Archive for the ‘CCC’ Category

GPN 2014 in Karlsruhe

Monday, June 30th, 2014

The Gulash Programmier Nacht (GPN) took place in Karlsruhe, Germany. The local subsidiary of the Chaos Computer Club organised that event, which apparently took place for the 14th time. So far, I wasn’t able to attend, but this time I made it.

It’s a 200 to 300 people event, focussed at hacking, making, and talks around that. It’s very cosy and somewhat similar to the mrmcds. Most of the talks were held in German, a few in English, but I think that could easily change if there is a demand.

The conference was keynoted by tante, who talked about the political aspects of code and the responsibility every developer has. It was good to hear someone saying that you do create reality for people with the software you write and that you are indeed responsible for the view on the world the users of your software have. There were a few other interesting thoughts and I think I agree with the results of the analysis conducted to a great extent. But I think a few areas are not well covered. For example, he said that you limit the people with your software. I don’t think that’s necessarily true. If you provide your users with enough freedoms, i.e. by choosing a Free Software license, than I don’t think his argument is valid anymore.

On the more funny side, a chemist taught us about chemistry based on the stories of Walter White. It was a funny talk with many interludes of the TV series. She explained what the people in the episodes were doing and how close that is to reality. Turns out, it is quite close and at least stupid mistakes were not done.

We also learned about Perl 6. If you think Perl is ugly, he said, it’s not modern Perl. The new and shiny Perl 6 allows you to write short code while looking nice, he said. He showed some features that make it easy to write command line tools. You can simply declare an argument to your main function and Perl would expose that to the user, e.g. by presenting a help screen. It would also detect the types provided and do some magic fancy stuff like checking whether the provided argument is an existing (or empty) file.

A very interesting talk was given on the Enigma, the German crypto machine. He showed the machine that broke the crypto and now stands in Bletchley Park. He told stories about the development and operation of that machine. Very interesting indeed. Also well done on a technical level, the slides were really well done.

I was invited to give talk on GNOME. As you can see in the video, my battery didn’t even last the full 90 minutes slot I was assigned. Something is certainly wrong, either this Linux thing or my battery. Anyway, the talk itself went very well, and it was particularly well attended for that early slot. I was also positively surprised by the audience asking many questions and while I specifically asked for flames, I didn’t get that many.

(Late) report on 30C3

Friday, January 31st, 2014

Oh, I almost missed to report on this year’s CCCongress, 30C3. The thirtieths CCCongress. It has grown considerably over the last few years. We’ve reached over 9000 visitors whereas we had 4000 a couple of years ago. The new venue in Hamburg is amazing. Despite the impressive number of attendees, it didn’t feel crowded at all. So many nice details made the venue just awesome. It really felt like it was *the* place to be. A rather big detail was the installation of a letter shoot. Yes, a real pneumatic postal delivery system. With routing and all. Just amazing.

That’s pretty much all I have to say. It was, of course, nice to meet so many old friends and people. I couldn’t even say hi to all of the ones I wanted to meet. What follows is a bit of a rundown of some of the talks that I’ve actually seen, hoping you can evaluate whether you want to see any of that yourself.

I was a bit late for the conference, probably one of the first talks I’ve seen was DJB on, guess what, crypto. It even has a reference to Poettering (who I was also able to meet :-) )!

Funnily enough, Nate from the EFF mentioned DJB in his talk on disclosure Dos and Donts. He said that it would be smart to think about how much fuzz one wants to make about a vulnerability at hand. Sure enough, the title needs to be catchy enough for people to notice. If you were DJB, then the lecture hall would be filled even if the title was “DJB has something to say”.

Something that stirred up the community was
Assange’s talk. Apparently sabotaged, the Skype connection wasn’t all too good. But it was also not very interesting. The gist: Sysadmin: Go to the three-letter-agencies and carry out document to become the next Snowden. Good advice.

As for carried out documents, Jake Applebaum presented the NSA’s shopping cart which includes all sorts of scary techniques and technologies. If you have only time to watch one video, make it this one. That’s probably even safer than sitting in the audience. Just after he showed the reconnaissance tools for the investigators to combine various data sources, undoubtedly including cell phone location and people around you, he switched on his cell phone so that the audience would have a connection with him. The one who knows he is being spied on. It was a very emotional talk, too.

Another depressing thing was Jöran talking about the missed (digital) opportunities in education. The most noticeable thing he said was that Apple products are consuming devices only. But the reality is that they make it work 93% of the time as opposed to 90%. But that difference makes teachers use it…

More scary, was the presentation on exploration and exploitation SD card controllers. You’re basically screwed. You have close to no idea what it running on the micro controller on your SD card. And on the various other controllers you carry around. They got themselves access to the chip and were able to flash their own firmware. Doesn’t sound all too exciting, but it is an eye opener that your stupid almost invisible SD card can spy on you.

A strange talk was the one on Digital Bank robberies. There are so many weird details they talk about. They claim to have been called for investigation of a malware that found on ATMs in Brazil. The weirdest thing for me was that the physical damage done to the ATMs went unnoticed. The gangsters needed to install a pendrive so they had to break the case. Which apparently isn’t all too secure. And then they had to make the ATM reboot to boot off the pendrive. Without having to press a key. It is unclear to me whether they could leave the pendrive or not. Apparently they could remove it, because if they couldn’t then the malware could have been found much earlier. But given that the ATMs reboot so easily, it would make sense to install the malware on the ATMs hard drive. In that case they could have spotted the malware rather easily. Anyway, the presenting people were not Brazilian. Why would such a sensitive Brazilian investigation be undertaken by foreigners?

Another interesting, although weirdly presented, talk on X Security was given by Ilja van Sprundel. He looked at X code and identified a good number of easily exploitable bugs. No wonder given that the code is 30 years old… He also mentioned libraries on top of X such as GTK+ or Qt and explained how the security story from GNOME was very different from Qt’s. Essentially: The GNOME guys understood security. Qt didn’t.

On the more fun side, the guys from Ztohoven presented their recent work. They are probably best known for their manipulated video which ran during morning TV shows (IIRC).

In their presentation they talked about their performance for which they obtained numbers from parliamentarians and sent them text messages during a session that was aired live. Quite funny, actually. And the technical details are also interesting.

Another artsy piece is “Do You Think That’s Funny?” (program link) in which the speaker describes the troubles their artistic group had to go through during or after their performances. They did things like vote auction (WP), Alanohof, or AnuScan, and their intention is to make surveillance visible and show how it makes activists censor themselves.

MRMCD2013

Sunday, September 15th, 2013

It’s been a while since I attended the mrmcds. In 2011 the event did not take place and I couldn’t make it the year after. Fortunately, 2013 allowed me to participate and I was heavily surprised by the quality of everything. The (newish) location, the people, the provided catering, the atmosphere, …

wlan stats

The event itself is relatively small. I don’t have numbers but I felt like being surrounded by 100 people. Although the stats about connected devices suggests there were at least twice or thrice as many people present.

trolley

The talks were good, a refreshing mix of technical and non-technical content. With an audience generally inclined to discuss things. That allowed for more lively sessions which create new insights, also for the speakers. My favourite was Akiko talking about her job as air traffic controller. I learned a lot about how the aviation industry is organised how various pieces fit together.

fukami doro

Fukami keynoted the conference and tried to make us aware of our ethics. Surveillance was made by hackers, he said. People like you and me. The exercise for the audience was to further think and conclude that if we didn’t help implementing and deploying surveillance infrastructure, it wouldn’t have gotten that bad. While the talk itself wasn’t too bad, I wonder who the target audience was. If it meant to wake up young hackers who have not yet adjusted their moral compass, it was too weak. The talk didn’t really give advice as to how to handle dubious situations. If it was not meant for those hackers, then why talk about it in a very basic way and not ask hard questions? Anyway, I enjoyed seeing the issue of people’s responsibility coming up and creating a discussion among the hackers.

Enjoy Cock

Mine and Stef’s talk went well, although it was the in the very last slot of the conference. After two long party nights. I barely made it to the talk myself :D We presented new ideas to guide the user when it comes to security critical questions. If you have been to GUADEC, then you haven’t missed much. The talk got a slight new angle though. In case you are interested in the slides, you can find them here.

clocks

The design of the conference was very impressive. The theme was aviation and not only did we have an impressive talk monitor as seen above, we also had trolleys with drinks and food as well as the time for various interesting locations. We also received amazing gadgets like the laser engraved belt made from the typical air plane seatbelt.

As always, parties were had with own DJs, light show, beer straight from the tap, cool people and music. To summarize: I’m glad to have visited a very enjoyable event. It’s a pleasure to be around all those smart hackers and to have inspiring discussions. I’m looking forward to next year.

erklaerbaer

2.9-C/3 – N.O-T/MY(D/E.PA/R.T-ME-N/T.

Tuesday, January 8th, 2013

Just a quick note: 29C3 rocked. Awesome location, awesome people, awesome talks. Very nice indeed.

Very brief thumbs up: Videos were available almost right after the talks. In a stunning quality. Also live streams. How many conferences do you know that do that?

Also, I consider this to be particularly interesting.

Sorry to all those I couldn’t talk to long enough or at all. Hope to see you again next year!

28C3 – Behind enemy lines

Monday, January 16th, 2012

I was lucky enough to get a ticket for the Chaos Communication Congress 2011 in Berlin, Germany. So many people wanted to attend the CCCongress that the tickets were sold out in an instant. But the current location can’t handle more visitors so we’re forced to somehow limit the number of visitors unless the location or the concept of the CCCongress changes. Both options don’t sound really inviting, but refusing people to come isn’t fun either. So we’ll see what the future brings.

But I’d like to raise the point that the CCCongress is very much an event made by the people, i.e. the participants. It’s not that there is an overly mighty set of people who decide everything and are responsible for having a great event. It’s everybody that is responsible for helping out if somethings need to be done, contributing ideas, talks, workshop, etc. It’s rather a place where you play a part by helping physically and paying a fraction of the cost to have a good time. That means that you can’t make a CCCongress by paying the entrance fee only. It’s not a show for your entertainment. Hence you can’t have expectations that somebody has to do things for you. This applies to things you don’t like, too. If you don’t like stuff that is happening, stand up and change it. Don’t sit and complain. This especially applies to things like sexism or other politically incorrect things. There is no personnel being obliged to do anything. It’s all our big party and you’re supposed to contribute yourself to make it great. I mention this, because there were complaints about supposedly right-wing people being present but nobody did anything.

Many people go to the CCCongress for the talks. And well, I didn’t really managed to watch many of them, but the following make a list of notable talks, because they were in some ways, say, “interesting”.

But you can have very good talks as well. For example

A very big applause needs to be given to the video team. It’s just amazing that the recordings were available within a few days. I just envy those guys for rocking so hard.

Now it’s time for a shameless plug: As I want to watch the recordings of this CCCongress and I know that I won’t do it myself, because the last years proof that I don’t watch the videos anyway, I’ll publicly show two videos of the recordings every Wednesday in the local Chaos Computer Club. So if your disk is filling up with videos that you wanted to watch but never will, feel free to show up on the “Chaotic Congress Cinema“. Funny thing is, that there are 100 videos recorded and if we watch 2 videos every week, we’d finish all of them within the year :-)

CCCamp 2011

Wednesday, October 12th, 2011


It happened again! The Chaos Communication Camp took place a couple of weeks ago near Berlin. I was all excited to go although I had to miss the last days of the Desktop Summit.

The weather was mostly nice and the atmosphere, especially at night, was really fantastic. Everybody was really nice and there was so much creativity all over the venue that it was really hard to not start to make or hack on something.

While it had many very interesting things to be seen, I think to most amazing machine on the ground was a “Crepes printer”. Some austrian dude built a machine which would make you a fresh crepe. Including some chocolate sauce! Just right next the that were some friends that intend to launch a sattelite and already had their radio equipment ready. With their massive antenna they spoke to the moon and measured the reflections coming back.

The participants also got a fancy badge called “r0ket“. It’s an amazing device and people did awesome stuff with it immediately. Given the presence of 3D printers and lasercutters, people added all sorts of extensions to the r0ket. But some enhanced their r0ket with good old knitting goodness.

The whole CCCamp, taking place on an old russian airbase, was themed very aeronautical so everything was somehow related to space travel or rocket science. It also had many talks on those subjects which I didn’t attend a lot. I was too busy hacking or socialising.

You can only see a tiny fraction of the many artisty stuff it had on the ground. But you do see an old MIG which got pwned along with a spacy car. He got trolled quite well, I’d say but decide for yourself:

You can try to grasp the atmosphere by looking at these areal shots:

You can see some more pictures and press articles in the CCCamp Wiki. The next Camp will be “Observe. Hack. Make. 2013.” and I’m very much looking forward to attend it.

GNOME 3 Launch Party in Hamburg

Tuesday, March 29th, 2011

For the new GNOME-3 love we will have a release party in Hamburg, just as many places over Germany and the whole world!

If you want to join the fun, be in the Attraktor, the local hackerspace. The address is Mexikoring 21, 22999 Hamburg, Germany, Europe, Earth, Solarsystem. Find more detailed instruction on how to get there here. The party starts on Friday, 2011-04-08, at 18:00 and runs open end.

We have a page in the local wiki to describe the event and further planning will take place there: http://wiki.attraktor.org/Termin:GNOME-3-Launch-Party. As for the program: We intend to have a small introductory talk to show off what new user experience GNOME-3 will bring to the people. Afterwards, we will distribute GNOME-3 images to be put on pendrives to be able try GNOME-3. Finally, we’ll sit around, have some beers and snacks and discuss about the new and shiny GNOME :-)

Besides the GNOME-3 images, we’ll have GNOME-3 goodies to give away! Thanks a lot to the GNOME Foundation making that possible! So show up early to claim your goodies!

So I expect you to be there :-)

mrmcd1001b Impressions

Wednesday, September 8th, 2010

I had the pleasure to be invited to the MetaRheinMain ChaosDays 1001b (mrmcd1001b) in Darmstadt. This years motto was “Beyond Science Fiction” and ~250 people gathered together to discuss “Society and Technology in 20th century fiction and 21th century reality”.  

The presented talks were mostly interesting, although I didn’t attend that many. I spent most of the time talking to people or giving (two) talks myself: Security in Mobile Devices and Virtualised USB Fuzzing.

The first one went as expected and I think the attendees enjoyed it very much. Again, talking about technical details that a buffer overflow on x86 involves is not that much fun but I think it went at least alrightish. Slides can be found here.

The second talk was kind of a rehearsal for my final thesis presentation. So I took the chance to prepare myself for Dublin and present brand new stuff^tm. I started off crashing a Linux PC with my N900 and went then to the talk. It was a bit confusing, I guess. But in fairness: It was very late in every sense of the word ;-) But I got positive feedback nonetheless so it’s better if you make up your own mind with the slides. Although I don’t think the slides alone are that interesting.

For some reason, people were interested in the commands that I’ve used for the demo:

  1. Boot Ubuntu
    /opt/muelli/qemu/bin/qemu-system-x86_64 -enable-kvm -hda ubuntu.img -cdrom ~/ISOs/ubuntu-10.04.1-desktop-amd64.iso -monitor stdio -serial vc -m 1G -loadvm 1
  2. Setup Filter
  3. usb_filter_setup /tmp/filter
    export PYTHONPATH=~/hg/scapy-com/
    python recordingfilter.py /tmp/filter /tmp/phonet.dump

  4. Attach device
  5. info usbhost
    usb_add host:0421:01c8
    sudo chown muelli /dev/bus/usb/002/004

    usb_filter_remove
    usb_del 0.2

  6. Replay
  7. usb_add emul:full:/tmp/filter
    cat /tmp/filter.in &
    cat /tmp/phonet.dump.out > /tmp/filter.out

    usb_del 0.0
    kill %%

  8. Fuzz (didn’t really work because of a Heisenbug)
  9. python emulator.py --relaxed /tmp/filter /tmp/phonet.dump.combined
    python fuzzingemulator.py /tmp/filter webcam.dump
    usb_del 0.0

  10. Fully Virtualise

  11. usb_add emul:full:/tmp/filter
    python usbmachine.py /tmp/filter.in /tmp/filter.out
    usb-devices

Chaos BBQ 2010

Tuesday, July 20th, 2010

Over the weekend, I had the opportunity to attend ChaosBBQ in Dortmund, Germany. It’s a small yet interesting gathering of hackers and it is a very relaxed conferency happening. With a BBQ ;-)

This years motto was “contruct, desctruct!” and I was more on the destructing side: I presented two topics: Security in Mobile Devices and a Magnetic Stripe Card workshop.

The Security in Mobile Devices talk went quite well and I think I encouraged people to start hacking their devices :) It’s funny though: I almost see blood coming out of the people ears when I go through the very technical part about buffer overflows. 2/3 seems to be bored or overwhelmed. The other 1/3 seems to be very interested and crave for more details. But I get everybody back when I have more pictures and videos about funny exploits and when I’m able to slander about Apple ;-) Again, I talked about a mixture of Hardware and Platform security and gave examples of previous hacks and how to actually start breaking your gadget.

The magnet card workshop was interesting, too. I presented how magnetic stripe technology actually works. And because we were curious hackers, we explored how it’s been used and how we can hack stuff. I told a few warstories that will hopefully be able to expand on in the future (although I don’t know whether DCU will like it ;-) ). Since it was more of a workshop, people contributed with technical details (thx to the guys from das Labor :-) ) or other interesting facts.

I had a nice weekend in Dortmund and I can recommend attending the ChaosBBQ if you’re looking for a tiny yet open gathering of interested geeks and hackers.

CfP Easterhegg 10 in Muenchen

Sunday, January 31st, 2010

Ein neues Jahr, eine neues Eaterhegg :-) Dieses Mal in Muenchen vom 2010-04-02 bis 2010-04-05.

Es folgt eine Kopierpaste des originalen CfP:

Was ist das Easterhegg?

Das Easterhegg ist das Oster- und Familientreffen des Chaos Computer Clubs und seiner Freunde. Im Jahr 2010 will der µCCC auf der Flucht vor langweiligen Familienfesten kreatives Asyl im familiaeren Kreise Gleichgesinnter bieten. So wird zum Fest nach Muenchen eingeladen, aber nicht nur das: Bei diesem Fest geht es aber auch darum, konkret an Dingen zu basteln und auch darum, immer ein paar Ecken weiterzudenken.

Erfahrungsgemaess werden in den Workshops sowohl sehr technische, als auch immer haeufiger gesellschaftspolitische Themen behandelt. Gefreut wird sich also ueber skurrile Softwarebastelleien, handgreifliche Loetorgien, Aufdeckung von Verschwoerungungen und spontane Realisierungen einer Utopie – oder auch nur Vorschlaege dazu.
Gern gesehen sind aber auch andere Themen, die bewegen und von denen Ihr denkt, dass sie fuer einige Teilnehmer anregend und spannend sind.

Wann und Wo?

Von Karfreitag 02.04.2010 bis Ostermontag 05.04.2010 im  EineWeltHaus  Muenchen Schwanthalerstr. 80 80336 Muenchen bei 48.156582,11.543541.

Einreichungen

Es wird darum gebeten, das Pentabarf zu nutzen: https://cccv.pentabarf.org/submission/EH2010/
Im Anschluss an die Veranstaltung moechten die Folien unter einer freien Lizenz veroeffentlicht werden. Als Richtwert wird fuer Vortraege ca. eine Stunde, fuer Workshops ca. drei Stunden vorgegeben. Alle Zeiten sind frei veraenderbar. Es gilt: Wuensche bitte bei der Einreichung angeben, um einen reibungslosen Ablauf zu gewaehrleisten.

Wir moechten wissen…

…worum es in deinem Workshop/Vortrag geht
…warum du dich mit dem Thema beschaeftigst
…wieso das Thema fuer unsere Besucher interessant ist
…wieviel Zeit Du fuer Deine Veranstaltung gerne haettest
…und was du sonst noch benoetigst (Beamer, Netz, Mobiliar)

Einsendeschluss ist der 21. Februar 2010

Ich glaube, ich werde etwas zu Krypto, Buffer Overflows und Mobile Security machen. Mal gucken :-)