinnen Assembly (German and English) Is this your first visit to Congress and you're unsure if you will fit in, visiting alone, or are you a part of a minority at the event? ChaosPatinnen may be for you! Unfortunately, SignUps have already ended and all mentees have been matched into groups, so if you have not yet signed up, find yourself a helpful Hacker! This is the opening event for mentees to meet their mentors, get to know more about the Assembly, and who to turn to for help! From here, we're off to the 11:00AM Keynote! -ChaosPatinnen Orga true Chaosmentors 2019-12-27T12:00:00+01:00 12:00 01:00 WikiPaka WG: Esszimmer AMPBFW https://cfp.verschwoerhaus.de/36c3/talk/AMPBFW/ Hardware & Making Workshop de An introduction to querying linked data, using the SPARQL query language and the free knowledge base Wikidata. Which films starred more than one future head of government? What’s the largest city with a female mayor? And when did women finally outnumber Johns in the House of Commons? These are the kinds of questions that **linked data** can answer. This workshop will give an introduction to the SPARQL query language, showing how it can be used to answer these and other questions, using the free knowledge base **Wikidata** as the data source. false Lucas Werkmeister 2019-12-27T13:00:00+01:00 13:00 00:30 WikiPaka WG: Esszimmer VN8MEQ https://cfp.verschwoerhaus.de/36c3/talk/VN8MEQ/ Hardware & Making Talk de You can find a lot of interesting, useful or amusing information on Wikidata – let’s spend half an hour writing some queries together! This will be an interactive session to explore the possibilities of Wikidata, the free knowledge base, and its query service. Participants can suggest queries, and I’ll do my best to implement them. false Lucas Werkmeister 2019-12-27T14:00:00+01:00 14:00 00:45 WikiPaka WG: Esszimmer LTYSYX https://cfp.verschwoerhaus.de/36c3/talk/LTYSYX/ Science Talk de Vorstellung eines Ansatzes zur Verknüpfung von OpenData aus verschiedenen Quellen Ob OpenData oder Datenjournalismus: Wer Daten aus verschiedenen Quellen zusammenführt (APIs, Exceldateien, Datenbanken, etc.), ist oft mit dem Problem konfrontiert, diese zueinander in Beziehung zu setzen, zu analysieren oder eine aufbereitete Version der Daten als Mashup zu präsentieren (z. B. als Website). Mitunter möchte man außerdem über einen längeren Zeitraum Daten erheben, um Veränderungen zu verfolgen und ggf. darauf zu reagieren. Ich möchte einen Ansatz vorstellen, wie man dieses Problem mit einem weitestgehend generischen Ansatz lösen kann. Dieser Ansatz, der sich Data Vault 2.0 nennt, ist in Industrie und Wirtschaft bereits verbreitet, in anderen Teilen der datenverarbeitenden Community offenbar aber unbekannt. Dies möchte ich ändern. ## Beispiele Verknüpfung offener Datensätze, Verknüpfung von Daten aus öffentlich verfügbaren Schnittstellen ## Themenfelder Open Data, Open Government, Data-driven Journalism (DDJ) true cyroxx 2019-12-27T16:00:00+01:00 16:00 00:30 WikiPaka WG: Esszimmer MH3WTA https://cfp.verschwoerhaus.de/36c3/talk/MH3WTA/ Science Talk de Getting your itinerary presented in a unified, well structured and always up to date fashion rather than as advertisement overloaded HTML emails or via countless vendor apps has become a standard feature of digital assistants such as the Google platform. While very useful and convenient, it comes at a heavy privacy cost. Besides sensitive information such as passport or credit card numbers, the correlation of travel data from a large pool of users exposes a lot about people's work, interests and relationships. Just not using such services is one way to escape this, or we build a privacy-respecting alternative ourselves! Standing on the shoulders of KDE, Wikidata, Navitia, OpenStreetMap and a few other FOSS communities we have been exploring what it would take to to build a free and privacy-respecting travel assistant during the past two years, resulting in a number of building blocks and the "KDE Itinerary" application. In this talk we will look at what has been built, and how, and what can be done with this now. In particular we will review the different types of data digital travel assistants rely on, where we can get those from, and at what impact for your privacy. The most obvious data source are your personal booking information. Extracting data from reservation documents is possible from a number of different input formats, such as emails, PDF files or Apple Wallet passes, considering structured annotations and barcodes, but also by using vendor-specific extractors for unstructured data. All of this is done locally on your own devices, without any online access. Reservation data is then augmented from open data sources such as Wikidata and OpenStreetMap to fill in often missing but crucial information such as timezones or geo coordinates of departure and arrival locations. And finally we need realtime traffic data as well, such as provided by Navitia as Open Data for ground-based transport. Should the author fail to show up to this presentation it might be that his Deutsche Bahn ticket rendering code still needs a few bugfixes ;-) false Volker Krause 2019-12-27T18:00:00+01:00 18:00 00:15 WikiPaka WG: Esszimmer ENN7EF https://cfp.verschwoerhaus.de/36c3/talk/ENN7EF/ Hardware & Making Lightning Talk de Find out what kind of free services Wikimedia provides for you. Wikimedia Cloud Services is a collection of services that the Wikimedia Foundation offers, free of charge, to anyone who can use them for furthering the goals of the Wikimedia movement. This includes Toolforge, a hosting service for tools written in various languages; Cloud VPS, full virtual private servers for advanced development beyond the capabilities of Toolforge; convenient access to Wikimedia project data; and more! Link and other useful information: https://www.wikidata.org/wiki/User:Lucas_Werkmeister/36c3-wmcs-intro false Lucas Werkmeister Amir Sarabadani /media/36c3/images/TNSGB8/handy-unnormalized.png 2019-12-27T19:30:00+01:00 19:30 00:20 WikiPaka WG: Esszimmer TNSGB8 https://cfp.verschwoerhaus.de/36c3/talk/TNSGB8/ Ethics, Society & Politics Talk de Algorithms bear the image of their makers, and toil like their servants. Technology of any sort cannot be neutral, as it is embedded in a social matrix of why it was created and what work it performs. An algorithm, its context, and what it lacks should be understood as a political statement carrying great consequences, and as a society we should respond to each as needed, engaging the purveyors of these algorithms on a political level as well as legal and economic. Three algorithmic systems are revealed to embody various class interests. First, a population ecology modeled simply by a pair of predator-prey equations leads one to conclude that socialist revolution and compulsory leisure are the only routes to avoiding civilizational collapse. Second, a formula for labor supply reduces us to lazy drones who work as little as possible to support our choice of lifestyle. Finally, advertising on Wikipedia could yield a multi-billion-dollar fortune—shall we put it up for sale or double-down on radical equality among all people? (1) The [Human and Nature Dynamics](https://www.sciencedirect.com/science/article/pii/S0921800914000615) (HANDY) model is the first to pair environmental resource consumption with class conflict, each as a predator-prey cycle. In one cycle we overrun and out-eat the other species on Earth, who grow back slowly, and in the other cycle elites out-compete commoners in their consumption, to the point of even causing commoners to die of hunger. One can say that socialist revolution is embedded in a statement like this. Indeed, something must be done about the growing power of over-consuming elites before they doom us all. I will give a tour using this [interactive explorer](https://adamwight.github.io/handy-explorer/). (2) A second example is a run-of-the-mill, capitalist formula for labor supply, to explain our collective decision to go to work in the morning. Loosely, it is to`optimize(Consumption, hours worked)` for the constraint `Consumption ≤ wage x hours + entitlement`. In other words, this formula assumes we are lazy, greedy, individual agents, each motivated only by obtaining the greatest comfort for the least labor. The worker who internalizes this formula will fight for fewer hours of work and higher wages for themself, will find shortcuts to spend less money to increase purchasing power, and in this idealized world can be expected to vote in favor of social democratic minimum incomes. A company following this formula, on the other hand, will fight against all of these worker gains, and will act to depress government welfare or minimum incomes until workers are on the edge of starvation in order to squeeze longer hours out of them. What's missing from this formula is, all the ways out of the trap. Mutual aid and connections among ourselves to protect the most vulnerable individuals, pooling resources, and any other motivation to work besides mortal fear and hedonism.—One can easily imagine a radically different paradigm for work, in which labor is dignified and fulfilling. To understand this world in formulas, labor supply is measured in education levels, self-direction, and other positive feedback loops which raise productivity. (3) Wikipedia and its sister projects have never worn the shackles of paid advertising, although they sit on a potential fountain of revenue in the tens of billions of dollars per year—not to mention the value of the influence over public opinion that such a propaganda machine might achieve. `Revenue = Ads per visit x Visits` Analyzed venally, Wikipedia becomes an appealing portfolio acquisition, which would jeopardize the entire free-open movement. From a different perspective, that of an organizer in an editor’s association, slicing pageview and (non)-advertising data might allow for more effective resource-sharing among the many chapter organizations. In a third analysis using a flow of labor, power, and funds, we can see the Wikimedia Foundation as engaged in illegitimate expropriation, turning editors into sharecroppers and suppressing decentralized growth. These twists all come about through variations on an equation. Which shall we choose? false Adam Wight 2019-12-27T20:00:00+01:00 20:00 00:30 WikiPaka WG: Esszimmer DDCXPN https://cfp.verschwoerhaus.de/36c3/talk/DDCXPN/ Community Meetup de Das Jugend hackt Community Treffen auf dem 36c3! :-) Ideal für alle Menschen aus dem Jugend hackt Kosmos und vor allem für Congress-Neulinge. Wir wollen mit euch am ersten Tag (27.12.19) ein kleines Jugend hackt Meet-Up um 20:00 Uhr im Esszimmer der Wikipaka WG machen. So wollen wir euch und uns einmal zusammen bringen, alle Fragen rund um den Congress und die Wikipaka WG besprechen, im Anschluss eine Runde über den Congress drehen und ein paar andere befreundete Assemblies und andere spannende Orte besuchen. Quasi der perfekte Einstieg! - Kommt rum, wir freuen uns auf euch! true Robert /media/36c3/images/EGBN8W/CFG_500x500.jpg 2019-12-27T21:00:00+01:00 21:00 00:30 WikiPaka WG: Esszimmer EGBN8W https://cfp.verschwoerhaus.de/36c3/talk/EGBN8W/ Community Talk de Seit fünf Jahren setzen sich innerhalb des Netzwerks [„Code for Germany“](https://codefor.de) in ganz Deutschland rund 300 Ehrenamtliche für offene Daten ein und bauen damit Anwendungen für alle. Auch 2019 ist bei uns einiges passiert, was wir euch hier vorstellen wollen. Wir haben uns beispielsweise mit Daten zu Umwelt, Politik und jeder Menge Kartenmaterial beschäftigt und viele neue Projekte am Start. Manche glänzen schon richtig, andere suchen noch Unterstützung. Im Talk erklären wir, was offene Daten eigentlich sind, was man daraus bauen kann und wie man bei uns mitmachen kann. [Code for Germany](https://codefor.de) ist ein Netzwerk von Gruppen ehrenamtlich engagierter Freiwilliger. Wir nutzen unsere Fähigkeiten, um unsere Städte und das gesellschaftliche Miteinander positiv zu gestalten. Wir setzen uns für mehr Transparenz, Offene Daten und Partizipation in unseren Städten ein. Wir vermitteln insbesondere zwischen Zivilgesellschaft, Verwaltung und Politik und nutzen unsere Fähigkeiten, um die Kommunikation zwischen diesen zu verbessern und notwendige Impulse zu setzen, damit die Möglichkeiten der offenen und freien Digitalisierung so vielen Menschen wie möglich zugute kommen. false Julia 2019-12-27T12:30:00+01:00 12:30 00:30 ChaosZone Bühne UCNA7W https://cfp.chaoszone.cz/36c3/talk/UCNA7W/ CCC Vortrag 30 min (incl. Q&A) de Opening celebration of the 3rd Chaoszone@c3 incuding important organizational hints, tips and rules for our assemly. Please take care that at least one person of your group is attending the opening event, as we have some really important information for you. false bigalex nilo 2019-12-27T13:30:00+01:00 13:30 01:00 ChaosZone Bühne SULAC9 https://cfp.chaoszone.cz/36c3/talk/SULAC9/ Ethics, Society & Politics Vortrag 60min (inkl. Q&A) en Presentation on the recent protests in Chile from the anarchist perspective Uprising in $hile without leaders and parties. Conversation about what's going on in the Chilean region. Some keys to understand the present situation and how is the protest organise. false Anarchist Black Cross Dresden /media/36c3/images/V83NXN/Thumbnail-light.png 2019-12-27T15:00:00+01:00 15:00 00:30 ChaosZone Bühne V83NXN https://cfp.chaoszone.cz/36c3/talk/V83NXN/ Vortrag 30 min (incl. Q&A) en Kodi (formerly XBMC) is a free and open source media player application, with a user base stretched across a plethora of platforms. This talk focuses on some of the challenges of the project. With a consumer/enthusiast facing software, multiple challenges arise. The scope of expertise needed by Kodi is broad. Maintaining the forum and social media accounts is a huge task because of the sheer number of users. Servers have to be capable to handle the requests, caused by downloads, forum access and the add-on system of Kodi. Software developers have to cover a wide spectrum of tasks are needed to maintain and improve the media player. A part of the talk will be dedicated to writing Python add-ons (extensions) for Kodi, to enhance the functionality of the software. false sarbes 2019-12-27T16:00:00+01:00 16:00 00:30 ChaosZone Bühne 8QBQZP https://cfp.chaoszone.cz/36c3/talk/8QBQZP/ Vortrag 30 min (incl. Q&A) de Eine kleine Einführung in numerisches Python mit NumPy und SciPy. Für alle die noch nicht wissen, dass sie es brauchen oder es schon immer mal benutzen wollten: Ein kurzer Überblick der Möglichkeiten und Funktion von NumPy und SciPy (ohne Anspruch auf Vollständigkeit). Dazu beispielhafte Anwendungsgebiete in der Forschung, anschaulich anhand eigener Beispielanwendungen im Kontext numerischer Physik. Die kleine Einführung für Neulinge zum Anfangen und Interesse wecken! :) false Isabell 2019-12-27T17:00:00+01:00 17:00 00:30 ChaosZone Bühne SGETQU https://cfp.chaoszone.cz/36c3/talk/SGETQU/ Entertainment Vortrag 30 min (incl. Q&A) de The sumo robot fight for the technically ungifted Short presentation about the History and Rules for all that have not yet participated false honky /media/36c3/images/38KMGV/image002.jpg 2019-12-27T18:00:00+01:00 18:00 01:00 ChaosZone Bühne 38KMGV https://cfp.chaoszone.cz/36c3/talk/38KMGV/ Ethics, Society & Politics Vortrag 60min (inkl. Q&A) en Lebanon is experiencing a revolution, a system shift, from which the Western media remains largely silent. Entrepreneurs, particularly women are playing a critical role now when the society will be rebuilt. To support the much-needed creation of solutions to tackle corruption, inequality and the lack of democracy, a team of rebel academics and culture hackers, both men and women, have established a cross-country knowledge-sharing platform called WTSUP!. We will share experiences of doing culture hacking in Lebanon and hear what is the current entrepreneurial reality for women in Beirut via live stream. The talk is about stories from Beirut, related to WTSUP! platform, which is a volunteer-powered initiative that focuses on the education of women entrepreneurs via events and in the future via cross-country programs. How exactly? We will present, both live on stage and with a connection from Beirut with Priscilla Sharuk, issues related to building a community around equality, volunteerism, and transparency.  The talk also covers the pilot event 2019, where the education consistent specific tech lectures, but also aspects such as sexual harassment and corruption. The initiative is research-driven, where the research aim is to study how empowering women through tech-driven entrepreneurship and leverage the societal status might affect on peacebuilding in the region.  Finally, the presentation looks positively towards the future changes and to the forthcoming non-commercial event in Beirut, March 2020 that has a core focus on sustainability and content is aligned with UNs Sustainable Development Goals. In addition to giving training on entrepreneurship and resilience, there are also sidetracks on governance innovations. Content is participatory, the 2020 event is open for volunteers from Europe and Lebanon to suggest workshops or mentoring for local female talents. The long term aim is to bridge technology-driven communities between the Nordics, Germany and Lebanon, and in the future scale the initiative wider to the MENA region. false Jukka-Pekka Heikkilä 2019-12-27T19:25:00+01:00 19:25 00:30 ChaosZone Bühne RMLDZA https://cfp.chaoszone.cz/36c3/talk/RMLDZA/ Ethics, Society & Politics Vortrag 30 min (incl. Q&A) en Orientalism is a concept that reveals how people categorize and discriminate against others by using seemingly positive or harmless attributions and images. In an interactive presentation, we will introduce Edward Said’s concept to the audience by examining selected Twitter and Instagram posts. #Orientalism #Postcolonialism #Othering #Racism #Sexism NGOs are doing it, the new film about PJ Harvey is doing it, most of us are doing it: using Orientalist narratives to describe the world around us. This happens consciously and more often unconsciously and perpetuates imperialistic perceptions about the (flexible) “Other”. Whenever we order an “exotic Asian salad”, bring back “those beautiful indigenous souvenirs” or by having an Orientalist gaze when travelling and taking picture only of the things that seem “exciting and characteristic”, we create an unequal image of “us” and “them”. As we can see from these examples, the concept of Orientalism is not limited geographically but uncovers seemingly positive and harmless but deeply discriminating narratives everywhere - one famous example being the discourses about East Germany from a West German perspective. In this presentation, we will explain the concept of Orientalism (Edward Said, 1978) by discussing written examples from Twitter and visual examples from Instagram to uncover the traps and temptations of Orientalism. #Orientalism #Postcolonialism #Othering #Racism #Sexism false Barbara Kurz Nina Szogs /media/36c3/images/CUVNKQ/Gartensia_logo.png 2019-12-27T20:50:00+01:00 20:50 01:00 ChaosZone Bühne CUVNKQ https://cfp.chaoszone.cz/36c3/talk/CUVNKQ/ Ethics, Society & Politics Vortrag 60min (inkl. Q&A) de Ein Haus das zwanzig Jahre lang leer steht, eine gravierende Wohnungsnot und ein paar Aktivisti reichen um Leerstand zu beenden. Im Juli wurde die Gartenstraße 7 in Tübingen Leerstand besetzt und ist es bis heute. Der Talk soll davon handeln, warum es zu einer solchen Besetzung kommt, wie so etwas im Alltag aussieht, wie die Besetzung sich von anderen unterscheidet und wie die Zukunft aussehen wird. In Tübingen herrscht wie in vielen anderen Städten Wohnungsnot. Das Problem wird insbesondere durch Leerstand und einen eklatanten Mangel an sozialem Wohungsbau verschärft. Es gibt verschiedene Gesetzte, Verordnungen und Handlunkgsmöglichkeiten die der Kommune helfen dem Problem zu begegnen. Trotz aller Bemühungen der Stadt stehen Gebäude wie die Gartenstraße 7 *20 Jahre* lang leer. Die Besetzung durch Aktivisti im Juli hat diesen Leerstand beendet. Seitdem leben in diesem Haus Menschen, es ist ein täglich geöffnetes Cafè eingerichtet, es finden Konzerte, Lesungen und Workshops statt. Ich würde gerne zeigen wie es zur Schaffung dieses Freiraums kam, wie der Alltag und aber auch die Zukunft des Projekts aussieht. Große Rolle wird dabei die "Tübinger Linie" spielen - eine Position der Stadt die Verhandlungen einer Räumung vorzieht. false Moanos /media/36c3/images/3UQAS7/divas_on_duty_1_nQPCK6I.png 2019-12-27T16:00:00+01:00 16:00 00:20 Art-and-Play Stage 3UQAS7 https://stage.artesmobiles.art/36c3/talk/3UQAS7/ Screening Screening en stills, 20 min, 2019, english language "You know you're the best, when people you don't know hate you." In this exclusive interview, a controversial 60-year-old socialite, designer, entrepreneur and style icon gives her take on beauty, political correctness and #metoo. She might be famous for no reason – and, as she frequently points out, has never been a "payroll slave" – but her fierce attitude and refreshing ideas have made her queen mom for generations of all backgrounds around the world. Will you love her or hate her? Sit back and find out. false Ida Michel 2019-12-27T16:30:00+01:00 16:30 00:20 Art-and-Play Stage 7QKHLA https://stage.artesmobiles.art/36c3/talk/7QKHLA/ Screening Screening en video installation, 20 min, 2018, nonverbal Originally used in computer games and for special effects in blockbuster movies, ‘simulated life’, driven by algorithmic predictions, is increasingly influencing many facets of the real world. From urban planning to disaster evacuation plans, market forecasts and crowd control, algorithmically simulated scenarios produce real world policies and events. Using a variety of images including filmed footage as well as simulations of crowd control software, Transformation Scenario is a meditation on ‘simulated life’ and the increasingly blurred distinctions between real and virtual experiences. This video is part of a larger body of work by von Wedemeyer that engages with the psychology and aesthetics of the crowd. false Clemens von Wedemeyer /media/36c3/images/SBPQMP/Hackitat___web_77nF2fz.jpg 2019-12-27T17:30:00+01:00 17:30 01:10 Art-and-Play Stage SBPQMP https://stage.artesmobiles.art/36c3/talk/SBPQMP/ Screening Screening en documentary, 70 min + Q&A, 2019, english language The documentary takes a look at hacking beyond the computer screens. In the place where technology and activists meet. Where the need to circumvent state surveillance and surveillance capitalism is grave. Where people see an unfair system in society and find a way to hack it. This is the true hacker habitat. In direct opposition to banks, corporations and entrepreneurs using the words 'hack/hackathon', the film aims to fill the words with the subversive and anarchist tradition they have. In a chapter form, this film shows hacker projects and system hacking from Japan, Cuba, occupied Western Sahara, Belgium and Sweden. The chapters are mixed with parts where hackers talk about the ethics behind what they do and the film mirrors the ideas with texts based on Emma Goldman's writings. Filmed in the 2010s it gives an incite to a global political hacker movement. After the preview screening we would love to hear your comments! We are still in the face where we will edit the final version. People from the film and the production group will talk more about the process and answer questions. The final version of the documentary will be released during the spring of 2020. http://www.hackitat.com/ http://rafilm.se/ false RåFILM filmmakers collective 2019-12-27T20:00:00+01:00 20:00 01:00 Art-and-Play Stage TZVUCQ https://stage.artesmobiles.art/36c3/talk/TZVUCQ/ Sound Performance Sound Performance en videogame, flute, concert Friedrun and Gereon play songs from old and modern video games. If you enjoy the sound of the flute we look forward to seeing you. With a mix of some unforgotten classics and beautiful modern pieces we hope to satisfy a wide range of tastes. false Friedrun & Gereon – Flute Duo /media/36c3/images/HUEK8V/himiko__web.jpg 2019-12-27T21:00:00+01:00 21:00 00:20 Art-and-Play Stage HUEK8V https://stage.artesmobiles.art/36c3/talk/HUEK8V/ Theatre/Dance Performance Theatre/Dance Performance en contemporary, dance, nonverbal Come, come whoever you are. Wanderer, worshipper, lover of leaving. This isn't a caravan of despair. It doesn't matter if you have broken your vows a thousand times before! Come again, come. false Asuka & Emmanouela /media/36c3/images/MVMP79/team_intim__web.jpg 2019-12-27T22:00:00+01:00 22:00 00:45 Art-and-Play Stage MVMP79 https://stage.artesmobiles.art/36c3/talk/MVMP79/ Theatre/Dance Performance Theatre/Dance Performance en experimental, noise, drama, german language Merciless and at the same time with great tenderness, the life of a young woman is portrayed. Fluctuating between aggression and devotion, impulsiveness and serenity. Closeness and fear – in the past with passionate ideals, now with a sobering sense of pragmatism. Self formation, self creation, self-depletion. false team intim /media/36c3/images/WECQ3C/Schaltkreis_Musik_gro%C3%9F__web.jpg 2019-12-27T23:30:00+01:00 23:30 00:45 Art-and-Play Stage WECQ3C https://stage.artesmobiles.art/36c3/talk/WECQ3C/ Sound Performance Sound Performance en sound performance Playing cards, sewer pipes, plant pots, canisters, pans, peanut butter jars, vases, washers … Schaltkreis Musik create quirky motorized instruments from items and strangely familiar found objects. These machines can be played like drum computers through rhythm-sequencers. Combined with microphones and effects a versatile beat instrument is formed, that can be played – even with no musical experience. Interacting with the machine sounds, Lorenz Blaumer uses his violin together with live-sampling to generate rhythmic patterns, ambient sounds and bass lines – sometimes even a melody. https://schaltkreismusik.bandcamp.com false Schaltkreis Musik https://frab.riat.at/en/36C3/public/schedule/events/173.html 2019-12-27T17:00:00+01:00 17:00 00:15 CDC - Stage 36C3-173-introduction_to_decentral_community Stage lightning_talk Introduction to decentral.community, and to the Critical Decentralisation Cluster at 36C3. false Diego "rehrar" Salazar https://frab.riat.at/en/36C3/public/schedule/events/175.html 2019-12-27T17:15:00+01:00 17:15 00:15 CDC - Stage 36C3-175-introduction_to_monero_at_36c3 Stage lightning_talk en false Diego "rehrar" Salazar https://frab.riat.at/en/36C3/public/schedule/events/174.html 2019-12-27T17:30:00+01:00 17:30 00:15 CDC - Stage 36C3-174-introduction_to_riat lightning_talk RIAT is an NGO and institute for research, development, communication and education in the fields of cryptography, privacy technologies and the future of decentralisation. false parasew https://frab.riat.at/en/36C3/public/schedule/events/178.html 2019-12-27T17:45:00+01:00 17:45 00:15 CDC - Stage 36C3-178-the_history_of_decentral_community_the_cdc Stage lightning_talk en false nevvton https://frab.riat.at/en/36C3/public/schedule/events/164.html /system/events/logos/000/000/164/large/Swiss.jpg?1577289497 2019-12-27T18:00:00+01:00 18:00 00:15 CDC - Stage 36C3-164-intro_to_the_swiss_cryptoeconomics_assembly Stage lecture en Presentation of the members and working goups of the Swiss Cryptoeconomics assembly. Presentation of the Swiss Cryptoeconomics assemby. The talks at Critical Decentralisation Cluster will be live streamed and recorded. I consent to the use by Monero or RIAT of my image, video, and voice. I understand that this consent is perpetual and my image, video, and voice may appear publicly as part of Monero or RIAT website, Twitter account, YouTube channel and/or other marketing materials, which will be licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. If you would like to opt-out and not be recorded, please contact office@riat.at false polto Ome intro https://frab.riat.at/en/36C3/public/schedule/events/176.html /system/events/logos/000/000/176/large/namecoin-coin_1000px.png?1577380576 2019-12-27T18:15:00+01:00 18:15 00:15 CDC - Stage 36C3-176-intro_to_namecoin Stage lightning_talk en Namecoin is a blockchain (first project forked from Bitcoin) that implements a decentralized DNS and public key infrastructure, which is resistant to censorship, hijacking, and other tampering. This talk will explain the basics of how Namecoin works and what it can be used for. false Jeremy Rand Namecoin https://frab.riat.at/en/36C3/public/schedule/events/138.html /system/events/logos/000/000/138/large/fossasia-300dpi.png?1577181680 2019-12-27T18:30:00+01:00 18:30 00:30 CDC - Stage 36C3-138-open_hardware_developed_at_fossasia Stage lecture en In this interactive session we will introduce Open Hardware projects at FOSSASIA and share experience developing a project from the idea stage to market. Projects discussed include Pocket Science Lab, Neurolab, Badge Magic and more. false Mario Behling FOSSASIA Website PSLab neurolab Badge Magic Presentation Slides https://frab.riat.at/en/36C3/public/schedule/events/177.html 2019-12-27T19:00:00+01:00 19:00 00:15 CDC - Stage 36C3-177-paralelni_polis lightning_talk en false https://frab.riat.at/en/36C3/public/schedule/events/130.html /system/events/logos/000/000/130/large/replicant.png?1576606286 2019-12-27T19:15:00+01:00 19:15 00:15 CDC - Stage 36C3-130-introduction_to_replicant Why and how to make a fully free software Android distribution Stage lightning_talk en Replicant is a fully free Android distribution that is approved by the FSF. This short talk will briefly explain: why Replicant came into being; the freedom, privacy and security issues it has found in devices aimed to run Android; and the approaches that it follows to liberate such Android devices. Replicant is a fully free software Android distribution that puts emphasis on freedom, privacy and security. It is based on LineageOS and replaces or avoids every proprietary component of the system. Replicant is so far the only distribution for smartphones that is endorsed by the Free Software Foundation as meeting the Free System Distribution Guidelines. Starting out as a project that aimed to make the HTC Dream smartphone usable with only free software, it proved that running Android on these devices was much simpler and effective than porting GNU/Linux to them. The main reason behind that lies in the Android architecture: while in GNU/Linux the hardware abstraction is done in the Linux kernel, in Android it is done in hardware abstraction libraries. This enabled hardware manufacturers to break the kernel API, making it very difficult to run GNU/Linux properly on such devices. As the work progressed, the team took the opportunity to learn more about the hardware architecture of the smartphones they were supporting, as it has a big impact on freedom as well. In most early Android Android devices, the modem was in control of everything, with full access to RAM, sound card and GPS. Because of that, Replicant shifted focus to devices where the modem is isolated, and started documenting hardware freedom issues across different devices as well. Most of the heavy work to get new devices ported to Replicant revolved around creating free software replacements for nonfree userspace protocol implementations, such as the Radio Interface Layer (RIL) that communicates with the modem, or the NMEA protocol to talk with the GPS. With that work, one backdoor was found in the proprietary Samsung RIL implementation, which allowed the modem to read the contents of the filesystem. Although the project had fixed some of the freedom issues affecting smartphones and tablets, there was still one critical component missing to be able to run fully free software on the main CPU: the bootloader. Focus was then redirected to devices such as the GTA04 and the Optimus Black, that have an unlocked bootloader and were made to work with u-boot. Unfortunately these devices required a lot of work: the GTA04 had a kernel closely based on upstream Linux, but at the time it required too much time to convert it to use the Android power management models. For the Optimus black, the u-boot port took a huge amount of work as well, leaving no time to finish upstreaming the Linux support. Replicant, as well as it's upstream (LineageOS), inherit the Linux kernel that device manufacturers release thanks to the requirements of the GPL license. Unfortunately it is usually based on versions that are several years old and no longer maintained, riddled with bugs and security concerns. Also, such kernels usually come with dozens to hundreds of out-of-tree patches, required for essential peripherals such as modem, cameras or display. Maintaining and adapting such a kernel to new Android versions ourselves requires too much work. Because of that, we had to drop devices for versions where LineageOS decided to drop them. Taking this into consideration, and having learnt the lessons on how lack of proper kernel support can ditch a device, Replicant is now shifting focus to prepare devices to run a mainline kernel with full support for their peripherals. Replicant is also adopting mainline userspace such as Mesa. Furthermore it is also looking to support community oriented devices such as the Pinephone, that offer a better hardware platform for free software. false dllud Denis 'GNUtoo' Carikli Git repo for slides Replicant Introduction https://frab.riat.at/en/36C3/public/schedule/events/180.html 2019-12-27T19:30:00+01:00 19:30 00:15 CDC - Stage 36C3-180-implicitcad lightning_talk en false implicitcad https://frab.riat.at/en/36C3/public/schedule/events/179.html /system/events/logos/000/000/179/large/Screenshot_from_2019-12-27_15-22-55.png?1577460976 2019-12-27T19:45:00+01:00 19:45 00:15 CDC - Stage 36C3-179-open_source_hardware_oshwa_and_open_hardware_summit lightning_talk en Introduction to Open Source Hardware (OSHW) including the Open Source Hardware Association (OSHWA), certified OSHW, and the Open Hardware Summit false Drew Fustini Open Source Hardware Association (OSHWA) Open Hardware Summit 2020 Twitter for speaker (@pdp7) GitHub repo for slides PDF of slides OSHW slides (PDF) OSHW slides (ODP) https://frab.riat.at/en/36C3/public/schedule/events/184.html 2019-12-27T20:00:00+01:00 20:00 00:10 CDC - Stage 36C3-184-about_freedom Stage lightning_talk en false bonnie https://frab.riat.at/en/36C3/public/schedule/events/181.html 2019-12-27T20:10:00+01:00 20:10 00:15 CDC - Stage 36C3-181-decentral_community_36c3_-_the_program_in_detail Stage lightning_talk false parasew Diego "rehrar" Salazar https://frab.riat.at/en/36C3/public/schedule/events/88.html 2019-12-27T20:30:00+01:00 20:30 01:00 CDC - Stage 36C3-88-fiat_bitcoin_monero_2008-present Stage lecture en A deep-dive summary of the technical, economic, and social aspects of fiat, Bitcoin, and Monero from 2008 to the present day. In keeping with 36C3 CDC's theme of "Respect My Privacy," this talk will emphasize features of cryptocurrencies and asset protection structures that are important to those early adopters who value their privacy. false Dr. Daniel Kim https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10542.html /system/events/logos/000/010/542/large/5Gb-36C3.JPG?1570477444 2019-12-28T11:30:00+01:00 11:30 01:00 Ada 36c3-10542-der_pfad_von_4g_zu_5g Die Luftschnittstelle und das Core im Wandel der Zahlen Science lecture de Mit 4G wurde gegenüber früheren Mobilfunktechnologien das Air-Interface komplett neu gestaltet. Mit 5G wird dieses nun auf mögliche Zukunftstechnologien erweitert. Wir stellen die Neuerungen und die Möglichkeiten auf dem 5G-Air-Interface und im Core-Netz gegenüber 4G vor. Die folgenden Themen werden behandelt: Die 5G-Luftschnittstelle: - Subcarrier, Subcarrierspacing, Symbolzeit - OFDMA bei 4G - Guard Period - Resource Block und Referenzsignal - Resource Grid und die Aufgaben der physikalischen Kanäle - Grenzen von 4G und Möglichkeiten mit 5G - Kanalbandbreiten und Frequenzbereiche 5G - Subcarrier-Spacing und Änderungen im Resource Block (MBMS, NBIoT, Data, Low Latency, etc.) - Beispiele von Resource Grids - 5G auf 3,5 GHz und 700 MHz - Berechnung der maximalen Datenrate - TDD und dessen Vorteile und Einschränkungen (Sync, Laufzeit) - Massive MIMO, Multi-User MIMO - statische Beams und Traffic Beams - Mixed Mode - Dynamic Spectrum Sharing - Messung von Antennen bei 5G Netzarchitektur: - Aktueller Stand von 5G (NSA, Anker bei 4G, TDD, CA mit 4G) - 5G NSA und SA - Core-Netzelemete, Schnittstellen und deren Aufgaben - Radionetzwerk, eNB, gNB, Schnittstellen ((e)CPRI, S, X, ...) - Backhaul, 10 Gbit/s Fiber und Richtfunk - Vorstellung 3GPP Specs false Peter Schmidt Heurekus 36C3-P25G.pdf https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10801.html 2019-12-28T12:50:00+01:00 12:50 01:00 Ada 36c3-10801-sigover_alpha Signal overshadowing attack on LTE and its applications Security lecture en As Long-Term Evolution (LTE) communication is based on over-the-air signaling, a legitimate signal can potentially be counterfeited by a malicious signal. Although most LTE signaling messages are protected from modification using cryptographic primitives, broadcast messages and some of the unicast messages are unprotected. In this talk, we would like to introduce a signal injection attack that exploits the fundamental weakness of unprotected messages in LTE and modifies a transmitted signal over the air. This attack, which is referred to as signal overshadowing (named SigOver) overwrites a portion of the legitimate signal to inject manipulated signal into the victim while the victim is connected to a legitimate cellular network. In most aspects, SigOver attack is superior to FBS (Fake Bas Station) and MitM (Man-in-the-Middle) attack, in terms of Efficiency, Effectiveness, and Stealthiness. Thus, Sigover results in new attacks exploiting broadcast channel and unicast channel. For example, SigOver attack on the broadcast messages can affect a large number of nearby UEs simultaneously such as signaling storm, Denial-Of-Service, downgrading attack, location tracking, and fake emergency alert. SigOver attack on unicast channel can silently hand over victims to FBS and perform MitM attack. Sigover attack is currently zero-day. Since it exploits the fundamental problems in LTE physical signal, it will remain effective until 3GPP standards change. In detail, we talk about the implementation of the SigOver, the first practical realization of the signal overshadowing attack on the LTE broadcast signals, using a low-cost Software Defined Radio (SDR) platform and open-source LTE library. The SigOver attack was tested against 10 smartphones connected to a real-world network, and all were successful. The experimental result shows that the SigOver overshadows the target signal and causes the victim device to decode it with 98% success rate with only 3 dB power difference from a legitimate signal. On the other hand, attacks utilizing an FBS have only 80% success rate even with 35 dB power difference. This implies that the SigOver can inconspicuously inject any LTE message and hand over victims to FBS for the Man-in-the-Middle attack. Presentation Snapshot : 1. Overview on LTE Architecture including structure, security aspects, and types of messages. Broadcast messages and some of the unicast messages are unprotected; thus they have a fundamental weakness. 2. Introduction of SigOver Attack, attack vectors, detailed implementational design, and issues on performing the attack. SigOver attack can manipulate unprotected LTE signals. 3. Comparison with FBS (Fake Base Station) Attacker and MitM (Man-in-the-Middle) Attacker, in terms of Efficiency, Effectiveness, and Stealthiness. In most aspects, SigOver is superior than FBS and MitM attacker. 4. Possible exploitations of broadcast channel using SigOver Attacks, such as signaling storm, Denial-Of-Service, downgrading attack, location tracking, and fake emergency alert. 5. Possible exploitations of unicast channel using SigOver Attacks. An attacker can manipulate every individual unprotected downlink messages. As the whole injection process is silent, this results in whole new types of attacks. 6. For example, an attacker can silently hand over victims to the fake base station. Once the victim is connected to the FBS, attacks including Man-in-the-Middle attack are possible. false CheolJun Park Mincheol Son Sigover + alpha https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11006.html /system/events/logos/000/011/006/large/Deep_Learning.jpg?1575975600 2019-12-28T14:10:00+01:00 14:10 01:00 Ada 36c3-11006-der_deep_learning_hype Wie lange kann es so weitergehen? Resilience & Sustainability lecture de Deep Learning ist von einem Dead End zur ultimativen Lösung aller Machine Learning Probleme geworden - und einiger anderer auch. Aber wie gut ist dieser Trend wirklich? Und wie nachhaltig? Wir setzen uns mit wissenschaftlicher Nachhaltigkeit, sozialen Auswirkungen, und den Folgen für unsere Ressourcen, unseren Energieverbrauch, und damit unseren Planeten auseinander. Deep Learning ist von einem Dead End zur ultimativen Lösung aller Machine Learning Probleme geworden. Die Sinnhaftigkeit und die Qualität der Lösung scheinen dabei jedoch immer mehr vom Buzzword Bingo verschluckt zu werden. Ist es sinnvoll, weiterhin auf alle Probleme Deep Learning zu werfen? Wie gut ist sind diese Ansätze wirklich? Was könnte alles passieren, wenn wir so weiter machen? Und können diese Ansätze uns helfen, nachhaltiger zu leben? Oder befeuern sie die Erwärmung des Planetens nur weiter? Wir setzen uns im Detail mit drei Fragestellungen auseinander: 1. Wissenschaftliche Nachhaltigkeit: Wie gut sind die Ergebnisse wirklich? Was können die modernen neuronalen Netze und was können sie nicht? Und vor allem: Wo werden sie eingesetzt und wie sinnvoll ist das? KI Systeme, deren Beschreibung beeindruckend sind, produzieren nicht immer die besten Ergebnisse, und Reproduzierbarkeit, Evaluation, und Reflexion leiden unter Konkurrenzdruck und dem Publikationszyklus. Außerdem, welche Lösungen und Ansätze gehen im Deep Learning Hype unter? Dafür, dass sich so viele Forscher*innen mit dem Thema beschäftigen, zahlen wir damit, dass andere Themen, Ideen und Ansätze ignoriert werden - obwohl sie nützlich sein könnten. 2. Gesellschaftliche Auswirkungen: Was macht das mit unserer Gesellschaft? Insbesondere die Maschinen, die auf irgendeiner Ebene versuchen, Menschen zu imitieren, aber auch viele Anwendungen, die wir alltäglich verwenden, haben einen grundlegenden Einfluss auf uns, der nicht immer ausreichend reflektiert wird. Maschinen können auch diskriminieren, unsere Entscheidungen beeinflussen, uns in falscher Sicherheit wiegen und Aufgaben übernehmen, denen sie überhaupt nicht gewachsen sind. 3. Umwelteinfluss: Welche Ressourcen investieren wir? Rechenzentren, riesige Data Warehouses, Kryptocurrency-Berechnung und Compute Cluster haben einen nicht mehr vernachlässigbaren Einfluss auf unsere endlichen Ressourcen und den CO2-Haushalt, direkt und indirekt. Die Menge an Strom, Zeit, Platz und Material, die wir investieren, sind in den letzten Jahren massiv gewachsen. Wollen wir wirklich so weiter machen? false Nadja Geisler Benjamin Hättasch https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11086.html /system/events/logos/000/011/086/large/Signal_Blue_Icon.png?1577362494 2019-12-28T16:10:00+01:00 16:10 00:40 Ada 36c3-11086-the_ecosystem_is_moving Challenges for distributed and decentralized technology from the perspective of Signal development Ethics, Society & Politics lecture en Considerations for distributed and decentralized technologies from the perspective of a product that many would like to see decentralize. Amongst an environment of enthusiasm for blockchain-based technologies, efforts to decentralize the internet, and tremendous investment in distributed systems, there has been relatively little product movement in this area from the mobile and consumer internet spaces. This is an exploration of challenges for distributed technologies, as well as some considerations for what they do and don't provide, from the perspective of someone working on user-focused mobile communication. This also includes a look at how Signal addresses some of the same problems that decentralized and distributed technologies hope to solve. true Moxie Marlinspike https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10531.html /system/events/logos/000/010/531/large/logo.png?1576361884 2019-12-28T17:10:00+01:00 17:10 00:40 Ada 36c3-10531-all_wireless_communication_stacks_are_equally_broken Security lecture en Wireless connectivity is an integral part of almost any modern device. These technologies include LTE, Wi-Fi, Bluetooth, and NFC. Attackers in wireless range can send arbitrary signals, which are then processed by the chips and operating systems of these devices. Wireless specifications and standards for those technologies are thousands of pages long, and thus pose a large attack surface. Wireless exploitation is enabled by the technologies any smartphone user uses everyday. Without wireless connectivity our devices are bricked. While we can be more careful to which devices and networks we establish connections to protect ourselves, we cannot disable all wireless chips all the time. Thus, security issues in wireless implementations affect all of us. Wireless chips run a firmware that decodes wireless signals and interprets frames. Any parsing error can lead to code execution within the chip. This is already sufficient to read data passing the chip in plaintext, even if it would be encrypted while transmitted over the air. We will provide a preview into a new tool that enables full-stack Bluetooth fuzzing by real-time firmware emulation, which helps to efficiently identify parsing errors in wireless firmware. Since this kind of bug is within the wireless chips' proprietary firmware, patching requires assistance of the manufacturer. Often, fixing this type of security issue takes multiple months, if done at all. We will tell about our own responsible disclosure experiences, which are both sad and funny. Another risk are drivers in the operating system, which perform a lot of operations on the data they receive from the wireless chip. Most drivers trust the input they get from a wireless chip too much, meaning that wireless exploitation within the chip can easily escalate into the driver. While escalating directly into the operating system is the commonly known option, it is also possible to escalate into other chips. This is a new attack type, which cannot be filtered by the operating system. For everyone who is also concerned during our talk, there will be fancy tin foil hats. false jiska InternalBlue Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10642.html 2019-12-28T18:10:00+01:00 18:10 00:40 Ada 36c3-10642-harry_potter_and_the_not-so-smart_proxy_war Taking a look at a covert CIA virtual fencing solution Security lecture en In this talk we will take a look at the 'Vault 7' Protego documents, which have received very little attention so far, and challenge the assertion that Protego was a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft' based on system block diagrams, build instructions and a few interesting news items. In addition, we will discuss hypothetical weaknesses in systems like it. In March 2017, WikiLeaks published the 'Vault 7' series of documents detailing 'cyber' activities and capabilities of the United States' Central Intelligence Agency (CIA). Among a wide variety of implant & exploit frameworks the final documents released as part of the dump, related to a project code-named 'Protego', stood out as unusual due to describing a piece of missile control technology rather than CNO capabilities. As a result, these documents have received comparatively little attention from the media and security researchers. While initially described by WikiLeaks as a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft', a closer look at the documents sheds significant doubt on that assertion. Instead, it seems more likely that Protego was part of an arms control solution used in covert CIA supply programs delivering various kinds of weapons to proxy forces while attempting to counteract undesired proliferation. In this talk we will take a look at the Protego documents and show how we can piece quite a bit of information together from a handful of block diagrams, some build instructions and a few news articles. Finally, we will discuss the potential weaknesses of such 'lockdown' systems which have been proposed for and are deployed in everything from theft prevention solutions and livestock management to firearms control and consumer UAVs. false Jos Wetzels https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10924.html 2019-12-28T19:10:00+01:00 19:10 00:40 Ada 36c3-10924-the_sustainability_of_safety_security_and_privacy Security lecture en What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043? Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones. But we can't let vendors stop patching them after three years, as they do with phones. So in May, the EU passed Directive 2019/771 on the sale of goods. This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect. In this talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects. As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists. false Ross Anderson Making security sustainable When safety and security become one https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10806.html /system/events/logos/000/010/806/large/lldb.png?1577517371 2019-12-28T20:50:00+01:00 20:50 01:00 Ada 36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone Security lecture en Development-fused iPhones with hardware debugging features like JTAG are out of reach for many security researchers. This talk takes you along my journey to create a similar capability using off-the-shelf iPhones. We'll look at a way to break KTRR, a custom hardware mitigation Apple developed to prevent kernel patches, and use this capability to load a kernel extension that enables full-featured, single-step kernel debugging with LLDB on production iPhones. This talk walks through the discovery of hardware debug registers on the iPhone X that enable low-level debugging of a CPU core at any time during its operation. By single-stepping execution of the reset vector, we can modify register state at key points to disable KTRR and remap the kernel as writable. I'll then describe how I used this capability to develop an iOS kext loader and a kernel extension called KTRW that can be used to debug the kernel with LLDB over USB. false Brandon Azad KTRW iOS kernel debugger for A11 iPhones https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10652.html /system/events/logos/000/010/652/large/Train_wreck_at_Montparnasse_1895_FAIL.jpg?1571601627 2019-12-28T22:10:00+01:00 22:10 01:00 Ada 36c3-10652-bahnmining_-_punktlichkeit_ist_eine_zier Ethics, Society & Politics lecture de Seit Anfang 2019 hat David <i>jeden</i> einzelnen Halt <i>jeder</i> einzelnen Zugfahrt auf <i>jedem</i> einzelnen Fernbahnhof in ganz Deutschland systematisch gespeichert. Inklusive Verspätungen und allem drum und dran. Und die werden wir in einem bunten Vortrag erforschen und endlich mal wieder ein bisschen Spaß mit Daten haben. <i>Rechtlicher Hinweis: Es liegt eine schriftliche Genehmigung der Bahn vor, von ihr abgerufene Rohdaten aggregieren und für Vorträge nutzen zu dürfen. Inhaltliche Absprachen oder gar Auflagen existieren nicht.</i> Die Bahn gibt ihre Verspätungen in "Prozent pünktlicher Züge pro Monat" an. Das ist so radikal zusammengefasst, dass man daraus natürlich nichts interessantes lesen kann. Jetzt stellt euch mal vor, man könnte da mal ein bisschen genauer reingucken. Stellt sich raus: Das geht! Davids Datensatz umfasst knapp 25 Millionen Halte - mehr als 50.000 pro Tag. Wir haben die Rohdaten und sind in unserer Betrachtung völlig frei. Der Vortrag hat wieder mehrere rote Fäden. <b> 1) Wir vermessen ein fast komplettes Fernverkehrsjahr der deutschen Bahn. </b> Hier etwas Erwartungsmanagement: Sinn ist keinesfalls Bahn-Bashing oder Sensationsheischerei - wer einen Hassvortrag gegen die Bahn erwartet, ist in dieser Veranstaltung falsch. Wir werden die Daten aber nutzen, um die Bahn einmal ein bisschen kennenzulernen. Die Bahn ist eine riesige Maschine mit Millionen beweglicher Teile. Wie viele Zugfahrten gibt es überhaupt? Was sind die größten Bahnhöfe? Wir werden natürlich auch die unerfreulichen Themen ansprechen, für die sich im Moment viele interessieren: Ist das Problem mit den Zugverspätungen wirklich so schlimm, wie alle sagen? Gibt es Orte und Zeiten, an denen es besonders hapert? Und wo fallen Züge einfach aus? <b> 2) Es gibt wieder mehrere Blicke über den Tellerrand</b>, wie bei Davids vorherigen Vorträgen auch. Ihr werdet wieder ganz automatisch und nebenher einen <i>allgemeinverständlichen</i> Einblick in die heutige Datenauswerterei bekommen. (Eine verbreitete Verschwörungsheorie sagt, euch zur Auswertung öffentlicher Daten zu inspirieren, wäre sogar der Hauptzweck von Davids Vorträgen. :-) )Die Welt braucht Leute mit Ratio, die Analyse wichtiger als Kreischerei finden. Und darum beschreibt davod auch, wie man so ein durchaus aufwändiges Hobbyprojekt technisch angeht, Anfängerfehler vermeidet, und verantwortungsvoll handelt. false David Kriesel https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10754.html /system/events/logos/000/010/754/large/zombieload_logo_square.png?1571914849 2019-12-28T23:30:00+01:00 23:30 01:00 Ada 36c3-10754-zombieload_attack Leaking Your Recent Memory Operations on Intel CPUs Security lecture en The ZombieLoad attack exploits a vulnerability of most Intel CPUs, which allows leaking data currently processed by other programs. ZombieLoad is extremely powerful, as it leaks data from user-processes, the kernel, secure enclaves, and even across virtual machines. Moreover, ZombieLoad also works on CPUs where Meltdown is fixed in software or hardware. The Meltdown attack published in 2018 was a hardware vulnerability which showed that the security guarantees of modern CPUs do not always hold. Meltdown allowed attackers to leak arbitrary memory by exploiting the lazy fault handling of Intel CPUs which continue transient execution with data received from faulting loads. With software mitigations, such as stronger kernel isolation, as well as new CPUs with this vulnerability fixed, Meltdown seemed to be solved. In this talk, we show that this is not true, and Meltdown is still an issue on modern CPUs. We present ZombieLoad, an attack closely related to the original Meltdown attack, which leaks data across multiple privilege boundaries: processes, kernel, SGX, hyperthreads, and even across virtual machines. Furthermore, we compare ZombieLoad to other microarchitectural data-sampling (MDS) attacks, such as Fallout and RIDL. The ZombieLoad attack can be mounted from any unprivileged application, without user interactions, both on Linux and Windows. In the talk, we present multiple attacks, such as monitoring the browsing behavior, stealing cryptographic keys, and leaking the root-password hash on Linux. In a live demo, we demonstrate that such attacks are not only feasible but also relatively easy to mount, and difficult to mitigate. We show that Meltdown mitigations do not affect ZombieLoad, and consequently outline challenges for future research on Meltdown attacks and mitigations. Finally, we discuss the short-term and long-term implications of Meltdown attacks for hardware vendors, software vendors, and users. false Michael Schwarz Moritz Lipp Daniel Gruss Official ZombieLoad Website Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11242.html 2019-12-29T00:50:00+01:00 00:50 01:00 Ada 36c3-11242-chaos_communication_slam Entertainment podium de Chaos meets Poetry Slam. Der humoristische Dichterwettstreit mit Informatikhintergrund. Mitmachen ausdrücklich erwünscht. Und keine Sorge, ein Poetry Slam hat nichts mit dem Ingeborg-Bachmann-Preis zu tun. Hierbei geht es um einen Wettkampf bei dem selbstgeschriebene Texte live vorgetragen werden. Prosa, Lyrik, lustige Geschichte, das ist eure Wahl. Erzählt von euren Sysadmin Lovestorys, WebDev-f*ckUps oder was auch immer euch auf der Seele liegt. Für Kurzentschlossene bieten wir euch davor noch einen Crash Kurs in Slam Poetry an, damit auch ihr das Publikum begeistern könnt und mit in das Finale einzieht. Die Session findet ihr zeitnah im Event-Wiki. Auf dieser Seite findet ihr auch eine Adresse, um euch für das große Event anzumelden. Durch den Abend begleitet euch das Slam-erfahrene Team der "Slamigans" aus dem Umfeld des Chaostreff Flensburg. Moderiert von Thorben Dittmar, früherer U20-Local aus dem Kühlhaus und ewiger zweiter Platz, stimmt das Publikum zusammen über die besten Beiträge ab. Das Siegertreppchen darf sich schon auf tolle Preise freuen. Also schnell anmelden! false Thorben Dittmar https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10524.html /system/events/logos/000/010/524/large/lightningtalks%283%29.svg.png?1576404130 2019-12-28T11:30:00+01:00 11:30 02:20 Borg 36c3-10524-lightning_talks_day_2 CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki. false gedsic bigalex 36C3 Lightning Talks Wiki Page Info and registration https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10608.html 2019-12-28T14:10:00+01:00 14:10 01:00 Borg 36c3-10608-das_nutzlich-unbedenklich_spektrum Können wir Software bauen, die nützlich /und/ unbedenklich ist? Security lecture de Eine Software ist unbedenklich, wenn man sie auf ungefilterte Daten aus einem Webformular aufrufen kann, ohne prüfen zu müssen, ob dann etwas schlimmes passieren kann. In der Praxis lässt sich ein Kontinuum zwischen Nützlichkeit und Unbedenklichkeit als Kontrahenten beobachten. Software fängt häufig eher unbedenklich an, und wird dann immer bedenklicher, je mächtiger sie wird. Dieser Vortrag will a) diese Beobachtung beschreiben und b) fragen, wie man die Unbedenklichkeit beibehalten kann. Gibt es da Abstufungen? Metriken? Kriterien, die bei einer konkreten Entscheidung helfen können? Die Kernidee dieses Vortrages ist es, von reaktiver Security ("wir packen einfach alles in eine VM / einen Container / eine Sandbox") wegzukommen hin zu einer vertrauenswürdigen Software-Infrastruktur, der man auch ohne Einsperren trauen kann.<p> Die offensichtliche Frage ist, wie man sowas konstruieren würde. Noch wichtiger ist aber die Frage, woran wir vertrauenswürdige Software überhaupt erkennen können.<p>Diese Metrik wäre dann auch hilfreich, um zu erkennen, ob unsere Einsperr-Methode überhaupt vertrauenswürdig war. false Fefe https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10661.html 2019-12-28T16:10:00+01:00 16:10 00:40 Borg 36c3-10661-psychedelic_medicine_-_hacking_psychiatry Psychedelic Therapy as a fundamentally new approach to mental health issues Science lecture en Psychedelic research constitutes a challenge to the current paradigm of mental healthcare. But what makes it so different? And will it be able to meet the high expectations it is facing? This talk will provide a concise answer. Psychedelic Therapy is evolving to be a game changer in mental healthcare. Where classical antidepressants and therapies e.g. for Posttraumatic Stress Disorder often have failed to provide relief, substance assisted psychotherapies with Psilocybin, LSD and MDMA show promising results in the ongoing clinical trials worldwide. A challenge to the current paradigm: Unlike the conventional approach of medicating patients with antidepressants and other psychotropic drugs on a daily basis for months and years at a time, Psychedelic Therapy offers single applications of psychedelics or emotionally opening substances such as Psilocybin, LSD and MDMA within the course of a limited number of therapeutic sessions. The clinical trials conducted in this kind of setting are currently designed around depression, substance abuse, anxiety and depression due to life threatening illnesses, PTSD, anorexia and social anxiety in Autism. Though the results look promising, it is important not to take these therapies for a “magic bullet cure” for all and very patient will mental issues. This talk will outline the principles of psychedelic therapy and research and provide a concise overview of what psychedelic therapy can and cannot offer in the future. false Andrea Jungaberle https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10977.html 2019-12-28T17:10:00+01:00 17:10 00:40 Borg 36c3-10977-hackerparagraph_202c_stgb_reality_check Cybercrime-Ermittlungen: Vorsicht vor der Polizei! Oder: Nicht im falschen Forum posten Ethics, Society & Politics lecture de Der Hackerparagraph § 202c StGB ist seit August 2007 in Kraft. Das Bundesverfassungsgericht nahm eine dagegen gerichtete Verfassungsbeschwerde nicht an, wies aber darauf hin, dass er verfassungskonform auszulegen sei. Wie ist also die Rechtslage? Und wie sieht die Realität der Strafverfolgung aus? Reality Check! Wie war das nochmal mit diesem umstrittenen Hackerparagraphen? Welche Rolle spielt er in der Praxis der Strafverfolgung? Kann mich so ein Ermittlungsverfahren am Ende selber betreffen? Und wie gehen die Strafverfolgungsbehörden bei Ermittlungen wegen des Verdachts auf Straftaten nach § 202c StGB vor? Dies wird anhand eines von einer Schwerpunktstaatsanwaltschaft für Cybercrime geführten Strafverfahrens beantwortet. Der Vortrag stellt Rechtslage und Realität gegenüber. Um es vorweg zu nehmen: Sowas kann man sich gar nicht ausdenken. false RA Ulrich Kerner https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11225.html 2019-12-28T18:10:00+01:00 18:10 02:20 Borg 36c3-11225-der_dezentrale_jahresruckblick_des_ccc CCC lecture de false Holger Klein https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10517.html 2019-12-28T20:50:00+01:00 20:50 01:00 Borg 36c3-10517-megatons_to_megawatts Military warheads as a source of nuclear fuel Science lecture de Can nuclear warheads be used as energy sources instead of exhausting resources? And if, how does this even work? Concerns during the cold war era mainly focused on the diversion of Uranium intended for commercial nuclear power towards usage in weapons. During the 1990s, these concerns gave way to a focus on the role of military Uranium as a major source of fuel for commercial nuclear power. Can nuclear warheads be used as energy sources instead of exhausting resources? And if, how does this even work? In the late 1980s the United States and countries of the former Soviet Union signed a series of disarmament treaties to reduce the world's nuclear arsenals. Since then, lots of nuclear materials have been converted into fuel for commercial nuclear reactors. Highly-enriched uranium in US and Russian weapons and other military stockpiles amounts to about 1500 tonnes, equivalent to about seven times the annual world Uranium mine production. These existing resources can be used instead of exploiting natural Uranium reserves, which are as limited as all other non-renewable energy sources. Uranium mining is a dirty, polluting, hazardous business which possibly could be stopped altogether if existing resources would be used instead. This talk is a primer in nuclear physics with focus on conversion of weapon grade Uranium and Plutonium into fuel for civil nuclear power plants. false Julia Riede https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10567.html 2019-12-28T22:10:00+01:00 22:10 01:00 Borg 36c3-10567-hacking_sony_playstation_blu-ray_drives Security lecture en Xbox 360 video game console had a number of widely known hacks for firmware of its optical disc drives. However, it was never the case with Blu-ray disc drives of Sony PlayStation video game consoles. In fact, up until recently there was no much information available on this subject publicly. In this presentation, I would like to share my journey of delving deep into internals and security of Sony PlayStation Blu-ray disc drives. As games are distributed within optical media, those embedded devices were intended to contain the best security possible. I will demonstrate a multiple hardware hacks and several software vulnerabilities that allowed to dump firmware and get code execution on multiple models of Sony PlayStation Blu-ray disc drives. In this presentation, I will share the following: 1) I will provide in-depth analysis of vulnerabilities and their exploitation to achieve code execution on multiple models of Sony PlayStation Blu-ray disc drives 2) I will discuss problems that I’ve encountered while reverse engineering the firmware and how I solved (some of) them 3) I will talk about security features of Sony PlayStation Blu-ray disc drives 4) I will explain what engineers did right and how achieving code execution on the drive doesn’t lead to full compromise of security false oct0xor https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11020.html 2019-12-28T23:30:00+01:00 23:30 01:00 Borg 36c3-11020-vehicle_immobilization_revisited Uncovering and assessing a second authentication mechanism in modern vehicle immobilization systems Security lecture en Modern road vehicles are fitted with an electronic immobilization system, which prevents the vehicle from starting unless an authorized transponder is present. It is common knowledge that the security transponder embedded in the key fob should be secure, and quite some work has been published on the (in)security of such transponders. However, we identify another crucial part of the immobilizer system, that has not yet received any academic attention. We investigated three vehicles, and found that the security transponder does not communicate with the ECM (Engine Control Module) but with the BCM (Body Control Module). After succesful authentication of the key, the BCM will then authenticate towards the ECM, after which immobilization is deactivated and the vehicle may start. If either the security transponder or this ECM-BCM authentication protocol is weak, vehicles may be started without presence of a valid security transponder. We present three case studies of such ECM-BCM protocols on vehicles from Peugeot, Fiat and Opel. The protocols are shown to be used in many different models, and also by other brands owned by the same group. We show how two of the protocols are completely broken, while the third one is derived directly from a 1995 security transponder. Both attacks can be carried out through the standardized OBD-II connector, present and conveniently located in all modern vehicles. Bottom line: cryptographic protocols used in the ECM-BCM authentication are not on par when compared with the crypto embedded in the transponder. Nowadays, immobilizers play an essential role in the prevention of vehicle theft. Intended to raise the complexity of theft through the introduction of non-mechanical safety measures, immobilizers have always worked by the same basic principle: to disallow ignition until some secret is presented to the vehicle. Immobilizers gained popularity in the 1990s, as a consequence of legislation: the European Union, Australia and Canada adopted regulation in the nineties, mandating the use of electronic immobilization systems in passenger cars. Immobilizers have shown to be highly effective in the effort to reduce theft rates. According to a 2016 study, the broad deployment of immobilization devices has lead to a reduction in car theft of an estimated 40% on average during 1995-2008. However, various tools are on the market to bypass electronic security mechanisms. Deployment of insecure immobilizer systems has real-world consequences: multiple sources report cars being stolen by exploiting vulnerabilities in electronic security, sometimes to extents where insurance companies refuse to insure models unless additional security measures are taken. In modern cars, the ECM (Engine Control Module) is responsible for operating the car engine, and is also responsible for starting the engine. A common misconception about immobilizer systems is that the car key always authenticates directly to the ECM, and that the ECM will only allow the car to start when it has established an authorized 125KHz RFID security transponder is present. In practise, the security transponder in the key fob authenticates towards the BCM (Body Control Module), which in turn authenticates towards the ECM. We have selected three cars from different major Original Equipment Manufacturers (OEMs) and identified immobilizer protocol messages from CAN-bus traffic, which can be accessed through the conveniently located OBD-II connector. We made traces of CAN-traffic when the ignition lock is switched to the ON position. Immobilizer related messages can be easily recognized when searching for high-entropy messages that strongly differ between traces. Confidence that the messages are indeed related to immobilizer can be increased by removing the security transponder from the key, which should result in different protocol messages. After identification of related messages, we dumped ECM and BCM micro-controller firmwares, either by leveraging existing software functions, or by using micro-controller debug functionality such as JTAG and BDM. We derived the immobilizer protocol through reverse-engineering. In all three cases, we established the same protocol is used in several different models from the same OEMs, including currently manufactured ones. We then analyzed the protocols for cryptographic strength. Two turn out to be completely broken, while the last one is directly derived from a 1995 security transponder. While it exhibits no obvious weaknesses, it is used in conjunction with current AES security transponders, and as such, we still recommend the manufacturer to replace it. false Wouter Bokslag 2019-12-28T11:30:00+01:00 11:30 00:05 Borg USUJZB https://c3lt.de/36c3/talk/USUJZB/ Entertainment Lightning Talk en A short introduction to the Lightning Talks Day 2 session false gedsic 2019-12-28T11:35:00+01:00 11:35 00:05 Borg U3WQCS https://c3lt.de/36c3/talk/U3WQCS/ Security Lightning Talk en freewvs is a little tool that allows to locally scan filesystems for known vulnerable web applications. freewvs is a tool for web server administrators that allows them to see if their users are using any web applications with known vulnerabilities. It detects the presence and version of web applications (e.g CMS systems like Drupal, Joomla, Wordpress) and checks it against a list of known vulnerable versions. It is Free Software under the CC0 license. https://freewvs.schokokeks.org/ false Hanno Böck 2019-12-28T11:40:00+01:00 11:40 00:05 Borg VVRMMA https://c3lt.de/36c3/talk/VVRMMA/ Science Lightning Talk en PSLab is a small USB powered open hardware extension for your Android phone or PC that lets you measure all kinds of things. false Marc Nause 2019-12-28T11:45:00+01:00 11:45 00:05 Borg KKUYRL https://c3lt.de/36c3/talk/KKUYRL/ Hardware & Making Lightning Talk en An introduction to the JSON Meta Application Protocol, a spiritual successor to IMAP & Submission, and into Ltt.rs one of the first clients to use it. The [JSON Meta Application Protocol](https://jmap.io) is a recent IETF standard meant to replace IMAP & Submission for certain scenarios (mostly mobile and web). This talk will give a very brief introduction on why the protocol is needed, how it looks like and will showcase [Ltt.rs for Andnroid](https://ltt.rs) a no-frills, easy to use, easy to maintain Email client for Android based on JMAP. false Daniel Gultsch 2019-12-28T11:50:00+01:00 11:50 00:05 Borg BGNPT3 https://c3lt.de/36c3/talk/BGNPT3/ Hardware & Making Lightning Talk en Magically Create Text and Cliparts on LED Name Badges using Bluetooth Badge Magic is a project born out of the desire to open up LED mini badges and reprogram them with an open source solution with features not found elsewhere. In recent versions we added a lot of features like drawing of cliparts and additional language support. Through an Android phone the user can add scrolling symbols and text on LED name badges through Bluetooth. The app provides options to portray names, clipart and simple animations on LED badges. false Mario Behling 2019-12-28T11:55:00+01:00 11:55 00:05 Borg 93MFWV https://c3lt.de/36c3/talk/93MFWV/ Security Lightning Talk en PathAuditor is a tool to detect file accesses in which an unprivileged user might have messed with the path. The impact can range from DoS to LPE. false tsuro 2019-12-28T12:00:00+01:00 12:00 00:05 Borg BXSJBE https://c3lt.de/36c3/talk/BXSJBE/ Security Lightning Talk en **Axoltol** is a signal client written in go and vuejs. This talk is about the history of the project, difficulties and future. https://axolotl.chat false nanu-c/Aaron Kimmig 2019-12-28T12:05:00+01:00 12:05 00:05 Borg L8CLUH https://c3lt.de/36c3/talk/L8CLUH/ Hardware & Making Lightning Talk en How to connect JavaScript with an analoge oscilloscope Bleeptracks Design Generator for this congress is very cool, so I wanted to have it on all my screens. Including an analoge oscilloscope. I will give a short overview how it works. For a deeper introduction, more information and live demos come to my german talk at the chaoszone stage at day2 19:45. https://cfp.chaoszone.cz/36c3/talk/VPJPZR/ Slides: https://quantenprojects.github.io/presentations-at-36c3/ Project Page: https://github.com/quantenProjects/36c3-generator false quanten 2019-12-28T12:10:00+01:00 12:10 00:05 Borg W3YJT7 https://c3lt.de/36c3/talk/W3YJT7/ Ethics, Society & Politics Lightning Talk de After decades of taking exponentially growing resources for granted, IT finally has to content with zero growth. Can you cope with that? Slides: https://0x4c.de/36c3/36c3-lightning-talk-systain-it.pdf Discussion: https://events.ccc.de/congress/2019/wiki/index.php/Session:Are_You_ready_to_sustain_IT%3F Recording: 33' 30" https://media.ccc.de/v/36c3-10524-lightning_talks_day_2 false 0x4c.de 2019-12-28T12:15:00+01:00 12:15 00:05 Borg VCYPUW https://c3lt.de/36c3/talk/VCYPUW/ Hardware & Making Lightning Talk en This talk will provide a short overview of Free Pascal, an open source, cross platform, Object Pascal compiler. Free Pascal is a > 25 year old Object Pascal compiler that is available as Open Source, supports a variety of platforms as well as many features that make it useable as a daily development tool. You can check it out here: https://www.freepascal.org/ false PascalDragon 2019-12-28T12:20:00+01:00 12:20 00:05 Borg SCES79 https://c3lt.de/36c3/talk/SCES79/ Hardware & Making Lightning Talk de Announcement and short introduction to the \\ Telnet-Challenge A.K.A Winkekatzen-Challenge. \\ **WIN A FREE SHIRT** We will present the following Topics: * Origin of **Telnet - Klartext Reden** * Projects * Spoiler & Bounty false dondario 2019-12-28T12:25:00+01:00 12:25 00:05 Borg CRHAQR https://c3lt.de/36c3/talk/CRHAQR/ Ethics, Society & Politics Lightning Talk en **Are there alternatives for petitions? A creative approach to online campaigning.** If you’re really lucky, a petition or an email to target action might be all it takes to win your campaign. But unfortunately for most campaigns, it can take months or years of hard work to make an impact. That’s why it’s so important for us campaigners to have a range of tactics we can employ to grab the attention of our target, increase the pressure on them and to keep our supporters engaged. This talk introduces a few inspiring digital campaigning tactics. false Lena Rieger 2019-12-28T12:30:00+01:00 12:30 00:05 Borg KRDS97 https://c3lt.de/36c3/talk/KRDS97/ Security Lightning Talk de Was kann man abseits von Monitoring mit Grafana und Time series databases machen? false zivillian 2019-12-28T12:50:00+01:00 12:50 00:05 Borg ZFRRVX https://c3lt.de/36c3/talk/ZFRRVX/ Science Lightning Talk en There are five simple rules to follow when researching in Machine Learning. They make your work easier to verify. I have studied Computer Science and had to deal with many papers during my master's thesis. "Thanks" to poorly documented code and missing technical details I had a fair number of problems. As a consequence, I developed five easy to follow rules that improve the reproducability of any research significantly. false 2martens 2019-12-28T12:55:00+01:00 12:55 00:05 Borg CVH7UU https://c3lt.de/36c3/talk/CVH7UU/ Ethics, Society & Politics Lightning Talk en Basic guide how to care for autistics at larger events * accept uncommon behavior and allow people to leave rooms * don't force people into overstimulating situations * make a predictable schedule * school your paramedic * bonus: help with nonverbal communication false Benjamin Wand 2019-12-28T13:00:00+01:00 13:00 00:05 Borg L89JKN https://c3lt.de/36c3/talk/L89JKN/ Security Lightning Talk en Introducing Delay/Disruption-Tolerant Networking (DTN) through the dtn7-go software to be used for ad hoc networks with no or limited infrastructure. In Delay/Disruption-Tolerant Networking (DTN), data is transmitted in a store-carry-forward fashion from network node to network node. Between the transmissions, there may be no interconnected network for some time. Such networks are suitable whenever there is hardly any infrastructure available, e.g., in rural areas, disaster scenarios or in space. This presentation will briefly explain the DTN technology and present the [dtn7-go](https://github.com/dtn7/dtn7-go) implementation. false Alvar Penning 2019-12-28T13:05:00+01:00 13:05 00:05 Borg YRQHDE https://c3lt.de/36c3/talk/YRQHDE/ Security Lightning Talk en Tesla vehicles with 'Phone Key' transmit a unique ID.Tesla Radar tracks these IDs and creates a heat-map in order to raise awareness for the issue. Newer Tesla vehicles (eg. Tesla Model 3) transmit unique IDs via Bluetooth that does not change over time an that cannot be disabled by the owner. Tesla stated, that they have no intentions (as of July 2019) to change the implementation of the 'Phone Key' feature to a privacy friendly version. in order to raise awareness for this shortcoming, the Android app Tesla Radar gamifies the process of spotting Tesla vehicles with 'Phone Key' feature around the globe. https://www.teslaradar.com/ false Martin Herfurt @mherfurt 2019-12-28T13:10:00+01:00 13:10 00:05 Borg UWMXYZ https://c3lt.de/36c3/talk/UWMXYZ/ Ethics, Society & Politics Lightning Talk en Introduction to Open Source Initiative's license review process. false Hong Phuc Dang 2019-12-28T13:15:00+01:00 13:15 00:05 Borg 8WSHJV https://c3lt.de/36c3/talk/8WSHJV/ Hardware & Making Lightning Talk en I will give an overview of the workshops taught at the Hardware Hacking Area. https://events.ccc.de/congress/2019/wiki/index.php/Assembly:Hardware_Hacking_Area false Emily Hammes 2019-12-28T13:20:00+01:00 13:20 00:05 Borg NVYV77 https://c3lt.de/36c3/talk/NVYV77/ Hardware & Making Lightning Talk en There have been countless attempts to dethrone Android. Many tried, many failed. But 2020 might be the year we finally see this change! A brief overview of the things you absolutely *have* to know about all the hot alternative mobile operating systems out there, as well as some upcoming devices. If you ever wondered what happened to Ubuntu Touch since UBports took over, what KDE is up to with Plasma Mobile, or you're thinking about buying a PinePhone, this is the talk for you. Links: - ubuntu-touch.io - plasma-mobile.org - postmarketos.org - pine64.org - volla.systems - github.com/ubports/ubports-installer false Jan Sprinz 2019-12-28T13:25:00+01:00 13:25 00:05 Borg VPWRHF https://c3lt.de/36c3/talk/VPWRHF/ Ethics, Society & Politics Lightning Talk de Four projects are presented where you can help nature and people. Later we meet at Wikipaka (2019-12-29, 19:00–22:00) for a small hackathon. We will introduce four projects where you can help nature and people. Later we will meet at Wikipaka to do start right away with a small hackathon: 1) Data visualization - VIDET - A Webinterface for publicly available data. 2) Wildretter (rescuing wildlife) - A navigation app. 3) Buidling an open source rhizotron (root scanner) - 3D printing and micro controller 4) Snooze against the machine - Snooze for future - A charity alarm clock app. false Mario 2019-12-28T13:30:00+01:00 13:30 00:05 Borg PCX3PM https://c3lt.de/36c3/talk/PCX3PM/ Ethics, Society & Politics Lightning Talk en Accounting is not very fun and is not taught at school, yet this talk will try to convince you that it is as important as brushing your teeth. A few years ago, I spent the time to learn and discipline myself to double-entry accounting to help me manage the complexity of my financial situation across the United States and Europe. Doing accounting is not very fun, yet after all those years, I fail to find any reason to not take it as seriously as brushing your teeth. This short talk will explain what doing accounting means, good reasons for doing it and a few bad reasons for not doing it. false Louis Opter 2019-12-28T13:35:00+01:00 13:35 00:05 Borg WQWRTE https://c3lt.de/36c3/talk/WQWRTE/ Ethics, Society & Politics Lightning Talk en Lessons learned from five years of experimenting with do-ocracy. How to solve internal conflict and give power to the people who do stuff! Hackerspace.Gent presents [the hackerspace blueprint](https://hackerspace.design): a living document which explains how our community works. It is the result of five years of hacking do-ocracy to reduce interpersonal conflict and get the best out of people. It’s a system with minimal overhead and minimal control, designed to give power to the people who do stuff. false Merlijn Sebrechts 2019-12-28T13:40:00+01:00 13:40 00:05 Borg CQUWRH https://c3lt.de/36c3/talk/CQUWRH/ Hardware & Making Lightning Talk en We are building a easy to build open source laser tag system. https://github.com/open-laser-tag/ The open laser tag system is built on a ESP32 and a Android app. Laser Tag works with infrared, so the ESP32 is connected to a Infrared LED and a receiver. The infrared light is focused by a lens. The Android app is connected to the ESP32 via the onboard Bluetooth of the ESP32. The system is nearly playable. Currently we are working on a better case of the tagger. When you want to develop with us or want to have fun in the future with our system you are very welcome to contact us! false zeud Florian 2019-12-28T13:45:00+01:00 13:45 00:05 Borg 7WTWVD https://c3lt.de/36c3/talk/7WTWVD/ Security Lightning Talk en Do you want to analyse malware, but are you unsure how? Do you want to learn more, but do you not know where? Follow this course to get a head start! Analysing malware may seem hard, but some parts are easier than it may seem! In my course, I describe the complete analysis process with background information in a detailed manner. The course starts from scratch and ends when the attendee is able to analyse malware without the help of the course. false Max 'Libra' Kersten https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10575.html 2019-12-28T11:30:00+01:00 11:30 01:00 Clarke 36c3-10575-how_to_design_highly_reliable_digital_electronics Hardware & Making lecture en There's a variety of places - on Earth and beyond - that pose challenging conditions to the ever-shrinking digital circuits of today. Making those tiny transistors work reliably when bombarded with charged particles in the vacuum of space, in the underground tunnels of CERN or in your local hospital's X-ray machine is not an easy feat. This talk is going to shed some light on what can be done to keep particles from messing up your ones and zeroes, how errors in digital circuits can be detected and corrected, and how you may even re-purpose those flipped bits in your RAM as a particle detector. This talk will introduce the audience to the class of problems that digital circuits are faced with in challenging radiation environments. Such environments include satellites in space, the electronics inside particle accelerators and also a variety of medical applications. After giving an overview of the various effects that may cause malfunctions, different techniques for detection and mitigation of such effects are presented. Some of these techniques concern the transistor-level design of digital circuits, others include triple modular redundancy (TMR) and correction codes. Some open source software solutions that aid in the design and verification of circuits hardened against such problems are presented, and of course a 'lessons learned' from our experiences in the field of particle detector electronics will be shared. false thasti Szymon https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11113.html 2019-12-28T12:50:00+01:00 12:50 01:00 Clarke 36c3-11113-reducing_carbon_in_the_digital_realm How to understand the environmental impact of the digital products you build, and take measurable steps to “green your stack” Resilience & Sustainability lecture en In this talk, you'll learn about the environmental impact of the digital products and services you build, why this matters. You’ll be introduced to a mental model, known as Platform, Packets, Process, for measuring and identifying emissions hotspots in digital products, and the steps you can take to reduce them. You might have heard stories about how bitcoin, or the internet itself, is responsible for an ever-growing share of global carbon emissions. But it doesn’t need to be this way. Did you know that just by switching AWS regions in the US, you can wipe out a huge chunk of the carbon footprint from running your tech infrastructure? Most people don't, and we need stuff like this to be common knowledge in our industry - we need to know how to build digital products without needing to emit carbon, the same way we expect people in automotive industries to how to build cars with without needing lead in the fuel. In this talk, you'll learn about the environmental impact of the digital products and services you build, and a about a mental model, known as Platform, Packets, Process, for measuring and identifying emissions hotspots in the way you build them. You’ll also see how to use skills you already have to make meaningful, measurable improvements to the environmental impact of the digital products and services you build, and the open source tools available to support you in your efforts to green your stack. false Chris Adams More on "Packets" - infrastrucure that you don't control that causes carbon emissions More on "Platform" – emissions caused by servers and infrastructure you run yourself More on "Process" - emissions caused by decisions about how and where you work My personal site, with links to previous talks Slides for the talk on Google slides Reducing Carbon in the Digital Realm Deck file https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10995.html 2019-12-28T14:10:00+01:00 14:10 01:00 Clarke 36c3-10995-the_search_for_anonymous_data Attacks against privacy-preserving systems Science lecture en Data is core to the digital economy. Scandals such as Cambridge Analytica, however, serve as a reminder that large-scale collection and use of data raise serious privacy concerns. In this talk, I will discuss past and current research in data anonymization and anonymous use of data. More specifically, I will describe how historical statistical disclosure control methods fail to protect people's privacy in a world of big data and discuss the potential and challenges of modern security-based approaches to data privacy. Data is a core element of modern society but its collection and use also raise serious privacy concerns. To allow data to be used while preserving privacy, GDPR and other legal frameworks rely on the notion of “anonymous data”. In this talk, I will first show how historical anonymization methods fail on modern large-scale datasets including how to quantify the risk of re-identification, how noise addition doesn't fundamentaly help, and finally recent work on how the incompleteness of datasets or sampling methods can be overcomed. This has lead to the development of online anonymization systems which are becoming a growing area of interest in industry and research. Second, I will discuss these the limits of these systems and more specifically new research attacking a dynamic anonymization system called Diffix. I will describe the system, both our noise-exploitation attacks, and their efficiency against real-world datasets. I will finally conclude by discussing the potential of online anonymization systems moving forward. true Yves-Alexandre de Montjoye https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11227.html /system/events/logos/000/011/227/large/digital-vs.-printversion_main-logo_1500x1500.png?1577464327 2019-12-28T16:10:00+01:00 16:10 00:40 Clarke 36c3-11227-fridays_for_future_de Schule schwänzen für das Klima Ethics, Society & Politics lecture de Der Diskurs hat sich von Klimaschutz als Aufgabe von Individuen hinzu einer strukturellen, systemischen Frage verschoben. Welche Veränderungen brauchen wir und warum lohnt es gemeinsam und aktivistisch gegen fossile Energieträgern und Co. vorzugehen. Viele Bereiche der Digitalsierung heizen die Klimakrise momentan an. Ich möchte eine aktivistische Perspektive darauf geben, welche Rolle Digitalisierung beim Ende des Ressourcenraubbaus spielen kann. Eine Energieversorgung ausschließlich aus erneuerbaren Energien ist ohne Digitalisierung nicht möglich. Digitale Kommunikation ist entscheidend bei der Organisation von Fridays For Future, wie sie aktuell gestaltet wird verbrennt sie viele persönliche Ressourcen. Nach einem Jahr Klimastreik redet die Gesellschaft in einem Ausmaß wie nie zuvor über die Klimakrise. Lösungsansätze dieser Krise werden auch in der Öffentlichkeit immer öfter auf einer strukturelle und systemischen Ebene diskutiert. 1,4 Millionen Menschen waren am 20. September beim Global Climate Strike in Deutschland auf der Straße. Die institutionalisierte Politik, Parteien & vor allem die Bundesregierung machen weiterhin nur mit ihrer Blockadehaltung auf sich aufmerksam. Welche Rolle spielt eigentlich die Digitalisierung beim Ausstoß von Treibhausgasen und welche bei der Reduzierung dieses Ausstoß. Mit anderen Worten, welche Digitalsierung ist klimazerstörend und wie müssen wir sie gestalten in Zeiten der Klimakrise. Die wöchentlichen Streiks und viele weitere Veranstaltungen sowie die Organisation des Ganzen prägten viele junge Menschen das vergangenge Jahr. Digitale Kommunikation spielt in der Vernetzung der einzelnen Arbeits- und Ortsguppen eine essentielle Rolle. Diese Organisationsform bedeutet nicht nur schnelle Reaktionsfähigkeit, sondern oft auch die Verbrennung sämtlicher personeller Ressourcen. Die Digitalisierung sorgt in vielen Bereichen für mehr Emissionen. Allein die Organisation der Klimagerechtigkeitsproteste zeigt, dass sie nicht nur Teil des Problems ist, sondern auch Teil der Lösung. Die planetaren Grenzen & Menschenrechte lassen sich nicht verhandeln, alle anderen Grenzen können wir zu Gunsten der Menschen aufweichen oder abschaffen. Der Kampf für digitale Freiheit erleichtert Aktivismus für Klimagerechtigkeit, beides geht uns alle etwas an. false Tom Patzelt https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10738.html /system/events/logos/000/010/738/large/XR_Berlin.jpg?1571867685 2019-12-28T17:10:00+01:00 17:10 00:40 Clarke 36c3-10738-extinction_rebellion Jahresrückblick 2019 Ethics, Society & Politics lecture de Extinction Rebellion (XR) ist eine global agierende, schnell wachsende, klimaaktivistische Graswurzel-Bewegung, die mit gewaltfreien Aktionen zivilen Ungehorsams auf die drohende Klimakatastrophe hinweist und Regierungen zum Handeln bewegen will. Die Ortsgruppe Berlin präsentiert in einer Art Jahresrückblick eine Auswahl an aktuellen Aktionen und stellt vor, wo wir als Bewegung gerade stehen, was wir bislang erreicht haben und was weiterhin gebraucht wird, um ein dringend notwendiges politisches Umsteuern einzuleiten. Let's act now. Extinction Rebellion (XR) hat ein turbulentes erstes Jahr hinter sich. Im letzten Herbst wurden in London die fünf wichtigsten Brücken über die Themse besetzt und die drohende Klimakatastrophe begann – endlich! – ins öffentliche Bewusstsein zu rücken. In diesem Herbst gab es koordinierte Aktionen und Blockaden mit Zehntausenden Teilnehmer:innen bereits in über 60 Metropolen auf der ganzen Welt. Über zweitausend Menschen sind dabei verhaftetet worden. Klimapolitisch hat sich dennoch so gut wie nichts getan. Während Regierungen entweder regungslos verharren oder aber den Klimanotstand ausrufen und zugleich neue Infrastruktur für fossile Brennstoffe bewilligen, arbeitet die Leugner:innenmaschinerie auf Hochtouren und bemüht sich um die Konstruktion alternativer Fakten. Gleichzeitig erleben wir immer wieder, dass unsere wissenschaftlichen Prognosen nicht stimmen und sich der Klimawandel in seinem Verlauf schneller und heftiger vollzieht als vorhergesagt. Hitzewellen, Waldbrände, Dürren, Ernteausfälle, Wasserknappheit sind nicht mehr zu ignorieren. Es ist daher unumgänglich, den politischen Druck zu erhöhen, indem mehr Aktionen an mehr Orten mit noch viel mehr Menschen und auf vielen verschiedenen Ebenen durchgeführt werden. XR kann jede Art von Unterstützung gut gebrauchen – egal ob es um Nachhilfe in puncto Privacy geht, um Operational Security, um Soft- und Hardware oder um eigenständigen Hacktivismus. Wichtig ist nur: Wir müssen uns jetzt aufraffen, zusammentun und aktiv werden. The time is now. false Maria Lu Yen Roloff sina Extinction Rebellion Deutschland Extinction Rebellion https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11237.html /system/events/logos/000/011/237/large/australia.png?1576161610 2019-12-28T18:10:00+01:00 18:10 00:40 Clarke 36c3-11237-framing_digital_industry_into_planetary_limits_and_transition_policies The environmental costs of digital industry and pathways to sustainability Resilience & Sustainability lecture en A lecture on the environmental impacts of digital industry today and how to think about and design digital tools with limited energy and resources. In his lecture Gauthier Roussilhe summarises what we know today about the environmental impacts of digital industry. He addresses the sustainability of the current trajectory and how to think differently about digital industry. Contesting the myths of dematerialisation and of the global village, he gives examples of digital web design based on CO2/energy budget rather than monetary budget. He also gives examples of digital tools that accept the materiality of their territory (geographical, infrastructures) to think of new digital uses. false Gauthier Roussilhe Gauthier Roussilhe designer and researcher on sustainable digital tools https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10751.html /system/events/logos/000/010/751/large/1R3VdhcVj7Cn3eykkqSs%28%E5%B7%B2%E5%8E%BB%E5%BA%95%29.jpg?1576641244 2019-12-28T19:10:00+01:00 19:10 00:40 Clarke 36c3-10751-the_inside_story_there_are_apps_in_apps_and_here_is_how_to_break_them Break Isolation and Sandbox in the Instant Apps Security lecture en With the rapid development of mobile internet, apps become more and more complex. However, their most used functions are limited to a few pages. Enters instant app. It has many advantages over normal apps, such as click-to-play and concise design, and it's becoming more and more popular. There is some form of instant app framework in many popular apps, such as Google Play, TikTok, etc. In addition, many phone vendors have also embedded instant app frameworks in their pre-installed applications. However, there is barely any public research on attacking instant apps. In this talk, we will dive into a common architecture of instant app framework, and demonstrate attack models for it. Based on these attack models, we have reverse engineered top instant app frameworks. We will show how to bypass various kinds of sandboxing and restriction technologies to break isolations between instant apps. These vulnerabilities could lead to sensitive information leakage, identity theft, account takeover and other severe consequences. During the study of Google Instant app, we also bypassed component access restrictions, which greatly expands attack surface. These vulnerabilities and attack models affects more than 60% of Android devices and at least 1 billion users. Finally, we summarize the root causes of these vulnerabilities at the architectural level and point out the potential attack points. We will also propose practical mitigation measures for specific vulnerabilities. We hope we could make users and developers aware of the potential security risks while enjoying the convenience of instant apps. We also hope to make security community aware of this emerging new attack surface. true RonnyXing https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11090.html /system/events/logos/000/011/090/large/Still_18.jpg?1572123226 2019-12-28T20:50:00+01:00 20:50 01:00 Clarke 36c3-11090-the_case_against_wikileaks_a_direct_threat_to_our_community How to understand this historic challenge and what we can do to defend ourselves Ethics, Society & Politics lecture en The unprecedented charges against Julian Assange and WikiLeaks constitute the most significant threat to the First Amendment in the 21st century and a clear and present danger to investigative journalism worldwide. But they also pose significant dangers to the technical community. This panel will explain the legal and political issues we all need to understand in order to respond to this historic challenge. <p>We've been warning you about it for years, and now it's here. The talk will dissect the legal and political aspects of the US case against Wikileaks from an international perspective. It will describe the threats this prosecution poses to different groups and the key issues the case will raise. Most importantly, we will explain how we are still in time to act and change the course of history. </p> <p>The unprecedented charges against Julian Assange and WikiLeaks constitute the most significant threat to the First Amendment in the 21st century and a clear and present danger to investigative journalism worldwide. But they also pose significant dangers to the technical community, the trans community, to human rights defenders and anti-corruption campaigners everywhere.</p> <p>If we don't take action now, the ramifications of this case will be global, tremendously damaging and potentially irreversible in times when the need to hold the powerful to account has never been more obvious. This is a historic moment and we need to rise to its challenge.</p> <p>This talk will explain the legal and political aspects of the case against WikiLeaks, the reasons why Chelsea Manning and Jeremy Hammond have been imprisoned again, the governmental interests for and against prosecution, the dynamics of UK/US extradition and what it means to prosecute Assange as Trump runs for re-election.</p> <p>This is a case with destructive potential like no other, with profound implications for the future of dissent, transparency, accountability and our ability to do the work we care about.</p> <p>The situation is frightening but it isn't hopeless: we will conclude with a guide to an effective strategy against the lawfare the journalist and technical communities are now facing courtesy of Donald Trump's DOJ. </p> false renataavila Naomi Colvin Angela Richter Campaign to Defend Wikileaks Courage Foundation Statement from Amnesty International Bridges for Media Freedom Briefing about the case The Assange precedent https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10800.html /system/events/logos/000/010/800/large/megaphone.jpg?1577341577 2019-12-28T22:10:00+01:00 22:10 01:00 Clarke 36c3-10800-creating_resilient_and_sustainable_mobile_phones Be prepared for the coming Digital Winter. And play Impossible Mission. Resilience & Sustainability lecture en Civil society depends on the continuing ability of citizens to communicate with one another, without fear of interference, deprivation or eavesdropping. As the international political climate changes alongside that of our physical climatic environment, we must find ways to create mobile communications systems that are truly resilient and sustainable in the face of such shocks. We have therefore identified a number of freedoms that are required for resilient mobile phones: Energy, Communications, Security, Innovation, Maintenance and Scale-Dependency. These can be summarised as making it possible for people to create, maintain and develop mobile communications solutions, without requiring the capital and resources of a large company to do so. In this lecture I will explain why each of these is necessary, as well as describing how we are incorporating these principles into the MEGAphone open, resilient and secure smart-phone project. In the humanitiarian sector we talk about how without energy there is no communications, and without communications there is no organisation, and how without organisation people die. As we see increasing frequency of natural disasters, man-made disasters like wars and unrest, and the distressing intersection of these events, we have been convinced that we need to be able to create mobile communications devices that can not only survive in such events, but be sustained in the long term, and into what we call the coming Digital Winter. The Digital Winter is the situation where the freedoms to create and innovation digital systems will become impossible or highly limited due to any of various interrelated factors, such as further movement towards totalitarian governments, the failure of international supply systems (or their becoming so untrustworthy to be usable), the failure of various forms of critical infrastructure and so on. Fortunately the Digital Winter has not yet arrived, but the signs of the Digital Autumn are already upon us: The cold winds chilling our personal freedoms can already be felt in various places. Thus we have the imperative to act now, while the fruit of summer and autumn still hangs on the trees, so that we can make a harvest that will in the least sustain us through the Digital Winter with resilient, secure and sustainable communications systems, and hopefully either stave off the onset of the winter, bring it to a sooner end, and/or make the winter less bitter and destructive for the common person. It is in this context that we have begun thinking about what is necessary to achieve this, and have identified six freedoms that are required to not merely create digital solutions that can survive the Digital Winter, but hopefully allow such solutions to continue to be developed during the Digital Winter, so that we can continue to react to the storms that will come and the predators that will seek to devour our freedoms like hungry wolves. The six freedoms are: 1. Freedom from Energy Infrastructure, so that we cannot be deprived of the energy we need to communicate. 2. Freedom from Communications Infrastructure, so that we cannot be deprived of the communications we need to organise and sustain communities. 3. Freedom from depending on vendors for the security of our devices, so that we can patch security problems promptly as they emerge, so that we can sustain communications and privacy. 4. Freedom to continue to innovate and improve our digital artefacts and systems, so that we can react to emergy threats and opportunities. 5. Freedom to maintain our devices, both their hardware and software, so that our ability to communicate and organise our communities cannot be easily eroded by the passage of time. 6. Freedom from Scale-Dependency, so that individuals and small groups can fully enjoy the ability to communicate and exercise the preceding freedoms, without relying on large corporations and capital, and also allowing minimising of environmental impact. In this lecture I will explore these issues, as well as describe how we are putting them into practice to create truly resilient and sustainable mobile phones and similar devices, including in the MEGAphone open-source/open-hardware smart phone. false Paul Gardner-Stephen MEGA65 Home Page MEGA65 Blog MEGA65 Source Repository https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10983.html /system/events/logos/000/010/983/large/noPAG.png?1576693771 2019-12-28T23:30:00+01:00 23:30 01:00 Clarke 36c3-10983-it_s_alive_nach_den_protesten_gegen_die_polizeigesetze_ist_vor_den_protesten_gegen_die_autoritare_wende Ethics, Society & Politics lecture de Das Jahr 2018 stand ganz im Zeichen der bundesweiten Proteste gegen die Polizeigesetze. Und 2019? Es ist leiser geworden um noPAG, noPolGNRW & Co. Aber das Biest lebt! Wir blicken zurück auf die Proteste, geben einen kurzen Überblick über Erfolge und Niederlagen unseres Widerstands und eine Vorschau auf die Schrecken, die sich am Horizont der Inneren Sicherheit abzeichnen. Außerdem erklären wir, warum die Bewegung gegen die Polizeigesetze auf keinen Fall sterben darf – und warum sie sich neuen Themen wie Klimaschutz, Antifaschismus und Antirassismus widmen muss. Auf dem 3C35 rief Constanze Kurz dazu auf, auch 2019 gegen die bundesweit erfolgenden Verschärfungen der Polizeigesetze vorzugehen. Und tatsächlich sind dieses Jahr viele Menschen gegen die Gesetzesnovellierungen auf die Straße gegangen – aber das eigentliche Jahr der Proteste war 2018. Trotz der über Monate anhaltenden Demonstrationen und Aktionen in der gesamten Republik sind die Novellierungen in den wenigsten Bundesländern zurückgenommen wurden, und dort, wo Gesetzespassagen gestrichen und geändert wurden, handelte es sich meist um kosmetische Korrekturen. Dem allgemeinen Trend hin zu einer autoritären Wende in Sachen Innerer Sicherheit hat das keinen Abbruch getan, so unsere Ausgangsthese. Gleichzeitig sind viele der Bündnisse zerfallen, die Demonstrationen kleiner geworden, und auch der Großteil der Presse schenkt Polizei- und Sicherheitsgesetzen nur noch gelegentlich Aufmerksamkeit. Dabei kann die Bedeutung der Debatte um eine angebliche Versicherheitlichung unserer Gesellschaft gar nicht hoch genug bewertet werden: Es gibt starke Anzeichen dafür, dass die Institution Polizei, aber auch Militär und private Sicherheitsdienste, immer mehr an Macht gewinnen – was nicht zuletzt mit Blick auf die zahlreichen Skandale der letzten Monate und die Frage, wie strukturell rechts diese Institutionen eigentlich sind, von immenser gesellschaftlicher Tragweite ist. Und auch wenn politischer Protest häufig aufmerksamkeits-ökonomischen Logiken unterworfen ist, glauben wir, dass das Zerfallen der Bündnisse gegen die Polizeigesetze besonders bedauerlich ist. Zum ersten Mal seit langem nämlich sind hier Gruppen Seite an Seite auf die Straße gegangen, die lange Zeit nicht gemeinsam im Widerstand waren: Datenschützer*innen und Fußballfans, linksliberale Parteien und Antifaschist*innen, soziale Bewegungen und migrantische Organisationen – Gruppen, deren gegenseitige Solidarität großer Gewinn und wichtige Voraussetzung für erfolgreiche emanzipatorische Politik ist. Was sind also die großen Herausforderungen in Sachen Innere Sicherheit, die auf uns warten? Was haben die Polizeigesetze mit Racial Profiling, Ende Gelände und NSU 2.0 zu tun? Warum brauchen wir auch weiterhin die im Zuge der Proteste entstandenen Allianzen zwischen Datenschützer*innen und anderen sozialen Bewegungen? Und welche Themen müssen wir in den Blick nehmen, wenn wir verstehen wollen, was autoritäre Wende heißt? Die Referent*innen kommen selbst aus unterschiedlichen linken sozialen Bewegungen und haben sich im Zuge der Proteste gegen das neue bayerische Polizeiaufgabengesetz im noPAG-Bündnis kennengelernt. Laura Pöhler ist Antifaschistin und Sprecherin des noPAG-Bündnisses. Johnny Parks war in der noPAG-Jugend aktiv, ist Pressesprecher für Ende Gelände und engagiert sich als PoC gegen Rassismus. Sie beide kämpfen für eine Rücknahme der Gesetzesnovellierungen in Bayern. Die Idee, gemeinsam beim CCC-Kongress zu sprechen, entsprang nicht zuletzt dem Wunsch, im Kontakt mit denjenigen Menschen zu bleiben, welche die Proteste gegen das PAG maßgeblich mitgestaltet haben: Datenschützer*innen. false Laura Pöhler Johnny Parks It's alive_Präsentation file https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10689.html 2019-12-28T11:30:00+01:00 11:30 01:00 Dijkstra 36c3-10689-on_the_insecure_nature_of_turbine_control_systems_in_power_generation A security study of turbine control systems in power generation Security lecture en A deep dive into power generation process, industrial solutions and their security implications. Flavoured with vulnerabilities, penetration testing (security assessment) methodology and available remediation approaches. The research studies a very widespread industrial site throughout the world – power generation plants. Specifically, the heart of power generation – turbines and its DCS – control system managing all operations for powering our TVs and railways, gaming consoles and manufacturing, kettles and surveillance systems. We will share our notes on how those systems are functioning, where they are located network-wise and what security challenges are facing owners of power generation. A series of vulnerabilities will be disclosed along with prioritisation of DCS elements (hosts) and attack vectors. Discussed vulnerabilities are addressed by vendor of one of the most widespread DCS on our planet. During the talk we will focus on methodology how to safely assess your DCS installation, which security issues you should try to address in the first place and how to perform do-it-yourself remediation. Most of the remediation steps are confirmed by vendor which is crucial for industrial owners. false repdet @_moradek_ c0rs https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10597.html 2019-12-28T12:50:00+01:00 12:50 01:00 Dijkstra 36c3-10597-tamago_-_bare_metal_go_framework_for_arm_socs Reducing the attack surface with pure embedded Go. Security lecture en TamaGo is an Open Source operating environment framework which aims to allow deployment of firmware for embedded ARM devices by using 0% C and 100% Go code. The goal is to dramatically reduce the attack surface posed by complex OSes while allowing unencumbered Go applications. TamaGo is a compiler modification and driver set for ARM SoCs, which allows bare metal drivers and applications to be executed with pure Go code and minimal deviations from the standard Go runtime. The presentation explores the inspiration, challenges and implementation of TamaGo as well as providing sample applications that benefit from a pure Go bare metal environment. TamaGo allows a considerable reduction of embedded firmware attack surface, while maintaining the strength of Go runtime standard (and external) libraries. This enables the creation of HSMs, cryptocurrency stacks and many more applications without the requirement for complex OSes and libraries as dependencies. false Andrea Barisani TamaGo https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10859.html 2019-12-28T14:10:00+01:00 14:10 01:00 Dijkstra 36c3-10859-trustzone-m_eh_breaking_armv8-m_s_security Hardware attacks on the latest generation of ARM Cortex-M processors. Hardware & Making lecture en Most modern embedded devices have something to protect: Whether it's cryptographic keys for your bitcoins, the password to your WiFi, or the integrity of the engine-control unit code for your car. To protect these devices, vendors often utilise the latest processors with the newest security features: From read-out protections, crypto storage, secure-boot up to TrustZone-M on the latest ARM processors. In this talk, we break these features: We show how it is possible to bypass the security features of modern IoT/embedded processors using fault-injection attacks, including breaking TrustZone-M on the new ARMv8-M processors. We are also releasing and open-sourcing our entire soft- and hardware toolchain for doing so, making it possible to integrate fault-injection testing into the secure development lifecycle. Modern devices, especially secure ones, often rely on the security of the underlying silicon: Read-out protection, secure-boot, JTAG locking, integrated crypto accelerators or advanced features such as TrustZone are just some of the features utilized by modern embedded devices. Processor vendors are keeping up with this demand by releasing new, secure processors every year. Often, device vendors place a significant trust into the security claims of the processors. In this talk, we look at using fault-injection attacks to bypass security features of modern processors, allowing us to defeat the latest chip security measures such as TrustZone-M on the new ARMv8 processors. After a quick introduction into the theory of glitching, we introduce our fully open-source FPGA platform for glitching: An FPGA-based glitcher with a fully open-source toolchain & hardware, making glitching accessible to a wider audience and significantly reducing the costs of getting started with it - going as far as being able to integrate glitch-testing into the Secure Development Lifecycle of a product. Then, we look at how to conduct glitching attacks on real-world targets, beyond academic environments, including how to prepare a device for glitching and how to find potential glitch targets. Afterwards, we demonstrate fault-injection vulnerabilities we found in modern, widely-used IoT/embedded processors and devices, allowing us to bypass security features integrated into the chip, such as: - Re-enabling locked JTAG - Bypassing a secure bootloader - Recovering symmetric crypto keys by glitching the AES implementation - Bypassing secure-boot - Fully bypassing TrustZone-M security features on some new ARMv8M processors We will also demonstrating how to bypass security features and how to break the reference secure bootloader of the Microchip SAM L11, one of the newest, TrustZone-M enabled ARM Cortex-M processors, using roughly $5 of equipment. After the talk, PCBs of our hardware platform will be given out to attendees. false Thomas Roth https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10828.html 2019-12-28T16:10:00+01:00 16:10 00:40 Dijkstra 36c3-10828-polizei-datenbanken_und_minderheiten_staatliche_stigmatisierung_und_diskriminierung_von_sinti_und_roma Ethics, Society & Politics lecture de Für Sinti*zze und Roma*nja gehören Anfeindungen zum Alltag. Auch bei Ermittlungsbehörden stehen sie unter Generalverdacht: Es steht zu befürchten, dass die Polizei in unterschiedlichen Bundesländern rechtswidrig Daten zu ethnischer Herkunft erhebt und veröffentlicht. Warum ist es so gefährlich, ethnische Herkunft in Polizeidatenbanken zu erfassen? Und was für Konsequenzen hat es, sie in Berichterstattung zu erwähnen? Wann darf die Polizei überhaupt Daten zu ethnischer Herkunft erheben? Und wann und mit welchen Methoden tut sie es vielleicht trotz Verbots? Für Sinti*zze und Roma*nja gehören auch in Deutschland Anfeindungen in allen Lebenslagen zum Alltag. Auch bei Ermittlungsbehörden stehen sie unter Generalverdacht: Es steht zu befürchten, dass die Polizei in unterschiedlichen Bundesländern rechtswidrig Daten zu ethnischer Herkunft erhebt und veröffentlicht. In Pressemitteilungen der Polizei tauchen immer wieder Hinweise auf die ethnische Herkunft auf, vor allem bei Tatverdächtigen, seltener bei Opfern oder Zeug*innen. Die Berliner Polizei hat in der Kriminalstatistik 2017 den Hinweis veröffentlicht, dass die Mehrheit der Tatverdächtigen von „Trickdiebstahl in Wohnungen“ Angehörige der Volksgruppe Sinti und Roma seien: Dass es rechtswidrig ist, wenn die Polizei die zugrunde liegenden Daten tatsächlich erhebt, ist unstreitig. In Kooperation mit dem Zentralrat hat die Gesellschaft für Freiheitsrechte e.V. (GFF) im Fall der Berliner Polizeikriminalstatistik bei der Berliner Landesdatenschutzbeauftragten ein Beschwerdeverfahren wegen des Verdachts auf Diskriminierung von Sinti*zze und Roma*nja lanciert. Beide Organisationen prüfen gemeinsam weitere rechtliche Möglichkeiten. Warum ist es so gefährlich, ethnische Herkunft in Polizeidatenbanken zu erfassen? Und was für Konsequenzen hat es, sie in Berichterstattung zu erwähnen? Wann darf die Polizei überhaupt Daten zu ethnischer Herkunft erheben? Und wann tut sie es vielleicht trotz Verbots? Und mit welchen Methoden erhebt die Polizei überhaupt die ethnische Herkunft? Die Gesellschaft für Freiheitsrechte e.V. (GFF) und der Zentralrat Deutscher Sinti und Roma wollen diese Fragen gemeinsam mit dem Publikum diskutieren. Anja Reuss ist Politische Referentin des Zentralrats Deutscher Sinti und Roma, der politischen Interessenvertretung der deutschen Sinti und Roma mit Sitz in Heidelberg. Als Dachverband setzt sich der Zentralrat auf nationaler und internationaler Ebene für eine gleichberechtigte Teilhabe von Sinti und Roma in Politik und Gesellschaft sowie für die Auseinandersetzung mit und Bekämpfung von Antiziganismus ein. Lea Beckmann ist Juristin und Verfahrenskoordinatorin der Gesellschaft für Freiheitsrechte e.V. (GFF). Die GFF ist eine NGO, die durch strategische Prozesse Grund- und Menschenrechte stärkt und zivilgesellschaftlichen Partnerorganisationen rechtlich unterstützt. In ihren Verfahren setzt sich die GFF dabei immer wieder kritisch mit polizeilichen Ermittlungsbefugnissen auseinander, sei dies im Zusammenhang mit dem Einsatz von Späh-Software oder bei der Datenerhebung. false Lea Beckmann Anja Reuss GFF-Homepage: Datenerhebung bei der Berliner Polizei GFF-Pressemitteilung: Datenerhebung bei der Berliner Polizei TAZ-Artikel: Polizei unter Diskriminierungsverdacht Antiziganistismus und erweiterte DNA-Analysen Zentralrat zur PKS 2017 Berlin Markus End (2019): Antiziganismus und Polizei https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10762.html 2019-12-28T17:10:00+01:00 17:10 00:40 Dijkstra 36c3-10762-die_zukunft_grenzuberschreitenden_datenzugriffs_und_politischer_verfolgung Ethics, Society & Politics lecture de In Brüssel wird über eine Verordnung verhandelt, die es allen EU-Staaten ermöglichen soll, Provider zur Herausgabe von Inhalten oder Metadaten zu verpflichten – egal wo die Daten gespeichert sind, egal ob die Tat, um die es geht, dort eine Straftat ist. Werden CLOUD-Act, e-Evidence und ähnliche Kodifikationen bald dafür sorgen, dass Strafverfolgungsbehörden aller Länder Daten von Providern weltweit abgreifen können? Strafverfolger hierzulande würden gern möglichst schnell alle möglichen Daten von allen möglichen Online-Diensten über ihre Kunden erhalten. Juristisch stehen dem bisher einige Hürden im Weg, wenn die Anbieter nicht im Inland sitzen oder wenn sie Daten auf Servern im Ausland speichern. Hinter der Auskunft, mit welcher IP eine Morddrohung auf Facebook gepostet wurde, verbergen sich Diskussionen über die großen Themen des Völkerrechts: Souveränität und Territorialität. Weil Daten oft auf der ganzen Welt gespeichert werden, wird das etablierte System der gegenseitigen Rechtshilfe in Frage gestellt. Während die EU noch über die eEvidence-Verordnung berät, haben die USA schon mit UK ein Abkommen für unbegrenzten Direktzugriff geschlossen und verhandeln mit Australien. Warum diesen neuen Regeln jeder Grundrechtsschutz fehlt und wie grenzüberschreitende Repression politische Verfolgung verändern könnte, erfahrt ihr in diesem Talk. false Elisabeth Niekrenz file Folien https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10862.html /system/events/logos/000/010/862/large/sensebox_logo_neu.png?1576613698 2019-12-28T18:10:00+01:00 18:10 00:40 Dijkstra 36c3-10862-offene_sensordaten_fur_jedermann_-_ein_citizen_science_projekt_basierend_auf_open_source_und_open_hardware Resilience & Sustainability lecture de Der Talk soll die Geschichte der senseBox von Beginn bis jetzt wiedergeben. Dabei möchte ich vor allem auf unsere Arbeit im Bereich Open Source, Open Data, Open Hardware und Open Educational Resources eingehen. Die Motivation von Teilnehmern des senseBox Projekts möchte ich basierend auf einer Nutzerstudie kurz wiedergeben. Außerdem möchte ich auf aktuelle Probleme sowie technische Hürden und die Genauigkeit der Daten eingehen. Zu guter Letzt gebe ich einen kurzen Ausblick in die Zukunft des Projekts. Mithilfe der senseBox, einem DIY Citizen Science Baukasten, kann jeder an der Forschung und Wissenschaft teilnehmen. Sei es durch die Messung von Umweltdaten, Analyse und Auswertung dieser Daten oder durch die Teilnahme an Diskussionen einer großen Community. Außerdem können Schülerinnen und Schüler durch die Nutzung von Open Educational Resources und einer visuellen Entwicklungsumgebung das Programmieren spielend erlernen. Dadurch wird nicht nur das Umweltverständnis, sondern auch die digitale Bildung gefördert. Die Hardware der senseBox basiert auf dem Konzept von Arduino und enthält neben dem Microcontroller noch weitere Umweltsensoren. Jegliche Projekte, von einer einfachen Wetterstation über ein intelligentes Bewässerungssystem für den Garten bis hin zu einer Wasserqualität-Boje in der Nordsee, sind durch die offene Arduino Plattform umsetzbar. Das Rückgrat der senseBox ist die openSenseMap. Das Backend sammelt die gesendeten Daten der senseBoxen aber auch anderer Geräte. Sensoren zur Luftqualität von Luftdaten.info oder HackAIR sowie alle anderen Geräte können ihre Sensordaten zur offenen API der openSenseMap senden. Die Webanwendung ermöglicht Visualisierungen und Analysemöglichkeiten. Die Daten sind über die API für jeden frei verfügbar und können somit unter anderem für die Klimaforschung genutzt werden. Das Projekt startete vor einigen Jahren als Studienprojekt an der Universität Münster. Nach mehreren Abschlussarbeiten, Projektwochen, Workshops und Förderperioden entstand aus einer einfachen Idee ein umfangreiches Toolkit. Die openSenseMap, auf welcher anfänglich einige Dutzend senseBoxen registriert waren, verzeichnete in den letzten 5 Jahren steigende Nutzerzahlen mit aktuell rund 5300 registrierten senseBoxen. Daraus resultieren Probleme, welche zu Beginn des Projekts nicht absehbar waren: die Webanwendung läuft inzwischen in der Cloud und fordert viel Rechen- und Speicherkapazität. Die Messdaten werden ineffizient in Datenbanken gespeichert, dadurch benötigt die Anwendung starke virtuelle Server. Der Talk soll die Geschichte der senseBox von Beginn bis jetzt wiedergeben. Dabei möchte ich vor allem auf unsere Arbeit im Bereich Open Source, Open Data, Open Hardware und Open Educational Resources eingehen. Die Motivation von Teilnehmern des senseBox Projekts möchte ich basierend auf einer Nutzerstudie kurz wiedergeben. Außerdem möchte ich auf aktuelle Probleme sowie technische Hürden und die Genauigkeit der Daten eingehen. Zu guter Letzt gebe ich einen kurzen Ausblick in die Zukunft des Projekts. false Felix Erdmann senseBox openSenseMap 36c3_senseBox.pdf slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11089.html 2019-12-28T19:10:00+01:00 19:10 00:40 Dijkstra 36c3-11089-reflections_on_the_new_reverse_engineering_law Ethics, Society & Politics lecture en Individuals conducting reverse engineering for research purposes face several legal issues arising from IP and competition law. The legislation has reacted by introducing a new law on trade secrets specifically allowing reverse engineering. While the new law is certainly an improvement, many questions still remain as to conflicts with opposing domestic laws as well as other possibilities to waive the permission. In this talk, we provide guidance through the jungle of the current legal situation from a techno-legal perspective. Hardware Reverse Engineering (HRE) is common practice for security researchers in order to detect vulnerabilities and assure integrity of microchips. Following last years talk “Mehr schlecht als Recht: Grauzone Sicherheitsforschung” and from the standpoint of a research group regularly applying HRE, we asked ourselves about potential negative legal implications for our personal lives. Therefore, we consulted an expert who assesses the legal implications of our work. For a long time, our law has solely protected the inventor of a product. Discovering the underlying technical details and mechanisms of, e. g. microchips, has been deemed illegal due to intellectual property (IP) protection laws. Only lately, the legislation has recognized the importance of cybersecurity that heavily relies on reverse engineering to find security gaps and malfunctions. Subsequently, Germany introduced a new trade secret allowing for the “observation, study, disassembly or testing of a product or object” in 2018. However, at this stage, several questions remain unanswered: Is it possible to restrict this freedom by, e. g. contractual agreements? How may the gained knowledge (not) be used? How do claims from IP holders from other legal systems such as the US influence our case? The talk will shed light on these questions from a techno-legal perspective. Ultimately, it will give guidance for reverse engineers, demonstrating the boundaries of such new developments and highlighting the legal uncertainties in need of clarifications by literature and practice. false Steffen Becker Stephan Koloßa Reflections on the New Reverse Engineering Law file https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10658.html /system/events/logos/000/010/658/large/Mittelmeer-Monologe_facebook_ohne_Text.jpg?1571653393 2019-12-28T20:50:00+01:00 20:50 02:30 Dijkstra 36c3-10658-die_mittelmeer-monologe Mediterranean Migration Monologues Art & Culture performance de Von Menschen, die den riskanten Weg übers Mittelmeer auf sich nehmen, in der Hoffnung, in Europa Sicherheit zu finden. Nach 700 Aufführungen der Asyl-Monologe, Asyl-Dialoge und NSU-Monologe das neue Theaterstück von Autor und Regisseur Michael Ruf. Die Mittelmeer-Monologe erzählen von Menschen, die den riskanten Weg über das Mittelmeer auf sich nehmen, in der Hoffnung, in Europa in Sicherheit leben zu können – von libyschen Küstenwachen, italienischen Seenotrettungsstellen und deutschen Behörden, die dies verhindern und von Aktivist*innen, die dem Sterben auf dem Mittelmeer etwas entgegen setzen. Die MITTELMEER-MONOLOGE erzählen von den politisch widerständigen Naomie aus Kamerun und Yassin aus Libyen, die sich auf einem Boot nach Europa wiederfinden, von brutalen 'Küstenwachen' und zweifelhaften Seenotrettungsstellen und von Aktivist*innen, die dem Sterben auf dem Mittelmeer etwas entgegen setzen. Diese Aktivist*innen überzeugen beim 'Alarmphone' die Küstenwachen, nach Menschen in Seenot zu suchen oder lernen auf der Seawatch, Menschen vor dem Ertrinken zu bewahren – kurzum sie tun das eigentlich Selbstverständlichste, was im Jahr 2019 alles andere als selbstverständlich ist: menschliches Leben zu retten! "Die Monologe berühren, schaffen Nähe, machen wütend und benennen Wege, um sich persönlich zu engagieren. (...) Sie widersetzen sich der Entmenschlichung der Tragödie. (...) Im Mittelpunkt stellen sie die Geschichten der Betroffenen." die tageszeitung, taz Die Mittelmeer-Monologe sind dokumentarisches, wortgetreues Theater, basierend auf mehrstündigen Interviews. Dadurch werden reale Fälle der Seenotrettung rekonstruiert, erzählt aus der Perspektive von Betroffenen und Aktivist*innen. Eines dieser realen Ereignisse zeigt die besondere Brutalität der "libyschen Küstenwache". So fuhr am 6.11.2017 zeitgleich ein Rettungsschiff von Seawatch und ein Schiff der libyschen Küstenwache zu einem Migranten-Boot. Auf diesem Boot befanden sich 150 Passagiere. Eine konfliktreiche Rettungsoperation begann, und während Seawatch letztendlich 59 Personen retten konnte, ertranken mindestens 20 Personen und 47 Personen wurden zurück nach Libyen gebracht - inhaftiert, geschlagen, verkauft, gefoltert. Dieser 6.11. wurde von "Forensic Architecture" aufwändig rekonstruiert (siehe Video "Mare Clausum. The Sea Watch vs Libyan Coast Guard Case") und von der New York Times ebenfalls als Video ("How Europe Outsources Migrant Suffering at Sea") journalistisch aufgearbeitet. Indem Michael Ruf zwei Personen, die an jenem Tag hautnah involviert waren, viele Stunden interviewt hat, liefert er die persönlichen Narrationen zu diesem paradigmatischen Fall. Die Premiere der Mittelmeer-Monologe fand fast genau 5 Jahre nach Gründung des WatchTheMed Alarmphones (11.10.2014) statt und erzählt einige Fälle der Seenotrettung dieses Aktivisten-Netzwerks. In diesen 5 Jahren hat das Alarmphone 2800 Boote in Seenot begleitet und unterstützt. Das Alarmphone ist rund um die Uhr anrufbar, umfasst ein Netzwerk von 200 Beteiligten in vielen Städten Europas und Nordafrikas und hat sich als kontinuerliche Infrastruktur für das Recht auf Bewegungsfreiheit entwickelt. Die Mittelmeer-Monologe liefern persönliche und intime Einblicke in die weitesgehend unbekannte Arbeit des Alarmphones, die einer Aktivistin und die jener Person, die in Seenot die Nummer des Alarmphones wählte, sowie deren insprierende gemeinsame Geschichte. Übertitel in Englisch, Französich und Arabisch. true Michael Ruf Mittelmeer-Monologe Die Mittelmeer-Monologe - Postkarte https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html 2019-12-28T23:30:00+01:00 23:30 01:00 Dijkstra 36c3-10816-don_t_ruck_us_too_hard_-_owning_ruckus_ap_devices 3 different RCE vulnerabilities on Ruckus Wireless access points devices. Security lecture en Ruckus Networks is a company selling wired and wireless networking equipment and software. This talk presents vulnerability research conducted on Ruckus access points and WiFi controllers, which resulted in 3 different pre-authentication remote code execution. Exploitation used various vulnerabilities such as information leak, authentication bypass, command injection, path traversal, stack overflow, and arbitrary file read/write. Throughout the research, 33 different access points firmware examined, and all of them were found vulnerable. This talk also introduces and shares the framework used in this research. That includes a Ghidra script and a dockerized QEMU full system emulation for easy cross-architecture research setup. Here's a fun fact: BlackHat USA 2019 used Ruckus Networks access points. Presentation Outline: This talk demonstrates 3 remote code executions and the techniques used to find and exploit them. It overviews Ruckus equipment and their attack surfaces. Explain the firmware analysis and emulation prosses using our dockerized QEMU full system framework. -Demonstrate the first RCE and its specifics. Describe the webserver logic using Ghidra decompiler and its scripting environment. -Demonstrate the second RCE using stack overflow vulnerability. -Lastly, demonstrate the third RCE by using a vulnerability chaining technique. All Tools used in this research will be published. false Gal Zror https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10600.html 2019-12-28T11:30:00+01:00 11:30 01:00 Eliza 36c3-10600-was_tun_bevor_es_brennt_-_wie_grunde_ich_eigentlich_einen_betriebsrat Wie gründe ich einen Betriebsrat, bevor die Kacke dampft? Ethics, Society & Politics lecture de Aktiv werden zur rechten Zeit - Stand up for Your Right! Betriebsrat - klingt für viele IT-ler*innen doch nach letztem Jahrtausend. Dabei ist dies ein hart erkämpftes und wichtiges Instrument, um der Stimme der Beschäftigten bei der Geschäftsleitung Ausdruck zu verleihen. Wir schildern anhand eines konkreten Beispiels, wie ein Betriebsrat gegründet wird, ohne dass die Chefetage zwischendurch schon den Stecker zieht. Das deutsche Arbeitsrecht in Form des Betriebsverfassungsgesetzes garantiert die Mitsprache der Belegschaft in jeder Firma mit mehr als fünf Arbeitnehmer*innen. Dabei ist vieles zu beachten - und ohne eine professionelle Begleitung z.B. durch eine Gewerkschaft kaum zu schaffen. In unserer Firma geht es ab: Massenentlassungen aufgrund ökonomischer Turbulenzen. Die Geschäftsleitung spielt dirty und schaut, womit sie durchkommt. Höchste Zeit für einen Betriebsrat! • Um zu erfahren, dass man gemeinsam stark sein kann. • Um der Gechäftsleitung klarzumachen. was geht und was nicht. • Um bei Einstellungen und Entlassungen Fairplay zu gewährleisten. • Um die verbrieften Rechte der Beschäftigten durchzusetzen. Am Beispiel einer Berliner Großraumdiskothek und einem ebenso in Berlin ansässigen Musikinstrumenteherstellers, welches kürzlich einem Fünftel seiner Belegschaft betriebsbedingt gekündigt hat, zeigen wir wie das geht mit der Betriebsratsgründung, worauf unbedingt zu achten ist und wo Interessierte professionelle Unterstützung für dieses organisatorischen Kraftakt finden können. Den Talk halten wir zu viert: eine Beschäftigte der Diskothek, ein Beschäftigter des Musikinstrumenteherstellers, ein Vertreter der IG Metall und ein Vertreter von ver.di. Am besten geht das von der Hand, bevor es ungemütlich wird. false Hüpno Lissim Ole Thomas Weber https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10902.html /system/events/logos/000/010/902/large/Bildschirmfoto_2019-12-27_um_14.42.48.png?1577454190 2019-12-28T12:50:00+01:00 12:50 01:00 Eliza 36c3-10902-an_ultrashort_history_of_ultrafast_imaging Featuring the shortest movies and the largest lasers Science lecture en Did you ever wonder what happens in the time period it takes light to cross the diameter of your hair? This is the femtosecond, a millionth of a billionth of a second. It is the time scale of electron and nuclear motion, and therefore the most fundamental processes in atomic and molecular physics, chemistry and biology start here. In order to take movies with femtosecond time resolution, we need ultrafast cameras – flashes of light that act faster than any camera shutter ever could. And imaging ultrafast motion is only the first step: We aim to control dynamics on the femtosecond time scale, ultimately driving chemical reactions with light. Investigating ultrafast processes is challenging. There simply are no cameras that would be fast enough to image a molecule in motion, so we need to rely on indirect measurements, for example by ultrashort light pulses. Such ultrashort pulses have been developed for several years and are widely applied in the study of ultrafast processes by, e.g., spectroscopy and diffraction. Depending on the specific needs of the investigation, they can be generated either in the laboratory or at the most powerful light sources that exist today, the x-ray free-electron lasers. With ultrafast movies, a second idea comes into play: once we understand the dynamics of matter on the femtosecond time scale, we can use this knowledge to control ultrafast motion with tailored light pulses. This is promising as a means to trigger reactions that are otherwise not accessible. In my talk, I will give a brief introduction to the rapidly developing field of ultrafast science. I will summarize main findings, imaging techniques and the generation of ultrashort pulses, both at lab-based light sources and large free-electron laser facilities. Finally, I will give an outlook on controlling ultrafast dynamics with light pulses, with the future goal of hacking chemical reactions. false Caroline Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10892.html /system/events/logos/000/010/892/large/switzerland-2704160_640.jpg?1576511152 2019-12-28T14:10:00+01:00 14:10 01:00 Eliza 36c3-10892-schweiz_netzpolitik_zwischen_bodensee_und_matterhorn E-ID, E-Voting, Netzsperren und andere netzpolitische Schauplätze CCC lecture de Die Intensität des Kampfes um die Freiheit im digitalen Raum lässt auch in der Schweiz nicht nach. Wir blicken auf das netzpolitische Jahr 2019 zwischen Bodensee und Matterhorn zurück. Wir behandeln jene Themen, die relevant waren und relevant bleiben. Weiter zeigen wir, was von der Digitalen Gesellschaft in der Schweiz im neuen Jahr zu erwarten ist. <strong>Themen sind unter anderem:</strong> <strong>Elektronische Identifizierung (E-ID):</strong> Das Gesetz, welches die elektronische Identifizierung regelt, ist verabschiedet worden. Der digitale Ausweis soll von privaten Unternehmen herausgegeben werden. Wir haben das Referendum gegen das Gesetz ergriffen. <strong>E-Voting:</strong> Ein öffentlicher Test des letzten sich im Rennen befindenden Systems war vernichtend. Wie es nun weitergeht im Kampf für das Vertrauen in die direkte Demokratie in der Schweiz. <strong>Netzsperren:</strong> Das erste Gesetz, in dem Netzsperren explizit verankert sind, ist dieses Jahr in Kraft getreten. Wie es in der Umsetzung aussieht <strong>Leistungsschutzrecht:</strong> Was es ins neue Urheberrechtsgesetz geschafft hat - und wie das Leistungsschutzrecht bezwungen wurde. <strong>Datenschutz:</strong> Wo in der Schweiz besonders viel «Datenreichtum» zu beobachten war und was es mit der Login- bzw. Tracking-Allianz auf sich hat. <strong>Netzneutralität:</strong> Nach einem langen Kampf erhält die Schweiz eine gesetzlich verankerte Netzneutralität. Im kommenden Jahr wird das Gesetz in Kraft treten. <strong>Digitale Gesellschaft in der Schweiz:</strong> Winterkongress, Big Brother Awards und andere Aktivitäten. Nach dem Vortrag sind alle interessierten Personen eingeladen, die Diskussion in einem <a href="https://events.ccc.de/congress/2019/wiki/index.php/Session:Follow-up_meeting_to_the_Netzpolitik_in_der_Schweiz_talk">Treffen</a> fortzusetzen. Es werden Aktivistinnen und Aktivisten von verschiedenen Organisationen der Netzpolitik in der Schweiz anwesend sein (Digitale Gesellschaft, CCC-CH, CCCZH, Piratenpartei Schweiz). false Patrick "packi" Stählin Kire Ganti Folien https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10891.html 2019-12-28T16:10:00+01:00 16:10 00:40 Eliza 36c3-10891-identifying_multi-binary_vulnerabilities_in_embedded_firmware_at_scale Security lecture en Low-power, single-purpose embedded devices (e.g., routers and IoT devices) have become ubiquitous. While they automate and simplify many aspects of our lives, recent large-scale attacks have shown that their sheer number poses a severe threat to the Internet infrastructure, which led to the development of an IoT-specific cybercrime underground. Unfortunately, the software on these systems is hardware-dependent, and typically executes in unique, minimal environments with non-standard configurations, making security analysis particularly challenging. Moreover, most of the existing devices implement their functionality through the use of multiple binaries. This multi-binary service implementation renders current static and dynamic analysis techniques either ineffective or inefficient, as they are unable to identify and adequately model the communication between the various executables. In this talk, we will unveil the inner peculiarities of embedded firmware, we will show why existing firmware analysis techniques are ineffective, and we will present Karonte, a novel static analysis tool capable of analyzing embedded-device firmware by modeling and tracking multi-binary interactions. Our tool propagates taint information between binaries to detect insecure, attacker-controlled interactions, and effectively identify vulnerabilities. We will then present the results and insights of our experiments. We tested Karonte on 53 firmware samples from various vendors, showing that our prototype tool can successfully track and constrain multi-binary interactions. In doing so, we discovered 46 zero-day bugs, which we disclosed to the responsible entities. We performed a large-scale experiment on 899 different samples, showing that Karonte scales well with firmware samples of different size and complexity, and can effectively and efficiently analyze real-world firmware in a generic and fully automated fashion. Finally, we will demo our tool, showing how it led to the detection of a previously unknown vulnerability. Presentation Outline 1. Introduction to IoT/Embedded firmware [~7 min] * A brief intro to the IoT landscape and the problems caused by insecure IoT devices. * Overview of the peculiarities that characterize embedded firmware. * Strong dependence from custom, unique environments. * Firmware samples are composed of multiple binaries, in a file system fashion (e.g., SquashFS). * Example of how a typical firmware sample looks like. 2. How to Analyze Firmware? [~5 min] * Overview on the current approaches/tools to analyze modern firmware and spot security vulnerabilities. * Description of the limitations of the current tools. * Dynamic analysis is usually unfeasible, because of the different, customized environments where firmware samples run. * Traditional, single-binary static analysis generates too many false positives because it does not take into account the interactions between the multiple binaries in a firmware sample. 3. Modeling Multi-Binary Interactions [~5 min] * Binaries/processes communicate through a finite set of communication paradigms, known as Inter-Process Communication (or IPC) paradigms. * An instance of an IPC is identified through a unique key (which we term a data key) that is known by every process involved in the communication. * Data keys associated with common IPC paradigms can be used to statically track the flow of attacker-controlled information between binaries. 4. Karonte: Design & Architecture [~15 min] * Our tool, Karonte, performs inter-binary data-flow tracking to automatically detect insecure interactions among binaries of a firmware sample, ultimately discovering security vulnerabilities (memory-corruption and DoS vulnerabilities). We will go through the steps of our approach. * As a first step, Karonte unpacks the firmware image using the off-the-shelf firmware unpacking utility binwalk. * Then, it analyzes the unpacked firmware sample and automatically retrieves the set of binaries that export the device functionality to the outside world. These border binaries incorporate the logic necessary to accept user requests received from external sources (e.g., the network), and represent the point where attacker-controlled data is introduced within the firmware itself. * Given a set of border binaries, Karonte builds a Binary Dependency Graph (BDG) that models communications among those binaries processing attacker-controlled data. The BDG is iteratively recovered by leveraging a collection of Communication Paradigm Finder (CPF) modules, which are able to reason about the different inter-process communication paradigms. * We perform static symbolic taint analysis to track how the data is propagated through the binary and collect the constraints that are applied to such data. We then propagate the data with its constraints to the other binaries in the BDG. * Finally, Karonte identifies security issues caused by insecure attacker-controlled data flows. 5. Evaluation & Results [~10 min] * We leveraged a dataset of 53 modern firmware samples to study, in depth, each phase of our approach and evaluate its effectiveness to find bugs. * We will show that our approach successfully identifies data flows across different firmware components, correctly propagating taint information. * This allowed us to discover potentially vulnerable data flows, leading to the discovery of 46 zero-day software bugs, and the rediscovery of another 5 n-days bugs. * Karonte provided an alert reduction of two orders of magnitude and a low false-positive rate. * We performed a large-scale experiment on 899 different firmware samples to assess the scalability of our tool. We will show that Karonte scales well with firmware samples of different size and complexity, and thus can be used to analyze real-world firmware. 6. Demo of Karonte [~5 min] * We will show how Karonte analyzes a real-world firmware sample and detects a security vulnerability that we found in the wild. * We will show the output that Karonte produces and how analysts can leverage our tool to test IoT devices. 7. Conclusive Remarks [~3 min] * A reprise of the initial questions and summary of the takeaways. false Nilo Redini Presentation slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11186.html 2019-12-28T17:10:00+01:00 17:10 00:40 Eliza 36c3-11186-breaking_microsoft_edge_extensions_security_policies Security lecture en Browsers are the ones who handle our sensitive information. We entirely rely on them to protect our privacy, that’s something blindly trusting on a piece of software to protect us. Almost every one of us uses browser extensions on daily life, for example, ad-block plus, Grammarly, LastPass, etc. But what is the reality when we talk about security of browser extensions. Every browser extensions installed with specific permissions, the most critical one is host access permission which defines on which particular domains your browser extension can read/write data. You might already notice the sensitivity of host permissions since a little mistake in the implementation flow would lead to a massive security/privacy violation. You can think of this way when you install an extension that has permission to execute JavaScript code on https://www.bing.com, but indeed, it allows javaScript code execution on https://mail.google.com. Which means this extension can also read your google mail, and this violates user privacy and trust. During the research on edge extensions, we noticed a way to bypass host access permissions which means an extension which has permission to work on bing.com can read your google, facebook, almost every site data. we noticed using this flow we can change in internal browser settings, Further, we ware able to read local system files using the extensions. Also in certain conditions, it allows you to execute javaScript on reading mode which is meant to protect users from any javaScript code execution issues. This major flaw in Microsoft Edge extension has been submitted responsibly to the Microsoft Security Team; as a result, CVE-2019-0678 assigned with the highest possible bounty. Outline 1. Introduction to the browser extension This section is going to cover what is browser extensions, and examples of browser extensions that are used on a daily basis. 2. Permission model in browser extensions This section details about the importance of manifest.json file, further details about several permissions supported by edge extensions and at last it describes different host access permissions and the concept of privileged pages in browsers. 3. Implementation of sample extension In this section, we will understand the working of edge extensions and associated files. 4. Playing with Tabs API This section includes the demonstration of loading external websites, local files and privileged pages using the tabs API. 5. Forcing edge extensions to load local files and privileged pages Here we will see how I fooled edge extensions to allow me to load local files and privileged pages as well. 6. Overview of javascript protocol This section brief about the working and the use of JavaScript protocol. 7. Bypassing host access permission The continuing previous section, here we will discuss I was able to bypass host access permission of edge extensions using the javascript URI’s. 8. Stealing google mails Once we bypassed the host access permission, we will discuss how edge extension can read your Google emails without having permission. 9. Stealing local files The continuing previous section, here we will discuss how an edge extension can again escalate his privileges to read local system files. 10. Changing internal edge settings This section details how I was able to change into internal edge settings using edge extensions, this includes enabling/disabling flash, enabling/disabling developer features. 11. Force Update Compatibility list This section details how an extension can force update Microsoft compatibility list 12. javascript code execution on reading mode? Here we will dicuss about the working of reading mode and CSP issues associated with it. 13. Escalating CSP privileges. This section describes how edge extensions provides more privilages to the user when dealing with content security policy false Nikhil Mittal https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10994.html /system/events/logos/000/010/994/large/sea_watch-logo-1024.png?1572102375 2019-12-28T18:10:00+01:00 18:10 00:40 Eliza 36c3-10994-no_roborders_no_nation_or_smile_for_a_european_surveillance_propagation How an agency implements Fortress Europe by degrading Non-Europeans to second-rate people Ethics, Society & Politics lecture en Robots, Satellites and biometrical traps - more than a Billion Euro will be spent in 2021 for what they call "Border Security." The European Border and Coastguard, formerly Frontex, dreams of a fully automomus border surveillance system. As a humanitarian & human rights organisation involved in sea rescue, we recognise however that the shift towards new technologies correlates with a shift away from basic human rights standards. The robots, satellites & co. are not used to make society safer & life easier but to spy on us and to deport people to torture in Libya. At Sea-Watch e.V. we are involved in a non-profit initiative dedicated to the civilian rescue of refugees at sea. In view of the humanitarian disaster on the Mediterranean Sea-Watch provides emergency aid, demands and forces at the same time the rescue by the responsible European institutions and stands publicly for legal escape routes and open borders. We are politically and religiously independent and finance ourselves exclusively through donations. At sea, we formerly cooperated with Frontex ships in rescues when they were still involved in live saving operations. Now we regularly observe them actually being involved in illegal refoulements, especially with our surveillance aircraft Moonbird. Frontex was formerly an agency that advised governments on border control and did risk assessments on border crossings, it had basically a coordinating role within the European framework. They were called "European Agency for the Management of Operational Cooperation at the External Borders". In 2016, during the so-called refugee crisis, the European Commission proposed to strengthen them and they became the European Border and Coast Guard Agency. Frontex is working and developing satellite observation, the development of drone capabilities and other surveillance technologies like IMSI-Catchers with the help of European universities and companies like EADS and esri. All this happens right now without a lot of public or transparency from the site of the agency. While they provide national authorities with equipment and justify their yearly growing budget with out border security there are no sources to measure the effectivity of their methods. While they present themselves as the friendly boarderguard next door it has evolved into an engency which is developing capabilities in all kinds of surveillance technologies with pilot projects which sound like they are taken out of a science fiction movie: SMILE "SMILE proposes a novel mobility concept, using privacy by design principles, that will enable low cost secure exchange and processing of biometric data, addressing in parallel the aforementioned challenges by designing, implementing and evaluating in relevant environments (TRL6) prototype management architecture, for the accurate verification, automated control, monitoring and optimization of people’ flows at Land Border Infrastructures." Roborder "ROBORDER aims at developing and demonstrating a fully-functional autonomous border surveillance system with unmanned mobile robots including aerial, water surface, underwater and ground vehicles, capable of functioning both as standalone and in swarms, which will incorporate multimodal sensors as part of an interoperable network." http://btn.frontex.europa.eu/projects/external/roborder iBorderCtrl "iBorderCtrl envisages to enable faster thorough border control for third country nationals crossing the borders of EU, with technologies that adopt the future development of the Schengen Border Management. The project will present an optimal mixture of an enhanced, voluntary form of a Registered Traveller Programme and an auxiliary solution for the Entry/Exit System based on involving bona fide travellers" http://btn.frontex.europa.eu/projects/external/iborderctrl While the people in charge do not manage to organize a proper search- and rescue program, Europe is setting up and spending more and more on a massive surveillance agency for border protection which has a big focus in surveillance and "protecting" the European external borders while no one ever evaluated the effectivity of this massive border militarization. false alina niczem Esri EUC 2014 Plenary - Tackling Illegal Migration and Cross Border Crime by Smart Technology https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10855.html /system/events/logos/000/010/855/large/LB__01-7_icons-chrome_128px.png?1574197515 2019-12-28T19:10:00+01:00 19:10 00:40 Eliza 36c3-10855-listening_back_browser_add-on_tranlates_cookies_into_sound The Sound of Surveillance Art & Culture lecture en ‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. By translating internet cookies into sound, the ‘Listening Back’ browser add-on provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. Addressing the proliferation of ubiquitous online surveillance and the methods by which our information flows are intercepted by mechanisms of automated data collection, ‘Listening Back’ functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised. This lecture performance will examine Internet cookies as a significant case study for online surveillance with their invention in 1994 being historically situated at the origins of automated data collection, and the commercialisation of the World Wide Web. I will integrate online browsing to demonstrate the ‘Listening Back’ add-on and explore it’s potential to reveal algorithmic data capture processes that underlie our Web experience. ‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised. Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture. By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transparency inherent to online monitoring technologies and the broader context of opt in / default cultures intrinsic to contemporary modes of online connectivity. By providing a sonic experiential platform for the real-time activity of Internet cookies this project engages listening as a mode of examination and asks what is the potential of sound as a tool for transparent questioning? false Jasmine Guffond Listening Back Chrome Browser Add-On Listening Back Firefox Browser Add-On jasmineguffond.com https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11310.html 2019-12-28T20:50:00+01:00 20:50 01:00 Eliza 36c3-11310-algorithm_diversion Art & Culture lecture en Before media art has emerged, traditional art and dance are already applying algorithms to make sophisticated patterns in their textures or movements. Hieda is researching the use of algorithm through creation of media installations and dialog with artists, dancers, choreographers and musicians. He also presents his current interest in machine learning and art which potentially exclude (or already excluding) some populations due to the dataset and modality. false Naoto Hieda https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11045.html 2019-12-28T22:10:00+01:00 22:10 01:00 Eliza 36c3-11045-confessions_of_a_future_terrorist A rough guide to over-regulating free speech with anti-terrorist measures Ethics, Society & Politics lecture en We will examine the European Commission’s proposal for a regulation on preventing the dissemination of terrorist content from as a radical form of censorship. Looking at the rationale and arguments of policy-makers in Brussels, we will discuss normalisation of a “do something doctrine” and “policy-based evidence”. How can citizens and activists influence that legislative process? And what does it mean if they won’t? Fear of terrorism as a tool for dissent management in the society is utilised almost everywhere in the world. This fear facilitates the emergence of laws that give multiple powers to law enforcement, permanently raising threat levels in cities around the world to “code yellow”. A sequel of that show is now coming to a liberal democracy near you, to the European Union. The objective of the terrorist content regulation is not to catch the bad guys and girls, but to clean the internet from images and voices that incite violence. But what else will be cleaned from in front of our eyes with this law with wide definitions and disproportionate measures? In the Brussels debate, human rights organisations navigate a difficult landscape. On one hand, acts of terrorism should be prevented and radicalisation should be counteracted; on the other, how these objectives can be achieved with such a bad law? Why are Member States ready to resign from judicial oversight over free speech and hand that power to social media platforms? Many projects documenting human rights violations are already affected by arbitrary content removal decisions taken by these private entities. Who will be next? In the digital rights movement we believe that the rigorous application of principle of proportionality is the only way to ensure that laws and subsequent practices will not harm the ways we exercise the freedom of speech online. Reaching to my experience as a lobbyist for protection of human rights in the digital environment, I want to engage participants in the conversation about the global society of the near future. Do we want laws that err on the side of free speech and enable exposure to difficult realities at the risk of keeping online the content that promotes or depicts terrorism? Or do we “go after the terrorists” at the price of stifling citizen dissent and obscuring that difficult reality? What can we do to finally have that discussion in Europe now that there is still time to act? false Anna Mazgal https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10677.html 2019-12-28T23:30:00+01:00 23:30 01:00 Eliza 36c3-10677-open_code_verlesung Lesung des öffentlichen Sourcecodes Entertainment performance de Kommet zusammen Ihr Jüngerinnen der Bits und Bytes und hörtet die frohe Kunde des offenen Sourcecodes. Halleluhjaz! Am Anfang stand das NOP. Am Ende steht das NOPE. Lasst euch verwirren von Interpunktion und Kommentaren. Seid stark im Anblicke der zweiköpfigen Schlange! Die Zeit ist reif den offenen Sourcecode zu predigen. Kommet in Scharen! Bringet Kind und Kegel. Für alle Altergruppen (geboren vor Greased Weasel, über Erotic Pickel Hering bis hin zu Sheep on Meth) true Foaly Tofu Trollofix DrLuke 2019-12-28T11:00:00+01:00 11:00 00:50 Chaos-West Bühne AQSTLX https://fahrplan.chaos-west.de/36c3/talk/AQSTLX/ Nicht Computers Doppelter Slot en Health related personal data is highly sensitive -- and yet it promises an outright methodology shift for the surprisingly conservative healthcare system. This talk provides an overview of beneficial uses of health data, and formulates ways to get involved to make sure the benefits are reaped in a conscientious manner. Healthcare is rapidly becoming digital: security and data privacy call for active participation. But so do questions of quantified fairness and certification of digital medical devices. Hackers can play a crucial part to ensure this benefits patients and citizens, by championing data transparency and standards of evidence. My talk will outline ways to get creative with data beyond scrutinizing governments on information security. For the past year I worked for the German Ministry of Health's in-house think tank (hih) as an advisor on artificial intelligence. I will present my personal views, not those of the Federal Government. false Lars Roemheld 2019-12-28T12:00:00+01:00 12:00 00:50 Chaos-West Bühne EMK8WQ https://fahrplan.chaos-west.de/36c3/talk/EMK8WQ/ Nicht Computers Doppelter Slot en After the highly-successful presentation "Toll of personal privacy in 2018" at Chaos-West 35C3 where I talked about my personal experiences with trying to protect my privacy, this year I return with a completely* different talk that tries to convince the audience — you should care about privacy too! This talk revisits the theme of personal privacy in the digital world, this time centring around the "I've got nothing to hide" argument. A beam of intensive light is shed upon the motivation behind caring about one's privacy. We go in depth into what we can do to stay private and should we even try to do it at all. We talk about where we as an global society were able to fix privacy and where we have failed. New topics previously not covered are discussed, such as herd immunity and certification programs. \* 97%+ false Kirils Solovjovs 2019-12-28T13:00:00+01:00 13:00 00:20 Chaos-West Bühne D9BFMN https://fahrplan.chaos-west.de/36c3/talk/D9BFMN/ All about computers Einfacher Slot en The ever increasing usage of cloud-based software forces us to face old questions about the trustworthiness of our software. While FLOSS allows us to trust software running on our platforms, System Transparency establishes the same level of trust in SaaS and IaaS scenarios. In a System Transparency context, all parties that depend on the services of a particular server can retrieve the complete source code of firmware and OS running on it. They can reproduce all binaries and verify remotely that these were run as part of the boot process. This gives every user the ability to verify claims of the service provider like the absence of logs or lack of backdoor access. System Transparency accomplishes this by - giving every server a unique, cryptographic identity that is kept in a hardware trust anchor, - using a provisioning ritual to associate this identity with a particular hardware, - running the FLOSS firmwares coreboot and LinuxBoot instead of proprietary UEFI implementations, - building firmware and OS images are reproducible, - retrieving all OS images from the network, keeping only minimal state on the disk, - signing all OS images as well as listing them in a public append-only log and - minimizing administrator access to prevent invisible changes to the OS after it has been booted. This talk introduces System Transparency and details the platform security features we implemented as part of our reference system. We also describe our reference implementations’ custom bootloader based on LinuxBoot. It verifies that boot artifacts are signed by the server owner and are in the transparency log before continuing. This makes sure that 3rd parties can audit past and present artifacts booted on the platform. Finally, we demo a modern x86 server platform running our prototype coreboot/LinuxBoot stack. false seu 2019-12-28T13:30:00+01:00 13:30 00:20 Chaos-West Bühne XEUGGK https://fahrplan.chaos-west.de/36c3/talk/XEUGGK/ All about computers Einfacher Slot en The comprehensive, seamless, real-time, IoT capable, AI Intelligence Next-Gen Sandbox Platform Cyber Security Solution with Blockchain, Big Data and Deep learning. Nowadays tons of security buzzwords like these are used to sell products into corporate environments. Cut the bullshit bingo, let's start improving security defense in an ordinary company. This is a talk for the many of our ordinary companies running Active Directory/Windows and mostly on-prem infrastructure. The ones which security requirements are not military or high-technology. And it is exactly these companies which are often victims of shotgun approach attacks. It is a talk for SMEs and for companies who simply want to improve their security defense, do their fundamentals and not break the bank for it. false marides 2019-12-28T14:00:00+01:00 14:00 00:20 Chaos-West Bühne AWGLR9 https://fahrplan.chaos-west.de/36c3/talk/AWGLR9/ The real basic about Bits and Nibbles Einfacher Slot de Früher oder später kommen viele in die Situation, dass ihre Arbeitsergebnisse geprüft werden. Sei es von der Compliance, der internen Revision, im Rahmen der Jahresabschlussprüfung oder aufgrund einer ISO 27001 Zertifizierung. Dennoch ist einmal immer das erste Mal – und auch mit der Zeit kann so eine Situation unangenehm sein, wenn man z.B. nicht genau weiß was einen erwartet, welche Informationen benötigt werden oder worauf das Gegenüber achtet. Ich möchte euch einen kleinen Einblick geben, wie eine Prüfung üblicherweise abläuft, welche Fragen-Arten auftauchen können und was Mensch tun kann, um darauf vorbereitet zu sein. Dies ist ein Einführungs-Talk für Anfänger*innen, ihr müsst also weder in so einer Situation gewesen sein, noch wissen was die Inhalte des ISO 27001 sind. false Diula 2019-12-28T14:30:00+01:00 14:30 00:20 Chaos-West Bühne ANUQNX https://fahrplan.chaos-west.de/36c3/talk/ANUQNX/ All about computers Einfacher Slot en The availability of consumer grade EEG headsets and open EEG hardware platforms makes it easier for everyone to develop a Brain-Computer Interface (BCI). The talk will explain the basics of Electroencephalography (EEG) and how information can be extracted from the Electroencephalogram, which is basically a noise signal. This covers Event Related Potentials (ERP) and their application in common BCI paradigms and biometric schemes. Standard approaches for the experimental setup and for EEG signal processing will be discussed. As an example an EEG based authentication system will be presented that uses the P300 component of the ERP and images as a password. This talk will give an overview of the issues of performance, usability, privacy and security in BCIs and how far the technology is from reading the mind or connecting us to the matrix. false gnoedi 2019-12-28T16:00:00+01:00 16:00 00:20 Chaos-West Bühne NN8XZY https://fahrplan.chaos-west.de/36c3/talk/NN8XZY/ Queer Einfacher Slot en In an increasingly digital age, input forms for personal data (like name, gender, sexuality, and more), while sometimes necessary, are also increasingly becoming a barrier to entry. Especially for bodies and experiences that do not fit an arbitrary norm the designer might have had in mind. Whether you are traveling abroad, signing up with a health care provider, filling out a scientific study or ordering food, these forms not only factor into your experience but can even make or break the whole endeavour. This talk will feature some of the most glaring fails in input form design, discussion about what exactly went wrong and some ideas on how it could be improved to be more accurate and inclusive, both in the particular as well as the general. false lambdaTotoro 2019-12-28T16:30:00+01:00 16:30 00:20 Chaos-West Bühne M8NMW7 https://fahrplan.chaos-west.de/36c3/talk/M8NMW7/ Antifaschimus Einfacher Slot de Der Feminismus ist Feindbild der rechten Szenen. So auch in der ‚Identitären Bewegung‘. Neben Praktiken des Otherings und Diffamierungen gegen Feminist*innen und andere Akteur*innen des Gender-Diskurses behaupten die ‚Identitären‘, sich für Frauen viel gewissenhafter einzusetzen als „die Linken“ es täten: Denn Feminismus mache Frauen unglücklich und mache sie langfristig zu unfrei. Frauen ließen sich von „linksgrünversifften“ Mainstreammedien und der Politik unwissentlich emotional erpressen und wählten darum Parteien¬, die in der Lesart der IB Frauen nur Unglück brächten. Die Überzeugungsstrategien, die genutzt werden, um Frauen auf die „rechte Seite“ zu ziehen, wird in der Szene als „red pilling“ bezeichnet – eine Metapher von misogynen Männerrechtlern, die durch „Gamergate“ auch andere Szenen erreichte. Ich werde die vermeintlich ‚harmlos‘ erscheinenden Social-Media-Darstellungen der ‚Identitären‘ – wie das „private’ Instagramfoto einer Schwangeren im Kornfeld – analysieren, und zeigen, welche mehr oder weniger subtilen Reproduktion von stereotypischen, antifeministischen Rollenbildern transportiert werden, die vordergründig als „frauenfreundlich“ angeboten werden. false Marie Rodewald /media/36c3/images/QT7EV7/Screenshot_2019-12-19_at_01.58.54.png 2019-12-28T17:00:00+01:00 17:00 00:50 Chaos-West Bühne QT7EV7 https://fahrplan.chaos-west.de/36c3/talk/QT7EV7/ Antifaschimus Doppelter Slot en Where did all the nice things go? The World Wide Web had plenty. Everyone had Neopets, Geocities and Tom from MySpace as their top friend. Where did all the women go? Computing had plenty of them. The first computers were women. This talk is going to answer these and more questions. Starting with the technical underpinnings of the internet – explained on a beginner-friendly level. It takes you through the history of the web and computing, focussing on the exclusion of women out of the work sphere. It will illustrate that the tech industry as a whole has been complicit in oppression for far too long, but also show recent examples of organised workers, trying to change things for the better. It’s time to take back the web. PSA: There might be occurrences of cats, trance dolphins and other mystical creatures of the digital sphere along the way. false Oscar 2019-12-28T18:00:00+01:00 18:00 00:20 Chaos-West Bühne YDMJLP https://fahrplan.chaos-west.de/36c3/talk/YDMJLP/ Klimakatastrophe Einfacher Slot de ### Code für den Aktivismus Als wir im Frühjahr diese Gruppe gegründet haben, konnten wir nicht ahnen, dass wir derart viele Anfragen zu bearbeiten geben könnte. Von Wissenschaftlern bis Förstern – jeder mit anderen Bedürfnissen. Dazu stehen wir in engem Kontakt mit den Entwicklern der diversen Friday For Future Projekte, sodass wir hier inzwischen auch als fester Bestandteil der Bewegung gelten Durch die Fülle an Organisationen und kleinen Projekten, können fast auf ein Jahr Coding zurückblicken. An diesen Beispielen möchte ich euch teilhaben lassen und so auch das Projekt Developers For Future vorstellen und es vor allem in den Kontext der Klima-Protest-Bewegung einordnen. Es geht los bei einem kleinen Einschreibeformular und endet bei ganzen Applikationen, die dabei helfen sollen die Anliegen der Bewegung zu transportiern. false Maximilian Berghoff 2019-12-28T18:30:00+01:00 18:30 00:20 Chaos-West Bühne JQMCLL https://fahrplan.chaos-west.de/36c3/talk/JQMCLL/ The real basic about Bits and Nibbles Einfacher Slot de FSK Modems sind die einfachste praktikable Form von Modems. Sie sind so einfach, dass mit relativ wenig Aufwand bauen kann. Dabei kann man sie unterschiedlich realisieren von relativ einfachen von einfachen Digitalschaltungen bis hin zu einfachen Softwarelösungen. Auch wenn heute die Übertragung von Daten über Telefonleitungen nicht mehr so relevant ist, gibt es immer noch Anwendungen wie beispielsweise im Funkbereich oder wenn man Daten über Kopfhörerausgänge transportieren möchte. In diesem Talk möchte ich einige der Wege aufzeichnen wie man solche Modems realisiert hat. Dieser Talk soll auch dazu inspirieren selbst mal ein paar Zeilen Code zu schreiben oder den Lötkolben zu schwingen um diese Technologie auch heute noch zu verwenden. Gleichzeitig wird es auch noch zeigen wie schön komplexe Zahlen sein können und wofür die eigentlich gut sind. false Christian Berger 2019-12-28T19:00:00+01:00 19:00 00:50 Chaos-West Bühne YDBKTM https://fahrplan.chaos-west.de/36c3/talk/YDBKTM/ The real basic about Bits and Nibbles Doppelter Slot de Bahn API Chaos Wir schauen uns mal wieder Bahn APIs an. Diesmal mehr Wagenreihungs Fakten und interessante unregelmäßigkeiten in den verschiedenen APIs. Warum zum Beispiel gibt es bei marudor.de ein "isActuallyIC" wenn doch eigentlich die Zuggattung mitkommt. Warum gibt es "realFahrtrichtung" wenn es auch eine "fahrtrichtung" property gibt. Unregelmäßigkeiten in den Bahn APIs zwangen mich erfinderisch zu sein. Gleichzeitig ist es teils Abenteuerlich wie ich die unregelmäßigkeiten fand - die sind oft gar nicht so ersichtlich. Auch versuchen wir zu erörtern warum die Sachen so sind, ist es ein technisches Problem? Ist es ein Datenproblem? Was könnte ein Auslöser sein? Wer ist dafür verantwortlich? Grundlage für alles ist marudor.de und die Entwicklung daran. Das bedeutet für mich mindestens 3 Jahre Erfahrung in Bahn APIs reverse engineeren und deuten wie gut die Qualität einzelner APIs ist. Dabei wurde nicht nur die Deutsche Bahn sondern auch verschiedene Verkehrsverbünde und Ausländische Bahnen angeschaut. false marudor 2019-12-28T21:00:00+01:00 21:00 00:50 Chaos-West Bühne HBQRZE https://fahrplan.chaos-west.de/36c3/talk/HBQRZE/ All about computers Doppelter Slot en Old school DNS is unencrypted and thus prone to MITM-Attacks or DNS-Hijacking. DNS-over-HTTPS (DoH) is trying to solve this finally by encrypting DNS-requests between the client and the resolver. There have been previous (failed) attempts of encrypting DNS, but DoH seems to be the most promising so far, because browser makers such as Mozilla and Google are pushing the adoption and plan to roll this technology out to all Firefox and Chrome users. Microsoft ist planning to support DoH in natively in Windows 10. But there are a lot of people that are pretty angry and vocal about that move. This includes ISPs and Ad-Companies all over the world. This talk will give an overview how DoH came to be, what problems it is trying to solve and what obstacles are hindering the adoption. You'll learn about DNS, encryption, the work on _proposed_ internet standards, how fake news work and why your ISP is tracking you and provides you with falsified information. And you'll learn how to use encrypted DNS. false Sebastian 2019-12-28T22:00:00+01:00 22:00 00:50 Chaos-West Bühne PDFWDW https://fahrplan.chaos-west.de/36c3/talk/PDFWDW/ All about computers Doppelter Slot de Wäre der Staat ein Betriebssystem, würden wir uns natürlich wünschen, dass er nach den Prinzipien freier Software verwaltet wird. Die Prozesse sollten möglichst transparent ablaufen, sodass jeder nachprüfen kann, wenn irgendwo was schief läuft. Natürlich sollte die Gestaltung der Prozesse nicht in einer Blackbox passieren und der Code sollte zum Verändern und Mitmachen einladen. Ich bin der Meinung, dass Politik transparent und nachvollziehbar sein sollte. Es sollte Beteiligungsmöglichkeiten geben, die für alle offen stehen. Leider laufen die Prozesse im Bundestag nicht mal transparent, geschweige denn besonders partizipativ ab. Das Interface ist so unübersichtlich, dass selbst die Leute mit Adminrechten (Regierung) zum Teil Schwierigkeiten haben, den Überblick zu behalten. Als Bundestagsabgeordnete wurde mir zwar ein dickes Manual ausgehändigt, zum Durcharbeiten war aber keine Zeit. Die Lernkurve, bis man das System halbwegs effizient nutzen kann, ist sehr lang. Die Abläufe sind analoger, als man ohnehin vermutet, mit absurden, historisch gewachsenen Abläufen und unvorstellbaren Papierbergen. Es gibt wenig Transparenz und Mitmachmöglichkeiten sind rar. In dieser Session gebe ich Insider Einblicke in den Alltag als netzpolitische Sprecherin der Linksfraktion im Bundestag mit netzaktivistischem Hintergrund, zeige die Handlungsmöglichkeiten einer Oppositionspolitikerin und wie ich versuche, meine eigenen Handlungsspielräume für mehr Transparenz und Beteiligungsmöglichkeiten auszureizen, aber auch wie ihr als Netzcommunity mich als Eure Volksvertreterin nutzen könnt, um z.B. auf offiziellen Kanälen Informationen abzufragen, an die man sonst nicht kommt, denn Wissen ist Macht. Als Netzaktivistin im Bundestag möchte ich dort ganz besonders Sprachrohr der Netzcommunity sein. In meiner Rolle als Abgeordnete einer Oppositionspartei kann ich Themen setzen und Informationen beschaffen, ich kann fiese Fragen stellen – in langen und kurzen Formaten und die Bundesregierung muss darauf antworten. In 22 Monaten hielt ich 20 Reden, stellte 43 schriftliche Fragen, 33 Kleine Anfragen, 5 Anträge und reichte einen eigenen Gesetzentwurf ein. Es ging um Überwachung am Südkreuz, Open Source, das NetzDG, Hackbacks, IPv6, Künstliche Intelligenz, DNA Analysen in der Stammbaumforschung, Uploadfilter, IT Sicherheit, Impressumpflichten, barrierefreie Notrufe, Whistleblower, Mobilfunk, Open Data, KfZ Scanning, Funkzellenabfragen und stille SMS, digitale Gewalt gegen Frauen, Bundeswehr bei re:publica, Verschlüsselung, Lobbyregister, social Innovation, Open Justice und vieles mehr. In dieser Session werde ich konkrete Beispiele dazu vorstellen, über meine Pläne reden und Euch fragen, was Ihr schon immer von der Bundesregierung in Netzfragen wissen wolltet, damit ich die GroKo weiter nerven kann und wir alle besser wissen, was sie tun. Lasst uns gemeinsam das intransparente und wenig partizipative System Bundestag hacken, denn Demokratie lebt vom Mitmachen! false Anke Domscheit-Berg /media/36c3/images/YYJGCZ/header.png 2019-12-28T23:00:00+01:00 23:00 00:50 Chaos-West Bühne YYJGCZ https://fahrplan.chaos-west.de/36c3/talk/YYJGCZ/ Nicht Computers Doppelter Slot en # Non-isolated DC/DC converters DC-to-DC converters are cheap and ubiquitous, but many still feel uncomfortable using them. In this talk I will talk about step-down (buck) and step-up (boost) converters, covering the basics in an easy-to-understand form, and touching on the knowledge you need to build your own. This talk will be enjoyable for you if you have basic electronics knowledge: you understand what voltage, resistance, and current mean. ##Outline - Theory of operation explained with illustrations - Synchronous and asynchronous converters: advantages and disadvantages - How to chose and evaluate cheap DC/DC converter modules you can buy online - Efficiency and sources of energy loss - Features you might want: Enable, Current Limiting, Undervoltage Protection - Control modes: voltage mode, current mode, and hysteretic mode - Unstable converters, and how to fix them - Switching noise, and how to deal with it - What if you need more voltage? Boost converters! false Zoé Bőle 2019-12-29T00:00:00+01:00 00:00 02:00 Chaos-West Bühne 9AY7YE https://fahrplan.chaos-west.de/36c3/talk/9AY7YE/ Klangteppich Klangteppich de Systemabsturz ist eine Datenschutz-Elektropunk-Band aus Berlin. Stets pflichtbewusst fordern sie einen weiteren Abbau der Freiheitsrechte und mehr Überwachung. Musikalisch bewegen sich die Songs irgendwo zwischen Rave Punk, Schlager-Verschnitten und Techno. true Vik /media/36c3/images/7PERQN/53761191_1876875599091269_7223011896578801664_o.png 2019-12-29T02:00:00+01:00 02:00 02:00 Chaos-West Bühne 7PERQN https://fahrplan.chaos-west.de/36c3/talk/7PERQN/ Klangteppich Klangteppich en Improvised music, visualised and influenced through artificial intelligence. Dialogue in space, interaction, improvisation, live sampling, as well as the creative use of traditional and experimental instruments, synthesizers, electronic effects and everyday life objects -- all of which turns into music under the influence of AI. Evolving from this is a unique, atmospheric sound and non-repeatable sound experience. The employed AI consists of a neural network, thus an exemplary reproduction of brain functions. The data sets which are used to train the network includes behavioural modelling data as and the distribution of gases in space. Glitches and non-perfect behavior is strongly appreciated! The "light" version is just the dialog between algorithm and modular. live Ambient / Drone / Soundscape true timodufner 2019-12-28T12:00:00+01:00 12:00 00:25 OIO Stage E77J8R https://talks.oio.social/36c3-oio/talk/E77J8R/ Hardware & Making Talk 20 minutes + 5 minutes Q&A de Der Markt für Mobilgeräte wird dominiert von Android und der Anteil freier Komponenten wird merklich kleiner. Einige Projekte versuchen das zu ändern und bringen GNU/Linux auf Handies und Tablets zu bringen. Wir schauen uns verschiedene solche Projekte an und sprechen über die Notwendigkeit, den aktuellen Stand und die Zukunftsaussichten von GNU/Linux auf Mobilgeräten. Am Beispiel von Ubuntu Touch gehen wir auf besondere Herausforderungen ein. false segal Jan Sprinz 2019-12-28T12:40:00+01:00 12:40 00:55 OIO Stage 3JU7Y9 https://talks.oio.social/36c3-oio/talk/3JU7Y9/ Hardware & Making Talk 45 minutes + 10 minutes Q&A en Nextcloud Flow is the overhauled workflow engine in upcoming Nextcloud 18. This talk describes how it evolved, how it works internally, and especially how own components can be built, so you can set up automatized tasks in your Nextcloud. false Blizzz /media/36c3-oio/images/BJQTYA/avatar1_cqxI94G.png 2019-12-28T13:45:00+01:00 13:45 00:25 OIO Stage BJQTYA https://talks.oio.social/36c3-oio/talk/BJQTYA/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A en We explore the potential of scalable online ethnography to study the rapidly growing phenomenon of participatory culture communities and discuss the potential benefits and challenges of using an online platform in hacker communities. The presentation shares views, with a demo, on how to build participatory online communities from a pilot that focused on the global Burning Man community. The talk is grounded on the collaboration of two high-impact research projects, Burning Stories and Edgeryders. Firstly the aim of Burning Stories, by combining science and arts, is to study the global Burning Man community and seek to explain the processes through which community membership of Burning Man participants evolves across time and space, and how this, in turn, affects the society. By combining the Burning Stories research project with an online ethnography tool from Edgeryders, who use it for multiple Horizon 2020 funded project, the talk aims to present novel ways of disrupting the traditional ways of conducting ethnography in order to understand the emergence of a new cultural phenomenon and apply new, participatory methodology, in order to advance social sciences and community building. The presentation particularly focuses on lessons learnt from these two research projects and with the combination of the projects, explores the potential future use of the co-creative templates for hacker communities. false Jukka-Pekka Heikkilä 2019-12-28T14:30:00+01:00 14:30 00:55 OIO Stage EW8MBQ https://talks.oio.social/36c3-oio/talk/EW8MBQ/ Hardware & Making Talk 45 minutes + 10 minutes Q&A de Da A.25 mit 9k6 baud irgend wann einfach nicht mehr cool ist um Daten auf 430 Mhz zu übertragen, musste ein neues Protokoll mit passender Hardware her. Herausgekommen ist ein open source Projekt von F4HDK mit 500kbit/s nutzdaten, multiuser und schnellen Rundlaufzeiten. Nachdem das nötige Hintergrundswissen zu dem Thema Drahtlose Übertragungsprotokolle vermittelt wurde. Wird das Protokoll und die dazugehörende Hardware ausführlich vorgestellt und mit alternativen wie z.B. LORA verglichen. Außerdem soll rund um den OIO im laufe des Kongresses ein Demo-Netzwerk aufgebaut werden hierfür können auch noch Kits vorort gelötet werden, meldet euch dafür einfach bei mir. false Lars Rokita 2019-12-28T16:10:00+01:00 16:10 00:25 OIO Stage G3LD3P https://talks.oio.social/36c3-oio/talk/G3LD3P/ Hardware & Making Talk 20 minutes + 5 minutes Q&A en The Independent Solar Mesh System has a new hardware that will bring the power consumption, space and cost requirements of low cost WiFi relay stations down: FF-ESP32-.OpenMPPT In order to build the cheapest energy autonomous WiFi relay possible, we have designed an update to the previous Freifunk-Open-MPPT-Solarcontroller. It has now integrated WiFi and Bluetooth, so it doesn't need an external WiFi router anymore, but you can still connect one. Technical data is preliminary at the moment, but power consumption will be between ~0.3 at low load and ~0.6 Watt at maximum load. So a 20 Watt Solar panel and a 12V 7Ah battery will be more than enough to keep the system running and relaying traffic all year. false Elektra Wagenrad 2019-12-28T16:45:00+01:00 16:45 00:25 OIO Stage A8GQTE https://talks.oio.social/36c3-oio/talk/A8GQTE/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A de Richtlinien für den ethischen Einsatz von Algorithmen gibt es langsam wirklich genug. Konzerne und Organisationen übertrumpfen sich geradezu damit zu betonen, dass der Mensch bei allen maschinellen Entscheidungen im Mittelpunkt stehen soll, dass die Systeme fair und nachvollziehbar arbeiten müssen. Aber egal, ob sie nun direkt von Google und IBM stammen, von Normungsorganisationen wie IEEE oder der OECD – gemeinsam ist all diesen Richtlinien: Sie sind rechtlich nicht bindend. Die Frage ist also: Wem dienen solche Ansätze der unternehmerischen und staatlichen Selbstregulierung? Und wollen wir uns auf sie verlassen oder brauchen wir klare gesetzliche Auflagen? Welche Regeln sollten für Unternehmen gelten, welche für den Staat? Und wer soll darüber wachen, dass sie eingehalten werden? false segal Chris Köver 2019-12-28T17:15:00+01:00 17:15 00:55 OIO Stage P9BACD https://talks.oio.social/36c3-oio/talk/P9BACD/ Hardware & Making Talk 45 minutes + 10 minutes Q&A de Ein howto für Dummis, Freifunk Infrastruktur selber zu betreiben. Es ist gut, wenn viele Menschen Freifunk Router einrichten können. Doch es ist besser, wenn auch Leute selber einen Super Node betreiben können. Es gibt viele Wege, dies umzusetzen. Ich möchte zeigen, wie ich in letzter Zeit es umgesetzt habe mit mittleren Kenntnissen. Und es wird gezeigt, wie man Provider werden kann. false Matthias Schmidt /media/36c3-oio/images/8D7DBP/logos_to_replace_78tfwYe.png 2019-12-28T18:15:00+01:00 18:15 00:55 OIO Stage 8D7DBP https://talks.oio.social/36c3-oio/talk/8D7DBP/ Hardware & Making Talk 45 minutes + 10 minutes Q&A en With Nextcloud you can sync, share and collaborate on data, but you don't need to put your photos, calendars or chat logs on an American server. Nope, Nextcloud is self-hosted and 100% open source! Thanks to hundreds of apps, Nextcloud can do a lot and in this talk, I will highlight some cool things. Consider this a follow-up from my talk about 200 things Nextcloud can do last year! An update on what's new and some cool new stuff. What, what is `Nextcloud`? Let's see. A private cloud is one way to put it, though that's a contradiction of course. It is a way to share your data, sync your files, communicate and collaborate with others - without giving your data to GAFAM! Keep it on your own server, or something close (like a local hosting provider or data center). Nextcloud is a PHP app that does all that, and more! Easy to use, secure (really) and fully open source of course. false Jos Poortvliet 2019-12-28T20:50:00+01:00 20:50 00:25 OIO Stage LU3JNL https://talks.oio.social/36c3-oio/talk/LU3JNL/ Hardware & Making Talk 20 minutes + 5 minutes Q&A en After a very quick introduction on Replicant and the smartphones ecosystem, we will look at what affects smartphones' and tablets' lifetime and how to increase it by making Replicant more sustainable. false segal Denis 'GNUtoo' Carikli /media/36c3-oio/images/GUZH7V/logo_GGS6DxK.png 2019-12-28T21:20:00+01:00 21:20 00:55 OIO Stage GUZH7V https://talks.oio.social/36c3-oio/talk/GUZH7V/ Hardware & Making Talk 45 minutes + 10 minutes Q&A en Building a social network on top of net2o, and importing your existing data I've a dream: A peer-to-peer network, where services like search engines or social networks aren't offered by big companies, who in turn need to make money by selling the privacy of their users. Where all data is encrypted, so that access is only possible for people who have the key and really are authorized. Which layman can use without cryptic user interfaces. Where the browser is a platform for running useful applications without the mess of Flash and JavaScript. Without the lag of “buffer bloat” and without the speed problems of a protocol not designed to be assisted by hardware. This dream is coming to reality: This talk will show how far I got, and what challenges still are ahead. The talk is in three parts: 1. a short overview over net2o 2. a demonstration of how the social network stuff looks like 3. and an outlook over what needs to be done to make it a polished product false dvn Bernd Paysan 2019-12-28T22:25:00+01:00 22:25 00:25 OIO Stage L7MBH8 https://talks.oio.social/36c3-oio/talk/L7MBH8/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A de Im Internet offerieren diverse Anbieter WiFi Hardware inklusive VPN für 10€. Dieser Talk behandelt, wie sehr sich die verkaufte Hardware sowie Software von den meisten Freifunk Setups unterscheidet. false blocktrron 2019-12-28T23:00:00+01:00 23:00 00:55 OIO Stage RUXX3H https://talks.oio.social/36c3-oio/talk/RUXX3H/ Science Talk 45 minutes + 10 minutes Q&A de Dort wo sich Physik und Philosophie treffen ist es Zeit, über Zeit zu sprechen. false Steini 2019-12-29T00:00:00+01:00 00:00 01:30 OIO Stage QSKPAM https://talks.oio.social/36c3-oio/talk/QSKPAM/ Entertainment Talk 45 minutes + 10 minutes Q&A de Mitmachspass mit Autocomplete: Entdecke KI-Seele deines Smartphones Ein Spiel mit dem Publikum: Menschen nutzen die Autocomplete/Predict-Funktion ihres Mobilgerätes, um basierend auf einem (wechselnden) vorgegebenen ersten Wort Sätze zu bilden, also immer nur das nächste vorgeschlagene Wort zu bestätigen. Die Ergebnisse werden mehr oder minder live und total willkürlich ausgewählt verlesen. Auch wenn's erstmal sinnlos erscheint: Und auch wenn den Absendenden Anonymität zugesichert wird und im Gegensatz Schummeln verboten ist: Die Art der Sätze, die die trainierte/konditionierte Maschine dabei hervorbringt offenbaren mindestens einen eigenen Charakter oder sagen zumindest etwas über die bevorzugte Nutzung des Gerätes. false Adorfer /media/36c3/images/8SBP3N/ct_uplink_Formatiert_Korrigiert-84f2a1bb6a1e52e3.jpeg 2019-12-28T11:00:00+01:00 11:00 01:00 DLF- und Podcast-Bühne 8SBP3N https://fahrplan.das-sendezentrum.de/36c3/talk/8SBP3N/ DLF- und Podcast-Bühne Normale Länge en Inside Heise Online & c't: Wie wir arbeiten und was wir tun Mitglieder der Redaktionen von [Heise Online](https://www.heise.de) und [c't](https://www.ct.de) diskutieren im [c't uplink](https://www.heise.de/ct/entdecken/?hauptrubrik=%40ctmagazin&unterrubrik=c%27t+uplink) üblicherweise über Themen aus der aktuellen c' und was sonst noch so in der IT-Welt passiert. Beim 36C3 nehmen wir Euch mal mit in unsere Redaktion und erklären Euch live, was da passiert und wie wir arbeiten. Wenn Ihr Fragen zur Redaktionsarbeit habt, schickt sie gern vorab an [mls@ct.de](mailto:mls@ct.de?subject=Frage für den Live-Uplink&) oder fragt einfach während der Sendung! false Jürgen Kuri Merlin Schumacher Holger Bleich Pina Merkert Eva Maria Weiß 2019-12-28T16:30:00+01:00 16:30 00:30 DLF- und Podcast-Bühne 7UG3FB https://fahrplan.das-sendezentrum.de/36c3/talk/7UG3FB/ DLF- und Podcast-Bühne Normale Länge de Forschung Aktuell – Computer und Kommunikation Forschung Aktuell – Computer und Kommunikation false DLF-Team /media/36c3/images/UXVNEN/zk018.jpg 2019-12-28T18:00:00+01:00 18:00 01:00 DLF- und Podcast-Bühne UXVNEN https://fahrplan.das-sendezentrum.de/36c3/talk/UXVNEN/ DLF- und Podcast-Bühne Normale Länge de Claudia und Anna sprechen über Biologie! Stellt uns eure Fragen zu allem was ihr aus dem Bereich der Biologie schon immer wissen wolltet. CRISPR? Proteinbiosynthese? Chromosomen? Krebs? Ihr würdet gerne wissen was sich wirklich hinter diesen Begriffen verbirgt? Dann kommt und fragt uns! Zur Belohnung für's fragen gibt es auch wieder Kekse. ZellKultur ist ein Wissenschaftspodcast im Bereich Biologie. Zwischen aktuellen Themen und Grundlagen versuchen wir, die Welt der Zellen, Bakterien und Wirkstoffe euch etwas näher zu bringen. Und zwar verständlich für alle! Wir freuen uns vor allem über konkrete Fragen aus dem Publikum. false Anna Müllner /media/36c3/images/LZ8SR8/UA_Pod_Bild_mono.jpg 2019-12-28T19:15:00+01:00 19:15 01:00 DLF- und Podcast-Bühne LZ8SR8 https://fahrplan.das-sendezentrum.de/36c3/talk/LZ8SR8/ DLF- und Podcast-Bühne Normale Länge de Im Podcast UA Pod Berlin fassen wir das Sitzungsgeschehen im Untersuchungsausschuss zum Terroranschlag am Breitscheidplatz zusammen. Tagesaktuell binden wir Abgeordneten-Statements zum Geschehen mit ein. Die Kanzlerin versprach den Hinterbliebenen und Opfern Aufklärung. Wir zeigen im Podcast wie weit wir davon entfernt sind. Podcast über den Untersuchungsausschuss zum Anschlag am Breitscheidplatz, Berlin. Diesmal ein offener Podcast mit Diskussion. Wird der Ausschuss wahrgenommen? Wie ist der Eindruck der Behörden? Wieviel Courage braucht eine Zeugin / ein Zeuge? false Stellla Yäger /media/36c3/images/ZYJXVP/NPP186-OffTheRecord-mp3-image.jpg 2019-12-28T20:30:00+01:00 20:30 01:00 DLF- und Podcast-Bühne ZYJXVP https://fahrplan.das-sendezentrum.de/36c3/talk/ZYJXVP/ DLF- und Podcast-Bühne Normale Länge de Geheime Einschätzungen des Verfassungsschutzes zur AfD, ungünstiges Framing bei der ARD, intransparente Moderation bei Tiktok: In diesem Jahr haben wir mit so mancher Recherche Schlagzeilen gemacht. Hier wollen wir auf einige interessante Geschichten aus 2019 schauen und einen Blick hinter die Kulissen von netzpolitik.org geben. „Off The Record“ gibt monatlich Einblicke in den Maschinenraum von netzpolitik.org: Die wichtigsten Recherchen, die schönsten Erfolge, die größten Schwierigkeiten und die spannendsten Geschichten hinter den Geschichten. Dieses Mal mit einer Sonderausgabe, in der wir unser Jahr 2019 zusammenkehren. false netzpolitik.org /media/36c3/images/78BJ3S/RR_Cover.jpeg 2019-12-28T21:45:00+01:00 21:45 01:00 DLF- und Podcast-Bühne 78BJ3S https://fahrplan.das-sendezentrum.de/36c3/talk/78BJ3S/ DLF- und Podcast-Bühne Normale Länge de Von antifeministischen Hasskampagnen bis zu Mental Load, von unangemessenen Preisvergaben bis zu intersektionalen Fragezeichen, von Megan Rapinoe bis zu Greta Thunberg – es gibt viel zu besprechen. Zeit für einen empowernden feministischen Jahresrückblick! „Reichlich Randale“ ist ein Personal-Pöbel-Podcast – inklusive exklusiver Becci-Rants. „Reichlich Randale“ ist feministisch, fußballverliebt, immer unterwegs, cinephil, laut, politisch, offen. Weil ich es bin. „Reichlich Randale“ erzählt euch ein bisschen aus meinem Leben, aber es fühlt sich gleichzeitig nach viel mehr an. Hi, ich bin Becci (@genderbeitrag) und veranstalte mittlerweile traditionell auf dem Congress im Rahmen meines Podcasts „Reichlich Randale“ einen feministischen Jahresrückblick mit tollen Gäst*innen. Von antifeministischen Hasskampagnen bis zu Mental Load, von unangemessenen Preisvergaben bis zu intersektionalen Fragezeichen, von Megan Rapinoe bis zu Greta Thunberg – es gibt viel zu besprechen. Ich freue mich darauf, mich mit euch über empowernde Gedanken und Strukturen auszutauschen. Für intersektionale Solidarität und Freund:innenschaft! false Becci (@genderbeitrag) 2019-12-28T23:00:00+01:00 23:00 01:00 DLF- und Podcast-Bühne KLQW7G https://fahrplan.das-sendezentrum.de/36c3/talk/KLQW7G/ DLF- und Podcast-Bühne Normale Länge de Nach vielen Jahren Politikunterricht wird Holger und das Publikum nun von Thomas zu den grundlegenden Inhalten geprüft. Der Politikunterricht lief dieses Jahr aus, und bevor Holger versetzt werden kann, muss er eine Lernzielkontrolle über sich ergehen lassen. false Advi 2019-12-28T11:00:00+01:00 11:00 00:45 WikiPaka WG: Esszimmer QT3DQD https://cfp.verschwoerhaus.de/36c3/talk/QT3DQD/ Community Talk de Introduction for the Subtitles Angletype. In the Subtitles Introduction Meeting we will tell you, what you have to do as a Subtitles Angel. Attending this meeting is necessary to become a Subtitles Angel. true Steini /media/36c3/images/GMHREE/P3.png 2019-12-28T12:00:00+01:00 12:00 01:00 WikiPaka WG: Esszimmer GMHREE https://cfp.verschwoerhaus.de/36c3/talk/GMHREE/ Community Meetup de Wir sind das Prototype Fund Team und laden alle ein, die von uns gefördert wurden oder mehr über den Fund erfahren möchten, uns und einander kennenzulernen! Der Prototype Fund unterstützt SoftwareentwicklerInnen, HackerInnen, DatenjournalistInnen und andere Kreative dabei, ihre Public-Interest-Tech-Idee vom Konzept bis zur ersten Demo umzusetzen. Wir fördern innovative Open-Source-Projekte in den Bereichen Civic Tech, Data Literacy, Datensicherheit und Software-Infrastruktur und supporten Euch mit bis zu 47.500 Euro Förderung pro Team/Einzelentwickler*in. Mit der Förderung könnt Ihr sechs Monate lang Code schreiben und einen Prototyp Eurer Open-Source-Software entwickeln. Zusätzlich erhaltet Ihr Coachings, Beratung und Vernetzung mit Tech- und weiteren Communities. true Marie Gutbub Thomas Friese 2019-12-28T13:00:00+01:00 13:00 00:30 WikiPaka WG: Esszimmer CKLM3A https://cfp.verschwoerhaus.de/36c3/talk/CKLM3A/ Ethics, Society & Politics Talk de DSGVO & Persönlichkeitsrecht bei Fotos mit Fokus auf Nutzung in freien Projekte wie Wikimedia Commons. * Persönlichkeitsrechte und ihre Bedeutung für Wikimedia-Projekte, inklusive Grundlagen des Allgemeinen Persönlichkeitsrechts (APR) * Was ist zu beachten bei Abbildungen von Personen des öffentlichen Lebens und beim Fotografieren öffentlicher und nicht-öffentlicher Veranstaltungen? (inklusive Umgang mit Einschränkungen von Seiten Dritter wie Sportverbänden, Künstlermanagements usw.) * Zusammenspiel urheberrechtlicher Lizenzen und persönlichkeitsrechtlicher Regeln Zeit für Fragen und Antworten ist eingeplant. true John 2019-12-28T13:50:00+01:00 13:50 00:15 WikiPaka WG: Esszimmer FFGWSW https://cfp.verschwoerhaus.de/36c3/talk/FFGWSW/ Resilience & Sustainability Lightning Talk de greenerWP is dedicated to help WordPress site owners making their sites and blogs more environmentally sustainable. greenerWP wants to help WordPress site owners making their sites more environmentally sustainable. The non-profit free/libre open source project consists of a website scanner, a WordPress plugin which provides guidance and optimizations, a lightweight WordPress theme that is optimized for sustainability, and guides and tools for setting up a solar powered single board computer running WordPress. The talk will give a short overview of the project and its development state. false Christian Neumann 2019-12-28T14:10:00+01:00 14:10 00:15 WikiPaka WG: Esszimmer V378DD https://cfp.verschwoerhaus.de/36c3/talk/V378DD/ Hardware & Making Lightning Talk de A lightning talk about technical contributions in Wikimedia projects that we can currently measure and the challenges that we face. Statistics can help to better understand communities and their needs. This lightning talk shows how Wikimedia uses the free and open source software "GrimoireLab" to get some data about its technical contributor base, and also covers some of the challenges that we face when it comes to measuring. false Andre Klapper 2019-12-28T14:30:00+01:00 14:30 00:15 WikiPaka WG: Esszimmer UAUKWZ https://cfp.verschwoerhaus.de/36c3/talk/UAUKWZ/ Hardware & Making Talk de Kurze Zusammenfassung über ein extrem vielfältiges Hobby. Beim Amateurfunk geht es grundlegen darum, mit eigener Technik Funkverbindungen herzustellen. Dieses Hobby ist aber noch deutlich vielfältiger. Dazu gehört ein besonderer Amateurfunksport, Wettbewerbe, Not- und Katastrophenfunk oder der Selbstbau von Funkgeräten und Antennen. Auch der Funkkontakt an sich ist immer wieder spannend. So kann man bis nach Neuseeland, mit der Internationalen Raumstation, mit Satelliten oder auch mit dem Mond funken. Manche Funkamateure wandern auf Berge oder fahren auf unbewohnte Inseln um von dort funken zu können. false Janek Noah 2019-12-28T16:00:00+01:00 16:00 00:30 WikiPaka WG: Esszimmer HMMPQQ https://cfp.verschwoerhaus.de/36c3/talk/HMMPQQ/ Science Talk en The ever-growing Wikidata contains a vast amount of factual knowledge. More complex knowledge, however, lies hidden beneath the surface: it can only be discovered by combining the factual statements of multiple items. Some of this knowledge may not even be stated explicitly, but rather hold simply by virtue of having no counterexamples present on Wikidata. Such implicit knowledge is not readily discoverable by humans, as the sheer size of Wikidata makes it impossible to verify the absence of counterexamples. We set out to identify a form of implicit knowledge that is succinctly representable, yet still comprehensible to humans: implications between properties of some set of items. Using techniques from Formal Concept Analysis, we show how to compute such implications, which can then be used to enhance the quality of Wikidata itself: absence of an expected rule points to counterexamples in the data set; unexpected rules indicate incomplete data. We propose an interactive exploration process that guides editors to identify false counterexamples and provide missing data. This procedure forms the basis of [The Exploration Game](https://tools.wmflabs.org/teg/), a game in which players can explore the implicational knowledge of set of Wikidata items of their choosing. We hope that the discovered knowledge may be useful not only for the insights gained, but also as a basis from which to create entity schemata. The talk will introduce the notions of Implicational Knowledge, describe how Formal Context Analysis may be employed to extract implications, and showcase the interactive exploration process. false Maximilian Marx Tom Hanika 2019-12-28T17:00:00+01:00 17:00 01:00 WikiPaka WG: Esszimmer 3VX9J3 https://cfp.verschwoerhaus.de/36c3/talk/3VX9J3/ Ethics, Society & Politics Talk de Grundlagenwissen zum Urheberrecht CC-Lizenzen und das Urheberrecht. Kurze Einführung wie CC-Lizenzen im Urheberrecht verankert sind. false John 2019-12-28T18:00:00+01:00 18:00 01:00 WikiPaka WG: Esszimmer LKSJUL https://cfp.verschwoerhaus.de/36c3/talk/LKSJUL/ Hardware & Making Talk de A showcase of software implemented outside of the MediaWiki and MediaWiki extensions code repositories. Wikimedia's communities have diverse interests, use cases and technical needs. Volunteer developers experiment with new ideas, build solutions and bridge workflow gaps across our software stack. This session is a showcase of a variety of impressive software solutions implemented outside of the MediaWiki and MediaWiki extensions code repositories. false Andre Klapper /media/36c3/images/CXU9SV/gg-36c3.png 2019-12-28T20:00:00+01:00 20:00 02:00 WikiPaka WG: Esszimmer CXU9SV https://cfp.verschwoerhaus.de/36c3/talk/CXU9SV/ Entertainement Talk de Das schnelle Quiz für alle jungen Hackerinnen und Hacker zwischen 12 und 18 Jahren. Lasst ihr euch von den Erwachsenen jagen oder entkommt ihr eurem Jäger? Gefragt - Gejagt ist ein bekanntes Quizformat aus der ARD. Wir stellen eine Junghacker\*innen-Version auf die Beine und lassen zwei clevere Teams bestehend aus Jugendlichen zwischen 12 und 18 Jahren gegeneinander, aber auch gegen die erwachsenen und erfahrenen Jäger\*innen antreten. Können sie gewinnen? Wir werden es herausfinden! Euch erwarten schnelle Fragerunden, abwechslungsreiche Themengebiete und an erster Stelle ganz viel gute Laune und Cyber! Du kannst dich zum mitspielen bewerben oder mithelfen - auch als Erwachsene\*r. Alle Informationen, die du dazu brauchst, findest du unter [nwng.eu/36c3-gg!](https://nwng.eu/36c3-gg) Wir freuen uns auf dich! <3 false nwng /media/36c3/images/GFXWGZ/VoteUPLove.jpg 2019-12-28T14:30:00+01:00 14:30 01:00 ChaosZone Bühne GFXWGZ https://cfp.chaoszone.cz/36c3/talk/GFXWGZ/ Vortrag 60min (inkl. Q&A) de Die Geschichte der Online-Wahlen oder des regelmäßigen Versuchs ihrer Einführung an der Universität Potsdam. Universitäten sind demokratische Organisationen. Sie veranstalten Wahlen. Warum nicht die Wahl elektronisch abhalten? Oder zumindest das Wählerverzeichnis mit der Mensakarte kombinieren? In diesem Vortrag geht es um die dunklen Abgründe beratungsresistenter Gremien, (Social-)Reverse-Engineering, klaffende Sicherheitslücken, die eine Wahl unbrauchbar machen und die Heilsversprechen von Firmen wie POLYAS, die ihre Produkte gern der öffentlichen Hand reichen wollen. false tzwenn 2019-12-28T16:00:00+01:00 16:00 01:00 ChaosZone Bühne 8YPR78 https://cfp.chaoszone.cz/36c3/talk/8YPR78/ Vortrag 60min (inkl. Q&A) de You know what a laser is all about. Do you? As scientists, lasers are our daily business. We will talk about the past, present and future of what is typically referred to as a laser. Let’s start our journey at the birth of laser light and illustrate its way through to what lasers are capable of today apart from pointing at presentation slides. It will become evident that lasers are present in our daily life, at work, the internet and science all around the world. But let’s not stop with what we already understand, where the laser takes us today; let's have a short glimpse of what to expect in the future as well. false Benjamin Ewers, Raoul-Amadeus Lorbeer Raoul-Amadeus Lorbeer 2019-12-28T17:25:00+01:00 17:25 02:00 ChaosZone Bühne NCTE7Q https://cfp.chaoszone.cz/36c3/talk/NCTE7Q/ Ethics, Society & Politics Workshop 2h en In this interactive, mostly stand-up workshop, we experiment with concrete techniques created for making every person in a working group feel valued. We will try out tools to promote an inclusive&healthy working culture on the micro-level, called "Liberating Structures". Afterwards, you can try and apply these techniques in meetings, retrospectives, kick-offs for a sprint - wherever a group of people is gathering to discuss things and work together. false Katya 2019-12-28T20:00:00+01:00 20:00 00:30 ChaosZone Bühne VPJPZR https://cfp.chaoszone.cz/36c3/talk/VPJPZR/ Hardware & Making Vortrag 30 min (incl. Q&A) de Wie ich Bleepstrack's 36C3 Designgenerator auf ein Oszilloskop gebracht habe. Eine kurze Reise von Vektorgrafiken in JS, über die Web Audio API bis zum XY-Modus eines Oszilloskops. Mit Oscilloscope-Music gibt es schon einige Zeit lang eine coole Anwendung für alte analoge Oszilloskope. Jedoch war der Entstehungsprozess für mich immer ein wenig magisch. Die eigentliche Idee dahinter ist relativ simpel, aber wie genau macht man es und wie kann man die Signale einfach erzeugen? Antworten auf diese Fragen habe ich gefunden, als ich angefangen habe, den 36C3 Designgenerator von Bleeptrack um eine Oszilliskop-Darstellung zu erweitern. Mit einem Browser, ein bisschen JavaScript und einen Kopfhörerausgang hat man nämlich alles was man braucht um dem grünen Phosphor neues Leben einzuhauchen. https://github.com/quantenProjects/36c3-generator Slides: https://quantenprojects.github.io/presentations-at-36c3/ false quanten 2019-12-28T21:00:00+01:00 21:00 01:00 ChaosZone Bühne XNFBGR https://cfp.chaoszone.cz/36c3/talk/XNFBGR/ Vortrag 60min (inkl. Q&A) de x x false Deleted User Marko Makel /media/36c3/images/DVKCLG/B5E74096-1097-4199-A216-62136221CD67_zx8lDVW.png 2019-12-28T11:30:00+01:00 11:30 00:30 Art-and-Play Stage DVKCLG https://stage.artesmobiles.art/36c3/talk/DVKCLG/ Lecture Lecture en Flipdots are electromechnical displays that were often used in public transport vehicles. With the Fluepdot project, it is possible to take control over this ancient technology, to built a large installation. In this talk, I will give an insight on how this thing came to live. Also I will be answering the most frequently asked questions, give an overview of the electrical engineering and the software used to control the installation. false Fabian Lüpke /media/36c3/images/RAY8LY/Quantified_Reality__web_3JfYIRI.jpg 2019-12-28T12:00:00+01:00 12:00 01:00 Art-and-Play Stage RAY8LY https://stage.artesmobiles.art/36c3/talk/RAY8LY/ Lecture Lecture en performance lecture 60 min Today, up to half of all animal species are at risk of extinction. At the same time, leading engineers and philosophers are envisioning a bio- and geo-engineered future where machines may develop their own forms of consciousness. What may seem to be two distinct developments – of nature and IT – are in fact the consequences of the actions of the one species that has come to dominate the planet: homo sapiens. As an artist, I have always striven to find the worlds that are hidden behind the ordinary. In my lecture performance I use photography, a dead bird, a children's vinyl published by state environmental education services of native bird's songs (which are extinct by now), show results of my own Artificial Intelligence, which continues evolution of moths and let a bionic drone fly. Anthropogenic Extinction Crisis, bionic engineering, climate change, and AI will be put into a mesmerizing web of inter-relations, using art as a medium of research, turning complex information into visual messages. false Claudius Schulze /media/36c3/images/8NC7PK/Vision_des_OstHub__web_kOzLHGW.jpg 2019-12-28T13:00:00+01:00 13:00 00:30 Art-and-Play Stage 8NC7PK https://stage.artesmobiles.art/36c3/talk/8NC7PK/ Lecture Lecture en co-working space, media laboratory, center for immersive media art and technology, talk and Q&A 30min In 2020, a new space called "OstHub" will be developed in the East of Leipzig. Within 400m2, a co-working space, a centre of immersive media art and technology and several media production studios (film, 3d audio and programming) will find their place. A hybrid of culture and creative industries joining production and research in the fields of art, design, music, film and game industry. Laboratories, workshops, media (art) festivals, talks, exhibitions, 3D audio concerts, film screenings and many more formats will form the core of the program and can be realised in the location. The initiator of the OstHub is the Wisp Kollektiv, a studio for digital art, design and culture. For several years the studio creates free and commissioned artistic works with sound and light in space such as installations, compositions, sound designs, performances and concert productions for exhibitions and live shows. false Wisp Kollektiv (Paul Schengber) /media/36c3/images/BLLD8D/Experiments_in_forests_and_exhibition_halls___web_jTFmECZ.jpg 2019-12-28T13:30:00+01:00 13:30 00:30 Art-and-Play Stage BLLD8D https://stage.artesmobiles.art/36c3/talk/BLLD8D/ Lecture Lecture en artist talk and Q&A 30min In 2015 few physics students from the technical university started showing experiments at parties in Berlin. Meanwhile things happened – now we’re a group of 30 people with a collection of about 20 installations. We showed our experiments at approximately 60 events, including big festivals like Fusion. In this talk we want to share some of our experience - how people perceive our installations, how this affects our work, what motivates us and how we organize ourselves. false Andrea Heilrath /media/36c3/images/BEKPLP/AI_in_Artistic_Practice__web_Fn36KML.jpg 2019-12-28T14:00:00+01:00 14:00 00:45 Art-and-Play Stage BEKPLP https://stage.artesmobiles.art/36c3/talk/BEKPLP/ Lecture Lecture en artist talk and Q&A 45 min The lecture locates AI as an artistic tool in art history. The development in technology changed the interaction and role of the artist and the machine within the creative process in painting, music, performance, film, architecture and design. The use of AI in the artistic world is still very new and therefore there is not much history of collaborations between artists and AI systems. This talk gives a brief overview of the use of algorithms in the creative process and an introduction to the functioning of neural networks using the example of the work "Speculative Artificial Intelligence". Differences between working with algorithms and AI will be pointed out and general strategies for using AI within the artistic process will be proposed. false Birk Schmithüsen /media/36c3/images/NS9EMG/FieldTrip_mI2PVa3.png 2019-12-28T15:00:00+01:00 15:00 01:00 Art-and-Play Stage NS9EMG https://stage.artesmobiles.art/36c3/talk/NS9EMG/ Screening Interactive Screening and Q&A en interactive documentary, 60 min + Q&A, 2019 Interactive Screening and Q&A Field Trip is an interactive documentary film about Tempelhof Field, a former airfield now being used as one of the biggest urban parks in the world. For some, the 300 hectares of open space are full of possibilities; for others, it is a place of oppression and of dark episodes in German history. For others still, it has become a home far away from home. Field Trip tells their stories. Through interactive documentary films and the inclusion of people on site, Field Trip has become a vibrant reflection of one of the most exciting places in Berlin. Field Trip is a ronjafilm production and was initiated by a group of Berlin media makers coming from Documentary film, Journalism and Creative Technology. The Field Trip team has made a large part of the materials (films, illustrations, software, design) available to the public. Most of the materials are published under open licenses. Open licenses strategy In the Field Trip team, we like to see ourselves as commons-based creatives. This is why, the idea we have for our project is to create a permanently open, living documentary, based on open web technologies. This means that all interactive options, visualisations, transitions, effects and almost everything else is implemented through small, re-usable snippets of code. Instead of conventional post-production software, we are using HTML, Javascript and CSS wherever technologically feasible. In addition, we are making these code snippets available in an open repository under MIT and GPL v3 licenses. When it comes to the documentary reality, while all code behind our interactive documentary is published under open source licences, the conditions for content (e.g. video material, photographs, texts) vary more than we would have liked: we normally use the "Creative Commons Attribution-ShareAlike 4.0 International License", which allows the free use, editing and distribution (including commercially) of content, as long as the authors are correctly named and the works are passed on under the same conditions. The majority of Field Trip content is thereby under that CC license. On top of the material used in the documentary, we put rough cut and b-roll material under the said Creative Commons license. However, in the case of archival material, sensitive material (i.e., where we explicitly needed to protect a protagonist), content obtained through other channels (e.g., private video material), we had to compromise. Any restrictions of this kind are clearly communicated in the list of all materials and licences in our media repository, to be launched in full extent at the 36th Chaos Computer Conference in December 2019. false Field Trip /media/36c3/images/9QUK7W/Was_kostet_die_Welt__web_Kd5mOf4.jpg 2019-12-28T16:30:00+01:00 16:30 01:31 Art-and-Play Stage 9QUK7W https://stage.artesmobiles.art/36c3/talk/9QUK7W/ Screening Screening en documentary, 2018, 91:00 min + Q&A, english language Until 2008, the Channel Island of Sark, located to the west of Normandy, was the last feudalistic spot in Europe. A royal fief, it sometimes looks exactly like people imagine a cosy English idyll: steep cliffs, green meadows, woolly sheep, low little houses and breast high overgrown stone walls. The around 600 island dwellers who elect their own parliament and have their own laws have lived according to autonomous rules and ideas of communitiy, property and right for centuries. But these tradition was smashed abruptly, when two billionaire brothers began to buy the island piece by piece and take legal action against the laws and Acts of the Sark Parliament. What started with legal disputes soon continued with campaigns and scenarios of different origin, which islanders perceive as slander, threat and blackmail. Sark became the scene of a positively absurd media and financial conflict, and a conflict of power. Her offscreen voice sometimes questioning, partly sober and partly emotional, Bettina Borgfeld recapitulates the development and course of an incredible dispute in the age of global financial capitalism - a dispute that occasionally sounds like the plot of a Netflix series. Quelle: DOK Leipzig/Lukas Stern **Director** Bettina Borgfeld **Producer** Thomas Tielsch **Director of Photography** Börres Weiffenbach, Bettina Borgfeld **Editor** Franziska von Berlepsch, Mechthild Barth **Sound** Ulla Kösterke, Oliver Stahn, Johannes Schmelzer-Ziringer, Moritz Jonas Springer **Score** Daniel Sus, Peter Gabriel Byrne **Awards** Winner of DOK Buster – 61 DOK Leipzig 2018 Nominated for German Documentary Award 2019 – SWR DOKU FESTIVAL false Bettina Borgfeld /media/36c3/images/FMHNLT/divas_on_duty_1_eU3WgmU.png 2019-12-28T20:00:00+01:00 20:00 00:20 Art-and-Play Stage FMHNLT https://stage.artesmobiles.art/36c3/talk/FMHNLT/ Screening Screening en stills, 20 min, 2019, english language "You know you're the best, when people you don't know hate you." In this exclusive interview, a controversial 60-year-old socialite, designer, entrepreneur and style icon gives her take on beauty, political correctness and #metoo. She might be famous for no reason – and, as she frequently points out, has never been a "payroll slave" – but her fierce attitude and refreshing ideas have made her queen mom for generations of all backgrounds around the world. Will you love her or hate her? Sit back and find out. false Ida Michel 2019-12-28T20:30:00+01:00 20:30 00:20 Art-and-Play Stage AKQJNJ https://stage.artesmobiles.art/36c3/talk/AKQJNJ/ Screening Screening en video installation, 20 min, 2018, nonverbal Originally used in computer games and for special effects in blockbuster movies, ‘simulated life’, driven by algorithmic predictions, is increasingly influencing many facets of the real world. From urban planning to disaster evacuation plans, market forecasts and crowd control, algorithmically simulated scenarios produce real world policies and events. Using a variety of images including filmed footage as well as simulations of crowd control software, Transformation Scenario is a meditation on ‘simulated life’ and the increasingly blurred distinctions between real and virtual experiences. This video is part of a larger body of work by von Wedemeyer that engages with the psychology and aesthetics of the crowd. false Clemens von Wedemeyer /media/36c3/images/XCDDNN/himiko__web_MoLCHSo.jpg 2019-12-28T21:00:00+01:00 21:00 00:20 Art-and-Play Stage XCDDNN https://stage.artesmobiles.art/36c3/talk/XCDDNN/ Theatre/Dance Performance Theatre/Dance Performance en contemporary, dance, nonverbal Come, come whoever you are. Wanderer, worshipper, lover of leaving. This isn't a caravan of despair. It doesn't matter if you have broken your vows a thousand times before! Come again, come. false Asuka & Emmanouela /media/36c3/images/ZPKUFZ/Schmeck_mein_Blut__web.jpg 2019-12-28T22:00:00+01:00 22:00 00:20 Art-and-Play Stage ZPKUFZ https://stage.artesmobiles.art/36c3/talk/ZPKUFZ/ Theatre/Dance Performance Theatre/Dance Performance en theatrical performance Welcome to womanhood, means welcome to motherhood? – The Soloperformance "Schmeck mein Blut" by Hannah Maneck – named after the same-titled song of ebow – questions the monthly bleeding of the female body as a natural on that has to hurt and treated secretly. Bleeding is dirty and it must be painful, because it is the punishment for get kicked out of paradise? Lonesome and in pain you have to indure the time of monthly bleeding … BLAHBLAHBLAH But maybe it could also be an angry act of resistance! false Hannah Maneck /media/36c3/images/QKXACA/FranzM_PLUS__web_AniBVAP.jpg 2019-12-28T23:00:00+01:00 23:00 01:00 Art-and-Play Stage QKXACA https://stage.artesmobiles.art/36c3/talk/QKXACA/ Sound Performance Sound Performance en concert Franziska Klimpel – Akkordeon Michael Breitenbach – Sopransaxofon Ben Holfeld – Kontrabass Hannes Malkowski – Percussion Klezmer, Eastern European Songs, Asian Melodies, Tango Nuevo and also own pieces, inspired from oriental rhythm and melodic … http://www.franziskaklimpel.de http://www.michaelbreitenbach.de/franzm/ false FranzM PLUS /media/36c3/images/VE3ZFD/Pastor_Leumund__web_y2i5Xvu.jpg 2019-12-29T00:30:00+01:00 00:30 00:45 Art-and-Play Stage VE3ZFD https://stage.artesmobiles.art/36c3/talk/VE3ZFD/ Sound Performance Sound Performance en Psychedelic Hiphop/Dada-Techno Since the Stone Age the Dadaistic preacher is collecting German mutant mantras. For him, our language system is built on lies, which is why he mercilessly pours over his community with recycled slogans. The celebration of consumption and private happiness is not his thing. His pulpit is always open to incidents and guest preachers. Coincidence is his hero. In case of a power failure he always has a megaphone with him. With the music of Friedrich Greiling aka Mittekill his preaching has become danceable discursive disco dada. http://weltgast.de/artists/pastor-leumund https://pastorleumund.bandcamp.com/releases https://www.facebook.com/Leumundo/ The album as a short radio play series at Deutschlandfunk Kultur: https://www.deutschlandfunkkultur.de/wurfsendungs-serie-druckwellensittiche.3687.de.html?dram:article_id=450732 false Pastor Leumund https://frab.riat.at/en/36C3/public/schedule/events/170.html 2019-12-28T13:00:00+01:00 13:00 00:15 CDC - Stage 36C3-170-introduction_to_day_2 lightning_talk en false Diego "rehrar" Salazar https://frab.riat.at/en/36C3/public/schedule/events/143.html 2019-12-28T13:15:00+01:00 13:15 00:15 CDC - Stage 36C3-143-funding_models_of_foss Stage lightning_talk en Diego talks about various FOSS funding models, which are the most successful, and how to make FOSS sustainable for the upcoming years. FOSS is in a very strange place where the entire internet runs off of its infrastructure, but it generates little money for the people responsible for maintenance and upkeep. This talk looks at FOSS projects, big and small, as well as the unique challenges they face to keep their developers working on them, the consequences if they fall into disrepair, and sustainable, profitable funding models for them. false Diego "rehrar" Salazar Funding Models of FOSS file https://frab.riat.at/en/36C3/public/schedule/events/113.html /system/events/logos/000/000/113/large/fork.jpg?1577204084 2019-12-28T13:30:00+01:00 13:30 00:30 CDC - Stage 36C3-113-the_sharp_forks_we_follow A social take on protocol forks, their benefits, and perils Stage lecture en In this talk, we will discuss forks as human consensus failure modes, why they happen and their consequences. We will look at examples of forks in different social structures: from hunter-gatherer tribes and religious factions, to open source projects and, particularly, the cryptoeconomic protocols that enable decentralized infrastructure. We will cover the dynamics at play in forks from multiples angles: technical, economical, political, and theological. false Ome talk.pdf https://frab.riat.at/en/36C3/public/schedule/events/121.html 2019-12-28T14:00:00+01:00 14:00 00:45 CDC - Stage 36C3-121-the_secret_truecrypt_audit_from_the_bsi Stage lecture In 2010 the German Federal Office for Information Security (BSI) created a security audit of the encryption software Truecrypt - and didn't publish it. Truecrypt has an interesting and sometimes mysterious history. The anonymous creators suddenly stopped development in 2014 and warned about unfixed security issues, without further explanation. At the same time a donation-funded security audit was organized by cryptographer Matthew Green, which didn't find any serious issues. A fork of Truecrypt called Veracrypt is still developed today. The audit by the BSI was only recently revealed with a request according to the German freedom of information law. It contains information about bugs in the code that are present until today. The talk will present some of these findings and discuss the questionable role of the BSI. false Hanno Böck German BSI withholds Truecrypt security report (Golem.de) The documents at "Frag Den Staat" slides https://frab.riat.at/en/36C3/public/schedule/events/124.html /system/events/logos/000/000/124/large/bisq_mark_3x.png?1577294066 2019-12-28T15:00:00+01:00 15:00 00:30 CDC - Stage 36C3-124-p2p_trading_in_cryptoanarchy Removing Third Parties from Bisq's Dispute Resolution System Stage lecture en How can we trade directly with another party on the internet, without involving a trusted third party or legal system? Is there a way to trust the other party to be honest? Bisq recently implemented a dispute resolution system that keeps control of escrowed funds between the 2 traders only (2-of-2 multisig, instead of 2-of-3 multisig with trusted arbitrator). See how it combines game-theoretic, financial, and cryptographic tools to accomplish sovereign (and anonymous) peer-to-peer trading. Centralized exchanges rely on company policies and legal systems to ensure smooth operations. Decentralized exchanges mostly rely on trusted third parties to resolve disputes. But what if we wanted to avoid trusting third parties and expensive and unpredictable legal systems? How can we resolve disputes in a system of cryptoanarchy, where no one has absolute power? Bisq's new dispute resolution system offers 1 approach, implemented recently in its move to 2-of-2 multisignature trade wallets where only the 2 traders have control over their funds (previously 2-of-3, where a trusted arbitrator held a third key). The new solution enabled Bisq to decentralize the trust formerly placed in arbitrators across 3 mechanisms that encourage both traders to follow the rules...and to punish them if they don't. This talk covers the combination of game-theoretic, financial, and cryptographic tools to accomplish sovereign (and anonymous) peer-to-peer trading. false m52go 36c3-ntp.odp file https://frab.riat.at/en/36C3/public/schedule/events/125.html 2019-12-28T15:35:00+01:00 15:35 00:15 CDC - Stage 36C3-125-an_overview_of_monero_s_adaptive_blockweight_approach_to_scaling Stage lightning_talk en Monero has a unique among the major crypto currencies approach to scaling, that relies on a penalty driven adaptive blockweight (blocksize) and a minimum or tail block reward. This is fundamentally different from the fixed blockweight and falling bock rewards that are prevalent in Bitcoin and Bitcoin clones. We will provide an overview of Monero’s adaptive blockweight, fee market and how blockweight differs from blocksize together with the dual median changes and transaction changes that were introduced in the 2019 spring and fall network updates. We will compare adaptive vs fixed blockweights, and the impact of minimum block rewards (Monero) vs falling block rewards (Bitcoin and Bitcoin clones) on long term network security. false Francisco "ArticMine" Cabañas Presentation Slides https://frab.riat.at/en/36C3/public/schedule/events/108.html /system/events/logos/000/000/108/large/nym-logo-cut.png?1576879288 2019-12-28T15:55:00+01:00 15:55 00:30 CDC - Stage 36C3-108-nym Launch of an Incentized Mixnet test-net Stage lecture en Nym is a decentralized and incentived mix-network that can defeat even global passive adversaries. This event will launch the "alpha" Rust mix-net of Nym, and demonstrate the use of validators to create anonymous authentication credentials to access the mix-net. Nym builds a modern anonymous communication mix-net that is incentized, rewarding mix-nodes using "proof of mixing." Coming from the<a href="https://panoramix-project.eu/">PANORAMIX</a> project, the startup <a href="https://nymtech.net">Nym Technologies</a> from Neuchatel in Switzerland, has recently built the core mix-net infrastructure in Rust, and will do the first demonstration of the live "alpha" test-net at Chaos Computer Congress. A mix-net is superior to Tor insofar as it uses delays and cover traffic to break patterns in metadata. Nodes that join get rewarded in tokens for successfully mixing traffic, using commitments to a VRF to generate fair sampling of the underlying network. In order to prevent denial of service and sybil attacks, Nym uses anonymous authentication credentials, currently based on the Coconut signature scheme, famously acquired by Facebook and described at the last Chaos Computer Camp in this <a href="https://media.ccc.de/v/Camp2019-10317-fighting_back_against_libra_-_decentralizing_facebook_connect">lecture</a>. We'll demonstrate how the test-net works with these credentials and can validate them in a decentralized manner. false Harry Halpin Nym Codebase Nym's website Nym litepaper Slides file https://frab.riat.at/en/36C3/public/schedule/events/102.html 2019-12-28T16:30:00+01:00 16:30 00:30 CDC - Stage 36C3-102-digital_integrity_of_the_human_person proposal for a new fundamental right. Stage lecture en Description/Abstract: Every human evolves today in multi-dimensional physical and digital environment. If each individual is to keep its individuality and autonomy in its daily choices, it must be protected and given effective tools to defend its own autonomy. Recognizing that human life has been digitally extended must question ourselves on what makes us human today. Should personal data be considered as component of the person, rather than objects that can be owned by whoever collects that data? Should our digital integrity be protected? If each human person already has a right to physical and mental integrity (Swiss Constitution article 10 al.2), shouldn't it have a right to digital integrity? This talk will introduce this new legal concept, its possible implications for data protection and how this concept could be introduced in the current legal framework. Additional Talk Information: The addition of this new right will be discussed by the Walliser Verfassungsrat in charge of writing the new Cantonal Constitution. The association of French speaking Data Protection Authorities, including the Swiss authority, has issued a comment that "personal data are components of the human person" false Alexis New Cantonal Constitution "personal data are components of the human person" DigitalIntegritySlide https://frab.riat.at/en/36C3/public/schedule/events/84.html /system/events/logos/000/000/084/large/header_%281%29.png?1574089487 2019-12-28T17:05:00+01:00 17:05 00:15 CDC - Stage 36C3-84-cyber_congress Stage lecture en Our mission is to fuckGoogle and other megacorps. We are geeks that build open-source things. Code first. Everything else later. My idea was to give a talk about the open source protocol we have created. Its main idea is to change the way we search for things by using sybil resistant mechanism for indexation and ranking, knowledge graphs and computational resources that are required for this. The protocol is built with the help of ipfs and tendernint. The cool thing is that with changing Semantics we create along much more use cases that web 3 browsers (which are in fact personal applications), we can create unified linguistics, autonomous robots, solve some basic income issues, program complex matrices, create language convergence, proof of location, etc Our main goal is to fuckgoogle, which is basically our motto. So the idea was to talk about the issues we underestimate that derive from centralized search, ranking, indexation, etc. Why search is important and why web 2 is broken false cyber~Congress github CDC presentation Cyber presentation slides file https://frab.riat.at/en/36C3/public/schedule/events/145.html 2019-12-28T17:30:00+01:00 17:30 00:15 CDC - Stage 36C3-145-kyc_crypto-aml_tools privacy preserving KYC & crypto-AML tools Stage lecture en What's wrong with the current Crypto-AML mainstream approach and why it's dangerous for our economies and our societies. What is really demanded by the law and how do we see cryptography can provide answers. Kickstarting the workshop on Crypto-AML tools. false polto crypto-aml-workshop.pdf https://frab.riat.at/en/36C3/public/schedule/events/187.html 2019-12-28T17:50:00+01:00 17:50 00:30 CDC - Stage 36C3-187-parallel_polis_temporary_autonomous_zones_and_beyond How to create spaces that implement cryptoanarchist principles in meatspace Stage lecture en Cryptoanarchy creates spaces of liberty in the virtual space - encryption, anonymity, free trade using digital money. Can we use some of the principles to achieve liberty in physical space? How to create parallel social institutions. The talks at Critical Decentralisation Cluster will be live streamed and recorded. I consent to the use by Monero or RIAT of my image, video, and voice. I understand that this consent is perpetual and my image, video, and voice may appear publicly as part of Monero or RIAT website, Twitter account, YouTube channel and/or other marketing materials, which will be licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. If you would like to opt-out and not be recorded, please contact office@riat.at false Juraj Bednár Paralelna Polis Presentatiomn https://frab.riat.at/en/36C3/public/schedule/events/98.html 2019-12-28T18:30:00+01:00 18:30 00:20 CDC - Stage 36C3-98-mandelbot_hab_-_open_source_ecotecture_and_horizontalism Stage lecture en false Scott Beibin https://frab.riat.at/en/36C3/public/schedule/events/120.html /system/events/logos/000/000/120/large/namecoin-coin_1000px.png?1576362175 2019-12-28T19:25:00+01:00 19:25 00:30 CDC - Stage 36C3-120-adventures_and_experiments_adding_namecoin_to_tor_browser Stage lecture en The Namecoin and Tor developers are running a new experiment: the GNU/Linux Nightly Builds of Tor Browser now have optional support for resolving Namecoin's .bit domains. This experiment aims to provide a fix for the long-standing UX problem with .onion domains: the lack of human-meaningful names. With Namecoin, you can access onion services via nice, memorable addresses like http://federalistpapers.bit/ instead of http://7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion/ . In this talk, I'll cover the goals of the experiment, the work that went into getting here, and the work that remains to be done. Disclaimer: Although the work covered in this talk is a collaboration between Namecoin and Tor, this talk is solely from Namecoin's perspective. false Jeremy Rand Namecoin https://frab.riat.at/en/36C3/public/schedule/events/97.html /system/events/logos/000/000/097/large/fds_green.jpg?1577287969 2019-12-28T20:00:00+01:00 20:00 00:15 CDC - Stage 36C3-97-fair_data_society Decentralised data commons Stage lightning_talk en Fair data society is a non-profit initiative working towards decentralised data commons that will provide an alternative to surveillance capitalism, the alternative being, a fair data society. Fair data society is a non-profit project that is focused on reimagining the current data economy and provide an alternative viable solution. In the talk the concept of fair data and decentralised data commons will be presented. along with a proposal for fair data society principles and a demo of a secure file transfer dapp that is designed in the way to walk the talk. false Gregor Fair data society www Fair data society DAC Fairdrop - secure serverless file transfer Fair data society Github Fair data society https://frab.riat.at/en/36C3/public/schedule/events/183.html 2019-12-28T20:20:00+01:00 20:20 00:05 CDC - Stage 36C3-183-open_data_psi Stage lightning_talk en Lightning talk on open data and the upcoming public sector information Open Data for Data Commons false vavoida https://frab.riat.at/en/36C3/public/schedule/events/123.html 2019-12-28T20:30:00+01:00 20:30 00:30 CDC - Stage 36C3-123-the_state_of_secure_messaging_the_case_of_otr Stage lecture en On this talk, we will talk about the state of different secure messaging applications: from MLS, Signal, Wire to OTR. We will talk around what impact they have as a technology used to resist mass surveillance and why they are needed in the current ever oppressive world. We will look at the challenges they face and what need ideas come with the 4th version of OTR. false Sofía Celi example talk https://frab.riat.at/en/36C3/public/schedule/events/163.html 2019-12-28T21:05:00+01:00 21:05 00:15 CDC - Stage 36C3-163-building_an_actual_alternative A counter-narrative to the digital surveillance machine. Stage lightning_talk en Privacy and freedom within the context of cryptocurrencies, zero-knowledge-proof systems, decentralised protocols and other privacy protection layers is about co-creating and co-shaping alternatives to empower individuals to control their own data. What is the role of Monero in building an actual alternative and preventing the public ledger from becoming another behaviour extraction and surveillance tool? As a community, what type of counter-narratives do we need to create to support this movement? Digital surveillance threatens human rights – including privacy and freedom of expression and association, inhibiting the free functioning of a vibrant civil society. While the origins of cryptocurrency may have sought to build an alternative, transparent blockchains and the requirement for KYC/AML checks has proven to blur the lines between private data collection and state tracking once again. This compromises our fundamental human right to financial privacy in the digital era and is positioning the public ledger as a new behaviour extraction and censorship tool. We are at risk of perpetuating, rather than challenging, the system. Monero, arguably the last bastion of cypher-punk resistance in the crypto space, is contributing to an _actual_ alternative through the conscious engineering of privacy-by-default technology that enables fungible, private, censorship-resistant financial transactions. This lightning talk will examine the current status-quo, the role that the Monero community and pro-privacy developers have in co-creating and co-shaping an alternative vision and what it will take to build the counter-narrative against the real politick of surveillance capitalism and the surveillance state. The talks at Critical Decentralisation Cluster will be live streamed and recorded. I consent to the use by Monero or RIAT of my image, video, and voice. I understand that this consent is perpetual and my image, video, and voice may appear publicly as part of Monero or RIAT website, Twitter account, YouTube channel and/or other marketing materials, which will be licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. If you would like to opt-out and not be recorded, please contact office@riat.at false Deanna MacDonald https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11097.html 2019-12-29T11:30:00+01:00 11:30 01:00 Ada 36c3-11097-von_menschen_radikalisiert_uber_rassismus_im_internet Ethics, Society & Politics lecture de Seit Jahren wird über den Einfluss des Internets auf die Gesellschaft diskutiert. Desinformationskampagnen in den sozialen Medien, russische Bots und Empfehlungs-Algorithmen hätten die Gesellschaft gespalten. Doch viele Unterstellungen lassen sich einfach widerlegen. Dieser Vortrag gibt einen Überblick und schlägt Ansätze vor, wie sich die Phänomene des Rechtsrucks zu einem konsistenten Bild zusammenfügen lassen. false Michael Kreil https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11114.html 2019-12-29T12:50:00+01:00 12:50 01:00 Ada 36c3-11114-die_affare_hannibal Eine erste Bilanz Ethics, Society & Politics lecture de Sie sollen den Staat schützen, sind aber selbst eine Gefahr: Soldaten und Polizisten, die sich in Chat-Gruppen organisieren und auf den „Tag X“ vorbereiten. Mit aufwändigen Recherchen hat ein Team der taz ein bundesweites konspiratives Netzwerk aus Preppern und Staatsbediensteten aufgedeckt. Kopf war „Hannibal“, Elitesoldat beim Kommando Spezialkräfte – und Auskunftsperson für den Militärischen Abschirmdienst. Hier geben die ReporterInnen Einblick in die Recherche und zeigen, was aus ihren Berichten folgte. Oder auch nicht. Ein Elitesoldat des Kommando Spezialkräfte, der bundesweit Chatgruppen und einen Verein namens „Uniter e.V.“ gründet, in dem paramilitärische Trainings abgehalten werden. Ein SEK-Polizist und Prepper, der knapp 60.000 Schuss Munition hortet, die aus Polizeibeständen entwendet wurden. Männer, die Feindeslisten anlegen und offenbar planen, an einem „Tag X“ politische Gegner umzubringen. Drei Schlaglichter auf die mehr als zwei Jahre andauernde „Hannibal“-Recherche der taz. Sie führte in viele Felder: Hinein in Verfassungsschutzbehörden und Bundeswehr; hinaus aufs Land zwischen Mecklenburg-Vorpommern und Baden-Württemberg; auf Facebook-Profile philippinischer Politiker und in Telegram-Chats deutscher Verschwörer. Auf die Recherchen folgte Bestürzung, aber – zunächst – auch Belächeln. Sind diese Leute wirklich gefährlich oder doch bloß harmlose Spinner? In diesem Talk geben zwei der ReporterInnen des taz-Teams einen Einblick in ihre Arbeit, berichten von Begegnungen mit Preppern mit Umsturzfantasien und Verfassungsschutzmitarbeitern, die im schwarzen Porsche Cayenne vorfahren. Sie berichten von Erfolgen bei der Online-Recherche und warum Hinfahren und an Türen klingeln am Ende doch unerlässlich ist. Die Journalisten schildern, was nach ihren Veröffentlichungen passiert ist: Im politischen Raum, in der Justiz – und welche Fragen noch offen sind. Warum etwa wird nicht wegen Bildung einer terroristischen Vereinigung ermittelt? Vortrag von: Sebastian Erb, Redakteur der taz am Wochenende Daniel Schulz, Leiter des Ressorts Reportage & Recherche der taz false Sebastian Erb Daniel Schulz Alle taz-Texte der "Hannibal"-Recherche https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10541.html 2019-12-29T14:10:00+01:00 14:10 01:00 Ada 36c3-10541-hacking_the_media_gefluchtete_schmuggeln_nazis_torten_passe_falschen Warum wir zivilen Ungehorsam und Subversion mehr brauchen denn je Ethics, Society & Politics lecture de Ein lustiger Rückblick über die Aktionen des Peng Kollektivs. Cop Map zu Polizeigewalt, MaskID zum Überwachungsstaat und Gesichtserkennung, Adblocker zur Werbeindustrie, CFRO zum Finanzsystem, Deutschland geht klauen zu Lieferketten und der Aufbau der Bewegung Seebrücke zur Entkriminalisierung der Seenotrettung sind nur ein Bruchteil der Aktionen, die seit dem letzten Besuch 2015 hier noch nicht präsentiert wurden. Eine Tour de Force durch Momente zivilen Ungehorsams und Subversion, wobei wir uns selbst nicht zu ernst nehmen und vor allem darauf abzielen, mit den sozialen Bewegungen zusammen zu arbeiten. Eine Stunde geballte Kommunikationsguerilla, lustige Medienaktionen, aber auch ein Einblick in mögliche Denkweisen und Aktionsmöglichkeiten, die andere machen können. Was ist heutzutage möglich und was ist vor allem nötig? false Conny Runner Ronny Sommer Peng Kollektiv https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11217.html 2019-12-29T16:10:00+01:00 16:10 01:00 Ada 36c3-11217-finfisher_see_you_in_court Rechtsbrüche beim Export von Überwachungssoftware Ethics, Society & Politics lecture de Die GFF hat gemeinsam mit Reporter ohne Grenzen (ROG), dem European Center for Constitutional and Human Rights (ECCHR) und netzpolitik.org Strafanzeige gegen die Geschäftsführer der Unternehmen FinFisher GmbH, FinFisher Labs GmbH und Elaman GmbH erstattet. Es liegen dringende Anhaltspunkte dafür vor, dass das Münchener Firmenkonglomerat die Spionagesoftware FinSpy ohne Genehmigung der Bundesregierung an die türkische Regierung verkauft und so zur Überwachung von Oppositionellen und Journalist*innen in der Türkei beigetragen hat. Der CCC hat die Schadsoftware analysiert und veröffentlicht. false Thorsten Schröder Ulf Buermeyer https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10574.html 2019-12-29T17:30:00+01:00 17:30 01:00 Ada 36c3-10574-human_rights_at_a_global_crossroads Whistleblowers and the Cases of The Snowden Refugees and Edward Snowden Ethics, Society & Politics lecture en An update on the circumstances of Mr Snowden and the Snowden Refugees will be provided at the 36C3 event and venue in December 2019. There have been many significant events and incidents during 2019. Of these significant events is the major success of Vanessa Rodel and her daughter Keana being granted refugee status by Canada and resettled in Montreal, Canada in late March 2019. Vanessa’s journey to Canada will be discussed. More significantly the issue of the Canadian government having left Supun and his family and Ajith behind in Canada has split up a family namely Keana in Montreal from her father Supun and siblings Sethumdi and Dinath in Hong Kong. In further context of the emerging police state that Hong Kong has become and its arbitrary and disproportionate use of violence against protesters and innocent civilian bystanders and breaches of constitutional rights and under international law, this has re-traumatized The Snowden Refugees in Hong Kong and has put them all at heightened risk. The lecture will cover the current global erosion and dismantling of international refugee and constitutional law by increasingly authoritarian democracies and loss of international protection for whistleblowers and those who protect whistleblowers. It will be discussed how this has impacted upon the cases of Mr Snowden and The Snowden Refugees. false Robert Tibbo Edward Snowden Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10961.html 2019-12-29T18:50:00+01:00 18:50 01:00 Ada 36c3-10961-boeing_737max_automated_crashes Underestimating the dangers of designing a protection system Science lecture en Everybody knows about the Boeing 737 MAX crashes and the type's continued grounding. I will try to give some technical background information on the causes of the crash, technical, sociological and organisational, covering pilot proficiency, botched maintenance, system design and risk assessment, as well as a deeply flawed certification processes. On the surface of it, the accidents to two aircraft of the same type (Boeing 737 MAX), which eventually led to the suspension of airworthiness of the type, was caused by faulty data from one of the angle-of-attack sensors. This in turn led to automatic nose-down trim movements, which could not be countered effectively by the flight crew. Eventually, in both cases, the aircraft became uncontrollable and entered a steep accelerated dive into terrain, killing all people on board on impact. In the course of the investigation, a new type of flight assistance system known as the Maneuvering Characteristics Augmentation System (MCAS) came to light. It was intended to bring the flight characteristics of the latest (and fourth) generation of Boeing's best-selling 737 airliner, the "MAX", in line with certification criteria. The issue that the system was designed to address was relatively mild. A little software routine was added to an existing computer to add nose-down trim in situations of higher angles of attack, to counteract the nose-up aerodynamic moment of the new, much larger, and forward-mounted engine nacelles. Apparently the risk assessment for this system was not commensurate with its possible effects on aircraft behaviour and subsequently a very odd (to a safety engineer's eyes) system design was chosen, using a single non-redundant sensor input to initiate movement of the horizontal stabiliser, the largest and most powerful flight control surface. At extreme deflections, the effects of this flight control surface cannot be overcome by the primary flight controls (elevators) or the manual actuation of the trim system. In consequence, the aircraft enters an accelerated nose-down dive, which further increases the control forces required to overcome its effects. Finally I will take a look at certification processes where a large part of the work and evaluation is not performed by an independent authority (FAA, EASA, ...) but by the manufacturer, and in many cases is then simply signed off by the certification authority. In a deviation from common practice in the past, EASA has announced that it may not follow the FAA (re-) certification, but will require additional analyses and evidence. China, which was the first country to ground the "MAX", will also not simply adopt the FAA paperwork. false Bernd Sieker https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11238.html /system/events/logos/000/011/238/large/Screenshot_2019-11-23_at_15.52.50.png?1574517764 2019-12-29T20:50:00+01:00 20:50 00:40 Ada 36c3-11238-the_one_weird_trick_securerom_hates Security lecture en Checkm8 is an unfixable vulnerability present in hundreds of millions of iPhones' SecureROM. This is a critical component in Apple's Secure Boot model and allows security researchers and jailbreakers alike to take full control over the application processor's execution. This talk will detail how we built an iOS jailbreak from the ground up - quite literally - by using an use-after-free in Apple's SecureROM. This is key code which is designed to bring up the application processor during boot but also exposes a firmware update interface over USB called DFU. By abusing this vulnerability it is possible to unlock full control of the application processor, including enabling debugging functionalities such as JTAG, helping security researchers look for security vulnerabilities in Apple devices more effectively. We will analyse the root-cause and techniques used for exploitation, as well mention some of the hurdles we encountered while trying to turn this into a reliable jailbreak and plans for the future of this project. false qwertyoruiop checkra1n website checkra1n twitter https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11175.html 2019-12-29T21:50:00+01:00 21:50 00:40 Ada 36c3-11175-hirne_hacken Menschliche Faktoren der IT-Sicherheit Security lecture de Die überwältigende Mehrheit der erfolgreichen Hacks in freier Wildbahn setzen auf menschliche Faktoren. Wie können wir Systeme und Interfaces gestalten, um diese Schwachstellen zu mindern? Ob Ransomware oder Phishing, APT-Angriffe oder Stalking: Die am häufigsten ausgenutzte Schwachstelle ist der Mensch. Ein Problem, das nur wenig Forschung tatsächlich angehen will. Stattdessen begnügen wir uns damit, den Usern Dummheit zu unterstellen und menschliche Faktoren der IT-Sicherheit "out of scope" zu sehen. Zeit, anders über das Problem nachzudenken, denn es gibt einige Interessante Erkenntnisse zu entdecken. Neumann, Linus (2017): „Menschliche Faktoren in der IT-Sicherheit“ in: Ferri Abolhassan (Hg.) „Security Einfach Machen: IT-Sicherheit als Sprungbrett für die Digitalisierung“, p. 85-98 Neumann, Linus (2019): „Wenn Hacker Menschen hacken“ in: Report Psychologie 11/12.2018, p. 462-464 false Linus Neumann https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10895.html 2019-12-29T22:50:00+01:00 22:50 00:40 Ada 36c3-10895-15_jahre_deutsche_telematikinfrastruktur_ti Die Realität beim Arztbesuch nach 15 Jahren Entwicklung einer medizinischen Digitalstrategie Security lecture de Seit spätestens 2005 wird in Deutschland an der Einführung der Telematik Infrastruktur, kurz die TI, gearbeitet. Diese soll nicht weniger als die komplette Digitalisierung der deutschen Medizinbranche bedeuten. Vom Arzt, Krankenhaus, Psychotherapeut bis hin zum Apotheker sollen alle Heilberufler miteinander vernetzt werden. Der Patient soll dabei die Datenhoheit behalten, und seine Daten mittels elektronischer Gesundheitskarte, sowie alternativ per mobiler Smartphone App steuern. Mit Gründung der Gematik GmbH am 11. Januar 2005 begann die offizielle Entwicklung der Telematik-Infrastruktur (TI). Ziel war die Einführung einer elektronischen Gesundheitskarte mitsamt einer Infrastruktur, die langfristig alle Teilnehmer der Medizinischen Versorgung miteinander vernetzen sollte. Der Arzt speichert alle Befunde samt Röntgen Bilder in der elektronischen Patientenakte (ePA) ab, kommuniziert verschlüsselt mit anderen Ärzten über die „Sichere Kommunikation zwischen Leistungserbringer“ (KOM-LE), der Medikationsplan ist digital verfügbar (eMP), das Rezept wird beim Apotheker digital eingelöst (E-Rezept) und im Notfall sind relevante Gesundheitsdaten (NFDM) auf der elektronischen Gesundheitskarte (eGK) des Patienten abgespeichert. So soll der digitale Arztbesuch der Zukunft aussehen. Allerdings ist nach 15 Jahren Entwicklung und 2 Milliarden Euro Investitionen nur ein Dienst der TI online, das Versichertenstammdatenmanagement (VSDM). Damit können die Stammdaten des Patienten, bspw. Adresse und Krankenkasse online beim Arzt aktualisiert werden, ohne Austausch der elektronischen Gesundheitskarte. Nachdem dieser Dienst nun eingeführt wurde sollen zeitnah die nächsten oben aufgeführten Dienste online gehen. Die Spezifikationen, Zulassungsunterlagen sowie Feldtestkonzepte für diese Dienste sind dafür weitestgehend fertig. Parallel zu der von der Politik und Gematik getriebenen Entwicklung setzten sich technik-affine Personen wie bspw. Thomas Maus mit der Technik auseinander und zeigten potentielle Probleme und ungelöste Fragestellungen. Nachdem die TI nun größtenteils online ist und die ersten Dienste in der Praxis genutzt werden ist es an der Zeit sich die konkrete Umsetzung anzuschauen, zu evaluieren und bei Bedarf entsprechend zu verbessern. Dieser Vortrag soll einen aktuellen Überblick auf die Telematikinfrastruktur geben. Es werden die bestehenden Dienste (VSDSM) sowie die schon spezifizierten Dienste wie KOM-LE oder ePA vorgestellt. Insbesondere wird auf die Sicherheit der verschiedenen Systeme eingegangen. Die Schutzziele sowie die spezifizierten Methoden um diese Ziele zu erreichen werden dargestellt und grob analysiert. Dabei zeigt sich dass die TI vor allem ein sehr komplexes System mit aktuell knapp 8000 Seiten Spezifikationen plus gute 1000 Seiten Konzepten ist. Dazu ist das Projekt ein sogenanntes Running Target mit regelmäßigen Updates der Spezifikationen. Diese werden entweder durch Änderungen der Stand der Technik, oder durch Wünsche von Seiten der Politik, meist durch Gesetzte, in das Projekt hereingetragen. false Christoph Saatjohann TI Spezifikationen https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10935.html 2019-12-29T23:50:00+01:00 23:50 00:40 Ada 36c3-10935-aus_dem_schimpfworterbuch_der_neuen_rechten Science lecture de Der Vortrag gibt auf der Basis umfangreicher korpuslinguistischer Analysen einen Überblick über den Fundus herabwürdigender und ausgrenzender Ausdrücke, die in rechten und rechtsextremen Onlinediskursen geprägt wurden. In den tiefensemantischen Strukturen des invektiven Wortschatzes der neuen Rechten wird ein stark schematisiertes Weltbild sichtbar, das von der grundlegenden Verachtung nicht nur des Fremden, sondern auch des eigenen Landes, seiner Institutionen, seiner Werte und seiner Bevölkerung geprägt ist. Das gesteigerte Maß an Ausgrenzung und gesellschaftlicher Polarisierung, das seit dem Wiedererstarken rechter Parteien und Denkweisen in Deutschland zu verzeichnen ist, ist nicht die einzige Errungenschaft, die wir den neuen Rechten zu verdanken haben. Sie haben auch den Wortschatz um ein schier unerschöpfliches Repertoire an Schimpfwörtern bereichert. Deren Spektrum reicht von unüblichen Verknüpfungen von Wortbestandteilen wie bei "Journhalunke" oder "GEZStapo", über die produktive Verfremdung von Eigennamen wie im Fall von "K(r)amp(f)-K(n)arrenbauer" oder "Merkill", Hyperbolisierungen wie "Superübergutbestmenschen" oder Satzkomposita wie "IchseheauswieeinkonservativerCSUKatholikundwerdedeshalbvondenganzenDeppengewähltweildasjanichtsoeinGrünerist" (Winfried Kretschmann) bis hin zu Gleichsetzungen zur Denunziation von Kritik wie in "Waffen=Rassismus=rächtz=Nazi=Gefahr=Erderwärmung". Im Vortrag sollen zunächst die wichtigsten sprachlichen Strategien zur Bildung herabwürdigender Ausdrücke vorgestellt werden, ehe in einem zweiten Schritt der invektive Wortschatz zu einzelnen Politik- und Gesellschaftsbereichen in Auswahl präsentiert wird. Basis der Untersuchung bildet eine umfangreiche korpuslinguistische Analyse einschlägiger rechter und rechtsextremer "Nachrichten"-Seiten, Blogs, Kommentarspalten und Foren aus den Jahren von 2012 bis 2019, die mehr als 25.000 Schimpfwörter zutage färderte. Der Vortrag will nicht nur das Offensichtliche zeigen: Dass für die neuen Rechten herabwürdigendes und ausgrenzenden Sprechen zentrales Medium der politischen Auseinandersetzung ist. Vielmehr wird in den vielfältigen Formen herabwürdigenden Sprechens ein Weltbild sichtbar, das von wenigen Grundunterscheidungen geprägt ist. Auch wird sich zeigen, dass die neuen Rechten sich als eine Schmähgemeinschaft konstituieren und das Land, in dem sie leben, seine Bürger_innen und seine Institutionen nachhaltig verachten. false josch https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10776.html 2019-12-30T00:50:00+01:00 00:50 01:00 Ada 36c3-10776-hebocon The sumo robot fight for the technically ungifted Entertainment lecture en Let's build funny robots and let them fight each other as long as we are superior to them :) Please let's dishonor high tech and celebrate everything made out of stuff we usually throw away (and blinks). Join with your derpy bot to fight your nemesis! Push it off the table or knock the enemy over. No weapons. No advanced controllers. No tears. Don't take it serious. Everyone is invited to compete with a self-made robot, especially if you've never done that before. High-tech is penalized, creativity encouraged. If you are interested, please send me a quick "sounds cool, maybe i'll build one" mail to honky@defendtheplanet.net or contact @honky in RocketChat. We need at least 8 Robots to participate, if we have more, we'll bring this to the battlefield. false honky Hebocon on 35c3 Hebocon Datenspuren 2018 HEBOCON: The Robot Contest for Dummies [The Jury Selections, The 18th Japan Media Arts Festival] https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10525.html /system/events/logos/000/010/525/large/lightningtalks%283%29.svg.png?1576404158 2019-12-29T11:30:00+01:00 11:30 02:20 Borg 36c3-10525-lightning_talks_day_3 CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki. false gedsic bigalex 36C3 Lightning Talks Wiki Page Info and registration https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10627.html 2019-12-29T14:10:00+01:00 14:10 01:00 Borg 36c3-10627-cryptography_demystified An introduction without maths Security lecture en This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science. In particular, the talk will explain encryption, what it is and what it does, what it is <em>not</em> and what it <em>doesn't</em> do, and what other tools cryptography can offer. This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone, in particular by a non-technical audience. The talk will not require any understanding of maths or computer science. This talk will cover the following topics: <ul> <li>What is encryption and what does it do?</li> <li>What are the different kinds of encryption?</li> <li>What is authenticity? Are authenticity and encryption related?</li> <li>How can authenticity be achieved?</li> <li>What are certificates for?</li> <li>What is TLS and what does it do?</li> </ul> While covering the above topcis, I will <em>not</em> explain the technical details of common cryptographic schemes (like RSA, AES, HMAC and so on), in order to avoid keep this talk accessible to a broad audience. false oots https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11039.html 2019-12-29T16:10:00+01:00 16:10 01:00 Borg 36c3-11039-quantum_computing_are_we_there_yet An introduction to quantum computing and a review of the progress we made in the last 5 years. Science lecture en Five years ago I spoke about my work in quantum computing, building and running a tiny two qubit processor. A few weeks ago, Google announced a potentially groundbreaking result achieved with a 53 qubit quantum processor. I will therefore review the state of experimental quantum computing and discuss the progress we made in the last 5 years. I will explain quantum supremacy, surface code architecture and superconducting quantum processors and show which challenges we still have to overcome to build large scale quantum computers. We will first dive into the basics of quantum computing and learn about quantum gates, fidelities, error correction and qubit architecture. We will then go through Google’s experiment and try to understand what they actually did and why it matters. We will then see what else we need to build a useful quantum computer, and discuss when that might happen. false Andreas Dewes My 31c3 talk (media.ccc.de) https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10893.html 2019-12-29T17:30:00+01:00 17:30 01:00 Borg 36c3-10893-high-assurance_crypto_software Security lecture en Software bugs and timing leaks have destroyed the security of every Chromebook ECDSA "built-in security key" before June 2019, ECDSA keys from several popular crypto libraries, the Dilithium post-quantum software, the Falcon post-quantum software, and more. Will we ever have trustworthy implementations of the cryptographic tools at the heart of our security systems? Standard testing and fuzzing catch many bugs, but they don't catch all bugs. Masochists try to formally prove that crypto software does its job. Sadists try to convince you to do your own proof work and to let them watch. After years of pain, a team of fifteen authors has now proudly announced a verified crypto library: fast but unportable implementations of a few cryptographic functions specifically for CPUs that aren't in your smartphone. This is progress, but the progress needs to accelerate. This talk will highlight a way to exploit the power of modern reverse-engineering tools to much more easily verify crypto software. This relies on the software being constant-time software, but we want constant-time software anyway so that we can guarantee security against timing attacks. Constant-time software is also surprisingly fast when cryptosystems are selected carefully. This talk is meant as an introduction for a general audience, giving self-contained answers to the following questions: What are timing attacks? What is constant-time software? What are some examples of constant-time crypto? How can we be sure that code is constant-time? What do these reverse-engineering tools do? How does constant-time code help these tools? How do we get from reverse engineering to guaranteeing correctness? The talk will be given as a joint presentation by Daniel J. Bernstein and Tanja Lange. false djb Tanja Lange https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10706.html 2019-12-29T18:50:00+01:00 18:50 01:00 Borg 36c3-10706-boot2root Auditing Boot Loaders by Example Security lecture en The Achilles heel of [your secure device] is the secure boot chain. In this presentation we will show our results from auditing commonly used boot loaders and walk through the attack surface you open yourself up to. You would be surprised at how much attack surface exists when hardening and defense in depth is ignored. From remote attack surface via network protocol parsers to local filesystems and various BUS parsing, we will walk through the common mistakes we've seen by example and showcase how realistic it is for your product's secure boot chain to be compromised. false Ilja van Sprundel Joseph Tartaro https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10963.html 2019-12-29T20:50:00+01:00 20:50 00:40 Borg 36c3-10963-der_netzpolitische_jahresruckblick War alles schon mal besser Ethics, Society & Politics lecture de IT-Sicherheitsgesetz 2.0, Staatstrojaner für den Verfassungsschutz, Uploadfilter und Leistungsschutzrecht, Plattformregulierung und Terrorpropaganda-Verordnung, dazu die Suche nach der künstlichen Intelligenz in der Blockchain – 2019 war ein ereignisreiches Jahr in der Netzpolitik. Was waren die Highlights aus digitaler Grundrechtsperspektive und wo gab es Einschnitte? Was haben wir im kommenden Jahr zu erwarten und auf welche Debatten und Gesetzesprozesse sollten wir uns als digitale Zivilgesellschaft konzentrieren? Ursula von der Leyen ist jetzt EU-Kommissionspräsidentin und hat bereits in ihrer Bewerbung verschiedene netzpolitische Gesetzesprozesse angekündigt, die nicht nur aufgrund ihres Track-Records beachtenswert sind. Was erwartet uns bei der Debatte um eine Reform der Haftungsprivilegien und welche Möglichkeiten gibt es zur Plattformregulierung, ohne das offene Netz mit kaputt zu machen? false Markus Beckedahl https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10571.html /system/events/logos/000/010/571/large/streifen.png?1577045110 2019-12-29T21:50:00+01:00 21:50 00:40 Borg 36c3-10571-nutzung_offentlicher_klimadaten Früher war mehr Schnee Science lecture de 'In meiner Jugend war mehr Schnee!' oder 'Früher war es auch schon heiß!' könnte man so glauben, je nach Vehemenz des Ausrufs, oder man schaut halt nach. <insert old man jells at cloud meme> Moderne Klimamodelle werden aus den lokalen Beobachtungen des Wetters gespeist. Durch die Verwendung historischer Daten vergangener Jahrzehnte werden aktuelle Modelle auch auf diesen Zeitraum ausgedehnt. Wir können also nachsehen, wie heiß es war oder wie tief der Schnee auf dem Weg zur Schule denn wirklich war. Dies ist auch dann möglich wenn die lokalen Aufzeichnungen selbst nicht immer online verfügbar sind. Zahlreiche staatliche und überstaatliche Organisationen stellen inzwischen die Produkte ihrer Klimamodelle, mit Einstiegshürden unterschiedlicher Höhe, für die Öffentlichkeit bereit. Der Verbreitungsweg dieser Daten variiert irgendwo zwischen csv Dateien auf öffentlichen FTP Servern, API Schnittstellen zum maßgeschneiderten Datenabruf (auch gerne mal von Magnetband) und thematisch fertig aufbereiteten Visualisierungen. Dieser Beitrag zeigt eine kleine Auswahl an Diensten (z.B. Opendata des Deutschen Wetterdienstes, Land Data Assimilation System der NASA), die den Zugang zu globalen Klimadaten ermöglichen. Am Beispiel des European Centre for Medium-Range Weather Forecasts (ECMWF) und des Copernicus Climate Change Service werden sowohl API Zugriff zum Download der Daten als auch die Möglichkeit der Onlineberechung über ein Webinterface dargestellt. Schauen wir mal, was wir so finden. false manuel GitHub: Beispiel Skripte (Englisch) Ressources https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10682.html /system/events/logos/000/010/682/large/191217_Thumb_Sporangium_1920x1920.jpg?1577097728 2019-12-29T22:50:00+01:00 22:50 01:40 Borg 36c3-10682-das_bits_baume-sporangium 8 Mikrokosmen, 8 Expert*innen, je 8 Minuten zu Digitalisierung und Nachhaltigkeit Entertainment lecture de So wie Farnpflanzen ihre Sporen aus der Kapsel mit bis zu 10m/s heraus in die Welt katapultieren, auf dass sie dort auf fruchtbaren Boden fallen, werden unsere 8 Expert*innen ihr Nerd- und Fach-Wissen weitergeben – spektakulär, wirkungsvoll und unterhaltsam. So bunt wie die besten Slams, so dicht wie die besten Lightning Talks: 8 Antworten auf die Frage, warum Techies und Ökos zusammengehören. Bei der Bits&Bäume 2018 kamen Aktivist*innen der Tech-Community und jene der Nachhaltigkeitsrichtungen zusammen, um einander ihre Fragen und Lösungsansätze zu erklären, sie zu diskutieren und gemeinsam eine bessere Zukunft zu erdenken. Wichtiger Teil war dabei auch einzutauchen in die jeweilig anderen Mikrokosmen, einander abzuholen und die Schnittstellen zu finden. Das erste „Sporangium“ hat in diesem Sinne wichtige Themen beider Bereiche aufgegriffen. Für den C3 liegt nun der Fokus auf der Verbindung von Technologie und Nachhaltigkeit: Wie kann digitale Nachhaltigkeit, wie nachhaltige Digitalisierung aussehen? Speaker*innen (A-Z...äh...V!): * Anja Höfner – Das Märchen von der Dematerialisierung durch Technik * Carina Haupt: Nachhaltige Softwareentwicklung (für weniger explodierende Raketen) * Elenos Manifesti & der Chor der Vermummten: Wir fordern! Das Bits&Bäume-Manifest * Isabella Hermann: Utopia Outer Space? Die Zukunft der Menschheit in Science-Fiction-Filmen * joliyea – Raum für Wissen. Wo wir uns treffen, um die Welt zu retten * Kathrin Henneberger – Ja, Klimakrise! Immernoch!! * Lisa Passing: Ökostrom != Ökostrom. Down the green energy rabbit hole * Viktor Schlüter: Datenschutz? Klimaschutz? Zukunft! * Durchs Sporangium katapultieren wie immer julika & Rainer false Rainer Rehak julika lislis Isabella Hermann Elenos Manifesti joliyea Viktor Schlüter Carina Haupt Kathrin Henneberger Anja Höfner Bits&Bäume – Doku der Konferenz 2018, Stammtische, Howto eine Bits&Bäume pflanzen, ... Talks der Bits&Bäume 2018 auf media.ccc.de 2019-12-29T11:30:00+01:00 11:30 00:05 Borg 3SDLF7 https://c3lt.de/36c3/talk/3SDLF7/ Entertainment Lightning Talk en A short introduction to the Lightning Talks Day 2 session false gedsic 2019-12-29T11:35:00+01:00 11:35 00:05 Borg RSZDHX https://c3lt.de/36c3/talk/RSZDHX/ Security Lightning Talk en A quick intro to certificate pinning, why it is useful and a new Firefox add-on to do this for any https enabled website. false Heurekus 2019-12-29T11:40:00+01:00 11:40 00:05 Borg EYVQVY https://c3lt.de/36c3/talk/EYVQVY/ Hardware & Making Lightning Talk en Linux package managers are too slow! Computers can easily process gigabytes of data per second, and yet package installation in current Linux distributions achieves data rates of only a few megabytes per second, even on top-of-the-line computers. In this talk, I explain current design choices and how one can make different design choices for drastically better outcomes. This is not just armchair criticism: I have implemented these ideas in a research Linux distribution to prove they’re feasible. false Michael Stapelberg 2019-12-29T11:45:00+01:00 11:45 00:05 Borg BWNUSE https://c3lt.de/36c3/talk/BWNUSE/ Science Lightning Talk en A quick look at one of many vulnerabilities deep learning can have and how you can learn more about exploiting and defending neural networks. Neural networks are all the rage, but how secure are they? In this talk, I will show you that there is nothing magical about neurons and how they are as susceptible to hacking as any other piece of software. Together, we will explore one such vulnerability, which is part of the open source course "Hacking Neural Networks: A Short Introduction" that I made available on GitHub: https://github.com/Kayzaks/HackingNeuralNetworks false Michael Kissner 2019-12-29T11:50:00+01:00 11:50 00:05 Borg NKBHM8 https://c3lt.de/36c3/talk/NKBHM8/ Security Lightning Talk en Get requests to REST APIs are not protected against XSRF, this opens a side-channel to attackers able to read the network traffic. Get requests to REST APIs are not protected against XSRF, this opens a side-channel to attackers able to read the network traffic. How to deal with this? false Eric 2019-12-29T11:55:00+01:00 11:55 00:05 Borg QGJBHV https://c3lt.de/36c3/talk/QGJBHV/ Hardware & Making Lightning Talk en Emissions API’s mission is to provide easy access to satellite-based air pollution data without the need of being an expert in data analysis The European Space Agency’s Sentinel-5P satellite is built to monitor air quality data (carbon hydroxide, sulfur monoxide, ozone, …). All data gathered are publicly available …if you know what to do with those data sets. But if not: Emissions API’s mission is to provide easy access to this data without the need of being an expert in satellite data analysis and without having to process terabytes of data yourself. false Lars Kiesow 2019-12-29T12:00:00+01:00 12:00 00:05 Borg ESNZ7H https://c3lt.de/36c3/talk/ESNZ7H/ Hardware & Making Lightning Talk en This talk will be about my year using EXWM as my window manager for every day tasks. For the past year (since 35c3) I've used EXWM as my only window manager on all of my graphical computer systems. I will tell you a bit of my experience from the past year on EXWM. I will talk a bit about the good parts, bad parts and the future. false Elis Hirwing 2019-12-29T12:05:00+01:00 12:05 00:05 Borg G3FTEY https://c3lt.de/36c3/talk/G3FTEY/ Security Lightning Talk en Another day, another highly critical CVE on a popular project. All good for everyone ? Well, except when it's **invalid** Security researcher: failed. <br> Emergency Response Team: failed. <br> Medias: failed.<br> When lack of control of unrevokable CVE(s) on your project have long term unwanted effects... false François Cartegnie 2019-12-29T12:10:00+01:00 12:10 00:05 Borg VLSYPM https://c3lt.de/36c3/talk/VLSYPM/ Science Lightning Talk en I will explain what it takes to teach schoolkids how to programm a quantum annealer and to solve optimization problems with this cool machine. My students Jakov (15), Paul (16) and Jonathan (17) won the first price at Jugend forscht 2019 (Bayern), by solving the n-queens problem with a quantum annealer. As the teacher of the three boys I will explain what it took to teach them how to use a D-Wave quantum annealer, how much knowledge of quantum physics was necessary and what the pupils had to know about formulating a mathematical puzzle as a quadratic unconstrained binary optimization (QUBO) problem. false René Grünbauer 2019-12-29T12:15:00+01:00 12:15 00:05 Borg 3HUF7T https://c3lt.de/36c3/talk/3HUF7T/ Science Lightning Talk en The free and open source solution for automated video capture, management, and distribution at scale. Opencast is a flexible, scalable and reliable video capture, management, and distribution system for academic institutions. Opencast is built by a growing community of developers from leading universities and organizations worldwide. false Lars Kiesow 2019-12-29T12:20:00+01:00 12:20 00:05 Borg 9LWXWS https://c3lt.de/36c3/talk/9LWXWS/ Art & Culture Lightning Talk en Few words about cidre making, it's presence at 36c3 and Food Hacking Base involvement. I'll talk about the basics of cidre making, rather traditional way with few hints to the modern technology and what we do at fhb this year on the subject - cidre making workshop, tasting etc. false František Algoldor Apfelbeck 2019-12-29T12:25:00+01:00 12:25 00:05 Borg 3DGFCV https://c3lt.de/36c3/talk/3DGFCV/ Hardware & Making Lightning Talk de The Internet of Values, a power-structure that gives newcomers the most power and strengthens anonymity with crowd-sourced entertaining group-dynamics Paradoxe Untersuchungen des vorgeschlagenen Wertsystems. Humorvoll und provokativ gedacht, mit ernsthafter Philosophie über ein technologisch-realisierbares Projekt. Wir machen Schwächen zu Stärken, indem wir die Jüngeren in der Offenheit unserer Letzteren ermächtigen: die Werte. false ahimsa 2019-12-29T12:30:00+01:00 12:30 00:05 Borg SXXNNP https://c3lt.de/36c3/talk/SXXNNP/ Ethics, Society & Politics Lightning Talk de Menschenrechte gelten für alle. Wir sollten Unternehmen dazu verpflichten, für ihre Einhaltung zu sorgen. Einen gesetzlichen Rahmen für Menschenrechte in Lieferketten: das fordert die NGO-Kampagne *Initiative Lieferkettengesetz*. Konzerne sollen haften, wenn sie Menschenrechtsverletzungen bei der Herstellung ihrer Produkte nicht verhindert haben, obwohl sie das gekonnt hätten. Ich stelle euch die Ziele der Initiative vor und erkläre, was das für Arbeiter\*innen und Unternehmen bedeutet. false xian 2019-12-29T12:50:00+01:00 12:50 00:05 Borg JJA3MC https://c3lt.de/36c3/talk/JJA3MC/ Art & Culture Lightning Talk en Performing texture-agnostic Image-to-Geometry Reconstruction without 3D Supervision. false Felix Petersen 2019-12-29T12:55:00+01:00 12:55 00:05 Borg D87EQJ https://c3lt.de/36c3/talk/D87EQJ/ Security Lightning Talk en Balkan Computer Congress is an annual three days gathering of the international hacker community in the organization of LUGoNS Our goal is to gather all the communities from the region and abroad so we can socialize, hack, play, learn, exchange knowledge and experience and of course, party together. BalCCon is community organized and non commercial event - from Hackers to Hackers. We are aiming to become the center of the hacker community in the region as well as to provide an opportunity for all the people in this part of Europe to connect and to cooperate. false Jelena_BalCCon 2019-12-29T13:00:00+01:00 13:00 00:05 Borg AL8SP7 https://c3lt.de/36c3/talk/AL8SP7/ Ethics, Society & Politics Lightning Talk en Convinced that accounting is rewarding, this talk will explain the centuries old method of double entry accounting in wide use today. On day 2, I tried to convince you that accounting can reduce anxiety about money and be a tool to achieve your projects. This short talk will focus on the practical aspects of double-entry accounting: the five different types of accounts, transactions and how their debits and credits (called splits) must sum to 0. After an example, the accounting equation will be introduced. Everything presented will be applicable to GnuCash a libre software for personal and small-business accounting. false Louis Opter 2019-12-29T13:05:00+01:00 13:05 00:05 Borg ACEAVA https://c3lt.de/36c3/talk/ACEAVA/ Ethics, Society & Politics Lightning Talk en GitHub for lawyers: Using the idea of crowds/commons to hinder monopolies in the legal market. Since 2011, the term legaltech has become current in Germany and stands for a potential radical change in the distribution of legal services - the result of which may be a further accumulation of power in the hands of already powerful market players. We want to conceptualize a way of spreading that power in a more equal, open-source and less profit oriented way between those who may otherwise disappear by competing with upcoming monopolies. Let's create a GitHub for lawyers. false Til 2019-12-29T13:10:00+01:00 13:10 00:05 Borg F9979K https://c3lt.de/36c3/talk/F9979K/ Security Lightning Talk en I will tell the story how I found my first CVE by exploiting a "smart" iot power plug and disclose details & POC for (unpublished) CVE-2019-18842. false harryr 2019-12-29T13:15:00+01:00 13:15 00:05 Borg GCHEJW https://c3lt.de/36c3/talk/GCHEJW/ Security Lightning Talk en The Malware Research group on Telegram consists of thousands of individuals that help each other out when analysing malware, and you can join! Malware research requires a lot of time, and it can be hard to find a place where one can ask questions. The Malware Research group on Telegram is such a place, and it is open to join for anybody. This lightning talk provides some information on the group's activity, as well as how to join! false Max 'Libra' Kersten 2019-12-29T13:20:00+01:00 13:20 00:05 Borg HMPPKT https://c3lt.de/36c3/talk/HMPPKT/ Security Lightning Talk en I will be presenting [privacymail.info](https://privacymail.info), an open source eMail tracking transparency project. Online tracking is not exclusive to websites, but also widespread in eMails. We built an open platform to detect eMail tracking, and I'd like to give you a quick primer and invite your participation and feedback. - [The platform](https://privacymail.info) - [The code](https://github.com/privacymail/privacymail) - [Talk @ GPN19 with more information](https://media.ccc.de/v/gpn19-59-analyzing-the-email-tracking-ecosystem) false malexmave 2019-12-29T13:25:00+01:00 13:25 00:05 Borg RB3JZX https://c3lt.de/36c3/talk/RB3JZX/ Hardware & Making Lightning Talk en openage is a free Age of Empires II engine. We'll present the project's progress of the last year and future plans. https://github.com/SFTtech/openage false JJ 2019-12-29T13:30:00+01:00 13:30 00:05 Borg B3UPXB https://c3lt.de/36c3/talk/B3UPXB/ Security Lightning Talk en We are organising BSides in Amsterdam, we want you to submit your projects with a talk proposal. We are organising BSides Amsterdam in April in Amsterdam and are creating a CFP. I'll add further information here as I get in, and will tell the whole story in my Lightning Talk. false webhat 2019-12-29T13:35:00+01:00 13:35 00:05 Borg JPWRYW https://c3lt.de/36c3/talk/JPWRYW/ Ethics, Society & Politics Lightning Talk en How will our sleep and dreaming look like in 20 years? Let's shape it in a positive way! Ever wanted to learn new knowledge during sleep? Ever wanted to have high-quality sleep no matter what circumstances you are in? Ever wanted to have an extra health boosting sleep that cures your injuries or diseases overnight? Ever wanted to interact from within your dreams with other dreamers or the waking world? Let's make these and other crazy things possible, in a positive and non-profit way, by connecting professional sleep researchers and hackers! false Kristoffer Appel 2019-12-29T13:40:00+01:00 13:40 00:05 Borg AGQ9KS https://c3lt.de/36c3/talk/AGQ9KS/ Ethics, Society & Politics Lightning Talk en Working with a network of investigative reporters, we've developed a toolkit for processing of leaks and public records into a graph of evidence. http://alephdata.org/ false pudo 2019-12-29T13:45:00+01:00 13:45 00:05 Borg XDXYYW https://c3lt.de/36c3/talk/XDXYYW/ Security Lightning Talk en I will show you in 5 minutes how you calculate if you password is random and long enough. This is the part where I calculate password length out of my 45 min talk about the small 1*1 of passwords. false zem https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10519.html /system/events/logos/000/010/519/large/logo.png?1573581289 2019-12-29T11:30:00+01:00 11:30 01:00 Clarke 36c3-10519-a_systematic_evaluation_of_openbsd_s_mitigations Security lecture en OpenBSD markets itself as a secure operating system, but doesn't provide much evidences to back this claim. The goal of this talk is to evaluate how effective OpenBSD's security mitigation are, in a systematic, rational and comprehensive way. <a href="https://openbsd.org">OpenBSD's website</a> advertises a secure and modern operating system, with cool and modern mitigations. But no rational analysis is provided: are those mitigations effective? what are their impacts on performances, inspectability and complexity? against what are they supposed to defend? how easy are they to bypass? where they invented by OpenBSD or by others? is OpenBSD's reputation warranted? This talk aims at answering all those questions, for all OpenBSD's mitigations, because, in the words of <a href="https://twitter.com/ryiron/status/1150924668020203521">Ryan Mallon</a>: <quote>Threat modelling rule of thumb: if you don’t explain exactly what you are securing against and how you secure against it, the answers can be assumed to be: “bears” and “not very well”.</quote> All the research done for this talk is available on <a href="https://isopenbsdsecu.re">isopenbsdsecu.re</a> false stein Main website https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10808.html /system/events/logos/000/010/808/large/small_Yann_Portrait.jpg?1571984755 2019-12-29T12:50:00+01:00 12:50 01:00 Clarke 36c3-10808-build_you_own_quantum_computer_home_-_99_of_discount_-_hacker_style Hardware & Making lecture en Quantum technologies are often only over-hyped showed as threat for cybersecurity … But they also offer some opportunities to enhance the cybersecurity landscape . As an example, you may know that a quantum computer will be able to break RSA keys but Quantum communication technologies can also provide a new way to exchange securely a cipher key. More, with Quantum networking technologies, communication eavesdropping are , by design, detectable and thus this could lead to some good opportunities to use them to enhance cybersecurity. Some even begins to build a Quantum internet ! We may also solve main security issues face by cloud computation (privacy, confidentiality etc) via the use of "Blind quantum computation" in the cloud. However few people understand & explain how such machines & technologies work. Even fewer people trying to build one. I’m one of this crazy people. In this talk, we aim to explain how this new type of much powerful digital processing works and how we build our own Quantum computer …without a Phd in quantum physic. We will describe our plan to build the Quantum computer's hardware with hacker’s style. Through our own experiments, we will discuss our failures, our success, our progress around this challenging goal ! Come to see part of the hardware we build at the moment. We use the "Trapped ion technology". We trap atoms to make powerful calculation & computing task! Be prepared to unlock your quantum brain as this new domain is really different for classical computation ;-) but it can enhance the Cybersecurity world Our goal : Bring the knowledge that Quantum computing works, explain how they make such power calculation at hardware level, is doable at home and will provide a new way to do secure computing and communication for the best of the humanity Proposal Agenda -Quantum computer 101 (one slide to be able to understand the basic of quantum mechanic w/o FUD) -Why those Quantum computer are so powerful -How to break things with quantum computers -How to improve the security level of modern network with quantum technologies (Networking, blind quantum computing for 100%privacy in the cloud, cipher key security, quantum internet & more) -How a Quantum computer based on Trapped ions technology works to do their magic super powerful calculation (at hardware level) -How we build our own quantum computer hardware at home (in our military grade High Tech...Garage!) with hacker style & open source software (Contain full video of the buildings of our Quantum computer) false Yann ALLAIN https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10730.html 2019-12-29T14:10:00+01:00 14:10 01:00 Clarke 36c3-10730-email_authentication_for_penetration_testers When SPF is not enough Security lecture en Forget look-alike domains, typosquatting and homograph attacks. In this talk we will discuss ways of forging perfect email counterfeits that (as far as recipients can tell) appear to be coming from well-known domain and successfully pass all checks on their way. Prime focus of this talk will be modern anti-spoofing strategies and the ways around them. Join us as we try to figure out answers to questions such as "Isn't SPF enough?", "Do I *really* need DMARC?" and "Does ticking all three (SPF, DKIM, DMARC) provide the best protection possible?" (answers to these questions are "no", "yes", "no" by the way). Email security is poorly covered by a contemporary penetration testing curricula. In this talk I will argue that it leads to underreporting of email-related security issues during regular penetration tests or red team assignments. Getting clicks from (at least some) users is usually fairly easy, even with obviously fake domain names and email addresses, so penetration testers rarely need to do anything more fancy in order to achieve their objective. While this highlights the need for user education, it misses common misconfiguration issues that might lead to much more devastating compromises and could instill false sense of security in (rare) cases that regular phishing attacks fail. Technically inclined users (such as developers, tech support or even SIEM analysts) are less likely than others to fall for phishing email originating from fake domain, but they are actually more likely to fall for email seemingly originating from real known-good source due to overconfidence. In this talk we will see just how easy is it to send spoofed mail from arbitrary source address due to lack of protection for this scenario in original SMTP spec. We won't stop there however and our next object of focus will be contemporary anti-spoofing technologies (SPF, DKIM and DMARC). We will discuss motivation behind them, their technical limitations, weaknesses discovered in recent years as well as common misconfigurations. Attendees will gain knowledge about relevant protocols and technologies that should be applicable for identifying weaknesses in the architecture of their own email systems. false Andrew Konstantinov Email Authentication for Penetration Testers https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10880.html 2019-12-29T16:10:00+01:00 16:10 01:00 Clarke 36c3-10880-no_source_no_problem_high_speed_binary_fuzzing Security lecture en Modern grey-box fuzzers are the most effective way of finding bugs in complex code bases, and instrumentation is fundamental to their effectiveness. Existing instrumentation techniques either require source code (e.g., afl-gcc, ASan) or have a high runtime performance cost (roughly 10x slowdown for e.g., afl-qemu). We introduce Retrowrite, a binary rewriting framework that enables direct static instrumentation for both user-mode binaries and Linux kernel modules. Unlike dynamic translation and trampolining, rewriting code with Retrowrite does not introduce a performance penalty. We show the effectiveness of Retrowrite for fuzzing by implementing binary-only coverage tracking and ASan instrumentation passes. Our binary instrumentation achieves performance similar to compiler-based instrumentation. Fuzzing is the method of choice for finding security vulnerabilities in software due to its simplicity and scalability, but it struggles to find deep paths in complex programs, and only detects bugs when the target crashes. Instrumentation greatly helps with both issues by (i) collecting coverage feedback, which drives fuzzing deeper into the target, and (ii) crashing the target immediately when bugs are detected, which lets the fuzzer detect more bugs and produce more precise reports. One of the main difficulties of fuzzing closed-source software is that instrumenting compiled binaries comes at a huge performance cost. For example, simple coverage instrumentation through dynamic binary translation already incurs between 10x and 100x slowdown, which prevents the fuzzer from finding interesting inputs and bugs. In this talk we show how we used static binary rewriting for instrumentation: our approach has low overhead (comparable to compile-time instrumentation) but works on binaries. There are three main techniques to rewrite binaries: recompilation, trampoline insertion and reassembleable assembly. Recompilation is the most powerful but it requires expensive analysis and type recovery, which is an open/unsolved problem. Trampolines add a level of indirection and increase the size of the code, both of which have a negative impact on performance. Reassembleable assembly, the technique that we use, suffers from neither problem. In order to produce reassembleable assembly, we first disassemble the binary and then symbolize all code and data references (replacing offsets and references with references to unique labels). The output can then be fed to a standard assembler to produce a binary. Because symbolization replaces all references with labels, we can now insert instrumentation in the code and the assembler will fix the references for us when reassembling the binary. Symbolization is possible because references to code and global data always use RIP-relative addressing in the class of binaries that we support (position-independent x86_64 binaries). This makes it easy to distinguish between references and integer constants in the disassembly. We present Retrowrite, a framework for static binary rewriting that can add efficient instrumentation to compiled binaries and scales to real-world code. Retrowrite symbolizes x86_64 position-independent Linux binaries and emits reassembleable assembly, which can be fed to instrumentation passes. We implement a binary version of Address Sanitizer (ASan) that integrates with the source-based version. Retrowrite’s output can also be fed directly to AFL’s afl-gcc to produce a binary with coverage-tracking instrumentation. RetroWrite is openly available for everyone to use and we will demo it during the presentation. We also present kRetrowrite, which uses the same approach to instrument binary kernel modules for Linux. While many devices can be used with open-source drivers, some still require binary drivers. Device drivers are an inviting target for attackers because they run at the highest privilege level, and a buggy driver could result in full system compromise. kRetrowrite can instrument binary Linux modules to add kCov-based coverage tracking and KASan instrumentation. false Nspace gannimo https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10918.html 2019-12-29T17:30:00+01:00 17:30 01:00 Clarke 36c3-10918-thrust_is_not_an_option_how_to_get_to_mars_really_slow Science lecture en <p>In this talk we will see how chaos can be used to find very peculiar trajectories for space crafts within the Solar System. To understand this, we will also have a short look at the basics of orbital mechanics as well as three-body problems.</p> <p>When traveling to Mars in a space craft, you want to find a compromise between flight duration and fuel consumption. One common trajectory for achieving this is the so-called Hohmann transfer which takes about 9 months from Earth and needs two maneuvers, both of which are accelerations!</p> <p>Usually, when modeling movement of space crafts, one uses the Kepler model of two massive bodies attracting each other via gravitation. In case you have more time available for a space journey, however, you might consider a third body in your calculations. This introduces a very chaotic behavior, which you can use in turn to find very special trajectories that allow you to get to various places spending a lot less fuel. Unfortunately this will be much slower.</p> <p>These special trajectories are called low-energy transfers and form a part of the so-called interplanetary transport network. There have been a handful of missions already using these trajectories, e.g. JAXA’s Hiten probe in 1990 and ESA’s BepiColombo which is en route to Mercury right now.</p> <p>In this talk we will have a short introduction to the ever-surprising world of orbital mechanics followed by a discussion of the three-body problem including Lagrangian points. We will then see what the so-called weak stability boundary is and how chaos can help us understand why these strange trajectories exist. No math knowledge required!</p> false sven https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10693.html /system/events/logos/000/010/693/large/index.png?1572041322 2019-12-29T18:50:00+01:00 18:50 01:00 Clarke 36c3-10693-no_body_s_business_but_mine_a_dive_into_menstruation_apps The Not-So Secret Data Sharing Practices Of Menstruation Apps Ethics, Society & Politics lecture en In September 2019, Privacy International released exclusive research on the data-sharing practices of menstruation apps. Using traffic analysis, we shed lights on the shady practices of companies that shared your most intimate data with Facebook and other third parties. In this talk we will go over the findings of this research, sharing the tools we have used and explaining why this is not just a privacy problem, but also a cybersecurity one. This talk will also be a call to action to app developers whose tools have concrete impact on the lives of their users. Does anyone – aside from the person you had sex with – know when you last had sex? Would you like them to know if your partner used a condom or not? Would you share the date of your last period with them? Does that person know how you feel on any particular day? Do they know about your medical history? Do they know when you masturbate? Chances are this person does not exist, as there is only so much we want to share, even with our most intimate partner. Yet this is all information that menstruation apps expect their users to fill. With all this private information you would expect those apps to uphold the highest standards when it comes to handling the data they collect. So, Privacy International set out to look at the most commonly used menstruation apps to find out if that was the case. Using traffic analysis, we wanted to see if those apps were sharing data with third parties and Facebook in particular, through the Facebook SDK. Our research shed light on the horrific practices of some menstruation apps that shared their users’ most intimate data – about their sexual life, their health and lifestyle – with Facebook and others. In this talk, we will take you through the research we have conducted by using Privacy International’s publicly available and free testing environment. We will briefly explain how the testing environment work and we will showcase the menstruation apps that have the most problematic practices to show you how very granular and intimate data is shared with third parties and security implications. false Eva Blum-Dumontet Christopher Weatherhead Project Page on Privacy International's website Project Page on Privacy International's website (Onion) Campaigns Page on this topic on Privacy Internationals website PDF_36c3_No_body_business_but_mine-Sunday29th.pdf file https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10506.html /system/events/logos/000/010/506/large/niklas-jordan2.jpeg?1570198505 2019-12-29T20:50:00+01:00 20:50 00:40 Clarke 36c3-10506-the_planet_friendly_web Warum unser Web nachhaltiger werden muss und wie wir das anstellen! Resilience & Sustainability lecture de Wo beginnt unsere Verantwortung bei der Gestaltung und Entwicklung einer Website und wo endet sie? Wusstest Du, dass die durch das Internet hervorgerufenen CO2-Emissionen die der Flugindustrie überschritten haben? Beim Design einer Website oder Web-App denken die wenigsten an CO2-Emissionen. So ist auch dieser Fakt weitgehend unbekannt. Warum wir uns dringend über ein nachhaltigeres Web Gedanken machen sollten und wie wir das in unserem Alltag umsetzen können, erfahrt Ihr in diesem Vortrag. Auf unserer Erde gibt es viele Probleme, die es für unsere und zukünftige Generationen zu lösen gilt: Die globale Erwärmung und weltweiter Hunger sind nur einige davon. In unserem privaten Alltag beschäftigen sich viele von uns schon sehr ausgiebig mit dem Thema Nachhaltigkeit und dem verantwortungsvollen Umgang mit Ressourcen. Wir achten darauf, dass unsere Schokolade FairTrade ist, dass unser Apfel vom Bauern aus der Region kommt oder das Fleisch aus verantwortungsvoller Tierhaltung stammt. Aber wer weiß schon, dass für ein modernes Smartphone über 80 Kilogramm Natur verbraucht wird? Und wie viele von euch, die aktiv das Web gestalten, beschäftigen sich damit, es auch nachhaltiger zu machen? Oder wusstet ihr, dass die durch das Internet hervorgerufenen CO2-Emissionen die der Flugindustrie überschritten haben? In meinem Vortrag möchte ich euch zeigen, wie ihr auch im beruflichen Alltag, bspw. beim Konzipieren, Entwicklen, Designen oder Managen einer Website oder App, auf verantwortungsvollen Ressourcenverbrauch, besonders in Bezug auf den Energiebedarf, achten könnt. Auch die Fragen, wie ihr helfen könnt, das Web nachhaltiger zu machen, und was die Anforderungen an moderne Websites und Apps sind, damit sie nicht zu Lasten unserer Umwelt gehen, möchte ich euch beantworten. false Niklas Jordan Slides und alle Links Website Blog Newsletter Twitter https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10564.html 2019-12-29T21:50:00+01:00 21:50 00:40 Clarke 36c3-10564-hacking_with_a_tpm Don't ask what you can do for TPMs, Ask what TPMs can do for you Security lecture en Trusted Platform Modules (TPMs) are nowadays included in all consumer-grade devices. Whilst "the Trusted Platform Modules available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software" (Richard Stallman, GNU) they have yet to gain wide-ranged adoption, especially for the daily needs of your average nerd. This talk will introduce OpenSource software and use cases that are already supported and how your everyday nerd can benefit from those by security your personal credentials, securing your system credentials, encrypting your storage and detecting BIOS manipulations. This talk is based on the https://tpm2-software.github.io contributions. It will also give a quick rundown to debunk some myths and call for participation in the OpenSource efforts for supporting more use cases via TPMs. TPMs provide several features. Most talked about are the capabilities to perform "attestations", i.e. to reliably determine the software (BIOS, OS, applications) that are running on a given system. Most commonly useful are its capabilities to act similar to a "built-in smartcard". It provides storage for keys and secrets on the device that can be protected by PINs, i.e. that are protected against bruteforce attacks. It further provides an encrypted swapping mechanism for such keys, enabling almost infinitely large storage for said keys. With this range of features available at your average nerd's disposal, it would be a shame not to use them. 1. Securing your personal credentials The most frequent application of TPMs stems from logging into other system. This includes ssh client logins or browser based https client certificates and becomes even more frequent when put into context with git+ssh, git+https, sftp or webdav. All these technologies and mostly all implementation support PKCS11 to allow storage of secrets on a smartcard. But SmartCards or Yubikeys require extra readers, occupy USB-slots, have to be carried around. The tpm2-pkcs11 library allows anyone to seamlessly use the TPM instead of an external smartcard. This approach provides much higher convenience compared to smartcards and even compared to passwords, since you merely need a short pin instead of a username+vErys3cur3passwor! combinations. It maps the smartcards property of possession to possession of the device, i.e. notebook. 2. Securing your system credentials Heartbleed is old but the principle problem of having keys lay around in RAM and disk is as relevant as it used to be. This is where the tpm2-tss-engine for OpenSSL comes into play. It allows the use of TPM-based keys for authentication via TLS (server and client side). Of course, if your system get's owned, it's owned, but once the attacker is gone (reboot, update, etc), you can be sure that he could not have copied the private key. Thus, no revocation or similar action is needed. 3. Encrypting your storage Basically "BitLocker for Linux" is the keyword. By extending LUKS(2) and cryptsetup, we're enabling anyone to encrypt their disk and protect there data from bruteforce password guessing if the device or disk ever got stolen. This even provides a lot more convenience, since the TPM operations can be faster than the typical KDF'ing and you can work with PINs and short passwords instead of vErys3cur3passwor! ones. 4. Detecting BIOS manipulations Talks and news about evil maids, government trojans installed at airport inspections and BIOS-based backdoors are present anywhere. The tpm2-totp project is a clone of Matthew Garrets tpm-totp that he presented at 32c3. It enable the user to authenticate not only the device to be theirs, but also if the BIOS and kernel are still in the same state as they were when they left it. Most use cases are actually running code shipping with more and more distros. The talk will give some deeper explanations into each of these and possibly some live demos. false Andreas Fuchs Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10968.html /system/events/logos/000/010/968/large/mgehemcmlogioomd.png?1572433715 2019-12-29T22:50:00+01:00 22:50 00:40 Clarke 36c3-10968-content_take-downs_who_cleans_the_internet EU plans to swipe our freedom of expression under the carpet Ethics, Society & Politics lecture en The quest towards a “cleaner” internet continues – with “censorship machines” included in the EU Copyright Directive, upload filters proposed in the Terrorist Content Regulation, and numerous other initiatives to push dominant platforms to police online content. This talk will present the next big battles for free speech online at the European level. The next important battle for our rights and freedoms in the digital sphere is looming on the horizon. Policymakers wage war against “harmful” speech online, relying on the centralisation of the web around few platforms that function as “walled gardens”. Heated debates on upload filters recently took place around the copyright reform and the fight against online terrorist propaganda. The next challenge for our freedom of expression online is a planned update to rules that deal with illegal and “harmful” content: E-Commerce Directive. E-Commerce was adopted two decades ago, but the way the internet looks like has drastically changed since. The amount of user-uploaded content has exploded, and few dominant platforms have an increasing impact on people’s rights and freedoms. How does the current online landscape look like? What are the policy options the EU is facing in terms of platform regulation? How can we achieve human rights-compliant content moderation rules? false Chloé Berthélémy Thomas Lohninger EDRi website https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10711.html 2019-12-29T23:50:00+01:00 23:50 00:40 Clarke 36c3-10711-5g_net_neutrality Status of the Net Neutrality Reform in Europe Ethics, Society & Politics lecture en Three and a half years after Europe enshrined net neutrality in law, the protections for the open internet are being renegotiated. Europe finds itself in the middle of an immense lobbying battle about the legality of internet blocking, zero-rating and the internet as a common carrier for everyone. All this while the EU is also the first world region trying to fit the next mobile network standard 5G into the net neutrality framework as we currently know it. This talk will give a brief summary about the past years of regulatory enforcement, how the internet has developed in Europe and what to expect from the ongoing reform. The Body of European Regulators for Electronic Communication (BEREC) is currently reforming the net neutrality framework of the EU. The reform started in late 2018 and will come to a conclusion in March 2020. The talk will outline the full reform process and explain the issues the digital rights community is fighting for. A particular focus will be on the challanges that the next mobile network standard 5G brings to the net neutrality debate and what to expect from new technology aspects like network slices and edge computing. Additionally, we will give insights into net neutrality enforcement throughout the European Union in the past three and a half years. This section of the talk is based on a comprehensive study which epicenter.works has conducted in 2019. The Austrian digital rights NGO epicenter.works is a leading net neutrality advocate in the EU. Their campaign www.savetheinternet.eu followed the policy debate to enshrine net neutrality in law in the European Union and lasted from 2013 until 2016. Since then, the organisation has become a public watchdog on the regulatory enforcement of the rules and published extensive legal and technical analysis on net neutrality violations. They try to shape the regulatory and public debate by speaking at annual shareholder meetings of Deutsche Telekom and participate in expert consultations from telecom regulators. With the ongoing reform, the net neutrality debate in Europe is heating up once again, with an uncertain outcome. false Thomas Lohninger epicenter.works - for digital rights Public consultation on the document on BEREC Guidelines on the Implementation of the Open Internet Regulation (10.10.2019) Dossier Net Neutrality savetheinternet.eu Report: The Net Neutrality Situation in the EU Zero rating: Why it is dangerous for our rights and freedoms (22.06.2016) NGOs and academics warn against Deep Packet Inspection (15.05.2019) Net Neutrality vs. 5G: What to expect from the upcoming EU review? (05.12.2018) https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10990.html 2019-12-29T11:30:00+01:00 11:30 01:00 Dijkstra 36c3-10990-connected_mobility_hacken_digital_bike_23 Von E-Bikes in der Connected Mobility zur Entstehung eines nachhaltigen Open-Source-E-Bike-Projekts Resilience & Sustainability lecture de Was haben E-Bikes mit Connected Mobility zu tun? Und ist so was wie LineageOS auch für Bike Computer möglich? Außerdem: wie lassen sich Cradle to Cradle Prinzipien auf E-Bikes anwenden? Der Vortrag gibt einen Einblick in die Rolle von E-Bikes in der Connected Mobility und umreißt ihren Stand der Technik. Zudem berichtet er von den Herausforderungen, ein nachhaltiges Open-Source-E-Bike zu entwickeln. Last but not least möchte er die Idee eines Open-E-Bike-Wiki vorstellen. Dank Vernetzung auf allen Ebenen soll Mobilität sicherer, umweltfreundlicher, humancentered etc. werden. Fokus ist natürlich der Automotive Bereich. Da wird entwickelt, was das Zeug hält. Aber was ist mit E-Bikes? Sie haben durch ihre On-Board-Komponentenvernetzung perfekte Voraussetzungen für Connected und Smart. Deshalb jagt ein Hardware- und Sofwareupgrade inzwischen das nächste. Detaillierte Userdaten landen auf den Servern der Hersteller, dank proprietärer Software aller relevanten Komponenten. Der Vortrag beschäftigt sich im ersten Teil mit Connected Mobility und dem Stand der Technik bei E-Bikes - ein Fokus: Ihre Konnektivitätsoptionen und die Sensorvielfalt. Und es geht um Sinn und Unsinn des Technikeinsatzes. Im zweiten Teil geht es um das eigentliche e-Bike-Projekt. Der Vortrag erzählt von den Eigenheiten der Fahrzeugkonstruktion inspiriert von Cradle to Cradle und den Stand der Dinge der IT – Open Source, Open Embedded und Open IoT - aus der Sicht einer Produktdesignerin, die keine Hackerin ist und gern alles offen und transparent entwickeln würde und anwender*innenfreundliche Applikationen sucht. Und er erzählt von der Idee den IT-Dschungel zu lichten: der Erstellung eines Open-E-Bike-Wikis. false Jo Tiffe form:f - critical design https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10768.html 2019-12-29T12:50:00+01:00 12:50 01:00 Dijkstra 36c3-10768-getting_software_right_with_properties_generated_tests_and_proofs Evolve your hack into robust software! Resilience & Sustainability lecture en How do we write software that works - or rather, how do we ensure it's correct once it's written? We can just try it out and run it, and see if it works on a few examples. If the program was correct to begin with, that's great - but if it's not, we're going to miss bugs. Bugs that might crash our computer, make it vulnerable to attacks, stop the factory, endanger lives, or "just" leave us unsatisfied. This talk is about techniques every programmer can use to avoid large classes of bugs. You think about general properties of the things in your code, verify them through automatically generated tests, and (when it's particularly critical) proofs. This is a surprisingly fun and satisfying experience, and any programmer can do it. You need just a bit of high school math (which we'll refresh in the talk) to get started. This talk is specifically about accessible techniques: Almost any program, function, or entity has a few interesting properties, and teasing them out will enhance your understanding of what is going on in your software. The next trick is to write out the property in your programming language. People with lots of time and budget can write down enough properties to form a complete specification of the security- and safety-critical parts of a system and prove that they hold for their system. In the talk, we'll instead focus on a dead-simple technique called <b>QuickCheck</b>. (Your programming language almost certainly has a QuickCheck library you can use.) QuickCheck - from the code describing the property - will automatically generate as many test cases as you want, run them, and produce counterexamples for failures. QuickCheck is amazingly effective at flushing out those corner cases that elude traditional unit tests. Finally, for simple properties of pure functions, we can also attempt a proof using simple algebra. The results are a wonderful feeling of satisfaction, and a sound sleep. false Mike Sperber Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10630.html /system/events/logos/000/010/630/large/tower.png?1576682663 2019-12-29T14:10:00+01:00 14:10 00:40 Dijkstra 36c3-10630-wifibroadcast How to convert standard wifi dongles into digital broadcast transmitters Hardware & Making lecture en This talk is about modifying cheap wifi dongles to realize true unidirectional broadcast transmissions that can transport digital data like HD drone video with guaranteed latency over a range of tens of kilometers. The talk will show the necessary changes to the firmware and kernel of the wifi dongle, the forward error correction and software diversity (fuse several receivers in software) that is added to improve reliability and the most prominent use case: Flying a remote controlled drone at a distance of tens of kilometers. Wifi as it is implemented in the 802.11 standard tries (as best as it can) to guarantee to a user the delivery of data and the correctness of the data. To increase the chance of delivery, the standard includes techniques like automatic retransmission, automatic rate reduction, CSMA/CA. To guarantee correctness, the packets are using CRC sums. These measures are very useful in a typical 1-to-1 communication scenario. However, they do not adapt very well to a 1-to-n scheme (broadcast). Even in case of a 1-to-1 scenario the techniques mentioned above make it impossible to guarantee a latency and throughput of a transmission. Wifibroadcast uses the wifi hardware in a mode that is very similar to the classic analog broadcast transmitters. Data will immediately be sent over the air, without any association of devices, retransmissions and rate reductions. The data can be picked up by an arbitrary number of receivers that decode the data stream, repair damaged packages via software diversity and repair damaged bits via forward error correction. The Wifibroadcast software is an easy to use Linux program into which arbitrary data can be piped. The same data will then appear on the receiving program on standard output and can thus be piped into further programs. All software developed has been made available under the GPL license. A prominent use case for Wifibroadcast is the transmission of live video from a drone. Compared to standard wifi this offers the following advantages: * Guaranteed latency * No association (that might get lost) * Multiple receivers work out of the box * True unidirectional communication allows to use asymmetrical antenna setups * Slow breakup of connection instead of complete communication loss The talk will show the details of the Wifibroadcast protocol, the changes to the firmware & driver, the forward error correction, software diversity and finally will show the HD video transmission over tens of kilometers as an application example. false befi Wifibroadcast – Analog-like transmission of live video data https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10704.html 2019-12-29T16:10:00+01:00 16:10 01:00 Dijkstra 36c3-10704-mensch_-_kunst_maschine Mit künstlicher Intelligenz zu neuer Kunst zum kybernetischen Verstand Art & Culture lecture de Kann künstliche Intelligenz Kunst erzeugen? Können Menschen von künstlich intelligenten Systemen erzeugte Kunst verstehen? Ist Kunst ein Weg zu neuen Stufen eines kybernetischen Verstandes? Der Stand der KI-Kunst ist keine Kunst oder keine KI. Aber wir werden mit unserer menschlichen Eitelkeit konfrontiert werden, nicht die Einzigen zu sein, die schöpferisch und auch künstlerische Relevanz in Betrachtern auslösen. Dies liegt mitunter an unseren bisherigen Kunstbegriffen und -verständnissen, die oftmals mit Intentionalität assoziiert sind. Eliza: Warum? Simon Hegelich widmen sich diesen Fragen und zeigt eigene (?) Werke (Videos, Bilder, Gedichte), die mit KI erzeugt wurden, wobei er seine großen Leidenschaften;- Kunst, maschinelles Lernen, Hegelsche Dialektik, Science Fiction, Kybernetik und Transhumanismus- der Erweiterung durch Diskurs unterzieht. Künstlich intelligente Systeme werden seit den 70er Jahren zunehmend in künstlerischen Schaffensprozesse einbezogen. Ob Computer auch autonom Kunst generieren können, ist keine Frage der Leistungsfähigkeit solcher Systeme, es wirft vielmehr die Frage auf, inwieweit tradierte Kunstbegriffe neu gedacht werden können. Die Beschäftigung mit KI und Kunst birgt im Vergleich zu laufenden KI-Debatten eine Reihe zusätzlicher Denkfreiheitsgrade: Sie ist erfahrbar! Gerade weil Kunst als Konzept schwierig zu fassen ist, uns gleichzeitig Künstlerisches inspiriert, zum Spekulieren, Träumen und Empfinden anregt, lässt sich vor diesem Hintergrund ganz anders über KIs und ihre Potentiale diskutieren. Unter Einbezug des technischen Standes derzeitiger Deep Learning Systeme und der eigenen künstlerischen Erfahrung werden diese Potentiale aufgefächert. Wir stellen den Diskurs um Grundfragen zum Verhältnis Mensch-KI-Kunst neue Fragen diametral gegenüber: Kann künstliche Intelligenz Kunst erzeugen? Wie können wir Kunst von künstlich intelligenten Systemen verstehen? Kann Kunst KI erzeugen und versteht das noch jemand? Simon Hegelich (KI-Entwickler, Philosoph, Professor für Political Data Science, Videoartist und Synthinerd) widmet sich diesen Fragen in eine Präsentation und schmeißt seine großen Leidenschaften zusammen: Kunst, maschinelles Lernen, Hegelsche Dialektik, Science Fiction, Kybernetik und Transhumanismus. Es könnte explosiv werden. false Simon Hegelich TEDx Talk Artificial Spirits Bilder TensorFloys Projekt https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10576.html /system/events/logos/000/010/576/large/Mitel-DECT.jpg?1571665850 2019-12-29T17:30:00+01:00 17:30 01:00 Dijkstra 36c3-10576-mifail_oder_mit_gigaset_ware_das_nicht_passiert DECT is korrekt. Hardware & Making lecture de Seit 2018 betreibt Eventphone ein neues Telefonsystem auf den chaosnahen Events. Natürlich wird neue Soft- und Hardware sofort zum Forschungsgegenstand. Schnell gab es die üblichen Fragen: Wie funktioniert das genau? Ist das alles an Features? Kann man das updaten? Kann man nicht kompatible Geräte vielleicht kompatibel machen? Was kann man noch verbessern? Ist das sicher? Natürlich haben wir Antworten und möchten unser Wissen mit euch teilen. Es gibt einen Überblick über DECT, kaputte Crypto™ und was man mit Kreativität daraus machen kann. Unser Anspruch ist, dass wir es so erklären, dass alle Zuschauerinnen und Zuschauer ein bisschen mehr über DECT wissen und mindestens einmal gelacht haben. Seit dem Easterhegg 2018 betreibt Eventphone das PoC (Phone Operation Center) mit neuer Hard- und Software. Wer ist Eventphone bzw. das PoC und was machen die? Neben vielen selbst entwickelten Komponenten nutzen wir eine DECT-over-IP-Lösung des kanadischen Telekommunikationsunternehmens Mitel. Wir geben euch eine Architekturübersicht der neuen Anlage und sprechen über Antennen, Software sowie Lizenzierung. Nachdem wir die größten Probleme, die wir mit dem alten System hatten, vollständig gelöst haben, schauten wir etwas genauer unter die Haube. Bei den ersten Analysen entdeckten wir einen unkritischen, aber witzigen Fehler, den wir euch zeigen wollen. Unser primäres Ziel war es, die Kompatibilität zu erhöhen, denn es gab einige Geräte, die trotz DECT-Standard nicht mit der Anlage funktionierten oder sich sehr sonderlich verhielten. Warum eigentlich? Wir fingen an, die Kommunikation der Geräte zu analysieren, und fanden heraus: Wer ein Byte verliert, hat acht Bit zu wenig. Es folgt: eine DECT-Anmeldung als Theaterstück. Aber halt! Ist das nicht alles verschlüsselt? Woher wisst ihr das? Es folgt: die Geschichte der Mitel Crypto und was daraus entstand: rfpproxy. Es folgt: eine DECT-Anmeldung mit rfpproxy als Theaterstück. Dann sammelten wir Metadaten und löschten sie wieder, mit Unterstützung der Feuerwehr. Und dann? Dann haben wir viel gespielt, analysiert und entwickelt. Weil die Zeit knapp ist zeigen wir euch 3 kleine Beispiele. Musik während des Telefonats über Vanity Number, die Akte AVM und Telefonbuchfunktionen. Am Ende geben wir euch Informationen zum Weitermachen sowie einen Ausblick. Außerdem wollen wir euch motivieren uns zu helfen. Wir hätten gern einen Wireshark Dissector. Stay connected! false zivillian ST Kambor-Wiesenberg LaForge Eventphone: früher, heute, morgen – Vortrag auf dem 35C3 Das neue Eventphone (PoC) Telefonsystem (Easterhegg 2019) Die neue DECT-Anmeldung DECT-Deregistrierung (Easterhegg 2018) Mitel DECT https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10607.html /system/events/logos/000/010/607/large/logo.png?1571239945 2019-12-29T18:50:00+01:00 18:50 01:00 Dijkstra 36c3-10607-grow_your_own_planet How simulations help us understand the Universe Science lecture en This year the Nobel prize in physics was awarded to three astronomers changing the understanding of the Universe and finding the first exoplanet. This is a good reason to dive into astronomy, numerics, and programming and to learn how modern astronomy creates the pictures and models of the reality we observe in the night sky. Let’s find out together how we can simulate the Universe and grow new planets – computationally! In all ages people have gazed at the stars and tried to grasp the dimensions of the Universe and of the teeny-tiny marble we call our planet and wondered how unique it actually is. From the ancient geeks to Johannes Kepler to modern times we slowly advanced our understanding of the sky and the laws necessary to describe the orbits and evolution of all its objects. Nowadays computational power has greatly increased. So we can further our understanding of the Universe from basic, analytically computable orbits to the challenge of turbulent gas flows – only accessible with numerical simulations. Let's go on a journey through space and compare the data we observe with breath-taking accuracy using instruments like ALMA, VLT, Gaia, and Hubble Space Telescope to numerical simulations now possible due to computer clusters, multi-core CPU and GPU-calculations. We want to explore the physics and numeric algorithms we need to comprehend the Universe and travel to the unexplained territory of problems we can not quite solve yet. We present three state-of-the-art hydrodynamics programs: PLUTO (by A. Mignone), FARGO3D (by P. Benítez Llambay and F. Masset) and AREPO (by V. Springel). All of them are free open source software and commonly used in research worldwide. Using their example, we demonstrate how hydrodynamics recreates many of the things we see in the sky, including planets. Simulations teach us how rare the formation of Earth was and show that there is no alternative planet in reach. In modern times we humans continue to gaze at the stars. Even without Planet B in sight, we are still fascinated with what we see. Numerical methods help us satisfy our thirst for knowledge and accelerate the research of the Universe. false miosta caro PLUTO FARGO3D AREPO Slides (without videos) https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10858.html /system/events/logos/000/010/858/large/campiaperti-500x500.jpeg?1572012801 2019-12-29T20:50:00+01:00 20:50 00:40 Dijkstra 36c3-10858-infrastructures_in_a_horizontal_farmers_community Human agreements, comunication infrastructures, services in Campi Aperti, Bologna, Italy Resilience & Sustainability lecture en We will analyze the approach to tecnology (decisional method, mesh network and cloud) of a farming community near Bologna: Campi Aperti. Speaking about: human organization, connectivity, managing of a server, resources and incidents handler, femminism, maintaining and growing in a non-gerarchical organization. Technologies involved: humans, antennas, orchestrator of containers. Summarize the experience of this last 15 years of a group of farmers, the strong political impact about take care of the near territory, decide what grow and what eat and share this decisions with the consumers in the city, settled a method that is called "shared warranty", garanzia partecipata, for the organic vegetables, refuse the big distribution of the food and how this principles, with also some femminist ideas, can bring us to think in a different way our tech organizations and our tools. In the last 3 years the group Campiaperti and Genuino Clandestino, the italian network of self-managed farmers, started to make questions and solution about tecnologies and started slowly to mantain their services. false Andrea Zappa Campi Aperti Documentazione Campiaperti Float - minimal container orchestrator https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10561.html /system/events/logos/000/010/561/large/ic_eg.PNG?1571922527 2019-12-29T21:50:00+01:00 21:50 00:40 Dijkstra 36c3-10561-the_eye_on_the_nile Egypt's Civil Society Under Attack Ethics, Society & Politics lecture en What happens when we come across a surveillance operation targeting Egypt’s civil society? And what happens when the attackers expose all of their backend code by mistake? This is The Eye on the Nile. Egyptian activists and journalists report and fight against human rights violations, only to face human rights violations themselves: they are often silenced, detained, tortured and imprisoned. Practicing their freedom of expression becomes especially dangerous under a regime that is constantly wary of attempts to spark a second revolution. Therefore, it would not be surprising to see surveillance-motivated attacks trying to go after those targets. This talk will discuss how an opsec mistake made by a state actor gave us a rare insight into their long-term malicious activity, and the methods they were using to keep a close eye on possible internal threats within Egypt. Among our findings were attempts to gain access to victims' inboxes and monitor their correspondences, mobile applications hosted on Google's Play Store and used to track victims' communications or location, and more. We will start by reviewing our investigation into the attackers' infrastructure, and will then go over the different attack vectors and previously undisclosed malicious artifacts used in this operation. Lastly, we will share how we were able to find and reveal the identities of this campaign's high-profile targets, and the location of the headquarters which we suspect the attackers are operating from. false Aseel Kayal Technical Publication New York Times Publication https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10672.html /system/events/logos/000/010/672/large/Talk_Logo_3D_printer_Tshirts.png?1576667942 2019-12-29T22:50:00+01:00 22:50 00:40 Dijkstra 36c3-10672-warum_3d-gedruckte_kleidung_nicht_die_zukunft_ist Hardware & Making lecture de 3D-gedruckte Kleidungsstücke finden sich mittlerweile auf immer mehr Laufstegen in der Modebranche. Der Herstellungsprozess erlaubt gänzlich neue Abläufe und die Chance, durch mehrfache Materialverwendung und Abfallreduzierung nachhaltiger zu produzieren. Aber wie alltagstauglich und bequem sind diese Teile eigentlich? Wann ist ein Kleidungsstück überhaupt bequem? Welche Funktionen können 3D-gedruckte textile Flächen übernehmen – und welche nicht? Die Bekleidungsbranche ist eine der schädlichsten Industrien für unseren Planeten und unsere Gesellschaft. Additive Fertigungsverfahren scheinen eine Alternative zu umweltschädlicher Massenfertigung zu sein. Der Talk beantwortet Fragen nach Qualität und Nutzen 3D-gedruckter textiler Flächen und ob diese tatsächlich das Potential haben, die Bekleidungsindustrie nachhaltiger zu gestalten. Und ist es wirklich realistisch, dass wir bald alle zuhause einen 3D-Drucker stehen haben und uns morgens einen Pullover drucken? false Kurfuerstin https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10549.html /system/events/logos/000/010/549/large/a64tux.png?1570567588 2019-12-29T23:50:00+01:00 23:50 00:40 Dijkstra 36c3-10549-linux_on_open_source_hardware_with_open_source_chip_design Hardware & Making lecture en Want to run Linux on open hardware? This talk will explore Open Source Hardware projects capable of that task, and explore how RISC-V and free software FPGA projects can be leveraged to create libre systems. This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform. Drew will also talk about the importance of the RISC-V instruction set and free software FPGA toolchains. He will explore the options for running Linux on open source chip designs. false Drew Fustini Embedded Recipes 2019: Linux on Open Source Hardware and Libre Silicon Slides from Embedded Recipes 2019 in Paris https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11010.html 2019-12-29T11:30:00+01:00 11:30 01:00 Eliza 36c3-11010-protecting_the_wild Conservation Genomics between Taxonomy, Big Data, Statistics and IT-Security Science lecture en Conservation genomic approaches are crucial for establishing long-term sustainable conservation and management strategies for the protection of biodiversity and natural ecosystems. In this talk, the diverse and disparate fields of expertise and activism are presented, which are involved in building effective conservation genomic reference datasets and their infrastructures, analytical inference/prediction environments and operational tools for practical application. Natural ecosystems and biodiversity are lost at an alarming and accelerating rate due to anthropogenic (over-) exploitation, habitat destruction and climate change. Conservation genomics promises to provide reliable and detailed insights into the current state of species and their interactions, as well as, the processes shaping their reactions to change. Such knowledge is urgently needed for forecasts of species’ responses under quickly and potentially unpredictably changing climatic and environmental conditions, as well as, sociopolitical changes and shifting patterns of economic (over-) exploitation. Conservation genomic insights will allow societies in dynamic contexts to come to adequate decisions and effective action in time. Reliable, decisive and useful practical tools that are robust under real-world operational conditions are, for example, needed for genetic inventory and monitoring campaigns, by certification initiatives, for example in fisheries or forestry, and in forensic genetic case work enforcing legal protection. The development and implementation of the building blocks for conservation genetic tools will involve the cooperation of experts, activists and citizen enthusiasts from many and, so far, often unconnected backgrounds and communities. These extensive projects will bring together experts from biodiversity science, bioinformatics, statistical genetics, machine learning and IT-security, as well as, citizen scientists and volunteers, conservation activists, stewards and managers of natural “resources”, and local communities. false Jutta Buschbom https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10928.html 2019-12-29T12:50:00+01:00 12:50 01:00 Eliza 36c3-10928-provable_insecurity where artifacts come from, and how constructive math may help Security lecture en Cryptographic hash functions are everywhere, yet modeling the characteristics of their real-world occurrences is surprisingly complicated when trying to prove security. We argue how seemingly convenient features of doing classical math may make it actually harder to model them correctly. <p> Did you ever wonder why programmers use hash functions without keys while cryptographers only proved the implemented protocol secure for a hash function that is keyed? Did you ever want to have your passwords hashed using a random oracle for maximum security? If you are unhappy because it is possible to prove that a microkernel implementation can be proven to do what it is supposed to do, but your favourite cryptographic protocol cannot, then this talk may be for you.</p> <p>We explore how the way we do classical math leads deviations between cryptographic functions and how they can be modeled in proofs, and what could be done about that.</p> <p>We focus on questions like:</p> <ul> <li>How we can be forced to worry about collisions that no one knows</li> <li>How it can be that proofs in an exact science like math need to be interpreted</li> <li>Why modern cryptographers cannot prove something under the assumption that "hash function X is secure" while programmers have to design their software like this</li> <li>Whether "proving A" is always the same as "proving A"</li> <li>How to reasonably measure precomputation complexity in cryptographic attack</li> <li>And finally: Why we may need different mathematical foundations to formalize cryptography</li> </ul> false dreiwert Claus Diem slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11043.html /system/events/logos/000/011/043/large/hs_logo_-_black.png?1572116221 2019-12-29T14:10:00+01:00 14:10 01:00 Eliza 36c3-11043-humus_sapiens Open Soil Research Resilience & Sustainability lecture en <p>HUMUS sapiens represents a compilation of soil explorations emerging from the networks of mikroBIOMIK, Hackteria, and Gasthaus – with the ambition to bring DIY (do-it-yourself) and DIWO(do-it-with-others) approaches as well as an open-source-based “hacker spirit” into soil ecology. Participants are invited to reflect on current scientific discourses and critical societal challenges through hands-on tinkering and curiosity-driven research.</p> <p>Far more than just the dirt under our feet, soil is a truly complex and dynamic ecosystem. It is a constantly changing mix of minerals, living organisms, decaying organic matter, air, and water. It is the living skin of our planet, allowing new forms of life to come into being, incorporating the nutrients left there by organisms of the past. Soil is bursting with life and can be vastly different from one square centimeter to the next. From plants, earthworms, insects, and fungi to invisible amoeba, nematodes, algae, and bacteria – each creature provides their own essential role in the soil ecosystem. The shared nature of the soil habitat manifests not only through the highly interconnected so-called “soil food web” – which is mainly driven by microbial metabolism – but also in regard to humans and their dependence on the productivity of edible plants. It is this dependency that motivates Homo sapiens to manipulate natural ecosystems, while at the same time failing to understand them. Human impact on the soil, especially intensive agricultural practices (deforestation, overgrazing, use of agrochemicals, etc.) and urbanization, leads to compaction, loss of soil structure, nutrient degradation,and contamination – ultimately, the breaking down of these ecosystems and eroding of the soil to infertile desert.</p> <p>HUMUS sapiens aims to reexamine these problems from an ecosystem's viewpoint and to support the paradigm shift from an anthropocentric ideology to a more biocentric philosophy of life.</p> false Julian mikroBIOMIK.org Moritz Chollet Malte Larsen Maya Minder mikroBIOMIK Society International Hackteria Network HUMUS Sapiens https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11030.html /system/events/logos/000/011/030/large/repair.jpg?1576772458 2019-12-29T16:10:00+01:00 16:10 01:00 Eliza 36c3-11030-degrowth_is_coming_-_be_ready_to_repair Resilience & Sustainability lecture de Der Diskurs um die "Digitalisierung" kann vor allem eines: Verheißen. Roboter befreien uns von mühsamer Arbeit, Effizienzsteigerungen sorgen von ganz allein für den Schutz von Umwelt und Ressourcen und Algorithmen erleichtern uns den Alltag. Dass diese Verheißungen vor allem Tech-Konzernen in die Tasche spielen und wir dank der datenraff(inier)enden Geschäftsmodelle des digitalen Kapitalismus auf ökologische und soziale Katastrophen zusteuern, soll in dem Vortrag gezeigt werden. Kann die Wirtschaft dank effizienterer Technologien weiter wachsen ohne dabei Ressourcen zu verbrauchen? Oder merken wir bei unseren immer voller werdenden Leben gar nicht, dass uns in Wahrheit die Rohstoffe ausgehen? Wenn wir schon sehr bald kein Material mehr haben, um Technik zu bauen, die alle Verheißungen erfüllt - was machen wir dann? Ist die Antwort dann reparieren, selber machen, vielleicht sogar kreativ werden? Der Vortrag zeigt Daten und Grafiken zum aktuellen und prognostizierten Ressourcen- und Energieverbrauch digitaler Technologien. Der Mechanismus des Rebound-Effekts kann dabei helfen, die komplexen Folgen der aktuellen technischen Entwicklung z.B. in Bezug auf Wachstum zu verstehen. Degrowth ist eine politische Bewegung von Wissenschaftler*innen und Aktivist*innen, die gegen die Steigerungs- und Wachstumszwänge moderner Gesellschaften kämpfen. Mit welchen Argumenten begegnet die Degrowth Bewegung Wachstum aus einer ökologischen Perspektive? Und welche Anknüpfungspunkte für Ressourcenschonung gibt es in der Tech- und Maker-Bewegung? false Anja Höfner Nicolas Guenot https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10912.html /system/events/logos/000/010/912/large/databox-logo-cropped.png?1577552094 2019-12-29T17:30:00+01:00 17:30 01:00 Eliza 36c3-10912-on_the_edge_of_human-data_interaction_with_the_databox Resilience & Sustainability lecture en In this talk I will report on Databox, the focus of a UK-based research collaboration between the University of Cambridge, the University of Nottingham, and Imperial College, with support from industrial partners including the BBC. Databox is an open-source software platform that seeks to embody the principles of Human-Data Interaction by enabling individuals to see and exercise dynamic control over what is done with their personal data. The research project has melded computer systems design with ethnomethodological approaches to Human-Computer Interaction to explore how such a platform can make use of personal data accountable to individuals. We are all the subjects of data collection and processing systems that use data generated both about and by us to support many services. Means for others to use such data -- often referred to possessively as "your data" -- are only increasing with the long-heralded advent of the Internet of Things just the latest example. Simultaneously, many jurisdictions have regulatory and statutory instruments to govern the use of such data. Means to enable personal data management is thus increasingly recognised as a pressing societal issue. In thinking about this complex space, we formulated the notion of Human-Data Interaction (HDI) which resulted in the Databox, a platform enabling an individual data subject to manage, log and audit access to their data by others. The fundamental architectural change Databox embodies is to move from copying of personal data by others for central processing in the cloud, to distribution of data analysis to a subject-controlled edge platform for execution. After briefly introducing HDI, I will present the Databox platform design, implementation and current status. false mort Databox Project Human-Data Interaction BBC R&D -- The BBC Box On the Edge of Human-Data Interaction with the Databox https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10756.html /system/events/logos/000/010/756/large/blatt3000-pandas.jpg?1576528919 2019-12-29T18:50:00+01:00 18:50 01:00 Eliza 36c3-10756-p2panda Social, artistic & theoretical experiments with decentralized festivals Art & Culture lecture en Festivals and events are organized by a small group of deciders. But what would Eris do? (chaos!) We will look at some of our experiences with decentralised festivals where every participant can truly participate, reflect on how they influence our way of discussing and producing art and technology and discuss p2panda, an idea of a p2p protocol for (self-)organising resources, places and events, which is based on the SSB protocol. <p>This is a technical, artistic, theoretical reflection on how we use technology to run and experiment with decentralised festivals. VERANTWORTUNG 3000 (2016), HOFFNUNG 3000 (2017) and now p2panda are platforms and protocols to setup groups, festivals, gatherings, events or spaces in a decentralised, self-organised manner which allow us to raise questions on how we organise ourselves in our social, artistic & theoretical communities.</p> <p>In this presentation we want to:</p> <ul> <li>Show work and reflection processes of BLATT 3000 and Liebe Chaos Verein e. V. i. G. in Berlin on how technology informs art production and how these systemic "meta"-questions can be made the actual means of art, theory and discussion.</li> <li>Introduce some technical key-concepts of the p2panda protocol and how offline-first, append-only data-types, user authorization through cryptographic keys are interesting for ephemerality, self-organization, non-individuality, decentralization and anonymity in art and theory production.</li> <li>Present fictional ideas for festivals of the future.</li> <li>Talk about pandas.</li> </ul> false adz sophiiistika cafca p2panda - Design document HOFFNUNG 3000 - Experimental festival platform Liebe Chaos Verein e. V. https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10890.html 2019-12-29T20:50:00+01:00 20:50 00:40 Eliza 36c3-10890-welcome_pattern_-_theorie_und_praxis (Eine Gemeinschaftsproduktion der Haecksen, der tuwat-Gruppe Bildung und Chaos Siegen) CCC lecture de In diesem Beitrag stellen wir die von der tuwat Gruppe Bildung erarbeiteten "Welcome Pattern" zum Empfang und Integration von Neuankömmlingen und ihre Anwendung in Siegens Hackspace "HaSi" vor. Das Chaos setzt sich für Informationsfreiheit ein und behandelt die Auswirkungen von Technologie auf die Gesellschaft. Dabei machen wir sie zum Beispiel erfahrbar, testen ihre Grenzen und erklären unseren Mitmenschen und Interessierten, was gut und nicht so gut funktioniert. Zwischenzeitlich kommt da aber auch der Besucher mit dem kaputten Windows Vista, die neue Person, die schon beim ersten Besuch den Lasercutter anschmeißen will oder jemand, der den feinen Unterschied zwischen "cool" und "gar nicht mal so geil" nicht ganz verstanden hat. Wir versuchen auf der einen Seite offen für neue Mitstreiter*nnen zu sein, müssen aber auch bestimmt auf unsere Regeln und ethischen Grundsätze hinweisen. Die tuwat Gruppe Bildung hat 2018 aus diesem Grund sogenannte 'Welcome Pattern' entwickelt. Schnell zu lesen sollen sie das Chaos unterstützen, sich offen zu zeigen, ohne davon überlastet zu werden. Sie sollen aber auch eine bessere Integration von Neuankömmlingen ermöglichen, ohne die Komplexität hinter der Hackerethik und Informationsfreiheit auszusparen. In diesem Vortrag stellen wir diese Muster vor und besprechen relevante Teile davon anhand ihre Anwendung im Chaos Siegen und seinen assoziierten Hackspaces. Chaos Siegen beschäftigt sich seit Anfang 2019 mit den Mustern. Sie legen sie zum Beispiel als zusätzliches Informationsmaterial aus. Außerdem führen sie einen 'Hodge Podge', eine Kontaktliste verschiedener Gruppen, um Neulinge peu-a-peu ins Chaos zu führen. Die bekannte Diskussion wie viel Ahnung von Technik man im Chaos mitbringen soll wird verkürzt, aber auch schwere Themen, wie die Homogenität in der Gruppe, können addressiert werden. Eure konkreten Fragen könnt ihr am Endes des Vortrags mitbringen. Vielleicht können wir euch in Richtung eines entspannteren Clubleben weiterhelfen. false melzai nanooq Welcome Patterns Haecksen Chaos Siegen welcome-patterns-36c3 https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11178.html /system/events/logos/000/011/178/large/fck.PNG?1576712719 2019-12-29T21:50:00+01:00 21:50 00:40 Eliza 36c3-11178-art_against_facebook Graffiti in the ruins of the feed and the party-info-capital is emigrating Art & Culture lecture en There is graffiti in the ruins of the feed and the event-info-capital is emigrating. Currently Facebook has a tight grip on the cultural scene with its events-calendar and with Instagram as a spectacular image feed. <br> But an opposition is rising. Graffiti and net-art are merging with hacking. Activists are using facebook graffiti, through circulating UTF-8 textbombs that cross the layout of the feed.<br> The Berlin network Reclaim Club Culture meanwhile is calling for a Facebook Exodus. They want to motivate the club and cultural scene to support free alternatives, by moving their biggest information capital, which are the event announcements. false el Rosa Rave https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11234.html 2019-12-29T22:50:00+01:00 22:50 00:40 Eliza 36c3-11234-speaking_fiction_to_power Strategies and tactics to ‘hack’ public spaces and social conventions Art & Culture lecture en Louise Ashcroft will talk through strategies and tactics she uses to ‘hack’ public spaces and social conventions in order to suggest new ways of living which challenge rules and hierarchies. Louise Ashcroft is a performance artist and filmmaker whose playfully disruptive fieldwork in public spaces like shopping centres, trade fairs and the street) seek to challenge the socio-economic status-quo and reveal the absurdity of the power systems that govern how we live. For example, mailing boxes of soil from former public land to its new overseas owners, leading 'backwards shopping' workshops, smuggling strange products into supermarkets and attempting to buy them, or running conceptual cleaning services for people's hopes and dreams. Such public interventions are humorously retold in the form of stage performances. Louise has exhibited widely including at Arebyte Gallery, BQ Berlin, Latitude Festival, Supernormal Festival, Wellcome Collection, Museum of London and on BBC radio; residencies include Tate Learning, Camden Arts Centre, and Z.U.T Lisbon. Louise cofounded the free art school AltMFA and teaches art at Goldsmiths College. She hates capitalism but loves sneakers. false Louise Ashcroft louiseashcroft.org Speaking Fiction to Power - Talk slides (for looking at only, copyright Louise Ashcroft) 2019-12-29T11:00:00+01:00 11:00 00:50 Chaos-West Bühne Q7LV9G https://fahrplan.chaos-west.de/36c3/talk/Q7LV9G/ All about computers Doppelter Slot de Die Datenverarbeitung auf Basis von Einwilligungen macht uns zu Klickrobotern und gibt uns gegenüber übermächtigen Anbietern keine wirklich freie Wahl. Wir zeigen eine Alternative auf, mit der wir unser Grundrecht auf informationelle Selbstbestimmung gegenüber den Großkonzernen wieder durchsetzen könnten. Ausgehend von den Nachteilen der meistens alternativlosen Einwilligung, die Facebook, Google und Co. für die Nutzung ihrer Services verlangen, wird das Modell von Datengewerkschaften erläutert, ein Zusammenschluss von datenerzeugenden Einzelpersonen. Die Bündelung der Interessen vieler Betroffener zur Schaffung einer ernstzunehmenden Verhandlungsposition und die damit verbundene Ermöglichung von differenzierten und wirklich freiwilligen Einwilligungen könnten zu einer besseren Balance der Interessen führen, ohne die einzelnen Betroffenen dabei zu bevormunden. Eine erste Datengewerkschaft wurde bereits 2018 in den Niederlanden gegründet, deren erklärtes Ziel es ist, direkt mit den Anbietern zu verhandeln, um den Erzeuger*innen der Daten auch einen fairen Anteil an den Gewinnen zu verschaffen. false Andreas Diehl Jörn Erbguth Katrin /media/36c3/images/S9XFSM/digitalcourage_vds_banner.jpg 2019-12-29T12:00:00+01:00 12:00 00:50 Chaos-West Bühne S9XFSM https://fahrplan.chaos-west.de/36c3/talk/S9XFSM/ Nicht Computers Doppelter Slot de Untertitel: Wie Europol und die Innenminister der EU-Länder Massenüberwachung legalisieren wollen und was dagegen zu tun ist. –– Zusammenfassung: Trotz klarer Gerichtsurteile gegen anlasslose Massenüberwachung wird in Arbeitsgruppen, Ausschüssen und Spezialgerichten an neuen Rechtsgrundlagen für eine EU-weite Vorratsdatenspeicherung gearbeitet. Es geht um Hintertüren in der ePrivacy-Verordnung, einen Fahrplan von EU-Rat und EU-Kommission, ein Überwachungskonzept von Europol und Versuche, den EU-Gerichtshof zu einer Revidierung vorheriger, grundrechtefreundlicher Urteile zu bewegen, während zur selben Zeit in Deutschland die CDU den Terror-Angriff von Halle/Saale instrumentalisiert. –– Ausführliche Beschreibung: In diesem Vortrag möchte ich erklären, wie sogenannte Sicherheitspolitiker auf drei Ebenen an mehreren neuen Rechtsgrundlagen für die massenhafte und anlasslose Überwachung unserer Kommunikations- und Aktivitätsdaten arbeiten. In diesem Zusammenhang möchte ich die Reaktion der deutschen CDU auf den Terror-Angriff in Halle/Saale im Oktober diesen Jahres als geschichtsvergessen kritisieren. Zum Referenten: Mein Name ist Friedemann Ebelt, ich arbeite seit fünf Jahren bei der deutschen Grundrechteorganisation Digitalcourage, die im Jahr 2006 eine Verfassungsbeschwerde gegen das deutsche Gesetz zur Vorratsdatenspeicherung eingereicht hat. Die Klage ist mit anderen Beschwerden anhängig beim Bundesverfassungsgericht, dessen Urteil eine EU-weite Signalwirkung haben wird. Digitalcourage beobachtet die aktuellen Überwachungsbestrebungen unter anderem mit Hilfe von Anfragen auf Grundlage des Informationsfreiheitsgesetzes, die wir auf fragdenstaat.de stellen. Was uns die Dokumente zeigen, ist aus unserer Sicht eine Kampagne für Vorratsdatenspeicherung, die auf drei Ebenen stattfindet: (1) Im geplanten EU-Gesetz zur ePrivacy-Verordnung wird über eine riesige Hintertür für eine private Vorratsdatenspeicherung verhandelt. Das ist absurd, denn das Ziel dieser Verordnung ist der Schutz sensibler Kommunikationsdaten. (Siehe Artikel 6 des Entwurfs einer ePrivacy-Verordnung) → Mehr dazu: https://digitalcourage.de/blog/2019/eprivacy-private-vorratsdatenspeicherung-durch-hintertuer (2) EU-Rat und EU-Kommission haben einen Fahrplan für eine neue EU-weite Vorratsdatenspeicherung beschlossen. Die Hauptgefahr aus unserer Sicht ist, dass ausschließlich Vorschläge für anlasslose Massenüberwachung diskutiert werden, wie die Überwachungs-Matrix aus dem Europol Data Retention Matrix Workshops. In einer 45-seitigen Tabelle breitet Europol aus, welche Daten sie für relevant für eine neue, EU-weite Vorratsdatenspeicherung halten. Von Standortdaten über IP-Adressen bis hin zu Verbindungsdaten sind nahezu sämtliche Informationen aufgeführt, die Provider demnach längerfristig speichern müssten. Diskutiert wird aber auch über die Speicherung der Länge von Antennen und über Klingeltöne. Es gibt keine Vorschläge für verhältnismäßige Optionen wie Quick Freeze, Sonderermittlungsdezernate oder ähnliches. → Mehr dazu: https://digitalcourage.de/blog/2019/eu-vorratsdatenspeicherung-diese-daten-sollen-gespeichert-werden https://digitalcourage.de/blog/2019/beschraenkte-vorratsdatenspeicherung (3) Mehrere EU-Mitgliedsstaaten verlangen vom EU-Gerichtshof eine Revidierung vorheriger, grundrechtefreundlicher Urteile. Anstatt die grundrechlichen Grenzen für Massenüberwachung zu akzeptieren, greifen die Regierungen der EU-Länder diese Grenzen an. → Mehr dazu: https://digitalcourage.de/blog/2019/achtung-vorratsdatenspeicherung-es-wird-ernst In Verbindung mit der geplanten E-Evidence-Verordnung, massiv verschärften Polizeigesetzen und dem derzeitigen Wettbewerb zur Einschränkung von Grundrechten, den sich die Regierungen der EU-Länder aktuell liefern, sind die Pläne für eine flächendeckende Vorratsdatenspeicherung als toxisch für Rechtsstaat und Demokratie zu bewerten. Bezeichnend für eine grundrechtevergessene Politik sind die jüngsten Ereignisse in Deutschland: Überwachung über Ethik: CDU in Deutschland nutzt den Terror von Halle/Saale Nur einen Tag nach dem Terror-Angriff in Halle/Saale im Oktober diesen Jahres sagte CDU-Innenpolitiker Mathias Middelberg im Deutschlandfunk, dass gegen rechte Hetze im Internet und im Bildungssystem vorgegangen werden müsse. Konkret handeln er und seine Partei jedoch in eine ganz andere Richtung: Sie nutzen den rechten Terror, um Massenüberwachung voranzubringen. Zentral ist dabei die Vorratsdatenspeicherung. Geplant ist aber auch, den in die NSU-Morde verstrickten sogenannten Verfassungsschutzes mit mehr Befugnisse auszustatten sowie der Einsatz von Staatstrojanern, die für den Einsatz von Staatstrojanern benötigt werden. → Mehr dazu: Hallo CDU: Vorratsdatenspeicherung und Verfassungsschutz sind nicht die Lösung https://digitalcourage.de/Blog/2019/hallo-cdu-vorratsdatenspeicherung-und-verfassungsschutz-sind-nicht-die-loesung Mit unserer Kritik an dieser Politik, wenden wir uns an deutsche Parlamentarier und argumentieren: Eine anlasslose Vorratsdatenspeicherung erfasst alles – auch, wer wann in eine Synagoge, eine Moschee, in eine Kirche, in ein Gewerkschaftshaus oder auf eine Demonstration geht. Wir dürfen nicht vergessen, was schon einmal bitter gelernt wurde: Datensammlungen können tödlich sein. Eine Lehre aus den Verbrechen des deutschen Nationalsozialismus ist, dass die Bevölkerung vor Übergriffen des Staates geschützt werden muss. Aus diesem Grund darf es in Deutschland keinen zentralen Katalog geben, in dem erfasst ist, wer welcher Religion angehört. Das selbe gilt für Parteimitgliedschaften oder die sexuelle Orientierung. Folglich darf es in Rechtsstaaten keine Vorratsdatenspeicherungen von Kommunikationsdaten geben. Die 1933 gewählte nationalsozialistische Regierung hat auf Vorrat gesammelte Daten genutzt, um gezielt Menschen zu verfolgen, zu inhaftieren und zu töten. Die technisch-organisatorische Grundlage für die systematische Vernichtung von Juden war eine umfangreiche Datenverarbeitung von Informationen, die kein Staat über die Bürgerinnen und Bürger erfassen darf. Die Gefahr von Massenüberwachung lässt sich nicht beschränken Einschränkungen für den Zugriff auf Vorratsdaten, wie Richtervorbehalte oder minimal beschränkende Vorgaben für Maximal- und Mindestspeicherfristen können die Bevölkerung langfristig vor den Gefahren dieser Massenüberwachung nicht schützen. Denn Überwachungsgesetze werden stets verschärft, aber so gut wie nie zurückgefahren. Eine Partei, die diese Daten nutzen will, wird die Schutzschranken einreißen. Gibt es auch gute Nachrichten? Dank der existierenden Transparenzgesetze, engagierter Parlamentarier.innen und Aktivist.innen ist die aktuelle Kampagne für Massenüberwachung durchschaubar, ebenso die Ausnutzung von Terror-Angriffen. Unserer Auffassung nach, muss sie als Sicherheitstheater enttarnt werden, denn das Ziel ist Überwachung und nicht Sicherheit. Belegt ist diese Interpretation bereits dadurch, dass grundrechtsfreundliche Optionen für die Verbesserung von Ermittlungs- und Aufklärungsarbeit weder geprüft noch diskutiert werden. Eine Rechtgrundlage für ein Quick-Freeze-Verfahren könnte längst existieren und bei der Kriminalitätsbekämpfung helfen, wird aber von Politiker.innen, denen es um Überwachung geht, blockiert. Was ist zu tun? Ich hoffe, an dieser Stelle aktuelle Beispiele aus unseren kommenden Aktionen präsentieren zu können. Aus unserer Sicht, kann viel gegen Überwachungspolitik getan werden: (1) Sicherheitstheater bei jeder Gelegenheit entlarven → mehr dazu unter: „So können Sie auf Sicherheitstheater reagieren“ https://digitalcourage.de/sicherheitstheater (2) Immer wieder gegen Vorratsdatenspeicherungen argumentieren, beispielseise: im Netz, in der eigenen Partei, Politiker.innen freundlich und sachlich kontaktieren. (3) Juristische Arbeit gegen Vorratsdatenspeicherung unterstützen. false Friedemann /media/36c3/images/JUK87C/image.gif 2019-12-29T13:00:00+01:00 13:00 00:20 Chaos-West Bühne JUK87C https://fahrplan.chaos-west.de/36c3/talk/JUK87C/ All about computers Einfacher Slot de Viele Kinder lieben „Minecraft“ – sie sind oft richtige Experten in der Welt von Alex und Steve! Diese Begeisterung kann man nutzen, um Neues zu lernen! Das geht nämlich dann am besten, wenn man gar nicht merkt, dass man was lernt, sondern einfach nur etwas Tolles baut und dabei Spaß hat! Inspiriert von dem Talk "Programmieren in Minecraft" auf der GPN 2019 habe ich mit dieses Jahr mit über 40 Kindern Workshops durchgeführt, in dem man die Grundkenntnisse des Programmierens in der bunten Klötzchen-Welt von Alex und Steve lernen kann. In meinen Talk möchte ich von Erfahrungen aus diesen Kursen berichten, wie man solche Kurse am besten aufbaut und strukturiert, was gut funktioniert, wie man Aufgaben spielerisch gestalten kann und das ganze auch technisch einfach im Griff haben kann. false Gregor Walter 2019-12-29T13:30:00+01:00 13:30 00:20 Chaos-West Bühne M8WDGC https://fahrplan.chaos-west.de/36c3/talk/M8WDGC/ Klimakatastrophe Einfacher Slot de Description: Heizung von Häusern ist für etwa ein Drittel der Treibhausgasemissionen Deutschlands verantwortlich. Dabei gibt es bessere Möglichkeiten als einfach irgendeinen Brennstoff anzuzünden. Dieses Problem muss und kann gelöst werden. Der Vortrag beschreibt Möglichkeiten, komfortabel zu bewohnende Häuser fast ohne Heizung zu bauen. In diesem Vortrag werden nur neu zu bauende Gebäude betrachtet. Die gezeigten Methoden sind für Wohn- und Nichtwohngebäude aller Größen verwendbar. Es geht um folgende Details: * Wärmeverluste: Wo geht die Wärme raus? Wo müssen wir also ran? * Zuerst isolieren: Wände, Fenster, Dach, Boden * Dann Wärme zurückgewinnen: Maschinelle Lüftung mit Wärmerückgewinnung * Vorhandene Wärme nutzen: Solare und innere Gewinne * Restwärmebedarf und Warmwasser erzeugen * Wie lebt es sich darin? Thermoskannengefühl oder komfortabel?, Langzeiterfahrungen * Standards: KfW-Effizienzhaus, Passivhaus, Efffizienzhaus-Plus * "Free Money": Heizkosten, Mehrkosten und Zuschüsse beim Bau in Deutschland * Warum nicht einfach erneuerbare Energie für die Wärmeerzeugung nehmen? false Gunnar Thöle 2019-12-29T14:00:00+01:00 14:00 00:50 Chaos-West Bühne LF3YYH https://fahrplan.chaos-west.de/36c3/talk/LF3YYH/ The real basic about Bits and Nibbles Doppelter Slot en Do you want to promote Free Software in public administrations? Then the campaign framework of "Public Money? Public Code!" might be the right choice for you; no matter if you want to do it as an individual or as a group; no matter if you have a small or large time budget. More than 170 organisations, and more than 26,000 individuals demand that publicly financed software should be made publicly available under Free Software licenses. Together we contacted politicians and civil servants on all levels -- from the European Union and national governments, to city mayors and the heads of public libraries about this demand. This did not just lead to important discussions about software freedom with decision makers, but also already to specific policy changes. In the talk, we will explain how the campaign framework including the website publiccode.eu, the videos, the open letter, the expert brochure,and example letters can be used to push for the adoption of Free Software friendly policies in your area; be it your public administration, your library, your university, your city, your region, or your country. false Bonnie Mehring Matthias Kirschner /media/36c3/images/PQALSP/circus_logo_transparent.png 2019-12-29T16:00:00+01:00 16:00 00:20 Chaos-West Bühne PQALSP https://fahrplan.chaos-west.de/36c3/talk/PQALSP/ All about computers Einfacher Slot en A situation loads of passionate CTF players will recognize: You are bored and looking up some CTF on ctftime. You finally find one and it's hosted on some fork of CTFd running on what feels like a raspberry pi 1. Notherless, you decide to play, but the first web challenge you look at has a conveniently placed php shell in the webroot. Yay! one shared web service!. After we had the same issue with multiple platforms, we decided that this had to change. The main problems we noticed were that all players compete on one service or receive a static challenge and that the platforms don't always scale well. We solved this in a new project: CIRCUS. This is the story of what can break when unleashing a lot of people on a service allowing them to spawn containers on demand and what can be done to counteract those problems. false hanemile 2019-12-29T16:30:00+01:00 16:30 00:20 Chaos-West Bühne WYZGGQ https://fahrplan.chaos-west.de/36c3/talk/WYZGGQ/ All about computers Einfacher Slot en In this talk I will outline my journey implementing my X11 window manager `hikari` and the corresponding Wayland compositor shortly after. `hikari` is a stacking window manager/compositor with some tiling capabilities. It is still more or less work in progress and currently targets FreeBSD only but will be ported to Linux and other operating systems supporting Wayland once it has reached some degree of stability and feature completeness. This talk covers: * a brief explanation regarding differences between X and Wayland * some of `hikari`'s design goals and motivation * choice of programming language * an overview of libraries that were used * tools for ensuring code quality and robustness * obstacles * resources that helped me to implement the whole thing false raichoo 2019-12-29T17:00:00+01:00 17:00 00:50 Chaos-West Bühne R33ZSA https://fahrplan.chaos-west.de/36c3/talk/R33ZSA/ Nicht Computers Doppelter Slot de Sexualisierte Gewalt ist Alltag in Deutschland. Leider. „Laut einer deutschlandweiten Repräsentativstudie erlebt jede 7. Frau in Deutschland im Lauf ihres Lebens strafrechtlich relevante sexualisierte Gewalt. 60% aller Frauen in Deutschland haben sexuelle Belästigung erlebt." schreibt der Bundesverbands Frauenberatungsstellen und Frauennotrufe. " Jährlich werden der Polizei 11.000 Fälle sexuellen Missbrauchs von Kindern bekannt. Die Dunkelziffer im Bereich sexualisierter Gewalt ist hoch.“ (https://www.frauen-gegen-gewalt.de/de/was-ist-das-187.html) Sexualisierte Gewalt geht in den seltensten Fällen von Fremden aus, meist wird sie durch Personen aus dem Bekannten- und Familienkreis ausgeübt. Viel zu kurz kommt hingegen die Auseinandersetzung mit dieser Thematik, mit den Folgen für Betroffene, Möglichkeiten der Prävention und der Unterstützung von Betroffenen. Auf gesellschaftlicher Ebene, aber auch in Communities. Das Ausmaß sexualisierter Gewalt ist seit Jahrzehnten unverändert. Sexualisierte Gewalt ist nach wie vor ein Tabuthema - und das macht es so schwierig, etwas zu verändern. Es ist wichtig, das Schweigen zu durchbrechen und Betroffenen* Angebote zur Unterstützung zu machen. Hier stehen wir alle in der Verantwortung, auch in der Chaos-Community. Indem wir eine Atmosphäre schaffen, in der über Erfahrungen mit sexualisierter Gewalt geredet werden kann, können wir Betroffene in der Bearbeitung unterstützenund insgesamt zur Sensibilisierung beitragen. Gruppen zur Unterstützung Betroffener und Awarenessgruppen sind eine Möglichkeit, um Betroffene von sexualisierter Gewalt zu stärken und ein Bewusstsein für Veränderung zu schaffen. Professionelle Organisationen klären auf, beraten und begleiten Betroffene. Hacken ist nicht ausschließlich eine technische, sondern auch eine politische und soziale Aktion und ebenso eine interaktive Handlung. Lasst uns die Tabuisierung des Themas sexualisierte Gewalt hacken und zusammen daran arbeiten, unsere Community zu einem besseren Ort zu machen. false Ann 2019-12-29T18:00:00+01:00 18:00 00:50 Chaos-West Bühne AFYZ3V https://fahrplan.chaos-west.de/36c3/talk/AFYZ3V/ The real basic about Bits and Nibbles Doppelter Slot de 2019 ist das Jahr des Linux auf dem Desktop! Ich zeichne gerne Architekturdiagramme auf Whiteboards während dem [Pythonfoo](https://wiki.chaosdorf.de/Pythonfoo) im [Chaosdorf](https://chaosdorf.de). Weil daran anscheinend allgemeines Interesse besteht, habe ich in den letzten Monaten unregelmäßig die aktuellen Konzepte von modernen Desktop-Linux-Distributionen erklärt im Rahmen des [Freitagsfoo](https://wiki.chaosdorf.de/Freitagsfoo). Dies richtet sich hauptsächlich an Leute, die Linux oder irgendein BSD benutzen - ich habe von Windows oder macOS leider wenig Ahnung und werde in die Richtung daher wohl eher weniger Querverweise machen können. Ich hoffe, das ist trotzdem interessant - oder es dauert wenigstens nicht zu lange. Leute, die vollständige moderne Desktopumgebungen benutzen, erfahren wie das eigentlich hinter den Kulissen alles funktioniert. Leute mit Arch+i3 lernen, was ihnen fehlt bzw. wie sie das nachrüsten können. false ytvwld 2019-12-29T19:00:00+01:00 19:00 00:50 Chaos-West Bühne MAFMDL https://fahrplan.chaos-west.de/36c3/talk/MAFMDL/ Nicht Computers Doppelter Slot de Was passiert überhaupt, wo und warum eigentlich? Diese Frage habe ich mir im Frühsommer diesen Jahres gestellt und da Twitter sich zwar sehr gut zur schnellen Verbreitung von Nachrichten, aber nicht zur längeren Archivierung eignet, habe ich angefangen für mich Informationen zu sammeln. Daraus entstanden ist eine relativ große Sammlung an Fotos, Tweets, Vides/Livestreams und aufgeschriebenen Erfahrungen und Meinungen, von Menschen, die da waren oder noch sind zu vielen verschiedenen Themen. Was waren eigentlich die Auslöser der Proteste? Aus welchen gesellschaftlichen und politischen Gruppierungen speisen sich die Proteste? Wie lief die Mobilisierung? Was gab es für Probleme und wie wurde mit ihnen umgegangen? Dieser Vortrag wird ein, sehr grober und garantiert unvollständiger, Versuch eines Überblicks um Menschen den Einstieg in die Thematik zu erleichtern und ein kleiner Appell, sich in Zeiten in denen immer mehr Menschen nach rechts rücken und die Welt immer unfreier wird, sich auch mal mit Ereignissen zu beschäftigen, die einen vermeintlich nicht betreffen (Kleiner Spoiler: tun sie meißtens doch, weil die Errosion von Grund-, Menschen-, und Freiheitsrechten uns halt doch alle angehen auch, wenn es in knapp 9000 Kilometern Entfernung passiert.). false raketenlurch /media/36c3/images/83YJMS/Digitalcourage_Sicherheitstheater_-_Aufkleber_bahnsteigkarte.jpg 2019-12-29T20:00:00+01:00 20:00 00:50 Chaos-West Bühne 83YJMS https://fahrplan.chaos-west.de/36c3/talk/83YJMS/ Antifaschimus Doppelter Slot de Die Gleichsetzung von Sicherheit und Repression ist gefährlich. Erstens werden damit Grundrechtseinschnitte gerechtfertigt, die uns in Gefahr bringen. Zweitens unterbleiben wichtige Maßnahmen, die wirklich der Sicherheit dienen würden. Was in Politik und Wirtschaft als „Sicherheit“ verkauft wird, ist reines Puppentheater. Menschen wird Angst eingeredet, um diese Angst sodann mit Repression und Überwachung zu „beruhigen“. Sicherheit und Freiheit bedingen sich gegenseitig. Eine Politik, die Freiheit angreift und scheibchenweise verhökert, verdient nicht „Sicherheitspolitik“ genannt zu werden. Sie ist reines Theater und einer Demokratie nicht würdig. Schlimmer noch: Sie leistet einem autoritären Gedankengut Vorschub, das uns garantiert nicht sicher macht. Der Vortrag widmet sich einerseits der Erklärung, weshalb diese Gleichsetzung gefährlich ist: Überwachung hilft gar nicht, hat gefährliche Nebenwirkungen und zersetzt den größten Garanten für unsere Sicherheit, die Freiheit. Zum anderen geht es um die Frage, welche Maßnahmen wirklich sinnvoll wären. Das fängt bei einem echten Kampf gegen den Faschismus an, geht über unabhängige Kontrolle der Polizei, Klimaschutz, Verkehrspolitik und endet nicht erst in der Forderung nach einer besseren Regulierung von Antibiotika. Es ist wichtig, dass der Wunsch nach Sicherheit nicht weiter instrumentalisiert wird. Repression ist gefährlich und dient nun wirklich nicht der Sicherheit. Besonders wütend sollte uns das machen, wenn gleichzeitig lange nötige Maßnahmen, beispielsweise beim Kampf gegen Rechts oder gegen digitale Gewalt unterbleiben. Denn hier sind wir wirklich in Gefahr. Dieses ewige "aus Sicherheitsgründen" muss endlich ein Ende haben. Wir können mithelfen, indem wir uns einen Spaß machen und die Begründung genau so inflationär benutzen, wie die Politik. Einfache Begründungen können wir schließlich alle gebrauchen. Und wenn es um Sicherheit geht, wird ja wohl niemand diskutieren wollen. Wir üben das mal gemeinsam: Aus Sicherheitsgründen sollten sich alle diesen Vortrag ansehen. false Leena Simon /media/36c3/images/PGHLLG/kleinquer.png 2019-12-29T21:00:00+01:00 21:00 00:50 Chaos-West Bühne PGHLLG https://fahrplan.chaos-west.de/36c3/talk/PGHLLG/ Spiele sind wichtig für die Revolution! Doppelter Slot de **Anger Exchange Point — MIT ÄRGER-GARANTIE!** Wir halten, was wir versprechen! Haben Sie sich geärgert? Kein Klopapier mehr da? Zu viele Menschen? Versehentlich etwas dummes gesagt? Die Klimakatastrophe rollt unaufhaltsam auf uns zu und niemand tut etwas? Ärgerlich, oder? Aber es ist doch viel schöner, wenn sich jemand anderes ärgert! Am AEP in der Haecksen-Assembly gibt es die ÄRGER-GARANTIE! Wir garantieren: Über jeden Ärger wird sich einmal¹ geärgert! In dieser eigens für Sie konzipierten Veranstaltung lösen wir unser Versprechen an Sie ein: Die übriggebliebenen Ärger werden verlesen und professionell zerärgert. **Hier wird Ihr Ärger gewürdigt!** Für allen übriggebliebenen Ärger haben die Haecksen zwei international führende Ärgerinnen engagiert, um speziell auf Ihren Ärger einzugehen! Mit Zeit-Zurück-Garantie²! ***** ¹ Abweichungen innerhalb einer Größenordnung vorbehalten. ² investierte Zeit wird vom 01. bis zum 06.01.2020 auf dem Messegelände Leipzig zurückerstattet oder für die Verwendung des AEP vom 10. bis zum 13.04.2020 gutgeschrieben. false Piko /media/36c3/images/AK87QJ/MODcard.png 2019-12-29T22:00:00+01:00 22:00 01:50 Chaos-West Bühne AK87QJ https://fahrplan.chaos-west.de/36c3/talk/AK87QJ/ Spiele sind wichtig für die Revolution! Doppelter Slot de "Pervers aber Geil!" ================= So wurde damals am 35c3 die aller erste Dönerwaffel™ des C3WOC bezeichnet. Nun feiern wir ein Jahr Jubiläum. <!-- Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, --> "Pervers aber Geil!" ================= So wurde damals am 35c3 die aller erste Dönerwaffel™ des C3WOC bezeichnet. Nun feiern wir ein Jahr Jubiläum. > "Es schmeckt nach Garten. > Aber ansonsten ist es interessant! > Mein Gehirn kann sich nicht entscheiden was es gerade schmeckt... > Da ist Rum drin? > Es hat Potential!" Das ist eine Einschätzung zu der Dönerwaffel von Obelix! Zum Dönerwaffeljubiläum laden wir einige Gäste ein und arbeiten die Geschichte der Dönerwaffel auf. Selbstverständlich mit Selbstversuchen, realistischen Beispielen und Liveschaltung. <!-- Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, --> false Dampfkadse L3D 2019-12-30T00:00:00+01:00 00:00 04:00 Chaos-West Bühne XLFXYN https://fahrplan.chaos-west.de/36c3/talk/XLFXYN/ Klangteppich Klangteppich en true Chaos-West /media/36c3-oio/images/X9JPVH/ksp-assembly4-v1_tFGriwM.jpg 2019-12-29T12:45:00+01:00 12:45 00:00 OIO Stage X9JPVH https://talks.oio.social/36c3-oio/talk/X9JPVH/ Science Talk 45 minutes + 10 minutes Q&A de Kerbal Space Program - Build. Fly. Dream. Einmal ein eigenes Raumfahrtprogramm leiten? Mit KSP ist das möglich. false Kilian Schauer Luca Horn /media/36c3-oio/images/SHDVXB/t1-engine_pvMnznO.jpg 2019-12-29T13:50:00+01:00 13:50 00:45 OIO Stage SHDVXB https://talks.oio.social/36c3-oio/talk/SHDVXB/ Hardware & Making Talk 20 minutes + 5 minutes Q&A de Wie kommt man eigentlich in den Weltraum und was ist an so ein bisschen Schub so kompliziert *? Warum sehen Raumfahrtantriebe so aus wie sie sind und was wird sich mit "New Space" alles ändern? (*)insert rocket science joke here Preview 1. Wie erzeugt man Schub? - Was ist eine Raketenmotor -triebwerk? - Warum fliegen Flaschenraketen mit Wasser höher? 2. Feststoffraketen - Feuerwerk, Modellbau oder Shuttle Booster - Brennprofile 3. Flüssigraketen - Goddards erste Versuche - Komplex, teuer, fehleranfällig und warum wir trotzdem Flüssigtreibstoffe nutzen 3.1. Brennkammer - Aufbau und Eigenschaften 3.2. Turbopumpen - Wie kommt der Treibstoff und Oxidator in die Brennkammer 3.3. Düsen - warum überhaupt Düsen und warum sehen sie so aus wie sie sind - Aerospike 3.4. Treibstoffe - Ein wenig Chemie. Mono-, Bi- und Tritreibstoff 3.5. 5,4 all engines running,2,1,0 lift off - Wie man eine Rakete startet Soyuz, Titan II, Delta 4 und das Space-Shuttle 4. Hybridraketen - Die Komplexität einer Flüssigrakete mit den Nachteilen einer Feststoffrakete 5. Ionenantrieb - Wenig Schub aber hoher Impuls - Aufbau und Eigenschaften 6. Solar Sail - Ein Segel spannen und mit dem Sonnenwind dahingleiten 7. Nuklearantriebe - Ein fliegender Kernreaktor, was kann da schon schief gehen? - in 200 Tagen zum Mars und zurück false Äpex /media/36c3-oio/images/V7HNKR/Screenshot_from_2019-12-18_17-29-47_qVAm402.png 2019-12-29T14:45:00+01:00 14:45 00:25 OIO Stage V7HNKR https://talks.oio.social/36c3-oio/talk/V7HNKR/ Resilience & Sustainability Talk 20 minutes + 5 minutes Q&A en Compared to software, the open source approach is relatively new to most actors in the field of (mechanical) hardware. Plus Open Source Hardware faces some special issues. A yet missing definition of its "source code" is one of them (+ patent law, liability, engineers that do not know how to work with git, costly prototyping…). DIN SPEC 3105 will be/is the first official standard for Open Source Hardware and also the first official standard ever published under a free license (CC-BY-SA 4.0; that was a lot of lobby work ;) ). It defines the technology-specific "source" of Open Source Hardware and aims to build a bridge between research institutes, public authority, industry and the worldwide open source community. In this talk I won't explain why Open Source (Hardware) is great. I assume, you all know that (if not, still feel free to ask me in the Q&A part or after the talk). I'll describe what's the standard for, how it works and why its great _for_ Open Source Hardware. false Martin Häuer 2019-12-29T16:10:00+01:00 16:10 00:55 OIO Stage VPUTHL https://talks.oio.social/36c3-oio/talk/VPUTHL/ Ethics, Society & Politics Talk 45 minutes + 10 minutes Q&A de Frank Dörner von Ärzte ohne Grenzen und Sebastian Jünemann von CADUS diskutieren die jüngsten Angriffe auf humanitäre Prinzipien in verschiedenen Kontexten, wie beispielsweise während der medizinischen Nothilfe in Nordost-Syrien. Eigentlich sollte es klar sein: Menschen die medizinische Hilfe benötigen sollen sie auch bekommen, Punkt. Doch in Medienkommentaren wird der humanitären Hilfsorganisation CADUS, die ein Feldkrankenhaus im Camp Al Hol in Nordost-Syrien betreibt, längst nicht nur Respekt ausgesprochen. Manche Kommentator*innen schlagen vor, humanitäre Prinzipien auszusetzen sobald es sich bei den Hilfesuchenden um mutmaßliche Angehörige des sogenannten Islamischen Staates (IS) handelt. Schließlich, so die Argumentation, missachte diese Organisation systematisch eben solche Prinzipien. In vielen Konflikten werden humanitäre Grundsätze heute zunehmend missachtet. Helfende werden zu Feinden erklärt und damit legitime Ziele für jedwede Aggression. Krankenhäuser und Ambulanzen können gezielt angegriffen werden, ohne dass es Konsequenzen hat. Afghanistan, Syrien, Yemen – die Liste ist lang. Und aus der jüngsten Geschichte der Seenotrettung wissen wir: auch von staatlichen Stellen werden immer wieder humanitäre Grundsätze mit Füßen getreten. Frank Dörner von Ärzte ohne Grenzen und Sebastian Jünemann von CADUS geben einen Einblick was es bedeutet, in gesellschaftlich und politisch stark umstrittenen Kontexten Hilfe zu leisten, in denen humanitäre Prinzipien immer wieder aus verschiedensten Richtungen angegriffen werden. false Sebastian Jünemann Frank Dörner 2019-12-29T17:10:00+01:00 17:10 00:25 OIO Stage UYCLAE https://talks.oio.social/36c3-oio/talk/UYCLAE/ Hardware & Making Talk 20 minutes + 5 minutes Q&A en About hacking wheelchairs, building custom bicycles, adapters to use e-scooters as outboard motors: Empowering people with disablitities or healthcare needs through Open Hardware. Presentation on experiences and lessons learned in collecting and co-creating open personalized DIY healthcare solutions for replicability and adaptability in Makerspace worldwide. Careables are open source solutions that aim to improve the quality of life for people with unmet particular needs or facing physical limitations. Careables are often co-designed, replicable, accessible, adjustable and shareable online using digital technologies. false Sandra GIG 2019-12-29T17:40:00+01:00 17:40 00:45 OIO Stage WSLWVM https://talks.oio.social/36c3-oio/talk/WSLWVM/ Resilience & Sustainability Talk 45 minutes + 10 minutes Q&A en Delta Chat is an e-mail instant messenger that is just becoming available on all platforms. Unlike other offerings, Delta Chat is no platform and operates no own servers. Instead it uses existing SMTP/IMAP servers to send and receive messages. We'll talk about the current development status on all platforms, our new Rust-core based approach, our decentralized e2e-encryption facilities (not requiring keyservers, and safe against active attacks) and how we are generally driving developments from UX and security perspectives. We also aim to showcase "burner accounts", a new concept that we are developing and discussing with activists in eastern european countries and asian cities. false Holger Krekel /media/36c3-oio/images/CJFWMY/PleskPahil_portrait_400x400_mVnE9V5.jpg 2019-12-29T18:30:00+01:00 18:30 00:25 OIO Stage CJFWMY https://talks.oio.social/36c3-oio/talk/CJFWMY/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A de Freifunk steht für freie Kommunikation in digitalen Datennetzen. Reicht dieser Slogan aus, um die Communities wachsen und die Marke Freifunk bei den Menschen in unserem Land bekannt zu machen? Was können wir tun, um nicht bald die letzten Freifunker zu sein und insbesondere eine engagierte junge Generation anzusprechen, die Informationen ganz anders filtert und verarbeitet als GenX oder Baby Boomers? In diesem interaktiven Talk mit einer Marketingexpertin aus der IT Branche, geht es um die Identität von Freifunk und warum 8 Sekunden entscheidend sind. Freie Kommunikation in digitalen Datennetzen - ein wichtiges Gut, für das Freifunk steht. Aber wie steht es um die Marke Freifunk in Städten, Gemeinden, Kommunen und der Bevölkerung? Gibt es Nachwuchssorgen in den Communities und könnten wir nicht schon viel weiter sein mit unserem 'Netzausbau'? In diesem Talk möchte ich mit Euch gemeinsam einen kritischen Blick auf Freifunk von der Marketingseite her werfen und Ideen entwickeln, wie wir viele Menschen einladen können mitzumachen sodass Freifunk zu einem wichtigen Bestandteil ihres digitalen Lebens wird. Je mehr aktive Mitglieder unsere communities haben, desto eher können wir das umsetzen, worüber Politik und etablierte Wirtschaft primär nur reden: Digitalisierung und digitale Transformation vorantreiben - in Stadt und Land. false Glitzi 2019-12-29T19:00:00+01:00 19:00 00:45 OIO Stage MPCRC8 https://talks.oio.social/36c3-oio/talk/MPCRC8/ Ethics, Society & Politics Talk 45 minutes + 10 minutes Q&A de Seit Jahren kämpfen wir um die Haftungsprivilegierung für Freifunker. Als Zugangsvermittler in das Internet hat der Gesetzgeber den Freifunker als Diensteanbieter von Ansprüchen Dritter freigestellt. Nach dem Gesetz ist der Freifunker für die Handlungen Dritter im Internet nicht verantwortlich. Wie die Rechtssprechung die gesetzliche Regelung anwendet, möchte ich Euch in meinem Vortrag berichten. Ich würde gerne den Vortrag in meinen Bericht über die einzelnen Freifunk-Verfahren gegen die Rechteinhaber einbetten. Ich weiß noch nicht recht, wie ich den Zusammenhang gestalte. Mit wem könnte ich darüber sprechen? false Beata Hubrig /media/36c3-oio/images/3L7Q7W/Bildschirmfoto_2019-12-26_um_00.19.18_K5ls0Qg.png 2019-12-29T21:20:00+01:00 21:20 00:25 OIO Stage 3L7Q7W https://talks.oio.social/36c3-oio/talk/3L7Q7W/ Hardware & Making Talk 20 minutes + 5 minutes Q&A de Ein Würfel der einem Jahre seines Lebens kostet... und hübsch leuchtet... :D Ein Würfel der auf allen Seiten mit LEDs bestückt ist. Mit insgesamt 24.576 davon lassen sich nicht nur coole Animationen anzeigen sondern auch Laufschriften, Grafiken und vieles mehr. Zudem kann man auf dem Würfel Spiele spielen oder Programmieren lernen und seiner Kreativität freien Lauf lassen. Wie entstand die Idee, was steckt alles drin, was könnt ihr damit machen, wo soll's hin gehen, wie könnt ihr mitmachen,... klären wir alles dann. :) false Hannes Vatter 2019-12-29T22:00:00+01:00 22:00 00:55 OIO Stage 7WUGHV https://talks.oio.social/36c3-oio/talk/7WUGHV/ Ethics, Society & Politics Talk 45 minutes + 10 minutes Q&A de Machbarkeit im Making wird vornehmlich von physikalischen Gesetzen bestimmt. Doch wie sieht es mit ethischen Grenzen aus? Vor allem im Gesundheitsbereich stellt sich die Frage, ob alles das was reverse engineered und selbst gebaut werden kann tatsächlich auch von der maker community diesem Prozess unterzogen werden sollte. Über diese Frage diskutieren Steini und Seb (CADUS). „Tut mir leid, alle von offiziellen Stellen geprüften und zertifizierten Medizingeräte sind kaputt, aber wir überwachen Sie während der OP einfach mit diesem selbst zusammengebauten open source Patienten-Monitor, kein Problem.“ Machbarkeit im Making wird vornehmlich von physikalischen Gesetzen bestimmt. Doch wie sieht es mit ethischen Grenzen aus? Vor allem im Gesundheitsbereich stellt sich die Frage, ob alles das was reverse engineered und selbst gebaut werden kann tatsächlich auch von der maker community diesem Prozess unterzogen werden sollte. Über diese Frage diskutieren Steini und Seb (CADUS). false Sebastian Jünemann Steini /media/36c3-oio/images/BE9QSA/photo_2019-12-22_16-02-21_AxFKkbZ.jpg 2019-12-29T23:00:00+01:00 23:00 01:00 OIO Stage BE9QSA https://talks.oio.social/36c3-oio/talk/BE9QSA/ Entertainment Talk 45 minutes + 10 minutes Q&A de Crackhouse , die RadioKochShow auf FSK83.0 in Hamburg mit Fabse und Felix. 60 Minuten pure Leidenschaft fürs Kochen. Geht mit unser Einkaufsliste los, ladet euch Freunde ein und kocht gemeinsam mit uns. Hoffentlich ihr seid bereit euch der Herausforderung einer neuen Kocherfahrung zu stellen, für die unter Euch die Alkoholtrinken empfehlen wir einen Riesling..., wir hätten uns sehr über unsere hochprominente Gästin Christine Ebeling, Kulturschafferin, Kuratorin und Künstlerin gefreut, die leider nicht kommen kann :-( stattdessen wird es einen Gast geben, der uns alle überaschen wird! Das sollte ihr einkaufen wenn ihr Zuhause sitzt und mit uns Kochen wollt: alle vegetarischen Zutaten der Einkaufsliste lassen sich selbstverständlich durch vegane Alternativen ersetzen! 400 g Mehl (wichtig 550er mehl) info siehe unten 250 ml Warmes Wasser 1 Eßlöffel Salz 4 El Öl 250 g Ziegenfrischkäserolle 200g würzigen Bergkäse 3-4 zweige frischen Rosmarin 400g Creme Fraiche oder Schmand oder halb und halb 4-6 Esslöffel flüssigen Honig 4-6 rote Zwiebeln je nach Größe 1 Bund Frühlingszwiebeln ( kommen nach dem backen frisch drüber) von Rita Rosenzweig wird es auch endlich die Auflösung Ihrer Abwesenheit geben und über die sozialen Medien ein veganes SauerRahm-Rezept, wer soziale Medien verweigert kann uns gerne eine Mail schreiben (kochradio@gmx.de) und wir senden Euch das Rezept von Rita Rosenzweig :-) Jeden 2. Sonntag im Monat (am 12.Januar2020) von 19Uhr - 20Uhr auf FSK Radio 93,0 MHz im Kabel 101,4 MHz. oder im Livestream unter www.Fsk-hh.org/livestream. Facebook: https://www.facebook.com/Crackhaus/ Insta: https://www.instagram.com/crackhouse_kochradio/ false Felix & Fabse 2019-12-29T11:00:00+01:00 11:00 01:00 DLF- und Podcast-Bühne A7LAEE https://fahrplan.das-sendezentrum.de/36c3/talk/A7LAEE/ DLF- und Podcast-Bühne Normale Länge en Immer donnerstags um 12 Uhr diskutieren wir in der #heiseshow mit Gästen über aktuelle Ereignisse aus der Hightech-Welt und der Netzpolitik und sind diesmal auf dem 36c3 dabei. Nicht nur das Jahr, auch ein ganzes Jahrzehnt neigt sich dem Ende zu. Die heiseshow auf dem 36C3 nehmen wir zum Anlass, Rück- genauso wie Vorschau zu halten auf verloren geglaubte Netzutopien zwischen Überwachungsstaat, digitaler Kriminalität, Freiheitshoffnungen und gesellschaftlichem Wandel. false Jürgen Kuri Martin Holland 2019-12-29T12:00:00+01:00 12:00 00:30 DLF- und Podcast-Bühne 3YHU8N https://fahrplan.das-sendezentrum.de/36c3/talk/3YHU8N/ DLF- und Podcast-Bühne Normale Länge de DLF CuK Podcast 36C3-Special DLF CuK Podcast 36C3-Special true DLF-Team 2019-12-29T13:55:00+01:00 13:55 00:30 DLF- und Podcast-Bühne YSF3FH https://fahrplan.das-sendezentrum.de/36c3/talk/YSF3FH/ DLF- und Podcast-Bühne Normale Länge de DLF-Podcast: Computer und Kommunikation DLF-Podcast: Computer und Kommunikation false DLF-Team 2019-12-29T16:00:00+01:00 16:00 00:30 DLF- und Podcast-Bühne FKLHGV https://fahrplan.das-sendezentrum.de/36c3/talk/FKLHGV/ DLF- und Podcast-Bühne Normale Länge de DLF-Podcast: Computer und Kommunikation DLF-Podcast: Computer und Kommunikation true DLF-Team 2019-12-29T17:05:00+01:00 17:05 00:25 DLF- und Podcast-Bühne GDURB9 https://fahrplan.das-sendezentrum.de/36c3/talk/GDURB9/ DLF- und Podcast-Bühne Normale Länge de Bericht vom 36c3 Wir berichten in der Sendung "Studio 9" vom 36c3 true DLF-Team 2019-12-29T18:00:00+01:00 18:00 01:00 DLF- und Podcast-Bühne Z9XU93 https://fahrplan.das-sendezentrum.de/36c3/talk/Z9XU93/ DLF- und Podcast-Bühne Normale Länge de Frage-Antwort-Runde mit einem Insider Wegen des großen Interesses an der self-organized-session am ersten Tag wird die Frage-Antwort-Runde auf der Bühne des Sendezentrums wiederholt. true Mozilla /media/36c3/images/YNP9VN/gbni_logo.jpg 2019-12-29T19:15:00+01:00 19:15 01:00 DLF- und Podcast-Bühne YNP9VN https://fahrplan.das-sendezentrum.de/36c3/talk/YNP9VN/ DLF- und Podcast-Bühne Normale Länge de Die Podcast Quizshow deren Name ein Anagram des Originals ist! In dieser Show geht es um die Lösung hinter Fragen wie was ist ein Alarmstuhl, was ist Spritzgeld oder warum haben Züge aus Deutschland nach Frankreich Knallerbsen an Board! Für die ZuschauerInnen gibt es Spaß, für das Rate Team (bestehend aus: [Philipp](http://twitter.com/derphilipp), [Tom](http://twitter.com/miezekater), [Christiane Attig](http://twitter.com/christianeattig) und [Holger Klein](http://twitter.com/holgi)) gibt es süßen Alkohol und für jede richtig beantwortete Frage eine güldene CYBER Card! Mehr Infos auf: GalaBeNeedInn.de Twitter: [@GalaBeNeedInn](https://twitter.com/galabeneedinn) false MacSnider /media/36c3/images/HSYE8L/NSU_Podcast_serif.png 2019-12-29T20:30:00+01:00 20:30 01:00 DLF- und Podcast-Bühne HSYE8L https://fahrplan.das-sendezentrum.de/36c3/talk/HSYE8L/ DLF- und Podcast-Bühne Normale Länge de NSU-Watch: Aufklären & Einmischen. Der Podcast über den NSU-Komplex, rechten Terror und Rassismus https://www.nsu-watch.info/podcast/ Das Netzwerk des NSU wurde nicht aufgedeckt und rechtem Terror nicht die Grundlage entzogen. Diese beiden Fakten hatten 2019 massive Konsequenzen und kosteten Menschenleben. Im Juni wurde der Kasseler Regierungspräsident Walter Lübcke von einem Neonazi hingerichtet und im Oktober wurden Jana L. und Kevin S. bei einem antisemitischen und rassistischen Anschlag in Halle ermordet. Recherchen deckten weitere Details zu den rechten Netzwerken in Polizei und Bundeswehr, bekannt unter Namen wie "Nordkreuz" oder "NSU 2.0", auf. Weltweit verloren dutzende Menschen ihr Leben, weil Rassisten einen "Großen Austausch" herbei phantasieren, den sie stoppen wollen. Sie alle werden angeheizt durch eine gesellschaftliche rechte Mobilisierung. Und was wird medial und von Politiker*innen diskutiert? Der Verfassungsschutz soll besser ausgestattet werden und nebenbei kehrte die längst überwunden geglaubte "Killerspiel-Debatte" zurück. Die AfD, auch bekannt als "parlamentarischer Arm des Rechtsterrorismus" sitzt in allen Parlamenten und Talkshows. Im Jahresrückblick des Podcasts "NSU-Watch: Aufklären&Einmischen" wollen wir auf dieses von rechtem Terror geprägte Jahr zurückblicken und auch fragen: Womit haben wir es zu tun? Wie können wir dagegen angehen? Wir blicken auch auf das Jahr 2020, in dem viele dieser Ereignisse weiterhin uns aber auch die Gerichte beschäftigen werden. false Caro Keller /media/36c3/images/AAYM3Q/icon.jpg 2019-12-29T21:45:00+01:00 21:45 01:00 DLF- und Podcast-Bühne AAYM3Q https://fahrplan.das-sendezentrum.de/36c3/talk/AAYM3Q/ DLF- und Podcast-Bühne Normale Länge de Deutschlands bester Asienpodcast präsentiert einen Überblick über sechs Monate Protest in Hongkong mit Fokus auf die strategische Nutzung von digitalen Tools und Memes. Wir berichten seit Beginn der Proteste in Hongkong im Juni immer wieder mit Gästen oder aus unserer eigenen Berichterstattung über die politischen Entwicklungen in der Stadt. Beim Sendezentrum wollen wir auf sechs Monate Protest zurückblicken - mit besonderem Fokus auf die digitalen Strategien der Protestierenden und die politische und strategische Rolle von Memes und Protestart: Warum ist Telegram so wichtig, dass es einem Hackerangriff des chinesischen Staates ausgesetzt war? Wie entkommen viele Demonstrierende immer wieder Festnahmen der Polizei? Wo kommt die ganze Protestkunst her, die ununterbrochen weltweit und in der Hongkonger U-Bahn verteilt wird? Und welche neuen chinesischen Zeichen haben die Demonstrierenden kreiert, um ihre politischen Forderungen zu vermitteln? Eine unserer Moderator*innen, Katharin, wird direkt von ihren Recherchen für journalistische Berichterstattung und ihren Talk auf dem 36C3 zu Hongkong berichten. Gegen Ende des Podcasts planen wir, Gäste mit Expertise zu Protesten in anderen Teilen der Welt (voraussichtlich Irak und Libanon, eventuell Indonesien oder Chile) mit an den Tisch zu holen, um uns über darüber auszutauschen, welche Strategien Demonstrierende international voneinander kopieren und wie Demonstrierende in aller Welt sich miteinander identifizieren und versuchen, transnationale Solidarität aufzubauen. false Katharin Tai 2019-12-29T23:00:00+01:00 23:00 02:00 DLF- und Podcast-Bühne EF7D3Z https://fahrplan.das-sendezentrum.de/36c3/talk/EF7D3Z/ DLF- und Podcast-Bühne Normale Länge de Auf dem 36c3 macht das Chaosradio endlich das Byte voll! Marcus Richter redet mit Leuten, die auf diesem Congress interessante Dinge berichtet, zerforscht oder aufgefahren haben. Das Chaosradio ist die monatliche Radiosendung des Chaos Computer Club Berlin (CCCB). In dem zweistündigen Format informieren wir über technische und gesellschaftliche Themen – und das seit 1995. false Daniel Molkentin monoxyd /media/36c3/images/TK9M7A/Flutter-Eng-2.png 2019-12-29T12:00:00+01:00 12:00 00:30 WikiPaka WG: Esszimmer TK9M7A https://cfp.verschwoerhaus.de/36c3/talk/TK9M7A/ Hardware & Making Talk de Did you ever want to develop cross-platform application from one single code base? Are you afraid to get worse performance than with native code? Flutter may help you! Flutter is an open-source cross platform framework which allows you to create native applications. As is does not use JavaScript it won't require a hole WebView in background. Due to this and the incredible easy syntax it's one most advanced frameworks for applications running on mobile devices, in the web and on desktops. In this talk, I will introduce the basics of Flutter, what's different to other frameworks and some details about its structure. false Der mit dem Zopf (The one with the braid) 2019-12-29T12:45:00+01:00 12:45 01:00 WikiPaka WG: Esszimmer 3CHBWG https://cfp.verschwoerhaus.de/36c3/talk/3CHBWG/ Science Talk de This talk provides an overview of the state of Free and Open Source Software (FOSS) within the various European scientific communities. Based on this we will try to identify stakeholders, common goals and potential policy proposals. The principles of Free and Open Source Software (FOSS) are well aligned with the core tenets of science, i.e., the sharing of knowledge and the demand for reproducibility of results. Nevertheless, FOSS is still rather the exception than the rule for the majority of scientific domains. In this session we will discuss the state of FOSS within the various European scientific communities. Based on this we will try to identify stakeholders, common goals and potential policy proposals. false purine:bitter 2019-12-29T14:00:00+01:00 14:00 01:00 WikiPaka WG: Esszimmer DKQXS3 https://cfp.verschwoerhaus.de/36c3/talk/DKQXS3/ Ethics, Society & Politics Talk de Was ist das Onlinezugangsgesetz, wie wird es umgesetzt, und wie kann ich als Das Onlinezugangsgesetz ist derzeit der wichtigste Treiber für die Digitalisierung der Verwaltung in Deutschland. BIs Ende 2022 sollen alle Verwaltungsleistungen digital zugänglich gemacht werden. Wie genau es derzeit umgesetzt wird (und warum), was an Ergebnissen zu erwarten ist und was vielleicht danach kommt erfährt du in diesem Talk. Dieser Vortrag inklusive Fragerunde ist für alle gedacht, die in das Thema Verwaltungsdigitalisierung in Deutschland, speziell OZG, einsteigen wollen. Wir gehen auch der Frage nach, wie sich mensch in seiner Kommune, seinem Land und seinem Fachgebiet informieren und einbringen kann. true Spyr_0 2019-12-29T16:00:00+01:00 16:00 00:45 WikiPaka WG: Esszimmer B3JTS9 https://cfp.verschwoerhaus.de/36c3/talk/B3JTS9/ Resilience & Sustainability Lightning Talk de Wir entwickeln den StayAlive–Insektencounter, ein Citizen Science-Monitoringtool für Umweltschützer, NGOs, Hobbygärtner – für dich und mich. Das Raspi-basierte und KI-gestützte Gerät soll durch Echtzeitmessungen zeigen, welche Insekten (Fliegen, Hummeln, Falter etc) es noch gibt, wie sich die Zahl über die Zeit verändert und welche deiner Schutzmaßnahmen einen direkten positiven Einfluss haben werden. Das Insektensterben wurde durch die „Krefelder Langzeitstudie“ einer breiten Öffentlichkeit bekannt. Für die Studie wurden die Tiere ganz analog in Fallen gelockt und konserviert (also getötet), so dass man anschließend ihre Biomasse bestimmen konnte. Mit unserem Projekt StayAlive-Insektencounter gehen wir einen anderen Weg. 
Wir zählen und klassifizieren die Tiere digltal – und lassen sie leben. Der Counter soll Insekten anhand seiner Körperform und durch den Flügelschlag unterscheiden und lernt dank Künstlicher Intelligenz (KI) ständig hinzu. Die Daten werden über eine Map visualisiert und zeigen an, welche insektenfreundlichen Maßnahmen direkt wirken, wenn wir bestimmte Pflanzen säen, Wiesen ungemäht lassen oder pestizidfrei ackern. true Nicola Levin Brinkmann 2019-12-29T17:00:00+01:00 17:00 00:30 WikiPaka WG: Esszimmer PMD8TF https://cfp.verschwoerhaus.de/36c3/talk/PMD8TF/ Ethics, Society & Politics Talk de Many schools in Germany choose to distribute their substitute plans via a proprietary platform. The provided client software is not very pleasurable to use and inconveniences users with its dependency on Google Play Services. That's why I develop a free client for Android called DSBDirect, which is able to display plans in a nice, filtered way. Many schools in Germany choose to distribute their substitute plans via the proprietary [[DSB platform]](https://heinekingmedia.de/education/digitales-schwarzes-brett). The provided client software is not very pleasurable to use and inconveniences users with its dependency on Google Play Services. That's why I develop a free client for Android called DSBDirect, which is able to display plans in a nice, filtered way. Since they noticed my app, the company operating DSB has been obfuscating their various endpoints more and more in an attempt to prevent my app from working, while on the other hand not being very competent at security. It's a cat-and-mouse game. false Fynn 2019-12-29T17:30:00+01:00 17:30 02:00 WikiPaka WG: Esszimmer CRH3HY https://cfp.verschwoerhaus.de/36c3/talk/CRH3HY/ Community Meetup de Wir wollen junge Leute im Chaos-Umfeld vernetzen und die Jugendarbeit in den einzelnen Spaces stärken. Komm vorbei, trink eine Mate und lass die Welt verändern. Wir wollen junge Leute [1] im Chaos Umfeld vernetzen und die Jugendarbeit in den einzelnen Spaces stärken. Komm vorbei, trink eine Mate und lass die Welt verändern. Mögliche Themen: - Was können wir auf Über-Regionaler Ebene machen? - Wo müssen wir uns mit einbringen? - Wie kann unser erstes Geekend in Göttingen ablaufen - Was für Projekte, Ideen und Utopien gibt es? Gerne dürft ihr auch vor dem Treffen einbringen. Du findest uns auch Online auf https://chaos.jetzt/ in unserem Matrix und Mastadon. [1] = Grundsätzlich Menschen unter 27 mit einem (sehr) großen Fokus auf U18 Jährige. Diese Definition könnte auch gut besprochen werden. true Scammo 2019-12-29T19:30:00+01:00 19:30 01:00 WikiPaka WG: Esszimmer RT7UWJ https://cfp.verschwoerhaus.de/36c3/talk/RT7UWJ/ Hardware & Making Talk de We will tell you how to serve a hundred thousand requests per second, for fun and non-profit Wikipedia is one of the most visited websites on earth and runs on donations only. All of our infra is in-house to make sure we protect our users' privacy. This is not easy but it's possible. If you want to know how we do that, come to our talk. We will explain our system architecture, tell you about our database setup, the caching layers, and all the other bits and pieces. false Amir Sarabadani Lucas Werkmeister Daniel 2019-12-29T20:45:00+01:00 20:45 00:10 WikiPaka WG: Esszimmer TGQBME https://cfp.verschwoerhaus.de/36c3/talk/TGQBME/ Hardware & Making Lightning Talk de Find out what lies at the intersection of music and programming with this brief look at LilyPond, the free programmable musical typesetter! [LilyPond](http://lilypond.org/) is a musical typesetting program. While it aims to produce beautiful scores by default, its output is also extensively configurable and programmable. This makes it an attractive hobby for people at the intersection of programming and music, some of whom I hope to captivate with this talk. false Lucas Werkmeister 2019-12-29T21:00:00+01:00 21:00 01:00 WikiPaka WG: Esszimmer 9BS3FB https://cfp.verschwoerhaus.de/36c3/talk/9BS3FB/ Art & Culture Talk de Wir präsentieren zum dritten Mal einen bunten Blumenstrauß aus Nerdsniping-Themen – einige unserer Lieblingsfakten über Computer, Kunst und Kuriositäten! Wir ziehen viel Inspiration aus neuen und absurden Ideen, und möchten diese Begeisterung mit euch teilen! Es gibt Aufzeichnungen von [Vol. 1](https://morr.cc/operation-mindfuck/) und [Vol. 2](https://morr.cc/operation-mindfuck-2/)! false blinry bleeptrack 2019-12-29T22:30:00+01:00 22:30 01:00 WikiPaka WG: Esszimmer BZTE77 https://cfp.verschwoerhaus.de/36c3/talk/BZTE77/ Community Meetup de The GSM Team will bring some hardware and data to explain how we run a 2/3/4G Network on the 36c3. Ask them everything. The GSM Team will bring some hardware and data to explain how we run a 2/3/4G Network on the 36c3. Ask them everything. true bibor /media/36c3/images/Q83NB8/classes.jpg 2019-12-29T12:30:00+01:00 12:30 01:00 ChaosZone Bühne Q83NB8 https://cfp.chaoszone.cz/36c3/talk/Q83NB8/ Ethics, Society & Politics Vortrag 60min (inkl. Q&A) en Off-University (Organization Für den Frieden-University), a research collaboration which was established for and by persecuted academics from Turkey. It is a space for collaborative research projects. We have an online platform which connects former colleagues, or students and their former supervisors to start projects together. The idea is to establish a concrete solidarity channel with academics all over the world, specifically, the ones who have been purged from their institutions, forced to resign, who are legally and politically persecuted and even imprisoned because of their opinion and research. We offer researchers, lecturers and students the chance to teach, share and produce knowledge away from government surveillance and repression via our safe online platform. Through such civic disobedience, it combines the good old ideal of academic freedom with state of the art digital communication and collaboration opportunities. Off-University’s mission is based on its commitment to peace in the world and to living together in diversity. It therefore seeks to develop emancipatory education-research activities that are less hierarchical and more democratic! We want to build a worldwide online/offline community that is horizontal and inclusive by using new online teaching methodologies and interactive learning settings. We engage ourselves in online/offline group work activities by developing knowledge on online teaching methods with our lecturers and so on. We also want to create an autonomous community of lecturers and students online and offline as a university thrives on exchange and interaction outside of formal teaching hours. The idea is to establish a digital social place through online discussions and lecture series, and by increasing the visibility and legitimacy of our initiative, encouraging co-learning, student to student feedback and critical thinking. false Havle Guney /media/36c3/images/J839PV/Google_Women_Cloud_293_neu.jpg 2019-12-29T14:00:00+01:00 14:00 01:00 ChaosZone Bühne J839PV https://cfp.chaoszone.cz/36c3/talk/J839PV/ Security Vortrag 60min (inkl. Q&A) en This talk will teach you what Google’s official claim of supremacy means and how quantum computing will practically change the world of cryptocurrency. You will understand why Google and any other quantum computer could be about to beak blockchain-based cryptocurrency, see what new ways are in place to save blockchain from quantum, and learn why crypto is a potential application for ‘quantum supremacy’. Google announced that it has built and tested a 54-qubit quantum processor. ‘Quantum supremacy’ means that Google has been able to perform a calculation that is impossible to perform on traditional supercomputers. But what does ‘quantum supremacy’ mean for cryptocurrency and crypto mining, where having a highly efficient machine gives you an edge over everyone else? In this talk, I will explain quantum computing, ‘quantum supremacy’, and cryptocurrencies like Bitcoin and Ethereum in an understandable and entertaining way. I will also introduce the biggest danger to blockchain from ‘quantum supremacy’. With this milestone, a long-anticipated step toward useful quantum computers, understanding what new ways are in place to save crypto from ‘quantum supremacy’ and how crypto should prepare for ‘quantum supremacy’ is key to evaluate the facts. A surprising potential application for Google’s ‘quantum supremacy’ is cryptocurrency. Applying ‘quantum supremacy’ to generate certifiable random numbers for blockchain helps to understand the advantages and disadvantages of quantum computing. As a cryptocurrency expert, I will give you insights into these as well as further real-world applications. false Victoria Riess 2019-12-29T15:30:00+01:00 15:30 01:00 ChaosZone Bühne CNFEXX https://cfp.chaoszone.cz/36c3/talk/CNFEXX/ Resilience & Sustainability Vortrag 60min (inkl. Q&A) en The current social media situation is catastrophic. A single megacorporation controls the entire digital life of large parts of the world's population. Together with the rapidly improving methods for processing this data, a power that not only concerns experts is being bundled here. And Facebook's monopoly secures itself. On the one hand, users cannot leave Facebook(/ Instagram/WhatsApp) without being cut off from the social life of their friends. On the other hand, alternatives fail because they can't reach a critical mass. It seems impossible that a single application will ever replace Facebook. The freedom of the Internet is fundamentally threatened. Breaking the power of Facebook is probably one of the greatest challenges of our time. And in order to solve this task, we did come up with a detailed concept that we want to present to the public for the first time at 36c3. SNAC - Social Network Application Cluster - is the name of the protocol used to standardise data exchange between different social media applications. Just as email protocols enable users to choose their provider freely, this protocol should also enable greater diversity in this area. It is easy to see that a single application isn't able to satisfy the needs of every single user. With SNAC we enable a decentralized structure, where each user can choose his server, but also his client application, from a broad spectrum. By developing our pilot application Open Source, we make it easy for other developers to integrate their own applications into the network. But the decentralized Open Source dream alone is not enough to revolutionize the social media world. In order for the new applications emerging in SNAC to be able to run, an appropriate economic environment is needed to cover the operating costs. If the user accesses many different servers while surfing through the decentralized network, the question arises who is responsible for the access costs caused. There is a lack of a corresponding micropayment service with which it is possible to pay very small amounts easy and securely. At first glance, this seems like a project of its own, but it is closely linked to the operation of a decentralised social network. And there are several advantages emerging by linking social networks with a micropayment system. For example, users can donate a few cents to the creators of content they value, which then adds up to a fair reward for the creators. And this is done directly, independently and without forced ads for the users. But the mental alarm bell of data security rightly rings here when one tries to link financial and private communication data. Therefore, it is all the more important to hand over data sovereignty to the user when planning the protocols and to leave the server operators only the task for which they are fairly paid - the operation of the servers. We are currently putting this concept into protocols that enable secure transactions and protect the user's data. The aim is to create an environment where everyone has the chance to honestly and transparently pay the costs they incur instead of filling the pockets of corporations with their data. Our project is quite daring, that is clear to us. And yet we are sure that this is exactly what we want to do in the coming years. Because there is a chance that we will find 15 crazy people who want to develop this utopia together with us. There's a chance we'll find 50,000 people supporting us with an average of 1€ a month to feed our 15 crazy developers. There's a chance that we can create an environment where many small subnets with cool innovative applications can trigger a movement that's going to be so big it will overcome Facebook's monopoly. And above all, we can create an environment where technology benefits people again, rather than the other way around. If 36c3 isn't the right place for a project like this, what else is? We will give a talk in which we will discuss a better world and the difficulties that lie on the path there. We want to encourage listeners to think and participate, but above all we are also there to initiate a discussion. We want to hear all the concerns and mistakes that we overlook and we need the expertise from all the different angles that only the CCC brings together. Hi! We're offeringa bit of a different talk, where we want to present a project that might bring a renaissance to the independence and freedom of the internet. We want to dream together of a better world, but then also talk about the concrete steps that need to be done to get there. false Steffen 2019-12-29T17:00:00+01:00 17:00 01:00 ChaosZone Bühne ZT7BJG https://cfp.chaoszone.cz/36c3/talk/ZT7BJG/ Vortrag 60min (inkl. Q&A) en If there are to many participants, we need to sort them out. If there are no participants at all, we'll watch funny videos about Hebocon and explain the rules. If there is no hebocon on main stage, this will be mainstage :) SEE ABOVE false honky /media/36c3/images/VDMSJN/lonely_chimera_cross_big2.png 2019-12-29T19:00:00+01:00 19:00 00:30 ChaosZone Bühne VDMSJN https://cfp.chaoszone.cz/36c3/talk/VDMSJN/ Science Vortrag 30 min (incl. Q&A) de Man muss ein Genie sein und jahrelang Quantenphysik studiert haben um einen Quantum-Annealer programmieren zu können? Falsch gedacht! Drei Schüler (15, 16 und 17) zeigen in ihrem Vortrag, wie sie ein kniffliges Schachproblem auf einem adiabatischen Quantencomputer (dem D-Wave 2000Q) gelöst und damit bei Jugend forscht den Preis der Bundesforschungsministerin für zukunftsorientierte Technologien abgeräumt haben. In unserem Vortrag werden wir zunächst auf die Funktionsweise adiabatischer Quantum-Annealer eingehen und anschließend die Herangehensweise an die Lösung eines Optimierungsproblems auf dem Quantencomputer erläutern. Es zeigt sich, dass für das Programmieren eines Quanten-Annealers, wie ihn die Firma D-Wave schon heute kommerziell vertreibt, keine vertieften Kenntnisse zum Thema Quantenmechanik vonnöten sind. Man muss lediglich ein gegebenes Problem in die mathematische Form bringen, die der Quanten-Annealer versteht. Wie genau das funktioniert, wollen wir an einem konkreten Beispiel zeigen. Wir (Jakov, Paul und Jonathan) werden dabei unser Jugend-forscht-Projekt "Lösung des n-Damenproblems auf einem adiabatischen Quantencomputer" vorstellen, das uns eine Bundesplatzierung im Fachbereich Mathematik/Informatik eingebracht hat. Unser Projekt durften wir bereits bei der Firma Krones, dem Max-Planck-Institut für Quantenoptik und auf dem ISC (International Supercomputing Conference) 2019 in Frankfurt vorstellen. Unsere Projekt-Homepage: https://www.domspatzen-quantum.de/ Vortrag beim ISC in Frankfurt: https://www.youtube.com/watch?v=aM_pAA9FdYY false Jonathan Treffler Jakov David Wallbrecher Paul Schappert /media/36c3/images/GNW8F9/Devops_girl.png 2019-12-29T20:15:00+01:00 20:15 01:00 ChaosZone Bühne GNW8F9 https://cfp.chaoszone.cz/36c3/talk/GNW8F9/ Entertainment Vortrag 60min (inkl. Q&A) de Abgründe und Gruseligkeiten aus der Operations-Welt - neues Jahr, neue Runde Ein weiteres Jahr Kampf aus der Operations-Abteilung gegen schlechten Code, krude Architektur-Ideen und absurde Software-Konzepte. Facepalms und Stirnschwielen aus 2019 und was wir daraus lernen können. Siehe auch https://cfp.chaoszone.cz/35c3/talk/GYDDDD/ Call for disasters, submit your story! http://www.devopsdisasters.net/ false Stefan 2019-12-29T23:00:00+01:00 23:00 01:40 ChaosZone Bühne MCBFLZ https://cfp.chaoszone.cz/36c3/talk/MCBFLZ/ Entertainment Aufführung / Kunst de Warm up for Hebocon - bring some drinks and lets prepare for Hebocon. Listen to some music, then either watch the Livestream with us or go to the hall. Lineup: 23:00 Soundcheck, Warmup 23:40 Egon Rock (house, deep house, tech house) false chaoszone 2019-12-30T00:40:00+01:00 00:40 01:00 ChaosZone Bühne RCUERS https://cfp.chaoszone.cz/36c3/talk/RCUERS/ Entertainment Vortrag 60min (inkl. Q&A) de Livestream: Hebocon (Saal Ada) Let's build funny robots and let them fight each other as long as we are superior to them :) Please let's dishonor high tech and celebrate everything made out of stuff we usually throw away (and blinks). false honky 2019-12-30T01:40:00+01:00 01:40 04:20 ChaosZone Bühne D7QHBU https://cfp.chaoszone.cz/36c3/talk/D7QHBU/ Entertainment Aufführung / Kunst en Chaoszone Hebocon afterglow party. Expect bass music. BYOB. Lineup: 1:40 - der Warst (live - [website](http://der-warst.de)) 2:30 - Pat Styx (Jungle) 4:00 - Ed Ruskin (dnb) 5:30 - tba. false chaoszone /media/36c3/images/BUGBMJ/Synthetic_Image_Training_Datasets_for_Conflict_Zone_Analysis__web_DEyBULl.jpg 2019-12-29T12:00:00+01:00 12:00 00:30 Art-and-Play Stage BUGBMJ https://stage.artesmobiles.art/36c3/talk/BUGBMJ/ Lecture Lecture en artist talk and Q&A 30min This talk will present VFRAME, an open source computer vision toolkit for human rights researchers, and the new synthetic data generation tools. Because creating image training datasets is expensive or in some cases impossible due to lack of imagery, photorealistic synthetic data can be used to simulate real imagery. VFRAME uses this technique to create highly specific object detection models that facilitate visual analysis of millions of videos from Syria, Yemen, and Sudan. false Adam Harvey /media/36c3/images/83A8HA/solarpunk_peer_to_peer_energy_trading__web_PXumsj7.jpg 2019-12-29T12:30:00+01:00 12:30 00:45 Art-and-Play Stage 83A8HA https://stage.artesmobiles.art/36c3/talk/83A8HA/ Lecture Lecture en talk and Q&A 45min "move quietly and plant things" our motto as solarpunks. Between the retro-futurism of steampunk and dystopian cyberpunk we as solarpunks place positive designs of our future – in an ecological, social sense. We want to support and develop decentralized infrastructures – for more local, neighbourly exchange. In the talk, we present different approaches of a decentralized peer to peer power grid "microgrid", a bottom-up power grid facilitating direct neighbour to neighbour energy trading. Since our solarpunk collective is just about to start, we invite you to join our regular monthly meetings at c-base to discuss the implementation of such a microgrid within the city – and more. Image: enerGAZE Zine, geniox (CC BY-SA 4.0) false Stefan Greiner & Julian Jungel from Solarpunks Berlin /media/36c3/images/YGQKPZ/Technological_narratives__web_oQlKitv.jpg 2019-12-29T13:30:00+01:00 13:30 01:00 Art-and-Play Stage YGQKPZ https://stage.artesmobiles.art/36c3/talk/YGQKPZ/ Lecture Lecture en technology in culture, talk and Q&A 60min The western culture offers a very distilled narrative on what technology is and who builds, owns and profits from it. Most non-technical audiences are unaware of how subjective this perspective is - and how strongly it favours well-marketed multinational corporations over local solutions. How can telling different stories help us democratize technology? The more the technology advances and becomes interconnected and complex, the less the non-technical public understands the changes, their repercussions and the policies that come along with them. Most people end up relying on stories present in the popular culture to understand the tech world around them: the well-polished product ads hidden in their favourite films, the lone genius-inventor legends, cyberpunk visions of a world with no privacy, but so much convenience! With the constant changes around, it's hard not to be future shocked and give up on any attempts of understanding the technology yourself. The alternative narratives, especially within the hacker scene, are anything but accessible. They're shrouded with technical terms, full of cryptic references and lacking any clear introduction. Very few stories explain why values such as net neutrality are important without speaking code. People need stories with clear explanations appealing to their emotions and remaining in their memories much longer than a dry technical evaluation of pros and cons. I believe that with the introduction of Solarpunk, a new art genre widely discussed at the last re:publica, we can start talking about technology differently. We can forego shiny marketing of the Western companies and look at the technology created by the communities and grassroot organizations answering very local problems. We can paint a vision of a world united in diversity of solutions, not owned by a single company. false Pawel Ngei /media/36c3/images/UESZPA/untitled_Re__4th_eviction_of_Hambach_forest__web_XAccvJF.jpg 2019-12-29T14:30:00+01:00 14:30 00:34 Art-and-Play Stage UESZPA https://stage.artesmobiles.art/36c3/talk/UESZPA/ Screening Screening en artistic documentary, 2019, 34 min + Q&A, german language While working on a dissertation on the political struggle near Europe’s largest open lignite pit in the Rhineland area, heaps of imagery were produced, in particular during the forest eviction of Hambach forest in autumn 2018 – which was one of Germany's largest police mass actions to date. This led to the production of a photo exhibition and the short movie "untitled [Re: 4th eviction of Hambach forest]". Destruction may be considered a predominant theme here: destruction of ancient natural habitats and groundwater reserves, destruction and devastation of whole landscapes, destruction of nearby villages and communities, destruction of the world's climate and our common future. Still, the photo exhibition also sheds light on the stark contrast of destruction vs. construction: the demolished homes of Manheim on the one hand, re-building the forest occupation and settling into new tree house homes on the other hand. The work initially evolved around a central question: does the artistic act interfere with activism (and vice-versa)? During the process, this potential conflict of interests became clearer. It's a thin line between art impacting activism and activism influencing art, with each bearing possible adverse but also positive effects on the other. One may think that producing imagery is a photographer's priority. But artistic ideals and integrity cannot be seen in total isolation of their surrounding circumstances. Hence, a more accurate description of the artist's work would be "Resistance by means of documentation". false Angie 2019-12-29T16:00:00+01:00 16:00 01:30 Art-and-Play Stage FFK37X https://stage.artesmobiles.art/36c3/talk/FFK37X/ Screening Screening en This program presents a series of artistic strategies on redundant technologies, repressive structures and populist movements supported by Werkleitz Centre for Media Art in Halle residencies or professional media master class programs. The program will be presented by Werkleitz founder Peter Zorn & Marcie Jost and the artists Juliane Jaschnow, Stefanie Schröder and Mathias Jud. **TELH78** Super 8 on Digital 6 min D 2011 Alina Cyranek & Eike Goretzka It has almost vanished from our urban horizons, that rotting dinosaur, the German post office’s yellow telephone booth. There were times when such a booth was a vital place. We searched for – and found – the last of this dying breed, and had them divulge stories now threatened by oblivion. http://pmmc.werkleitz.de/telh78 **Artificial Intelligence _ Interaractive Film Kiosk** Doku 4:30 min Douglas Fishbone Werkleitz/Filmische Initiative Leipzig (FILZ) Artificial Intelligence (2018) is a machine that dispenses wisdom in return for a 10-cent investment. A short meditation on time, impermanence and loss, it was originally installed in the Marktplatz in Halle, Germany, the city’s main square, where it was commissioned by the werkleitz Festival with funding from the European Union. Spanning from the theft of the Mona Lisa in 1911 to the shortages of sausages in the German Democratic Republic to the Mahabharata, it offers an unusual perspective on the rise and fall of human civilization through the prism of the chaos of 20th-century Europe. http://emare.eu/artist/doug-fishbone **Fence Sharpening _ Performance Intervention** Documentation 4 min AU/D 2010 Leopold Kessler Sharpened edges of iron fences poke the sky in the city of Halle. They reflect the summer sun like shimmering, but dangerous, treasures. They make the fictitious intruder shake with fear, and the innocent passersby’s heart freeze, as they imagine those passive weapons harming the human body. http://werkleitz.de/en/fence-sharpening **Beyond the forest** Film 9 min D 2014 Francesca Bertin & Leonhard Kaufmann Beyond the forest is the city of tomorrow, before the forest the villages of yesterday. http://pmmc.werkleitz.de/hinter-dem-wald **The Effect of Cannonery on Thunderclouds** Film 30 min D 2017 Juliane Jaschnow & Stefanie Schröder 2016 saw the highest number of potential tornadoes ever since the beginning of weather recordkeeping in Germany. At the same time, there is a deluge of weather tropes on the internet, on television and in the news. Shit storms, data flood, refugee waves. Language, metaphors and images are instruments of control. They are used to dispel – and instill – fear. How does the image function as a document, as fiction, trophy, counterattack? How close are manipulation and prediction? And is the weather still real? http://pmmc.werkleitz.de/die-wirkung-des-geschuetzes-auf-gewitterwolken false Werkleitz Centre for Media Art 2019-12-29T17:30:00+01:00 17:30 00:30 Art-and-Play Stage V3UCEP https://stage.artesmobiles.art/36c3/talk/V3UCEP/ Lecture Lecture en technology in culture, 30 min lecture and Q&A, Switzerland/Germany 1999-2019 Wachter/Jud got attracted public attention with online and open source projects like zone-interdite.net, picidae.net or qual.net. They have been awarded with an EMARE grant at Werkleitz 2006 and another EMARE grant 2015 at Queensland University at Technology in Brisbane. The body of their work is focussed on our perception in the digital world and the empowerment of dissident strategies. In 2016, they were awarded the Golden Nica, the Prix Ars Electronica. http://www.wachter-jud.net/projects http://www.zone-interdite.net/P/ http://info.picidae.net/en/how_picidae_works/ http://www.wachter-jud.net/projects_online/new-nations http://www.wachter-jud.net/projects_online/qaul false Christoph Wachter/Mathias Jud /media/36c3/images/MJVFL7/team_intim__web_w7eeJru.jpg 2019-12-29T19:00:00+01:00 19:00 00:40 Art-and-Play Stage MJVFL7 https://stage.artesmobiles.art/36c3/talk/MJVFL7/ Theatre/Dance Performance Theatre/Dance Performance en experimental, noise, drama, german language Merciless and at the same time with great tenderness, the life of a young woman is portrayed. Fluctuating between aggression and devotion, impulsiveness and serenity. Closeness and fear – in the past with passionate ideals, now with a sobering sense of pragmatism. Self formation, self creation, self-depletion. false team intim /media/36c3/images/UWDA89/divas_on_duty_1_CCEpzR1.png 2019-12-29T20:00:00+01:00 20:00 00:20 Art-and-Play Stage UWDA89 https://stage.artesmobiles.art/36c3/talk/UWDA89/ Screening Screening en stills, 20 min, 2019, english language false Ida Michel 2019-12-29T20:30:00+01:00 20:30 00:20 Art-and-Play Stage WJE8NU https://stage.artesmobiles.art/36c3/talk/WJE8NU/ Screening Screening en video installation, 20 min, 2018, nonverbal Originally used in computer games and for special effects in blockbuster movies, ‘simulated life’, driven by algorithmic predictions, is increasingly influencing many facets of the real world. From urban planning to disaster evacuation plans, market forecasts and crowd control, algorithmically simulated scenarios produce real world policies and events. Using a variety of images including filmed footage as well as simulations of crowd control software, Transformation Scenario is a meditation on ‘simulated life’ and the increasingly blurred distinctions between real and virtual experiences. This video is part of a larger body of work by von Wedemeyer that engages with the psychology and aesthetics of the crowd. false Clemens von Wedemeyer /media/36c3/images/97PKLH/Schmeck_mein_Blut__web_4a3stVK.jpg 2019-12-29T21:00:00+01:00 21:00 00:20 Art-and-Play Stage 97PKLH https://stage.artesmobiles.art/36c3/talk/97PKLH/ Theatre/Dance Performance Theatre/Dance Performance en theatrical performance Welcome to womanhood, means welcome to motherhood? – The Soloperformance "Schmeck mein Blut" by Hannah Maneck – named after the same-titled song of ebow – questions the monthly bleeding of the female body as a natural on that has to hurt and treated secretly. Bleeding is dirty and it must be painful, because it is the punishment for get kicked out of paradise? Lonesome and in pain you have to indure the time of monthly bleeding … BLAHBLAHBLAH But maybe it could also be an angry act of resistance! false Hannah Maneck /media/36c3/images/ZBXV33/Onyx_Ashanti__web_MViGQGv.jpg 2019-12-29T22:00:00+01:00 22:00 00:45 Art-and-Play Stage ZBXV33 https://stage.artesmobiles.art/36c3/talk/ZBXV33/ Sound Performance Sound Performance en metabit FUNC /\ [initialize] what would the being, described as "cyborg", name themselves instead? i'm exploring a construct/symbiote/orientation/logic that has named itself autonom-[i/o]. ive been interfaced with my symbiote (named EM-[I/O] or exomesh-input/output) daily, for a couple of months and just got the bone conduction working, :-D which mean all programming from today has an accompanying [pop]field logic (and ordered stereo field of interacting [pop]s) owing to the ordering logic of Metabit. more than a couple of singularities should have happened by the time of the congress, so, i'd rather insinuate something possibly more interesting than i would hazzard to describe right now. [stop] false Onyx Ashanti /media/36c3/images/GGXZMX/Kuiperkuiper__web_zISSGFB.jpg 2019-12-29T23:30:00+01:00 23:30 00:45 Art-and-Play Stage GGXZMX https://stage.artesmobiles.art/36c3/talk/GGXZMX/ Sound Performance Sound Performance en post-chill-grime-audio-visual concert Audio-visual Duo from Leipzig. false Kuiperkuiper https://frab.riat.at/en/36C3/public/schedule/events/171.html 2019-12-29T13:00:00+01:00 13:00 00:15 CDC - Stage 36C3-171-introduction_to_day_3 lightning_talk en false https://frab.riat.at/en/36C3/public/schedule/events/94.html 2019-12-29T13:20:00+01:00 13:20 00:30 CDC - Stage 36C3-94-almonit_project_decentralized_websites Stage lecture en Almonit is a project for decentralized websites and web services. Decentralized websites and web services are an alternative to the way the web functions today. They combine decentralized storage (like IPFS), decentralized name services (like ENS) and P2P networks in order to replace the server-based model of the web. This lecture describes the Almonit project, its architecture, the technical details of the technology and the ecosphere in which it is created. Come discover the state-of-the-art of this up-and-coming area! How does the web function? Generally speaking, it uses servers to provide content or services, and DNS to provide access to those servers. The Almonit project provides an alternative to the traditional server-DNS model. Instead of a server, we use decentralized storage (like IPFS), and instead of DNS, we use a decentralized name service (like ENS). We provide tools, methods and a portal for creating and accessing the decentralized web. The decentralized websites and web services scene is very new. In its current form, it was developed mostly in 2019. So far, it contains around a 100 websites experimenting with the technology, but its potential is promising. We envision it being used to create community-driven websites which would be made, moderated and maintained by a community instead of a central entity. This lecture describes the Almonit project, its architecture and technical details. We also present the ecosphere of decentralized websites and web services in which the project is created, and survey the past, present and also possible future use-cases of this technology, including its limitations. false neiman Almonit Almonit browser extension Almonit Twitter Article about Almonit https://frab.riat.at/en/36C3/public/schedule/events/142.html /system/events/logos/000/000/142/large/logo_rot.png?1577615982 2019-12-29T13:50:00+01:00 13:50 00:30 CDC - Stage 36C3-142-why_your_project_should_support_passwordless_login_fido2_webauthn Stage lecture en A login form with user name and password is implemented quickly. But passwords don't scale from the user perspective and the new WebAuthentication standard is there to replace them. This presentation gives an introduction to WebAuthn and FIDO2, why to implement it, how to use it etc. false jans Presentation slides https://frab.riat.at/en/36C3/public/schedule/events/95.html /system/events/logos/000/000/095/large/Cover.jpg?1575477342 2019-12-29T14:25:00+01:00 14:25 00:15 CDC - Stage 36C3-95-crypto_ux_design On designing wallets and explorers Stage lecture en Thoughts and insights on working as a UX designer in open-source and crypto, specifically contributing to Monero. This presentation will go over my experience contributing design to the <a href="https://www.figma.com/c/file/775423808468574409">Monero GUI</a> wallet, the <a href="https://www.exploremonero.com">Explore Monero</a> explorer, as well as the <a href="https://www.cryptouxhandbook.com">Crypto UX Handbook</a>. I'll cover topics around designing for crypto and design in open-source. false Christoph Ono Personal website Keynote presentation https://frab.riat.at/en/36C3/public/schedule/events/83.html /system/events/logos/000/000/083/large/monerosquare.png?1573839961 2019-12-29T14:45:00+01:00 14:45 00:30 CDC - Stage 36C3-83-developments_at_monero_hardware The state of research, design, and production of devices at Monero Hardware Stage lecture en In this half hour overview, we report progress made on projects at Monero Hardware. Physical, electromagnetic, and electronic hardware devices protect funds, secrets, and privacy by design. We consider concepts, learn how devices are made, and review a features roadmap. Wallets are distributed for hands on inspection, and a demonstration teaches the basics of embedded firmware development. In this half hour overview, we report progress made on projects at Monero Hardware. Physical, electromagnetic, and electronic hardware devices protect funds, secrets, and privacy by design. We consider concepts, learn how devices are made, and review a features roadmap. Wallets are distributed for hands on inspection, and a demonstration teaches the basics of embedded firmware development. false MSvB https://frab.riat.at/en/36C3/public/schedule/events/166.html /system/events/logos/000/000/166/large/Screenshot_from_2020-01-10_14-55-42.png?1578664601 2019-12-29T15:25:00+01:00 15:25 00:30 CDC - Stage 36C3-166-linux_on_open_source_hardware_and_open_source_chip_design Stage lecture en This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform. In closing also looking at the future, Libre Silicon like RISC-V designs, and where this might take Linux. This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform. In closing also looking at the future, Libre Silicon like RISC-V designs, and where this might take Linux. false Drew Fustini PDF slides Twitter for speaker (@pdp7) SlideShare PDF ODP https://frab.riat.at/en/36C3/public/schedule/events/146.html 2019-12-29T16:00:00+01:00 16:00 01:00 CDC - Stage 36C3-146-privacy_coins_and_resource_constrained_hardware_wallets A gentle introduction & pitfalls (Monero & Liquid) Stage lecture en This presentation will provide details of the implementation of privacy coins (Monero and Liquid) from a signer/checker perspective on a resource constrained (10 kb RAM, 28 MHz Cortex M0+) hardware wallet, and show typical mistakes than can be made along the way. false btchip Hardware_Wallets_and_Privacy_Coins_36C3_2.odp https://frab.riat.at/en/36C3/public/schedule/events/101.html /system/events/logos/000/000/101/large/rmxwallet_graphics.jpg?1577370574 2019-12-29T17:00:00+01:00 17:00 00:15 CDC - Stage 36C3-101-rmx_hardware_wallet lightning_talk en We are building a hw device for privacy extremists and we want to talk a bit about it. The RMX Hardware Wallet project started as an hw device case-study for privacy extremists. Main focus was given on the ability to serve like secure hardware messenger, cryptocurrency hardware wallet, file encryption token and authenticator. During the hw development, special care was given to support Monero. We want to share the actual state of our effort and talk about possible directions and strategies for the next year. false Pavel Polach webpage Slides 36c3rmxwallet.pdf 36c3rmxwallet.odp https://frab.riat.at/en/36C3/public/schedule/events/96.html /system/events/logos/000/000/096/large/Screenshot_2019-12-25_at_16.40.25.png?1577288545 2019-12-29T17:30:00+01:00 17:30 00:25 CDC - Stage 36C3-96-swarm Decentralised Storage and Communication for a Sovereign Digital Society Stage lightning_talk en The talk will give a short untroduction to Swarm and will also provide latest updates and road ahead. Swarm is a distributed storage platform and content distribution service, a native base layer service of the ethereum web3 stack that aims to provide a decentralized and redundant store for dapp code, user data, blockchain and state data. Swarm sets out to provide various base layer services for web3, including node-to-node messaging, media streaming, decentralised database services and scalable state-channel infrastructure for decentralised service economies. false Viktor Tron Swarm Swarm Roadmap file https://frab.riat.at/en/36C3/public/schedule/events/162.html /system/events/logos/000/000/162/large/selfie.jpeg?1577215379 2019-12-29T18:00:00+01:00 18:00 00:15 CDC - Stage 36C3-162-blockchain_sharding A short overview and Alephium's new approach Stage lecture en In this talk, I am gonna first give a short review of the current popular sharding methods, with a focus on the open problems. Then I am gonna talk about Alephium's innovative sharding solution, and why it could the promising approach. The talks at Critical Decentralisation Cluster will be live streamed and recorded. I consent to the use by Monero or RIAT of my image, video, and voice. I understand that this consent is perpetual and my image, video, and voice may appear publicly as part of Monero or RIAT website, Twitter account, YouTube channel and/or other marketing materials, which will be licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. If you would like to opt-out and not be recorded, please contact office@riat.at false Cheng Wang https://frab.riat.at/en/36C3/public/schedule/events/103.html 2019-12-29T18:35:00+01:00 18:35 00:30 CDC - Stage 36C3-103-on_bitcoin-monero_atomic_swaps Stage lecture en In this talk we propose an approach on bitcoin-monero atomic swap, its development state and open problems. Cross-chain atomic swaps have been discussed for a very long time and are very useful tools. In blockchains where hashed timelock contracts are doable atomic swaps are already deployed, but when one blockchain doesn't have this capability it becomes a challenge. This protocol describes how to achieve atomic swaps between Bitcoin and Monero with two transactions per chain without trusting any central authority, servers, nor the other swap participant. We propose a swap between two participants, one holding bitcoin and the other monero, in which when both follow the protocol their funds are not at risk at any moment. The protocol does not require timelocks on Monero side nor script capabilities, but requires two zero-knowledge proofs to secure the setup phase. false Joel “h4sh3d” Gugger p Official GitHub https://frab.riat.at/en/36C3/public/schedule/events/167.html 2019-12-29T19:05:00+01:00 19:05 00:30 CDC - Stage 36C3-167-tari_and_the_monero_ecosystem Stage lecture en false fluffypony https://frab.riat.at/en/36C3/public/schedule/events/86.html 2019-12-29T19:40:00+01:00 19:40 01:00 CDC - Stage 36C3-86-blockchain_interoperability_nipopows_sidechains Moving value between chains Stage lecture en We will talk about various means of communication between proof-of-work blockchains such as superblock NIPoPoWs and how to use them to build one-way and two-way transfer of information between chains without a trusted third party. false Kostis Karantias Dionysis Zindros Talk https://frab.riat.at/en/36C3/public/schedule/events/87.html 2019-12-29T20:45:00+01:00 20:45 00:45 CDC - Stage 36C3-87-bitcoin_to_the_post-quantum_era Stage lecture en Given the amount of funding and research that recently goes into quantum computers, it seems inevitable that at some point in the (near) future these machines will become a reality. With my physicist's hat on, this is exciting and amazing news, but as a cryptographer this is a nightmare. Most of our most efficient and widely used signature schemes would just go away in the blink of an eye. Is this the case for Bitcoin? Can we do anything to move Bitcoin to the Post-Quantum Era? In this talk, I present the basic principles Quantum Computers rely on to perform certain calculations much faster than classical computers. We give a beginner’s explanation to some quantum algorithms that can undermine Bitcoin’s security and show how they can be used to hijack transactions. Finally, I present a protocol upgrade for Bitcoin that allows users to securely transition their funds to quantum resistant wallets even in the presence of a quantum computer! false Dragos Ilie Bitcoin in the Post-Quantum Era https://frab.riat.at/en/36C3/public/schedule/events/160.html /system/events/logos/000/000/160/large/Screenshot_from_2019-12-24_14-52-04.png?1577196822 2019-12-29T21:30:00+01:00 21:30 00:30 CDC - Stage 36C3-160-3_8_billion_users_future_email_3_0 Stage lecture en Hundreds of messaging platforms have launched and failed over the last 50 years, while one Open Standards, and mostly Open Source powered decentralised platform has conquered the world. What is the magic formula that has powered email to adoption by 3.8bn users, and what is the future of decentralised messaging as firms like Google and Facebook try desperately to replace it? Hundreds of messaging platforms have launched and failed over the last 50 years. One has grown voraciously, netting 3.8 billion users, and handling 103 trillion messages each year. Like the Internet itself, email is decentralised and censorship resistant by design. It is technically extensible, powered by Free Software, and Open Standards agreed independently by consensus. LinkedIn, Facebook, Google and others are racing to own the future of this space, with Gmail alone accounting for 28% of email opens in 2018, in Western countries. Email's freedom, privacy, and security are taken for granted and under threat. What formula made email outlive it's contenders until now? What recent innovations are making it hip again? And what economic model could bring a renaissance of decentralised, Free Software messaging on the multi-billion user scale? The talks at Critical Decentralisation Cluster will be live streamed and recorded. I consent to the use by Monero or RIAT of my image, video, and voice. I understand that this consent is perpetual and my image, video, and voice may appear publicly as part of Monero or RIAT website, Twitter account, YouTube channel and/or other marketing materials, which will be licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. If you would like to opt-out and not be recorded, please contact office@riat.at false Sam Tuke Slides https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10879.html /system/events/logos/000/010/879/large/hal_9000_by_johnnyslowhand_1_.png?1576657105 2019-12-30T11:30:00+01:00 11:30 01:00 Ada 36c3-10879-hal_-_the_open-source_hardware_analyzer A dive into the foundations of hardware reverse engineering and our netlist analysis framework HAL Hardware & Making lecture en Since the Snowden revelations the fear of stealthy hardware manipulations is no longer regarded as far fetched. This fear is also reflected in the massive discussions sparked by last year's Bloomberg allegations on a supposed hardware spy implant on Supermicro serverboards or the recent USA ban on Huawei telecommunication equipment. Hardware reverse engineering (HRE) is a promising method to detect such manipulations or hidden backdoors. However, HRE is a highly complex and cumbersome task. It takes months of work as well as expensive equipment to even obtain the netlist of a chip, the equivalent to the binary in software reverse engineering (SRE). In contrast to SRE where various paid or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis were available - neither commercial, nor free. To close this gap, researchers from the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework. In this talk, we start with a basic introduction into the challenges of HRE. Then, we demonstrate the capabilities of HAL before giving a brief overview on our current research with HAL. Hardware reverse engineering (HRE) is an important technique for analysts to understand the internals of a physical system. Use cases range from recovering interface specifications of old chips, over detection of malicious manipulations or patent infringements, to straight up counterfeiting. However, HRE is a notably complex and cumbersome task which consists of two phases: In the first phase the netlist, i.e., circuit description of a chip, has to be extracted from the physical device. Such a netlist is equivalent to the binary in software reverse engineering (SRE). In the second phase, the analyst then processes the netlist in order to understand (parts of) its functionality. However, obtaining a netlist from a chip can take several months and requires professional and costly equipment as well as expertise. Even with a recovered netlist, understanding its functionality is an enormously challenging task. This is partly due to the lack of proper tools for netlist analysis: While in SRE various commercial or open-source tools for binary analysis exist, e.g., IDA Pro or Ghidra, in HRE simply no tool for netlist analysis was available, neither commercial, nor free. To close this gap, researchers from the Embedded Security group of the Horst-Görtz Institute for IT-Security at the Ruhr University Bochum developed HAL, the first open-source netlist analysis framework. Inspired by the modularity of its SRE equivalents, HAL can be extended through optimized C++ plugins or directly used as a Python library, while at the same time offering a GUI for explorative and interactive analysis. The project is supposed to give hardware analysts a common platform for the development of new algorithms with a portable design, ultimately aiding both professionals in their daily work as well as researchers in their efforts to publish reproducible results. In this talk, we will first introduce the foundations and main challenges of HRE, before giving a live demonstration of HAL and some of its capabilities on selected case studies. We conclude the talk with a glimpse at our associated research at the university that spans both, technical research as well as cross-disciplinary work with psychologists. Our talk requires only minimum prior knowledge on digital hardware. false Max Hoffmann HAL on GitHub https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10976.html 2019-12-30T12:50:00+01:00 12:50 00:40 Ada 36c3-10976-understanding_millions_of_gates Introduction to IC reverse engineering for non-chip-reverse-engineers. Hardware & Making lecture en Reverse Engineering of integrated circuits is often seen as something only companies can do, as the equipment to image the chip is expensive, and the HR costs to hire enough reverse engineers to then understand the chip even more so. This talk gives a short introduction on the motivation behind understanding your own or someone else’s chip (as a chip manufacturing company), and why it might be important for the rest of us (not a chip manufacturing company). The focus is on understanding what millions of logical gates represent, rather than the physical aspect (delayering, imaging, image processing…), because everyone can do this at home. I will introduce some proposed countermeasures (like logic encryption) and explain if, how and why they fail. The talk will give a general overview of the research field and explain why companies are interested in reverse engineering ICs (IP overproduction, Counterfeits, Hardware Trojans), as well as why it’s important for an end user (IC trust, chip failure). Then, I will very shortly introduce the reverse engineering workflow, from decapsulating, delayering, imaging, stitching, image processing and then come to the focus: netlist abstraction. The idea is to show some methods which are currently used in research to understand what netlists represent. Some theory will be explained (circuit design, formal verification of circuits, graph theory…), but I want to keep this to a minimum. Finally, I will show some current ideas on how to make reverse engineering difficult, as well as some attacks on these ideas. The talk does not give insights into how large companies do reverse engineering (i.e. throw money at the problem), but rather show the research side of things, with some of the methods published in the last couple of years, which is something everyone can do at home. false Kitty https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11218.html 2019-12-30T13:50:00+01:00 13:50 01:00 Ada 36c3-11218-weichenstellung In welcher digitalen Welt werden wir leben? Ethics, Society & Politics lecture de Wir müssen jetzt entscheiden, in welcher digitalen Welt wir leben wollen. Im Bereich des Datenschutzes und der Informationsfreiheit werden schwer umkehrbare Weichenstellungen vorgenommen, die weitreichende Konsequenzen für unsere Zukunft haben. Als Bundesdatenschutzbeauftragter setze ich mich mit der Durchsetzung der Datenschutz-Grundverordnung, der Regulierung von Verbraucher-Scoring und -Profiling und der Weiterentwicklung des europäischen Datenschutzrechts auseinander. Besonders beschäftigen mich dabei auch die Debatten um digitale Überwachung und massiv ausgeweitete Befugnisse der Sicherheitsbehörden. false Ulrich Kelber https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10496.html 2019-12-30T15:10:00+01:00 15:10 00:40 Ada 36c3-10496-das_mauern_muss_weg Best of Informationsfreiheit Ethics, Society & Politics lecture de Mit immer neuen Gesetzen gewinnt die Exekutive in Deutschland an Macht und Ressourcen. Die öffentliche Kontrolle von Ministerien und Geheimdienste gerät ins Hintertreffen. Wir sprechen darüber, warum dank Anfragen und Klagen nach dem Informationsfreiheitsfreiheitsgesetz in diesem Jahr der Kampf noch nicht verloren ist, wie wir gegen den BND vor Gericht gewonnen haben und wann das Zensurheberrecht endlich abgeschafft wird. Plus: Das Beste aus 100.000 Anfragen über FragDenStaat in diesem Jahr. Error 451 false Arne Semsrott https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11164.html 2019-12-30T16:10:00+01:00 16:10 01:00 Ada 36c3-11164-security_nightmares_0x14 Was Sie schon immer nicht über darüber wissen wollten wer Ihre Geräte wirklich kontrolliert. Entertainment lecture de Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Was werden die nächsten Buzzwords sein und welche neuen Trends sind schon heute absehbar? Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2020 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Wer hat sich letztes Jahr mit seiner AI gestritten? Und wie entwickelt sich das Berufsbild des Blockchain-Exorzisten weiter? Gibt es bald IT-Sicherheits-Wettervorhersagen im Fernsehen? false frank Ron https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11224.html 2019-12-30T17:20:00+01:00 17:20 00:30 Ada 36c3-11224-closing_ceremony_de CCC lecture de false bleeptrack blinry https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10526.html /system/events/logos/000/010/526/large/lightningtalks%283%29.svg.png?1576404182 2019-12-30T11:30:00+01:00 11:30 02:00 Borg 36c3-10526-lightning_talks_day_4 CCC lecture en Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! To get involved and learn more about what is happening please visit the Lightning Talks page in the 36C3 wiki. false gedsic bigalex 36C3 Lightning Talks Wiki Page Info and registration https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10881.html 2019-12-30T13:50:00+01:00 13:50 01:00 Borg 36c3-10881-verkehrswende_selber_hacken Resilience & Sustainability lecture de Der Talk wird eine wilde Fahrt, vorbei an umfallenden Rollern, etwas Kunst mit Sharing-Daten, einer Shoppingtour aus Recherchegründen auf asiatischen Großhandelsplattformen, Sicherheitslücken in Fahrradschlössern, welche einen deutschen Bikesharer dazu bringen, seine 6000 Räder weltweit wieder einzusammeln, der Analyse von risikokapitalgetriebenen Sharingsystemen bis hin zum Gegenentwurf: Wie angewandte Lobbyarbeit für mehr offene Mobilitätsdaten aussieht. Und wie man es selbst in die Hand nehmen kann. Der Markt der Mobilitätsangebote ist in den letzten Jahren immer schneller immer größer geworden. Von einfachen Bikesharing-Rädern über E-Bikes, Lastenrädern hin zu Scootern bekommen wir in Großstädten immer mehr Möglichkeiten, ohne eigenes Gefährt trotzdem mobil zu sein. Aber warum nur in Großstädten? Wie nachhaltig ist das? Warum brauche ich immer noch 20 Apps für jede Stadt? Wie sehen diese Sharingsysteme eigentlich technisch aus? Was passiert mit den Daten und was lässt sich mit ihnen anfangen? Und warum sollten wir Mobilität eigentlich risikokapitalgetriebenen Technologieunternehmen überlassen? Daher bauen wir ein Open Source Bikesharingsystem: nicht profitorientiert und offen für alle, erprobt auf dem CCCamp19. false robbi5 ubahnverleih radforschung https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10666.html /system/events/logos/000/010/666/large/BatRecLau-Cover-white.jpg?1577030760 2019-12-30T15:10:00+01:00 15:10 00:40 Borg 36c3-10666-wandel_im_braunkohlerevier_lithium-ionen-batterierecycling Eine industrielle Perspektive für die Lausitz? Science lecture de Weltweit verlaufen die Entwicklungstrends des Markthochlaufs der Elektromobilität und die Weiterentwicklung relevanter Batteriefertigungs- und Recyclingtechnologien hoch dynamisch. Maßgebliche Faktoren für die Entstehung eines industriellen Batterierecycling-Marktes nehmen dabei erst langsam Gestalt an, der regulatorische Rahmen ist noch modellierbar. Zugleich ist der Technologiepfad Elektromobilität als eingeschlagen zu begreifen - die Notwendigkeit einer Verkehrswende zur Reduzierung des CO2-Ausstoßes begründet Umbrüche in der Automobilbranche, die mittelfristig zu steigenden Verkehrsanteilen von Fahrzeugen mit rein elektrischem oder hybridem Antrieb an den PKW-Neuzulassungen führen werden. Damit steigt der Bedarf an geeigneten Traktionsbatterien und die Nachfrage nach den zu ihrer Herstellung erforderlichen, endlichen Rohstoffen. Im Energiesektor stellt der Beschluss zum Kohleausstieg 2038 eine Zäsur dar: Mit der Zielstellung, die Lausitz – bislang Braunkohlerevier - als Energieregion zu erhalten und die Angleichung der Lebensverhältnisse in der strukturschwachen Region zu schaffen, gehen wir der Frage nach, ob durch die Errichtung einer Recyclingstrecke für Traktionsbatterien der Elektro-Mobilität ein Beitrag zur Gestaltung einer „Energieregion der Zukunft“ geleistet werden kann. Dies einerseits im Hinblick auf die Schaffung von Beschäftigung, um die im Kontext des Braunkohleausstiegs drohenden Verluste von Industriearbeitsplätzen zu kompensieren. Andererseits unter Maßgabe der Etablierung einer nachhaltigen, regional verankerten Kreislaufwirtschaft. Um nachhaltige Entwicklungschancen für die Lausitz im Zuge des Aufschwungs der Elektro-Mobilität abzuleiten, werden • die endogenen Potentiale der Region analysiert, • das zukünftige Altbatterie-Aufkommen und der technologische Entwicklungsstand des Li-Io-Batterierecycling aufgezeigt sowie • die regulatorischen Rahmenbedingungen auf den Prüfstand gestellt. Wir zeigen die offenen Flanken der Lithium-Ionen-„Batterierevolution“ auf, indem wir auch ihre Risiken diskutieren: Das Recycling der Lithium-Ionen-Batterien stellt sich demnach zukünftig als dringliche Notwendigkeit dar, denn • die zu ihrer Herstellung erforderlichen Rohstoffe sind endlich, • sie werden zum Teil unter Menschen unwürdigen Arbeitsbedingungen und mit erheblichen ökologischen Folgeschäden abgebaut, • es ist eine sichere und verantwortungsvolle Entsorgung bzw. Wiederverwertung der Batterien, die hochgiftige Substanzen enthalten, zu gewährleisten. Schließlich werden Handlungsempfehlungen für ein integriertes Entwicklungskonzept formuliert, die auf die Etablierung einer Kreislaufwirtschaft und Bottom-up Partizipation der Bevölkerung abstellen. Sie vermitteln Ideen, wie sich die Ansiedlung einer Zukunftstechnologie – wie des industriellen Batterierecycling - in „Regionen mit hohen Zukunftsrisiken“ unterstützen lässt und wie sich Strukturwandel so gestalten lässt, dass ökologische und soziale nicht gegen ökonomische Interessen ausgespielt werden. false Katrin Nicke 2018/12 | Studie "Batterie-Recycling als Beschäftigungsperspektive für die Lausitz" https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11235.html 2019-12-30T16:10:00+01:00 16:10 01:00 Borg 36c3-11235-36c3_infrastructure_review CCC lecture en 36C3 is run by teams of volunteers. In this event, they will provide some insight into the challenges they faced while building the GSM, DECT and IP networks, running video streams, or organizing ticket sales. All graphs will be pointing up and to the right. false Leon 2019-12-30T11:30:00+01:00 11:30 00:05 Borg MY9A93 https://c3lt.de/36c3/talk/MY9A93/ Entertainment Lightning Talk en A short introduction to the Lightning Talks Day 4 session false gedsic 2019-12-30T11:35:00+01:00 11:35 00:05 Borg YMD9AH https://c3lt.de/36c3/talk/YMD9AH/ Security Lightning Talk en This talk focuses on how one could use a "feature" of google and trace the approximate location of a user even when his location services are blocked. Even when the location services are blocked, google allows any third party to query their API and locate end users. The API utilizes an end point IP address to identify the user's location and pass it to the Third Party (even when the location services are off). Here I will show how close Google allows people to access your location even. false Tanoy Bose 2019-12-30T11:40:00+01:00 11:40 00:05 Borg TFFUYT https://c3lt.de/36c3/talk/TFFUYT/ Hardware & Making Lightning Talk en lernOS sees itself as an "operating system for lifelong learning". The talk gives an overview of the approach and available resources. The rhythm of learning with years or semesters from school and university is lost with the entry into professional life. lernOS brings this rhythm back through regular, self-organized learning sprints (Scrum), focussed learning (OKR), efficient learning (GTD) and connected learning (WOL). The lernOS materials are available under open license Creative Commons Attribution International 4.0. false Simon Dückert 2019-12-30T11:45:00+01:00 11:45 00:05 Borg MWBHMS https://c3lt.de/36c3/talk/MWBHMS/ Hardware & Making Lightning Talk en Presenting a simple gateway for using SMS with other means of communication. false Felix D. 2019-12-30T11:50:00+01:00 11:50 00:05 Borg 3A3ZJL https://c3lt.de/36c3/talk/3A3ZJL/ Security Lightning Talk en Verifpal is new software for verifying the security of cryptographic protocols that is easy to use. Verifpal is new software for verifying the security of cryptographic protocols. Building upon contemporary research in symbolic formal verification, Verifpal’s main aim is to appeal more to real-world practitioners, students and engineers without sacrificing comprehensive formal verification features. In order to achieve this, Verifpal introduces a new, intuitive language for modeling protocols that is much easier to write and understand than the languages employed by existing tools. false Nadim Kobeissi 2019-12-30T11:55:00+01:00 11:55 00:05 Borg UZHUFU https://c3lt.de/36c3/talk/UZHUFU/ Science Lightning Talk en CSR give integers in terms of 1 to 9 by using addition, subtraction, multiplication, division, exponentiation, parenthesis and/or digit concatenation. Inder Taneja attempted to write the integers from 1 up to 11111 in terms of 1 to 9 by using addition, subtraction, multiplication, division, exponentiation, parenthesis and/or digit concatenation. For example: 9617 = 1+2^3*(45+(6+7)*89) 9618 = 1*(2+3+4+5)*(678+9) 9619 = 1+(2+3+4+5)*(678+9) These are generally referred to as crazy sequential representations (CSR). Interestingly, within the 1 up to 11111 range, only one CSR remains to be identified, namely the CSR for 10958. false Anne Bras 2019-12-30T12:00:00+01:00 12:00 00:05 Borg GLLMLV https://c3lt.de/36c3/talk/GLLMLV/ Ethics, Society & Politics Lightning Talk en A short introduction about E-Residency and how to become an Estonian E-Resident. Estonias is the most advanced country for E-Government, 99% can be done online. E-Residency allows digital access also for other international citizens. I will show some facts and my personal experience becoming a digital E-Resident. false Markus Görres 2019-12-30T12:05:00+01:00 12:05 00:05 Borg CMVXDQ https://c3lt.de/36c3/talk/CMVXDQ/ Resilience & Sustainability Lightning Talk en This is a pitching, an Initiative for next year to create an assembly for projects like clustering, heterogeneous computing etc. The point is to create a space where we can collectively build up small clusters and showcase our projects. From using Raspberry's and android phones, to custom made boards using ARM, PIC, x86, ATMELs, FPGAs and more. Use cases for such infrastructures or clusters could be red team tooling, honeypoting, password cracking (hashing) etc. false Dimitrios Sapikas 2019-12-30T12:10:00+01:00 12:10 00:05 Borg UYCLZD https://c3lt.de/36c3/talk/UYCLZD/ Security Lightning Talk de Wie kann man Security Awareness Kampagnen so gestalten, dass die Mitarbeiter nichts lernen und zusätzlich noch sauer auf die IT sind? Angreifer nutzen immer Häufiger menschliche Schwachstellen anstatt der technischen. Um diese "Sicherheitslücke" zu schließen gibt es mehr und mehr Awareness Kampagnen. Hier lassen sich diverse Dinge falsch angehen, die nicht nur zu Unmut bei den Mitarbeitern führen, sondern im Endeffekt dafür sorgen, dass sich an der Sicherheitskultur nichts ändert. Mit diesem Vortrag möchte ich anreißen, wie man eine Kampagne durchführen kann, die garantiert keine positiven Effekte hat. false Christian Klos 2019-12-30T12:15:00+01:00 12:15 00:05 Borg 7BCV7F https://c3lt.de/36c3/talk/7BCV7F/ Art & Culture Lightning Talk en Research presentation on the intersections of hacktivism and early 20th-century avant-garde art One of the assumptions of my doctoral research on the art of hacking is the idea that the historical avant-garde of the 20th century may be interpreted as a main intellectual precondition of hacktivism. I demonstrate that the existing theoretical framework available to analyze the traditions of avant-garde art can provide valuable new aspects to understand hacktivism, as well as to highlight the analogies between the historical avant-garde’s revolutionary ethics and those of hacktivism. false Juli Laczko 2019-12-30T12:30:00+01:00 12:30 00:05 Borg 3SJ9PV https://c3lt.de/36c3/talk/3SJ9PV/ Ethics, Society & Politics Lightning Talk en Although tarnished, blockchain stuff should still interest hackers. This talk provides a positive if irreverent look at the space and its promises. false Thomas Barker 2019-12-30T12:35:00+01:00 12:35 00:05 Borg HMTLJX https://c3lt.de/36c3/talk/HMTLJX/ Security Lightning Talk en For various reasons Medical data is becoming more and more centralized, but we have to way to decide who gets access to which parts of the data. false Reza 2019-12-30T12:40:00+01:00 12:40 00:05 Borg ZY7JB9 https://c3lt.de/36c3/talk/ZY7JB9/ Resilience & Sustainability Lightning Talk en 1.4 Work Resolution Formula R unit-of-work = UOW work-quantum WQ 0 <= UW - WQ = 0 To make our ecological and technological work effective and unique, many work-quanta should be developed in advance of any public offering. The unit-of-work is the minimum weekly shared computational processing required to sustain the network. A completed unit-of-work represents a proof-of-human-collaboration, the consensus algorithm for access to the action network. false ahimsa 2019-12-30T12:45:00+01:00 12:45 00:05 Borg JGAZMR https://c3lt.de/36c3/talk/JGAZMR/ Security Lightning Talk en I'll demonstrate how you can filter dns packets from iptables with insanely great performance, and also why you should be wary about doing this. Filtering DNS packets from iptables is possible, and the performance is awesome. However, if you don't pay attention, and you don't test thoroughly enough, you may also filter legit queries. The talk is about a bit of hardening, and mostly about a fail in production, and how I have achieved to drop about 2-3% of our users. false Péter Héja 2019-12-30T12:50:00+01:00 12:50 00:05 Borg DGXJ3L https://c3lt.de/36c3/talk/DGXJ3L/ Hardware & Making Lightning Talk en Drivers are usually written in boring and unsafe languages such as C. Did you know that you can actually use cool and safe languages as well? We've got drivers in Rust, Go, Java, C#, Haskell, OCaml, Swift, Javascript, and Python. Check out [our GitHub page](https://github.com/ixy-languages/ixy-languages) for all implementations. Long versions of this talk are available on media.ccc.de: * [35C3, English, 45 minutes](https://media.ccc.de/v/35c3-9670-safe_and_secure_drivers_in_high-level_languages) * [EH 19, German, 50 minutes](https://media.ccc.de/v/eh19-189-treiber-in-high-level-programmiersprachen) false Paul 2019-12-30T12:55:00+01:00 12:55 00:05 Borg ZSDZWM https://c3lt.de/36c3/talk/ZSDZWM/ Ethics, Society & Politics Lightning Talk en Cycling around the globe for climate justice & social justice with thousands of people. Aiming at education & networking for the 21st century. Tour de Rebel – How dare you? We dare! We dare to be a critical mass of thousands of people who are cycling together around the world for climate justice and social justice to spread the science regarding climate change and tell the truth. Further, sharing skills for the 21st century needed. Education & acting now and networking for the 21st century is a central part of the Tour de Rebel. We dare to build connections between and within organisations and movements while enjoying slow travelling false Jacob Heinze 2019-12-30T13:00:00+01:00 13:00 00:05 Borg BNTGQH https://c3lt.de/36c3/talk/BNTGQH/ Ethics, Society & Politics Lightning Talk en Short introduction of Listling, a free and open-source web app to make and edit lists collaboratively false Sven 2019-12-30T13:05:00+01:00 13:05 00:05 Borg JLTFWU https://c3lt.de/36c3/talk/JLTFWU/ Hardware & Making Lightning Talk en At the Freilab Freiburg e.V. we developed a new digital tally sheet that is easily deployable and fun to use. In this talk I introduce the software design and hardware deployment of a cheap, yet intuitive to use solution for counting Mate consumption per user. It serves as an example of how simple both hardware and software setup of a digital tally sheet can really be without compromising on the user experience. false ypnos 2019-12-30T13:10:00+01:00 13:10 00:05 Borg CUC3CT https://c3lt.de/36c3/talk/CUC3CT/ Science Lightning Talk en Despite many amazing (technical) results, NLP is facing both linguistic and ethical challenges. Given the rise of NLP, we are facing the consequences. false Ingo Kleiber 2019-12-30T13:15:00+01:00 13:15 00:05 Borg RFR3TE https://c3lt.de/36c3/talk/RFR3TE/ Science Lightning Talk en Let's build a system programming language for hackers! More control and possibly faster than C. No legacy - Just fun! Let's build a system programming language for hackers! More control and possibly faster than C. No legacy - Just fun! Link: https://github.com/rebuild-lang false arBmind 2019-12-30T13:20:00+01:00 13:20 00:05 Borg UNUFZR https://c3lt.de/36c3/talk/UNUFZR/ Art & Culture Lightning Talk de Where to find large amounts of valuable open culture data and how to use them. This lightning talk gives a brief introduction on where open cultural data is available and how it can be used to create new art and beauty. false Leander Seige 2019-12-30T13:25:00+01:00 13:25 00:05 Borg XJDQTD https://c3lt.de/36c3/talk/XJDQTD/ Entertainment Lightning Talk en What if you could play Minesweeper *against* the computer? I describe how I created a game that is always fair but will punish you for every mistake Kaboom is a Minesweeper game that does not determine the mines beforehand, but makes them up as you play. While that sounds simple, it was surprisingly hard to get right and required me to do pretty interesting things, so I want to describe how I created the game. You can play the game at https://pwmarcz.pl/kaboom. false pawel https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10592.html /system/events/logos/000/010/592/large/Stempel-8.6.png?1577273820 2019-12-30T11:30:00+01:00 11:30 00:40 Clarke 36c3-10592-fairtronics A Tool for Analyzing the Fairness of Electronic Devices Resilience & Sustainability lecture en Electronic gadgets come not just with an ecological footprint, but also a human cost of bad working conditions and human rights violations. To support hardware makers who want to design fairer devices, we are building a software tool to easily discover social risk hotspots and identify measures for improvement. The issue of human rights violations in the supply chains of electronics products is nowadays being broadly discussed. However, from the point of view of a hardware maker, it is difficult to exclude the possibiltiy of harm being done to workers in their supply chains due to their complexity and lack of transparency. At the same time, projects such as Fairphone and NagerIT demonstrate that improvements are, in fact, possible. At FairLötet and the Fairtronics project, we try to support those who would like to improve the social impact of their products in taking the first step towards improvement. To this end, we are building a software tool which will provide a first estimate of the risks contained within a given design: circuit diagram in, analysis out. The analysis shows the main social risks associated with the product, due to which components and materials they arise, and in what regions of the world the risks are located. This enables the user to understand where efforts towards sustainability should be concentrated, e.g. by making informed purchasing decisions or engaging with suppliers. In this talk, you will learn about the risks associated with electronics, how they are estimated, and what data we gather to compute them. No deep background in sustainability or hardware is required. false Andreas Fritsch xian tamdrx Projektbeschreibung beim Prototypefund Fairtronics Präsentation https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10919.html /system/events/logos/000/010/919/large/nopnreu_logo.png?1576657717 2019-12-30T12:30:00+01:00 12:30 00:40 Clarke 36c3-10919-nopnr_let_s_kill_the_next_data_retention_law How to Stop the Dubious Use of Passenger Name Records by Law Enforcement Ethics, Society & Politics lecture en The talk will address how passenger name records (PNR) of flight passengers are currently used by law enforcement throughout the European Union to track and identify suspects of a variety of crimes, how this is likely to be only a first step by the security state to surveil our every movement. Two NGOs have joined forces to stop this new form of indiscriminate mass surveillance in the courts and build safeguards against future infringements of our fundamental right to privacy. The PNR directive obliges all EU member states to process and save for five years all PNR data of passengers entering or exiting the European Union by plane. All member states have agreed to voluntarily extend this practice to all intra-EU flights as well. Subsequently, the data of hundreds of millions flight passengers are being checked against databases, generating vast amounts of false positives and futile infringements on passengers’ right to privacy. The data are also processed against “pre-determined criteria” which allows law enforcement to define “suspicious flight patterns”. The goal of this profiling of our travel movements is to find suspects among flight passengers that the authorities have never even heard of before. The system has no effective safeguards to prevent vast numbers of people from being falsely labeled as potential terrorists. Member states are already planning to extend this practice to international buses, trains and ferries – even though the effectiveness of processing flight passengers’ PNR data has yet to be proven. By this logic, the next step would be to track rental cars, then all cars, then mobile phones, and finally getting rid of the criterion “international”, enabling the state to surveil our every movement and to identify those of us who seemingly move around in suspicious patterns. But there is hope. The Court of Justice of the European Union (CJEU) has proven before to be critical of indiscriminate mass surveillance affecting people that are not even on the authorities’ radar yet. Therefore, the Gesellschaft für Freiheitsrechte, a German NGO focused on strategic litigation, and epicenter.works, an Austrian NGO focused on protecting human rights in the digital age, have started legal proceedings against the PNR directive, aiming to have German and/or Austrian courts ask the CJEU whether the PNR directive and national transposition laws violate the Charta of Fundamental Rights. This talk will explain how law enforcement currently processes PNR data, how this violates fundamental rights, how these surveillance systems may soon extended to other means of transportation, and what strategy civil society is pursuing to stop this from happening. false Walter Hötzendorfer Bijan Moini Website https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10988.html /system/events/logos/000/010/988/large/wohnungsbot-twitter.png?1572101097 2019-12-30T13:30:00+01:00 13:30 00:40 Clarke 36c3-10988-wohnungsbot_an_automation-drama_in_three_acts A media-art project which automates the search for flats in Berlin and challenges automation narratives Art & Culture lecture en At the center of Clemens Schöll's latest art project is the "Wohnungsbot" (flat-bot), which automates flat searching in Berlin. But it doesn't only try to search flats for everybody, it fundamentally questions power-relationships in (flat-searching) online platforms. Where are the utopias about public automation? Who should be able to automate what, and how? <p>With increasing urbanization and financial speculation on the housing market the search for a flat in any big city has become an activity that consumes a lot of resources for people in need of housing: beyond the emotional load a significant share of your supposed leisure time is being consumed by repetitive tasks. Online platforms force us to refresh pages, scroll, click here, click there, look at a few pictures and eventually copy-paste our default text over and over again. If you're ambitious you maybe adjust the lessor's name or the street. But honestly, why do we do this? It could be so easily automated.</p> <p>The 'automation drama in three acts' by media artist Clemens Schöll titled <i>"Von einem der auszog eine Wohnung in Berlin zu finden" (Of someone who went forth to find a flat in Berlin)</i> speculates about alternative strategies and narratives for both the housing market as well as automation itself. At the center of the multi-exhibition project stands the Wohnungsbot (literally: flat-bot), a free open source software to automate flat-searching and applications in Berlin, released to the public in June 2019.</p> <p>But the Wohnungsbot is about much more than just rejecting the out-of-control housing situation. There are no technological fixes for social problems. By reclaiming de-facto working time a fundamental utopia of automation is opened once again. Who should be able to automate, what should they be able to automate, and how?<br/> But even if these tools are publicly available – who is aware of them and who is able to use them?</p> <p>Looking back in history we find that automation has always been accompanied with struggles of power and labor. How have we reached a state where only institutions, be it private companies (usually for-profit) and the state, are allowed or able to automate? Why has automation become a synonym to nightmares of many people, such as mass unemployment? If we're not asked for consent (or don't want to give it) to being dehumanized by automated processes, how can we oppose these practices?</p> <p>Ultimately, we can look at ourselves (at Congress) and ask: where do we stand in this? With many of us being <i>"people who write code"</i> (title of a previous artistic research project by Clemens Schöll) we must reflect if and how we shape this tension with our work and existence.</p> false Clemens Schöll Wohnungsbot-Website https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10548.html /system/events/logos/000/010/548/large/bassclose.jpg?1577462178 2019-12-30T14:30:00+01:00 14:30 00:40 Clarke 36c3-10548-hackers_makers_changing_music_technology Art & Culture lecture en I will explore the ways in which music is influenced by making and hacking, including a whistle-stop tour of some key points in music hacking history. This starts with 1940s Musique Concrete and Daphne Oram’s work on early electronic music at the BBC, and blossoms into the strange and wonderful projects coming out of the modern music hacker scenes in London and Berlin, including a pipe organ made of Furbies, a sound art marble run, robotic music machines, gesture controlled moon cellos, and singing circuit sculptures. I'll also be sharing some of own work, plus my favourite new ways to make embedded instruments, including plenty of amazing Open Source hardware and software. false Helen Leigh One of my own instruments (circuit sculpture) https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10795.html /system/events/logos/000/010/795/large/NGI0_tag.png?1571958127 2019-12-30T12:30:00+01:00 12:30 00:40 Dijkstra 36c3-10795-ngi_zero_a_treasure_trove_of_it_innovation Resilient. Trustworthy. Sustainably Open. Resilience & Sustainability lecture en <p>The <a href="https://ngi.eu">Next Generation Internet</a> initiative is the first concerted effort in Europe to put significant public funding to hands-on work to really fix the internet. The long term <a href="https://ngi.eu">vision</a> of the initiative is to make the internet what we need and expected it to be in the first place: <strong>Resilient</strong>. <strong>Trustworthy</strong>. <strong>Sustainable</strong>. The concrete mission of the Next Generation Internet initiative is to "re-imagine and re-engineer the Internet for the third millennium and beyond". With new projects starting all the time, the density of awesome open source, open hardware, new science and new standards in-the-making is already intense: about 200 projects are currently on their way. These range from encrypted synchronisation for calendars and address books to symbolical protocol verification, from an open hardware RISC-V SoC to removing binary seeds from operating systems, from ethical search to the Fediverse etc. <p>NGI Zero offers funding to independent researchers and FOSS developers working on free and open projects in the area of privacy and trust enhancing technologies and on search, discovery and discoverability. It also offers an elaborate 'pipeline' of supporting activities that live up to high standards (sometimes called 'walk the talk') in terms of security, privacy, accessibility, open source licensing, standardisation, packaging, etc. The talk will provide an overview of the awesome R&D that is now in the pipeline, how the programme is organised and everything you need to know about the various opportunities to 'come and work for the internet'. </p> <p><a href="https://nlnet.nl/discovery">NGI Zero Discovery</a> and <a href="https://nlnet.nl/PET">NGI Zero PET</a> are a significant effort and ambitious effort by a large group of organisations led by <a href='https://nlnet.nl/foundation' rel="me">NLnet foundation</a> (that was instrumental in <a href="https://nlnet.nl/foundation/history">pioneering the early internet in Europe</a>): <ul> <li><a href="https://accessibility.nl/english">Accessibility Foundation</a> - Center of expertise on accessibility of internet and other digital media for all people, including the elderly and people with disabilities</li> <li><a href="https://apc.org">Association for Progressive Communications</a> - A global network and organisation that strives towards easy and affordable access to a free and open internet to improve the lives of people and create a more just world</li> <li><a href="https://techcultivation.org/">Center for the Cultivation of Technology</a> - A charitable non-profit host organization for international Free Software projects</li> <li><a href="https://commonscaretakers.com">Commons Caretakers</a> - A not-for-profit service provider for the development of Commons</li> <li><a href="https://www.netsec.ethz.ch/">Network Security Group</a> of <a href="https://www.netsec.ethz.ch/">Eidgenössische Technische Hochschule Zürich</a> - Academic research institute focused on building secure and robust network systems</li> <li><a href="https://fsfe.org">Free Software Foundation Europe</a> - Association charity that aims to empower users to control technology.</li> <li><a href="http://www.ifross.org/" class="external" target="_blank">ifrOSS</a> - Provides not-for-profit legal services and studies in the context of free and open source software</li> <li><a href="https://nixos.org/nixos/foundation.html">NixOS Foundation</a> - Foundation supporting development and use of purely functional configuration management tools, in particular NixOS and related projects</li> <li><a href="https://nlnet.nl">NLnet Foundation (NL)</a> - Grantmaking public benefit organisation founded by pioneers of the early European internet</li> <li><a href="https://ps.zoethical.com/">Petites Singularit&eacute;s</a> - Non profit organisation working with free sofware and focusing on collective practices</li> <li><a href="https://radicallyopensecurity.com">Radically Open Security</a> - Not-for-profit open source security company</li> <li><a href="http://securesoftware.nl" class="external" target="_blank">TIMIT</a> - Experts in secure software</li> <li><a href="http://translatehouse.org/" class="external" target="_blank">Translate House</a> - Develops and implements open source localization solutions</li> </ul> <p>The budget for the effort is kindly provided by the European Commission.</p> false Michiel Leenaars Next Generation Internet vision NGI Zero Privacy & Trust Enhancing Technologies NGI Zero Discovery NLnet Foundation https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10903.html 2019-12-30T13:30:00+01:00 13:30 00:40 Dijkstra 36c3-10903-jahresruckblick_der_haecksen CCC lecture de In diesem Vortrag nehmen wir euch mit auf eine Reise durch das Haecksenjahr 2019. Wir streifen kurz die deutsche Statistik über Femizide in Deutschland, bei der Deutschland sechst-schlechtestes Land im europäischen Vergleich ist. Femizide führen direkt zur Hexenverbrennung um ca. 1550. Viele Belege weisen darauf hin, dass die Verfahren zur Unterdrückung von Aufständen in der Bevölkerung gedacht und nicht einfach Effekte von Massenhysterien waren. Dann schwenken wir auf die positive Seite unseres Jahres um. Wir geben euch eine Führung durch unsere Kunstgalerie (Briefmarken, Postkarten Memorials und mehr), zeigen Einblicke in ein Haecksen-Geekend und wie wir unsere 100 neuen von 292 Haecksen insgesamt integrieren und aktivieren. Außerdem verraten wir euch, in welchen Chaos-nahen Gruppen sich Haecksen-Gruppen befinden und was sie dort in 2019 gemacht haben. Zusätzlich dazu haben sich Haecksen dezentral zu den Themen Klimawandel und die Effekte von Bias in Trainigsdatensätzen zusammengeschlossen. Wir schließen mit der Vorstellung von NIFTI http://nifti.org als der neue zentrale Knotenpunkt der Gemeinschaft aller FNIT-Gruppen mit Interesse an Technik. Und wir werden dabei unser 30jähriges Jubiläum feiern. false melzai Haecksen https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10948.html 2019-12-30T14:30:00+01:00 14:30 00:40 Dijkstra 36c3-10948-aufbau_eines_sensornetzes_fur_die_messung_von_stickstoffdioxid Hardware & Making lecture de Ausgehend von den behördlichen Messnetz für Stickoxide soll der Aufbau einer preisgünstigen Open Source Messstation für Stickstoffdioxid, inklusive Kalibrierung und der behandlung von Störenden einflüssen behandelt werden. Zusätzlich soll eine Webanwendung vorgestellt werden welche die Daten aus einem Messnetz der NO2-Messstationen sammelt, auf Karten visualisiert und somit dem Citizen Science Ansatz Rechnung trägt. Spätestens seit dem Abgasskandal (Dieselgate) und den daraus resultierenden Fahrverboten für Dieselfahrzeuge ist eine öffentliche Debatte um Stickoxide (insbesondere Stickstoffdioxid (NO2)) als Luftschadstoff entstanden. Die Stickstoffdioxidbelastung in Städten und Gemeinden verunsichert viele Bürgerinnen und Bürger, denn einerseits ist der Schadstoff nicht wahrnehmbar und andererseits kann Stickstoffdioxid eine erhebliche Gefahr für die Gesundheit darstellen. In Deutschland existieren derzeit nur ca. 350 offizielle Messstationen für Stickstoffdioxid, so dass ortsspezifische oder sogar flächendeckende Angaben zur Luftschadstoffbelastung nicht möglich sind. Ein flächendeckendes Messnetz ist laut Gesetz auch nicht vorgesehen. Folglich können politische oder gerichtlich durchgesetzte Maßnahmen zur Verbesserung der Luftqualität auch nur dort stattfinden, wo Messwerte existieren. Da es gegenwärtig keine Bestrebungen gibt das öffentliche Netz an Messstationen auszuweiten, möchten wir mit diesem Vortrag einen Vorstoß unternehmen, die technischen Grundlagen zur Errichtung eines bürgerschaftlichen Messnetzes zu eruieren und für diesen Zweck konkrete Bauanleitungen und Informationsdienste vorstellen. Im Gegensatz zu den mehrere tausend Euro teuren und eignungsgeprüften Messstationen zeigen wir eine hinreichend akkurate und preisgünstige (<50 Euro) Alternative auf. In dem Vortrag erklären wir euch zunächst wie Stickstoffdioxid durch offizielle Stellen gemessen wird und wie die Grenzwerte definiert sind. Anhand des Status Quo der Datenerhebung erläutern wir bestehende Defizite und Potentiale für eine genauere und flächendeckendere Messung von Luftschadstoffen wie Stickstoffdioxid. Im zweiten Teil des Vortrags beschreiben wir den Aufbau einer preisgünstigen Open Source Messstation für Stickstoffdioxid. Dabei werden Kriterien für die Auswahl von Komponenten und die Durchführung einer Vergleichsuntersuchung mit einem eignungsgeprüften Messgerät vorgestellt. Außerdem werden Kalibrierungsmethoden und die Behandlung von störenden Einflüssen durch Luftfeuchtigkeit und Temperaturschwankungen thematisiert. Im dritten Teil des Vortrags wird eine Web-Anwendung vorgestellt, die Daten aus einem Messnetz der NO2-Messstationen sammelt, auf Karten visualisiert und somit dem Citizen Science Ansatz Rechnung trägt. Dabei diskutieren wir auch Vor- und Nachteile unterschiedlicher kartenbasierten Darstellungsformen von Luftschadstoffmesswerten. false Patrick Römer Abstract als PDF file https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11035.html /system/events/logos/000/011/035/large/Faire_Digitalisierung_gestalten.png?1576506648 2019-12-30T11:30:00+01:00 11:30 00:40 Eliza 36c3-11035-gerechtigkeit_4_0 Makroökonomische Auswirkungen der Digitalisierung auf den Globalen Süden Ethics, Society & Politics lecture de In den gegenwärtigen Debatten um die Digitalisierung werden systemische und strukturelle Auswirkungen der Digitalisierung auf Entwicklungs- und Schwellenländer und damit verbundene potentielle Risiken und Herausforderungen bislang kaum betrachtet und diskutiert. Ein schwerwiegendes Versäumnis, hatte doch bereits die Weltbank, einer der größten Förderer von IKT in den Ländern des Globalen Südens, in ihrem Weltentwicklungsbericht ‚Digital Dividende‘ (2016) selbstkritische eingeräumt, der digitale Wandel bleibe nicht nur hintern, sondern verschärfe die soziale Ungleichheit. Der Vortrag setzt sich mit der Frage auseinander, inwiefern die Digitalisierung zur Überwindung von Armut und sozialer Ungleichheit in den Ländern des Südens beitragen können. Erweitern sie die Chancen auf gesellschaftliche und ökonomische Teilhabe von benachteiligten Menschen oder verengen sie diese? Schwerpunkt der Analyse bildet die Auseinandersetzung mit dem digitalen Handel. Fast unbemerkt hat sich in der Handelspolitik eine neue Dynamik entwickelt. Führende Tech-Konzerne, allen voran die aus dem Silicon Valley, instrumentalisieren zunehmend das Handelsrecht für ihre Interessen. Dabei geht es längst nicht mehr nur um die Reduzierung von Zöllen auf digitale Produkte wie Software oder einheitliche Standards für Telekommunikationsdienste. Patente auf Künstliche Intelligenz sowie die (Nicht)Regulierung von Datenflüssen sind inzwischen auch Bestandteil handelsrechtlicher Regelungen und Gegenstand kontroverser Debatten in der Welthandelsorganisation WTO. Für die Länder des Globalen Südens – aber nicht nur für sie – steht dabei viel auf dem Spiel, einschließlich der Gefahr eines neuen, digitalen Kolonialismus. Im Vortrag zeigt zudem erste Ansätze zum Aufbau einer fairen und menschenwürdigen Digitalisierung auf. Vom E-Commerce zum digitalen Handel Vor 25 Jahren kaufte ein Internetnutzer aus Philadelphia, mit seiner Kreditkarte am Computer eine Audio-CD des Musikers Sting. Der elektronische Handel war geboren. Ein Jahr später ging Amazon mit seinem ersten Buch an den Start. Während in der Frühphase des E-Commerce vor allem materielle Güterverkauft wurde, kamen in der Folgezeit, aufgrund technischer Fortschritte, neue Produkte und Vermittlungswege hinzu. Eine Welt ohne digitale Dienstleistungen (wie der Fahrkartenkontrolle per App) und digital übermittelt Produkte (wie z. B. Video-Streaming) ist heutzutage nicht mehr vorstellbar. Mit der Verlagerung der gehandelten Güter von materiellen Produkten zu immateriellen wandelte sich auch die Begrifflichkeit. So verdrängte der Terminus des „digitalen Handels“ zunehmend den des „elektronischen Handels“. Asymmetrische Einbindung des globalen Südens Mit dem digitalen Handel und der Digitalwirtschaft werden häufig große Hoffnungen für den Globalen Süden verknüpft. Die Schaffung neuer, digitaler Märkte sei mit hohen Wachstumsraten verbunden, einhergehend mit einer Steigerung des Wohlstandes, behaupten nicht nur Tech-Konzerne, sondern auch Akteure aus der Entwicklungszusammenarbeit. Ein Bericht der Vereinten Nationen kommt jedoch zu einem anderen Ergebnis. Demnach verteilt sich der Handel mit digitalen, immateriellen Gütern noch ungleicher, als beim traditionellen, analogen Handel. Auch beim Handel mit IT-Produkten, wie Laptops oder GPS-Geräten, geraten die Entwicklungsländer ins Hintertreffen. Die ökonomischen Folgen für die Länder des Südens sind schwerwiegend: Viele Entwicklungsländer leiden unter (1) Handelsbilanzdefiziten, (2) geringeren Staatseinnahmen und (3) erschwerten Bedingungen zum Aufbau einer eigenen, lokalen Digitalwirtschaft. Daten – Der Zankapfel in neuen Handelsabkommen Ein Anfang 2019 in Kraft getretenes Mega-regionales Handelsabkommen, dem elf Staaten angehören, darunter wichtige OECD-Länder (Japan, Kanada, Neuseeland, Australien, Chile, Mexiko), geht weit über bisherige Verträge zum digitalen Handel hinaus. Gleiches gilt für das von Trump vor drei Monaten abgeschlossene Handelsabkommen mit Japan. Beide verfolgen die Nicht-Regulierungsagenda des Silicon Valley, die seit 2000 zur offiziellen Handelspolitik der USA erklärt wurde. Demnach sollen in Handelsabkommen der USA folgenden Verbote hineinverhandelt werden: • Verbot von Zöllen • Verbot einer Digitalsteuer • Verbot lokaler Datenspeicherung • Verbot Quellcodes zu öffnen Digitalisierung von Wertschöpfungsketten Neben den hohen Wachstumsraten beim digitalen Handel, setzen viele Akteure aus der Entwicklungszusammenarbeit auch große Hoffnungen auf die Digitalisierung globaler Lieferketten. Sie versprechen sich davon gleich mehrere positive Impulse: Eine verbesserte Effizienz, mehr Produktivität und Transparenz sowie dem, aus entwicklungspolitischer Perspektive entscheidenden Faktor: Eine erhöhte Wertschöpfung für jene Menschen, die am Anfang der Lieferkette stehen, wie beispielsweise Kleinbauern in Kamerun Erste Untersuchungen, u. a. am Beispiel ostafrikanischer Teeproduzenten, bestätigen diese Hoffnungen, allerdings nur zum Teil. Durch die Anbindung an das Internet hat sich die Kommunikation der Teepflücker mit anderen Akteuren aus der Lieferkette verbessert; auch können sie ihre Arbeit effizienter und transparenter gestalten. Trotz dieser Fortschritte hat sich jedoch die Einkommenssituation der Teepflücker*innen nicht verbessert, da die Anzahl potentieller Lieferant*innen mit gleichwertiger Qualitätsteigt an, wodurch diese verstärkt miteinander in Konkurrenz treten. Faire Gestaltung der Digitalisierung „There is no time to lose in taming the power of the digital. We can either surrender our digital future, or we can take ownership of it.” (‘Digital Justice Manifesto’, Just Net Coalition, November 2019). Zum Schluss stell ich die einige Eckpfeiler für die Gestaltung einer Digitalisierung zugunsten der Menschen im Globalen Süden vor. false Sven Hilbig Gerechtigkeit 4.0 Digitalisierung fair gestalten https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11247.html 2019-12-30T12:30:00+01:00 12:30 01:00 Eliza 36c3-11247-technical_aspects_of_the_surveillance_in_and_around_the_ecuadorian_embassy_in_london Details about the man hunt for Julian Assange and Wikileaks Ethics, Society & Politics lecture en The talk explains and illustrates the procedural and technical details of the surveillance in and around the Ecuadorian embassy in London during the time Julian Assange stayed in there from June 2012 until April 2019. In the aftermath of Assange's expel from the ecuadorian embassy in London and his arrest based on a US extradition warrant evidence appeared that the "Security" measures of the embassy had at some point switched from protecting Assange and the embassy to an extremely detailled surveillance operation both against Assange and his visitors. The Spanish company "Undercover Global" that has been in charge of the embassy between 2015 and April 2018 and its owner and CEO is under investigation for spying on behalf of the CIA. Material from the second company that has taken over the embassy "Security" in April 2018 has found its way into an attempted extortion and is also subject to a legal investigation. The talk will contain material both documenting the surveillance measures installed as well as audio and video material obtained by the surveillance gear. It will also briefly touch on surveillance measures experienced elsewhere by friends, lawyers, media partners and associates of Assange and Wikileaks in the context of the ongoing man hunt. false andy Undercover Global S.L. - a spanish company - worked both for the ecuadorian Government and other interested parties and did "security" in the Embassy from 2015 till 2018 Prom Security - an ecudorian company - took over the embassy "security" from April 2018 Context on Julian Assange Context on Wikileaks https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10885.html 2019-12-30T13:50:00+01:00 13:50 00:40 Eliza 36c3-10885-unpacking_the_compromises_of_aadhaar_and_other_digital_identities_inspired_by_it Governments around the world are implementing digital identity programs that don't work Ethics, Society & Politics lecture en Aadhaar is India's national biometric identity database, with over one billion records comprising fingerprints, iris scans and basic demographic information. It is presented as identity technology, allowing an individual to identify themselves, but also as an identification technology, allowing the state to see an individual, identify fraudulent welfare beneficiaries, and thus realise savings. These claims are not complementary. They are in fact contradictory, compromising each other. If one must be true, the other must somehow be false, and this is the reality of Aadhaar. This talk will demonstrate how Aadhaar's attempt to be a cure for all kinds of ailments has in fact resulted in large scale exclusion and fraud. We will look at a series of design assumptions in Aadhaar's architecture, the gaps in them, and then examples of how these gaps were exploited, from public news reports. Aadhaar is often touted as a revolutionary technology that has simultaneously given identity to billions and realised substantial savings from fraud for the government. These utopian visions are finding buyers around the world. Jamaica, Morocco and Kenya have all adopted projects inspired by Aadhaar, and more countries are following suit. Unfortunately, Aadhaar is not magic, and there is now an urgent need for a sober understanding to be taken worldwide. The Kaarana project began in 2017 as a collaboration between programmers and lawyers, to document architectural assumptions and their impact on human rights. The project's findings were presented as evidence to the Supreme Court of India in 2018, and are acknowledged in a scathing dissent by Justice Chandrachud (September 2018). This dissent was in turn cited by the Supreme Court of Jamaica to shut down a biometric identity program in that country (April 2019). In September 2019, Kaarana member Anand Venkatanarayanan also appeared as a witness in the Supreme Court of Kenya in a petition against Huduma Namba, the Kenyan biometric identity program. We hope that this presentation at CCC will help public interest technologists from around the world prepare for a critical examination of similar programs in their countries. false Kiran Jonnalagadda Kaarana blog (contains works not published in mainstream publications) 2019-12-30T11:00:00+01:00 11:00 00:50 Chaos-West Bühne CHBLH8 https://fahrplan.chaos-west.de/36c3/talk/CHBLH8/ The real basic about Bits and Nibbles Doppelter Slot de Eine Reise zu den Fundamenten der digitalen Welt Was ist eigentlich ein Rechenzentrum und wie funktioniert es? Welche Bedeutung haben Datacenter für das Internet und den ganzen digitalen Rest? Strom, Kühlung und Sicherheit im Überblick. Was muss alles passieren, damit Server, Storages und Netzwerke immer laufen können. Warum werden die Datacenter immer größer, wo doch die Elektronik immer kleiner wird? Welche Konsequenzen ergeben sich daraus? Wieviel Strom verbraucht eine Suchanfrage oder ein Videostream und warum ist das relevant? Ist Deutschland ein guter Standort für (neue) Rechenzentren und warum? Und was hat das alles mit Klimawandel und Nachhaltigkeit zu tun? Kann es GreenIT ohne "grüne" Datacenter geben? Wie sollten die aussehen? Was muss in den kommenden Jahren geändert werden, damit auch Rechenzentren ihrer Rolle beim globalen CO2-Ausstoß gerecht werden? Überraschende Einblicke in Planung, Bau und Betrieb von großen Rechenzentren. false Günter Eggers /media/36c3/images/CAVFZP/title.jpg 2019-12-30T12:00:00+01:00 12:00 00:50 Chaos-West Bühne CAVFZP https://fahrplan.chaos-west.de/36c3/talk/CAVFZP/ Antifaschimus Doppelter Slot de Sprache schafft Bewusstsein. Als ein Gegenpol zum rechten "Das wird man doch wohl noch sagen dürfen"-Narrativ soll es in diesem Vortrag um verbrannte Wörter gehen. Wörter, die durch die Nationalsozialisten derart negativ besetzt wurden, dass ihr Gebrauch wohl überlegt sein will. Dieser Vortrag wird den historischen Kontext zu bestimmten Worten oder Wendungen erklären, sei es zum Beispiel die "Aktion", "asozial", die "Überfremdung" oder "versifft". Den Zuhörenden soll hier dabei geholfen werden, bestimmte nationalsozialistische Denkmuster durch ihre Sprache nicht aktiv zu reproduzieren und dabei helfen, eine geschichtsbewusstere Sprache zu etablieren. An einigen Stellen wird die Analyse von Worten oder Wendungen auch einen klaren Bezug zur Sprache der neuen Rechten in Deutschland enthalten. Der Vortrag ist als Präsentation konzipiert und wird schrittweise verschiedene Worte genauer analysieren, der Vortrag kann dann im Abschluss aber gerne durch einen etwas längeren Fragenteil abgerundet werden. false Bianca Kastl 2019-12-30T13:00:00+01:00 13:00 00:50 Chaos-West Bühne ZQP3NG https://fahrplan.chaos-west.de/36c3/talk/ZQP3NG/ Klimakatastrophe Doppelter Slot en Heat waves, wildfires and new movements like Fridays for Future and Extinction Rebellion have brought the climate crisis back into the news. If the world continues to emit greenhouse gases like today, the world will heat up by at least 3 degree celsius, potentially much more. Yet despite increased attention for the climate crisis no political action even remotely sufficient to tackle the problem is in sight. The talk will give a brief overview of the state of the science of climate change, the politics and the scale of the challenge. It'll also give an overview of some - more or less scientific - worst case predictions that sometimes lead to claims that it's just "too late to do something", which may become a new form of justification for not doing anything. Slides: https://int21.de/slides/36c3-climate/ false Hanno Böck 2019-12-30T14:00:00+01:00 14:00 00:50 Chaos-West Bühne GVQMJW https://fahrplan.chaos-west.de/36c3/talk/GVQMJW/ The real basic about Bits and Nibbles Doppelter Slot de Während Marketingabteilungen mit Buzzwords wie "KI", "IoT" und "Blockchain" um sich werfen, schütteln die meisten hier den Kopf. Und womit? Mit Recht. Vielen Anwender*innen und politischen Entscheidungsträger*innen fehlt es schlicht an technischer Kompetenz, um Probleme wie Stalkerware, politische Einflussnahme durch soziale Medien und Algorithmen(ethik) im Kern zu begreifen. Aber wie können wir die Erfahrungen und das Wissen in dieses Draußen vermitteln, um den Menschen eine Chance zu geben, nicht bei jeder kleinsten Gelegenheit auf die Dummschwätzer reinzufallen? Wie können wir positiv Einfluss nehmen auf die Gesellschaft, damit informierte Entscheidungen überhaupt möglich sind? Wie kriegen wir vermittelt, was technisch bereits alles möglich ist und was (noch) nicht? In vier Jahren PrivacyWeek haben wir die Themenbreite der "Digitalisierung" (BINGO!) mehrfach durchgearbeitet und gemeinsam mit den Vortragenden kommen wir immer wieder zum selben Schluss: Es braucht mehr Aufklärung und technische Kompetenz in der Bevölkerung, um die Probleme, die die weltweite Vernetzung mit sich bringt, überhaupt zu begreifen und ihnen begegnen zu können. Und letztlich bleibt die Frage, wo wollen wir als CCC letztlich hin? Wie können wir einen Informationstransfer forcieren, der über einige im eigenen Saft kochenden Initiativen hinausgehnt? Und wollen wir das überhaupt? Eine Zusammenstellung der inhaltlichen Learnings von vier Jahren PrivacyWeek. false jinxx /media/36c3/images/JYS88M/talk_image.jpeg 2019-12-30T16:00:00+01:00 16:00 00:50 Chaos-West Bühne JYS88M https://fahrplan.chaos-west.de/36c3/talk/JYS88M/ Nicht Computers Doppelter Slot en Lithium-Ion batteries are everywhere and are here to stay. They're wonderful to bring mechanical and electronic creations to life, but can also be dangerous if one is not careful with them. Many come with dedicated protection features or at least claim to do so, while others rely on different features to make them safe. Due to how the materials are sourced and which materials are used the environmental and geopolitical factor of them also can’t be neglected. This talk is for you if you're someone tinkering with electronics or if you're just curious and want to know more about the strange creatures batteries are. This is an introduction and overview, covering the essentials of: - Safety, or how to not burn your house down - Chemistries and why some can perfectly cope at -40°C and others won't - Failure is optional and why some just don't burn or explode - The major do's and dont's - Charging, Discharging and why is it empty it said 20% left - Recycling and when you can and when you shouldn't reuse old batteries - Ethics and politics - What does the future hold? false ln 2019-12-30T17:10:00+01:00 17:10 01:00 Chaos-West Bühne PWQQ7U https://fahrplan.chaos-west.de/36c3/talk/PWQQ7U/ Doppelter Slot de true Chaos-West 2019-12-30T12:00:00+01:00 12:00 00:30 OIO Stage GGV8G3 https://talks.oio.social/36c3-oio/talk/GGV8G3/ Security Talk 20 minutes + 5 minutes Q&A en We briefly discuss the range of cryptographic primitives being used by protocols that seek to make proof-of-work protocols obsolete. We shall focus primarily on these cryptographic building blocks themselves, not overly on the different protocols built form them. There are a handful of protocols consuming enormous amounts of energy in proof-of-work schemes, which provide only rather tenuous security assurances. In practice, proof-of-work also invalidates these protocols original goal of being distributed. There is also a zoo of protocols designs, both new and from the 80s, that provide far stronger security than proof-of-work at minimal cost. We shall discuss the distinctive cryptographic primitives used by these protocols, without examining any of these critters too closely. In essence, our taxonomy splits as blind signatures vs. verifiable random functions (VRFs) vs. randomness beacons, with the latter consisting of publicly verifiable secret sharing (PVSS) and verifiable delay functions (VDFs). We only have time for a cursory look at the mathematics usable to build each of these, but this should explain some of their uses, strengths, and weaknesses. false dvn Jeffrey Burdges 2019-12-30T12:40:00+01:00 12:40 00:55 OIO Stage B3TZGV https://talks.oio.social/36c3-oio/talk/B3TZGV/ Ethics, Society & Politics Talk 45 minutes + 10 minutes Q&A en In this talk we'll dive into the challenge of going fully FOSS. We'd like to introduce you to the principles behind our decision to choose FOSS. We'll explain the why and how, focusing on ethics as well as our tech stack. We'll share what daily trials and tribulations we had to overcome, how our organization coped with these changes, and what our day to day work now looks like. We'll give an honest review of the cost of choosing FOSS over proprietary software. We'll also detail our migration experience and talk about our efforts to build a global network of other non-profits using FOSS. Finally we'd like to talk about our relationship with the FOSS community. Our goal of sharing our FOSS adventure is to show other organizations that it is important and possible to choose ethical IT alternatives. Imagine if you could banish all proprietary software out of your workplace and use only free and opensource software. Would it be possible? How would you build this? What technical skills do you need? Will your coworkers appreciate the change? Can you rely on free and opensource apps in a production environment without support? These were all questions we had to answers when we embarked on our FOSS adventure. In 2017 the Mama Cash foundation committed itself to building an entirely new IT environment with as much free and opensource software as possible. Through our activism we recognized the importance of FOSS for non-profits who can't rely on proprietary cloud solutions, for privacy, ethical or financial reasons. As we committed ourselves to the Feminist Principles of the Internet, we quickly realized that using FOSS was the preferred option. The FOSS community has been immensely successful in advocating the use of opensource alternatives. However, implementing these in a business settings is a whole different story. While many organizations would like to contribute to a GAFAM-less world, a combination of lack of experience, knowledge and support prevents them from doing so. Our objective is to show the world that it is possible to build an ethical IT environment that respects open standards, community building and data privacy. In this talk we'll dive into the challenge of going fully FOSS. We'd like to introduce you to the principles behind our decision to choose FOSS. We'll explain the why and how, focusing on ethics as well as our tech stack. We'll share what daily trials and tribulations we had to overcome, how our organization coped with these changes, and what our day to day work now looks like. We'll give an honest review of the cost of choosing FOSS over proprietary software. We'll also detail our migration experience and talk about our efforts to build a global network of other non-profits using FOSS. Finally we'd like to talk about our relationship with the FOSS community. Our goal of sharing our FOSS adventure is to show other organizations that it is important and possible to choose ethical IT alternatives. false segal Gina Plat 2019-12-30T13:45:00+01:00 13:45 00:25 OIO Stage BFEFPM https://talks.oio.social/36c3-oio/talk/BFEFPM/ Ethics, Society & Politics Talk 20 minutes + 5 minutes Q&A en Some Initiatives are trying to provide internet access and VoIP dial-out in a user-owned (Commons Economy) or completely open infrastructure. We will present the state of affairs and invite to a discussion on the possible perspectives. false Sumy 2019-12-30T14:15:00+01:00 14:15 00:55 OIO Stage BBL8YL https://talks.oio.social/36c3-oio/talk/BBL8YL/ Resilience & Sustainability Talk 45 minutes + 10 minutes Q&A en The current social media situation is catastrophic. A single megacorporation controls the entire digital life of large parts of the world's population. Together with the rapidly improving methods for processing this data, a power that not only concerns experts is being bundled here. And Facebook's monopoly secures itself. On the one hand, users cannot leave Facebook(/ Instagram/WhatsApp) without being cut off from the social life of their friends. On the other hand, alternatives fail because they can't reach a critical mass. It seems impossible that a single application will ever replace Facebook. The freedom of the Internet is fundamentally threatened. Breaking the power of Facebook is probably one of the greatest challenges of our time. And in order to solve this task, we did come up with a detailed concept that we want to present to the public for the first time at 36c3. SNAC - Social Network Application Cluster - is the name of the protocol used to standardise data exchange between different social media applications. Just as email protocols enable users to choose their provider freely, this protocol should also enable greater diversity in this area. It is easy to see that a single application isn't able to satisfy the needs of every single user. With SNAC we enable a decentralized structure, where each user can choose his server, but also his client application, from a broad spectrum. By developing our pilot application Open Source, we make it easy for other developers to integrate their own applications into the network. But the decentralized Open Source dream alone is not enough to revolutionize the social media world. In order for the new applications emerging in SNAC to be able to run, an appropriate economic environment is needed to cover the operating costs. If the user accesses many different servers while surfing through the decentralized network, the question arises who is responsible for the access costs caused. There is a lack of a corresponding micropayment service with which it is possible to pay very small amounts easy and securely. At first glance, this seems like a project of its own, but it is closely linked to the operation of a decentralised social network. And there are several advantages emerging by linking social networks with a micropayment system. For example, users can donate a few cents to the creators of content they value, which then adds up to a fair reward for the creators. And this is done directly, independently and without forced ads for the users. But the mental alarm bell of data security rightly rings here when one tries to link financial and private communication data. Therefore, it is all the more important to hand over data sovereignty to the user when planning the protocols and to leave the server operators only the task for which they are fairly paid - the operation of the servers. We are currently putting this concept into protocols that enable secure transactions and protect the user's data. The aim is to create an environment where everyone has the chance to honestly and transparently pay the costs they incur instead of filling the pockets of corporations with their data. Our project is quite daring, that is clear to us. And yet we are sure that this is exactly what we want to do in the coming years. Because there is a chance that we will find 15 crazy people who want to develop this utopia together with us. There's a chance we'll find 50,000 people supporting us with an average of 1€ a month to feed our 15 crazy developers. There's a chance that we can create an environment where many small subnets with cool innovative applications can trigger a movement that's going to be so big it will overcome Facebook's monopoly. And above all, we can create an environment where technology benefits people again, rather than the other way around. If 36c3 isn't the right place for a project like this, what else is? We will give a talk in which we will discuss a better world and the difficulties that lie on the path there. We want to encourage listeners to think and participate, but above all we are also there to initiate a discussion. We want to hear all the concerns and mistakes that we overlook and we need the expertise from all the different angles that only the CCC brings together. Hi! We're offeringa bit of a different talk, where we want to present a project that might bring a renaissance to the independence and freedom of the internet. We want to dream together of a better world, but then also talk about the concrete steps that need to be done to get there. false Steffen 2019-12-30T15:20:00+01:00 15:20 00:55 OIO Stage UZAKPR https://talks.oio.social/36c3-oio/talk/UZAKPR/ Science Talk 45 minutes + 10 minutes Q&A en Galina Balashova was the main architect and designer for the soviet space programme. She designed the interieurs and visual identity of spacecrafts such as the Soyuz, Buran, and Mir. »Space stations are not only technical structures but architecture built amidst zero gravity.« Galina Balashova (b. 1931) is a self-described "architect-engineer" who spent almost 30 years working in the Soviet Space Programme. She designed the ergonomics, the colours & style and the typography of most soviet spacecrafts, including the Soyuz, the Salyut space stations, the Buran shuttle and the Mir space station. Her pioneering work in the field of zero-gravity architecture is still referenced today in the ISS and other spacecrafts. false Aurora 2019-12-30T17:30:00+01:00 17:30 00:25 OIO Stage GM9RV3 https://talks.oio.social/36c3-oio/talk/GM9RV3/ OIO Talk 20 minutes + 5 minutes Q&A de Verabschiedung und Details zum Abbau false Andreas Bräu 2019-12-30T12:00:00+01:00 12:00 00:30 DLF- und Podcast-Bühne WNHL3N https://fahrplan.das-sendezentrum.de/36c3/talk/WNHL3N/ DLF- und Podcast-Bühne Normale Länge de DLF-Podcast: Computer und Kommunikation DLF-Podcast: Computer und Kommunikation false DLF-Team 2019-12-30T14:00:00+01:00 14:00 00:30 DLF- und Podcast-Bühne BMVSFA https://fahrplan.das-sendezentrum.de/36c3/talk/BMVSFA/ DLF- und Podcast-Bühne Normale Länge en DLF-Podcast: Computer und Kommunikation DLF-Podcast: Computer und Kommunikation false DLF-Team 2019-12-30T14:30:00+01:00 14:30 00:25 DLF- und Podcast-Bühne ZFALBY https://fahrplan.das-sendezentrum.de/36c3/talk/ZFALBY/ DLF- und Podcast-Bühne Normale Länge de Wir senden "Forschung Aktuell" live vom 36c3 Wir senden "Forschung Aktuell" live vom 36c3 false DLF-Team 2019-12-30T12:00:00+01:00 12:00 01:00 WikiPaka WG: Esszimmer XM97YV https://cfp.verschwoerhaus.de/36c3/talk/XM97YV/ Hardware & Making Talk de What does Wikimedia do to modernize WIkipedia's user experience, and why does it take so long? Editing Wikipedia feels like a blast from the past, and even just reading articles feels a bit dusty. Why is that? And how can it be fixed? And how can you help? false Daniel 2019-12-30T13:15:00+01:00 13:15 00:15 WikiPaka WG: Esszimmer VD7ARK https://cfp.verschwoerhaus.de/36c3/talk/VD7ARK/ Security Lightning Talk de The Toniebox plays songs or reads stories to your kids when they put a little figurine on top of it. We show how to create a backup of it and use the ChameleonMini in place of it in case your kid ate it. The Toniebox plays songs or reads stories to your kids when they put a little figurine on top of it. We show how to create a backup of it and use the ChameleonMini in place of it in case your kid ate it. false fptrs ceres-c 2019-12-30T12:00:00+01:00 12:00 00:45 ChaosZone Bühne TJNHWH https://cfp.chaoszone.cz/36c3/talk/TJNHWH/ Entertainment Plenum de **Chaoszone Interne Session** Wir planen den Abbau der Chaoszone false chaoszone 2019-12-30T13:00:00+01:00 13:00 00:30 ChaosZone Bühne RUWJGT https://cfp.chaoszone.cz/36c3/talk/RUWJGT/ Vortrag 60min (inkl. Q&A) de Internet-Router mit Linux, aktueller Software, aber kein OpenWRT oder IPFire? **fli4l** ist eine freie Router-Distribution für diverse Einsatzszenarios, jetzt auch ohne Disketten. Vergesst Disketten und ISDN! Das fast 20 Jahre alte Linux-Router-Projekt [fli4l](http://www.fli4l.de/) läuft auf modernem Unterbau mit aktuellen Treibern auf (fast) beliebiger x86 Hardware. Ein fli4-Router routet IPv6, baut OpenVPN-Tunnel, kann mit multiplen Uplinks arbeiten, unterstützt Bridges, VLAN und Bonding. Er agiert als DNS- und DHCP-Server und natürlich auch als Paketfilter und Firewall, auch für mehr als ein Netz. Auch Funk mit UMTS, LTE und WLAN ist an Bord. Sogar ISDN wird noch unterstützt. Im Vortrag geht es nur am Rande um die Geschichte von fli4l als Diskettenrouter. Gezeigt werden aktuelle Möglichkeiten und Einsatzszenarien, das moderne Buildroot, das flexible Circuit-System, aber auch die Ecken und Kanten an denen man die Geschichte der Distribution ablesen kann und wo sich interessierte Hacker bei der Modernisierung austoben können. Gut dokumentiert und auf Basis von Linux und Freier Software ist fli4l eine Möglichkeit seine Routerfreiheit zu genießen. Keep it running! false Alexander Dahl 2019-12-30T14:30:00+01:00 14:30 01:00 ChaosZone Bühne PNVZUV https://cfp.chaoszone.cz/36c3/talk/PNVZUV/ Science Vortrag 60min (inkl. Q&A) en Deep Learning and AI is one of the current hot topics. Countless people either talk about either how this infallible technology will solve all our problems or how useless and dangerous it is. In this talk Felix Schneider, a research associate who works in the deep learning field, will talk about how this stuff actually works, what it's really good for and about its limits and dangers. Afterwards there will be time to discuss various aspects of this technology, be it on a technical or societal level. false Felix Schneider https://frab.riat.at/en/36C3/public/schedule/events/172.html 2019-12-30T13:00:00+01:00 13:00 00:15 CDC - Stage 36C3-172-introduction_to_day_4_last_day lightning_talk en false Diego "rehrar" Salazar https://frab.riat.at/en/36C3/public/schedule/events/144.html 2019-12-30T13:15:00+01:00 13:15 00:30 CDC - Stage 36C3-144-monero_for_scrubs The basics Boi! Stage lecture en Diego walks noobs and scrubs alike through Monero, what it is, what problems it solves, and what sets it apart from the rest of the blockchain space. Along the way, he'll teach the basics of blockchain as well, so super noobs are encouraged to attend. false Diego "rehrar" Salazar file https://frab.riat.at/en/36C3/public/schedule/events/122.html /system/events/logos/000/000/122/large/selfie.jpeg?1575906039 2019-12-30T14:05:00+01:00 14:05 00:15 CDC - Stage 36C3-122-proof_of_less_work A new algorithm to reduce the energy consumption of PoW Stage lecture en I would like to share my work on reducing the energy consumption of PoW without sacrificing security. My new type of algorithm is called PoLW, inspired by the recent work of Itay, Alexander, and Ittay. For a practical system where mining is profitable, PoLW might actually improve network security. false Cheng Wang Paper https://frab.riat.at/en/36C3/public/schedule/events/140.html /system/events/logos/000/000/140/large/Logo_OTS-OpenTecSummit_q_o_v1-1.svg.png?1577181625 2019-12-30T14:30:00+01:00 14:30 00:30 CDC - Stage 36C3-140-open_next_-_learning_from_open_hardware_devops_and_continuous_integration_for_the_production_of_big_machines What is Missing to Prototype and Make Big Machines, Cars, Trucks, Spaceships Really Fast? Stage lecture en Continuous Integration was a big buzzword with software projects already years ago and it is standard today. In projects such as Pocket Science Lab we took the idea of Development Operations a step further and apply these concepts to hardware. The increased speed of development and the possibility to produce different prototypes with a click almost feels as if we deploy software automatically. What would happen if the industry would be able to change in the same way? How could we shorten the time from prototype to production and market? What is missing to build complex and really big machines? How can standardization and machine readable requirements documents help us to create sustainable hardware and solve the problems of our time? These are some of the questions we will explore in this session based on our research within the EU Horizon 2020 project on collaborative product creation. false Mario Behling Open Next https://frab.riat.at/en/36C3/public/schedule/events/99.html /system/events/logos/000/000/099/large/Screen_Shot_2019-12-23_at_4.36.41_PM.png?1577137027 2019-12-30T15:15:00+01:00 15:15 00:15 CDC - Stage 36C3-99-designing_a_communal_computing_interface The top of the peer-to-peer stack Stage lightning_talk en How does a full peer-to-peer stack change how we organise and present user interfaces? If the PC was a 1970s desk for single-player computing, what's the right way to think of the way we actually use networks: communally? Matilde Park presents some findings from working on Urbit, an open source project tackling a peer-to-peer internet from scratch. When we talk about decentralisation as a movement, we often focus on the principles of cypherpunks and hackers; we describe it as a movement away from central command structures with imbalanced power dynamics; freely and totally owning your hardware, sharing what you know with others, constructing the world in a direct and transparent way. However, I think it has even more power than that. I think it can completely change how we use computers and where we fit them into our lives. I’d like to posit that decentralisation necessitates rethinking a lot of the ways people interact with computers -- and that the interfaces we use everyday are themselves relics of a creeping, inevitable centralisation in place since the 1970s. As I work on Urbit as a userspace developer, I've found that we've come to some conclusions about how to discuss peer-to-peer operating systems — in ways that are agnostic to any stack that designs itself for seamless transitions between participating in peer swarms, and everyday, individual computing. false Matilde Park communal_computing.pdf communal_computing.odp https://frab.riat.at/en/36C3/public/schedule/events/190.html /system/events/logos/000/000/190/large/Screenshot_20191227-191852_2.png?1577470865 2019-12-30T15:35:00+01:00 15:35 00:35 CDC - Stage 36C3-190-how_to_achieve_both_economic_and_personal_freedom_using_globality_and_flexibility Crypto liberation story of one perpetual traveler Stage lecture en How to achieve both economic and personal freedom using globality and flexibility. How to achieve both economic and personal freedom using globality and flexibility. Choose the suitable country for your permanent residency. Choose the suitable country for your company. Eliminate the center of interest in your home country (divorce, sell all your properties, become homeless). Close your bank accounts Switch to crypto, prefer truly anonymous cryptocurrencies, embrace crypto friendly services. Choose your global healthcare insurance. Choose your world mobile operator. Embrace sharing economy. Help your friends to opt out of the system and move them to a parallel society. The talks at Critical Decentralisation Cluster will be live streamed and recorded. I consent to the use by Monero or RIAT of my image, video, and voice. I understand that this consent is perpetual and my image, video, and voice may appear publicly as part of Monero or RIAT website, Twitter account, YouTube channel and/or other marketing materials, which will be licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. If you would like to opt-out and not be recorded, please contact office@riat.at false wilder How to achieve both economic and personal freedom using globality and flexibility https://frab.riat.at/en/36C3/public/schedule/events/85.html /system/events/logos/000/000/085/large/Screenshot_2019-12-24_at_12.48.57.jpg?1577188202 2019-12-30T16:15:00+01:00 16:15 00:15 CDC - Stage 36C3-85-hackatoshi_s_flying_circuit Invitation to a hack-a-ton Stage lightning_talk en Paralelní Polis' mission is to bring alternatives and tools for preventing authoritarian tendencies in society. Hackatoshi’s Flying Circuit is an intervention of cypherpunks into both virtual and physical public space to concentrate inspiration and knowledge to address sick parts of the system and fix them with solutions resulting from privacy and decentralized principles. Weekend-long hacking competition focused on privacy, individual freedom, decentralization and viable system exploits. Each track will have three winning teams awarded with prize money (cryptocurrency) & sw from the sponsors. Code submissions have to be open sourced. Hackers Congress Paralelni Polis (HCPP) has been successful in gathering great minds and thinkers from the Cypherpunk and Cryptoanarchist space. Yet all of the topics and ideas discussed during the congress are only as good as they can be applied, performed or achieved. Hackatoshis's Flying Circuit should motivate hackers, makers and developers to take their tools and skills into practice. The key goal of the hackathon is to prototype new concepts that will help people to protect their digital identity or exploit existing systems that were built to constrain personal freedom. false JosefJ Website Slides: Slides https://frab.riat.at/en/36C3/public/schedule/events/169.html 2019-12-30T16:30:00+01:00 16:30 00:25 CDC - Stage 36C3-169-final_remarks_of_36c3_and_decentral_community Stage lecture en false