"description":"The iPhone's Lightning connector was a proprietary beast with a lot of hidden features: By sending custom SDQ commands there, it was possible to get it to expose hardware debugging features such as JTAG and UART. For a long time, this was only easily possible using either gray and black-market cables such as the Kanzi-Cable, or proprietary tools such as the Bonobo Cable. Last year, we released an open-source tool to get access to the iPhone debugging features called the Tamarin Cable - finally allowing anyone to get JTAG and UART on the iPhone for just a couple of $ in parts.\nBut then the iPhone 15 came along, and with that USB-C: All previous hardware and software tooling basically became useless, but that did not stop us from trying: We knew from the Apple Silicon macs and the work of t8012-team and the AsahiLinux project that Apple uses USB-C's VDM feature - Vendor Defined Messages - to allow access to features such as the UART console, and so chances were high that we could use something similar to get access to the hardware debugging features on the iPhone 15.\nSo we pre-ordered the iPhone 15, a couple of PCBs, a case of Club Mate and got started: And less than 48 hours after the launch we got JTAG working on the iPhone 15.\nIn this talk we will start by looking at the history of iPhone and Lightning hardware hacking, and then look at how USB-C is used for debugging on Apple Silicon devices, and what we had to do to get JTAG on the iPhone 15.\nWe will also use this talk to release the new version of the open-source Tamarin Cable firmware: Tamarin-C. A fully integrated, open-source debugging probe for the iPhone 15 and other Apple Silicon devices. Tamarin-C is also able to give access to a DFU mode that you can't access without sending VDMs.\nNote: This talk will not contain any 0days or previously unknown vulnerabilities. Production iPhones are locked, and so while we get access to some of the device's buses we can't for example access the CPU core.\nThis talk is about building tooling for future work.",
"description":"After over two years of intense negotiations, the EU recently agreed to their Digital Identity Reform (eIDAS). In this talk we analyse the result, what safeguards we can realistically expect and how our online and offline interactions might change because of this new European Digital Identity Wallet. Other regions in the world are much further ahead in this issue and we will also try to learn from the experiences from India and Kenya. Both countries had unique strategies from civil society to fight back against the introduction of digital identity systems, focusing on interrogating their design, raising awareness, strategic litigation and civil disobedience post deployment . Lastly, this issue pops up in many countries and is actively promoted as \"Digital Public Infrastructure\" by global organisations like UNDP and the World Bank - often with little to know credence to privacy or local realities. This global trend is very worrying due to the shiny veneer hiding their dark reality of exploitation by local and foreign actors. We will showcase strategies how local actors have resisted and shaped the introduction of these systems with a combination of technical, advocacy, and interdisciplinary ally building. Our goal is to provide knowledge about how exactly these systems work, who benefits from them and what strategies could be deployed against them.",
"liked":true,
"attended":true
},
{
"title":"Operation Triangulation",
"subtitle":"What You Get When Attack iPhones of Researchers",
"description":"Imagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.",
"liked":true,
"attended":true
},
{
"title":"YOU'VE JUST BEEN FUCKED BY PSYOPS",
"subtitle":"UFOS, MAGIC, MIND CONTROL, ELECTRONIC WARFARE, AI, AND THE DEATH OF THE INTERNET",
"description":"How the history of military and government PSYOPS involving mind-control, UFOs, magic, and remote-control zombies, explains the future of AI and generative media. Along the way, talk attendees will be given an enrollment code to join a specialized CTF/ARG game called CYCLOPS that explores these themes and that will run the duration of Congress.\nAs AI-generated content, social-media influence operations, micro-targeted advertising, and ubiquitous surveillance have become the norm on the Internet and in the market in general, we have entered an era of PSYOP Capitalism. This is an era of hallucinations designed to transform each of us into a “targeted individual” through the manipulation of perception. This talk explores a secret history of reality-altering military and intelligence programs that serve as antecedents to a phantasmagoric present.\nAt the talk, attendees will be given a registration code to play “CYCLOPS,” a CTF/ARG game that will run the duration of Congress. CYCLOPS explores the themes of the mind-control and PSYOPS through an interactive parafictional narrative taking place in the context of an obscure CIA cognitive warfare program from the early days of the Cold War.",
"liked":true,
"attended":true
},
{
"title":"Mobile phone privacy with silent.link (Workshop)",
"description":"ZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations. Questions and answers. Hands-on experience.",
"description":"SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling! In this talk, we'll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems! From identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we'll dive into all the little details this attack has to offer. Therefore, in this talk, we'll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!",
"liked":true,
"attended":true
},
{
"title":"Sucking dust and cutting grass: reversing robots and bypassing security",
"description":"For the past 5 years we have been presenting ways to hack and root vacuum robots at various events like the c3 or the DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies. However, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!\nWe will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of \"Ecovacs\" change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?\nLearn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.",
"liked":true,
"attended":true
},
{
"title":"(Looking at) Functional Programming in Assembly",
"description":"While Functional Programming usually happens quite far away from Assembly programming, in order to get functional programs performant, quite some tricks are used that have effects that reach down into the dark abyss of Assembly.\nIn this talk I want to focus on the optimizing strategy \"Tail Call Elimination\", a compiler optimization of particular importance for recursive function calls. Every functional programmer will tell you that writing your code using tail recursion (it doesn't matter whether you know what that is, you'll see then!) or using Haskell's \"foldl\" is \"generally faster than foldr (Terms and Conditions apply)\". But even seasoned developers often struggle explaining why and quickly resort to pointing to benchmarks or giving some vague answers around \"you need less stack\".\nIn this talk I want to introduce you to what recursion is, some of the reasons why it's computationally expensive, what tail recursion is and why it's better, and why tail call elimination makes it even more awesome. We will go through some example programs implemented in Assembly (for those who ask: I'll use x86 and maybe aarch64 examples) where we, step-by-step, transform our function from head recursive to tail recursive and then will go further by eliminating the recursive call altogether.",
"liked":true,
"attended":true
},
{
"title":"The impact of quantum computers in cybersecurity",
"subtitle":"Estimating the costs of algorithms for attacks and defense applications",
"speakers":["Alessandro Luongo"],
"date":"2023-12-28T12:55:00",
"location":"37C3",
"tags":["quantum","security"],
"notes":"The font size defeated my squinting abilities.",
"description":"In in this talk we explore the potential ramifications of quantum computing in the field of cybersecurity We'll delve into two critical aspects: the application of quantum machine learning algorithms for defence and the impact of quantum attacks on cryptography and post-quantum cryptography for offence. We'll present insights on the theoretical advantages of quantum algorithms, improvements in factoring large numbers, and the impacts of post-quantum crypto attacks. While the hype around quantum technologies is growing, the estimates in the resources needed to run a quantum algorithm and the current number of qubits pose caution in the enthusiasm. The limitations in terms of available qubits, error rates, and scalability are critical factors that need to be considered when assessing the real-world applicability of quantum computing.",
"description":"Over the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.\nThis presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.\nThis presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.",
"liked":true,
"attended":true
},
{
"title":"Honey I federated the search engine - finding stuff online post-big tech",
"description":"It's getting harder and harder to find stuff on the Internet as search engines fill up with ads, SEO spam and AI generated hallucinations. In this talk I'll sketch out some possible options for truly personal Internet search that don't require nation state levels of resources, piggybacking on widely deployed standards like RSS and XML sitemaps, and meta search engines like SearXNG.",
"liked":true
},
{
"title":"Current status on post-quantum cryptography and ongoing standardization and implementations/protocols",
"description":"This lightning talk will give a brief and up-to-date overview of the on-going standardization processes of post-quantum cryptography (PQC) algorithms and methods (also called \"Quantum-Safe Cryptography\").\nThe main focus will be the relevant current developments of specific technical standards such as IETF RFC drafts for implementation and usage of post-quantum cryptography both on a conceptual and protocol level. A concise and rough timeline what to expect in terms of PQC will also be provided.",
"description":"The Sorbus Computer is a cheap 8-bit software defined computer. For under 15 Euros you can build a machine that you can run like an Apple 1, an educational system or a totally new machine.",
"description":"We recently installed a self-built photovoltaic system at our makerspace in Freiburg, utilizing repurposed solar panels. This eco-friendly initiative allows us to directly feed the generated energy into our power grid, enabling us to produce our own sustainable energy.\nI'll be presenting a brief overview of how we collaboratively constructed this innovative photovoltaic system within our community, highlighting the shared effort and ingenuity that went into its creation.",
"description":"You like coding and tinkering with software or hardware? And you are up for a challenge? Then the “Youth Hacking 4 Freedom” is the perfect competition to test your skills.\nThe third round of the FSFE's programming competition “Youth Hacking 4 Freedom” is open for registration. \"Youth Hacking 4 Freedom\" is a programming competition for European teenagers from 14 to 18 years old. The participants have the chance to work on their own project idea with the guidance of experts from the Free Software universe. There are no limitations for the projects as long as they are published under a Free Software license. In this competition young people can test their skills, learn how to work on a project under a deadline, and most importantly have fun while meeting different people from Europe. Hear all about the competition and how to participate in this lightning talk.",
"description":"I tracked down a four decade old TeX file Knuth used in a lecture from 1981 and restored the printed version.\nOn a whim I tried to find the handout Donald E. Knuth used in an intro course for TeX back in 1981, which I watched on YouTube. After finding a few specific search strings I came across files generated during that course in a big archive of the first Stanford A.I. Laboratory, where I found much more than I had hoped, including all the original TeX files for the course, which can still be processed by TeX today, after some adjustments.",
"liked":true,
"attended":true
},
{
"title":"Synthetic Sentience",
"subtitle":"Can Artificial Intelligence become conscious?",
"description":"Despite the rapid progress of AI capabilities, the core question of Artificial Intelligence seems to be still unanswered: What does it take to create a mind? Let us explore the boundaries of AI: sentience, self awareness, and the possibility of machine consciousness.\nAfter many attempts to build AI models that are smarter than human beings, we find ourselves confronted with a family of surprisingly successful systems that match many of our abilities through text prediction and text/image correlation. The limits of these approaches are presently unclear, and while they work in very different ways than our minds, they pose the question whether consciousness, embodiment and motivation are necessary for achieving general intelligence. What are the differences between human (and animal) minds and the current generation of AI models? When we compare perspectives on mind and consciousness that have been developed in neuroscience, philosophy of mind, theoretical and therapeutic psychology, and numerous cultural traditions, and translate them into the metaphysics and conceptual frameworks of artificial intelligence, we may gain insights into this question.",
"liked":true,
"attended":true
},
{
"title":"Demoscene now and then",
"subtitle":"The demoscene is an underground computer art culture.",
"speakers":["Lord/Spreadpoint"],
"date":"2023-12-28T20:15:00",
"location":"37C3",
"tags":["amiga","art","commodore","demoscene"],
"notes":"This one is good but it felt more like a fever dream.",
"description":"The demoscene is an underground computer art culture. The Speaker is a member of the Demoscene since the 1980ies and gives insights how it is now and how it was back in the days and how you can participate!\nThe term demoscene comes from the word demo, short for demonstration. In the context of the demoscene the word demo means a realtime audiovisual application which is demonstrating the capabilities of the machine it runs on.\nDemosceners (\"sceners\") are what we call the folks with too much free time that abuse their computer skills to create releases under the demoscene.\nDemosceners often use nicknames (\"nicks\" or \"handles\") to identify themselves. They also tend to hang out in so-called demogroups. Some demosceners are active members of multiple demogroups, with or without using the same nickname.\nLet's get one thing clear: the demoscene has no commercial purpose. The only thing you'll get out of the demoscene, and this only comes after investing a significant amount of your free time into it, is a few useful soft skills and a large community of computer nerd friends.\nDemoscene releases are meant to show the limits of the machines, the technical skills and artistic sensibility of the makers. There are no rules to what kind of release you can make on the demoscene. Some demos are made as technical benchmarks, others as conceptual art, most are done just for fun. It is entirely up to you to explore what you like doing and share it with other demosceners.\nDemoscene releases can be divided into certain categories:\nTrack, an audio piece, can be in an executable format, in a tracker module format or in a pre-rendered wav/mp3 format Graphics entry, drawn or rendered images with fixed resolutions and/or a restricted color palette Demo, an audiovisual real-time executable demonstration for a certain platform Intro, typically a demo with file size limitation all packed into a single executable file that includes all the assets (popular size formats are 256bytes, 512bytes, 1kb, 4kb, 8kb, 64kb) Animation, rendered graphics videos Demopack, a collection of demos in a single disk Musicdisk, a collection of demoscene tracks with an executable player interface Diskmag, a collection of texts about the demoscene with an executable graphics interface Wild entry, everything else (including live performances, videos of demos on uncommon platforms, videos about demomaking, etc) Releases typically occur at demoparties, gathering events for demosceners.",
"liked":true,
"attended":true
},
{
"title":"Tor censorship attempts in Russia, Iran, Turkmenistan",
"description":"In December 2021, months before the world watched Russia invade Ukraine, Russia rolled out comprehensive censorship of the Tor network and related Tor protocols. Then in October 2022, the latest wave of protests in Iran saw a huge spike in Tor usage followed by a swift crackdown of the most successful techniques. Meanwhile in 2023, Turkmenistan has blocked popular CDNs like Cloudflare and Akamai, most hosting providers like Hetzner and OVH, and much more.\nOn the depressing side, the global censorship trend continues to gain momentum, with some European countries alarmingly eager to get in on it. But resignation is boring: here we are, a tiny community of activists and relay/bridge operators around the world continuing to provide safe and private internet reachability for hundreds of thousands of people who are trying to be human beings under authoritarian regimes.\nWe will walk through \\*how\\* each of these countries deployed their Tor blocks, and what changes we made to let citizens continue to reach the Tor network. Looking at each case study through a Tor lens will let us compare/contrast the censorship attempts from each country, discuss future ideas for how to make sure the bytes can keep flowing, and talk through the political impacts.",
"liked":true,
"attended":true
},
{
"title":"Formalizing mathematics in the proof assistant Agda",
"description":"Some day, computers will help working mathematicians of all disciplines in finding and checking proofs. It will feel easy, effortless and natural. Computers might even surpass us, creating a new exciting niche for mathematicians: understanding the mathematical advances put forward by computers. The univalent foundations program by the late Vladimir Voevodsky was an important step towards this vision. However, we aren't there yet.\nStill even the current generation of theorem provers is very exciting. It's fun to talk the computer into accepting our proofs, and invariably we learn something about our proofs in the process.\nIn this workshop, we'll cover the basics of Agda, one of the well-known proof assistants. The workshop will start as a guided tour. You belong to the target audience iff you have some experience in writing down mathematical proofs, for instance if at some point you proved Gauß's sum formula using induction. Knowledge of Haskell is beneficiary (modulo syntax, Agda is a superset of a subset of Haskell), but not required.\nYou don't need to install Agda beforehand, we will use the online version at https://agdapad.quasicoherent.io/.\nLiterature: https://plfa.github.io/\nNote to other people planning self-organized sessions: We don't actually need the full size of Saal D. A room with about 20 seats is sufficient. On Day 0, we will scout the building for alternative options.",
"liked":true,
"attended":true
},
{
"title":"About Gamma-Ray Bursts And Boats",
"subtitle":"What We (Don't) Know About the Most Energetic Events in the Universe",
"description":"In October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?\nGamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light.\nIn October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the 'Brightest of All Time,' or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one?\nUsing the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches.",
"attended":true
},
{
"title":"How Many Planets in Our Solar System? Glad You Asked!",
"subtitle":"How Astronomy Knew 6 Planets, Then Found 20 More, Then Went Back To 8 (For Now)",
"description":"The Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!\nIn antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn - but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals.\nIn this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine.\nFind out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System?",
"attended":true
},
{
"title":"How to build a submarine and survive",
"subtitle":"Wie wir mit begrenzten Mitteln ein U-Boot gebaut haben und was ihr draus lernen könnt.",
"speakers":["Elias","quirsh"],
"date":"2023-12-29T21:45:00",
"location":"37C3",
"tags":["engineering"],
"notes":"This one was as funny as it was insightful.",
"description":"3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen.\nWir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.\nDie einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt.\nWas gibt es bei der Wahl eines geeigneten Drucktanks zu beachten?\nWie lässt sich eine wasserdichte Luke konstruieren?\nDrahtlose Unterwasserkommunikation mittels Ultraschall?\nWie bauen wir Redundanz in die Systeme ein?\nWie werden wir das CO2 los, um nicht zu ersticken?\nWarum sind auf einmal Risse in den Scheiben?\nWas tun, wenn nichts mehr geht?\nUnd was, wenn dann auch noch die Polizei kommt?\nIn dem Vortrag geht es nicht um Problem anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln.\nMit Fotos von Selene Magnolia",
"description":"This talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.\nDuring the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.\nThis talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.\nThe talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.\nThe final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.\nThis talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.",
"description":"Do you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner. \nThe Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way. Based on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives. The aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.",
"attended":true
},
{
"title":"From Hacker to Furry - Why cat ears are just the beginning",
"speakers":["CheetahSpottycat"],
"date":"2023-12-30T00:15:00",
"location":"37C3",
"tags":["furries","hacking-lore"],
"notes":"This talk was extremely good, I didn't expect such an experience.",
"description":"The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries.",
"liked":true,
"attended":true
},
{
"title":"Science-based psychedelic pharmacology",
"subtitle":"Recreational harm reduction",
"speakers":["hummuscience"],
"date":"2023-12-30T16:00:00",
"location":"37C3",
"tags":["psychedelics"],
"notes":"Most of the information from the slides comes from PsychonautWiki.",
"description":"I know we are all experts... But are we really? Most of our knowledge about mental enhancement comes from experience, friends or social context. Some of it is true, some of it is not. In this workshop we will try to go through some of the common myths and misconceptions in recreational contexts. Safety and Common mistakes. Backed by science 🤓! Let's make our spaces safer, for ourselves and our surroundings ❤️ This is not a Nootropic talk.",
"liked":true,
"attended":true
},
{
"title":"10 Tips for failing badly at Microservices",
"description":"Microservices are just a bunch hip new framework plus some AngularJS frontend or React, right? So, if you want to make sure that you absolutely and definitely fail at your Microservice project, then watch this talk and learn how. Using real world experience from multiple green field and brown field projects, I can show you: - how to ignore the mandatory organizational impact - how to focus on the code only without any regard towards ops and testing - continuous deployment is for losers. Real projects use their meat cloud for delivery - jumping onto every new and untested framework is a must - EventSourcing and CQRS are both free lunches. So, you can add complexity without any real need - ...and more. If you mind my tips, then surely you will fail at Microservices and your boss will never again try to move away from your beloved vintage monolith.",
"description":"An exploration from the chips on the PCB to how Linux makes the phone work. We'll go into how the hardware and the Linux device tree files are connected, how the different chips communicate, etc. Things I wish I had learned years ago!",
"description":"In this presentation, we'll take a detailed look at how Quarkus approaches native compilation, highlighting what sets it apart from other frameworks. We'll start with an overview of Quarkus and its native compilation, then dive into the specific decisions made during the compilation process, explaining the reasons behind each choice. Finally we will go through parts of the Quarkus code to show how these decisions are practically implemented and how they benefit users.",
"description":"Since Oracle began developing updates for the JDK with the JDK 7 Updates Project in 2011, a lot has happened in the OpenJDK community. The development processes have been constantly adapted, so that today the changes to the updates begin their journey as pull requests on GitHub. But what happens next with the changes? In this lecture we'll take a look at how it all began and how the development of JDK updates works in practice today.",
"description":"I would like to present the current state of the upcoming Apache Maven Version 4.0.0 development. The intention is to summarize the most important changes and get an overview for the audience. Also the different improvements for the future Apache Maven 4.0.0 release. Things like Consumer/Build pom. Improvements for the reactor. Version handling and improvement for better CI/CD support. Furthermore the improvements related to bom packaging and enhancements for support of different pom formats etc.",
"liked":true,
"attended":true
},
{
"title":"Copyleft and the GPL: Finding the Path Forward to Defend our Software Right to Repair",
"description":"Since 1987, Copyleft licensing has been the primary strategy of the FOSS community to guarantee users' rights to copy, share, modify, redistribute, and reinstall modified versions of their software. In our earliest days, we naïvely thought that the GPL would work like magic pixie dust; we'd sprinkle it on our code, and our code would remain free as in freedom. The reality check that we've received over the last 35 years has been painful on this issue. While this talk will cover the few huge successes in copyleft enforcement that have lead to real improvements to the rights and freedoms of users, we'll also face frankly the compromises made and false paths taken in the earliest days, that have now led to a simple but unfortunate fact: almost every Linux-based device for sale on the market today does not comply with Linux's license (the GPLv2). This talk will not only discuss the primary past GPL enforcement efforts around the world, but also provide a whirlwind tour of how copyleft came to work in practice, how we wished it had worked, and discuss ideas, suggestions, and plans for the future strategies in copyleft that, informed by this history, are our best hope for software freedom and rights.",
"description":"Software development is one large puzzle – how do I make my computer do this task, using that software, or this language. Luckily, we can search for the answer to our problems on sites like Google and StackOverflow. Magicians can't. The secrets to magic aren't readily available in any format, making study and search very difficult. In this talk-come-magic show, the speaker, who is also a magician, discusses some of the history of secrets and magic, and covers the problems of creating searchable taxonomies for magic, the cases of IP law which have surprising parallels to software, and even performs a few routines to keep you on your toes!",
"description":"Have you ever wondered how terminal user interface applications are built? Join me in this talk as we explore Ratatouille which aims to provide a wide range of widgets to make it possible to design beautiful interfaces and push the limits of the terminal using Rust.",
"description":"The story of QUBIK, an OpenSource/OpenHardware PocketQube satellite. Ηow it came to be, challenges faced, its mission in space and its ongoing development as an experimentation and educational platform",
"liked":true,
"attended":true
},
{
"title":"A satellite's final safehouse: The deployer",
"description":"What happens after a rocket achieves orbit? How does a satellite stay safe during launch and what happens after they leave their final home, right before starting their mission in orbit? The answer is revealed during this talk. PICOBUS, developed by the Libre Space Foundation, is an 8p PocketQube satellite deployer. It's a groundbreaking open-source deployer capable of storing and deploying up to 8 PocketQube Units while in orbit. The first PICOBUS deployer was manufactured to fly onboard the maiden flight of Firefly Aerospace's Alpha rocket, carrying two sets of QUBIK satellites, which are our very own open-source PocketQube satellites. The first launch faced a setback with an explosion shortly after liftoff, posing a threat to our deployer and satellites. However, an interesting turn of events followed! This will be discussed during this talk.",
"description":"Git has been the de-facto version control system used by nearly every developer in the world for almost a decade now. While most of us know the basics, there are depths and hidden valleys of our Git tooling that even the most experienced of us may have never even heard of. Join Scott Chacon, a GitHub co-founder and the author of Pro Git, to dig into the hidden depths of obscure command line invocations to get more out of the amazing tool you use every day.",
"description":"Since Darcs, Git and Mercurial were published 15 years ago as the first generation of distributed version control systems, distributed computing has seen exciting progress, in particular with mathematical formalisations of ideal distributed datastructures (CRDTs for example).In this talk, I'll show our work on Pijul, a version control system with sound mathematical properties, making it easy and intuitive to use for non-coders, as well as scalable to arbitrarily large monorepos and binary files. I'll explain how the core datastructures were found rather than designed, why we had to write a new open source key-value store to fork tables efficiently (zero-copy forks), and how that key-value store ended up breaking performance records.",
"description":"In 2023, the NetBSD project celebrated 30 years since its first release, 0.8. Now, four years after NetBSD 9, NetBSD 10 brings a huge number of changes and improvements. This talk will dive into the most important new features of NetBSD 10, such as performance and security improvements, expanded CPU and GPU support, improved virtualization and more! But over all this, the question remains: how relevant is NetBSD these days? There is a small but friendly, and tight-knit community of users and developers. The focus on portability and cleanliness provides a good system for both beginners and tinkerers, but also a rock-solid server or workstation system. We will go over some cool use cases and show ways that you can get involved.",
"liked":true,
"attended":true
},
{
"title":"Getting to Know the Linux Kernel: A Beginner's Guide ",
"description":"Getting to Know the Linux Kernel: A Beginner's Guide offers a comprehensive overview of the Linux kernel and its open source community. The talk covers the essential aspects of the Linux kernel, including its role as the core component of the Linux operating system, its structure and architecture, and the development process. This presentation will take a closer look at the design of the Linux kernel, including how it is structured, how it can be modified, and how it manages resources",
"liked":true,
"attended":false
},
{
"title":"OpenJDK Project Wakefield : The Wayland Desktop for JDK on Linux",
"speakers":["Aleksei Ushakov","Phil Race","Niels De Graef"],
"description":"Getting to Know the Linux Kernel: A Beginner's Guide offers a comprehensive overview of the Linux kernel and its open source community. The talk covers the essential aspects of the Linux kernel, including its role as the core component of the Linux operating system, its structure and architecture, and the development process. This presentation will take a closer look at the design of the Linux kernel, including how it is structured, how it can be modified, and how it manages resources",
"description":"Everyone uses curl, the swiss army knife of Internet transfers. Earlier this year we celebrated curl's 25th birthday, and while this tool has provided a solid set of command line options for decades, new ones are added over time This talk is a look at some of the most powerful and interesting additions to curl done in recent years. The perhaps lesser known curl tricks that might enrich your command lines, extend your tool belt and make you more productive. Also trurl, the recently created companion tool for URL manipulations you maybe did not realize you want.",
"description":"Bootloaders are one of the biggest pain points when it comes to booting upstream Linux on Qualcomm devices, they require that distros support 5 versions of the Android boot image header, weird non-standard devicetree properties, and are generally a huge headache. As modifying the bootloader is out of the question, we can at least replace the environment it gives us with a more sensible one...In this talk, I'll give a brief introduction to what an EFI bootloader actually is, how they work, and how U-Boot fits into the picture as a second-stage bootloader. I'll cover the work I've been doing to improve Qualcomm support in upstream U-Boot, and how we can drastically lower the barrier of entry for distro support on Qualcomm phones.Lastly, I'll go over the new process for porting a Qualcomm SoC to U-Boot, and demo booting Linux with EFI runtime support on a Qualcomm phone.I'll also give a sneak peak at what would be possible if we had greater ownership of our devices.",
"description":"Okay, this Linux on Phones thing ... but it has no apps, right? It has apps - Sailfish OS and Ubuntu Touch have dedicated app stores, and the newer projects also have many well working apps.This talk attempts to cover it all - from frameworks to metadata, stengths, weaknesses, highlights, difficulties and gaps.",
"description":"Discover the secrets of PineTime ⌚ and InfiniTime, the smartwatch and its open-source operating system. Learn how to begin hacking, enhance its capabilities with Ubuntu Touch, and understand the coexistence of various mobile ecosystems. Explore the synergy between hardware hacking and 📱 mobile development.",
"description":"Mobile Linux is no longer a new thing, and we reached a point where many users daily drive Linux-based phones, which are getting more usable over time. Despite being a significant improvement, there are still a lot of challenges to overcome and many more problems to solve.This talk will highlight the progress and latest developments in Mobian, emphasizing the specific community-wide issues those try to address. We will also present and discuss our plans for the foreseeable future, as well as the improvements we're contributing to the wider ecosystem in the process.",
"liked":true,
"attended":true
},
{
"title":"I want my own cellular network! Having fun with LTE networks and Open5Gs.",
"description":"Have you ever wondered how your cellphone actually works? Yes, there are cell towers, big antennas, huge buildings with lots of cables inside. But what is the magic that makes everything work every day on a million user scale? This talk aims to keep a less theoretical and more pragmatic approach, explaining the practical aspects of LTE networks. The presentation will begin with an overview of specific binary protocols, detailing some of the main network functions, and eventually delving into the key role of both DNS servers and Diameter protocol. Hopefully, at the end, everybody should be able to go home and fire up their own personal LTE network in a box with Open5Gs open-source core implementation.",
"description":"In 2023 I built an all grain brewing system for making beer following plans from The Electric Brewery. Unfortunately their plans for electrical control systems are labor intensive, expensive, and lack network connectivity. In this talk, I'll give an overview of all-grain brewing, an introduction to the ESP32 microcontroller, and a deep dive into building an inexpensive and internet connected brewery controller with ESPHome and Home Assistant.",
"liked":true,
"attended":true
},
{
"title":"DNS for I2P: Distributed Network without Central Authority",
"description":"A fully distributed network does not have - by definition - a central authority. Nevertheless overlay networks, like I2P (Invisible Internet Project) do have the need for a DNS. Also, by definition, there is nothing like trust between peers of such a network. Typically such a problem might be solved using a distributed storage layer driven by a byzantine fault tolerant consensus algorithm.After the first prototype in 2022 (presented at FOSDEM 2023) the project has improved and a new version of the storage layer and also the DNS logic is available for FOSDEM 2024.",
"description":"In this talk, I'll present Sequoia's architecture (library first), our design philosophy (usable, low-level, unopinionated interfaces, which are secure by default and are complemented by high-level opinionated interfaces), and the status of the project (we released 1.0 of our low-level library in December 2020, and are currently working towards 1.0 releases of our higher-level libraries and services).",
"description":"Daniel has taken the curl project to run in some 20 billion installations. He talks about what it takes to succeed with Open Source: patience, time, ups and downs, cooperation, fighting your impostor syndrome - all while having fun. There's no genius or magic trick behind successful open source. You can do it. The talk will of course be spiced up with anecdotes, experiences and stories from Daniel's 25 years of leading the curl project.",
"description":"One of the greatest strengths of GCC is the sheer volume of architectures which it can target, many of which are niche or legacy platforms. But how has this support translated into real-world utility? How well are some of these platforms still supported? Using the Sega Dreamcast and its SH4 CPU as a case-study, we take a look at just how far GCC is allowing its homebrew community to take the platform, providing modern C23, C++23, Objective-C, D, and even some Rust to the 1990s game console.",
"description":"Discover the opportunity in retrogaming with the Game boy Advance, from homebrew to how to do a game in pure Lua (yes I am not joking) or to make a trainer to a Lua script in the emulator. The GBA is a particular device, compared to the Game boy Color, which allows many more things for the world of homebrew and retrogaming by exploiting current technologies. We will see the technical peculiarities, the most famous decompilations, how to manipulate RAM with an emulator, how to make a ROM in Lua, how to make a trainer, the most common hardware mods, how to make a Lua script for Mgba with Lua and much more. In short, everything you need to know about the GBA even if you don't understand anything about Assembly!",
"description":"Modos is an open-hardware and open-source company, building an ecosystem of E Ink devices to reimagine personal computing with a focus on creating calm, inclusive, and humane technology. In this talk, we will briefly discuss the underlying technology, present findings from our community survey, and the challenges faced while developing our display controller and chassis. We will also outline our next steps and future direction.",
"description":"This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on. They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight. I spend time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from this. I show the dangers of Social engineering and how even an employee with no SE experience can be an eBay James Bond which can cause total financial ruin to a company. These Security threats are real. So are these stories!",
"liked":true,
"attended":false
},
{
"title":"Spoofing Emails From 2M+ Domains & Virtually Becoming Satan",
"description":"Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox? Do you dislike Boston (the city) and love Satan? If you answered yes to any of those questions you should come to this talk!",
"liked":true,
"attended":false
},
{
"title":"War Stories - The Risks of Pointing Out the Emperor is Buck Naked",
"description":"This talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes.",
"liked":true,
"attended":false
},
{
"title":"War Stories - Tracking the Worlds Dumbest Cyber Mercenaries",
"description":"For the last 6 years my colleagues and I have been tracking the activities of the cyber-mercenaries we call Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain crucial insights into their activities and victims. In this talk we will discuss the story of Dark Caracal, the mistakes they have made, and how they have managed to remain effective despite quite possibly being the dumbest APT to ever exist.",
"description":"Who likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course! In this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.",
"description":"The D programming language has been quietly growing for well over two decades. This modern programming language supports multiple programming paradigms, a range of memory safety features, and an ecosystem with 3 open source compilers. So why should an open source developer consider learning or using the D programming language? In this talk I will show examples of how D has replaced all of my Python code for my projects, and why I think D truly is a language that allows you to write fast, read fast, and run fast code. I will introduce the language, several of my favorite productivity features, and tools in the D programming language ecosystem. Throughout the talk, the audience will also be pointed to several open source tools written in the D language to be inspired from. Audience members looking for a new language to learn, or otherwise the programming language enthusiast may also benefit from a tour of the D language and its features.",
"description":"The GnuCOBOL project, as an open-source solution, has recently achieved industrial maturity, positioning itself as a serious contender against proprietary offerings. This presentation will explore the advancements and significant developments that have propelled GnuCOBOL to a level of stability, performance, and features that rival existing proprietary solutions. We will delve into the characteristics that have contributed to this maturity, highlighting the flexibility, reliability, and accessibility of the COBOL language in an open-source context. By showcasing real-world use cases and examples of success, we will demonstrate how GnuCOBOL meets industrial needs while providing a free and ethical alternative.",
"description":"Through open source and open data, Open Food Facts is transforming our food system! In this talk, we'll dive into how Open Food Facts is helping reshape the food system to reduce its impacts on health and the environment. We'll go through how Open Food Facts helps create a treasure trove of information, and turn it into actionable data for consumers, researchers and policy makers. We'll explore how citizens and consumers are using this database to make smarter, healthier food choices, steering the food industry towards a more transparent and sustainable future.",
"description":"During the past few years, many people have started to use virtualized eSIMs instead of the classic physical chip card SIMs. Behind the scenes, a rather complex universe of protocols, interfaces, cryptographic operations, trust models and business processes are in operation to make this work. However, like many aspects of cellular technology, the knowledge of the technology behind it is not widely understood. - despite its ferquent use by a large user base. This talk aims to change that, as far as possible in a 45minutes introductory talk.",
"liked":true,
"attended":true
},
{
"title":"Do we need Taler or does Taler need us ?",
"description":"As dystopia seems just around the corner with state control and surveillance capitalism wanting to finish closing down on us, GNU Taler might be one of the (hopefully many) reasons to hope that our dreams may soon bring bits of lovable reality. With 2 upcoming Swiss deployments, real payments with Taler will finally be available this coming winter. As online solution for Basel local currency and a few months later as online payment in Swiss Francs. That means privacy preserving online payment that doesn't foster illegal activities and micro-payments both become accessible. ",
"liked":true,
"attended":true
},
{
"title":"A brief history of the '90's Crypto Wars",
"description":"The '90s (and leading up to it) were a time of uncertainty for many a hacker and phreak. When Bill Clinton came to office the fighting behind the scenes for privacy, and encryption, came to the fore thanks to the widespread availability of Pretty Good Privacy, among other tings. Let's talk about Clipper, ITAR, and multi-year legal bills brought about by a group of beauraucrats",
"liked":true,
"attended":true
},
{
"title":"Cosmic Connectivity: Starlink, Satellite Swarms, and the Hackers' Final Frontier",
"description":"In this session, we will journey into the fascinating world of satellite constellations, focusing on SpaceX's Starlink, Amazon's Project Kuiper, and other key players aiming to democratize internet access on a global scale. The audience can expect to gain a solid understanding of the underlying technical aspects, as well as insight into the broader implications and challenges these ambitious projects present.",
"description":"Two LibreOffice founders talking about the social and tech aspects, for keeping a 30 year old code base not only alive, but the project & community around it thriving.",
"description":"Security is hard. Modern programming languages help us with memory and type safety, but, even with bleeding edge frameworks and libraries, *getting your crypto right remains hard. We will take a look at recent cryptographic breaks in **Matrix**, **Threema**, **Bridgefy** and **Mega**, explore the modern cryptographic best practices and why they matter, see what makes TLS 1.3 special, and discuss how to get to a more secure world together! This talk is a primer in modern cryptographic best practices, supporting them by examples of recent breaks and vulnerability disclosures. With cryptographic failures showing up every other day in security news, and placing #2 in the OWASP top 10 web application security list, we want to show why apparently innocuous mistakes can make things go disastrously wrong. We plan to dedicate a part of the talk to open discussion, gathering feedback from developers and maintainer of open source cryptography, with the long term plan of building an high-level cryptographic library that should make developing new cryptographic protocols easier and more secure.",
"description":"At Camp2019 some ingenuitive hackers from Milliways and a handful of other villages took the modding tools of OFF GRID and set about building a replica 2019 CCCamp complete with Milliways rocket and big dome! 4 years later CCCamp is back and we thinks it's about time to dust off the mod and get even more villages into the project! This talk will go over the history of the game's development, what is possible with the mod tools we've built, and what our plans are for the future.",
"description":"Building your own hardware to work with 10 Gigabit Ethernet… without access to measurement or simulation equipment. Can the high frequency electronics deities be appeased with some sacrifices? Born from building and tearing down a bunch of fibre for CCC event networks: a pocket tool to help quickly troubleshoot our 10GE connections, and get us out of random square peg, round hole problems. Passive single-port adapters that can read diagnostic information from optical transceivers are common and easy, but how about something with 4 ports and active circuitry?",
"liked":true,
"attended":true
},
{
"title":"Our Time in a Product Review Cabal: And the malware and backdoors that came with it.",
"description":"What did you do during the pandemic? We started a Product Review Cabal. Follow our journey from getting a postcard in a product box to us exhausting all of our many online retailer sock accounts. We’ll teach you how we got free packages nearly every day… **but there’s a catch**. _Most of the products arrive with malware, backdoors, or glaring vulnerabilities_. ",
"description":"The complete story of Project Blinkenlights: achievements, failures, technology and its cultural impact. In 2001, the Chaos Computer Club surprised the world with a simple but impressive interactive light installation on a building in the heart of Berlin: Blinkenlights illuminated 144 windows forming a huge but low-resolution pixel matrix on the facade of House of the Teacher at Alexanderplatz. But this was just the beginning. Much bigger follow-ups took place in Paris and Toronto and in between a lot of other things happenend. This talk shows it all: what worked, what did not work, the good ideas, the bad ideas and all that jazz. This year at Camp, we celebrate Blinkenlights history with another interactive light installation at the Camp.",
"description":"Let's write a GitHub Crawler and let's throw in everything Java (21) has to offer. The end result will look very different from just a few years ago, let alone 10. This is not your dad's Java!",
"liked":true,
"attended":false
},
{
"title":"Design Patterns Revisited in Modern Java",
"description":"Design Patterns are common ways to solve problems that developers have discovered over time. They often fill the gaps between the language capabilities and the design goals. When languages mature, sometimes patterns become natural features of languages and blend in to the natural way of writing code instead of a special effort. Java has evolved significantly over the years. In this session we will revisit some common design problems and see how patterns are realized to solve those problems with the modern capabilities in Java.",
"liked":true,
"attended":false
},
{
"title":"Escaping Developer Nightmares: DORA Edition",
"description":"Have you been working on legacy projects with outdated codebases, less than optimal documentation, and relying on obsolete technologies? Were you told it is gold-plating or simply too much work to fix? Well, you are not alone! This presentation draws from my experiences as a tech lead and software reviewer, highlighting the prevalence and impact of these issues. It also delves into the importance of adopting modern development practices, such as static analysis, CI/CD pipelines, and adherence to DORA principles (dora.dev), to effectively maintain and enhance the quality of legacy code.",
"liked":true,
"attended":false
},
{
"title":"Five things every developer should know about software architecture",
"description":"The software development industry has made huge leaps in recent years, yet software development teams are often more chaotic than they are self-organizing, with the resulting code being more of a mess than was perhaps anticipated. Successful software projects aren't just about good code, and sometimes you need to step away from the IDE for a few moments to see the bigger picture. This aimed at software developers who want to learn more about software architecture, technical leadership and the balance with agility.",
"liked":true,
"attended":false
},
{
"title":"Gaming optimization design patterns you should apply to your web app",
"description":"The gaming industry leads the way when it comes to optimization and user experience. In this talk we will walk through optimization design patterns used in the gaming industry and see how each affects computer hardware like CPU, memory and more. Moreover, we will see how you can be utilize these patterns in your applications today!",
"description":"If you’ve heard about ahead-of-time compilation with GraalVM Native Image and are curious about what that actually looks like in practice, this session is for you! With unbeatable startup time, instant peak performance with no warm up, and low memory and CPU requirements, GraalVM generated native executables are the most efficient way to deploy microservices and other cloud native applications. To demonstrate this, Alina and Shaun will live code their way through a tour of GraalVM Native Image highlighting key features and benefits along the way. You’ll see why Spring Boot, Micronaut, Quarkus, and Helidon have all added out-of-the-box support for building microservices with GraalVM.",
"liked":true,
"attended":false
},
{
"title":"Java Virtual Threads and Pipelining of database operations",
"description":"Operating system threads are expensive. Virtual threads remove the need for reactive programming to scale Java applications. Synchronous database operations block user threads and prevent high scalability. With pipelined database operations, the database call returns immediately, and you can submit other operations, without waiting for previous submissions to finish.",
"description":"Rockstar is an example of an “esoteric language,” designed to be interesting rather than intuitive, efficient or especially functional. Rockstar’s interesting feature is that its programs use the lyrical conventions of eighties rock ballads. Rockstar has been implemented in many languages, but not as a JVM language. This was clearly (clearly!) a gap that needed fixing, so Holly and Hanno have stepped in to make sure us JVM folks aren’t missing out. As a bonus, because “Bon Jova” is a JVM language, it can take advantage of Quarkus-y goodness. Along the way, a lot was learned about eighties music, classloaders, parsing, bytecode manipulation, and the important relationship between language style, syntax, and semantics.",
"description":"The high number of IT security incidents in recent years shows that any institution can be caught out - regardless of whether it is an enterprise, a university, or a hospital. The attackers' methods are often similar and can be prevented by taking appropriate measures. But how exactly does such an attack typically take place? How do I protect my company against it? And what happens if it's too late and an incident response is needed? Which steps do you need to take, and how can you prepare in advance to support the incident responder of your trust?",
"liked":true,
"attended":true
},
{
"title":"How to survive getting DDoSed by Anonymous, Cyberberkut, Killnet and noname057(16) since 2012",
"description":"In this presentation, I will talk about how DDoS attacks were carried out generally in the last 11 years and how they innovated since then; I will also present more specific details about attacks against government websites from bundestag.de in 2012 to ukraine-wiederaufbauen.de and others in February - August 2023. This talk aims to also entertain but mostly educate on how to mitigate current attacks. You can expect technical, not political slides.",
"description":"In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Besides governemental applications, TETRA is also widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.",
"description":"In the past months, we reported vulnerabilities to various companies. In addition, we have alerted over thirty companies that they were currently being hacked. In this presentation, we will share our most interesting anecdotes. Part 1: Your company receives a vulnerability report for free. We will show you how you can still mess it up. Part 2: You hack companies for ransomware groups. We will show you how you can still mess it up.",
"description":"We've all been there, we knocked a company offline while doing some well intended security testing. How many requests per second is considered ethical? How deep into a system can you go, dump the database or not? Reverse shell or touch /tmp/pwned? What are YOUR ethical boundaries?",