We'll do some Yoga to calm our minds and move them bodies. Bring along comfortable clothes – and a towel to lie on ;-)
- Birdy1976
We'll do some Yoga to calm our minds and move them bodies. Bring along comfortable clothes – and a towel to lie on ;-)
10:00
Finales Trockenschwimmen auf der Bühne mit Licht, Ton, Video, Streaming Speaker wird noch gesucht für Powerpoint-Karaoke oder "Autocomplete Texting" (requires audience)
Welcome Ceremony for the ChaosPatinnen Assembly (German and English) Is this your first visit to Congress and you're unsure if you will fit in, visiting alone, or are you a part of a minority at the event? ChaosPatinnen may be for you! Unfortunately, SignUps have already ended and all mentees have been matched into groups, so if you have not yet signed up, find yourself a helpful Hacker! This is the opening event for mentees to meet their mentors, get to know more about the Assembly, and who to turn to for help! From here, we're off to the 11:00AM Keynote! -ChaosPatinnen Orga
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
10:45
11:00
Welcome!
Details about using and programming ChameleonMini from the makers ------------If you missed the workshop and want to buy a Chameleon. We are at the Italian Hackers Embassy at day 3 from 3pm to 5pm.You might also follow the thread at GitHub [https://github.com/emsec/ChameleonMini/issues/244]------------In this workshop we will introduce you to RFID security and the ChameleonMini. We show you how to read and emulate cards. Moreover we outline some programming guide lines. Besides the theoretical introduction we will have enough space for practical tasks and questions. Here is a small video collection of the [https://www.dailymotion.com/ChameleonMini ChameleonMini in action].[[File:ChameleonMiniWorkshopFlyer.png|thumb|center]]
Subtitles Angelmeeting This is the introduction meetings for subtitles angels.If you want to become a subtitles angel, you have to attend one of these meetings.At the end of the meeting, attendees will be confirmed as subtitles angels.Please have your nick in the angelsystem ready and select "Subtitles Angel" (necessary for the confirmation).
fast wie echtes Yoga Jeden Morgen um 11:00, Fast wie echtes Yoga.Am zweiten Tag um 10:30 Uhr, direkt vor dem Haecksen-Frühstück.
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
11:30
The impact of scale in our field has been enormous and it has transformed the tools, the jobs and the face of the Infosec community. In this talk we discuss some of the ways in which defense has benefitted from scale, how the industry might be transitioning to a new phase of its growth and how the community will have to evolve to stay relevant.
Nowadays, Windows is still the most popular OS used in the world. It's very important for red teams / attackers to maintain the authority after they get into the OS by penetration test. So they need a vulnerability to hide in windows to escalate their account to system privilege. In this presentation, we will share the methodology about how we started this work to analyze Windows internals. We will explain the inner workings of this technique and how we analyzed ALPC and Component Object Model(COM) in Windows OS. By analyzing historical bugs, we are able to extract their features from multiple vulnerabilities. We will develop an IDA plugin to analyze the execution path of target interfaces. Through this way we could find out the interface that called the specified sensitive operation. In fact, we found a large number of vulnerable modules in the ALPC and COM object, which allows the attacker to cross the security boundary and directly access the system.
While open source is necessary for trustable hardware, it is far from sufficient. This is because “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. This talk helps us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk about ways to potentially close the TOCTOU gap, concluding with a curated set of verifiable components that we are sharing as an open source mobile communications platform – a kind of combination hardware and software distribution – that we hope can be useful for developing and deploying all manner of open platforms that require a higher level of trust and security. The inconvenient truth is that open source hardware is precisely as trustworthy as closed source hardware. The availability of design source only enables us to agree that the designer’s intent can be trusted and is likely correct, but there is no essential link between the hardware design source and the piece of hardware on your desk. Thus while open source is necessary for trustable hardware, it is far from sufficient. This is quite opposite from the case of open source software thanks to projects like Reproducible Builds, where binaries can be loaded in-memory and cryptographically verified and independently reproduced to ensure a match to the complete and corresponding source of a particular build prior to execution, thus establishing a robust link between the executable and the source. Unfortunately, “hashing” hardware – verifying its construction down to the transistor level – is typically a destructive process, so trust in hardware is a massive time-of-check/time-of-use (TOCTOU) problem. Even if you thoroughly inspect the design source, the factory could modify the design. Even if you audit the factory, the courier delivering the hardware to your desk could insert an implant. Even if you carried the hardware from the factory to your desk, an “evil maid” could modify your machine. This creates an existential crisis for trust – how can we know our secrets are safe if the very hardware we use to compute them could be readily tainted? This talk addresses the elephant in the room by helping us understand the nature of the TOCTOU problem by providing a brief overview of the supply chain security problem and various classes of hardware implants. We then shift gears to talk about ways to potentially close the TOCTOU gap. When thinking about hardening a system against supply chain attacks, every component – from the CPU to the keyboard to the LCD – must be considered in order to defend against implanted screen grabbers and key loggers. At every level, a trade-off exists between complexity and the feasibility of non-destructive end-user verification with minimal tooling: a system simple enough to be readily verified will not have the equivalent compute power or features of a smartphone. However, we believe that a verifiable system should have adequate performance for a select range of tasks that include text chats, cryptocurrency wallets, and voice calls. Certain high-risk individuals such as politicians, journalists, executives, whistleblowers, and activists may be willing to use a device that forgoes bells and whistles in exchange for privacy and security. With this in mind, the <https://betrusted.io>Betrusted</a> project brings together a curated set of verifiable components as an open source mobile communications platform - a combination open source hardware and software distribution. We are sharing Betrusted with the community in the hopes that others may adopt it as a reference design for developing and deploying all manner of open platforms that require a higher level of trust and security.
Is the way we run services these days sustainable? The trusted computing base -- the lines of code where, if a flaw is discovered, jeopardizes the security and integrity of the entire service -- is enormous. Using orchestration systems that contain millions of lines of code, and that execute shell code, does not decrease this. This talk will present an alternative, minimalist approach to secure network services - relying on OCaml, a programming language that guarantees memory safety - composing small libraries (open source, permissively licensed) to build so-called MirageOS unikernels -- special purpose services. Besides web services, other digital infrastructure such as VPN gateway, calendar server, DNS server and resolver, and a minimalistic orchestration system, will be presented. Each unikernel can either run as virtual machine (KVM, Xen, BHyve, virtio), as a sandboxed process (seccomp which whitelists only 8 system calls), or in smaller containments (GenodeOS, muen separation kernel) -- even a prototypical ESP32 backend is available. Starting with an operating system from scratch is tough, lots of engineering hours have been put into the omnipresent ones. Reducing the required effort by declaring certain subsystems being out of scope -- e.g. hardware drivers, preemptive multitasking, multicore -- decreases the required person-power. The MirageOS project started as research project more than a decade ago at the University of Cambridge, as a minimal guest for Xen written in the functional programming language OCaml. Network protocols (TCP/IP, DHCP, TLS, DNS, ..), a branchable immutable store (similar and interoperable with git) are available. The trusted computing base is roughly two orders of magnitude smaller than contemporary operating systems. The performance is in the same ballpark as conventional systems. The boot time is measured in milliseconds instead of seconds. Not only the binary size of a unikernel image is much smaller, also the required resources are smaller: memory usage easily drops by a factor of 25, CPU usage drops by a factor of 10. More recently we focused on deployment: integration of logging, metrics (influx, grafana), an orchestration system (remote deployment via a TLS handshake, offers console access and an event log) for multi-tenant systems (policies are encoded in the certificate chain). We are developing, mostly thanks to public funding, various useful services: a CalDAV server storing its content in a remote git repository, an OpenVPN client and server, DNS resolver and server (storing zone files in a remote git repository) with let's encrypt integration, a firewall for QubesOS, image viewer mainly for QubesOS, ... The experience while developing such a huge project is that lots of components can be developed and tested by separate groups - and even used in a variety of different applications. The integration of the components is achieved in a type-safe way with module types in OCaml. This means that lots of errors are caught by the compiler, instead of at runtime.
The Swiss democracy is one of it's kind. Digitization is starting to affect even our most critical processes, such as voting. When a piece of code suddenly gets responsible for democracy, it's only natural that the voices get loud and many questions get raised: Is our democracy at stake? Do we have to fear for our privacy? Is electronic voting even feasible in Switzerland? Is such a solution secure? As part of a mandatory Public Intrusion Test (PIT), the Swisspost released their e-voting source code to the world and started a heated debate - far beyond the Swiss borders. Not only the codebase revealed several problems during the PIT. Interesting scoping, redefining the term "open source" and unreleased security audits were only some of the issues that security researchers faced and caused controversy. In this talk we will have a look at many technical and non-technical aspects of the e-voting solution and PIT from the view of a participating security researcher.
This workshop is for all who only have a vague idea or might not know at all what an "IP address" is. We'll learn how the Internet works by making Internet traffic visible. This is a beginner's workshop. If you toyed with Wireshark before, you will be bored to hell in this workshop. Invisible to the casual user, lots of computers communicate and work together to deliver the kitten videos you're craving. In this workshop, we use the tool Wireshark (available for all operating systems) to make this communication visible. In lots of life demos, we'll learn that the domain names we're familiar with, like ccc.de or fridaysforfuture.de, are a thin layer around IP addresses, which are the real addresses computers use to identify themselves. We'll uncover which hidden information your browser sends along each request, and we'll see how easy it is to intercept traffic.This workshop is for everybody who is interested in knowing how the Internet works, in which form computers talk to each other. Absolutely no prerequisites are required. People who are familiar with network stacks will be bored to hell.Note to the infrastructure team: In the final part of the talk, we'll perform a standard ARP spoofing attack to intercept traffic from a volunteer. Of course we won't use the congress network for this. I'll open an own hotspot.* '''[https://www.speicherleck.de/iblech/stuff/wireshark-36c3.pdf Slides of the talk]'''* Commands which appeared in the talk: ifconfig, ip a, ping 8.8.8.8, echo 1 > /proc/sys/net/ipv4/ip_forward,* Questions are welcome! +49 176 95110311, iblech@speicherleck.de
12:00
Seit knapp einem Jahr geht die Fridays for Future Bewegung auf die Straßen und durch die Medien. Nebst Brandenburg und Sachsen hat auch Thüringen einen neuen Landtag gewählt. Für Fridays for Future Thüringen war daher sofort klar: Landtagswahlen sind Klimawahlen und wir müssen handeln! Denn die hier gewählten Volksvertrater\*innen sind die letzten die das Steuer noch herumreißen können. Aber wie läuft das eigentlich wenn wir nur drei Monate haben um vier Streiks zu organisieren? Was gehört überhaupt zu so einem Streik? Was kostet das eigentlich und wie finanzieren wir das? Was fordern wir? Wann schlafen wir? Mit wem gehen wir in ein Bündnis? All diese Fragen werden in diesem Talk von einem Mitglied des Orga-Teams beantwortet.
An introduction to querying linked data, using the SPARQL query language and the free knowledge base Wikidata. Which films starred more than one future head of government? What’s the largest city with a female mayor? And when did women finally outnumber Johns in the House of Commons? These are the kinds of questions that **linked data** can answer. This workshop will give an introduction to the SPARQL query language, showing how it can be used to answer these and other questions, using the free knowledge base **Wikidata** as the data source.
Wir bieten Euch ein Einsteiger CTF an. Details und Registrierung hier: https://events.ccc.de/congress/2019/wiki/index.php/Session:Chaoszone_Junghacker_CTF
outdoor (h)ac(k)tivism * Basic climbing workshops for everybody with Hornbeam Howie, Pendunculate Oakley and Lily of the valley * friction hitch climbing and abseiling on a Tripod * Movie screening and photo exhibition on our adventures * climbing hours: daily 12:00-22:00
Test
10 Rechner zum Factorio spielen, Leute die das Spiel erklären 10 Rechner zum Factorio spielen, Leute die das Spiel erklärenAnzahl Teilnehmer*innen: ca 10-20 gleichzeitig (inkl. Zuschauer)Alter: 7-m JahreDauer bis zu ca.1.5hAnmeldung erforderlich? nein (wenn was frei ist)
Musik aus und mit modifizierten, selbstgebauten Klangerzeugern Musik aus und mit modifizierten, selbstgebauten KlangerzeugernAnzahl Teilnehmer*innen: 3-7Alter: für Kinder von 5-99 JahrenAnmeldung erforderlich?: nein, kommt jederzeit vorbei (während der Workshopzeiten)Unkostenbeitrag: Freiwillige Spenden
print your own t-shirt, Bedruckt eure T-Shirts Print your own t-shirt with screen printing.Bedruckt eure eigenen T-Shirts mit siebdruck.Anzahl Teilnehmer*innen: 4 / StundeAlter: > 6 JahreDauer 15 ~ 30 MinutenAnmeldung erforderlich? Wir werden Wartemarken ausgebenUnkostenbeitrag: freiwillig, 8~10€ je nach Verbrauch
Morning Mate to wake you up and keep you Alert for the Day!!! We all drink lots of Mate at the Congress. Pur your bottle aside and let's try the real thing!Besides the mind awakening and muscle relaxing effects, mate drinking fosters communication and we want to combine these aspects in this hands on workshop where participants will be guided through some simple exercises to envigourMATE their daily routine.WE WILL BE DRINKING IN TRADITIONAL STYLE SHARING OUR STRAWS!!!!The Mate Making Sessions are divided up into 3 parts DAY 1 - We will try a range of standard different mates, pure and learn about how to make, drink and share as well as talk about the health benefits of Mate. DAY 2 - This is not for the purists, we will mix our Mates with different herbs and go through the Rainbow Mate Range, so that you can learn how to play with your Mate. DAY 3 - And now it is time to make your own Mate, learn how to prepare and serve. We're going to get you on your feet to take a deep breath of fresh air, teach you how to take a huge slurp of wild mate and how to communiMATE-
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
12:30
An overview to writing and studying Japanese from zero to native comprehension. This is for everyone eager to get started in Japanese reading and writing or get a few ideas on how to improve. No knowledge of Japanese required, we will start from scratch. '''Please bring a pen and some paper to try some writing.''' What we'll discuss: * What Japanese writing is made up of und which symbols are used for what purposes. * The most basic Japanese symbols, Hiragana and Katakana and try writing a few ourselves while also experiencing the ridiculously simple pronunciation. With that we can already read our first few words. * How to study Japanese in general * Why adults have a hard time reading texts made for children and why Japanese writing is a huge mess * The next step would be studying around 2000 Kanji, but we will just try writing a few, talk about the wacky world of reading Japanese texts with Kanji and how they are a complete mess and close the Workshop with looking at a method to get them into your head within half a year. The presented method for studying Kanji will be the Heisig method using koohii and Anki for best results in properly understanding the Kanji. After this course and a few more minutes-hours of studying you will be ready to read a few easy Japanese children's books. Useful stuff:* search for "Hiragana Chart" or "Katakana Chart" or "Hiragana chart stroke order" or "Katakana chart stroke order" to get all sorts of useful charts* Recommended Textbooks for studying Japanese: "Genki I" and "Genki II"* a detailed explanation of the Heisig method to study all the Kanji and an introduction to using Anki to do that. There is also a deck there to download with the best koohii stories up to 2015, but it needs some adjustments to be really useful: https://nihongoshark.com/learn-kanji/* Anki's website: https://apps.ankiweb.net/ for Android look for AnkiDroid and for iOS look for AnkiMobile (or something like that)* Kanji deck from above post from NihongoShark.com: https://ankiweb.net/shared/info/1956010956* -UPDATED AGAIN- Kanji deck from NihongoShark with adjustments as I would study them (only meaning to Kanji, no information that is too much): https://megastore.uni-augsburg.de/get/wUGuvVTmwS/* the koohii Community: https://kanji.koohii.com/ (<- not a page I used or visit, but that's where the stories are from for the deck)* Tae Kim's Complete Guide to Japanese: http://www.guidetojapanese.org/learn/complete/ <- also pretty nice, I read through this one (on my phone, there is an android app of it) after finishing Genki I and Genki II* Animelon: https://animelon.com/ <- anime with Japanese and English subtitles (customizable) and more. Consider donating or offering technical help!* Abroad in Japan: https://www.youtube.com/channel/UCHL9bfHTxCMi-7vfxQ-AYtg <- entertaining English videos about Japan* Nihongo no Mori: https://www.youtube.com/user/freejapaneselessons3 <- grammar lessonsIIf anything you wanted to see here is missing, write me an e-mail: alex.m.s@gmx.de
Opening celebration of the 3rd Chaoszone@c3 incuding important organizational hints, tips and rules for our assemly. Please take care that at least one person of your group is attending the opening event, as we have some really important information for you.
Let's hack the fashion system. In this talk you will find out about House of Zsa'S initiative House of All. I explain some background and motives as well as the way the House of All works throughout 3C . ++ get involved ++ Komona :) Let's hack the fashion system. In this talk you will find out about House of Zsa'S initiative. (btw House of All derives from the common use of Maison/ House for Fashion Houses/ Brands) I explain some background about the problems of the fashion system and why it's so important to rethink it totally. You'll get a brief intro on the idea of House of All, what it's all about and how to get involved - Help designing futures.
lecture by S. Poxy lecture by S. Poxy: Die cyborg mushr00m shaman ist ein fiktionaler Charakter die zwischen dem Hier und der Zukunft gleitet. Sie sucht und kartiert das Wissen über die psychoaktiven Gewächse aus der Vergangenheit und braut die Tränke für die Bewohner*innen einer Landschaft nach dem Kapitalismus. Sie ist der Mediator zwischen organischem und artifiziellen. Die Lecture versucht die Diskurse um Psychoaktive Pflanzen und Gewächse / natureculture / Postkolonialer Theory und intersektionalem Feminismus zusammen zu erzählen und zu diskutieren
Fomu, the FPGA in your USB Port [[File:Fomu.png|300px|right|Fomu Logo]]<br><br><span style="font-size: 30px; font-style: bold;">People who signed up get chairs!</span><br><br><span style="font-size: 40px; font-style: bold;"><h1>Fomu workshop!</h1></span><span style="font-size: 30px; font-style: bold;">Current --> https://workshop.fomu.im/</span><br><br><span style="font-size: 30px; font-style: bold;">Previous Version --> https://workshop-old.fomu.im/</span><br><br><span style="font-size: 30px; font-style: bold;">Please sit in the <b>Mammoth Space - (has Pink Lights)</b></span><br><br><ol> <li><span style="font-size: 20px;">Workshop is <span style="font-color: red;"><b>self</b></span> directed.</span></li> <li><span style="font-size: 20px;">Go to https://workshop.fomu.im or https://fomu-workshop.rtfd.io/</span></li> <li><span style="font-size: 20px;">Complete set up</span></li> <li><span style="font-size: 20px;">Get hardware from Mithro</span></li> <li><span style="font-size: 20px;">Continue workshop</span></li> <li><span style="font-size: 20px;">Raise your hand if you get stuck!</span></li></ol><br><br><span style="font-size: 30px;">Help: <b>irc.freenode.net #tomu</b> -- <b>https://groups.google.com/forum/#!forum/tomu-discuss/join</b></span><br><br><br><br><br><br><br><br><br><span style="font-size: 40px; font-style: bold;"><h1>Hardware Pickup</h1></span><br><br><span style="font-size: 30px; text-align:center; ">[https://workshop.fomu.im Complete the setup], get a [https://fomu.im/ free Fomu board]</span><br><br>{| style="color: green; background-color:#ffffcc; width: 100%; text-align:center; border-color: black; font-size: 14px;" cellpadding="10" cellspacing="0" border="1"! Task !! Where! Times - Day 2 !! Times - Day 3 !! Times - Day 4|- style="background-color:#ffffcc"|- style="background-color:#ccffff"! scope="row" | <b>Hardware Pickup</b> || Pickup is at Tor Gate 2.3 at end of tables in near signup sheets| 12:00 -> 12:30 (12:00noon -> 12:30pm)<br>17:00 -> 17:30 (5:00pm -> 5:30pm)<br>22:30 -> 23:00 (10:30pm->11:00pm) || <b>No</b> noon pickup<br>17:00 -> 17:30 (5:00pm -> 5:30pm)<br>22:30 -> 23:00 (10:30pm->11:00pm) || -|- style="background-color:#ffccff"! scope="row" | <b>Session with helpers!</b> || Session will be in Mammoth Space @ [[Assembly:Hardware Hacking Area|Hardware Hacking Area!]]<br><b>Sign up to attend!</b>| 23:00 -> to late (11:00pm->to late) || 23:00 -> to late (11:00pm->to late) || -|}<br><br><span style="font-size: 40px; font-style: bold;"><h1>Sessions</h1></span><br><br>All sessions are the same!<br><br>This workshop will be given multiple times (all sessions are <b>identical</b>). [https://workshop.fomu.im The workshop] is self guided with helpers for when you get stuck. <b>Please sign up on the paper at the [[Assembly:Hardware Hacking Area|Hardware Hacking Area!]]</b><br><br>Come get an FPGA dev board in your USB port and start hacking! Getting the toolchain set up and working will earn you a free Fomu from [[User:Mithro|Tim 'mithro' Ansell]] (while stocks last).<br><br>''(This is one of many cool things happening throughout 36C3 in the huge '''[[Assembly:Hardware Hacking Area|Hardware Hacking Area!]]''')''<br><br>Hardware Hacking Area - Mammoth Space - Pink Lights<br><br>
12:45
Calibre dient der Verarbeitung, Konvertierung und Verwaltung von E-Books Wir erstellen mit Calibre [http://scguy318.freeshell.org/Daniel%20Galouye%20-%20Simulacron-3.pdf aus einem PDF] ein EPUB:1. Mit Calibre PDF importieren, dann „Bücher konvertieren“:* Zielformat DOCX wählen.2. DOCX öffnen und folgende Bearbeitungsschritte vornehmen:* Cover löschen.* Überschriften / Inhaltsverzeichnis etc. erstellen.* Doppelte Leerschläge ersetzen.3. Geändertes DOCX in Calibre via „Bücher konvertieren“:* Zuerst auf „Standard wiederherstellen“ klicken.* Dann Zielformat EPUB wählen.* Cover ergänzen (meist reicht eine [https://duckduckgo.com/?q=Simulacron-3&t=canonical&iax=images&ia=images&iaf=size%3Aimagesize-wallpaper Websuche]).* Layout > Text > Satzzeichen typografisieren.* Layout > Layout > Abstand zwischen Absätzen entfernen.* Heuristische Verarbeitung einschalten.4. EPUB z. B. mit „Verbinden/Teilen > Inhaltsserver starten“ auf Reader laden.
Meetup für Queere Menschen Kennenlern-Speed-Dating und gemütliches Zusammensein für Queere und Queer-Freundliche Menschen. Offen für alle.
12:50
It is easier to chat online securely today than it ever has been. Widespread adoption of signal, wire, and the private mode of WhatsApp have led a broader recognition of the importance of end-to-end encryption. There's still plenty of work to be done in finding new designs that balance privacy and usability in online communication. This introduction to secure messaging will lay out the different risks that are present in communications, and talk about the projects and techniques under development to do better. The talk will begin with a threat modeling exercise to be able to concretely talk about the different actors and potential risks that a secure messaging system can attempt to address. From there, we'll dive into end-to-end encryption, OTR and deniability, and then the axolotl construction used by Signal (and now the noise framework). The bulk of the talk will focus on the rest of the problem which is more in-progress, and in particular consider the various metadata risks around communication. We'll survey the problems that can arise around contact discovery, network surveillance, and server compromise. In doing so, we'll look at the forays into communication systems that attempt to address these issues. Pond offered a novel design point for discovery and a global network adversary. Katzenpost adapts mixnets to limit the power of network adversaries and server compromise in a different way. Private Information Retrieval (PIR) trades off high server costs for a scheme that could more realistically work with mobile clients. Others, for instance Secure Scuttlebutt attempt to remove the need for infrastructural servers entirely with gossip and partial views of the network, a whole other set of tradeoffs.
Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien gemeinsam mit Fee Baumann von Heyva Sor A Kurd, live aus Nord-Ost-Syrien Katastrophen, Krisen & Kriege lassen sich heute live mitverfolgen. Wir erleben eine kaum überblickbare Quellendiversität in den sozialen Medien – jeder wird zur Quelle. Welchen Einfluss hat das darauf, wie ein Konflikt wahrgenommen wird, wie setzen Konfliktparteien aber auch Helfende die sozialen Medien ein und was bedeutet das für Diejenigen, die vor Ort humanitäre Hilfe leisten. Wir diskutieren dies anhand des türkischen Überfalls auf Nord-Ost-Syrien. Fand Live-Berichterstattung aus Kriegsgebieten zu Zeiten des 2. Golfkrieges noch überwiegend durch ein paar wenige Journalist*innen, oft “embedded” statt, die für CNN&Co im grünlichen Nachtsicht-Look aus dem Panzer berichteten, kann in den sozialen Medien heute jede*r zur Quelle werden. Auf diese Weise gelangt die Öffentlichkeit an Informationen die vorher nur sehr schwer zu bekommen gewesen wären & schon gar nicht in Echtzeit. Die Quellenvielfalt birgt große Chancen für die Bewertung einer Lage und auch zur Überprüfung von Informationen durch mehrere Quellen oder Image Reverse Suche. Gleichzeitig verbreiten sich Gerüchte und Falschinformationen ebenfalls sehr viel schneller. Zudem können soziale Medien auch gezielt, etwa von Kriegsparteien manipuliert werden. Die Türkei setzte neben Deutschen Panzern etwa auch Bot-Armeen ein, im Ergebnis: Zwar verurteilte ein großteil der Welt den türkischen Einmarsch in Nord-Ost-Syrien, aber Twitter-Hashtags zeichneten zeitweilig ein ganz anderes Bild. Gleichzeitig kann es schon auch mal passieren, dass Türkei nahe Djihadistische Gruppen ausversehen selbst Videos ihrer Kriegsverbrechen prahlerisch ins Netz stellen. Was bedeutet all das für humanitäre Helfende vor Ort, die Twitter & co mittlerweile nicht nur zur Spendenwerbung sondern auch zur Lagebewertung nutzen: Wie kann man in der Praxis damit umgehen, dass sich auf Twitter gegebenenfalls ein ganz anderes Bild zeichnet als vor Ort und vor allem: Welches davon ist näher an der Realität? Darum geht es in diesem Talk am Beispiel des Türkischen Überfalls auf Nord-Ost-Syrien, von Sebastian Jünemann und Ruben Neugebauer von der Hilfsorganisation Cadus, die vor Ort mit mehreren, im wesentlichen medizinischen Projekten aktiv war, sowie Fee Baumann von der Organisation Heyvasor a Kurd, dem kurdischen roten Halbmond. Außerdem werden wir klären wie man sich per Selfie bequem ins Jenseits befördern kann und was sonst noch so für die persönliche Sicherheit zu beachten ist, im Umgang mit modernen Medien in Kriegsgebieten.
Das Umweltbundesamt hat in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es ermöglichen, die Inanspruchnahme von natürlichen Ressourcen durch Software zu reduzieren. Im Vortrag wollen Marina Köhn (Umweltbundesamt) und Dr. Eva Kern (Umwelt-Campus Birkenfeld) die Messergebnisse aus dem Labor der Forschung präsentieren und die entwickelte Methode des Forschungsprojektes erläutern. Weiterhin möchten wir die Inhalte des geplanten Umweltzeichens für Software vorstellen. Das Zusammenwirken von Hard- und Software, also zum Beispiel von Computer und Betriebssystem, ist vergleichbar mit einem Buch und dem Inhalt des Buches. Fehlt ein Teil dieser Einheit, ist der Bestimmungszweck nicht mehr gegeben. Ein Computer ist zusammengesetzt aus verschiedenen Komponenten, die unterschiedliche Aufgaben wahrnehmen. Die Software ist die Logik, die das Ausführen dieser Aufgaben ermöglicht. Zwar ist Software, ähnlich wie Wissen, immateriell, jedoch benötigt sie die Hardwareressourcen, um existieren zu können. Softwareprodukte sind somit ein wesentlicher Bestandteil der Informations- und Kommunikationstechnik (IKT). In den letzten Jahren wurden einige Anstrengungen unternommen, um die IKT nachhaltiger zu gestalten. Beispielsweise wurden die Energieeffizienz der IKT-Produkte gesteigert, Anforderungen an das Energiemanagement der Geräte gestellt und neue ressourcenschonende Hardwarearchitekturen entwickelt. Konkrete Anforderungen an das Design und die Programmierung von Soft-ware, die die Energieeffizienz der Hardware unterstützen, sind bisher nicht vorhanden. Obwohl Hardware und Software, wie oben erläutert, eine Einheit bilden und die Art und Weise der Softwarearchitektur und -programmierung große Auswirkung auf den entsprechenden Hardwarebedarf haben, fehlen konkrete Anforderungen. Das Fehlen der Anforderungen an Softwareprodukten hat zur Folge, dass die Energieeffizienzgewinne der Hardware durch ineffiziente Software oder schlechte Softwarekonzepte nicht oder nur teilweise zum Tragen kommen. Vor diesem Hintergrund hat das Umweltbundesamt in 2012 mit der Forschung der Umweltrelevanz von Software begonnen. Ziel der Forschung war es, die gegenseitige Beeinflussung von Hard- und Software zu erfassen, zu bewerten und geeignete Maßnahmen zu entwickeln, die es ermöglichen, die Inanspruchnahme von natürlichen Ressourcen durch Software zu reduzieren. Im Forschungsprojekt „Entwicklung und Anwendung von Bewertungsgrundlagen für ressourceneffiziente Software unter Berücksichtigung bestehender Methodik“ des Umweltbundesamtes (UBA 2018) wurde zusammen mit dem Öko-Institut, den Umwelt-Campus Birkenfeld und der ETH Zürich eine Bewertungsmethodik entwickelt, anhand derer der Energiebedarf, die Inanspruchnahme von Hardware-Ressourcen sowie weitere umweltbezogene Eigenschaften von Softwareprodukten ermittelt werden können. Der Vergleich verschiedener Softwareprodukte mit gleicher Funktionalität macht deutlich, dass es teils erhebliche Unterschiede zwischen den Produkten gibt. Bei der Ausführung eines Standardnutzungsszenario werden die Unterschiede der Energieeffizienz zwischen den Softwareprodukten erkennbar. Dies ist vor allem vor dem Hintergrund relevant, dass die übermäßige Beanspruchung von Hardware dazu führt, dass die Pro-grammausführung länger dauert und es im schlimmsten Fall dazu führt, dass diese vermeintlich langsame Hardware ausgemustert und durch neue, schnellere Hardware ersetzen wird. Labels und Zertifizierungen, wie es sie seit langem schon für den Bereich der Hardware existieren, gibt es im Softwarebereich jedoch nicht. Das ändert sich demnächst! Wir haben erfolgreich Kriterien für das Umweltzeichen Blauer Engel für energie- und ressourcensparende Software entwickelt. Wir hoffen, dass wir mit dem Umweltzeichen eine Debatte über umweltverträgliche Software auslösen werden und wir hoffen, dass viele Software-Entwickler*innen und Hersteller von Software sich zukünftig an diese Kriterien orientieren.
This talk will cover everything about the Acorn Archimedes, a British computer first released in 1987 and (slightly) famous for being the genesis of the original ARM processor. The Archimedes was designed by Acorn in the UK in the mid-1980s, and was released in late 1987 with massive performance for its medium price (and, with the first OS, a hangover-coloured GUI). The machine isn't widely known outside Europe. Even in the UK, it was released just as the IBM PC was taking over, so remained niche. It was built from scratch with four purpose-designed chips, the ARM, the VIDC, the MEMC and the IOC. Looking at each chip, we'll take a hardware and software tour through what is one of the most influential yet little-known modern computers. The talk will detail the video, sound, IO and memory management hardware, alongside the original ARM processor which is quite different to what we have today. The Arc was a pleasure to program, both simple and fast, and we'll look at its software including the quirky operating systems that made the Arc tick, from Arthur to RISC OS and Acorn's mysterious BSD4.3 UNIX, RISCiX. The first models were followed by the lower-end A3000 in 1989, which looked similar to the the Amiga 500 or Atari STE but had around eight times the CPU performance: no sprites, no blitter, no Copper, no problem! ;-) This talk will also share insights from the original chipset designers, with a tour of prototype hardware and unreleased Archimedes models. The audience will get an appreciation for the Arc's elegant design, the mid-1980s birth of RISC processors, and the humble origins of the now-omnipresent ARM architecture.
This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution. This talk is about achieving unsigned code execution at boot on iOS 11 and using that to jailbreak the device, commonly known as "untethering". This used to be the norm for jailbreaks until iOS 9.1 (Pangu FuXi Qin - October 2015), but hasn't been publicly done since. I will unveil a yet unfixed vulnerability in the config file parser of a daemon process, and couple that with a kernel 1day for full system pwnage. I will run you through how either bug can be exploited, what challenges we faced along the way, and about the feasibility of building a kernel exploit entirely in ROP in this day and age, on one of the most secure platforms there are.
13:00
In einem Gespräch über die Hackertool-Paragraphen des Strafgesetzbuches in LNP 296 sagte Frank zu Linus: „Damals haben wir juristisch noch ein bisschen was dazugelernt, nämlich dass die Begründung bzw. Erläuterung des Gesetzes in der deutschen Jurisprudenz mit herangezogen wird.“ Diese Kenntnis reicht für das Lesen von Gesetzen und Gerichtsurteilen aus. Für die IT-Sicherheitsforschung und die Analyse beispielsweise leicht auffindbarer Login-Daten bedarf es aber umfangreicherer Kenntnisse. Fragt man dazu einen Juristen, ist die Antwort oft komplex und führt zum "buffer overflow" und einer "brain resource exhaustion" des Fragenden. Damit ForscherInnen beider Gebiete und Interessierte "ressourcenschonender" kommunizieren können und um das juristische Verständnis zu erweitern, fasst dieser Vortrag in einem Überblick die wichtigsten Punkte verständlich zusammen. Betrachtet werden das hauptsächlich Datenschutz- und IT-Sicherheitsrecht, am Rande auch erwähnte, relevante Strafrechtsnormen. Die (prozessuale) Thematik der Hausdurchsuchung bleibt wegen des Talks vom 35c3 (https://media.ccc.de/v/35c3-10018-verhalten_bei_hausdurchsuchungen) außen vor.
Eröffnung des OIO, der Bühne und Vorstellung aller Assemblies auf dem OIO
You can find a lot of interesting, useful or amusing information on Wikidata – let’s spend half an hour writing some queries together! This will be an interactive session to explore the possibilities of Wikidata, the free knowledge base, and its query service. Participants can suggest queries, and I’ll do my best to implement them.
Introduction for angels helping at the soldering workshop organized by "Chaos macht Schule"
Part I: Intro to CTFs with the example of picoCTF. Can be used as guided preparation for junior (and/or main) C3 CTF. Part II: Binary exploitation with Stack Based Buffer Overflows. Workshop VM provided (please download before) This is a workshop primarily put together for haecksen, but if there are free seats, and you want to join, that works.However, it's very important to me that every haeckse that wants to join at any given time has the opportunity. Please be kind enough to respect that and help to make that happen. '''Part I: '''Intro to CTFs with the example of picoCTF. Short example showcases for each of the main categories (very basic examples for: web, crypto, reversing, forensic); binary exploitation covered in part II). <br />'''Part II: '''Binary exploitation with Stack Based Buffer Overflows and Return Oriented Programming. Workshop VM (containing slides, exercises etc) for the whole Workshop provided (please download before, Link will follow).<br />=> To get most of the workshop, and especially Part II, its best when you follow along! :)So what you need is:* some sort of Hypervisor (Virtualbox, VMware) installed* ca. 10 Gb free diskspace for the VM (ping me via email if you really can't afford the space- we will find a solution)* import the VM and you're ready to go, excited to see you there :)Instructions to prepare and set up the VM: <br />https://beginnersctf2019.pads.ccc.de/1 <br />pw: LetsPlay!
Cecilia Tosh (SEV)
Let's hack the fashion system. Deep dive into collaborative design. In this workshop we explore methods of collaborative fashion hacktivism creating Kimonas for the House of All - Clothes Commons Assembly. It's part of an experiment by House of Zsa to involve as many people as possible in designing a new system for fashion. This is a hands on workshop where you engage in crafting pieces to protect, sense, feel, show, dance, live in. You don't need to have any former knowledge and it's all but complicated. It's for everyone. like fashion should be. ++ Let's hack the fashion system ++ Deep dive into collaborative design. In this workshop we explore methods of collaborative fashion hacktivism creating Kimonas for the House of All - Clothes Commons Assembly. It's part of an experiment by House of Zsa to involve as many people as possible in designing a new system for fashion. This is a hands on workshop where you engage in crafting pieces to protect, sense, feel, show, dance, live in. You don't need to have any former knowledge and it's all but complicated. It's fun & for everyone - like fashion should be. Max. 12 people.
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
Kapitalismus, seine Folgen und mögliche Alternativen im Gespräch Kapitalismus - Wirtschaftliche AlternativenLukas Küttner im Gespräch mit Dr. Dirk Scheffler von der Gemeinwohlökonomie und Anne Löscher von der wissenschaftlichen Arbeitsgruppe Nachhaltiges Geld.Anne Löscher studierte Politikwissenschaft und VWL an der Martin-Luther-Universität Halle-Wittenberg und University of London. Ihr Promotionsprojekt beschäftigt sich mit Finanzialisierung in Ökonomien südlich der Sahara. Sie engagiert sich beim Netzwerk Plurale Ökonomik, das sich für einen kritischen Umgang mit tradierten Lehrmeinungen in den Wirtschaftswissenschaften einsetzt.Für Dr. Dirk Scheffler sind Nachhaltigkeit und Umweltschutz sinngebender Zweck seiner Arbeit als Organisations- und Umweltpsychologe sowie seiner Weiterbildungen in Dialogbegleitung, Systemischer und Gemeinwohlökonomie-Beratung. Felder seiner thematischen Expertise sind Wirkungsorientierung, Bildung für nachhaltige Entwicklung, Umwelt- und Klimaschutzhandeln, Antidiskriminierung und unternehmerische Selbstständigkeit / Gemeinwohlbilanzierung sowie Handlungsstrategien interdisziplinärer Forschungskooperation.
13:15
We'll talk about fiction and non-fiction books.
13:30
Presentation on the recent protests in Chile from the anarchist perspective Uprising in $hile without leaders and parties. Conversation about what's going on in the Chilean region. Some keys to understand the present situation and how is the protest organise.
14:00
In diesem Talk wird es um die Grundlagen von Ansible gehen, warum es für den Vortragenden das beste Werkzeug ist und welche alternativen es noch gibt. Vom ersten Host Inventory im YAML Format über die kleine Rollen (NTP/Fail2Ban) und Playbooks bis hin zum ersten kompletten Einrichten des Rasberry Pi oder Servers mit eigenen Dotfiles und den Basic Paketen die man so braucht. Auch wird drauf eingegangen, wie und warum reproduzierbare Infrastruktur Builds das Leben eines Admins erleichtern können und im Alltag der händischen Arbeit vorzuziehen sind. Abschließen wird der Talk mit dem Thema "Ansible Playbooks aus dem Internet herunterladen oder selbst machen?" und worauf man achten sollte, wenn man Playbooks für mehrere unterschiedliche Linux Distributionen baut.
Vorstellung eines Ansatzes zur Verknüpfung von OpenData aus verschiedenen Quellen Ob OpenData oder Datenjournalismus: Wer Daten aus verschiedenen Quellen zusammenführt (APIs, Exceldateien, Datenbanken, etc.), ist oft mit dem Problem konfrontiert, diese zueinander in Beziehung zu setzen, zu analysieren oder eine aufbereitete Version der Daten als Mashup zu präsentieren (z. B. als Website). Mitunter möchte man außerdem über einen längeren Zeitraum Daten erheben, um Veränderungen zu verfolgen und ggf. darauf zu reagieren. Ich möchte einen Ansatz vorstellen, wie man dieses Problem mit einem weitestgehend generischen Ansatz lösen kann. Dieser Ansatz, der sich Data Vault 2.0 nennt, ist in Industrie und Wirtschaft bereits verbreitet, in anderen Teilen der datenverarbeitenden Community offenbar aber unbekannt. Dies möchte ich ändern. ## Beispiele Verknüpfung offener Datensätze, Verknüpfung von Daten aus öffentlich verfügbaren Schnittstellen ## Themenfelder Open Data, Open Government, Data-driven Journalism (DDJ)
Meetup to meet other queer people who live with or care for kids We are queer families and want to connect to other queer families/care networks.We plan an introduction round and informal chatting. Kids are welcome.
Lotet mit uns zusammen aus, wie offene Daten zu einer nachhaltigen Entwicklung des städtischen Verkehrs und der Mobilität in Leipzig beitragen können! Seit 2015 stellt die Stadt Leipzig in ihrem Open Data-Portal (https://opendata.leipzig.de/) Daten zur allgemeinen Nutzung zur Verfügung. Frei verfügbare Daten sind eine Grundlage für soziale Innovation und lokale Demokratie, indem sich Bürger/innen mit den Informationen über ihre Stadt beschäftigen und ihre Ideen dazu einbringen können. Bisher gehen die Aktivitäten der Stadt Leipzig aber über das Bereitstellen der Daten kaum hinaus.Das soll sich ändern! In diesem Workshop werden kommunale Daten zu den Themen Mobilität und Verkehr der Stadt Leipzig bereitgestellt, die sonst nicht oder nur teilweise öffentlich zugänglich sind. Lotet mit uns zusammen aus, wie offene Daten zu einer nachhaltigen Entwicklung des städtischen Verkehrs und der Mobilität in Leipzig beitragen können!Leipzig steht bei Fragen der Mobilität vor großen Herausforderungen:- Leipzig wächst! In den letzten 15 Jahren um ca. 100.000 Einwohner. Mehr Menschen bedeutet auch mehr Staus und verstopfte Straßen! Oder? Wie können offene Daten helfen, den Verkehr nachhaltiger, also klimafreundlicher, flächenschonender und sozial verträglicher zu organisieren?- Leipzigs Verkehr soll bis 2030 nachhaltiger werden! Das hat der Stadtrat 2018 beschlossen. Wie können wir mithilfe offener Daten geeignete Maßnahmen auf diesem Weg identifizieren?- Mobilitätsplanung demokratisieren! Der Entscheidungsweg zur Mobilitätsstrategie 2030 war von einer breiten Beteiligungskultur geprägt. Diese Arbeitsrichtung wollen wir fortführen und auf die Nutzung kommunaler Daten ausdehnen. Wenn die Mobilitätsentscheidungen der Menschen nachhaltiger werden sollen, müssen auch die zugehörigen Lösungen mit ihnen gemeinsam entwickelt werden. Daran arbeiten wir in diesem Workshop.Neben den Datensätzen, die bereits jetzt auf den Open Data-Portal der Stadt Leipzig verfügbar sind, werden weitere statistische Geodaten der Stadt Leipzig eigens für den Workshop zugänglich gemacht.Der Workshop wird finanziert durch den Europäischen Fonds für regionale Entwicklung (EFRE) im Rahmen der Interreg Central Europe – Initiative.
A meet-up for digital nomads / itinerant hackers. Are you a digital nomad or an itinerant hacker? Come and meet others who are as well!Do you have questions about life as a digital nomad or an itinerant hacker? Come and ask.This space is open for anyone who wants to make friends, talk travel, swap packing tips, or ask about the 200, 404 and 500 of working remote from around the world.
für alle Engel, die etwas mit Essen zu tun haben (wollen)
Hypnosis lesson for beginner '''Important:''' In the previous years, we regularly had way too many people trying to get in (rooms are objects of finite size), with waiting lines all across the hallway. This year, we want to avoid the crowd control issues that come with such scenarios. That's why you now need to pre-register for the workshop at https://ticket.kinkygeeks.de. Our website will give you a free ticket, which you need to provide at the workshop door to gain access.Workshop Handout:Http://ideerly.de/hypno-kink-handout.pdf
Leipziger Basis mjut / Das Konglomerat
this session is about how to make using pretalx and its adminstration work and distribute the workload to more than just a few (same old) ppl, make the process transparent how we got here and what we now can do together to make pretalx work @c36c3 over the next couple of days last year @c35c3 we were using pretalx and it was a hustle for several people to set it up, backend and frontend, keep it alive and functioning during congress. still we made it work, komona style. now, having the decision made by delis of komona's this year's @cccamp in august: not to use pretalx @c36c3...well, here we go again: being a habitat and being one (small) wheel in ccc structure & (programm) production kind of "forced" us to use pretalx again --- not just the ccwiki as we wanted --- so that again a few ppl are build this pretalx structure (backend and fronted) and make it accessible for everyone, writing and launching a cfp, taking on submissions, look that the scheduling works, dealing with pretalx limitations, beiing too hierarchical in its design of who is allowed to do what as a user/admin, not being seen by most komonistats what the orga effort behind it, putting more workload on ppl. that are already doing a lot to make komona work. so, lets use day 1 to have a session about how2use and admin komona-pretalx @c36c3
F-Droid Community Meetup F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.This is a meet-up of F-Droid developers, developers of FOSS Android apps and interested users of the free Android ecosystem.
Bringing curtisannes cantine from OpenLab Augsburg to 36C3! Bringing curtisannes cantine from OpenLab Augsburg to 36C3!...this time we will be baking, though.I'm proud to be able to celebrate my birthday at Congress - so I intend to celebrate with various cakes and Fairy Dust Cookies! If you got a sweet tooth, a weakness for decorating or children who do, feel free to join in curtisannes cake center!The cakes I plan to bake are:- cinnamon rolls with raisins and cream cheese - tarte au chocolate with orange slices - almond apple pie - carrot cake with pecans and almondsFurthermore, I hope there is still time left to prepare a simple cookie dough and decorations. If it doesn't fit in the timeslot on 27th, we may prepare the dough later and bake them during 36C3 anyway.If you have further questions or requests just send me an e-mail: contact@curtisanne.rocks or take a look at the foodhackingbase wiki page: https://foodhackingbase.org/wiki/Ccc36c3See you there!
Workshop as an introduction to soybean fermentation. It will take you through the preparation of the soybeans or other legumes. [https://dudle.inf.tu-dresden.de/tempehmaking36c3 To secure spot on this workshop please sign in here.][[Image:800px-Tempeh_cloth_overview_faa05092017.jpg|thumb|right|Tempeh made in cloth]][[Image:800px-Tempeh_banana_leave_ready_1600_faa08092017.jpg|thumb|right|Tempeh in banana leave]][[Image:800px-Tempeh_banana_leave_cut_close_up_1600_faa08092017.jpg|thumb|right|Tempeh cut close up]][https://foodhackingbase.org/wiki/Recipe:Tempeh_making_manual_-_short_workshop_form Workshop manual is shared here.]This workshop is an introduction to soybean fermentation. It will take you through the preparation of the soybeans or other legumes (most likely chickpeas), inoculation of the beans with the microbial culture and the subsequent harvesting and aging - your ferment should be ready for preparation and eating on the Day 3. We will focus on [https://en.wikipedia.org/wiki/Tempeh tempeh] cultured by ''[https://en.wikipedia.org/wiki/Rhizopus_oligosporus Rhizopus oligosporus]'' which is nice and easy opening for beginners.The diversity of the ferments which can be prepared from soybeans (and other legumes) is truly amazing, depending on the cultures (microbes) being used and conditions/techniques applied (and of course the treatment of the beans). In this workshop we will go through the basic steps which will secure proper preparation of the chickpeas/beans as a substrate for the microbes to inoculate it with. Optimal fermentation conditions will be discussed and devices making it easy to establish them suggested ([https://foodhackingbase.org/wiki/Experimental_Incubator Experimental Incubator] for example). We will be also harvesting/preparing the previously made tempeh and as usually tasting samples of the final products. The results of this workshop should be ready for tasting on Day 3 (48 hours of fermentation at 25-30°C is sufficient). We are going to provide the participants with adequate starter cultures for their experiments, at least for few first batches, you should however get your own starter for later experiments, more info below.This workshop is based on '''donation at your will no one turned away for lack of funds'''. If you can afford to donate, please do, during the years I have found out that if people donate during the workshop between €5-15 per person, things go well for me and I can cover most of the expenses so I can keep coming to the events. For the past three years or so we are using [https://www.topcultures.com/ starter from Topcultures] company based in Belgium. It works very well and it is well priced, for €20-30 you will have enough to play for a year or so I would say. However as mentioned above, part of the "package" is small dosage of the starter for you for few to several first batches.
Let’s come together, connect and talk about DIYBio The DIYBio community is a network of Do-It-Yourself and Do-It-Together biologists. They come together at meetups and spaces to support other people and to learn and work with plants, microbiology and bio-technology. But in contrast to open workshops like Fablabs, Hacker- and Makerspaces, which are rapidly growing, such bio-laboratories are still rare to find and/or not easily accessible. I personally want to establish such a space in my city, and I am interested to hear what you think about DIYBio and what you might have already learned or achieved.So let us come together, connect and talk about DIYBio: the intentions, responsibilities, chances, risks and problems. What is required to build such a space, how to grow partnerships? Let's share ideas for workshops, projects and collaborations! I would love to hear your input so we can come up with a good plan that goes into the right direction!
14:10
So called “0-click” exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such exploits against the iPhone this year. This talk will go into the details of how a single memory corruption vulnerability in iMessage was remotely exploited to compromise an iPhone. The insights gained from the exploitation process will hopefully help defend against such attacks in the future. This talk will dive into the internals of an iMessage exploit that achieves unsandboxed remote code execution on vulnerable devices (all iPhones and potentially other iDevices up to iOS 12.4) without user interaction and within a couple of minutes. All that is necessary for a successful attack in a default configuration is knowledge of the target’s phone number or an email address. Further, the attack is also possible without any visible indicators of the attack displayed to the user. First, an overview of the general iMessage software architecture will be given, followed by an introduction of the exploited vulnerability. Next, a walkthrough of the exploitation process, including details about how the various exploit mitigations deployed on iOS were bypassed, will be presented. Some of the exploitation techniques are rather generic and should be applicable to exploit other vulnerabilities, messengers, and even other platforms such as Android. Along the way, some advice will be shared with the audience on how to bootstrap research in this area. The talk concludes with a set of suggestions for mobile OS and messenger vendors on how to mitigate the demonstrated exploit techniques effectively and hopefully make these kinds of attacks significantly more difficult/costly to perform in the future. While previous experience with iOS userland exploitation will not be required for this talk, some basic background knowledge on memory corruption vulnerabilities is recommended.
Ein von Zeit Online entwickeltes Tool macht es möglich, die Plenarprotokolle des Bundestags grafisch und inhaltlich auszuwerten, und zwar seit seiner ersten Sitzung 1949 bis heute. In den 200 Millionen Wörtern zeigen sich historische Zäsuren, sie machen gesellschaftliche und sprachliche Entwicklungen sichtbar: Wie ernst nahm der Bundestag in den vergangenen Jahren den Klimawandel? Wie häufig redeten die Abgeordneten über Datenschutz, über Arbeitslosigkeit, über Rechtsextremismus, über Geflüchtete? Es wird sichtbar und vergleichbar, zu welchem Zeitpunkt welche Themen debattiert wurden, wie sich die politische Aufmerksamkeit über die Jahre verändert hat. Und die Daten belegen, wie die Sprache selbst sich verändert, nicht nur weil neue Themen aufkommen, sondern auch weil sich der Sprachgebrauch wandelt. Am Ende kann das Publikum selbst Wörter vorschlagen und versuchen, die entsprechenden Graphiken zu interpretieren. Die Protokolle des Bundestags decken einen Zeitraum von siebzig Jahren ab. In dieser Zeit hat sich die Bundesrepublik stark verändert und damit natürlich auch die im Bundestag verwendete Sprache. Manche Dinge sind trivial, z.B. dass Flüchtlinge einst Vertriebene waren oder dass mit Computernetzen zusammenhängende Wörter erst in neuerer Zeit auftauchen. Andere überraschen, z.B. dass seit der Wiedervereinigung mehr von Ostdeutschen als von Westdeutschen gesprochen wird. Anhand von einschlägigen Beispielen wollen wir erläutern, wie sich Sprache und mit ihr Politik verändert hat. Wir untersuchen die Rhetorik alter und neuer Rechter, die Rhetorik des "Marktes", der Krisen und natürlich auch die des gepflegten Beschimpfens. Mit dem Tool lässt sich zeigen, welche Debatten groß und wortreich geführt wurden, welche klein und unbedeutend blieben, obwohl es vielleicht wichtig gewesen wäre, über die Themen zu debattieren. Die Sprache ist somit der Zugang zur Analyse der Politik des Parlaments. Woher stammen unsere Daten? Wir haben die Protokolle aller Sitzungen des Deutschen Bundestages analysiert: 4.217 Protokolle aus 19 Legislaturperioden, insgesamt rund 200 Millionen Wörter. Sie stammen aus dem Open Data Portal des Bundestages. Jede Sitzung wird dort von Stenografen genau dokumentiert und auf diesem Portal veröffentlicht. Unsere Auswertung beginnt mit der ersten Sitzung am 7. September 1949 und endet mit der letzten Sitzung vor der Sommerpause 2019 — der Sondersitzung zur Vereidigung von Annegret Kramp-Karrenbauer als Verteidigungsministerin am 24. Juli 2019.
Wir verlassen uns in unserem Alltag permanent auf die Verfügbarkeit von elektrischer Energie. Aber wenn wir vom dauerhaften Betrieb von Kraftwerke, die fossile Energieträger verbrennen, wie stellen wir die Versorgung sicher, wenn nachts kein Wind weht? Elektrolyse oder Pumpspeicherkraftwerk? Superkondensatoren oder mechanische Speicher? Was geht heute überhaupt schon? Ähnlich unklar ist die Zukunft der Mobilität, wenn Verbrennungsmotoren von unseren Straßen verschwinden sollen. Batteriefahrzeug oder Wasserstoffauto? Und bekommt man sein Fahrzeug überhaupt so schnell vollgetankt wie heute mit Benzin? Als eins der größeren Probleme stellt sich die Bereitstellung elektrischer Energie für unsere hoch technologisierte Welt dar. Der Beitrag der aus erneuerbaren Energiequellen gewonnenen elektrischen Energie ist in den letzten Jahrzehnten beständig gestiegen, aber dennoch bleibt ein Problem: wie stellen wir Energie bereit, wenn keine Sonne scheint und kein Wind weht? Ein Überblick über bekannte und weniger bekannte Energiespeicher soll erleichtern, aktuelle Diskussionen der Energie- und Klimapolitik zu verstehen und einzuordnen. Batterien und Akkus liefern seit vielen Jahrzehnten den Strom für vor allem tragbare Geräte: Die allgegenwärtige, nicht wiederaufladbare Alkali-Mangan-Batterie speist Uren, Fernbedienungen, Taschenlampen und Geräte aller Art. Speziell die wiederaufladbare Lithium-Ionen-Batterie hat unsere moderne Welt revolutioniert, aus gutem Grund wurde diese Entwicklung dieses Jahr mit dem Nobelpreis in Chemie ausgezeichnet. Wird diese Technologie die Zukunft der Elektromobilität sein, und den überschüssigen Solarstrom speichern, um ihn nachts wieder zur Verfügung zu stellen? Oder sollte die kaum bekannte Natriumsulfid Batteriechemie der bessere Kandidat sein? Wie macht man aus Solarstrom Wasserstoff, und wie speichert man diesen? Lohnt sich das überhaupt, und wenn ja, wie bekommt man daraus wieder elektrische Energie erzeugt? Aktuell tobt eine erbitterte Debatte, ob die Elektromobilität in Zukunft nun auf reinen Batteriebetried setzen sollte, oder doch das Wasserstoffauto das Rennen machen soll. Gibt es eine klare Antwort darauf, und wie sind die jeweiligen Beiträge von Wissenschaft, Wirtschaft, Politik und Ethik?
The 3DS is reaching end of life but has not revealed all its weaknesses yet. This talk will go through the process of reverse engineering an undocumented communication protocol and show how assessing hard-to-reach features yields dangerous results, including remote code execution exploits! <p>Embedded Devices are all around us, talking to each other in ways we often don't even realize. In this talk, we discuss how one such communication mechanism in the 3DS remained unexplored for over seven years as well as the vulnerabilities that were lying dormant as a result.</p> <p>We will explore specific features of the 3DS and talk about their low-level implementation details and about why they were not tested before. Besides, we will walk through the (lengthy) dev process involved in putting together this exploit, and the significant risks involved in devices (even game consoles) having this kind of vulnerability.</p> <p>Finally, we will demonstrate the attack in action.</p> <p>Since the talk will be a bit technical some basic knowledge about network protocols and software exploitation techniques is recommended, but it is aimed to be enjoyable for non-technical audiences as well.<br>One might also take a look at previous talks (32c3 and 33c3) about the 3ds for more in-depth background knowledge.</p>
Modern smartphones offer a whole range of sensors like magnetometers, accelerometers or gyroscopes. The open source app "phyphox", developed at the RWTH Aachen University, repurposes these sensors as measuring instruments in physics education. When put into a salad spinner, the phone can acquire the relation of centripetal acceleration and angular velocity. Its barometer can be used to measure the velocity of an elevator. And when using two phones, it is easy to determine the speed of sound with a very simple method. In this talk, I will show these possibilities in demonstration experiments, discuss available sensors and their limitations and introduce interfaces to integrate phyphox into other projects. In this talk, the developer of the app "phyphox" at the RWTH Aachen University will first introduce how sensors in smartphones can be used to enable experimentation and data acquisition in physics teaching with several demonstrations on stage. Available sensors and their limitations will be discussed along with interfaces allowing the integration of phyphox into other project, either as a means to access sensor data or to display data from other sources. The app is open source under the GNU GPLv3 licence and available for Android (>=4.0) and iOS (>=8.0). It is designed around experiment configurations for physics education at school and university, allowing for a quick setup with a single tap. At the same time, these configurations may be modified by any user to set up customized sensor configurations along with data analysis and data visualization, defined in an XML format. These configurations are Turing complete and can easily be transferred via QR codes, so an experienced user (teacher) can create a specific configuration and allow less experienced users (students) to use it with ease.
14:30
Was wäre, wenn das Internet nicht wie ein feudaler Besitz regiert würde? Was wäre, wenn es von und für Leute, die es benutzen, betrieben würde? Ich benutze Freedombone um der Geselschaft sowie auch allen Individuen zu ermöglichen, die Datensouveränität aus dem free-to-use Model des Überwachungskapitalismus zurück zu gewinnen. Durch die Möglichkeit ["Server Apps"] ohne technisches Wissen mit 4 Klicks über einer Web UI zu installieren, ist es möglich, dass Hobby-Admins ohne viel Zeit, sowie auch in Umgang mit Servern und Hosting unerfahrene Menschen nicht bei der Inbetriebnahme scheitern. Somit kann jede Einzelperson oder eine Community das Internet als freies Kommunikationmiittel wieder nutzen.Bei diesem Talk liegt der Fokus auf dem Fediverse, die Vernetztung sozialer Bewegungen und dem nutzen Dienstprogramme. ["Server Apps"](https://freedombone.net/apps.html) Es ist eine Tatsache, dass Mainstream-Software kaputt ist und die Unternehmen, die sie entwickeln, unzuverlässig und datenhungrig sind. Daher ist zu folgern, dass wir einen Bruchpunkt in der Gesichte des menschlichen Informationsaustausches erreicht haben. Die Rückgewinnung der Datensouveränität ist bei Freedombone ein Selbstverständnis. **Du willst also deine eigenen Internetdienste betreiben, aber hast keine Zeit dies umzusetzen?** Die Konfiguration von Diensten wie E-Mail, Chat, VoIP, Websiten, Dateisynchronisation, Wikis, Blogs, soziale Netzwerken (pleroma, zap, pixelfeed, ua.), Medienhosting, Backups, VPN sind an sich schon ein nicht triviales Unterfangen. Das Ziel von \[Freedombones\](https://freedombone.net/) ist es die Konfiguration zu übernehmen. Freedombone ist ein Home-Server-System, mit dem du all diese Dinge von deinem Wohn- oder Hackerzimmer hosten kannst. Für die Einrichtung wird eine .img.xz [Image] auf einen USB Stick geladen. Nach dem ersten Boot ist ein Email Server schon funktionsfähig. Standartmässig sind alle Dienste im Internet über DNS im Clearnet aber auch im Darknet über TOR erreichbar. Freedombone ist ein AGPLv3 Open Source Projekt. [Git](https://code.freedombone.net/bashrc/freedombone) Mein aktuelles Ziel, in diesem Jahr, war die Einbindung von Freifunk. Die Weboberfläche zeigt alle öffentlich bekannten Freifunk Nodes einer lokalen Freifunk Gruppe auf einer Karte an. Der Admin wählt den Konfig einer Freifunk Gruppe. Seit Frühjahr arbeite ich auch an an einem GitlabCI System, welches das Ziel hat die Wartung der Software des Projektes zu erleichtern.
14:45
SearchWing baut eine Rettungsdrohne für die zivilen Rettungsorganisationen im Mittelmeer wie Sea-Watch, Sea-Eye und Resqship. Wir beschreiben den Aufbau, die Tests auf dem Mittelmeer, die Herausforderungen beim Bau und beim Einsatz des autonomen Flugzeugs und werfen einen Blick auf die verwendeten Bilderkennungsalgorithmen. Wir helfen zivilen Rettungsorganisationen im Mittelmeer bei der Suche nach Schiffbrüchigen. In diesem Talk berichten wir von den Schwierigkeiten und Herausforderungen beim Bau einer autonomen Drohne, die für Einsatz im Mittelmeer geeignet ist. Wenn beispielsweise die Akkus auf dem Flughafen Hamburg im sicheren Schrank verbleiben, weil einer vergessen hat die Akkus für den Flug anzumelden... Wir erläutern den technischen Aufbau mit PixRacer Hardware, Mini Talon EPO Rumpf und den anderen Komponenten. Ungewöhnlich im Vergleich zum klassischen Modellflug ist der Long Range Telemetrie Funk, der große Akku (10000 mAh bei 2kg Fluggewicht) und das ganze Salzwasser :-(. Im Februar 2019 waren wir für Tests auf Malta und im Mai 2019 hat Björn dann den ersten Einsatz im Mittelmeer in Zusammenarbeit mit ResQShip e.V. gemacht. Deshalb können wir auch die Einsatzerfahrungen schildern - wie man das Flugzeug auf dem Schiff startet und landet. Zum Einstieg geben wir auch eine Zusammenfassung der Situation der Seenotrettung im Mittelmeer. Unser Flugzeug sammelt im Flug Bilder, die im Anschluss vom Flugzeug geladen und analysiert werden. Um diese manuelle Bildanalyse zu beschleunigen entwickelen wir auch Computer Vision Algorithmen - auch davon werden wir auf dem Talk einen Überblick geben. Eine Person aus dem Computervision-Team (Petrosilius) hatte bereits letztes Jahr auf der Freifunkbühne dazu einen Vortrag gehalten.
15:00
36c3-Spezial mit Interviews Wie klimafreundlich ist Software? Zu Gast: Maria Köhn und Eva Kern, UBA
The c3lingo team meets twice a day. Join us to help us doing live interpretations of all talks. This meeting is used for the distribution of shifts for the Translation team.
The c3lingo team meets twice a day. Join us to help us doing live interpretations of all talks. This meeting is used for the distribution of shifts for the Translation team.
Rahel
Kodi (formerly XBMC) is a free and open source media player application, with a user base stretched across a plethora of platforms. This talk focuses on some of the challenges of the project. With a consumer/enthusiast facing software, multiple challenges arise. The scope of expertise needed by Kodi is broad. Maintaining the forum and social media accounts is a huge task because of the sheer number of users. Servers have to be capable to handle the requests, caused by downloads, forum access and the add-on system of Kodi. Software developers have to cover a wide spectrum of tasks are needed to maintain and improve the media player. A part of the talk will be dedicated to writing Python add-ons (extensions) for Kodi, to enhance the functionality of the software.
In our reactor you will learn how to reprogram a body with Thai massage.
with lisa p/sebastian W./Kaloan
iCEBreaker FPGA Workshop
Get a massage by professional therapists. In 20-Minutes-Slots you can reboot your head, shoulders and back. Contact: Marko Mijokovic (01636934204)
15:30
Worker-owned tech-coops have become a growing movement worldwide as a progressive alternative to traditional IT companies and individualised freelancing. In the last few years we have been busy creating a network of tech-coops in Germany and beyond. In this session we want to share general information about tech-coops, why we think they are awesome and what we've learned so far. We also want to create a general space to have a discussion about tech-coops and learn from our experiences.
Nachhaltig gute Software, Lernmaterialien und Hardware für Schulen Wir wollen einen Vorschlag für eine Checkliste für Schulen diskutieren. Die Checkliste soll Schulen helfen bei der Auswahl von Software, Lerninhalten und Hardware eine Orientierung für relevante Kriterien geben.Die Sessionplanung findet hier statt:https://cyber4edu.org/c4e/pad/p/36c3
16:00
In den vergangenen Jahren haben sich immer mehr feministische Hackspaces in den verschiedensten Formen gegründet. Warum eigentlich? Was bewegt Menschen dazu, was macht einen feministischen Hackspace überhaupt aus und wie können wir alle davon lernen? Das habe ich in meiner Masterarbeit untersucht und bin dafür durch Deutschland gereist, um mit Mitgliedern feministischer Hackspaces zu sprechen. Im Ergebnis werden die Funktionen feministischer Hackspaces beleuchtet und analysiert, warum diese Räume für ihre Mitglieder so wichtig sind. Um das herauszufinden, habe ich mit dem qualitativen Forschungsstil der „Grounded Theory“ in einem zirkulären Verfahren Interviews geführt und ausgewertet. So habe ich ein Modell entwickelt, das zeigen kann, welche Kernfunktionen Hackspaces haben, welche Faktoren Menschen davon abhalten, in ihrem lokalen Hackspace aktiv zu werden, und wie feministische Hackspaces versuchen, diese Defizite auszugleichen.
Getting your itinerary presented in a unified, well structured and always up to date fashion rather than as advertisement overloaded HTML emails or via countless vendor apps has become a standard feature of digital assistants such as the Google platform. While very useful and convenient, it comes at a heavy privacy cost. Besides sensitive information such as passport or credit card numbers, the correlation of travel data from a large pool of users exposes a lot about people's work, interests and relationships. Just not using such services is one way to escape this, or we build a privacy-respecting alternative ourselves! Standing on the shoulders of KDE, Wikidata, Navitia, OpenStreetMap and a few other FOSS communities we have been exploring what it would take to to build a free and privacy-respecting travel assistant during the past two years, resulting in a number of building blocks and the "KDE Itinerary" application. In this talk we will look at what has been built, and how, and what can be done with this now. In particular we will review the different types of data digital travel assistants rely on, where we can get those from, and at what impact for your privacy. The most obvious data source are your personal booking information. Extracting data from reservation documents is possible from a number of different input formats, such as emails, PDF files or Apple Wallet passes, considering structured annotations and barcodes, but also by using vendor-specific extractors for unstructured data. All of this is done locally on your own devices, without any online access. Reservation data is then augmented from open data sources such as Wikidata and OpenStreetMap to fill in often missing but crucial information such as timezones or geo coordinates of departure and arrival locations. And finally we need realtime traffic data as well, such as provided by Navitia as Open Data for ground-based transport. Should the author fail to show up to this presentation it might be that his Deutsche Bahn ticket rendering code still needs a few bugfixes ;-)
find more Info at [[C3auti]]
Stammtisch für Menschen aus dem Bildungsbereich Stammtisch für Menschen aus dem BildungsbereichHier nach Nachtrag die Links zu unseren Fahrstuhlreden:* https://www.oercamp.de/* https://buendnis-freie-bildung.de/* https://github.com/frank-christiansen/iqsh-winkekatze* http://www.olaf.one/* https://tetrapix.de/* https://instahub.org/* https://ada7.de/* https://tcp.nhcham.org/
General Angel meeting day 1 / Introduction meeting for new angels General angel meeting.All angels please join.Also: New angels please come around to get to know the people and some of the tricks of how-to-angel best.
YJ Heimi ist YouTube-Jockey und Heimleiter der Restrealitaet.
Das Günther (PEP - Punkt Elektro Performance)
Löten für Einsteiger - oder: warum riecht menschliche Haut beim Kontakt mit dem Lötkolben nach Huhn? Wir wollen uns in den zwei Stunden die Grundlagen des Lötens erarbeiten. Also welcher Lötkolben oder Lötstation, welches Material, welches Zubehör ist notwendig und sinnvoll? Was tun wir? - Handhabung Pflege und des Lötwerkzeugs - einfache Lötübungen - Löten auf Leiterplatten - Löten mit Drähten und Bauteilen Während des Workshops können auch selbst mitgebrachte Bausätze zusammengelötet werden. Bei Interesse an diesem Workshop meldet Euch gerne im Vorfeld bei mir: dk6tm (at) dk6tm.de oder @DK6TM_ auf Twitter oder @DK6TM@chaos.social bei Mastodon.
Eine kleine Einführung in numerisches Python mit NumPy und SciPy. Für alle die noch nicht wissen, dass sie es brauchen oder es schon immer mal benutzen wollten: Ein kurzer Überblick der Möglichkeiten und Funktion von NumPy und SciPy (ohne Anspruch auf Vollständigkeit). Dazu beispielhafte Anwendungsgebiete in der Forschung, anschaulich anhand eigener Beispielanwendungen im Kontext numerischer Physik. Die kleine Einführung für Neulinge zum Anfangen und Interesse wecken! :)
Das Podcaster*innenjahr 2019 sollte auch diesmal ausgewertet werden, wie hat sich unsere Podcastlandschaft entwickelt, vwas lief gut was schlecht. Wie stehen wir zu den aufkommenden Kommerzialisierungen und Radioisierungen der Podcasts und welche Rolle spielen Frauen dabei. Das Podcaster*innenjahr 2019 sollte auch diesmal ausgewertet werden, wie hat sich unsere Podcastlandschaft entwickelt, vwas lief gut was schlecht. Wie stehen wir zu den aufkommenden Kommerzialisierungen und Radioisierungen der Podcasts und welche Rolle spielen Frauen dabei.
stills, 20 min, 2019, english language "You know you're the best, when people you don't know hate you." In this exclusive interview, a controversial 60-year-old socialite, designer, entrepreneur and style icon gives her take on beauty, political correctness and #metoo. She might be famous for no reason – and, as she frequently points out, has never been a "payroll slave" – but her fierce attitude and refreshing ideas have made her queen mom for generations of all backgrounds around the world. Will you love her or hate her? Sit back and find out.
Taschen mit eigenen Logos bedrucken. Wir möchten gemeinsam Baumwolltaschen und Turnbeutel gestalten. Dazu zeigen wir, wie Logos geplottet und zu Stoff gebracht werden. Es ist möglich eigene oder das 36c3-Logo zu plotten und auf Jute- oder Turnbeutel zu Drucken. Einfache Sticker für Laptops, o. ä. sind ebenfalls möglich. Für die Materialien wird um einen Unkostenbeitrag gebeten, wobei eigene Baumwollstoffe mitgebracht werden können.Weitere Informationen in unserem [https://pads.c3re.de/p/sticker Pad]
Try out a CV Dazzle to hack your face to recognition tech. Break up the lines of your face and get a make-up of extremes. Never hide! Always dazzle!
spielerisch und kreativ die Welt der Computer kennenlernen Mit dem Calliope mini kannst du spielerisch und kreativ die Welt der Computer kennenlernen. calliope.ccAnzahl Teilnehmer*innen: 5-10Alter: 6+ JahreDauer: 30-60minAnmeldung erforderlich?: Nein
Musik aus und mit modifizierten, selbstgebauten Klangerzeugern Musik aus und mit modifizierten, selbstgebauten KlangerzeugernAnzahl Teilnehmer*innen: 3-7Alter: für Kinder von 5-99 JahrenAnmeldung erforderlich?: nein, kommt jederzeit vorbei (während der Workshopzeiten)Unkostenbeitrag: Freiwillige Spenden
Hands on workshop on detox seaweed Bibimbap [[Image:Seaweed_bibimbab_1.jpg|thumb|Seaweed bibimbab]][[Image:Seaweed_bibimbab_2.jpg|thumb|Seaweed bibimbab with rice]][[Fhb_36c3|<<<Back to the main page>>>]][https://dudle.inf.tu-dresden.de/bibimbab36c3/ To secure spot on this workshop please sign in here].Hi everyone!! I'm Eunha from Korea. Korea has the one of the most variety of seaweed. Traditionally we enjoy the seafood and seaweed. For examnple after you (only women case) have a birth you should eat miyoek (''[https://en.wikipedia.org/wiki/Wakame Undaria pinnatifida]'') for a while because the iodine makes the woman after birth the blood clean and her womb shrinks quickly. You can see and enjoy the several eatable seaweed in my workshop "hacked" with traditional Korean [https://en.wikipedia.org/wiki/Bibimbap bibimbab]. Through this workshop i hope you have more interests in sea and nature. Thanks.This workshop is based at donations at your will no one turned away for lack of funds.
This workshop is an introduction to a cheap and simple beef jerky drying box. It will take you through making the box from provided materials. To secure spot on this workshop please sign in [https://dudle.inf.tu-dresden.de/jerky-fhb-36c3/ here] when the sign in system is ready.[[Image:800px-Box_open_IMG_20181209_222125_521_s.png|thumb|right|Jerky, drying in the Box]][[Image:651px-Box_closed_IMG_20181209_222149_274.png|thumb|right|The complete Box]][[Image:800px-Box_with_battery_IMG_20181209_222021_007_s.png|thumb|right|A better view on a quick and dirty power supply of the Box]]This workshop is an introduction to a cheap and simple beef jerky drying box. It will take you through making the box from provided materials. After that the preparation of meat for drying will be handled.There will be samples for participants, to try what kind of jerky can be made with these boxes. [https://foodhackingbase.org/wiki/Recipe:Beef_Jerky Workshop recipe is shared here.]In this workshop you will be provided with everything you need for building a beef jerky box. This box is designed to be small, lightweight, flexible and cheap. It is very simple but works fine. The box can be folded nicely and takes little space when folded together. There are several possibilities for hanging the meat while drying, the "standard" method simply folds away as the box is collapsed. After use, the box can be easily cleaned, even sticky marinade rinses off.There is space for drying around 200gr of meat at once, more or less. I'm sure this could be even more if more fishing line is added, but that might impact drying time.The number of parts is small and the potential for future hacking is definitely there. Some suggested adding an air filter (for filtering out dust from the incoming air) for example. This can easily be done, there is space left for that!The old 9V clip to power the box has been replaced by 5V (USB) power, but a power supply that directly delivers 12V is tested the most. The 5V way uses a step up converter and should work just fine, but there have been no long term tests.We have enough material for 9 people.This workshop is based on '''donation at your will no one turned away for lack of funds'''. If you can afford to donate, please do.
What not to do when the shit hits the fan A short demonstration of techniques, materials and methods for rope access and rescue, especially the dangers and what can go wrong. *How to spot and avoid Materials that are totally unsafe for most applications *Things you shouldn't do when stuck in your favourite tree house.*Things you shouldn't do when you find yourself on a bridge. *Things you definitely shouldn't do when you discover a giant poster in your pocket. *Things you should absolutely avoid when expecting a speedy rescue by the authorities.*How to get your friends safely back to the ground when the authorities start fucking up This is not an in-depth climbing course.
16:10
Herzstück der digitalen Gesundheitsversorgung für 73 Millionen Versicherte ist die hochsichere, kritische Telematik-Infrastruktur mit bereits 115.000 angeschlossenen Arztpraxen. Nur berechtigte Teilnehmer haben über dieses geschlossene Netz Zugang zu unseren medizinischen Daten. Ein "Höchstmaß an Schutz" also, wie es das Gesundheitsministerium behauptet? Bewaffnet mit 10.000 Seiten Spezifikation und einem Faxgerät lassen wir Illusionen platzen und stellen fest: Technik allein ist auch keine Lösung. Braucht es einen Neuanfang? Schon in 12 Monaten können 73 Millionen gesetzlich Versicherte ihre Gesundheitsdaten in einer elektronischen Patientenakte speichern lassen. Dazu werden zurzeit alle Arztpraxen, Krankenhäuser und Apotheken Deutschlands über die neu geschaffene kritische Telematik-Infrastruktur verbunden. Dieses hochverfügbare Netz genügt "militärischen Sicherheitsstandards", bietet ein "europaweit einzigartiges Sicherheitsniveau" und verspricht ein "Höchstmaß an Schutz für die personenbezogenen medizinischen Daten" wie Arztbriefe, Medikamentenpläne, Blutbilder und Chromosomenanalysen. "Wir tun alles, damit Patientendaten sicher bleiben." "Selbst dem Chaos Computer Club ist es nicht gelungen, sich in die Telematik-Infrastruktur einzuhacken." "Nach den Lehren aus PC-Wahl, Ladesäulen und dem besonderen elektronischen Anwaltspostfach brauchen wir kein weiteres Exempel."
PDF is the most widely used standard for office documents. Supported by many desktop applications, email gateways and web services solutions, are used in all sectors, including government, business and private fields. For protecting sensitive information, PDFs can be encrypted and digitally signed. Assumed to be secure for 15 years, our talk reveals how to break PDF Encryption and how to break PDF Signatures. We elaborated novel attacks leading to critical vulnerabilities in all PDF viewers, most notably in Adobe, Foxit, and Okular. As a result, an attacker can retrieve the plaintext of encrypted PDFs without knowing the password and manipulate the content of digitally signed PDFs arbitrarily while a victim is unable to detect this. The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. It is used to store sensitive information like contracts and health records. To protect this information PDF documents can be encrypted or digitally signed. Thus, confidentiality, authenticity, integrity, and non-repudiation can be achieved. In our research, we show that none of the PDF viewers achieve all of these goals by allowing an attacker to read encrypted content without the password or to stealthily modify the signed content. We analyze the PDF encryption specification and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. In addition, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. All findings have been responsibly disclosed, and the affected vendors were supported during fixing the issues. Our research on PDF security is also available online at https://www.pdf-insecurity.org/.
The Large Hadron Collider (LHC) is the biggest particle accelerator on Earth. It was built to study matter in more detail than ever before and prove physical theories like the Standard Model of Particle Physics. This talk will focus on the engineering aspects of LHC. How was it built? What makes it tick? Which technologies are needed to create a such powerful machine? This talk will take you on a journey to explore how the most complex machine ever built by humans works. During previous CCCs, several talks described what kind of data the experiments of LHC look out for, how the data is stored, how physicists are analysing data and how they extract their huge discoveries. Often times though, the presence of the particle accelerator itself is taken for granted in light of these findings. That's why this talk will give an in-depth engineering summary about that 'particle accelerator'. We'll shed light on the big technology and engineering problems that had to be solved before being able to build a machine that we take for granted these days. Among other things, we will describe how to cool down several thousand tons of magnets to -271.25°C, how to safely dissipate ~500 MegaJoule of energy in just a fraction of a second, or how to bend a beam of particles around a corner while it's moving along with ~99,9999991% of the speed of light. Of course, we'll also touch on the bits that make collecting the data gathered in all the physics detectors possible in the first place.
Seit dem 14. November ist die letzte Schonfrist zur Umsetzung der Europäischen Richtline 2015/2366 über Zahlungsdienste im Binnenmarkt (neudeutsch PSD2) verstrichen. Das hat erst vielen Banken viel Arbeit gemacht, und macht jetzt vielen Kunden viel Ärger. Warum eigentlich? Dieser Vortrag gibt einen Überblick über die Hintergründe der Zahlungsdiensterichtlinie, das was sie bewirken sollte, und das was sie tatsächlich bewirkt. Der Sicht aus der Regulierungsperspektive wird die tatsächliche Erfahrung als Anwender, und als Entwickler von Open-Source-Software gegenübergestellt.
A deep dive investigation into Siemens S7 PLCs bootloader and ADONIS Operating System. Siemens is a leading provider of industrial automation components for critical infrastructures, and their S7 PLC series is one of the most widely used PLCs in the industry. In recent years, Siemens integrated various security measures into their PLCs. This includes, among others, firmware integrity verification at boot time using a separate bootloader code. This code is baked in a separated SPI flash, and its firmware is not accessible via Siemens' website. In this talk, we present our investigation of the code running in the Siemens S7-1200 PLC bootloader and its security implications. Specifically, we will demonstrate that this bootloader, which to the best of our knowledge was running at least on Siemens S7-1200 PLCs since 2013, contains an undocumented "special access feature". This special access feature can be activated when the user sends a specific command via UART within the first half-second of the PLC booting. The special access feature provides functionalities such as limited read and writes to memory at boot time via the UART interface. We discovered that a combination of those protocol features could be exploited to execute arbitrary code in the PLC and dump the entire PLC memory using a cold-boot style attack. With that, this feature can be used to violate the existing security ecosystem established by Siemens. On a positive note, once discovered by the asset owner, this feature can also be used for good, e.g., as a forensic interface for Siemens PLCs. The talk will be accompanied by the demo of our findings.
We take a quick dive into the Highspeed Amateurradio Multimedia NETwork the wireless backbone of the European Amatuerradio Community. It’s uses mostly commercial hardware on it’s own frequencies beneath the 2,4 and 5 GHz wifi bands. The net is routed with it’s own ipv4 private network consisting of multiple 44.xxx.000.000/16 blocs. A short overview on what the Hamnet is and how it came to be. Not forgetting all the challenges of technical and legal kind that come with running and building the Net.
Did you ever want to know how hacking works? This beginners workshops gives an introduction into vulnerabilities, application pen testing and the security of web applications. Only if you know how hackers attack your application, you will be able to defend yourself. Nearly all companies use web applications nowadays. Any vulnerability in those applications may be an invitation for hackers to attack it. This workshop will give you insights on those things that you should never neglect when programming your application. From Techie to Techie! Requirements: programming experience & laptop needed, security knowledge is not necessary
16:15
Subtitles Angelmeeting This is the introduction meetings for subtitles angels.If you want to become a subtitles angel, you have to attend one of these meetings.At the end of the meeting, attendees will be confirmed as subtitles angels.Please have your nick in the angelsystem ready and select "Subtitles Angel" (necessary for the confirmation).
Frage-Antwort-Runde mit einem Insider
16:30
Ein kleiner Sprech- und Rhetorik-Kurs, primär für Frauen und nichtbinäre Personen. Der Workshop richtet sich an Frauen und Personen, die sich mit dem Label "Frau" konfrontiert sehen. Viele unserer Kommunikationsmuster sabotieren das, was wir eigentlich kommunizieren wollen. In diesem Workshop richten wir einen kurzen Blick auf das, was passiert, wenn wir etwas sagen wollen und was dabei günstig und ungünstig sein könnte. Piko beschäftigt sich beruflich mit Stimme und gibt Sprech- und Stimmtrainings. Für Fragen: @piko@chaos.social
video installation, 20 min, 2018, nonverbal Originally used in computer games and for special effects in blockbuster movies, ‘simulated life’, driven by algorithmic predictions, is increasingly influencing many facets of the real world. From urban planning to disaster evacuation plans, market forecasts and crowd control, algorithmically simulated scenarios produce real world policies and events. Using a variety of images including filmed footage as well as simulations of crowd control software, Transformation Scenario is a meditation on ‘simulated life’ and the increasingly blurred distinctions between real and virtual experiences. This video is part of a larger body of work by von Wedemeyer that engages with the psychology and aesthetics of the crowd.
Ewiges Wachstum - Wie endet der Kapitalismus? SYSTEM ERRORWie endet der Kapitalismus?Es ist verrückt: Wir sehen die schwindenden Regenwälder und Gletscher, wissen um die Endlichkeit der Natur und sind dennoch wie besessen vom Wirtschaftswachstum. Warum treiben wir das Wachstum immer weiter, obwohl wir wissen, dass man auf unserem endlichen Planeten nicht unendlich wachsen kann? SYSTEM ERROR sucht Antworten auf diesen großen Widerspruch unserer Zeit und macht begreifbar, warum trotzdem alles so weiter geht wie gehabt. Der Film zeigt die Welt aus der Perspektive von Menschen, die von den Möglichkeiten des Kapitalismus fasziniert sind. Ob europäische Finanzstrategen, amerikanische Hedgefondsmanager oder brasilianische Fleischproduzenten: Eine Welt ohne eine expandierende Wirtschaft können, dürfen oder wollen sie sich gar nicht erst vorstellen.SYSTEM ERROR beleuchtet bisher häufig verborgen gebliebene Zusammenhänge und legt die selbstzerstörerischen Zwänge des Systems offen - einem System, an dem wir alle teilhaben, als Beschäftigte, Anleger oder Konsumenten. Denn der Kapitalismus durchdringt unaufhörlich immer mehr Lebensbereiche, verschlingt die Natur und gräbt sich am Ende selbst das Wasser ab – so wie es Karl Marx schon vor 150 Jahren prophezeit hat. Die Frage ist: Sind wir tatsächlich bereit für den Kapitalismus alles zu opfern?
16:35
Live-Sendung vom 36c3 Live-Sendung vom 36c3
16:45
The Democratic People's Republic of Korea (North Korea) is a hot topic in the media. The peninsula is changing rapidly, but how is that reflected in life on the ground? What is it like to live in Pyongyang? Are the externally reported societal changes and developments in technology also visible in everyday life? This talk will describe modern urban life in Pyongyang, and the recent forces driving change. The talk will particularly focus on observations around the state of youth mindset towards change and technology. For example, what are the future elites' attitudes towards entrepreneurship in an officially communist country? What small signals of changing attitudes can we observe that might influence the opening of the county? Presenting the realities of this environment leads us to the demo of consumer technology, and presented that opportunities for both societal change and technological development might be broader than we often see. We will present this deep dive to North Korea from the perspective of two foreigners who have been spending months at a time in Pyongyang and have been studying it since 2012.
17:00
Look at ME! - Intel ME Investigation With Intel's Firmware Support Package (FSP) and the recent release of a [redistributable firmware binary](https://edk2.groups.io/g/devel/message/50920/eml) for the Management Engine, it has become possible to share full firmware images for modern x86 platforms and potentially audit the binaries. Yet, reverse engineering, decompilation and disassembly are still not permitted. However, thanks to previous research, we can have a closer look at the binary data and come to a few conclusions. This talk briefly summarizes the fundamentals of developing custom and open source firmware, followed by a quick guide through the process of analyzing the binaries without actually violating the terms to understand a few bits, and finally poses a statement on the political issues that researchers, repair technicians and software developers are facing.
36c3-Spezial mit Interviews vom Congress phyphox. Using smartphone sensors for experiments. Zu Gast: Dr. Sebastian Staacks, RWTH Aachen
Daily Meetup for A/V Angels Daily A/V Angel Meeting. More information can be obtained from our news in the angel system
find more Info at [[C3auti]]
QueerFeministGeeks - Meetup Meetup for everyone who identifies as queer and/or feminist and/or trans* or otherwise non-{white+male+straight+cis}. We will network with each other and exchange projects and ideas. This meetup is open to people of all genders, but please be mindful of how much space you are taking up and let those this meeting is intended for take priority. We try to be newbie- and introvert-friendly, so please do come even if you don't know anybody yet!
Vinyl Selecta of finest Soul and Jazz Tunes. Music lover // DJ // record collector // artist
The sumo robot fight for the technically ungifted Short presentation about the History and Rules for all that have not yet participated
Wie einfach es sein kann sich Gehör zu verschaffen, zeigten die Proteste um Artikel 13. Die Proteste um Artikel 13 hatten ein Zeichen gesetzt wie Menschen sich im politischen Diskurs einmischen können. Die Resonanz in Politik und Presse war erstaunlich. Ein Gespräch über politische Kommunikation und Handeln. Mit Qualini und Gerb
Introduction to decentral.community, and to the Critical Decentralisation Cluster at 36C3.
In this workshop we will introduce participants to Pocket Science Lab and collaborate with participants to conduct experiments with the project. Participants can use a mobile Android phone or a Linux desktop PC to connect to the device.
A presentation on how to make Mead [[File:Mead.jpg|thumb|right|Mead]][[File:Airlock.jpg|thumb|right|Airlock]]Mead is an alcoholic beverage created by fermenting honey with water, sometimes with added fruits or spices. The alcoholic content is normally similar to the one of wine. The defining characteristic of mead is that the majority of the beverage's fermentable sugar is derived from honey. It may be dry or sweet. The terms "mead" and "honey-wine" often are used synonymously.In the mead presentation, you will learn how to make your own mead by fermenting a mixture of honey and water, together with some tricks helping one avoid common mistakes. You will have the opportunity to taste some mead in the dry style. The presentation is designed for small scale fermenting, typically 10-40 liters.Please note that this events is offered on the 27th and the 28th.
Learn to Solder! A large variety of way cool kits are available, all designed for total beginners to complete successfully -- and intriguing enough for the total hardware geek.<br> <br> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area! Throughout all of 36C3.'''''</span><br> <span style="color:red">'''''Please come by any time to learn to solder!'''''</span> [[File:LearnToSolder.jpg|center|500px|Room full of happy hardware hackers at the Hardware Hacking Area at 30C3]]<br>'''What''': A place to get together to solder stuff!<br> Learn to Solder!<br> You can easily learn all of the skills you need in a short time.<br> Make a project, and take it home with you!<br> If you have your own project (advanced or simple),<br> bring it by, and if you would like help, you can get it!<br>'''When''':<span style="color:red"> '''''Any time!'''''</span> All day and all night -- Every day of 36C3<br> Most projects take about 1.5 to 2 hours<br> <span style="color:orange">'''''This ongoing workshop will be happening concurrently with lots of other way cool workshops at the Hardware Hacking Area!'''''</span><br> <span style="color:red">'''''Please come by any time to learn to solder!'''''</span><br> '''Where''': The '''Hardware Hacking Area''' -- West side of Exhibition Hall 2 -- [https://events.ccc.de/congress/2019/wiki/images/c/ce/HHA_map.png map]<br>'''Who''': You! All ages, all skill levels -- It is fun to make things in the<br> friendly community of the Hardware Hacking Area.<br> ''Come join us. Everyone is welcome.''<br>'''Cost''': Instruction is free! We ask that people pay only for the cost of<br> the parts used -- kit prices range from €10 to €30.<br> <span style="color:orange">''' -- No need to register -- just come on by,</span> <span style="color:red">any time!'''</span><br>Learn to solder! [[User:Maltman23|Mitch Altman]] and others will bring kits to make cool, practical, intriguing, hackable things that you can bring home after you make it. Of course, you can also bring your own projects to hack. And if you have anything to fix, bring it by!Plenty of cool kits are available to make, including:<br>* TV-B-Gone (turn off TVs in public places!)<br>* ArduTouch Music Synthesizer (make cool noise and music with this Arduino-comaptible kit!)<br>* Brain Machine (Meditate, Hallucinate, and Trip Out!)<br>* Trippy RGB Waves (interactive art blinky lights!)<br>* MiniPOV (write your message in the air!)<br>* MintyBoost (charge your USB enabled gadgets!)<br>* Hello My Name Is... badge (Geeky, blinky version of the sticker!)<br>* microcontroller programmers (program all your AVR family chips!)<br>* Arduino clones (make just about anything!)<br>* And many, more!<br>More info on these projects is available at:<br>[http://www.CornfieldElectronics.com Cornfield Electronics] (click on the "projects" tab)<br>[http://www.adafruit.com/ Adafruit]<br>[http://www.evilmadscientist.com/ Evil Mad Scientist]<br>[http://analogmachines.com Analog Machines]<br>Anyone can learn to solder! Even if you have never made anything in your life, you can learn this very useful and enjoyable skill. It really is fun! [[User:Maltman23|Mitch]] and has taught tens of thousands of people to solder all around the world, and he can teach you, too! Add yourself to the ever increasing community!<br><br><br>
A meetup for everyone interested in workers'-owned tech-coops or already involved in one. Just drop by!
17:15
Did you ever want to know how hacking works? This beginners workshops gives an introduction into vulnerabilities, application pen testing and the security of web applications. Only if you know how hackers attack your application, you will be able to defend yourself. Nearly all companies use web applications nowadays. Any vulnerability in those applications may be an invitation for hackers to attack it. This workshop will give you insights on those things that you should never neglect when programming your application. From Techie to Techie! Requirements: programming experience & laptop needed, security knowledge is not necessary
17:30
We present the next step after Rowhammer, a new software-based fault attack primitive: Plundervolt (CVE-2019-11157). Many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. We show that these privileged interfaces can be reliably exploited to undermine the system's security. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. Fault attacks pose a substantial threat to the security of our modern systems, allowing to break cryptographic algorithms or to obtain root privileges on a system. Fortunately, fault attacks have always required local physical access to the system. This changed with the Rowhammer attack (BlackHat USA 2015, CCC 2015), which for the first time enabled an attacker to mount a software-based fault attack. However, as countermeasures against Rowhammer are developed and deployed, fault attacks require local physical access again. In this CCC talk, we present the next step, a long-awaited alternative to Rowhammer, a second software-based fault attack primitive: Plundervolt. Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. In this talk, we show that these privileged interfaces can be reliably exploited to undermine the system's security. We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor's supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. We finally discuss why mitigating Plundervolt is not trivial, requiring trusted computing base recovery through microcode updates or hardware changes. We have responsibly disclosed our findings to Intel on June 7, 2019. Intel assigned CVE-2019-11157 to track this vulnerability and refer to mitigations. The scientific paper on Plundervolt will appear at the IEEE Security & Privacy Symposium 2020. The work is the result of a collaboration of Kit Murdock (The University of Birmingham, UK), David Oswald (The University of Birmingham, UK), Flavio D. Garcia (The University of Birmingham, UK), Jo Van Bulck (imec-DistriNet, KU Leuven, Belgium), Daniel Gruss (Graz University of Technology, Austria), and Frank Piessens (imec-DistriNet, KU Leuven, Belgium).
One apparent paradox of the digitisation of work is that while productivity in manufacturing is skyrocketing, productivity in caring professions (health, education) is actually declining - sparking a global wave of labour struggle. Existing economic paradigms blind us to understanding how economies have come to be organised. We meed an entirely new discipline, based on a different set of values.
In this talk Julian will outline his work as sysadmin, systems and security architect for the climate and environmental defense movement Extinction Rebellion. Responsible for 30 server deployments in 11 months, including a community hub spanning dozens of national teams (some of which operate in extremely hostile conditions), he will show why community-owned free and open source infrastructure is mission-critical for the growth, success and safety of global civil disobedience movements. An extension of an earlier talk at C-Base Berlin, Julian will give an overview of his own discoveries, platform choices, successes and mistakes meeting the needs of 5-figure at-risk server memberships, from geo-political and legal challenges, to arrest opsec and uptime resilience in the face of powerful adversaries driving attacks on infrastructure and seized activist devices spanning many countries before and during periods of mass civil disobedience. In particular the talk is a call for all sysadmins, opsec and infosec professionals and enthusiasts to rise up and join the fight for current and future generations of all life.
When climate activists say you should listen to the science they usually refer to reports by the Intergovernmental Panel on Climate Change (IPCC). The IPCC is an Intergovernmental organization (IGO) providing an objective summary of scienctific results regarding climate change, its impacts and its reasons. The simulation of future climate is one fundamental pillar within climate research. But what is behind it? How does the science sector look like? How do we gain these insights, what does it mean? This lecture aims at answering these questions. In particular, it provides an overview about some basic nomenclature for a better understanding of what climate modelling is about.<br> The following topics will be addressed: <ul> <li>Who does climate modelling?<br> Which institutes, infrastructures, universities, initiatives are behind it and which are the conferences climate scientists go to. What background do climate scientists have? </li> <li>What is the difference between climate projections and weather predictions? Why is it called a climate projection and not climate prediction? While climate scientists are not able to predict weather at a specific date in a decade, why does it still make sense to propose general trends under certain conditions? </li> <li>What is a climate model, what is an impact model and what is the difference between these? What are components and features of the different kind of models? Here, some examples will be shortly presented (e.g.atmosphere, ocean, land, sea ice). </li> <li>Quite a few models are open source and freely accessible. If there is time I will shortly show you how you could install an impact model (example mHM) on your local PC. How accessible is the data used for the projections for the IPCC reports?</li> <li>Overview over the used infrastructure (for example JUWELS, a supercomputer in Jülich), programming languages, software components </li> </ul>
Over the past 2 years we've been building delivery robots - at first thought to be autonomous. We slowly came to the realization that it's not something we could easily do; but only after a few accidents, fires and pr disasters. We've all seen the TV show Silicon Valley, but have you actually peered underneath the curtain to see what's happening? In this entertaining talk, Sasha will share his first hand experience at building (and failing) a robotics delivery startup in Berkeley. Over the course of 2.5 years this startup built hundreds of robots, delivered thousands of orders, and had one robot stolen. The talk will look over the insanity that's involved with building an ambitious startup around a crazy vision; sharing the ups and downs of the journey. It will also touch up lightly on the technology that drives it and the simplistic approach to AI/machine learning this company took.
The access to surveillance technology by governments and other powerful actors has increased in the last decade. Nowadays malicious software is one of the tools to-go when attempting to monitor and surveil victims. In contrast, the target of these attacks, typically journalists, lawyers, and other civil society workers, have very few resources at hand to identify an ongoing infection in their laptops and mobile devices. In this presentation we would like to introduce the Emergency VPN, a solution we developed at the Czech Technical University as part of the CivilSphere project. The Emergency VPN is designed to provide a free and high quality security assessment of the network traffic of a mobile device in order to early identify mobile threats that may jeopardize the security of an individual. The presentation will cover the design of the Emergency VPN as a free software project, the instructions of how a user can work with it, and some success cases where we could detect different infections on users. We expect attendees will leave this session with a more clear overview of what the threat landscape looks like, what are the options for users that suspect their phone is infected, and how the Emergency VPN can help in those cases. More information about the Emergency VPN can be found at CivilSphere's website: https://www.civilsphereproject.org
Manfred, Jan und Peter interviewen Gäste Ein 36c3-Spezial unseres bekannten Studiogesprächs.
Ich stelle am Beispiel von binären Zahlen vor, wie Montessorimaterial funktioniert. Ich stelle am Beispiel von binären Zahlen vor, wie Montessorimaterial funktioniert. Mit Dienesmaterial (das sind im Prinzip kleine Klötzchen, Stangen und Platten) rechne ich dezimale in binäre Zahlen um, erkläre Zahlensysteme im Allgemeinen, und kann auch binäre Zahlen z.B. multiplizieren oder dividieren.Wieso ist das interessant und wem nützt das? Mathematik polarisiert sehr. Entweder man kann Mathe (=klug) oder man kann es eben nicht (=dumm). Darüber wird viel Bewertung und Wissenshierarchie verbreitet. In folge dessen machen Menschen, die eher sozial und politisch interessiert sind oft einen großen Bogen um Mathe und Naturwissenschaften („kann ich eh nicht“) und viele mathematisch und naturwissenschaftlich versierte Menschen halten sich für klüger als den Rest und entziehen sich aber sozialen und gesellschaftlichen Fragen. Beides nicht gut. Und wir können uns diesen Graben in der Gesellschaft gerade heute nicht mehr leisten, wo wir vor großen Problemen wie z.B. Klimawandel stehen, die Lösungen auf sozialen, politischen, technischen und naturwissenschaftlichen Ebenen erfordern. Wir müssen also alles ins Boot holen und das fängt bei den Grundlagen an. Mir geht es darum, die Philosphie und den Ansatz von Montessori zu zeigen, und die Idee zu vermitteln, dass Mathe nicht unverständlich oder unanschaulich sein muss. Falls dich interessiert, worum es bei Montessori geht oder dich Mathematik überhaupt interessiert oder du ernsthafte Probleme mit Mathematik hast, bist du bei diesem Vortrag richtig.
Bondage and Safety lesson for beginner If you are interested in learning the first steps towards bondage / techniques for playful restraint, this workshop is for you. If you have never touched a piece of rope before, this workshop will give you the basics to get started. We will cover the following topics:* Risk-awareness and consent (intro). How to negotiate a bondage session and how to deal with risk.* Safety and materials. Many materials are suitable for bondage, and there are various cheap or free options. Each material comes with its own safety implications to be aware of. Of course, there is also material that is just ill-suited for most use cases. (aka. Why are furry handcuffs just horrible, what's a "good" piece of rope, and funny stories from mishaps)* Safety and anatomy. Humans are semi-stable objects. While some areas of the human body are pretty resistant to reasonable force (e.g., pressure from rope), others are not. We'll discuss where to be careful with rope, what can happen if things go wrong, and how to tie with safety in mind.* Practice: The square knot. We'll learn a simple, yet effective knot as a building block for all ties in this workshop* Practice: Single column tie. How to tie a rope to a single limb (hand, foot), with the possibility of tying the free side of the rope to objects* Practice: Double column tie. How to tie two limbs together (hands, feet)* Practice: Spaced double column tie. How to tie hands together, but with a rope-bar in between* Practice: Rope organization. How to coil up rope for storage to not end up in a mess the next time you take it back out* Practice: Bonus tie. We'll see. This is a placeholder for leftover time.The workshop is divided into two parts. After the theory parts, we will demonstrate the ties and give you the chance to practice. Each tie is demonstrated and explained in front, afterwards you can give it a try. We have a team of people around to answer questions and help you out if you need assistance. This workshop is designed specifically for beginners, so there are no "stupid" questions. We all started out at some point, and asked the same or similar things back then. The team also has safety scissors at hand ;)You do not necessarily need to bring a partner. Before the practice session, you will have the chance to pair up for practice. While it's always up to you with whom (or even if at all) you want to practice, the experience from the past years has shown us that it somehow always worked out for people to find someone to practice with.While this workshop mostly focuses on rope and rope bondage, we'll also talk about other materials (proper vs. crappy handcuffs, etc.) in the seminar-style theory part.If you have own rope, please do bring it along. We will have some rope you can borrow on a first-come-first-serve basis. Still, the more we have, the better. In case you are unsure whether the rope you have is suitable or not, just bring it along and ask. If you have any further questions you would like to ask us beforehand, feel free to drop by the KinkyGeeks assembly.This workshop is western-style bondage. We want to make bondage accessible to humans of all sizes, shapes, and weights. We therefore place fun and safety above faithfulness to traditional Shibari in this workshop. We'll talk about why a tie works and get the principles right (e.g. the basics of preventing self-tightening ties), rather than minimize or prettify a tie.'''Important:''' In the previous years, we regularly had way too many people trying to get in (rooms are objects of finite size), with waiting lines all across the hallway. This year, we want to avoid the crowd control issues that come with such scenarios. That's why you now need to pre-register for the workshop at https://ticket.kinkygeeks.de. Our website will give you a free ticket, which you need to provide at the workshop door to gain access.The small print: Participation in the practical parts is at your own risk. You must be at least 18 years old to participate in the practical part.
Wir setzen uns zusammen und planen die nächsten Tage
documentary, 70 min + Q&A, 2019, english language The documentary takes a look at hacking beyond the computer screens. In the place where technology and activists meet. Where the need to circumvent state surveillance and surveillance capitalism is grave. Where people see an unfair system in society and find a way to hack it. This is the true hacker habitat. In direct opposition to banks, corporations and entrepreneurs using the words 'hack/hackathon', the film aims to fill the words with the subversive and anarchist tradition they have. In a chapter form, this film shows hacker projects and system hacking from Japan, Cuba, occupied Western Sahara, Belgium and Sweden. The chapters are mixed with parts where hackers talk about the ethics behind what they do and the film mirrors the ideas with texts based on Emma Goldman's writings. Filmed in the 2010s it gives an incite to a global political hacker movement. After the preview screening we would love to hear your comments! We are still in the face where we will edit the final version. People from the film and the production group will talk more about the process and answer questions. The final version of the documentary will be released during the spring of 2020. http://www.hackitat.com/ http://rafilm.se/
RIAT is an NGO and institute for research, development, communication and education in the fields of cryptography, privacy technologies and the future of decentralisation.
Digitale Freiheit Kick-Off Treffen Kick-Off Treffen aller Mitglieder der Digitalen Freiheit; Verteilen von Cluster-schichten und Stimmungszündung.
Learn how to solder and play the Bill Badge game! We created a multiplayer, team based game so anyone with a working Bill Badge can play it! The Badge only uses through-hole components making it fast and easy to solder. The first time your badge is turned on, you'll be assigned a random team (the led color will indicate your team). Your team will change whenever you're targeted by enemy badges. Target other badges and press the button to convert them to your team.Get as many players as you can on your team while avoiding being captured by enemy teams!
Surface mount electronics for terrified beginners. Learn to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. 120mins, 20€/kit, avoid caffeine immediately before. Max 20 participants per session, there is a PAPER!!1! signup list in the hardware hacking area. [[File:Catsplash.png|800px]]Takes about two hours. Basic workshop. No prior knowledge needed. Materials cost 20€ per kit.We are going to build an electronic kitten using tiny SMD parts. It will purr when you touch it right and hiss when you touch it wrong. It's going to work.For people afraid of surface mount assembly/rework. You know those tiny little components in modern electronic devices? It's both possible and easy to assemble those by hand. You can do it, and I'll teach you how!Think you don't have the tools? Think you can't manually place 0402s? Everything is possible with patience and practice. The equipment is minimal and you probably already have it. We'll learn the answer to THERE'S A SHORT ON A TINY PART OMG WHAT NOW? After this, you'll no longer need to be scared of SMD. Avoid caffeine immediately before the workshop, because shaky hands are a disadvantage.The workshop kit costs 20€. Please SIGN UP ON THE PAPER LIST at the Hardware Hacking Area. PLEASE BE ON TIME!
17:45
17:50
Concepts, goals, implementations and the lessons learned from rewriting qaul.net decentralized messenger in rust. qaul.net is a Internet independent wifi mesh communication app with fully decentralized messaging, file sharing and voice chat. At the moment we are rewriting the entire application in rust, implementing our experience of 8 years off the grid peer2peer mesh communication, with a mobile first approach and a network agnostic routing protocoll wich can do synchronous as well as delay tolerant messaging. We are currently rewriting qaul.net 2.0 in rust with a new network agnostic routing protocol, identity based routing and delay tolerant messaging. The talk will show our learnings and the journey ahead of us at the alpha stage of the rewrite. * Homepage: https://qaul.net * Code Repository: https://git.open-communication.net/qaul/qaul.net
18:00
Firmware protection for Virtual Machines against buggy or malicious hypervisors is a rather new concept that is quickly gaining traction among the major CPU architectures; two years ago AMD introduced Secure Encrypted Virtualization (AMD SEV), and now IBM is introducing Protected Virtualization for the s390x architecture. This talk will present the motivations and the overall architecture of Protected Virtualization, the general challenges for Linux both as a guest and as a hypervisor with KVM and Qemu. The main challenges presented will be, among others: * secure VM startup * attestation * I/O * interrupts * Linux guest support * KVM and Qemu changes * swap and migration While the talk will have some technical content, it should be enjoyable for anyone who tinkers with KVM and virtualization. Knowledge of the s390x architecture is not required.
Find out what kind of free services Wikimedia provides for you. Wikimedia Cloud Services is a collection of services that the Wikimedia Foundation offers, free of charge, to anyone who can use them for furthering the goals of the Wikimedia movement. This includes Toolforge, a hosting service for tools written in various languages; Cloud VPS, full virtual private servers for advanced development beyond the capabilities of Toolforge; convenient access to Wikimedia project data; and more! Link and other useful information: https://www.wikidata.org/wiki/User:Lucas_Werkmeister/36c3-wmcs-intro
Come join us for a joyful session with some improvisational theater training activities and games! Topic: '10 ways of anything' • Improv theater is basically theater without a script, with characters and stories created in teamwork between the actors. • You do not need to know anything about improv to attend, and we will try to make everyone feel safe and welcome. Come join us for a joyful session with some improvisational theater training activities and games! Topic: '10 ways of anything' • Improv theater is basically theater without a script, with characters and stories created in teamwork between the actors. • You do not need to know anything about improv to attend, and we will try to make everyone feel safe and welcome. • Everyone can do this, you do not need to be particularly brave, spontaneous or creative :-) • There are several techniques and concepts one can learn, and improv skills can help in daily life too :-) Some skills that are important in improv: • accepting and building on others' ideas, • making your partner look good, • listening, • playfulness, and • being courageous.How the session will work: We will play various improv exercises and games, with some theory and reflection in between.Here is a summary of what we did: ○ Intro, reasoning behind workshop design ○ Shake hands and discuss (pairs) § Why did I come here? § What do I know about improv? ○ Woosh-Wop-Zap-Groovealicious ○ Word Ball (in pairs) ○ Flow of statues (in pairs) ○ "Superheroes I have a problem" (in groups of 4) § A) Multiple solutions, the person who gave the problem votes for the best solution § B) Scene painting, co-create solutions ○ Short break ○ Turn-by-turn (in pairs) § A) 6 steps in total, 3 per person (each step either a non-verbal move, emotional sound or sentence) § B) same but only non-verbal moves ○ Multiple ways of doing the same thing (in groups of 6) § One person proposes an activity (e.g. entering a cafe) § 2 from the group of 6 play a short scene with that activity, then 2 others play it again but in a different way, and the other 2 too § Repeat with different activitiesDebrief: reflection on and conclusions from workshop (in pairs)
find more Info at [[C3auti]]
In this session, the Awarenessteam will answer the following questions and more: What is the CCC Awarenessteam and how can it help me? What does it do and what does it not currently do? There will be room for your questions and for discussion. Note: This in NOT an introductory angel meeting! This session is aimed at all Congress participants who want to learn about the Awarenessteam.Members of the CCC Awarenessteam will give an introduction to the team, what work it does, how it does this work, and how it interacts with other teams and the overall Congress organizational structure.We will also answer your questions and there will be room for discussion.
Eine kleine Nerdmusique. Musique ist Liebe und Ausdruck meines erweiterten Selbst. Merci.
Gazelle Horn (Monis Rache/Eclectic)
Lebanon is experiencing a revolution, a system shift, from which the Western media remains largely silent. Entrepreneurs, particularly women are playing a critical role now when the society will be rebuilt. To support the much-needed creation of solutions to tackle corruption, inequality and the lack of democracy, a team of rebel academics and culture hackers, both men and women, have established a cross-country knowledge-sharing platform called WTSUP!. We will share experiences of doing culture hacking in Lebanon and hear what is the current entrepreneurial reality for women in Beirut via live stream. The talk is about stories from Beirut, related to WTSUP! platform, which is a volunteer-powered initiative that focuses on the education of women entrepreneurs via events and in the future via cross-country programs. How exactly? We will present, both live on stage and with a connection from Beirut with Priscilla Sharuk, issues related to building a community around equality, volunteerism, and transparency. The talk also covers the pilot event 2019, where the education consistent specific tech lectures, but also aspects such as sexual harassment and corruption. The initiative is research-driven, where the research aim is to study how empowering women through tech-driven entrepreneurship and leverage the societal status might affect on peacebuilding in the region. Finally, the presentation looks positively towards the future changes and to the forthcoming non-commercial event in Beirut, March 2020 that has a core focus on sustainability and content is aligned with UNs Sustainable Development Goals. In addition to giving training on entrepreneurship and resilience, there are also sidetracks on governance innovations. Content is participatory, the 2020 event is open for volunteers from Europe and Lebanon to suggest workshops or mentoring for local female talents. The long term aim is to bridge technology-driven communities between the Nordics, Germany and Lebanon, and in the future scale the initiative wider to the MENA region.
So what's this thing about conscious fashion? What does it actually mean? And why do we need fashion anyways?In this session I share thoughts on above questions and how we could hack the current fashion system if we shifted the mind set and get conscious...Part of the session is again an experiment for research that involves you. So what's this thing about conscious fashion? What does it actually mean? And why do we need fashion anyways? As part of my research I dive into New Materialism, Singularity, Phaenomology and in this session I share thoughts on above questions and how we could hack the current fashion system if we shifted the mind set and get conscious...Part of the session is again an experiment for research that involves you.
Das _Medienkollektiv Frankfurt_ stellt sich kurz vor und zeigt eine kleine Auswahl an Produktionen der letzten Monate. If required, we can also translate / speak in english. Our Videos and interviews are in german. Wir, das [Medienkollektiv Frankfurt](https://www.medienkollektivfrankfurt.net/), arbeiten ohne kommerzielles Interesse. Wir entscheiden frei von Markt- und Diskurszwängen, rein nach inhaltlichen Kriterien, was wir in welcher Weise abbilden wollen - und dies nicht isoliert und von außen, sondern solidarisch aus und mit den Bewegungen, über die wir berichten. In diesem Block stellen wir drei unterschiedliche Videos vor: Einen Trailer zum [Thema Klimastreik (30 Sekunden)](https://www.youtube.com/watch?v=yu0ypdR2JL8), einen [Demobericht zu Rojava (4 Minuten)](https://www.youtube.com/watch?v=M83c_VEvMXg) und eine [Kurzdoku (9 Minuten)](https://www.youtube.com/watch?v=kDDJBLQMYIY) über die Ende Gelände Aktion im Rheinischen Braunkohlerevier Ende Juni 2019. Anschliessend können wir uns über alternative Medienarbeit unterhalten. Wir teilen gerne unsere Erfahrungen und freuen uns über kritischen Austausch.
puppetry **There will be individual shows from 5 to 10 minutes for 1 spectator at a time of the following pieces:** BLODEUWEDD (Blod-day-weth) Experience the story of a mystical woman made of flowers, told for you alone with handmade miniature puppets. Part of an ancient legend from Wales, Blodeuwedd is a tale of identity, hardship and free will. With: Owain Griffiths, Hannah Morris --- Dideldum: We are full of memories. Memories of sounds, songs, voices, faces, events, smells and people. Memories pile up, branch out and yet they belong together. All these memories define us, define who we were and who we actually are. But what happens when forgetting threatens us, when our everyday life suddenly seems alien to us, when our minds flutter away and we cannot think clearly anymore? What remains of us? With: Eva-Maria Schneider www.eva-mariaschneider.de --- The Abyss: A small glimpse into an archive of fear and nightmares. Within their participative installations “Private Dreams & Public Nightmares” Jan Jedenak and Jonas Klinkenberg invite their audience to get in touch with different forms of fear and reflect on nightmares, their own fears and the fears within our society. During different experiments those things are documented. This Lambe, built by Jonas Klinkenberg, allows a glimpse into the archive of fear – with a small touch of Poe and Lovecraft and bits of an old radio feature. Open your eyes and dive into the depth of nightmares and get to know different perspectives on what scares us. Look into the abyss. With: Jonas Klinkenberg, Jan Jedenak --- Anasyrma Temple: Come, get rid of your sorrows, leave all your worries behind. Dive into the universe of Anasyrma Temple and be healed! With: Dana Sinaida Ersing
Presentation of the members and working goups of the Swiss Cryptoeconomics assembly. Presentation of the Swiss Cryptoeconomics assemby.
We present cool ideas and projects to each other Ähnlich wie bei den Lightningtalks auf den Hauptbühnen geht es darum, innerhalb von etwa 5min ein Thema, eine Idee oder ein Projekt zu präsentieren. Wir machen das in kleinerer, gemütlicherer Runde.Similar to the lightningtalks on the main stage this is an opportunity to present a topic of your choice in about 5min.
Hacking around Z-Wave smart home protocol Hacking around Z-Wave smart home gateway based on Raspberry Pi and making your own Z-Wave device based on Z-Uno.Please take with you* Your laptop with** Access to the internet** Arduino IDE installed** Z-Uno package installed in Arduino IDE (see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop - make sure to install 2.1.6 from repo http://z-uno.z-wave.me/files/z-uno/test-ucxx/package_z-wave.me_index.json)* Your Raspberry Pi 3/4 with Raspbian Stretch (optional)* Arduino compatible sensors to build your own Z-Wave sensor (optional)* Your Z-Wave stuff if any (optional)-----
A story on how I build a mushroom lab from zero to the first flush. For some years now i've been very fascinated of mushrooms - their diversity, features and importance. And with the release of Star Trek Discovery my interest has shifted from ”World Wide Web” to “Wood Wide Web”, so I started to build a small laboratory to further explore these amazing creatures.This talk will be a story on how I build that lab from zero to the first flush. What I needed, which tools i used, build and bought. What I learned, how i failed and why I do that at all. How everything ended and how I met other people who inspired me to open up the idea and form a vision for a open DIYBio Laboratory in Hamburg.
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
Reflow soldering of the TicTacLights Nano Colour kit Please come to BlinkenArea (Hall 3) and buy the TicTacLights Nano Colour kit at any time *before* the workshop. The number of participants is limited by the number of available kits, and to approx. 10 persons per day.For more information about the kit, see https://wiki.blinkenarea.org/index.php/TicTacLightsNanoColourEnglish
18:15
Namecoin is a blockchain (first project forked from Bitcoin) that implements a decentralized DNS and public key infrastructure, which is resistant to censorship, hijacking, and other tampering. This talk will explain the basics of how Namecoin works and what it can be used for.
18:30
In this talk we present re:claimID, a decentralized, self-sovereign identity management system. re:claimID allows users to reclaim authority over their identities and personal data. The system is built on top if a state-of-the-art, decentralized directory service: The GNU Name System. Built-in cryptographic mechanisms allow users to selectively disclose personal data and the directory service ensures that this data is accessible to authorized parties even if the user is offline. Through OpenID Connect, integration and use of re:claimID is straight-forward and authorization flows are familiar. In this talk, we present the current state of re:claimID as well as a future roadmap. Today, users are often required to share personal data, like email addresses, to use services on the web. As part of normal service operation, such as notifications or billing, services require access to -- ideally fresh and correct -- user data. Sharing attributes in the Web today is often done via centralized service providers to reduce data redundancy and to give services access to current, up-to-date information even if the user is currently offline. Abuse of this power is theoretically limited by local laws and regulations. But, the past has shown that even well-meaning identity providers struggle to keep user data safe as they become major targets for hackers and nation state actors while striving for monetizing anonymized statistics from these data. We advocate for a new, decentralized way for users to manage their identities for the following reasons: * The current state of omniscient identity providers is a significant threat to the users' privacy. * Users must completely trust the service provider with respect to protecting the integrity and confidentiality of their identity in their interest. * The service provider itself is facing substantial liability risks given the responsibility of securely managing potentially sensitive personal data of millions of users. We present re:claimID, a decentralized identity service with the following properties: * Self-sovereign: You manage your identities and attributes locally on your computer. No need to trust a third party service with your data. * Decentralized: You can share your identity attributes securely over a decentralized name system. This allows your friends to access your shared data without the need of a trusted third party. * Standard-compliant: You can use OpenID Connect to integrate reclaim in your web sites.
Open session to discuss interesting use cases of creative software misuse. Using the examples of Orca software and InfraNodus dataviz tool we will open up a discussion on the potential of creative (mis)use of software. We invite you to bring your own examples and to share with others how you applied an interesting methodology or approach somewhere where it should not have been applied and the results it produced. Hosted by Aerodynamika and NSDOS (aka Koo Des) who use these tools in their daily research and creative practice.
In this workshop we will produce tactics and materials to sensitize people for topics such as facial recognition and surveillance. DE:Im Kreativworkshop werden wir Ansätze und Materialien produzieren, um Menschen für Themen wie Überwachung und Gesichtserkennung zu sensibilieren.Wir arbeiten mit verschiedenen Kreativmethoden um innerhalb einer Stunde ersten Ideen und Materialien für Kampagnen zu entwickeln. Ergebnisse können sein: Sticker, Sprüche/Slogans, Bildideen, Poster, etc.ENG: In this workshop we will produce tactics and materials to sensitize people for topics such as facial recognition and surveillance.Within one hours we will work with different creative methods to make some ideas and materials for campaigns happen. Possible results could be: stickers, slogans, image ideas, poster, etc.
Vielfalt zu ermöglichen und gleichzeitig Gemeinsames zu entwickeln ist eine nie endende Aufgabe, welche sich der synthetische Anarchismus stellt. Dieser Input richtet sich an eine anarchistische Szene und Interessierte. In ihm stelle ich auf philosophische Weise Überlegungen zu dem Versuch an, pluralistische Organisation zu ermöglichen. Grundlagen dafür sind die Bereitschaft zur Reflexion und zu konstruktiven und solidarischen Auseinandersetzungen. Vielfalt zu ermöglichen und gleichzeitig Gemeinsames zu entwickeln ist eine nie endende Aufgabe, welche sich der synthetische Anarchismus stellt. Dieser Input richtet sich an eine anarchistische Szene und Interessierte. In ihm stelle ich auf philosophische Weise Überlegungen zu dem Versuch an, pluralistische Organisation zu ermöglichen. Grundlagen dafür sind die Bereitschaft zur Reflexion und zu konstruktiven und solidarischen Auseinandersetzungen.
In this interactive session we will introduce Open Hardware projects at FOSSASIA and share experience developing a project from the idea stage to market. Projects discussed include Pocket Science Lab, Neurolab, Badge Magic and more.
Grundlegendes zu Pixel vs Vektoren ür den Plotter Dies wird ein Workshop zum Erstellen von Vektorgrafiken (.svg) um den Schneidplotter c_neidi zu Füttern (workshop an Tag 2)Gerne Laptop mit installiertem Inkscape mitbringen (externe Maus macht die Sache einfacher als Touchpad)https://inkscape.org/de/release/inkscape-0.92.4/Gerne auch simple Motive mitbringen, die dann plott-fertig gemacht werden können.(am besten ein-zweifarbig bzw schwarz-weiss)
Die Rückseite deines Konsums WELCOME TO SODOM - DEIN SMARTPHONE IST SCHON HIERDer Dokumentarfilm „Welcome to Sodom“ lässt die Zuschauer hinter die Kulissen von Europas größter Müllhalde mitten in Afrika blicken und portraitiert die Verlierer der digitalen Revolution. Dabei stehen nicht die Mechanismen des illegalen Elektroschrotthandels im Vordergrund, sondern die Lebensumstände und Schicksale von Menschen, die am untersten Ende der globalen Wertschöpfungskette stehen. Die Müllhalde von Agbogbloshie wird höchstwahrscheinlich auch letzte Destination für die Tablets, Smartphones und Computer sein, die wir morgen kaufen!
18:35
Test with us our new alpha version of the qaul.net is an Internet independent wifi mesh communication app with fully decentralized messaging, file sharing and voice chat. At the moment we are rewriting the entire application in rust, implementing our experience of 8 years off the grid peer2peer mesh communication, with a mobile first approach and a network agnostic routing protocoll wich can do synchronous as well as delay tolerant messaging. In this workshop we will test the (pre-)alpha version together, install it, test the functionality and communicate off the grid. We will explore our new routing protocol and the wireless interconnection possibilities. * Homepage: https://qaul.net * Code Repository: https://git.open-communication.net/qaul/qaul.net
18:50
Der Europäische Menschenrechtsgerichtshof beschäftigt sich nun schon seit Jahren mit der Frage, ob die durch Edward Snowden öffentlich bekanntgewordene geheimdienstliche Massenüberwachung mit der Europäischen Menschenrechtskonvention kompatibel ist. Wie ist der Stand der Dinge? Dieses Jahr gab es zwei neuerliche Anhörungen in Straßburg, die sich mit der britischen und schwedischen Massenüberwachung durch die Geheimdienste auseinandersetzten. Im Vortrag werden die bisher gefällten Urteile und die neuen vorgetragenen Argumente beleuchtet. Insbesondere der britische Fall ist das erste Mal, dass der Gerichtshof nicht nur die Massenüberwachung an der Menschenrechtskonvention misst, sondern auch das Datenkarussell zwischen den Geheimdiensten, namentlich dem GCHQ und der NSA. Wegen der schon Mitte Januar vom Bundesverfassungsgericht anberaumten mündlichen Anhörung zum BND-Gesetz wird sich ein Teil des Vortrags auch mit der deutschen geheimdienstlichen Massenüberwachung beschäftigen. Der CCC hat eine Stellungnahme zur Ausland-Ausland-Fernmeldeaufklärung abgegeben, deren Inhalt kurz zusammengefasst wird. Offenlegung: Ich bin eine der Beschwerdeführerinnen in dem britischen Fall.
Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC. The Intel Management Engine, a secondary computer system embedded in modern chipsets, has long been considered a security risk because of its black-box nature and high privileges within the system. The last few years have seen increasing amounts of research into the ME and several vulnerabilities have been found. Although limited details were published about these vulnerabilities, reproducing exploits has been hard because of the limited information available on the platform. The ME firmware is the root of trust for the fTPM, Intel Boot Guard and several other platform security features, controlling it allows overriding manufacturer firmware signing, and allows implementing many background management features. I have spent most of past year reverse engineering the OS, hardware and links to the host (main CPU) system. This research has led me to create custom tools for manipulating firmware images, to write an emulator for running ME firmware modules under controlled circumstances and allowed me to replicate an unpublished exploit to gain code execution. In this talk I will share the knowledge I have gathered so far, document my methods and also explain how to go about a similar project. I also plan to discuss the possibility of an open source replacement firmware for the Management Engine. The information in this talk covers ME version 11.x, which is found in 6th and 7th generation chipsets (Skylake/Kabylake era), most of the hardware related information is also relevant for newer chipsets.
Once you start looking at electronic trash you see it everywhere: in laptops of course but also increasingly in cars, fridges, even inside the bodies of humans and other animals. The talk will look at how artists have been exploring the e-junk invasion. Régine Debatty is a curator, critic and founder of http://we-make-money-not-art.com/, a blog which has received numerous distinctions over the years, including two Webby awards and an honorary mention at the STARTS Prize, a competition launched by the European Commission to acknowledge "innovative projects at the interface of science, technology and art". Régine writes and lectures internationally about the way artists, hackers, and designers use science and technology as a medium for critical discussion. She also created A.I.L. (Artists in Laboratories), a weekly radio program about the connections between art and science for Resonance104.4fm in London (2012–14), is the co-author of the “sprint book” New Art/Science Affinities, published by Carnegie Mellon University (2011) and is currently co-writing a book about culture and artificial intelligence.
Making climate predictions is extremely difficult because climate models cannot simulate every cloud particle in the atmosphere and every wave in the ocean, and the model has no idea what humans will do in the future. I will discuss how we are using the Julia programming language and GPUs in our attempt to build a fast and user-friendly climate model, and improve the accuracy of climate predictions by learning the small-scale physics from observations. Climate models are usually written in Fortran for performance reasons at the expense of usability, but this makes it hard to hack and improve existing models. Bigger supercomputers can resolve smaller-scale physics and help improve accuracy but cannot resolve all the small-scale physics so we need to take a different approach to climate modeling. In this talk I will discuss why modeling the climate on a computer is so difficult, and how we are using the Julia programming language to develop a fast and user-friendly climate model that is flexible and easy to extend. I will also discuss how we can leverage GPUs to embed high-resolution simulations within a global climate model to resolve and learn the small-scale physics allowing us to simulate the climate more accurately, as the the laws of physics will not change even if the climate does.
There are countless post-quantum buzzwords to list: lattices, codes, multivariate polynomial systems, supersingular elliptic curve isogenies. We cannot possibly explain in one hour what each of those mean, but we will do our best to give the audience an idea about why elliptic curves and isogenies are awesome for building strong cryptosystems. It is the year 2019 and apparently quantum supremacy is finally upon us [1,2]. Surely, classical cryptography is broken? How are we going to protect our personal communication from eagerly snooping governments now? And more importantly, who will make sure my online banking stays secure? The obvious sarcasm aside, we should strive for secure post-quantum cryptography in case push comes to shove. Post-quantum cryptography is currently divided into several factions. On the one side there are the lattice- and code-based system loyalists. Other groups hope that multivariate polynomials will be the answer to all of our prayers. And finally, somewhere over there we have elliptic curve isogeny cryptography. Unfortunately, these fancy terms "supersingular", "elliptic curve", "isogeny" are bound to sound magical to the untrained ear. Our goal is to shed some light on this proposed type of post-quantum cryptography and bring basic understanding of these mythical isogenies to the masses. We will explain how elliptic curve isogenies work and how to build secure key exchange and signature algorithms from them. We aim for our explanations to be understandable by a broad audience without previous knowledge of the subject. [1] https://www.quantamagazine.org/john-preskill-explains-quantum-supremacy-20191002/ [2] https://www.nature.com/articles/d41586-019-02936-3
19:00
Christchurch, El Paso, Walter Lübcke, Halle – seit 2019 verbinden wir diese Orte und Namen mit rechtem Terror. Auf jeden Anschlag folgte auch in diesem Jahr eine öffentliche Debatte, in der rechter Terror meist als neues Phänomen erscheint. Je größer jedoch die Häufung der Anschläge, desto absurder erscheinen die Worte von „unvorstellbaren Einzelfällen“, begangen von „verrückten Einzeltätern“. Diese Erzählungen haben einen anderen Zweck, als rechten Terror die Grundlage zu entziehen. Sie sollen sagen: ‚Wir hätten es nicht wissen können, hätten nichts tun können und werden auch zukünftig nichts verhindern‘. Dabei ist das Gegenteil der Fall: Rechter Terror hat auch nach 1945 nie aufgehört und obwohl an jedem Fall etwas Spezielles ist, so gibt es doch Gemeinsamkeiten und Kontinuitätslinien. Rechtsterroristen und Rechtsterroristinnen wie etwa der NSU oder Anders Breivik kämpften immer mit den Mitteln der Zeit für die Umsetzung ihrer Ziele: Der Umsturz der Gesellschaft durch massive Gewalt, um ihre wahlweise autoritäre, heteronormative, völkische Vision einer Volksgemeinschaft verwirklichen zu können. Aus dieser Geschichte des rechten Terrors und den gesellschaftlichen Reaktionen darauf können wir lernen ihnen etwas entgegenzusetzen. Caro Keller von NSU-Watch wird anhand exemplarischer Fälle die wichtigen Kontinuitätslinien herausarbeiten. Vor diesem Hintergrund nimmt sie auch den aktuellen rechten Terror, Phänomene wie toxische Männlichkeit oder „Gamification of Terror“ in den Blick. Es wird aufgezeigt, ob und wie wir als Antifaschist*innen und Gesellschaft dieses Wissen gegen rechten Terror einsetzen können.
Du wolltest schon immer einen Passwortsafe nutzen? In diesem Workshop richten wir uns einen Passwortsafe ein! Du benutzt die drei gleichen Passwörter für alle deine Online-Accounts? Du weißt, dass das nicht sicher ist, hast bislang aber noch keine bessere Lösung gefunden?In diesem Workshop lernen wir den OpenSource-Passwordsafe [https://www.bitwarden.com Bitwarden] kennen, der sich auf dem PC (Windows, MacOS, Linux) sowie auf dem Smartphone (Android, iOS) nutzen lässt. Zunächst schauen wir uns an was ein Passwortsafe (auch: Passwordmanager) ist, wie er funktioniert und worauf man zu achten hat, anschließend gibt es Zeit und Anleitung sich einen Passwortsafe einzurichten. '''Vorkenntnisse''': Dieser Workshop erfordert keine IT-Vorkenntnisse und richtet sich an alle, die einen Passwortsafe nutzen wollen, sich aber nicht auskennen oder sich noch nicht überwinden konnten.'''Mitbringen''': Wer sich während des Workshops einen Passwortsafe einrichten möchte, der sollte Laptop und Smartphone (oder Tablet) mitbringen. Ebenso wäre es hilfreich, die für den Passwortsafe erforderlichen Apps und Plugins schon vorab zu installieren, sodass wir während des Workshops uns auf die Einrichtung konzentrieren können:* '''2-Faktor-Authentifizierungs-App''' ([https://www.golem.de/news/google-apple-und-mailaccounts-zwei-faktor-authentifizierung-richtig-nutzen-1612-124868.html Was ist das?]) für das Smartphone ** Für iPhone/iPad: [https://apps.apple.com/de/app/authenticator/id766157276 Authenticator] ** Für Android: [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=de Google Authenticator] oder [https://f-droid.org/en/packages/net.bierbaumer.otp_authenticator/ Authenticator (im FDroid-Store)]* '''Webbrowser-Plugin''' fürs Autotype, so werden deine Logindaten automatisch vom Passwordsafe ins Loginfeld des Browsers eingefügt. Installiere dir das Plugin für deine/n Lieblingsbrowser: [https://bitwarden.com/#download siehe Plugins auf bitwarden.com]* '''Bitwarden-Smartphone-App''' um mobil auf Passwörter zugreifen zu können** Für [https://itunes.apple.com/app/bitwarden-free-password-manager/id1137397744?mt=8 iPhone/iPad]** Für [https://play.google.com/store/apps/details?id=com.x8bit.bitwarden Android]'''Warum Bitwarden?''' Bitwarden bietet sich an, da er Open-Source ist, als sicher eingeschätzt wird, für fast alle Geräte und Betriebssysteme verfügbar und für Einsteiger einfach zu nutzen.Bei Fragen: Tjal [https://twitter.com/tuikc @tuikc auf Twitter] oder DECT 8524 oder Mail: edwg6g6rtwf@temp.mailbox.orgSlides: https://docdro.id/C9sx9cn
Linux-Distributionen gibt es wie Sand am Meer, warum also nicht noch eine mehr erstellen. In diesem Talk wird erklärt, wie man - von Einsteiger bis Fortgeschritten - eine eigene Linux-Dristro ertsellt und die Architektur betreibt. Der Schritt, eine eigene Linux-Distribution zu erstellen, mag groß erscheinen. Diese Barriere kann man schnell überwinden. Eine eigene Linux-Drstribution lässit sich für Anfänger auf Basis einer existierenden Distribution erstellen oder from Scratch. Beides wird in diesem Vortrag behandelt. Des weiteren werden wir darauf eingehen, wie sich die dazu notwendige Serverarchitektur auf betreiben lässt und wie sich das Bauen und Paketieren automatisieren lässt.
Reddit style Q&A, where you can ask all the questions you wanted to know about the life of a kernel programmer. Are you interested to know about a kernel devs work, how they got into kernel programming, where to find a job and to get into this field, what good resources there are for newbies, whether they got shouted at by Linus, etc..? Here is the right place where you can ask those questions.
Join our CHAOS BALLET session on Day1 and bring what you want to bring to add 2 (our) c36c3 chaos (dancing moves, technological devices, ideas, visions...). On Day 2 we will then have a 1hour "Chaos Ballett Show" from 4pm-5pm in "The Lounge". Here we will prepare for that. We* continue what has been started: https://events.ccc.de/camp/2019/wiki/Village:Chaos_Ballett_Bett_(Drahti_Trampolin) What happened since then: https://www.hkw.de/en/programm/projekte/veranstaltung/p_163517.php We will dance in Komona and in the Lounge @ c36c3. More infos to come soon. Until then: Keep on dancing. Chaos Ballet is about... ... ... we will be reading "quellcode"... ... we will be programming dance moves in "quellcode" ... we will dance (chaos ballet) to "quellcode" ... ... it's possible
Nullfolge des Podcasts zum saarlaendischen Metaspace. Das Ministerium fuer Landnerdschaft geht den naechsten konsequenten Schritt: Eine Metacommunity um die saarlaendische Nerdlandschaft. Hier sollen Termine koordiniert, Events publiziert, Bekanntschaften geschlossen und die Community als ganzes zusammengeschweisst werden. Begleitet wird dies durch einen Spin-Off der Landnerdschaft bzw. des Digital Survivor Podcast: den NERDraum! Podcast. In Folge 0 spricht holm mit Vertretern der saarlaendischen Gruppen ueber seine Idee, die saarlaendische Nerdkultur sowie vergangene und in Aussicht stehende Aktionen und Events.
This workshop is heavily hands on (and also shoulders, arms and so on) with some demonstrations and of course product tasting. The idea is to share knowledge about cider making. [[Image:800px-Pressage_garcons_en_action_faa102019.jpg|thumb|garçons in action]][[Image:800px-Pressage_nettoyage_faa102019.jpg|thumb|piscine de pommes]][[Image:800px-Moi_nuren_1600_faa05122019.jpg|thumb|feeding the rap]][[Image:800px-Pressage_pressoir_mout_faa102019.jpg|thumb|marc being pressed]][[Image:800px-Marc_pommes_1600_faa05122019.jpg|thumb|pressed marc de pommes]][[Image:800px-Cider_sample_testing_ferme_du_vastel_29012017.jpg|thumb|cidre density measurement]][[Image:800px-Soutirage_cubbi_ibc_1600_faa112019.jpg|thumb|soutirage/racking 10 hl IBC]][[Fhb_36c3|<<<Back to the main page>>>]][https://dudle.inf.tu-dresden.de/cidremaking36c3/ To secure spot on this workshop please sign in here.]This workshop is heavily hands on (and also shoulders, arms and so on) with some demonstrations and of course product tasting. The idea is to share as much knowledge about cider making which I got during my formation at [http://cfppa.le-robillard.fr/ le Robillard] and from my own brewing within this limited time as possible. It is suitable for people who are already doing cider and for the ones who are really interested. Not all of the things which I ([[User:Algoldor|Algoldor]]) plan to do with you are going to happen because of the biological and chemical limitations, like défécation for example. During the event you can count on tasting and crashing the different cider variety apples which I bring for you from France and this time with names attached. The focus will be on amère (bitters) and douce-amère (bitter-sweets) varieties which are out of France and UK. After crashing we will do pressing (first designated for cider) and after that rémiage (adding water to already pressed marc) to get second press which is traditionally fermented into less alcoholic petit cidre. We will do also measurement of density and will talk about how to do it properly. Alcohol test on pectin shouldn't also be a problem. If all goes well, but as said above who knows, we may be able to have chapeau brun or chapeau blanc so you can see it in real life and if so we can do proper separation by soutirage/racking. Soutirage will be done one way or other by gravity or pump on another batch or water. I plan to bring non-self priming pump so you will also learn how to use it. It may sounds simple but if you have never done it before and you for example buy it second hand like me, there are some "cliffhangers" which we can overcome in one session instead of getting "f" during season or two. If anyone can get hands on decent pH meter and microscope, than we could do also proper measurements and possibly counting of yeast cells but that really depends if we get this equipment or not, I do not have it at the moment. Of course part of the workshop will be small tasting of what we pressed, some young cider and some ciders, plus I'll try to get some specific defects - much harder to get hands on than good cider by the way. Well as you can see there is plenty to talk about and even more to do. It would be a good idea to bring some "non VIP cloths", you know what happens if you stand on the wrong end of the hose ...'''This workshop is donation based no one turned away for lack of funds'''. With limited amount of spots and because of the complexity any help from the ones who actually "have" would be appreciated. I do estimate the overall costs of the workshop around €200 and lets be honest I'm more or less "forgetting" all the time needed to make it happen. For me this is really a passion and something what I feel like I'm starting to have quite pretty good expertise in, it would be hard for you to get this info somewhere else quickly so I it makes sense to me to share it with you.[[category:36c3]]
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
It's a combination of acupressure and breathing techniques. How much pain do you carry? Can you imagine to make yourself perceptible? Can you imagine potential behind pain?
19:15
In diesem Talk werden erstmalig Ergebnisse einer Online-Studie mit 653 Podcastproduzierenden vorgestellt. Seitdem vor etwa 15 Jahren die ersten Podcasts im deutschsprachigen Raum produziert und veröffentlicht wurden, ist die Zahl podcastender Personen enorm gestiegen – ein Ende des Wachstums ist nicht abzusehen. Dennoch sind Podcaster_innen bisher kaum Gegenstand psychologischer Forschung geworden. Wie lassen sich deutschsprachige Podcastproduzierende charakterisieren? Was sind die zentralen Motive, die dazu führen, mit dem Podcasten zu beginnen? Gibt es Geschlechterunterschiede? Auf Basis einer Stichprobe von 653 Podcaster_innen sollen diese Fragen erstmals für den deutschsprachigen Raum beantwortet werden.
Replicant is a fully free Android distribution that is approved by the FSF. This short talk will briefly explain: why Replicant came into being; the freedom, privacy and security issues it has found in devices aimed to run Android; and the approaches that it follows to liberate such Android devices. Replicant is a fully free software Android distribution that puts emphasis on freedom, privacy and security. It is based on LineageOS and replaces or avoids every proprietary component of the system. Replicant is so far the only distribution for smartphones that is endorsed by the Free Software Foundation as meeting the Free System Distribution Guidelines. Starting out as a project that aimed to make the HTC Dream smartphone usable with only free software, it proved that running Android on these devices was much simpler and effective than porting GNU/Linux to them. The main reason behind that lies in the Android architecture: while in GNU/Linux the hardware abstraction is done in the Linux kernel, in Android it is done in hardware abstraction libraries. This enabled hardware manufacturers to break the kernel API, making it very difficult to run GNU/Linux properly on such devices. As the work progressed, the team took the opportunity to learn more about the hardware architecture of the smartphones they were supporting, as it has a big impact on freedom as well. In most early Android Android devices, the modem was in control of everything, with full access to RAM, sound card and GPS. Because of that, Replicant shifted focus to devices where the modem is isolated, and started documenting hardware freedom issues across different devices as well. Most of the heavy work to get new devices ported to Replicant revolved around creating free software replacements for nonfree userspace protocol implementations, such as the Radio Interface Layer (RIL) that communicates with the modem, or the NMEA protocol to talk with the GPS. With that work, one backdoor was found in the proprietary Samsung RIL implementation, which allowed the modem to read the contents of the filesystem. Although the project had fixed some of the freedom issues affecting smartphones and tablets, there was still one critical component missing to be able to run fully free software on the main CPU: the bootloader. Focus was then redirected to devices such as the GTA04 and the Optimus Black, that have an unlocked bootloader and were made to work with u-boot. Unfortunately these devices required a lot of work: the GTA04 had a kernel closely based on upstream Linux, but at the time it required too much time to convert it to use the Android power management models. For the Optimus black, the u-boot port took a huge amount of work as well, leaving no time to finish upstreaming the Linux support. Replicant, as well as it's upstream (LineageOS), inherit the Linux kernel that device manufacturers release thanks to the requirements of the GPL license. Unfortunately it is usually based on versions that are several years old and no longer maintained, riddled with bugs and security concerns. Also, such kernels usually come with dozens to hundreds of out-of-tree patches, required for essential peripherals such as modem, cameras or display. Maintaining and adapting such a kernel to new Android versions ourselves requires too much work. Because of that, we had to drop devices for versions where LineageOS decided to drop them. Taking this into consideration, and having learnt the lessons on how lack of proper kernel support can ditch a device, Replicant is now shifting focus to prepare devices to run a mainline kernel with full support for their peripherals. Replicant is also adopting mainline userspace such as Mesa. Furthermore it is also looking to support community oriented devices such as the Pinephone, that offer a better hardware platform for free software.
19:25
Orientalism is a concept that reveals how people categorize and discriminate against others by using seemingly positive or harmless attributions and images. In an interactive presentation, we will introduce Edward Said’s concept to the audience by examining selected Twitter and Instagram posts. #Orientalism #Postcolonialism #Othering #Racism #Sexism NGOs are doing it, the new film about PJ Harvey is doing it, most of us are doing it: using Orientalist narratives to describe the world around us. This happens consciously and more often unconsciously and perpetuates imperialistic perceptions about the (flexible) “Other”. Whenever we order an “exotic Asian salad”, bring back “those beautiful indigenous souvenirs” or by having an Orientalist gaze when travelling and taking picture only of the things that seem “exciting and characteristic”, we create an unequal image of “us” and “them”. As we can see from these examples, the concept of Orientalism is not limited geographically but uncovers seemingly positive and harmless but deeply discriminating narratives everywhere - one famous example being the discourses about East Germany from a West German perspective. In this presentation, we will explain the concept of Orientalism (Edward Said, 1978) by discussing written examples from Twitter and visual examples from Instagram to uncover the traps and temptations of Orientalism. #Orientalism #Postcolonialism #Othering #Racism #Sexism
19:30
Algorithms bear the image of their makers, and toil like their servants. Technology of any sort cannot be neutral, as it is embedded in a social matrix of why it was created and what work it performs. An algorithm, its context, and what it lacks should be understood as a political statement carrying great consequences, and as a society we should respond to each as needed, engaging the purveyors of these algorithms on a political level as well as legal and economic. Three algorithmic systems are revealed to embody various class interests. First, a population ecology modeled simply by a pair of predator-prey equations leads one to conclude that socialist revolution and compulsory leisure are the only routes to avoiding civilizational collapse. Second, a formula for labor supply reduces us to lazy drones who work as little as possible to support our choice of lifestyle. Finally, advertising on Wikipedia could yield a multi-billion-dollar fortune—shall we put it up for sale or double-down on radical equality among all people? (1) The [Human and Nature Dynamics](https://www.sciencedirect.com/science/article/pii/S0921800914000615) (HANDY) model is the first to pair environmental resource consumption with class conflict, each as a predator-prey cycle. In one cycle we overrun and out-eat the other species on Earth, who grow back slowly, and in the other cycle elites out-compete commoners in their consumption, to the point of even causing commoners to die of hunger. One can say that socialist revolution is embedded in a statement like this. Indeed, something must be done about the growing power of over-consuming elites before they doom us all. I will give a tour using this [interactive explorer](https://adamwight.github.io/handy-explorer/). (2) A second example is a run-of-the-mill, capitalist formula for labor supply, to explain our collective decision to go to work in the morning. Loosely, it is to`optimize(Consumption, hours worked)` for the constraint `Consumption ≤ wage x hours + entitlement`. In other words, this formula assumes we are lazy, greedy, individual agents, each motivated only by obtaining the greatest comfort for the least labor. The worker who internalizes this formula will fight for fewer hours of work and higher wages for themself, will find shortcuts to spend less money to increase purchasing power, and in this idealized world can be expected to vote in favor of social democratic minimum incomes. A company following this formula, on the other hand, will fight against all of these worker gains, and will act to depress government welfare or minimum incomes until workers are on the edge of starvation in order to squeeze longer hours out of them. What's missing from this formula is, all the ways out of the trap. Mutual aid and connections among ourselves to protect the most vulnerable individuals, pooling resources, and any other motivation to work besides mortal fear and hedonism.—One can easily imagine a radically different paradigm for work, in which labor is dignified and fulfilling. To understand this world in formulas, labor supply is measured in education levels, self-direction, and other positive feedback loops which raise productivity. (3) Wikipedia and its sister projects have never worn the shackles of paid advertising, although they sit on a potential fountain of revenue in the tens of billions of dollars per year—not to mention the value of the influence over public opinion that such a propaganda machine might achieve. `Revenue = Ads per visit x Visits` Analyzed venally, Wikipedia becomes an appealing portfolio acquisition, which would jeopardize the entire free-open movement. From a different perspective, that of an organizer in an editor’s association, slicing pageview and (non)-advertising data might allow for more effective resource-sharing among the many chapter organizations. In a third analysis using a flow of labor, power, and funds, we can see the Wikimedia Foundation as engaged in illegitimate expropriation, turning editors into sharecroppers and suppressing decentralized growth. These twists all come about through variations on an equation. Which shall we choose?
An introduction to Numerical Weather Prediction systems We give an introduction to the general functionality of numerical weather prediction systems, what is computed and how. In the hand-on part, we show how to run your own copy of WRF, a free NWP, and how to post-process and visualize the results. For people interested in installing and running WRF themselves, please have a look at the git repository for updated information on how to prepare your notebook prior to the session.
Das Treffen der "Hacker eG" (info: vebit.xyz) auf dem Congress. Willkommen!
Let's get to know each other and discuss c3blind's future! Get to know the other blind/visually impaired individuals at this year's Chaos Communication Congress.As it is c3blind's first year in existence, we would also like to discuss the future of the project/assembly/team and what we can do on future Chaos events to spread the word on blindness.
19:40
The c3lingo team meets twice a day. Join us to help us doing live interpretations of all talks. This meeting is used for the distribution of shifts for the Translation team.
The c3lingo team meets twice a day. Join us to help us doing live interpretations of all talks. This meeting is used for the distribution of shifts for the Translation team.
19:45
Introduction to Open Source Hardware (OSHW) including the Open Source Hardware Association (OSHWA), certified OSHW, and the Open Hardware Summit
20:00
Das Jugend hackt Community Treffen auf dem 36c3! :-) Ideal für alle Menschen aus dem Jugend hackt Kosmos und vor allem für Congress-Neulinge. Wir wollen mit euch am ersten Tag (27.12.19) ein kleines Jugend hackt Meet-Up um 20:00 Uhr im Esszimmer der Wikipaka WG machen. So wollen wir euch und uns einmal zusammen bringen, alle Fragen rund um den Congress und die Wikipaka WG besprechen, im Anschluss eine Runde über den Congress drehen und ein paar andere befreundete Assemblies und andere spannende Orte besuchen. Quasi der perfekte Einstieg! - Kommt rum, wir freuen uns auf euch!
Annual Refresher and Updates for the Heralds Annual Meeting of Heralds. We want to talk about whats new this year, what changed, give a couple of reminders and prepare our part of Congress.This year, we do not take new Heralds on board, our team is already complete.
Meetup for users and people interested in the Arch Linux project Arch Linux is a distribution created in 2002 that focuses on user centrality. It's a do-it-yourself distribution that provides a minimal base set of packages to let the user build on.The intentions of the meetup is to have a few short 20 minute talks, and then some community discussions. Members from Arch team will participate. Last year we had a completely packed room, and it doesn't look like it will be better this year :)If there is anything you want to do, feel free to email foxboron@archlinux.org
Introduction and Refresher for StageSupporter and StageManager
disco punk vs technocrust glittering queer anarcha lyrics in German, English and Russian. with lots of humor and irony, criticism and self-criticism … spoken, screamed and sung … accompanied and mixed to hard beats, distorted sounds and playful melodies. Danceable and with a big wink. punky and beautyful. dance, fight and glitterize!
Resident @multisex party in Ohm. From Berlin with Love. DJ Bosch aka Tobias is resident at Multisex party happening at Ohm/Berlin. The Multisex party promotes clarity on the dance floor along with diverse music. Depending on the booking, they create different dancing moods with classy tunes that craft a pure and effective house, disco and techno sound. Multisex is an attempt to encourage non-verbal communication on the dance floor. The goal is to get people together while dancing free. Besides that Tobias is doing the lights at the multisex partys and is a regular light operator at Berghain/Panoramabar in Berlin.
AFAR
how does 1komona work? what does work and what doesn't? in the long term, it would be ideal to distribute the work that has to be done to keep 1komona going on? how do we think we are organised and how are we really organised? where do ideals and reality clash? how can we communicate with ccc without centralizing individuals? how do we manage with the affinity groups? etc etc etc, please also collect points to discuss! and methods! we love methods so we don'T have to make plenum forever. *everyone who feels affiliated with 1komona, be it for the first or fourth time, is warmly invited to join*
A session, exchange, release, reflection on different ideas and the reality of decentralized organisation, recentralized responsibility and the metaphysics of Ideas and their work load. What happened when komona started to decentralize? Didn't it actually started decentralized and just grew bigger? How long does it take, what did help, what did go wrong. What do you have to share and adress, what have ppl to share that slided into centralized roles again? How could these roles be defined to help the goal of decentralized and transparent organisation that allows maximum spontaneity without overwhelimg single points of failure and ppl? Spontaneity is core and at the same its a mechanic of disabling others to prepare and think before doing, whether they would like to or not. So, how to go on. Starting with the collection of work that was done to establish a shared knowledge base: what was on the table for this years conoma? *If you want to make a good talk, you can't only think of what information you really want to talk about, you have to think of what information the people want/need to hear to get into the topic. Otherwise it wouldn't make sense, you can talk alone than.* (anonymous)
The anarchist organisational form of "affinity groups" has a long tradition. Since decades it is a basic tool in emancipatory grassroots movements. With a theatrical game we want to explore our roles in groups and reflect about group dynamics in horizontal organizations. It is requested to participate in the game whether you know the concept already or not. The anarchist organisational form of "affinity groups" has a long tradition. Since decades it is a basic tool in emancipatory grassroots movements. With a theatrical game we want to explore our roles in groups and reflect about group dynamics in horizontal organizations. It is requested to participate in the game whether you know the concept already or not.
videogame, flute, concert Friedrun and Gereon play songs from old and modern video games. If you enjoy the sound of the flute we look forward to seeing you. With a mix of some unforgotten classics and beautiful modern pieces we hope to satisfy a wide range of tastes.
Everyday at 20:00 at the Assembly of the Free Software Foundation Europe we invite you to sing together the Free Software song; We have the lyrics and a conductor. Simply come, bring your hacker buddies and your voice and maybe an instrument and we form an ad-hoc choir and sing out loud our love for Free Software! Sing-along sessions will happen everyday at 20:00.
Werewolf, the (roleplaying)(card)game We will play "Les Loups-Garous de Thiercelieux" (aka Werewolf).Newbies welcome, I'll explain the rules at the start of each session.
Mikroben. Mikroorganismen. Pilze die im Mensch leben. Mensch der in Pilzen lebt. Ineinander leben. Eins werden, mehrere sein. Bewusstsein im Körper. Materie als Bewusstsein. Unsichtbar. Verloren in unseren Begrenzungen. Einander auffressen. In Bruchstücke spalten. Sich gegenseitig zersetzen. Verbindungen reißen um gleich darauf neu zu zerfließen. Vermehren, sich verdichten, verschmelzen um sich dann explosionsartig zu entfalten und die Grenzen zerbersten, die Hüllen zerplatzen. Mikroben. Mikroorganismen. Pilze die im Mensch leben. Mensch der in Pilzen lebt. Ineinander leben. Eins werden, mehrere sein. Bewusstsein im Körper. Materie als Bewusstsein. Unsichtbar. Verloren in unseren Begrenzungen. Einander auffressen. In Bruchstücke spalten. Sich gegenseitig zersetzen. Verbindungen reißen um gleich darauf neu zu zerfließen. Vermehren, sich verdichten, verschmelzen um sich dann explosionsartig zu entfalten und die Grenzen zerbersten, die Hüllen zerplatzen.
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
Fomu, the FPGA in your USB Port [[File:Fomu.png|300px|right|Fomu Logo]]<br><br><span style="font-size: 30px; font-style: bold;">People who signed up get chairs!</span><br><br><span style="font-size: 40px; font-style: bold;"><h1>Fomu workshop!</h1></span><span style="font-size: 30px; font-style: bold;">Current --> https://workshop.fomu.im/</span><br><br><span style="font-size: 30px; font-style: bold;">Previous Version --> https://workshop-old.fomu.im/</span><br><br><span style="font-size: 30px; font-style: bold;">Please sit in the <b>Mammoth Space - (has Pink Lights)</b></span><br><br><ol> <li><span style="font-size: 20px;">Workshop is <span style="font-color: red;"><b>self</b></span> directed.</span></li> <li><span style="font-size: 20px;">Go to https://workshop.fomu.im or https://fomu-workshop.rtfd.io/</span></li> <li><span style="font-size: 20px;">Complete set up</span></li> <li><span style="font-size: 20px;">Get hardware from Mithro</span></li> <li><span style="font-size: 20px;">Continue workshop</span></li> <li><span style="font-size: 20px;">Raise your hand if you get stuck!</span></li></ol><br><br><span style="font-size: 30px;">Help: <b>irc.freenode.net #tomu</b> -- <b>https://groups.google.com/forum/#!forum/tomu-discuss/join</b></span><br><br><br><br><br><br><br><br><br><span style="font-size: 40px; font-style: bold;"><h1>Hardware Pickup</h1></span><br><br><span style="font-size: 30px; text-align:center; ">[https://workshop.fomu.im Complete the setup], get a [https://fomu.im/ free Fomu board]</span><br><br>{| style="color: green; background-color:#ffffcc; width: 100%; text-align:center; border-color: black; font-size: 14px;" cellpadding="10" cellspacing="0" border="1"! Task !! Where! Times - Day 2 !! Times - Day 3 !! Times - Day 4|- style="background-color:#ffffcc"|- style="background-color:#ccffff"! scope="row" | <b>Hardware Pickup</b> || Pickup is at Tor Gate 2.3 at end of tables in near signup sheets| 12:00 -> 12:30 (12:00noon -> 12:30pm)<br>17:00 -> 17:30 (5:00pm -> 5:30pm)<br>22:30 -> 23:00 (10:30pm->11:00pm) || <b>No</b> noon pickup<br>17:00 -> 17:30 (5:00pm -> 5:30pm)<br>22:30 -> 23:00 (10:30pm->11:00pm) || -|- style="background-color:#ffccff"! scope="row" | <b>Session with helpers!</b> || Session will be in Mammoth Space @ [[Assembly:Hardware Hacking Area|Hardware Hacking Area!]]<br><b>Sign up to attend!</b>| 23:00 -> to late (11:00pm->to late) || 23:00 -> to late (11:00pm->to late) || -|}<br><br><span style="font-size: 40px; font-style: bold;"><h1>Sessions</h1></span><br><br>All sessions are the same!<br><br>This workshop will be given multiple times (all sessions are <b>identical</b>). [https://workshop.fomu.im The workshop] is self guided with helpers for when you get stuck. <b>Please sign up on the paper at the [[Assembly:Hardware Hacking Area|Hardware Hacking Area!]]</b><br><br>Come get an FPGA dev board in your USB port and start hacking! Getting the toolchain set up and working will earn you a free Fomu from [[User:Mithro|Tim 'mithro' Ansell]] (while stocks last).<br><br>''(This is one of many cool things happening throughout 36C3 in the huge '''[[Assembly:Hardware Hacking Area|Hardware Hacking Area!]]''')''<br><br>Hardware Hacking Area - Mammoth Space - Pink Lights<br><br>
Latest news, open discussions and meet-and-greet. Since ex-Teppich, interest of having a Hacker- and Makerspace in Erlangen has sparked from many groups. We will report on current developments, but mostly want to get the hacker side of people together and exchange ideas and discuss possible implementations.Feel free to join! Stay tuned and subscribe to oeffentlich@erlangen.ccc.de for more information on this endeavour.
Kreislaufwirtschaft ist eine Idee fuer eine nachhaltige Zukunft, die bei der Gestaltung unserer Produkte und unseres Konsums ansetzt. Worum geht es da genau und wie kann ich als Hacker*in oder Aktivist*in damit spielen, diese Idee nutzen und mit voranbringen? BIOLars Zimmermann (Mifactori.De) ist Kuenstler, Designer und Aktivist mit einem Schwerpunkt auf Open Source Hardware & Open Design fuer nachhaltige Kreislaufwirtschaft und Kreislaufstaedte.
20:10
20:15
Captain Sonar Wir spielen das Spiel Captain Sonar.Bitte über https://www.schokoladensouffle.eu/captainsonar/ anmelden, maximal acht Teilnehmer, FCFSWir spielen bei der Gaderobe im Pseudoroom (CCL Gebäude ganz unten)DECT 3060 bei Rückfragenmehr Infos zum Spiel: https://de.wikipedia.org/wiki/Captain_Sonar
Mitarbeiter der Datenschutz-Aufsichtsbehörden stehen Rede und Antwort Eine offene Beratungs-Sprechstunde für alle Eure Fragen rund um Datenschutz und die Datenschutz-Grundverordnung (DS-GVO) u.a. mit Alvar Freude, Referent beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg.Bringt Eure Themen und Fragen mit. Ihr findet uns in der Sofa-Ecke beim Digitalcourage-Stand (L1, Messehalle 2, Ebene 0).Die Datenschutzaufsichtsbehörden sind in ihrem jeweiligen Bereich zuständig für die Beratung zur bzw. Durchsetzung der DSGVO.
20:30
Der Einmischen Podcast ist für ein paar Rant und sich eher Aufregen bekannt unser Politiklehrer Thomas ist da eher der zynische Pol der Podcastszene. Beide versuchen in dem kleinen Jahresrückblick mal die Aufreger auf ein Minimum zu senken. Unterhaltung garantiert. Der Einmischen Podcast ist für ein paar Rant und sich eher Aufregen bekannt unser Politiklehrer Thomas ist da eher der zynische Pol der Podcastszene. Beide versuchen in dem kleinen Jahresrückblick mal die Aufreger auf ein Minimum zu senken. Unterhaltung garantiert.
Akronymisierbar Jahres/CongressRückblick, diesmal wieder live mit Kilian und Hendrik und Freundinnen und Gästinnen des Podcasts. Akronymisierbar ist das gemeinsame Projekt von Kilian und Hendrik die sich abwechselnd über nerdextremistische Themen unterhalten und Freunde aus der erweiterten Dresdner Softwareszene interviewen.
A deep-dive summary of the technical, economic, and social aspects of fiat, Bitcoin, and Monero from 2008 to the present day. In keeping with 36C3 CDC's theme of "Respect My Privacy," this talk will emphasize features of cryptocurrencies and asset protection structures that are important to those early adopters who value their privacy.
Taste a variety of franconian beers Hey guys, I‘m out of stock - 6 trays empty ;-)Please enjoy [[Session:Beer tasting|Beer tasting @foodhacking base]] on day 2 starting at 10 p.m.
20:50
The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from front liners to middle class supporters and left wing activists reveal a movement that has been unfairly simplified in international reporting. The groundbreaking reality is less visible because it must be - obfuscation and anonymity are key security measures in the face of jail sentences up to ten years. Instead of the big political picture, this talk uses interviews with a range of activists to help people understand the practicalities of situation on the ground and how it relates to Hongkong's political situation. It also provides detailed insights into protestors' organisation, tactics and technologies way beyond the current state of reporting. Ultimately, it is the story of how and why Hongkongers have been able to sustain their movement for months, even faced with an overwhelming enemy like China. This is the story of how and why Hongkongers have been able to sustain their movement so long, even faced with an overwhelming enemy like China. The protestors have developed a range of tactics that have helped them minimise capture and arrests and helped keep the pressure up for five months: They include enforcing and maintaining anonymity, both in person and online, rapid dissemination of information with the help of the rest of the population, a policy of radical unanimity to maintain unity in the face of an overwhelming enemy and Hongkongers’ famous “be water” techniques, through which many of them escaped arrest.
VMware ESXi is an enterprise-class, bare-metal hypervisor developed by VMware for deploying and serving virtual computers. As the hypervisor of VMware vSphere, which is the world's most prevailing, state-of-the-art private-cloud software, ESXi plays a core role in the enterprise's cloud infrastructure. Bugs in ESXi could violate the security boundary between guest and host, resulting in virtual machine escape. While a few previous attempts to escape virtual machines have targeted on VMware workstation, there has been no public VMware ESXi escape until our successful demonstration at GeekPwn 2018. This is mainly due to the sandbox mechanism that ESXi has adopted, using its customized filesystem and kernel. In this talk, we will share our study on those security enhancements in ESXi, and describe how we discover and chain multiple bugs to break out of the sandboxed guest machine. During the presentation, we will first share the fundamentals of ESXi hypervisor and some of its special features, including its own customized bootloader, kernel, filesystem, virtual devices and so on. Next, we will demonstrate the attack surfaces in its current implementations and how to uncover security vulnerabilities related to virtual machine escape. In particular, we will anatomize the bugs leveraged in our escape chain, CVE-2018-6981 and CVE-2018-6982, and give an exhaustive delineation about some reliable techniques to manipulate the heap for exploitation, triggering arbitrary code execution in the host context. Meanwhile, due to the existence of sandbox mechanism in ESXi, code execution is not enough to pop a shell. Therefore, we will underline the design of the sandbox and explain how it is adopted to restrict permissions. We will also give an in-depth analysis of the approaches leveraged to circumvent the sandbox in our escape chain. Finally, we will provide a demonstration of a full chain escape on ESXi 6.7.
Die sogenannten digitalen Assistenzsysteme des BAMF, „intelligente Grenzen“ in der EU und immer größer werdende Datenbanken: Wer ins Land kommt und bleiben darf, wird immer mehr von IT-Systemen bestimmt. Davon profitiert die Überwachungsindustrie, während Menschen von automatisierten Entscheidungen abhängig werden. Deutschland hat in den letzten Jahren massiv in Technik investiert, um Asylverfahren zu digitalisieren. Biometrische Bilder mit Datenbanken abgleichen, Handys ausgelesen und analysieren, Sprache durch automatische Erkennungssysteme schleifen. Ganz abgesehen von der Blockchain, die alles noch besser machen soll. Doch nicht nur in Deutschland werden zum Zweck der Migrationskontrollen immer mehr Daten genutzt. In Norwegen werden Facebook-Profile Geflüchteter ausgewertet, in Dänemark sogar USB-Armbänder. Die Grenzagentur Frontex soll für „intelligente Grenzen“ sorgen, Datenbanken werden EU-weit ausgebaut und zusammengelegt. Rechtschutzmechanismen versagen größtenteils. Worum es dabei geht? Schnellere Abschiebungen. Wer davon profitiert? Die Überwachungsindustrie. In Vorbereitung von Klageverfahren bringt die Gesellschaft für Freiheitsrechte e.V. (GFF) gemeinsam mit der Journalistin Anna Biselli im Laufe des Dezembers eine Studie heraus, die sich diesem Thema genauer widmet. Die Ergebnisse der Studie wollen Lea Beckmann und Anna Biselli gemeinsam vorstellen und kontextualisieren. Anna Biselli ist Informatikerin und Journalistin und arbeitet seit Jahren zu Fragen der Digitalisierung von Migrationskontrolle. Lea Beckmann ist Juristin und Verfahrenskoordinatorin der Gesellschaft für Freiheitsrechte e.V. (GFF). Die GFF ist eine NGO, die durch strategische Gerichtsverfahren Grund- und Menschenrechte stärkt und zivilgesellschaftliche Partnerorganisationen rechtlich unterstützt. In vielen ihrer Verfahren setzt sich die GFF dabei für Datenschutz und einen verantwortungsvollen Einsatz von Technologie und gegen Diskriminierung ein.
This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle. The climate crisis is already existing and it is going to become worse. Looking at the pure facts of the changing climate, the acidication of the oceans, the slowly but steady rising of the sea level and the strengthening earth response effects, which make thing worse, it is hard to stay optimistic on the development of human kind on this planet. This lead to the largest social movement in Germany since the second world war fighting for a limitation of climate change to a maximum average temperature increase of 1.5°C. On the other hand, this movement is often disputed. Since the necessary changes are not liked by everyone, the engagement of especially students was attacked also by politicians – even declaring that they should leave such issues to the professionals. At this point scientist for future joined together to support the demands of the students and declare, „they are right“. This support is urgently needed. People have many open questions. The necessary changes are involving all societies in the world. In Germany, one of the most disputed topics is the field of energy, its generation, distribution and use. Is it actually possible to go for 100% renewable energies? What would this lead to? These are typical questions – which are not easy to answer. Other typical questions are more fundamental, since climate sceptics are increasing in their relevance and their social media outreach. Thus a lot of people encouter questions, they cannot answer. This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle.
(en) We make Standard Cells for LibreSilicon available, which are open source and feasible. And we like to talk and demonstrate what we are doing. (de) Wir machen Standardzellen für LibreSilicon verfügbar, welche Open Source und nutzbar sind. Wir möchten darüber sprechen und vorführen, was wir tun. (en) LibreSilicon develops a free and open source technology to fabricate chips in silicon and provides all information to use them - or technical spoken - a Process Design Kit (PDK). On one abstraction level higher, user always using with their design compile tools a Standard Cell Library (StdCellLib) with basic blocks like logic gates, latches, flipflops, rams, and even pad cells. From a programmers point of view, as a PDK is comparable to a language like C, the Standard Cell Library becomes comparable to libc. All commercial available Standard Cell Libraries containing a small subset of all useful cells only, limited just by the manpower of the vendor. They are hand-crafted and error-prone. Unfortunately Standard Cell Libraries are also commercial exploited with Non-disclosure agreement (NDAs) and heavily depend on the underlying PDKs. Our aim is to become the first free and open source Standard Cell Library available. The lecture shows, how far we are gone, with makefile controlled press-button solution which generates a substantial number of Standard Cells by automated processing and respecting the dependencies in the generated outputs. (de) LibreSilicon entwickelt eine freie und offene Technologie um Siliziumchips herstellen zu können. Dies umfasst alle notwendigen Informationen dies zu tun, oder technisch gesagt, ein Process Design Kit (PDK - engl: Prozessbauskasten). Die Anwender nutzen überwiegend auf einer Abstraktionsebene höher mit ihren Design Compiler meist jedoch die Standardzellenbibliothek (StdCellLib) mit Basisblöcken wie Logikgattern, Latches, FlipFlops, Speicherzellen oder auch Padzellen. Aus Sicht eines Programmierers wäre das PDK vergleichbar einer Sprachdefinition wie C, die darauf aufsetzende Standardzellbibliothek (StdCellLib) dann vergleichbar mit der libc. Nun enthalten alle nur kommerziell verfügbaren Standardzellenbibliotheken lediglich eine kleine Teilmenge aller nützlichen Zellen, limitiert durch die Arbeitskräfte beim Hersteller. Sie sind handgemacht und fehlerträchtig. Unglücklicherweise sind die kommerziellen Standardzellbibliotheken stark vom PDK abhängig und mit Geheimhaltungsvereinbarungen gepflastert. Unser Ziel ist es, die erste freie und offene Standardzellbibliothek zu werden. Dieser Talk zeigt, wie weit wir bereits gekommen sind, mit Hilfe der Makefile-gesteuerten Lösung eine beachtliche Anzahl an Standardzellen und deren Ausgabeformate als Abhängigkeiten automatisiert zu generieren.
Eine kurze Erzählung von den Anfängen der Protestbewegung bis heute und darüber hinaus. Wenn eine spontan gebildete Menge an Menschen beginnt die Werkzeuge der Demokratie zu nutzen ist das vorläufige Ergebnis eine der größten Petitionen weltweit und über 200.000 kreativ Protestierende auf den Straßen Europas. War es das schon oder kommt da noch etwas? Welche Auswirkungen haben demokratische Werkzeuge wie Petitionen und Demonstrationen? Kann man die nächsten Proteste voraussehen oder wie entstehen Wellen der Aufmerksamkeit? Hat sich eine neue Empörung zum ersten oder zum letzen Mal aufgetan? Von vernetzen Livestreams während der Proteste bis zu Community Aktionen wie Meme-Events und Briefraids.
Ein Haus das zwanzig Jahre lang leer steht, eine gravierende Wohnungsnot und ein paar Aktivisti reichen um Leerstand zu beenden. Im Juli wurde die Gartenstraße 7 in Tübingen Leerstand besetzt und ist es bis heute. Der Talk soll davon handeln, warum es zu einer solchen Besetzung kommt, wie so etwas im Alltag aussieht, wie die Besetzung sich von anderen unterscheidet und wie die Zukunft aussehen wird. In Tübingen herrscht wie in vielen anderen Städten Wohnungsnot. Das Problem wird insbesondere durch Leerstand und einen eklatanten Mangel an sozialem Wohungsbau verschärft. Es gibt verschiedene Gesetzte, Verordnungen und Handlunkgsmöglichkeiten die der Kommune helfen dem Problem zu begegnen. Trotz aller Bemühungen der Stadt stehen Gebäude wie die Gartenstraße 7 *20 Jahre* lang leer. Die Besetzung durch Aktivisti im Juli hat diesen Leerstand beendet. Seitdem leben in diesem Haus Menschen, es ist ein täglich geöffnetes Cafè eingerichtet, es finden Konzerte, Lesungen und Workshops statt. Ich würde gerne zeigen wie es zur Schaffung dieses Freiraums kam, wie der Alltag und aber auch die Zukunft des Projekts aussieht. Große Rolle wird dabei die "Tübinger Linie" spielen - eine Position der Stadt die Verhandlungen einer Räumung vorzieht.
21:00
"Eine Regierung hat auch die Pflicht uns vor zukünftigen Regimen zu schützen." Anhand der Rosa Liste möchte ich aufzeigen weshalb das ein wichtiger Grundsatz moderner Demokratien ist. In der Weimarer Republik und der Ersten Republik Österreich wurden Listen angelegt in denen zahlreiche Daten über tatsächliche oder vermeintliche Homosexuelle gesammelt und auf Vorrat gespeichert wurden. In der NS-Diktatur wurden diese Listen genutzt, um eine möglichst große Anzahl Homosexueller in Konzentrationslager (KZ) zu bringen. In diesen bekamen sie den berühmten Rosa Winkel als Kennzeichnung, wodurch sie auch Repressalie von anderen Insassen ausgesetzt waren. Noch heute gilt die Rosa Liste als eines der schlimmsten Beispiele wie auf Vorrat gespeicherte Daten missbraucht werden können. Als Datenschützer und Bisexueller möchte ich näher auf diesen besonderen Teil der Geschichte eingehen und aufzeigen was daraus lernen sollten.
Seit fünf Jahren setzen sich innerhalb des Netzwerks [„Code for Germany“](https://codefor.de) in ganz Deutschland rund 300 Ehrenamtliche für offene Daten ein und bauen damit Anwendungen für alle. Auch 2019 ist bei uns einiges passiert, was wir euch hier vorstellen wollen. Wir haben uns beispielsweise mit Daten zu Umwelt, Politik und jeder Menge Kartenmaterial beschäftigt und viele neue Projekte am Start. Manche glänzen schon richtig, andere suchen noch Unterstützung. Im Talk erklären wir, was offene Daten eigentlich sind, was man daraus bauen kann und wie man bei uns mitmachen kann. [Code for Germany](https://codefor.de) ist ein Netzwerk von Gruppen ehrenamtlich engagierter Freiwilliger. Wir nutzen unsere Fähigkeiten, um unsere Städte und das gesellschaftliche Miteinander positiv zu gestalten. Wir setzen uns für mehr Transparenz, Offene Daten und Partizipation in unseren Städten ein. Wir vermitteln insbesondere zwischen Zivilgesellschaft, Verwaltung und Politik und nutzen unsere Fähigkeiten, um die Kommunikation zwischen diesen zu verbessern und notwendige Impulse zu setzen, damit die Möglichkeiten der offenen und freien Digitalisierung so vielen Menschen wie möglich zugute kommen.
Tor operator meetup, discussion and partly moderated Tor operator meetup, anyone currently operating any Tor infrastructure or anyone planning to operate and infrastructure in the future is welcome to participate here.
Learn more about the development approach of Delta Chat, an encrypted E-Mail messenger.
1000 Echochambers Sätche ist sowas von Teil der Familie - seine Echochamber läuft regelmässig in der c-base, er fährt ne alte Feuerwehr und wer ihm krummkommt, merkt das schon. Sätchmoe is sooo part of the family - his Echochamber runs regularly in the c-base, he drives an old fire brigade and whoever annoyise him, will notices that.
Extinction Rebellion (XR) has an extreme stand on actions organised under its name: non-violent mass civil disobedience to disrupt - but also cooperation with the police. While many think that XRs action are about climate change, XR’s goal is also to change governance - but at the same time claiming to be "beyond politics" and without analysing existing power structures. We will first present about the study and where this claim for non-violence comes from, and then discuss about where to go from here. Extinction Rebellion (XR) has an extreme stand on actions organised under its name: non-violent mass civil disobedience to disrupt - but also cooperation with the police. Being arrested is a goal in itself. Depending on the country, participants are explicitly asked to talk to the police. While many think that XRs action are about climate change, XR’s goal is also to change governance - but at the same time claiming to be "beyond politics" and without analysing existing power structures. Much of this is based on the interpretation of a single study: a study that is very restricted in its scope and deeply flawed in its understanding of how diverse actions over a long period of time influence the outcome of future actions. XR also calls up images from other protests - some of which were in fact violent - to claim that their way of doing actions is the one that will succeed in a short time span. However, we now see XR getting more diverse and at least locally engaging with other groups and types of actions. We will first present about the study and where this claim for non-violence comes from, and then discuss about where to go from here.
contemporary, dance, nonverbal Come, come whoever you are. Wanderer, worshipper, lover of leaving. This isn't a caravan of despair. It doesn't matter if you have broken your vows a thousand times before! Come again, come.
Your daily basic hacking learning lesson. ""WARNING: External room for the last session on day 4: Please come to Lecture Room M1.""'''---> README: There will be sessions from days 1 to 4. The daily session times will be announced in the evening before. <---'''We offer instructions for "Damn Vulnerable Web Application" ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) daily. At least for 2 to 4 people. Join us if you would like to learn about security gaps in web programming (e.g. bad passwords, SQL injection, cross-site requests forgery). You will learn how to hack systems and how to reset them afterwards. It's recommended to bring your own device (laptop) with an working ethernet port. We have a single Ethernet-to-USB adapter available for devices lacking an Ethernet port such as Apple Macbooks.'''-->LIESMICH: Es wird jeden Tag Sessions geben. Wann die täglichen Sessions genau starten, wird immer am Vorabend eingetragen. <---'''Wir bieten täglich „Damn Vulnerable Web Application“ ( http://www.dvwa.co.uk/ / https://github.com/ethicalhack3r/DVWA ) unter Anleitung an, für mindestens 2 bis 4 Personen. Inhaltlich geht es dabei um klassische Sicherheitslücken der Webprogrammierung (z.B. schlechte Passwörter, SQL-Injection, Cross-Site-Request-Forgery). Hier lernst du Systeme zu hacken und wiederherzustellen. Bringt am besten euren eigenen Computer mit einem funktionierenden Ethernet-Port mit. Wir haben einen Ethernet-zu-USB-Adapter, damit ihr auch Geräte ohne integrierten Ethernet-Anschluss (wie z.B. Apple Macbooks) nutzen könnt.
Reddit style Q&A, where you can ask all the questions you wanted to know about the life of a kernel programmer. Are you interested to know about a kernel devs work, how they got into kernel programming, where to find a job and to get into this field, what good resources there are for newbies, whether they got shouted at by Linus, etc..? Here is the right place where you can ask those questions.
We'll taste over 10 different kinds of jenever. Limited spots, first come first served.
21:20
##### Motivation In the digital age the privacy has become an important matter. But with the current digital payment methods the privacy of the user is not guaranteed. To avoid the data sharing, the Taler team implemented a digital form of cash. ##### Project To demonstrate the payment system we developed an interface for a snack machine based on GNU Taler. This implementation allows the customer to pay with a smartphone app via NFC or QR-Code. ##### Team The project was realized by Taler in cooperation with two students from Bern University of Applied Sciences. In the talk the audience will become a little insight into the GNU Taler Project and the aim of the developed Snack Machine Interface. The approach to develop an interface between the Taler Backend and the snack machine will be explained as well as the challenges which come with such a project. Further the implemented hard- and software stacks are presented.
21:25
Eine spielerische politische Praxis die versucht klassische Geschlechterrollen aufzubrechen. Empowerment! All Genders, Männer* haben zeitweise kein Rederecht. Frauen*, vereint euch und legt die Reproarbeit nieder! Wenn wir über Repro - bzw. Reproduktionsarbeit reden, meinen wir damit jegliche Art von physischer und emotionale Arbeit, wie z.B. putzen, kochen, Kinder groß ziehen, Hausarbeit, andere trösten bzw. emotionaler Arbeit und viele andere Aufgaben, die oft als "weibliche" angesehen werden. Zu großen Teilen werden diese Arbeiten immer noch von Frauen* und FLIT*-Personen erledigt. Diese Arbeit wird meist sehr schlecht bis gar nicht bezahlt, findet im Verborgenen statt oder wird als weniger wichtig als Produktionsarbeit angesehen. Diese Arbeit ist unglaublich wichtig, um das System zu erhalten, es Menschen möglich zu machen, zur (Lohn-)Arbeit zu gehen und wird doch kaum wertgeschätzt, sondern als selbstverständlich angesehen. Darauf haben wir keinen Bock mehr! Wir wollen gemeinsam nicht mehr putzen, aufräumen, der soziale Puffer oder die emotionale Krücke sein, so viel und lange, wie wir wollen.
21:30
Einführung in das 36C3 Capture the Flag für Neulinge This introduction is mainly for FNTIs* and has limited seats. We might open it if there is space left.* women, non-binary, inter and trans persons.
Whisky Tasting at foodhackingbase For more information please refer to the foodhackingbase wiki page: https://foodhackingbase.org/wiki/Whisky_tasting_36c3
21:35
Using a simple non-technique, we will memorize digits of pi. It's fun. No prerequisites needed. In English and German. Bring your kids! (all sessions are independent from each other) More sessions will be announced for Day 2, Day 3 and Day 4.
21:45
Ein gemütlicher Schnack unter Ingenieuren warum die Elektromobilität nicht ins Rollen kommt und warum Wasserstoff noch nicht so richtig in Deutschland explodiert ist. Wir werden aus unseren Erfahrungen mit Elektromobilität, der Freude der Wartezeit auf ein Auto und anderen Problemchen schnacken. Sollten wir nicht von einem E-Roller oder Sofa überfahren worden sein vorher ^^ Wer auch ein E Auto hat oder sich über ERoller aufregen will darf gerne dazukommen. Das große Och Menno Special zur Elektromobilität.
Spontaneous demo since it's friday and on fridays we strike for our future! we'll start at about:future after the Science for Future talk in Dijkstra is done (ca. 21h45), then most likely walk once around the congress
21:50
Very roughly, P is the class of efficiently solvable problems and NP is the class of non-efficiently solvable problems. A basic fact of life is P ≠ NP. However, for the last fifty years, this observation has stubbornly resisted every attempt of a proof. The talk will carefully explain ... (see long description) The talk will carefully explain:* what the precise statement of the conjecture P ≠ NP is* how the world would look like if P = NP* whether it might be that it's provable that the conjecture is unprovable (that the conjecture exceeds the boundaries of logic)* what's known about hypothetical proofs of P ≠ NPThis talk requires no mathematical prerequisites. Indeed, people who took classes on computability theory in university will be bored to hell and should only attend if they plan to support the session by offering interesting remarks. :-) To enjoy and follow the talk, you should know that we use algorithms to solve computational problems and that some are more efficient than others. You'll be extra prepared if at some point in your life you've implemented some algorithms. That said, you will only enjoy the talk if you enjoy mathematical thinking and a certain amount of mathematical precision. This is not a light-and-fun talk, to the small extent that it's fun it's only thanks to the interesting theoretical relationships discussed in the talk.'''[https://rawgit.com/iblech/mathezirkel-kurs/master/mathecamp-2019/p-vs-np/slides-36c3.pdf Slides]''''''[https://rawgit.com/iblech/mathezirkel-kurs/master/mathecamp-2019/p-vs-np/ablauf.txt Some details]''' (in German)'''[https://www.scottaaronson.com/papers/pnp.pdf Survey paper by Scott Aaronson]''' (very much recommended)
22:00
The 21st century will be powered by electricity. I'm a journalist in the field of science and technology reporting. I followed the development of electricity storage and generation for over 10 years. In this talk I will outline the current state of electricity storage technology and its limitations. There is a gap between the intermittent availability of electricity generation and demand for it. Cobalt and Lithium are increasingly limited in supply and their production is often produced using unsustainable means. Alternatives are being development and will be presented. Some of these technologies are in the form of chemical batteries and some use very surprisingly simple technologies. I will be giving an introduction into future technologies for electricity storage currently in development. Some of these are batteries without rare materials and others are not batteries at all.
Update on new advances in the area of open source silicon, including interesting new announcements. Update on the status of various open source silicon projects;* System Verilog support in open source tools** System Verilog compliance test suite - https://github.com/SymbiFlow/sv-tests and https://symbiflow.github.io/sv-tests** New System Verilog formatter and linter - https://github.com/google/verible** New System Verilog parser - https://github.com/alainmarcel/Surelog* OpenRoadProject - https://theopenroadproject.org/* OpenRAM - https://github.com/VLSIDA/OpenRAM* Open Source PDKs
Unter gewaltigen Opfern, schreibt er eine Reihe von Geschichten mit Ortsnamen, Jahreszahlen und sonstigen Daten, die sich durchaus belegen lassen und in ihrer Wirklichkeit nicht anzuzweifeln sind. Diese Eckdaten sind nur Bruchstücke, die aus einer Summe von Erinnerungen zusammengesetzt wurden. Das tatsächlich gelebte und dies was wir zu erleben glaubten, ist ein Teil seiner Biographie, die lediglich eine nachträgliche Interpretation darstellt.
Jakob Sisterz (Sachsentrance/ Zur Klappe)
Was für eine Protestkunst wollen wir? Weltweit gehen Massen auf die Straße - ihre grundlegenden Bedürfnisse stehen auf dem Spiel. Artivismus spielt bei den Protesten dabei eine zentrale Rolle. Anhand von best practice Beispielen besprechen wir, welche Formen von Protestkunst effektiv in Kämpfe eingebunden werden können und was sie vom Trend der kleinbürgerlichen Polit-Kunst unterscheidet.
come and see, we might show you some snippets or the whole chaos ballett which took place here: https://www.hkw.de/en/programm/projekte/veranstaltung/p_163517.php #chaosballettscreening
Der jährliche Crossoverpodcast der Kulturpessimist*innen, des Insniders und Special Guest Ralf Stockmann über den neusten Film aus den Star Wars Universum. Nachden die letzten beiden Specials vom 35c3 und vom Day of the Podcast 2019 etwas abseits des Star Wars Universum das MCU erforscht haben, geht es in dieser Ausgabe wieder zurück an den Ursprung. Episode 9 ist in den Kinos und das ist für uns ein Grund, den Film, seine Bedeutung für die aktuelle Trilogie und als Abschluss der Skywalker Saga unter die Lupe zu nehmen.
experimental, noise, drama, german language Merciless and at the same time with great tenderness, the life of a young woman is portrayed. Fluctuating between aggression and devotion, impulsiveness and serenity. Closeness and fear – in the past with passionate ideals, now with a sobering sense of pragmatism. Self formation, self creation, self-depletion.
Just playin' Haning out and playing board gamesPentagameChessGoQuatro
Überwachte digitale Welt Kurzthese:„Ich habe ja nichts zu verstecken“, lautet das Mantra mit dem wir trotz Snowden eine überwachte digitale Welt hinnehmen. Anhand der persönlichen Geschichten von fünf Protagonisten untersucht der Dokumentarfilm „Nothing To Hide“ die Implikationen dieser Haltung für Demokratie und Privatsphäre, für Gesellschaft und Individuum. Beschreibung: Trotz den Enthüllungen Edward Snowdens scheinen die Meisten von uns eine überwachte digitale Gesellschaft einfach hinzunehmen. Obwohl im allgemeinen Konsens darüber herrscht, dass Überwachungsregime invasiv und autoritär sind, installieren Leute immer mehr Apps und “kostenlose” Programme. Dabei werden sie gezwungen, den Vertragsbedingungen zuzustimmen, geben in wenigen Klicks ihre Privatsphäre her und verschaffen Unternehmen Zugang zu ihren persönlichen Daten. Um ihr Verhalten zu rechtfertigen, erklären die meisten: „Für mich interessiert sich doch sowieso keiner, also warum sollten sie mich überwachen? Ich habe nichts zu verstecken.”„Nothing To Hide“ ist ein unabhängiger Dokumentarfilm über die digitale Überwachung und deren weit verbreitete Akzeptanz in der Bevölkerung mit der Rechtfertigung des „Ich habe nicht zu verstecken“- Arguments. Die in Berlin lebenden Journalisten und Marc Meillassoux und Mihaela Gladovic haben den Film geschrieben und produziert, um sich anhand der persönlichen Geschichten von fünf Protagonisten der Frage anzunähern, was diese passive Akzeptanz von massiver Überwachung von Seiten großer Unternehmen als auch staatlich für unsere Demokratie, für unser Recht auf Privatsphäre, für unsere Gesellschaft und für uns als Individuum bedeutet.- in deutsch mit englischen Untertiteln -
22:10
The AMD Platform Security Processor (PSP) is a dedicated ARM CPU inside your AMD processor and runs undocumented, proprietary firmware provided by AMD. It is a processor inside your processor that you don't control. It is essential for system startup. In fact, in runs before the main processor is even started and is responsible for bootstrapping all other components. This talk presents our efforts investigating the PSP internals and functionality and how you can better understand it. Our talk is divided into three parts: The first part covers the firmware structure of the PSP and how we analyzed this proprietary firmware. We will demonstrate how to extract and replace individual firmware components of the PSP and how to observe the PSP during boot. The second part covers the functionality of the PSP and how it interacts with other components of the x86 CPU like the DRAM controller or System Management Unit (SMU). We will present our method to gain access to the, otherwise hidden, debug output. The talk concludes with a security analysis of the PSP firmware. We will demonstrate how to provide custom firmare to run on the PSP and introduce our toolchain that helps building custom applications for the PSP. This talk documents the PSP firmware's proprietary filesystem and provides insights into reverse-engineering such a deeply embedded system. It further sheds light on how we might regain trust in AMD CPUs despite the delicate nature of the PSP.
This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst). This talk aims to focus on the uncovering of the KGB Hack, which began in 1986 when Clifford Stoll, a systems administrator at the University of California in Berkeley, noticed an intruder in his laboratory’s computer system – and, unlike other admins of the time, decided to do something about it. It took three more years of relentless investigation on Stoll’s part and laborious convincing of the authorities of the United States and the Federal Republic of Germany to trace back the intruder to a group of young men loosely connected to the CCC who worked with the KGB, selling information gained from breaking into US military computers to the Soviet Union. In March of 1989, the widely watched West-German television news program "ARD Im Brennpunkt" informed the public of the “biggest instance of espionage since the Guillaume affair”. It presented a new quality of high tech espionage, undertaken by “computer freaks”, somewhat shady-seeming young men connected to the Chaos Computer Club. The reporting on the KGB Hack had a tremendously negative effect on the public image of hackers in general and the CCC in particular. Now the “computer freaks” were no longer seen as benevolent geeks who pointed out flaws in computer systems - they were criminals, working with the Russians, harming their own country. Sounds familiar? It’s an image which has been lingering until today.
Es soll grundlegend erklärt werden, nach welchen Kriterien Medizinprodukte entwickelt werden. Dazu werden die wichtigsten Regularien (Gesetze, Normen, ...) vorgestellt die von den Medizinprodukteherstellern eingehalten werden müssen. Diese regeln, was die Hersteller umsetzen müssen (und was nicht). Hier wird auch die Frage beantwortet, warum beispielsweise die Apple-Watch (oder genauer gesagt nur zwei Apps) ein Medizinprodukt sind aber die card10 nicht. Dieser Vortrag gibt Antworten auf die folgenden Fragen: <ul> <li>Was ist denn überhaupt ein Medizinprodukt?</li> <li>Was steht dazu im Gesetz?</li> <li>Was haben Normen damit zu tun?</li> <li>Was tun die Hersteller überlicherweise um diese Anforderungen umzusetzen?</li> <li>Wie sieht ein typischer Entwicklungsprozess aus?</li> <li>Wie sieht es mit Security und Safety aus?</li> <li>Warum sind Innovationen so schwer?</li> <li>Was passiert nach der Entwicklung?</li> <li>Wer überwacht das alles?</li> </ul> Es wird Schwerpunktmäßig die EU betrachtet um die Dauer des Vortrags nicht zu sprengen.
Einführung in das Forschungsfeld der Kritikalitätsanalysen. Anhand der Rohstoffe Tantal, Wolfram, Zinn und Gold werden exemplarisch die quantitativen und qualitativen Indikatoren für eine Versorgungsengpassanalyse vorgestellt. Moderne High-Tech-Produkte benötigen chemische Elemente, die in spezifischen Rohstoffen (z. B. Erze) vorkommen. Dabei unterliegen Verfügbarkeit und Preis dieser Rohstoffe in hohem Maße den Einflussfaktoren der Konzentrationsrisken, politischen Risiken, Angebotsreduktions- und Nachfrageanstiegsrisiken. Da Unternehmen oftmals über Jahre hinweg an bestimmte Rohstoffe gebunden sind, müssen sie den Unsicherheiten mit vielfältigen Strategien begegnen. Vom Abbau und der Verarbeitung bis zur Nutzung und Entsorgung wird die gesamte Wertschöpfungskettenkritikalität bewertet. Dadurch können Verwundbarkeiten von Unternehmen und Ländern durch Rohstoffengpässe objektiv identifiziert und Handlungsempfehlungen definiert werden. Die Kritikalitätsanalyse wird am Beispiel der 3TG-Materialien (Tantal, Wolfram, Zinn und Gold) veranschaulicht.
22:30
Our research shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With our attack called NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks. Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card. In this talk, we present the first security analysis of DDIO. Based on our analysis, we present NetCAT, the first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server. netcat is also a famous utility that hackers and system administrators use to send information over the network. NetCAT is a pun on being able to read data from the network without cooperation from the other machine on the network. However, we received very mixed reactions on that pun. More details on this in the talk. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019.
BorgBackup: Meeting and Q&A session BorgBackup user and developer meeting.Q&A, feedback, exchange experiences and tips, etc.Also we might have BorgBackup stickers for you to spread - finally!
Wir entwicklen gemeinsam eine kleine App für iPhones und Android Smartphones - und erklären dabei jeden einzelnen Schritt (We'll develop a simple mobile app - and explain each and every step along the way)
23:00
Der deutsche Inlandsgeheimdienst bietet seit Jahrzehnten mit seinen Berichten eine interessante Propaganda an. Dieser wollen wir in diesem Talk auf den Zahn fühlen. Dazu ordnen wir die Erwähnungen von linken und antifaschistischen Akteur:innen kritisch ein. Dabei legen wir die Ideologie des sog. Verfassungsschutzes offen. Die Verfassungsschutzämter veröffentlichen jährlich Berichte über ihre Arbeit – auch im Netz. Doch die Berichte wurden zumeist nach 5 Jahre depubliziert. Wir sammeln alte und neue Berichte auf [Verfassungschutzberichte.de](https://vsberichte.de). Mit diesem digitalen Archiv vereinfachen wir die Recherche. Neben einer Suche lassen sich so z. B. Erwähnungen von Begriffen oder Organisationen im zeitlichen Verlauf betrachten. Einige interessante Resultate stellen wir in dem Vortrag vor.
Jenny Günther, Moritz Klenk, Nicolas Wöhrl und Stefan Schulz laden alle anwesenden Podcaster und Podcasthörer zum 2. Podcast-Selbstkritiktreffen ein. Jenny Günther, Moritz Klenk, Nicolas Wöhrl und Stefan Schulz laden alle anwesenden Podcaster und Podcasthörer zum 2. Podcast-Selbstkritiktreffen ein. Im vergangenen Jahr haben wir die eher schweren Themen diskutiert - Formate & Finanzen. Dieses Jahr rücken wir etwas näher an den Alltag am Aufnahmegerät heran: Wir möchten über Workflows reden, die Organisation von Sendungen, den Umgang mit Gästen und Publikum. Auf der Bühne wird wieder ein leerer Stuhl stehen. Alle, die gehört werden wollen, werden gehört. Jenny Günther ist Politpodcasterin mit Herz, Moritz Klenk ist Monologpodcaster mit Doktortitel, Nicolas Wöhrl ist Spaßpodcaster mit Feuertornado, Stefan Schulz ist Fernsehpodcaster ohne Sendeschluss.
Meetup for owners of DocGreen ESA 5000, 1919 or 1950 eScooters Just a bunch of people who own an Doc Green ESA 5000, 1919 or 1950. A (in germany legal) eScooter recently sold by Lidl.There is also a wiki: https://esa-5000.fandom.com/de/wiki/ESA_5000_Wikiand a Telegram group: http://t.me/esa_5000We will probably talk about bus internals, attaching external batteries, dashboard replacements and other scooter modifications.
Short improvised lecture/talk about a recent perspective change in studying the problem of n masses in the plane Talk on recent developments in studying the gravitational n-body Problem.Preliminaries: interest in Astronomy and Mathematics, particularly geometry. Understanding https://youtu.be/xdIjYBtnvZU (Feynman's Lecture on the Kepler problem) is helpful. Overview: The first half offers a historical overview of the subject while the second half focuses on Hamiltonian Dynamics and relative equilibria with a somewhat surprising historical twist.
Wie viele in unserer Generation leidet auch Fritz Windish an dem Fluch eines Multitalents. Da fällt es schonmal schwer sich zu konzentrieren. Aber wenn ihr ihn hier verpasst weil ihr gerade etwas besseres zu tun habt dann spätestens in Hollywood.
Looking forward to Schuppi Patstyx aka Schuppi war schon Sysadmin als man noch beim Internet angerufen hat - er zog weg, nach Halle, in Congressnähe. Legte schon immer auf, macht Podcasts und Drum´n Bass Events und wir freuen uns auf Schuppi. Patstyx was already sysadmin when you called the Internet, by dialing a number on moms phone - he moved away, to Halle, near the congress. Allways deejayed, does podcasts and Drum´n Bass events and we are looking forward to Schuppi.
Der jährliche Crossoverpodcast der Kulturpessimist*innen, The InSnider und Special Guest Ralf Stockmann über den neusten Film aus den Star Wars Universum. Nachden die letzten beiden Specials vom 35c3 und vom Day of the Podcast 2019 etwas abseits des Star Wars Universum das MCU erforscht haben, geht es in dieser Ausgabe wieder zurück an den Ursprung. Episode 9 ist in den Kinos und das ist für uns ein Grund, den Film, seine Bedeutung für die aktuelle Trilogie und als Abschluss der Skywalker Saga unter die Lupe zu nehmen.
23:30
Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. This talk aims to be an in-depth technical overview. <p>Today, billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. If at all, people know that once upon a time, they were storing phone books on SIM cards.</p> <p>Every so often there are some IT security news about SIM card vulnerabilities, and SIM card based attacks on subscribers.</p> <p>Let's have a look at SIM card technology during the past almost 30 years and cover topics like <ul> <li>Quick intro to ISO7816 smart cards</li> <li>SIM card hardware, operating system, applications</li> <li>SIM card related specification bodies, industry, processes</li> <li>from SIM to UICC, USIM, ISIM and more</li> <li>SIM toolkit, proactive SIM</li> <li>eSIM</li> </ul> </p>
This talk investigates the business of fake likes and fake accounts: In a world, where the number of followers, likes, shares and views are worth money, the temptation and the will to cheat is high. With some luck, programming knowledge and persistence we obtained thousands of fanpages, You Tube and Instagram account, where likes have been bought from a Likes seller. We were also able to meet people working behind the scenes and we will prove, that Facebook is a big bubble, with a very high percentage of dead or at least zombie accounts. The talk presents the methodology, findings and outcomes from a team of scientists and investigative journalists, who delved into the parallel universe of Fake Like Factories. When you hear about fake likes and fake accounts, you instantly think of mobile phones strung together in multiple lines in front of an Asian woman or man. What if we tell you, that this is not necessarily the whole truth? That you better imagine a ordinary guy sitting at home at his computer? In a longterm investigation we met and talked to various of these so called “clickworkers” - liking, watching, clicking Facebook, You Tube and Instagram for a small amount of money the whole day in their living room. Fortuitously we could access thousand campaigns, Facebook Fanpages, You Tube videos or Instagram accounts. Thousands of websites and accounts, for which somebody bought likes in the past years. But we did not stop the investigation there: We dived deeper into the Facebook Fake Accounts and Fake Likes universe, bought likes at various other Fake Likes sellers. To get the big picture, we also developed a statistical method to calculate the alleged total number of Facebok User IDs, with surprising results.
Manche Spiele will man gewinnen, andere will man einfach nur spielen. Bei vielen Spielen will man beides. Spielen macht Spaß. Gewinnen auch. Warum also nicht immer und überall spielen? Warum nicht Politik spielen wie einen Multiplayer-Shooter? Mit motivierten Kameraden und ahnungslosen Gegnern? Mit zerstörbarer Umgebung, erfolgreichen Missionen und zu erobernden Flaggen? Teile der radikalen Rechten tun das mit Erfolg. Der Vortrag schaut sich einige Beispiele aus Deutschland und den USA näher an. Wir sprechen von “Spielifizierung”, wenn typische Elemente von Spielmechaniken genutzt werden, um in spielfremden Kontexten motivationssteigernd zu wirken. Während diese Strategie vor allem wirtschaftlich genutzt wird, um Kundenbindung und Mitarbeiterproduktivität zu erhöhen, ist sie auch zu einem zunehmend wichtigen Teil politischer Kultur geworden. Insbesondere Online-Communities verwenden Spielelemente, Memes/Lore und spielnahe Unterhaltungsformate, um ihre sozialen Beziehungen und jene zur Realität zu gestalten und zu strukturieren. Innerhalb solcher Beziehungen war es nur eine Frage der Zeit, bis archetypische NPCs wie der gewöhnliche Troll sich zu Lone-Wolf-Spielercharakteren entwickeln, Rudel bilden und sich in einem stetig wachsenden und ausdifferenzierenden System von Gilden und meritokratischen Jagdverbänden organisieren würden. Die Politisierung solcher neuer Stammesgesellschaften ist eine logische Konsequenz dieser Evolution. Der Vortrag beleuchtet einerseits den US-kulturellen Hintergrund des Feldes: von der Spielmetapher als legitimierenden Rahmen in der “Manosphere”, “#Gamergate” und Operationen der chan-übergreifenden /pol/-Community. Andererseits sucht er Strategien, die darauf abzielen, Teile des politischen Diskurses zu “gamen”, zu kapern und zu verstärken, auch in deutscher Trollkultur auf, vom genreprägenden “Drachengame” bis zu explizit politischen Initiativen wie “Reconquista Germanica”... und dem live gestreamten Terror einer neuen faschistischen Subkultur.
SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language. Using our innovative techniques of Query Hijacking and Query Oriented Programming, we proved it is possible to reliably exploit memory corruptions issues in the SQLite engine. We demonstrate these techniques a couple of real-world scenarios: pwning a password stealer backend server, and achieving iOS persistency with higher privileges. Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe. How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database… The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system. In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines.
Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us (Chris Kelty, Gabriella Coleman, and Paula Bialski) have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders, will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. We will begin our talk by telling the audience what drove to build this website and what we learned in the process of collaborating with now over fifty people to bring it into being. After our introduction, we will showcase about 7-10 videos drawn from quite different sources (ads, parodies, movie clips, documentary film, and talks) and from different parts of the world (Mexico, Germany, South Africa, France) in order to discuss the cultural significance of hacking in relation to regional and international commonalities and differences. Finally, we will finish with a short reflection on why such a project, based on visual artifacts, is a necessary corollary to text-based discussions, like books and magazines, covering the history and contemporary faces of hacking.
sound performance Playing cards, sewer pipes, plant pots, canisters, pans, peanut butter jars, vases, washers … Schaltkreis Musik create quirky motorized instruments from items and strangely familiar found objects. These machines can be played like drum computers through rhythm-sequencers. Combined with microphones and effects a versatile beat instrument is formed, that can be played – even with no musical experience. Interacting with the machine sounds, Lorenz Blaumer uses his violin together with live-sampling to generate rhythmic patterns, ambient sounds and bass lines – sometimes even a melody. https://schaltkreismusik.bandcamp.com
00:00
Feinster Deep & Progressive House und wunderschöne visuelle Impressionen aus dem Weltraum laden ein zum grooven, chillen oder sich einfach mal inspirieren zu lassen. Eine Hommage an die Sendung "Space Night" des Bayerischen Rundfunks, gebeamt in die heutige Zeit !
Lasst uns eine Runde Human Punishment spielen Human Punishment ist ein Social Deduction Spiel, das Werewolf nicht unähnlich ist.Allerdings gibt es 3 Fraktionen mit eigenen Siegbedingungen, Fraktionswechsel während dem Spiel, potentiell einen Wiedereinstiwg für ausgeschiedene Spieler...Da ich leider nur die deutsche Version besitze, sollten Mitspieler Deutsch lesen können.
Die Sonnensysteme aka SOSY ist ein Kind einfacher Verhältnisse. Vor der Wende im Spaß seiner Eltern entstanden, ist er in der Zeit nach dem Mauerfall aufgewachsen und erntete schon in der Schulzeit was er säte. Neben Verwechselungen mit seinem Bruder, geht er auch einer verwandtschaftlichen Beziehung zu seiner Schwester nach. Als Emanzipation in einen zufriedenstellenden Zustand der Individualität machte sich der Drittgeborene neben seiner Nesthäkchentätigkeit auf in die Welt der elektronischen Musik. Als Grundstein gilt seine Liebe zu knackigem dystopisch anmutendem Techno und anderen musikalischen Perlen zwischen Melodie, Kitsch, Echo und Ambient. Daraus entwickelte sich irgendwann in den 2010er Jahren die Idee alles etwas langsamer anzugehen: SOSY begann die Hits der Szene runterzupitchen. Und nun ist er DJ. Immernoch aus Halle an der Saale und trinkt gerne Sekt. In einer Geschwindigkeit, fernab der des Lichts, sendet er seine kosmische Idee von Downtempo zwischen 90 und 108 BPM mit Schallgeschwindigkeit in die Weiten des Äthers. So sieht's aus. Ehrlich.
Hoodie & Shannon Soundquist (ProZecco)
00:40
Das Wissenschaftskommunikations-Assembly trifft sich auf dem 36c3 um über Wissenschaftskommunikation zu sprechen. Und über andere Themen die ihnen am Herzen liegen. Wir kommunizieren über den einen oder anderen Weg Wissenschaft. Physik, Chemie, Biologie, Pharmazie... Doch schauen wir uns das viele Unwissen in der Welt an, dann scheint das noch nicht auszureichen. Wie können wir Wissenschaft noch besser an die Frau oder den Mann bringen? Wie können wir überhaupt das Interesse dafür wecken? In der Politik gibt es zwar bereits Pläne, die Kommunikation zu verbessern, das Grundsatzpapier des Bundesministeriums für Bildung und Forschung (BMBF) über Wissenschaftskommunikation ist nur ein Beispiel dafür. Nur wirft dies auch die Befürchtung auf, dass Kommunikation dann von eh schon überlasteten, drittmittelfinanziert-prekären Doktorandinnen aufgeladen wird. Oder, dass sie als Freizeitvergnügung betrachtet wird. Oder, dass die hohen Anforderungen für gute Kommunikation unterschätzt werden. Oder, dass Wissenschaftskommunikation als Instrument der Akzeptanzbeschaffung verwendet wird. Richtig ist aber, dass alle von Wissenschaftskommunikation profitieren könnten. Wir möchten uns darüber austauschen, wie Wissenschaft unserer Meinung nach kommuniziert werden sollte. Und auch, welche Themen gerade jetzt mehr Aufmerksamkeit finden sollten. Eine Betrachtung von Wissenschaftler*innen, die gleichzeitig Wissenschaftskommunikator*innen sind - eine Kombination die immer noch recht selten ist.
00:50
The Hacker Jeopardy is a quiz show. The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again.
01:00
Daniel Sommer – besser bekannt als Cosmic DJ – war in den 1990er Jahren Mitglied der wegweisenden HipHop-Crossover-Truppe Fischmob und nach deren Entschwinden Ende des Jahrzehnts ein Drittel der House-Helden International Pony (zusammen mit DJ Koze und Erobique). Nebenbei betätigte er sich auch noch als Blogger bei der Onlineausgabe von "Die Zeit" und Remixer (u.a. für Tocotronic und Rocko Schamoni) und beherrscht diverse handgemachte Instrumente jenseits des Elektro-Turntablerocker-Zusammenhangs. Seinen jüngsten kreativen Flash feierte Cosmic DJ im August 2008, als er einen Alleinunterhalter-Abend nur mit Coverversionen von Liedern bestritt, die sich allein seinem Wohnort Hamburg widmeten. 2009 kollaborierte er mit der DJane Ada auf deren Remixalbum "Adaptations Mixtape #1", ist seitdem aber nur sporadisch als Musiker in Erscheinung getreten. Er engagierte sich in verschiedenen Hamburger Kunst- und Kulturprojekten, darunter die von ihm ins Leben gerufene Aktion "Awesome Tapes from Your Kinderzimmer", bei der er auf seiner Facebook-Seite dazu aufrief, alte selbstgemachte Cassetten-Aufnahmen einzuschicken.
Señor SIB ist in der (guten) politschen Bildung tätig und er sammelt (gute) Platten und er ist ein (guter) Freund - irgendein Bogen von jazzig zu drum´n bass war mal im Gespräch. --- Señor SIB is active in (good) political education and he collects (good) records and he is a (good) friend - some bow from jazzy to drum´n bass was once in the conversation. ZeerOne der Philosoph mit diesem Humor darf nicht fehlen. Er ist der Inbegriff der gut gelaunten Stetigkeit und sein musikalisches Spektrum würde auf kein Display passen. --- ZeerOne the philosopher and with this humor must not be absent. He is the epitome of good-humoured consistency and his musical spectrum he would not fit on any display.
02:00
Mit Harald zusammen begeben wir uns auf einen musikalischen Trip auf einem Ambient Klangteppich in Richtung Alpha Centauri, um endlich die Fragen beantwortet zu bekommen, die wir uns alle Stellen: * Ist Liebe in der Nähe von schwarzen Löchern möglich? * War die Mondlandung echt? * Gibt es Schnaps im Weltraum? Wer schon einen Eindruck bekommen will, wie sich so ein Ambient Klangteppich anhört kann schonmal hier reinhören: https://soundcloud.com/boomboombastard/oceanfloor-unreal-ambient-like-miks https://hearthis.at/petrosilius/keintraum/
Mad Linn
03:00
DJ X LIVE ACT performing a rollercoaster of dancy, ravy and glitchy tunes, spiced with unexpected voice/samples/drops and occasional bent toys bringing some improvised fun challenges to herself and sometimes the audience :) "I had the pleasure to met Oliotronix in Denmark at the Chipwrecked Festival. Her set was one of my favorite, a blazing mix of chiptune, circuitbending and DIY culture delivered right on your face as a mega banging rave. I was blown away when I discovered she was improvising! Check it out and follow her FB page and check for her live performances around Europe!" (IANO, iano.bandcamp.com) Since 2017 her new music setup has taken shape in form of energetic performances using Gameboy DMG and various electronic noise machines still combined with an hooligan/techno/electro/rave/core DJ set. Feedback from the audience: 1. “What is exciting about DJ Oliotronix is she doesn't follow the trend but deliver crazy sets following her own taste while keeping it entertaining on a high level of intensity. Prepare to have fun!“ Madame Claude, Berlin 2. “Very original and eclectic, with interesting non-standard use of equipment!” Galaxy Wolf, London 2. “Great! Good energy and selection. Nice to see DJs enjoying themselves too!” Crux, London“
04:00
Vor fundundzwanzig Jahren gabs krasses Techno-Acid und da gabs irgendwie echt verrückte Raver, aber irgendwas fehlte da noch: Es müsste so ne Musik geben, die so kaputt ist, dass die Neonazi/Hooligan/Gabba-Sporttanztypen mit ihren Volkswagenautos und ihren blonden Freundinnen und Bomberjacke und so, dass die das nicht gut finden - aber so die Punks und die Acidraver, dass die da Lust drauf haben. Nasty rhythms treffen auf 808, sowohl in seinen heavy DJ Sets als auch in seinen eigenen Produktionen