{"acronym":"38c3","aspect_ratio":"16:9","updated_at":"2026-04-03T23:30:08.469+02:00","title":"38C3: Illegal Instructions","schedule_url":"","slug":"congress/2024","event_last_released_at":"2025-03-17T00:00:00.000+01:00","link":"https://events.ccc.de/congress/2024/","description":"The 38th Chaos Communication Congress (38C3) takes place in Hamburg, 27.-30.12.2024, and is the 2024 edition of the annual four-day conference on technology, society and utopia organised by the Chaos Computer Club (CCC) and volunteers. Congress offers lectures and workshops and various events on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society.","webgen_location":"congress/2024","logo_url":"https://static.media.ccc.de/media/congress/2024/logo.svg","images_url":"https://static.media.ccc.de/media/congress/2024","recordings_url":"https://cdn.media.ccc.de/congress/2024","url":"https://api.media.ccc.de/public/conferences/38c3","events":[{"guid":"ab0f568d-dd61-59e6-b264-8f44a4b32ff3","title":"Going Long! Sending weird signals over long haul optical networks","subtitle":null,"slug":"38c3-going-long-sending-weird-signals-over-long-haul-optical-networks","link":"https://events.ccc.de/congress/2024/hub/event/going-long-sending-weird-signals-over-long-haul-optical-networks/","description":"Computer network operators depend on optical transmission everywhere as it is what glues together our interconnected world. But most of the industry is running the same kinds of signals down the optical transceivers.\n\nAs part of my need to \"Trust, but verify\" I wanted to check my assumptions on how the business end of modern optical modules worked, so join me in a adventure of sending weird signals many kilometres, and maybe set some records for the most wasteful bandwidth utilisation of optical spectrum in 2024!\n\nComputer network operators depend on optical stuff everywhere as it is what glues together our interconnected world. But most of the industry is running the same kinds of signals down the optical transceivers.\n\nAs part of my need to \"Trust, but verify\" I wanted to check my assumptions on how the business end of modern optical modules worked, so join me in a adventure of sending weird signals many kilometres, and maybe set some records for the most wasteful bandwidth utilisation of optical spectrum in 2024!\n\nIn this talk we will cover the basis of optical networks, how it fits in with networking, some of the weird things pluggable optics do, the perhaps odd industry defacto standards, and bending the intended use cases of existing tech to make signals that would would deeply probably confuse a modest signals intelligence agency\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Ben Cartwright-Cox"],"tags":["38c3","276","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":5037,"promoted":false,"date":"2024-12-30T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:45:05.001+02:00","length":2175,"duration":2175,"thumb_url":"https://static.media.ccc.de/media/congress/2024/276-ab0f568d-dd61-59e6-b264-8f44a4b32ff3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/276-ab0f568d-dd61-59e6-b264-8f44a4b32ff3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/276-ab0f568d-dd61-59e6-b264-8f44a4b32ff3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/276-ab0f568d-dd61-59e6-b264-8f44a4b32ff3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-going-long-sending-weird-signals-over-long-haul-optical-networks","url":"https://api.media.ccc.de/public/events/ab0f568d-dd61-59e6-b264-8f44a4b32ff3","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"78910469-adfa-5c79-8529-1a9d66ef9e6a","title":"BioTerrorism Will Save Your Life with the 4 Thieves Vinegar Collective","subtitle":"","slug":"38c3-bioterrorism-will-save-your-life-with-the-4-thieves-vinegar-collective","link":"https://events.ccc.de/congress/2024/hub/event/bioterrorism-will-save-your-life-with-the-4-thieves-vinegar-collective/","description":"Governments have criminalized the practice of managing your own health. Despite the fact that for most of human history bodily autonomy, and self-managed health was the norm, it is now required that most aspects of your health must be mediated by an institution deputized by the state. Taking those rights back for yourself is then labeled \"BioTerrorism\". So be it. Let's learn how.\r\n\r\nWe all know that custom, hand-made, artisan-crafted, boutique tools are always better than something factory made. A guitar, a wood chisel, a chef's knife, a built racing engine, a firearm, a suit, a pair of shoes. Given that this is so well-known, and so universally understood, it's peculiar at best that this is not seen by most people when it comes to medicine. It is however also true. \r\n\r\nGiven, however, that the traditional rôle of pharmacists who used to have the freedom to compound custom medicines for the people they were serving has been revoked, and now despite their extensive training, have been limited to being able to do little more than count pills in most cases, we have to do this ourselves. \r\n\r\nThe problem is that this has been criminalized. The moment you stop groveling for permission from medical authorities, and start becoming actively involved in managing your own health, you are a criminal in most countries in the world. Practicing medicine without a license, manufacture of drugs, possession of laboratory tools, possession of precursor chemicals... the list of felonies goes on. \r\n\r\nThe choice is yours. Would you like to be the sickest law-abiding citizen, or the healthiest BioTerrorist? If you want the red pill, you'll have to manufacture it yourself. The blue pill is prescription-only, and if you manage to get a prescription, and you're rich maybe you can afford to buy it. \r\n\r\nCome learn about the long list of medications which went through the research and development processes, but are never going to be commercially available. Learn how to find more of these, and learn the many ways you can make them yourself.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Dr. Mixæl Swan Laufer"],"tags":["38c3","316","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":5605,"promoted":false,"date":"2024-12-27T19:15:00.000+01:00","release_date":"2025-01-05T00:00:00.000+01:00","updated_at":"2026-04-03T21:15:05.150+02:00","length":1993,"duration":1993,"thumb_url":"https://static.media.ccc.de/media/congress/2024/316-78910469-adfa-5c79-8529-1a9d66ef9e6a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/316-78910469-adfa-5c79-8529-1a9d66ef9e6a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/316-78910469-adfa-5c79-8529-1a9d66ef9e6a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/316-78910469-adfa-5c79-8529-1a9d66ef9e6a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-bioterrorism-will-save-your-life-with-the-4-thieves-vinegar-collective","url":"https://api.media.ccc.de/public/events/78910469-adfa-5c79-8529-1a9d66ef9e6a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9285ab89-97ce-5457-8eaa-1de6b5c4848a","title":"Hacking the RP2350","subtitle":null,"slug":"38c3-hacking-the-rp2350","link":"https://events.ccc.de/congress/2024/hub/event/hacking-the-rp2350/","description":"Raspberry Pi's RP2350 microcontroller introduced a multitude of new hardware security features over the RP2040, and included a Hacking Challenge which began at DEF CON to encourage researchers to find bugs. The challenge has been defeated and the chip is indeed vulnerable (in at least one way). This talk will cover the process of discovering this vulnerability, the method of exploiting it, and avenues for deducing more about the relevant low-level hardware behavior.\n\nThe RP2350 security architecture involves several interconnected mechanisms which together provide authentication of code running on the chip, protected one-time-programmable storage, fine-grained control of debug features, and so on. An antifuse-based OTP memory serves as the root of trust of the system, and informs the configuration of ARM TrustZone as well as additional attack mitigations such as glitch detectors. Raspberry Pi even constructs an impressive, bespoke Redundancy Coprocessor (RCP), which hardens execution of boot ROM code on the Cortex-M33 cores with stack protection, data validation, and instruction latency randomization.\n\nSince there are many potential incorrect guesses to be made about where problems might lie, here I begin with the most fundamental features of the chip logic, including the reset process. Even small oversights at this level can entirely defeat sophisticated security efforts if higher-level mechanisms place complete trust in seemingly simple hardware operations. I show how cursory research into the design details of IP blocks used in the SoC can help inform an attack, and demonstrate the importance of fully testing new features which are built atop older IP. Ultimately, the significant amount of luck (or lack thereof) involved is a reminder of the need to meticulously understand and validate complex systems.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Aedan Cullen"],"tags":["38c3","625","2024","Security","Saal ZIGZAG"],"view_count":11577,"promoted":false,"date":"2024-12-27T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:30:04.967+02:00","length":3434,"duration":3434,"thumb_url":"https://static.media.ccc.de/media/congress/2024/625-9285ab89-97ce-5457-8eaa-1de6b5c4848a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/625-9285ab89-97ce-5457-8eaa-1de6b5c4848a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/625-9285ab89-97ce-5457-8eaa-1de6b5c4848a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/625-9285ab89-97ce-5457-8eaa-1de6b5c4848a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacking-the-rp2350","url":"https://api.media.ccc.de/public/events/9285ab89-97ce-5457-8eaa-1de6b5c4848a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7010639d-b24b-58f7-9d29-954ff445ca6c","title":"Proprietary silicon ICs and dubious marketing claims? Let's fight those with a microscope!","subtitle":null,"slug":"38c3-proprietary-silicon-ics-and-dubious-marketing-claims-let-s-fight-those-with-a-microscope","link":"https://events.ccc.de/congress/2024/hub/event/proprietary-silicon-ics-and-dubious-marketing-claims-let-s-fight-those-with-a-microscope/","description":"Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot.\n\nA digital synthesizer from 1986 was completely shrouded in mystery and dubious marketing claims. Being that old, eventually every working unit will break, leaving us with the no info about its inner workings. I could not accept this, so I decided to get into silicon reverse engineering. By dissolving its undocumented custom chips into acid and looking at them through a microscope, I was able to get an understanding of what was going on internally, to be able to preserve it and emulate it in the future.\n\nThis is possible because lot of custom silicon chips from that era (80s and 90s) are of the \"gate array\" type: a grid-like structure that contains thousands of digital logic gates. By looking at them closely we can understand what those gates do, and by following the wiring between them we can reconstruct the entire system. This method allowed people to understand and recreate perfect emulations of arcade games, sound chips, security ICs and more.\n\nIn this talk I want to tell my journey into silicon reverse engineering from my perspective of a complete beginner and software guy, and what I learned in the process. I will go through the different kinds of custom chips, how they look under a microscope, their different parts, what can be easily reverse engineered and what can not. Those chips do not only contain logic, but also RAM and ROM parts, and knowing how to identify them can give clues when looking at the logic is too complicated. Sometimes a chip can be completely understood even without knowing that a MOSFET is.\n\nI will also cover the process I used for reverse engineer them, some techniques that worked and some that didn't, and some tools I built to automatically extract mask ROMs and generate Verilog code from die shots.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["giulioz"],"tags":["38c3","492","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":2399,"promoted":false,"date":"2024-12-27T22:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T11:00:07.463+02:00","length":2196,"duration":2196,"thumb_url":"https://static.media.ccc.de/media/congress/2024/492-7010639d-b24b-58f7-9d29-954ff445ca6c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/492-7010639d-b24b-58f7-9d29-954ff445ca6c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/492-7010639d-b24b-58f7-9d29-954ff445ca6c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/492-7010639d-b24b-58f7-9d29-954ff445ca6c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-proprietary-silicon-ics-and-dubious-marketing-claims-let-s-fight-those-with-a-microscope","url":"https://api.media.ccc.de/public/events/7010639d-b24b-58f7-9d29-954ff445ca6c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1329fc5a-94bf-529e-b18b-da53ebfda3bb","title":"ACE up the sleeve: ","subtitle":"Hacking into Apple's new USB-C Controller","slug":"38c3-ace-up-the-sleeve-hacking-into-apple-s-new-usb-c-controller","link":"https://events.ccc.de/congress/2024/hub/event/ace-up-the-sleeve-hacking-into-apple-s-new-usb-c-controller/","description":"With the iPhone 15 \u0026 iPhone 15 Pro, Apple switched their iPhone to USB-C and introduced a new USB-C controller: The ACE3, a powerful, very custom, TI manufactured chip.\r\n\r\nBut the ACE3 does more than just handle USB power delivery: It's a full microcontroller running a full USB stack connected to some of the internal busses of the device, and is responsible for providing access to JTAG of the application processor, the internal SPMI bus, etc.\r\n\r\nWe start by investigating the previous variant of the ACE3: The ACE2. It's based on a known chip, and using a combination of a hardware vulnerability in MacBooks and a custom macOS kernel module we managed to persistently backdoor it - even surviving full-system restores.\r\n\r\nOn the ACE3 however, Apple upped their game: Firmware updates are personalized to the device, debug interfaces seem to be disabled, and the external flash is validated and does not contain all the firmware. However using a combination of reverse-engineering, RF side-channel analysis and electro-magnetic fault-injection it was possible to gain code-execution on the ACE3 - allowing dumping of the ROM, and analysis of the functionality.\r\n\r\nThis talk will show how to use a combination of hardware, firmware, reverse-engineering, side-channel analysis and fault-injection to gain code-execution on a completely custom chip, enabling further security research on an under-explored but security relevant part of Apple devices. It will also demonstrate attacks on the predecessor of the ACE3.\r\n\r\nThe Lightning and USB-C ports on Apple devices have been well known to \"hide\" secrets beyond just exposing USB and charging functionality: For example last year at CCC, we showed how we can gain access to JTAG on the iPhone 15 using a custom-build PCB (\"Tamarin-C\").\r\n\r\nAll this is handled on new Apple devices using a chip called the ACE3: While previous Apple USB-C devices used a slightly modified Texas Instruments TPS65986, the ACE3 is significantly more custom - and significantly more powerful: It runs a full USB stack (implementing the \"Port DFU\" mode) and is connected to different internal busses of the phone, making it an interesting target for persistent firmware-implant style attacks. Imagine modifying/backdooring the USB-C controller in a way where it will automatically compromise the main operating-system - essentially making (potential) USB jailbreaks untethered.\r\n\r\nBut how do we approach a custom chip without any documentation and which has its firmware in an internal ROM?\r\n\r\nWith the ACE2 it was possible to dump the integrated ROM using JTAG/SWD, which allowed us to identify \u0026 exploit a hardware (on all MacBooks except the M3 Pro \u0026 Max) vulnerability to persistently modify the ACE2.\r\n\r\n\r\nHowever the ACE3 is different: We don't even have a pinout for the chip (which has 120 pins), JTAG seems disabled, and the external flash does not even contain the actual firmware, but only tiny patches for the actual firmware in the chip - and the contents are cryptographically validated!\r\n\r\nAfter attempting different software avenues of attacking the ACE3 (including building a small fuzzer and finding a timing side-channel attack to enumerate available commands) with no success, and seeing that the ACE3 implements firmware personalization, it was time for the ace up the sleeve: Hardware attacks.\r\n\r\nAfter reverse-engineering the external flash layout (including CRCs) and finding that the flash is cryptographically verified (and that a secure-boot bypass vulnerability we found on the ACE2 does not work on the ACE3), the idea was born to use electro-magnetic measurements to determine when during the startup of the chip the validation fails.\r\n\r\nAnd by triggering a software-defined radio on the activity of the external flash, it was possible to gather a very precise point in time where the check is being done - perfect to try some fault injection!\r\n\r\nUnfortunately no good isolated power-supply for the ACE3 could be found to use with voltage fault injection, and so instead I decided to try electro-magnetic fault injection: By \"blasting\" the chip with strong electro-magnetic fields at just the point in time determined during the EM measurement I was hoping to be able to bypass the check - and after hours of trying, debugging, moving the injection tip, more debugging, and more time, it eventually succeeded: A modified patchset could be booted into the CPU.\r\n\r\nBut … How do we make sure our \"patch\" actually gets executed? How do we dump the ROM without having any IO? And how do we even know what (in the 32-bit address space of the processor) we should dump? And can we implement the attack without thousands of dollars of hardware? We will look at all of these things during the talk.\r\n\r\nItemized progression draft:\r\n- Introduction\r\n\t- whoami\r\n\t- History of Lightning/USB-C secrets on Apple devices\r\n- A quick look at ACE2\r\n\t- Technical details \u0026 usage\r\n\t- Dumping the ACE2\r\n\t- Analyzing the MacBook hardware\r\n\t- Building a kernel-level SWD probe to hack the ACE2 without opening the device\r\n\t- Disabling the secure-update functionality of the ACE3\r\n- The ACE3\r\n\t- iPhone 15 vs iPhone 16 vs MacBook with M3 Pro/Max\r\n\t- No matching Texas Instruments chip, no public documentation, no schematics\r\n\t- Software exploration\r\n\t\t- Apple's HPM bus\r\n\t\t- Discovering a timing-sidechannel for supported commands\r\n\t- Hardware exploration\r\n\t\t- Trying to find SWD (with which I think I succeeded - however it seems to be disabled)\r\n\t\t- Dumping the external flash\r\n\t- Flash exploration\r\n\t\t- No full firmware, just patches\r\n\t\t- Some CRCs found, but also firmware personalization (IM4M)\r\n\t\t- Seems to be cryptographically verified\r\n\t- Attempting to flash modified dumps (with fixed CRCs) unsuccessfully\r\n\t- Electro-magnetic measurement\r\n\t\t- Setup: HackRF + small inductor as antenna\r\n\t\t- Building a reliable Trigger signal for the SDR: Flash chip-select line\r\n\t\t- Compare when the chip-boot fails with correct and invalid CRCs in the flash\r\n\t\t- Identified point in time where the boot seems to abort\r\n\t\t (Screenshots for this can be found in the attachments)\r\n\t- Fault injection\r\n\t\t- Quick primer: Voltage FI vs EMFI\r\n\t\t- Setup: ChipSHOUTER on MacBook, ChipWhisperer Husky for trigger-generation, software to reboot the chip \u0026 arm the glitcher\r\n\t\t- Experimenting to determine correct parameters by attempting to fail the boot with correct firmware\r\n\t- The actual attack\r\n\t\t- Flash modified patchset (Changed version-string)\r\n\t\t- Reboot chip\r\n\t\t- Glitch chip at the right time\r\n\t\t- Test for success, repeat\r\n\t- Success - but what now?\r\n\t\t- Getting actual code-execution through the attack by overwriting a patched command\r\n\t\t- Using HPM bus to execute the command and dump 64 bytes at a time\r\n\t\t- A look at the dumped firmware\r\n\t- Reducing the attack-costs: Performing the attack with \u003c$100 of equipment\r\n- How could this have been prevented?\r\n- What's next?\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["stacksmashing"],"tags":["38c3","543","2024","Security","Saal GLITCH"],"view_count":10561,"promoted":false,"date":"2024-12-27T12:00:00.000+01:00","release_date":"2025-01-08T00:00:00.000+01:00","updated_at":"2026-04-03T13:00:04.284+02:00","length":2412,"duration":2412,"thumb_url":"https://static.media.ccc.de/media/congress/2024/543-1329fc5a-94bf-529e-b18b-da53ebfda3bb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/543-1329fc5a-94bf-529e-b18b-da53ebfda3bb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/543-1329fc5a-94bf-529e-b18b-da53ebfda3bb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/543-1329fc5a-94bf-529e-b18b-da53ebfda3bb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ace-up-the-sleeve-hacking-into-apple-s-new-usb-c-controller","url":"https://api.media.ccc.de/public/events/1329fc5a-94bf-529e-b18b-da53ebfda3bb","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"0daa8ef9-3eb3-5e50-b879-c48fe5dc69ad","title":"GLAM zwischen LOD und ¯\\_(ツ)_/¯. Museumskritik für Hacker*innen","subtitle":null,"slug":"38c3-glam-zwischen-lod-und----museumskritik-fr-hacker-innen","link":"https://events.ccc.de/congress/2024/hub/event/glam-zwischen-lod-und----museumskritik-fr-hacker-innen/","description":"Habt ihr euch immer schon gefragt wie Museumssammlungen ins Netz kommen, warum online Sammlungen meist immer noch aussehen wie Kataloge seit dem 19. Jahrhundert, was für Strategien und Förderprogramme dahinter stecken, welche Firmen hier quasi-Monopole haben, und warum Museen so viele Hoffnungen (Zugang! Partizipation! Demokratie!) mit der Digitalisierung verbinden? Der Talk ist eine Einladung an Hacker*innen sich an der kritischen Weiterentwicklung, Öffnung und Reflexion von Museen zu beteiligen.\n\nGLAM = Abkürzung für Sammlungsinstitutionen: Galleries, Libraries, Archives, Museums\nLOD = Buzzword in Museen: Linked Open Data\n¯\\_(ツ)_/¯ = Platzhalter für: Lass irgendwas mit KI, Google Arts \u0026 Culture, Facebook Metaverse machen!\n\nAls vor vier Jahren mein Forschungsprojekt zur Digitalisierung in Museen losging habe ich meine ersten Ideen auf der rC3 präsentiert (\"Wie können wir das digitale Museum aufhalten\"). Und jetzt möchte ich die Ergebnisse aus vier Jahren Forschung zur Digitalisierung von Museen teilen. Meine Quellen sind vor allem die Jahresberichte der Staatlichen Museen zu Berlin seit 1990, und die Digitalstrategien der Deutschen Bundesregierung, mit ihrem Fokus auf Künstliche Intelligenz, Virtual Reality und Vernetzte Daten, die zum Beispiel die Millionenprojekte \"museum4punkt0\" und \"Datenraum Kultur\" beinhalten.\n\nIch zeige größere Entwicklungen und Konflikte und viele Beispiele, alles anhand der Frage: Welche Brücken können wir bauen zwischen Museumskritik und Datenpolitik?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Lukas Fuchsgruber"],"tags":["38c3","470","2024","Science","Saal ZIGZAG"],"view_count":781,"promoted":false,"date":"2024-12-30T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-13T15:00:06.716+01:00","length":2621,"duration":2621,"thumb_url":"https://static.media.ccc.de/media/congress/2024/470-0daa8ef9-3eb3-5e50-b879-c48fe5dc69ad.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/470-0daa8ef9-3eb3-5e50-b879-c48fe5dc69ad_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/470-0daa8ef9-3eb3-5e50-b879-c48fe5dc69ad.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/470-0daa8ef9-3eb3-5e50-b879-c48fe5dc69ad.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-glam-zwischen-lod-und----museumskritik-fr-hacker-innen","url":"https://api.media.ccc.de/public/events/0daa8ef9-3eb3-5e50-b879-c48fe5dc69ad","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"afc17d74-39db-56fb-a697-e389cd8b36a1","title":"Woman in the Middle","subtitle":null,"slug":"38c3-woman-in-the-middle","link":"https://events.ccc.de/congress/2024/hub/event/woman-in-the-middle/","description":"Ist Cybercrime der attraktivere “Arbeitsplatz” für Menschen, die aus dem stereotypischen Rahmen des Bildes eines IT-lers fallen - im Gegensatz zur Cybersecurity? Wir decken auf!\n\n\"Wir leben doch längst in einer gleichberechtigten Welt!\", sagen manche. Doch mal ehrlich, wer von euch denkt bei einem Man-in-the-Middle-Angriff an eine Hackerin? \n\nWir sprechen über Hürden und Herausforderungen, denen Menschen, die nicht dem Stereotypen-Bild des IT-lers entsprechen, heute immer noch begegnen. Von absurd hohen Einstiegshürden über Kompetenzabsprechungen bis hin zu völlig anderen Maßstäben für Auftreten und Aussehen - wir decken Mechanismen von Benachteiligung und Diskriminierung auf. Mit lebhaften Geschichten, die wir selbst als Frauen in der Cybersecurity erlebt haben, vielen Interviews mit FINTAS und aktuellen Trendzahlen zeichnen wir ein anschauliches Bild dieser Realität. Wir erzählen darüber hinaus entsprechende Geschichten aus anderen Berufsfeldern. \n\nDoch das Bild hat zwei Seiten: Die Unterschätzung von Kompetenzen kann ein unerwarteter Vorteil sein, besonders in der Welt der Cyberkriminalität. Wenn Nicht-Stereotypische Hackende im digitalen Untergrund agieren, ergeben sich neue, überraschende Perspektiven. Wir beleuchten die Gleichstellung im Cybercrime und fragen uns: Was können wir hieraus lernen und für bessere Arbeitsbedingungen in legalen Berufszweigen übernehmen? Dazu haben wir einen Hack, den wir vorschlagen möchten und der aus unserer Perspektive helfen würde, dass alle Menschen Ihr Recht auf freie Berufswahl, freie Entfaltung und weitere Menschenrechte auch wirklich zugestanden bekommen - Damit alle Wesen dieses Universums ein Leben in Frieden und Freiheit genießen können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["norberta","Catrin"],"tags":["38c3","773","2024","Stage HUFF"],"view_count":1688,"promoted":false,"date":"2024-12-29T20:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T15:45:06.904+02:00","length":3581,"duration":3581,"thumb_url":"https://static.media.ccc.de/media/congress/2024/773-afc17d74-39db-56fb-a697-e389cd8b36a1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/773-afc17d74-39db-56fb-a697-e389cd8b36a1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/773-afc17d74-39db-56fb-a697-e389cd8b36a1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/773-afc17d74-39db-56fb-a697-e389cd8b36a1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-woman-in-the-middle","url":"https://api.media.ccc.de/public/events/afc17d74-39db-56fb-a697-e389cd8b36a1","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f71f01a7-aef9-5793-95f8-4c40a5687855","title":"Drawing with circuits – creating functional and artistic PCBs together","subtitle":null,"slug":"38c3-drawing-with-circuits-creating-functional-and-artistic-pcbs-together","link":"https://events.ccc.de/congress/2024/hub/event/drawing-with-circuits-creating-functional-and-artistic-pcbs-together/","description":"We are a professional electronics designer and a professional artist. We'd like to share our experience of integrating an artist into the design workflow for EMF's 2022 and 2024 event badges, how we ensured that form and function grew together, and how you might make a board so fancy it crashes your PCB vendor’s CAM software.\n\nCircuit boards are increasingly being made to be seen. Whether they're personal or commercial, many projects show off their PCBs in an array of shapes, colours and sizes instead of hiding them in enclosures.\nWhile making an electronic design work correctly and making it look amazing are not conflicting goals, they do require very different skillsets.\n\nIf you are not one of the rare people whose expertise spans both graphic and electronic design, it may feel very daunting to collaborate with someone who has a very different skillset. You must figure out what you don't know about each other's fields, what the other needs to know, and find the right language to bridge that divide. \n\nWe will share our experience of working together as circuit designer and artist, and will talk about:\n- the possibilities and constraints of modern PCB technology as a medium for visual art\n- turning a functional electronic design into an artistic playground\n- our experience of communicating across fields of expertise, developing a common language and conveying essential ideas without getting in each other's way\n- some fantastic free software for art and electronic design\n- sample workflows for embellishing circuits\n- what PCB design software and manufacturers expect and how to get away with doing \"weird\" things\n- many examples of beautiful things we and others have made\n\nWe hope this will inspire and encourage you to make your own beautiful collaborative designs a reality.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kliment","Morag Hickman"],"tags":["38c3","525","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":1204,"promoted":false,"date":"2024-12-29T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-07T23:30:09.164+01:00","length":2280,"duration":2280,"thumb_url":"https://static.media.ccc.de/media/congress/2024/525-f71f01a7-aef9-5793-95f8-4c40a5687855.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/525-f71f01a7-aef9-5793-95f8-4c40a5687855_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/525-f71f01a7-aef9-5793-95f8-4c40a5687855.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/525-f71f01a7-aef9-5793-95f8-4c40a5687855.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-drawing-with-circuits-creating-functional-and-artistic-pcbs-together","url":"https://api.media.ccc.de/public/events/f71f01a7-aef9-5793-95f8-4c40a5687855","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"47c0094c-fd30-52b5-8eb9-398d0418c7cc","title":"Biological evolution: writing, rewriting and breaking the program of life","subtitle":null,"slug":"38c3-biological-evolution-writing-rewriting-and-breaking-the-program-of-life","link":"https://events.ccc.de/congress/2024/hub/event/biological-evolution-writing-rewriting-and-breaking-the-program-of-life/","description":"Biological evolution is a great inventor. Over 4 billion years, it has generated an astonishing diversity of lifeforms, from the tiniest bacteria to the tallest trees.\nEach new organism inherits a genetic program from its parents - a set of instructions to “build” the organism itself. Random mutations in this program can alter the organism’s traits, affecting its ability to survive in its environment. \nBut how do these small changes combine over thousands of generations to yield the vast complexity we see in present-day lifeforms?\n\nIn this talk, we discuss examples from our research, using computer simulations to model the early evolution of animals, from single-celled microbes to complex multicellular organisms. \nWe show that evolution behaves a bit like a hacker, repurposing the programs it previously built in unexpected ways to create new functions and structures. \n\nUnderstanding how evolution continually innovates is one of biology’s grand challenges. We also hope that uncovering these processes in biological systems will provide new perspectives on current debates about the generative and creative capabilities of AI.\n\nThe history of life abounds with examples of how biological evolution repurposes old tools for new functions.\nFeathers, indispensable for bird flight, first appeared in dinosaurs, where they served an entirely different purpose: to stay warm in the Jurassic winter. \nAnalogously, the proteins that focus light in the lens of our eyes originally functioned as metabolic enzymes. \nOne of evolution’s most transformative repurposing events is the emergence of multicellularity — a transition that laid the groundwork for complex life as we know it.\n\nBefore multicellularity evolved, single cells lived autonomously, each with their own genetic program to find food and survive harsh environments. Evolution repurposed these cellular programs, to organise self-sufficient cells into cooperative multicellular groups, with surprising new capabilities and collective survival strategies. For example, cells in the group can divide tasks among each other and share resources, paving the way for the extreme specialisation we find in the organs of modern animals. \n\nOur computational models simulate this evolutionary transition to explore how the rewriting of cellular programs sets the stage for further biological innovations. \nOne striking insight from our computational approach is that it requires little input data to generate novel solutions to evolutionary problems, revealing an inherent efficiency in biological systems that stands in contrast to modern generative AI.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Enrico Sandro Colizzi","Renske Vroomans"],"tags":["38c3","642","2024","Science","Saal GLITCH"],"view_count":910,"promoted":false,"date":"2024-12-29T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-06T16:30:07.607+01:00","length":2486,"duration":2486,"thumb_url":"https://static.media.ccc.de/media/congress/2024/642-47c0094c-fd30-52b5-8eb9-398d0418c7cc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/642-47c0094c-fd30-52b5-8eb9-398d0418c7cc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/642-47c0094c-fd30-52b5-8eb9-398d0418c7cc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/642-47c0094c-fd30-52b5-8eb9-398d0418c7cc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-biological-evolution-writing-rewriting-and-breaking-the-program-of-life","url":"https://api.media.ccc.de/public/events/47c0094c-fd30-52b5-8eb9-398d0418c7cc","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f6c28ce4-eb7b-5207-80a9-f6234d77a29c","title":"Decentralize Your Internet with Self-Hosting","subtitle":null,"slug":"38c3-decentralize-your-internet-with-self-hosting","link":"https://events.ccc.de/congress/2024/hub/event/decentralize-your-internet-with-self-hosting/","description":"In einer Zeit, in der Privatsphäre immer mehr untergraben wird – warum nicht die Kontrolle über deine Daten übernehmen und eine eigene Cloud für Filehosting aufbauen? \n\nDieser Vortrag ist ein praktischer Leitfaden zum Selbsthosting von Nextcloud zu Hause, speziell gedacht für Einsteiger mit grundlegenden Linux- und Bash-Kenntnissen. \n\nVon der Wahl der passenden Hardware bis zur sicheren Internetanbindung bauen wir Schritt für Schritt eine selbst gehostete Filehosting-App im eigenen Heimnetzwerk.\n\nIn diesem Vortrag zeigen wir euch alle Schritte zu einer vollständig funktionsfähigen, internet-reichbaren Nextcloud-Instanz zum Filehosting im Internet. Wer bisher noch keine eigene Software betreibt, aber neugierig auf die Möglichkeiten ist, ist hier genau richtig. \n\nDafür wird der Aufbau Schritt für Schritt dargestellt: vom Hardware-Setup über die Auswahl des passenden Betriebssystems und notwendiger Hilfssoftware bis hin zur Installation der Anwendung und der anschließenden Absicherung. \n\nWir schauen uns ausserdem an, wie ein Nextcloud-Server aktuell gehalten werden kann und im Internet erreichbar gemacht werden kann. Dabei geben wir praktische Tipps zur Absicherung der Applikation. \n\nDer Vortrag soll dabei praxisnah gestaltet werden und Demos enthalten, wo immer immer das möglich ist. Die komplette Anleitung inklusive aller Skripte wird es in einem Open Source Repo geben.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Andreas","seb"],"tags":["38c3","838","2024","Stage HUFF"],"view_count":19596,"promoted":false,"date":"2024-12-27T20:15:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T13:30:05.313+02:00","length":2581,"duration":2581,"thumb_url":"https://static.media.ccc.de/media/congress/2024/838-f6c28ce4-eb7b-5207-80a9-f6234d77a29c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/838-f6c28ce4-eb7b-5207-80a9-f6234d77a29c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/838-f6c28ce4-eb7b-5207-80a9-f6234d77a29c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/838-f6c28ce4-eb7b-5207-80a9-f6234d77a29c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-decentralize-your-internet-with-self-hosting","url":"https://api.media.ccc.de/public/events/f6c28ce4-eb7b-5207-80a9-f6234d77a29c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"db8fddb5-6446-5ee3-9c9f-126e49508340","title":"The master key","subtitle":null,"slug":"38c3-the-master-key","link":"https://events.ccc.de/congress/2024/hub/event/the-master-key/","description":"This is the story of the HDCP master key that we derived back in 2010.\n\nThis is the story of the HDCP master key. How in 2010 we derived it from various public sources and from a bunch of cheapish hardware (and how we made money in the process!), and then published it on pastebin. After that it was just wait-and-see what Intel and the rest of the world would do.\n\nWith the master key anyone can make source and sink keys that interoperate with any HDCP device.\n\nOh, and how I learnt how to spell \"forty\".\n\n\n\nHDCP MASTER KEY (MIRROR THIS TEXT!)\n\nThis is a forty times forty element matrix of fifty-six bit\nhexadecimal numbers.\n\nTo generate a source key, take a forty-bit number that (in\nbinary) consists of twenty ones and twenty zeroes; this is\nthe source KSV. Add together those twenty rows of the matrix\nthat correspond to the ones in the KSV (with the lowest bit\nin the KSV corresponding to the first row), taking all elements\nmodulo two to the power of fifty-six; this is the source\nprivate key.\n\nTo generate a sink key, do the same, but with the transposed\nmatrix.\n\n\n6692d179032205 b4116a96425a7f ecc2ef51af1740 959d3b6d07bce4 fa9f2af29814d9\n82592e77a204a8 146a6970e3c4a1 f43a81dc36eff7 568b44f60c79f5 bb606d7fe87dd6\n1b91b9b73c68f9 f31c6aeef81de6 9a9cc14469a037 a480bc978970a6 997f729d0a1a39\nb3b9accda43860 f9d45a5bf64a1d 180a1013ba5023 42b73df2d33112 851f2c4d21b05e\n2901308bbd685c 9fde452d3328f5 4cc518f97414a8 8fca1f7e2a0a14 dc8bdbb12e2378\n672f11cedf36c5 f45a2a00da1c1d 5a3e82c124129a 084a707eadd972 cb45c81b64808d\n07ebd2779e3e71 9663e2beeee6e5 25078568d83de8 28027d5c0c4e65 ec3f0fc32c7e63\n1d6b501ae0f003 f5a8fcecb28092 854349337aa99e 9c669367e08bf1 d9c23474e09f70\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["segher","Wanda"],"tags":["38c3","405","2024","Security","Saal ZIGZAG"],"view_count":5852,"promoted":false,"date":"2024-12-28T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-25T16:15:07.321+01:00","length":3118,"duration":3118,"thumb_url":"https://static.media.ccc.de/media/congress/2024/405-db8fddb5-6446-5ee3-9c9f-126e49508340.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/405-db8fddb5-6446-5ee3-9c9f-126e49508340_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/405-db8fddb5-6446-5ee3-9c9f-126e49508340.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/405-db8fddb5-6446-5ee3-9c9f-126e49508340.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-the-master-key","url":"https://api.media.ccc.de/public/events/db8fddb5-6446-5ee3-9c9f-126e49508340","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1fcd7b27-efba-5ee4-8318-afa50222cd20","title":"Sicherheitslücke gefunden... und nun?","subtitle":null,"slug":"38c3-sicherheitslcke-gefunden-und-nun","link":"https://events.ccc.de/congress/2024/hub/event/sicherheitslcke-gefunden-und-nun/","description":"Der CCC unterstützt bei der Meldung von Sicherheitslücken nach dem Responsible-Disclosure- beziehungsweise Coordinated-Vulnerability-Disclosure-Verfahren. Am Beispiel verschiedener Lücken, die wir in den vergangenen Monaten gemeldet haben, zeigen wir, wie Disclosures ablaufen können. Eine Rechtsberatung findet nicht statt.\n\nBei angewandter Sicherheitsforschung führen Hackerparagraphen nach wie vor zu großer Unsicherheit. Meldende von Sicherheitslücken müssen befürchten, angezeigt und verklagt zu werden. Daher unterstützt der CCC bei der Meldung von Sicherheitslücken.\n\nWie läuft so ein Disclosure-Prozess eigentlich ab? In diesem Vortrag geben wir Einblicke in die Praxis und erläutern anhand aktueller Beispiele aus den vergangenen Monaten, wie wir Sicherheitslücken gemeldet haben. Dabei beleuchten wir typische Herausforderungen und mögliche Konflikte.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["kantorkel","Linus Neumann"],"tags":["38c3","873","2024","Stage HUFF"],"view_count":4670,"promoted":false,"date":"2024-12-29T17:35:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T23:15:05.647+01:00","length":2998,"duration":2998,"thumb_url":"https://static.media.ccc.de/media/congress/2024/873-1fcd7b27-efba-5ee4-8318-afa50222cd20.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/873-1fcd7b27-efba-5ee4-8318-afa50222cd20_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/873-1fcd7b27-efba-5ee4-8318-afa50222cd20.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/873-1fcd7b27-efba-5ee4-8318-afa50222cd20.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-sicherheitslcke-gefunden-und-nun","url":"https://api.media.ccc.de/public/events/1fcd7b27-efba-5ee4-8318-afa50222cd20","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"989a4c82-1dc6-564b-ac4a-5a7062c74187","title":"Attack Mining: How to use distributed sensors to identify and take down adversaries","subtitle":null,"slug":"38c3-attack-mining-how-to-use-distributed-sensors-to-identify-and-take-down-adversaries","link":"https://events.ccc.de/congress/2024/hub/event/attack-mining-how-to-use-distributed-sensors-to-identify-and-take-down-adversaries/","description":"Ever wondered why your web server seems to be under constant attack from what feels like everyone on the internet?\nMe too!\nJoin me in this session where we'll explore the data of millions of attacks from hundreds of sensors around the world, to identify who is attacking us from where and why. Additionally, we will have a look into how we can use that data to get abusive systems taken down, and how successful this approach actually is.\n\nBuckle up for a deep dive into the constant battle to protect systems on the internet against adversaries gaining access, and how you can help make the internet a safer place!\n\nLooking at the 2024 M-Trends report, brute force is still one of the main reasons for adversaries to gain access and compromise companies. In fact, 6% of all initial access is done via brute force. Knowing this, as well as that attackers are constantly trying all sorts of attacks against any internet-connected device, there seems to be a gap between what is currently mostly done (block the attack) versus what should be done (report and take down the attacker)!\n\nThis talk will start with a short introduction on how to set up a system that is able to collect attacks from distributed sensors, enrich them at a central location, as well as use the data to reach out to ISPs and other governing bodies to report the abuse. The sensors are Docker containers with modified OpenSSH servers that will block any login attempt, no matter which username and password combination is used, as well as log the timestamp, source IP, username, and password to a central location. Using this, the so-called \"attack pot\" is indistinguishable from other Linux systems, ensuring that no suspicion on the attacker's side is raised.\nFor the enrichment part, the ISP's contact data is identified, and abuse notifications are sent via multiple channels to initiate a take down. Furthermore, automated bots monitor if the take down was successful and how long it took, allowing us to share some information on how successful this approach is, which ISPs are more cooperative, and where it is nearly impossible to get any system taken down. Generally, lessons learned with what could be potentially done better will be discussed!\n\nThe second part of the talk will focus on the analysis of the collected attacks. Across all of the attacks, multiple clusters, which likely are adversarial groups moving from one target to another, could be identified. Furthermore, by analyzing the used credentials, there seems to be some correlation between internet-identifiable information like DNS, region, or OS and the credentials used in an attack. This will allow defenders to get a better understanding of how to defend and even put out decoy information to quickly identify attacks.\n\nThe closure of the presentation will be an outlook on what could be done better from an ISP or governing body side to speed up take downs of adversarial infrastructure, as well as what everyone can do to make the internet a safer place!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Lars König"],"tags":["38c3","180","2024","Security","Saal ZIGZAG"],"view_count":6267,"promoted":false,"date":"2024-12-29T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T08:45:03.865+02:00","length":3679,"duration":3679,"thumb_url":"https://static.media.ccc.de/media/congress/2024/180-989a4c82-1dc6-564b-ac4a-5a7062c74187.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/180-989a4c82-1dc6-564b-ac4a-5a7062c74187_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/180-989a4c82-1dc6-564b-ac4a-5a7062c74187.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/180-989a4c82-1dc6-564b-ac4a-5a7062c74187.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-attack-mining-how-to-use-distributed-sensors-to-identify-and-take-down-adversaries","url":"https://api.media.ccc.de/public/events/989a4c82-1dc6-564b-ac4a-5a7062c74187","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1534c712-0531-50d6-ab8d-d932de2227b4","title":"Howto Digitale Bildungspolitik","subtitle":null,"slug":"38c3-howto-digitale-bildungspolitik","link":"https://events.ccc.de/congress/2024/hub/event/howto-digitale-bildungspolitik/","description":"Wie funktioniert digitale Bildungspolitik? Was läuft auf Länder-, Bundes- oder Kommunalebene und wie kann man sich sinnvoll einbringen damit Schulen richtig digital werden? Darüber sprechen cyber4EDU in dieser Episode des Digital Education Cyber Talks Podcast mit zwei Expert/innen aus dem Bildungsapparat.\nhttps://dect42.de/\nhttps://cyber4edu.org/\n\nDie Digitalisierung der Schulen besteht aus einem Mosaik an Anforderungen und zu verstehen wie diese eigentlich zusammenhängen und wer wofür zuständig ist, ist alles andere als einfach: Infrastruktur, Geräteausstattung, digitale Verwaltung, Bildungsapps, Datenschutz, offene Bildungsressoucen (OER), digitale Kompetenzen, Medienbildung und jetzt auch noch KI. Sich im digitalen Bildungskontext zu engagieren kann ziemlich undurchsichtig und herausfordernd sein. Um besser zu verstehen wie das alles zusammenhängt wollen wir in diesem Podcast besprechen wie digitale Bildungspolitik funktioniert, wie Föderalismus, das BMBF, die Kultusministerkonferenz und der Digitalpakt Schule zusammenhängen und wie man sich als Aktivist oder Verein sinnvoll einbringen kann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Mel"],"tags":["38c3","58304","2024","Saal X 07"],"view_count":847,"promoted":false,"date":"2024-12-29T19:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-09T16:30:10.257+01:00","length":2810,"duration":2810,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58304-1534c712-0531-50d6-ab8d-d932de2227b4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58304-1534c712-0531-50d6-ab8d-d932de2227b4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58304-1534c712-0531-50d6-ab8d-d932de2227b4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58304-1534c712-0531-50d6-ab8d-d932de2227b4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-howto-digitale-bildungspolitik","url":"https://api.media.ccc.de/public/events/1534c712-0531-50d6-ab8d-d932de2227b4","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"36c8ab4c-ee54-5466-87ae-6c6bda80c5bf","title":"Small seeds - why funding new ideas matters","subtitle":null,"slug":"38c3-small-seeds-why-funding-new-ideas-matters","link":"https://events.ccc.de/congress/2024/hub/event/small-seeds-why-funding-new-ideas-matters/","description":"More money for Free and Open Source Software - a never ending issue. In a tech world built on start-ups, venture capital and data-gathering apps, the fight for sustainable funding for ethical technology projects is a fierce one. After some big victories for FOSS funding in the last years, this talk is about the importance of not forgetting the small, underdog civil society projects.\n\nHow do we fund technology in a sustainable way? Fund infrastructure, fund maintenance, fund that project some random person in Nebraska has been thanklessly maintaining since 2003. While infrastructure is extremely important (no questions asked), in this talk we want to explore why a diverse funding landscape that also allows for supporting new people and groups with fresh ideas can only be incredibly valuable to the field of FOSS.\n\nHow can we use existing funding structures, bend and twist them to meet the real needs of communities? How can we make them more useful to projects and people who are not typically the recipients of their money? We want to talk about how to build support infrastructure that allows us to fund in ways that bring more diversity, more novel ideas and more inclusivity to our communities - and we want to talk about how to do this in a sustainable way. \n\nThis talk is a call to government institutions, funders and other organisations with the power to distribute money to join forces, break down the barriers of their traditional funding models and create a broad and vibrant network of small, diverse and lightweight funds that meet the needs of different groups and communities. It is an invitation to communities to come together and share their needs in order to help build structures that can actually support their work. There is hope in FOSS projects, old and new, big and small. Let's hack all kinds of systems to give them the support they need.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Marie Kreil","Marie-Lena Wiese"],"tags":["38c3","811","2024","Stage HUFF"],"view_count":424,"promoted":false,"date":"2024-12-30T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-11T17:45:09.689+01:00","length":2373,"duration":2373,"thumb_url":"https://static.media.ccc.de/media/congress/2024/811-36c8ab4c-ee54-5466-87ae-6c6bda80c5bf.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/811-36c8ab4c-ee54-5466-87ae-6c6bda80c5bf_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/811-36c8ab4c-ee54-5466-87ae-6c6bda80c5bf.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/811-36c8ab4c-ee54-5466-87ae-6c6bda80c5bf.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-small-seeds-why-funding-new-ideas-matters","url":"https://api.media.ccc.de/public/events/36c8ab4c-ee54-5466-87ae-6c6bda80c5bf","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9966b431-501b-595b-b355-05adf647e03d","title":"Die Brandmauer gegen rechts - Schutz oder Gefahr für die Demokratie?","subtitle":null,"slug":"38c3-die-brandmauer-gegen-rechts-schutz-oder-gefahr-fr-die-demokratie","link":"https://events.ccc.de/congress/2024/hub/event/die-brandmauer-gegen-rechts-schutz-oder-gefahr-fr-die-demokratie/","description":"In Österreich hat 2024 die rechte FPÖ bei allen Wahlen massiv an Stimmen hinzugewonnen. Obwohl bei der Nationalratswahl die FPÖ als Siegerin hervorgegangen ist, versuchen nun drei andere Parteien eine Koalition zu bilden. Wir fragen uns, ob die Entscheidung, nicht mit der FPÖ zu verhandeln und sie somit nicht in die Regierung zu holen, nur dazu beitragen, die FPÖ immer noch stärker zu machen und welche Lehren daraus auch für Deutschland und den Umgang mit der AfD zu ziehen sind.\n\nAuch in Österreich war 2024 ein Superwahljahr: Landtagswahlen, die EU-Wahl und Nationalratswahl, gemeinsam mit einigen Gemeinderatswahlen. Allen gemeinsam ist, dass die rechte FPÖ immer dazugewinnen konnte, bei den bundesweiten Wahlen ging sie sogar als Siegerin hervor, in einem Bundesland wird sie den Landeshauptmann stellen. Im Bund versuchen nun drei Parteien, trotz zum Teil starker ideologischer Unterschiede, eine Koalition gegen den selbsternannten Volkskanzler Kickl zu bilden. Dessen Umfragewerte steigen in der Zwischenzeit immer weiter, daran ändern auch Korruptionsvorwürfe, eindeutig rechtsradikale Einstellungen oder Spendenaffären nichts.\n\nAnschließend an unseren Podcast vom letzten Jahr, in dem wir den Aufstieg der Rechten in Österreich nachgezeichnet haben, wollen wir heuer diskutieren, ob die Brandmauer gegen rechts immer sinnvoll ist, wir berichten über die Erfahrung mit der FPÖ in der Regierung und besprechen, ob daraus auch Lehren für Deutschland zu ziehen sind.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["unsösterreichts.jetzt","Alexander Muigg"],"tags":["38c3","58300","2024","Saal X 07"],"view_count":1287,"promoted":false,"date":"2024-12-27T20:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-01-27T16:15:08.672+01:00","length":2830,"duration":2830,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58300-9966b431-501b-595b-b355-05adf647e03d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58300-9966b431-501b-595b-b355-05adf647e03d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58300-9966b431-501b-595b-b355-05adf647e03d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58300-9966b431-501b-595b-b355-05adf647e03d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-die-brandmauer-gegen-rechts-schutz-oder-gefahr-fr-die-demokratie","url":"https://api.media.ccc.de/public/events/9966b431-501b-595b-b355-05adf647e03d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b37c29e5-60ca-5a35-a5a8-9e7d028c2abd","title":"A fully free BIOS with GNU Boot","subtitle":null,"slug":"38c3-a-fully-free-bios-with-gnu-boot","link":"https://events.ccc.de/congress/2024/hub/event/a-fully-free-bios-with-gnu-boot/","description":"In this talk we will first show you that a fully free BIOS firmware, is not only possible but also necessary to guarantee your freedom, technological independence and security in the long run. We will then present GNU Boot, a 100% free boot firmware distribution that accomplished these goals. The presentation will be held by Adrien Bourmault, one of the GNU Boot maintainers, whom will dive into the project's origins, goals and current status.\n\nIt's getting harder and harder to find hardware that works with 100% free (as in freedom) software. To counter this, the promotion and development of fully free boot firmware is ever more crucial.\n\nFirmwares are software that sit in between the hardware and the operating system. They play a crucial role in making our computers work. However most of the time they are proprietary (nonfree). This limits users' freedom who are forced to trust black boxes. Being able to use 100% free firmwares can not only\nguarantee security but also enable transparency and control by the community.\n\nIn this talk we will look at what is a boot firmware, and why it is essential that it is free software, and how it works in practice. We will also look at GNU Boot, a fully free boot firmware distribution: we will look at how the project is organized, what are features it provides, and its role within the movement for a fully free software BIOS/UEFI replacement.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["neox","GNUtoo"],"tags":["38c3","833","2024","Stage YELL"],"view_count":1849,"promoted":false,"date":"2024-12-29T13:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-28T21:45:06.858+01:00","length":1875,"duration":1875,"thumb_url":"https://static.media.ccc.de/media/congress/2024/833-b37c29e5-60ca-5a35-a5a8-9e7d028c2abd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/833-b37c29e5-60ca-5a35-a5a8-9e7d028c2abd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/833-b37c29e5-60ca-5a35-a5a8-9e7d028c2abd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/833-b37c29e5-60ca-5a35-a5a8-9e7d028c2abd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-a-fully-free-bios-with-gnu-boot","url":"https://api.media.ccc.de/public/events/b37c29e5-60ca-5a35-a5a8-9e7d028c2abd","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"48d32c48-214a-5387-9b87-ae7338bc181f","title":"Correctiv-Recherche \"Geheimplan gegen Deutschland\"","subtitle":"1 Jahr danach","slug":"38c3-correctiv-recherche-geheimplan-gegen-deutschland-1-jahr-danach","link":"https://events.ccc.de/congress/2024/hub/event/correctiv-recherche-geheimplan-gegen-deutschland-1-jahr-danach/","description":"Vor einem Jahr veröffentlichte Correctiv die Recherche “Geheimplan gegen Deutschland”, die ein geheimes Treffen von Rechtsextremen, AfD-Funktionären und CDU-Mitgliedern enthüllte. Diese Enthüllung führte zu massiven Demonstrationen, während rechtsextreme Gruppen versuchten, das Geschehen zu relativieren. Die politische Reaktion blieb jedoch verhalten, und die AfD setzte die demokratischen Parteien weiter unter Druck. In diesem Vortrag gibt Jean Peters, leitender Reporter der Recherche, einen Überblick über die Recherchemethoden, analysiert den medialen Diskurs und zeigt zukünftige Perspektiven zur Berichterstattung über Rechtsextremismus auf.\r\n\r\nVor einem Jahr enthüllte Correctiv in der investigativen Recherche \"Geheimplan gegen Deutschland\" ein brisantes Treffen in Potsdam, an dem Rechtsextreme, AfD-Funktionäre, CDU-Mitglieder aus unteren Rängen sowie bedeutende Geldgeber teilnahmen. Diese Veröffentlichung schlug in der deutschen Öffentlichkeit hohe Wellen und führte zu den größten Demonstrationen, die die Bundesrepublik seit ihrer Gründung erlebt hat. Menschen in ganz Deutschland gingen auf die Straße, um gegen die rechtsextreme Bedrohung und die wachsende politische Einflussnahme dieser Kreise zu protestieren.\r\n\r\nDie Rechtsextremen hingegen versuchten, die Bedeutung dieses Treffens herunterzuspielen und die Enthüllungen als überzogen darzustellen. Sie bemühten sich, ihre Pläne zu relativieren. Gleichzeitig trieb die AfD die demokratischen Parteien bei den Landtagswahlen der neuen Bundesländer weiter vor sich her und konnte in mehreren Bundesländern beachtliche Wahlerfolge feiern. Die Reaktionen auf Bundesebene waren in vielen Augen enttäuschend: Statt die Warnungen aus der Zivilgesellschaft und den Demonstrationen ernst zu nehmen, schien die Bundespolitik in Teilen auf AfD-freundliche Maßnahmen zu setzen.\r\n\r\nJean Peters, der leitende Reporter der Recherche, wird in seinem Vortrag detaillierte Einblicke in die Vorgehensweise und die Methodik der Enthüllung geben. Er wird erläutern, wie Correctiv die Verbindungen zwischen den rechtsextremen Akteuren und den finanziellen Unterstützern aufdeckte, welche Herausforderungen es nach der Recherche gab und wie das Team mit der enormen öffentlichen Resonanz umging. Zudem wird er den medialen Diskurs kritisch einordnen: Welche Rolle spielten die Medien bei der Verbreitung und der Einordnung der Informationen? Wie reagierte die Öffentlichkeit auf die Berichterstattung? Und welche Konsequenzen ergaben sich daraus für die politische Debatte in Deutschland?\r\n\r\nAbschließend wird Peters mögliche nächste Schritte und Ansätze für die weitere Berichterstattung über Rechtsextremismus und den Stand der Debatte rund um ein potenzielles AfD Verbot aufzeigen. Er wird darlegen, wie der investigative Journalismus weiterhin dazu beitragen kann, diese Netzwerke aufzudecken, und welche Hacks die Demokratie bietet, um Autoritarismus zu bekämpfen.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jean Peters"],"tags":["38c3","91","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":16386,"promoted":false,"date":"2024-12-27T11:00:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-29T04:30:02.619+02:00","length":2648,"duration":2648,"thumb_url":"https://static.media.ccc.de/media/congress/2024/91-48d32c48-214a-5387-9b87-ae7338bc181f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/91-48d32c48-214a-5387-9b87-ae7338bc181f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/91-48d32c48-214a-5387-9b87-ae7338bc181f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/91-48d32c48-214a-5387-9b87-ae7338bc181f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-correctiv-recherche-geheimplan-gegen-deutschland-1-jahr-danach","url":"https://api.media.ccc.de/public/events/48d32c48-214a-5387-9b87-ae7338bc181f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c44ea615-7ef3-500b-acec-4c02826ca4a2","title":"identity theft, credit card fraud and cloaking services – how state-sponsored propaganda makes use of the cyber criminal toolbox","subtitle":null,"slug":"38c3-identity-theft-credit-card-fraud-and-cloaking-services-how-state-sponsored-propaganda-makes-use-of-the-cyber-criminal-toolbox","link":"https://events.ccc.de/congress/2024/hub/event/identity-theft-credit-card-fraud-and-cloaking-services-how-state-sponsored-propaganda-makes-use-of-the-cyber-criminal-toolbox/","description":"The Russian disinformation campaign Doppelgänger is considered to be technically highly sophisticated. Research by CORRECTIV and Qurium has revealed that the Russian state relies on the toolbox of internet fraudsters for the dissemination of propaganda and fakes. A talk on the state's possible alliance with the criminal world - and on possibilities and limitations of countering it.\n\nIts goal is to undermine the support for Ukraine and polarize Western states: For more than two years, the Russian disinformation campaign Doppelgänger has been running on social networks and its own portals. Despite sanctions, the affected countries have not been able to stop the campaign. This is also because the architects of the campaign employ methods tried and tested by cyber criminals: Identity theft, use of stolen credit cards, bulletproof hosting, cloaking services and multi-level forwarding mechanisms. Research by CORRECTIV and Qurium based on data provided by Antibot4Navalny has uncovered the technical infrastructure of the campaign. The talk guides the audience through details of the new potential alliance between the Russian state and the criminal world. It raises questions about the accountability of authorities and platforms and opens the discussion to the possibilities and limits of resistance against malign foreign influences in the digital sphere.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Alexej Hock","Max Bernhard"],"tags":["38c3","383","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":1568,"promoted":false,"date":"2024-12-30T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T11:30:08.176+02:00","length":2244,"duration":2244,"thumb_url":"https://static.media.ccc.de/media/congress/2024/383-c44ea615-7ef3-500b-acec-4c02826ca4a2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/383-c44ea615-7ef3-500b-acec-4c02826ca4a2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/383-c44ea615-7ef3-500b-acec-4c02826ca4a2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/383-c44ea615-7ef3-500b-acec-4c02826ca4a2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-identity-theft-credit-card-fraud-and-cloaking-services-how-state-sponsored-propaganda-makes-use-of-the-cyber-criminal-toolbox","url":"https://api.media.ccc.de/public/events/c44ea615-7ef3-500b-acec-4c02826ca4a2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"903032d4-8d6f-5832-b023-6385ee8d6f2f","title":"Let’s spark children’s interest in coding","subtitle":null,"slug":"38c3-let-s-spark-children-s-interest-in-coding","link":"https://events.ccc.de/congress/2024/hub/event/let-s-spark-children-s-interest-in-coding/","description":"How can we spark children's interest in coding and tinkering. In this talk we will present the ongoing activities of the Free Software Foundation Europe to get the next generation of Haecksen and Hackers interested in tech, with a focus on diversity.\n\nToday it is impossible to imagine daily life without software. The majority of us can’t spend a single day without using it. People use software in the workplace, on laptops, and on mobile phones. Software is also found in less obvious places however: in trains, cars, televisions, washing-machines, fridges, and many other devices. None of these devices could function without software. Without software we couldn’t write e-mails, make phone calls, go shopping, or travel as we are accustomed to. Software is our society’s central tool. How do we ensure that the next generation is motivated and capable of shaping technology for society’s benefits?\n\nThe Free Software Foundation Europe’s volunteers and staff have interacted with over 1700 children between 6 to 10 years in the past months. Children, especially girls, afterwards were motivated to start experimenting with hardware and software. In the discussions we saw that they realise how crucial technology will be for them. The story of Ada made it into a war hospital with children with disability that felt identified with it as one of the book characters has a 3D printed leg.\n\nFurthermore with the FSFE’s coding competition “Youth Hacking 4 Freedom” we gathered experiences working with teenagers who program, tinker, and have fun with software. YH4F has also been a place for diversity during its first three editions.\n\nLearn more about the experiences how the FSFE sparks children’s and teenagers interest to tinker, experiment and program. Furthermore you will see how fulfilling those activities can be for yourself.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["anaghz (she / Her)"],"tags":["38c3","907","2024","Stage YELL"],"view_count":992,"promoted":false,"date":"2024-12-28T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-11T14:00:07.134+01:00","length":1577,"duration":1577,"thumb_url":"https://static.media.ccc.de/media/congress/2024/907-903032d4-8d6f-5832-b023-6385ee8d6f2f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/907-903032d4-8d6f-5832-b023-6385ee8d6f2f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/907-903032d4-8d6f-5832-b023-6385ee8d6f2f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/907-903032d4-8d6f-5832-b023-6385ee8d6f2f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-let-s-spark-children-s-interest-in-coding","url":"https://api.media.ccc.de/public/events/903032d4-8d6f-5832-b023-6385ee8d6f2f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"91c6a308-67a7-5dac-84b3-5a5c981177e9","title":"Basics of software publication","subtitle":null,"slug":"38c3-basics-of-software-publication","link":"https://events.ccc.de/congress/2024/hub/event/basics-of-software-publication/","description":"You want to share your code with the world. That's great! But how? Just uploading it to Github? Or how do I do this? \nIn this talk I want to give you an overview about the minimal steps you should take to prepare your code for publication. Covering what belongs into a repository, how to make your code sharable and which license to pick.\n\nThis talk is based on the training [Foundations of Research Software Publication](https://codebase.helmholtz.cloud/hifis/software/education/hifis-workshops/foundations-of-research-software-publication/workshop-materials-data-pub). The target is to enable developers to create and publish sustainable software which can be used and built up on by others.\nWhile this talk is an introduction, even more experienced developers might take something home.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Carina Haupt"],"tags":["38c3","797","2024","Stage YELL"],"view_count":1549,"promoted":false,"date":"2024-12-30T13:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T21:15:04.243+02:00","length":3626,"duration":3626,"thumb_url":"https://static.media.ccc.de/media/congress/2024/797-91c6a308-67a7-5dac-84b3-5a5c981177e9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/797-91c6a308-67a7-5dac-84b3-5a5c981177e9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/797-91c6a308-67a7-5dac-84b3-5a5c981177e9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/797-91c6a308-67a7-5dac-84b3-5a5c981177e9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-basics-of-software-publication","url":"https://api.media.ccc.de/public/events/91c6a308-67a7-5dac-84b3-5a5c981177e9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"45386b99-a14c-59a2-9238-fda47005ea93","title":"Ein unmoralisches Angebot: Wie wir unsere Communities vor ideologischen Zugriffen schützen","subtitle":null,"slug":"38c3-ein-unmoralisches-angebot-wie-wir-unsere-communities-vor-ideologischen-zugriffen-schtzen","link":"https://events.ccc.de/congress/2024/hub/event/ein-unmoralisches-angebot-wie-wir-unsere-communities-vor-ideologischen-zugriffen-schtzen/","description":"In beschleunigten Krisenzeiten wächst mit der Überforderung auch die Sehnsucht nach einer klaren Ordnung: Weltbilder, die das Chaos auf ein moralisch aufgeladenes \"Entweder-Oder\" reduzieren. \n\nMit dieser binären Logik werden alle Lösungen, die das \"Sowohl-als-auch\" denken, abgemäht. Die verheerende Folge: zwischen aufgeheiztem Lagerdenken, Positionierungsdruck und Rhetorik von individueller Schuld und Scham ist kein kollektives Handeln mehr möglich.\n\nDer Talk macht das unmoralische Angebot eines universalistischen und anwender*innenfreundlichen „Security-Updates\". Eine Empfehlung, auf was wir dringend achten sollten, um unser Netzwerk handlungsfähig zu halten.\n\nDer Talk gliedert sich in drei Teile:\n\n3. GROUND CONTROL: NORMATIVE INFRASTRUKTUR: Wir alle sind nicht ganz schwindelfrei und suchen nach Anbindungen oder Gravitationsfeldern, die uns in der unendlichen Kontingenz des Daseins Orientierung geben. Diese zutiefst menschliche Sehnsucht nach Sinnanziehungskraft kann man erstmal als solche anerkennen und ohne Scham annehmen. Das ist das klassische Business von Religionen (religare → la „anbinden, zurückbinden, festhalten, an etwas festmachen“). Nun hinterlassen in einer größtenteils säkularen Gesellschaft die zum Glück arbeitslos gewordenen Religionen viele ungebundene Individuen. Leider selten freie Radikale, vielmehr eine durch neoliberale Politik und kapitalistische Erzählungen individualisierte, unorganisierte Schar von Wesen, die ziemlich ‚lost’ sind – und dadurch empfänglich für moralisch durchtränkte Diskurse – gegenwärtig vor allem solche, die das Individuum in den Mittelpunkt stellen. Das Problem daran: Kollektives Handeln wird immer schwieriger zu organisieren.\n\n2. ILLEGAL CONSTRUCTIONS oder DIE ZERSTÖRUNG DER EINS: Alain Badiou ist ein Philosoph, der weltweit und nicht nur in akademischen Kreisen gelesen wird, in Deutschland aber kaum bekannt ist. Dabei hat er gerade zu dieser Fragestellung einiges zu sagen. Sein Plädoyer gilt der Verknüpfung von Subjektivität und Universalismus statt dem Versuch, Partikularitäten zu kontrollieren – wie es seiner Meinung nach identitätspolitische Ansätze versuchen. Stattdessen schlägt er vor, Subjektivität als kollektive ‚illegal instruction‘ zu denken. Was erstmal abstrakt klingt, bringt sehr konkrete Konsequenzen mit sich, wenn man sie in den (netz-)aktivistischen Alltag übersetzt – was im dritten Teil getan wird:\n\n3. ILLEGAL INSTRUCTIONS: Unverbindliches Angebot eines „Security Updates“ mit praktischen Hinweisen, Anregung zur Selbstreflexion und vielen offenen Fragen, die mit in die eigenen Strukturen genommen werden können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["elenos"],"tags":["38c3","472","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":2749,"promoted":false,"date":"2024-12-29T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-24T16:15:07.518+01:00","length":2578,"duration":2578,"thumb_url":"https://static.media.ccc.de/media/congress/2024/472-45386b99-a14c-59a2-9238-fda47005ea93.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/472-45386b99-a14c-59a2-9238-fda47005ea93_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/472-45386b99-a14c-59a2-9238-fda47005ea93.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/472-45386b99-a14c-59a2-9238-fda47005ea93.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ein-unmoralisches-angebot-wie-wir-unsere-communities-vor-ideologischen-zugriffen-schtzen","url":"https://api.media.ccc.de/public/events/45386b99-a14c-59a2-9238-fda47005ea93","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"6F784A4D-5C28-4617-A148-C8D5B296D66F","title":"Everyone VS. MP3 - Audio Datei-Formate für DJs und co.","subtitle":null,"slug":"38c3-everyone-vs-mp3-audio-datei-formate-fr-djs-und-co","link":"https://events.ccc.de/congress/2024/hub/en/event/everyone-vs-mp3-audio-datei-formate-fr-djs-und-co/","description":"Dieser Talk deckt die Fundamentals zu Samplingrate, Bitdepth und Bitrate ab und erklärt die Stärken und Schwächen aller Audio Datei-Formate, die für DJs und Produzent/innen relevant sind: MP3, AAC, FLAC, WAV, AIFF und vielleicht noch mehr.\n\nWenn du mal Probleme mit manchen Dateien auf CDJs hattest, ist das hier der richtige Talk für dich. Neben den im Abstract genannten Fundamentals erkläre ich, was lossy und lossless bedeuten, weshalb lossless nicht unbedingt der beste Begriff ist, was Interpolation ist und was es mit PCM auf sich hat. Ich beleuchte außerdem verschiedene Seiten der Datei-Formate: Qualität, Datei-Größe / Kompression, Metadaten-Support, Kompatibilität mit populärer DJ-Hardware und Mehr.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["function"],"tags":["100001","2024","38c3","Chaos Computer Music Club","38c3-deu"],"view_count":453,"promoted":false,"date":"2024-12-30T14:00:00.000+01:00","release_date":"2025-03-17T00:00:00.000+01:00","updated_at":"2026-03-29T22:45:07.432+02:00","length":2299,"duration":2299,"thumb_url":"https://static.media.ccc.de/media/congress/2024/100001-6F784A4D-5C28-4617-A148-C8D5B296D66F.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/100001-6F784A4D-5C28-4617-A148-C8D5B296D66F_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/100001-6F784A4D-5C28-4617-A148-C8D5B296D66F.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/100001-6F784A4D-5C28-4617-A148-C8D5B296D66F.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-everyone-vs-mp3-audio-datei-formate-fr-djs-und-co","url":"https://api.media.ccc.de/public/events/6F784A4D-5C28-4617-A148-C8D5B296D66F","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"31331d39-0f4a-5991-9bdc-72dc38db9d39","title":"Prototypes to Props: How to Build and Hack in the Film/TV Industry","subtitle":null,"slug":"38c3-prototypes-to-props-how-to-build-and-hack-in-the-film-tv-industry","link":"https://events.ccc.de/congress/2024/hub/event/prototypes-to-props-how-to-build-and-hack-in-the-film-tv-industry/","description":"Look behind the scenes with filmmaker, inventor, and former Mythbuster Davis DeWitt and learn how Hollywood hackers combine prototyping and art to bring movie magic to life! Through real-world examples, this talk will explore the unique challenges of creating builds for the entertainment industry, from designing prototypes to filming the final sequence and everything in between.\n\nHave you ever been asked to build a smoke grenade or blow up a car? With over 8 years of experience in the film industry, Davis is one of the hackers with the skills to accommodate these unusual requests. In this talk, we'll explore several of his favorite builds to highlight how anyone can get started combining art and hardware hacking on their own.\n\nFrom CAD, to 3D printing, microcontroller programming, painting, weathering, cinematography, and more, discover how multiple disciplines blend together to create hacker movie magic!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Davis DeWitt"],"tags":["38c3","754","2024","Stage HUFF"],"view_count":2070,"promoted":false,"date":"2024-12-28T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-04T20:00:13.364+01:00","length":1948,"duration":1948,"thumb_url":"https://static.media.ccc.de/media/congress/2024/754-31331d39-0f4a-5991-9bdc-72dc38db9d39.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/754-31331d39-0f4a-5991-9bdc-72dc38db9d39_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/754-31331d39-0f4a-5991-9bdc-72dc38db9d39.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/754-31331d39-0f4a-5991-9bdc-72dc38db9d39.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-prototypes-to-props-how-to-build-and-hack-in-the-film-tv-industry","url":"https://api.media.ccc.de/public/events/31331d39-0f4a-5991-9bdc-72dc38db9d39","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"44805922-87dc-5dda-aa12-d3c34fcd3e51","title":"Retro-Chips selbst gemacht: Historische Hardware in FPGAs nachbilden","subtitle":null,"slug":"38c3-retro-chips-selbst-gemacht-historische-hardware-in-fpgas-nachbilden","link":"https://events.ccc.de/congress/2024/hub/event/retro-chips-selbst-gemacht-historische-hardware-in-fpgas-nachbilden/","description":"Retro-Computing ist heute die Domäne der bekannten Software-Emulatoren. Aber auch die ursprüngliche Hardware selbst kann und sollte dokumentiert und konserviert werden. Ich zeige, was es damit auf sich hat und wie man daheim mit moderatem Einsatz einen ganzen Retro-Computer nachbaut. Mit Hilfe von rekonfigurierbaren Chips klappt das auch weitgehend ohne Löten oder die allgegenwärtigen Arduinos und Raspberry-Pis.\n\nDer Begriff Maker ist inzwischen eng mit den Arduinos und dem Raspberry-Pi verbunden. Auch wenn es um den Erhalt historischer Systeme geht sind Nachbauten in Form von Emulatoren auf Raspi-Basis ganz vorne dabei. Das ist verständlich, wenn man sieht wie preisgünstig diese Geräte sind, wie viele entsprechende Retro-Projekte\nes gibt und wie einsteigerfreundlich sie sich meistens nutzen lassen.\n\nAber neben der klassischen Software gibt es mehr zu erhalten: Die historische Hardware lässt sich leider nicht mal eben auf einen USB-Stick kopieren. Und mit den alten Geräten geht auch das Wissen dahinter verloren und die oft eleganten oder trickreichen Lösungen, die in der Anfangszeit nötig waren, um bezahlbare Hardware mit einfachsten Mitteln zu bauen.\n\nIch zeige, wie sich wesentliche Aspekte der Systeme mit Hilfe von konfigurierbarer Hardware erhalten und auf elegante Weise dokumentieren lassen. Ich zeige Euch, wie man mit geringem Materialeinsatz aber viel Neugierde Retro-Systeme in FPGA-Chips wieder zum Leben erweckt. Was braucht man? Wo bekommt man es her? Und wie wird daraus ein Heimcomputer der 80er? Das zeige ich unter anderem am konkreten Beispiel des NanoMig, der Nachbildung eines Commodore Amiga Homecomputer, dessen gesamte Hardware sich in einem modernen FPGA unterbringen lässt ... ganz ohne Arduino- oder Raspberry-Pi-Unterbau. \n\nFPGA-Retrocomputing ist in den letzten zehn Jahren populär geworden. Auch das von mir vor gut zehn Jahren entworfene MiST-Board aber vor allem das darauf folgende MiSTer-Projekt hatten ihren Anteil daran. Diese Systeme werden oft als etwas fortschrittlichere Emulatoren (miss-)verstanden, hinter ihnen steckt aber vor allem eine als rekonfigurierbare FPGA-Hardware bezeichnete recht ungewöhnliche Technik abseits üblicher CPUs, Speicher- und Peripheriebausteine.\n\nAuf die Geschichte und Hintergründe werde ich nur kurz eingehen. In diesem Vortrag soll es um die Praxis gehen. Ich werde beschreiben, was man an Hard- und an Software für die ersten Schritte auf dem Weg zur Wiederbelebung von Retro-Hardware benötigt. Wie es sich für Open-Source gehört muss man auch hier nicht das Rad immer wieder neu erfinden. So wie die damaligen Computer viele Gemeinsamkeiten hatten, so sind auch in ihren FPGA-Nachbauten viele Komponenten\nwiederverwendbar. Aber wie wird aus einem realen Chip überhaupt etwas, das einen realen FPGA-Baustein zu gleichem Verhalten animiert? Wie wird die Logik beschrieben? Was lässt sich aus alten Hardwareunterlagen direkt übernehmen? Was lässt sich in FPGAs (leider) nicht mehr direkt realisieren? \n\nSchließlich wird es darum gehen, wie man ein solches Projekt überhaupt angeht. Natürlich sind Klassiker wie der Commodore C64 oder der Amiga die verlockendsten Ziele für solche Vorhaben. Für die ersten Schritte eignen sich aber vor allem viele der einfacheren Maschinen oder sogar selbst erdachte Geräte. Ganz ohne Lötkolben verkabelt man sich den eigenen Retro-Computer und spätestens wenn der erste eigene Videochip das erste Testbild auf den VGA-Bildschirm bringt wird klar: Das ist\nkein Arduino. Der Umgang mit konfigurierbare Hardware ist nicht unbedingt komplizierter als die Arbeit mit Arduino und Co. Aber sie ist fundamental anders. Viele Denkmuster, die erfahrenen Programmierern in Fleisch und Blut übergegangen sind, lassen sich nicht auf Hardware übertragen oder sind, wie sich zeigen wird, sogar\nirreführend. Und wie debuggt man überhaupt einen selbstgebauten Chip? Und was wird aus Fernseher und Floppy-Diskette, die damals zwingendes Zubehör waren?\n\nUnd wenn selbst der Mikroprozessor Teil der Konfiguration ist, dann kann man natürlich beliebige Änderungen vornehmen. Fehlte Dir damals dieser eine Befehl, der alles revolutioniert hätte? Hätte der Atari ST den Amiga ausgestochen, wenn er Hardware-Sprites unterstützt hätte? Probier es aus! Konfigurierbare Hardware bedeutet auch, dass alles veränderbar ist. Ein Dual-Core C64? Ein ZX81 mit Tonausgabe und Farbdarstellung? Warum nicht gleich der eigene 8-Bit-Wunschcomputer? \n\nUnd wem das alles noch viel zu einfach erscheint, der erfährt schließlich, wie er mit Hilfe von Platinenproduktion in Fernost und dem heimischen 3D-Drucker nicht nur Software und Hardware erhält, sondern gleich die ganze Maschine noch einmal zum Leben erweckt.\n\nAm Ende meines kleinen Vortrags werdet ihr wissen, wie ihr Euer eigenes Retro-Projekt für kleines Budget startet und vielleicht mithelft, das Wissen hinter der ursprünglichen Hardware zu erhalten. Ihr lernt, wie man die ein oder andere Maschine wieder in einer Form erlebbar macht, die über die übliche Softwareemulation auf einem PC hinausgeht.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Till Harbaum"],"tags":["38c3","787","2024","Stage HUFF"],"view_count":1756,"promoted":false,"date":"2024-12-28T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-15T17:15:04.731+01:00","length":1987,"duration":1987,"thumb_url":"https://static.media.ccc.de/media/congress/2024/787-44805922-87dc-5dda-aa12-d3c34fcd3e51.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/787-44805922-87dc-5dda-aa12-d3c34fcd3e51_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/787-44805922-87dc-5dda-aa12-d3c34fcd3e51.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/787-44805922-87dc-5dda-aa12-d3c34fcd3e51.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-retro-chips-selbst-gemacht-historische-hardware-in-fpgas-nachbilden","url":"https://api.media.ccc.de/public/events/44805922-87dc-5dda-aa12-d3c34fcd3e51","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"3d69a23a-9488-5544-a4e8-24e9f24561ea","title":"Gefährliche Meinung – Wenn Wälder brennen und Klimaaktivist*innen im Knast sitzen","subtitle":null,"slug":"38c3-gefhrliche-meinung-wenn-wlder-brennen-und-klimaaktivist-innen-im-knast-sitzen","link":"https://events.ccc.de/congress/2024/hub/event/gefhrliche-meinung-wenn-wlder-brennen-und-klimaaktivist-innen-im-knast-sitzen/","description":"Eine Geschichte über den Kampf für Walderhalt in der Klimakrise, die unnötige Erweiterung eines klimaschädlichen Stahlwerks und einer vermutlich illegalen Genehmigung für eine vorgezogene Rodung. Wie wir dafür ins Gefängnis kamen. Und wie das Bundesverfassungsgericht die Gefängnisleitung zwang, mich vorzeitig wieder zu entlassen.\n\nAktivistische Kritik buchstäblich an der zuständigen Bezirksregierung endete in einem Gerichtskrimi durch die AugsburgerJustiz, die sich nach wie vor entschlossen zeigt, die laut Bundesverfassungsgericht besonders geschützte Machtkritik der Aktivist*innen möglichst hart zu bestrafen. \nEin Vortrag über den kreativen Umgang mit Repressionen mit Einblicken hinter die Gefängnismauern. \nVom Kampf der Augsburger Justiz gegen kreativen Protest für den Erhalt der Lebensgrundlagen.\nMemes inklusive. 🧮\n\nDie Regierung von Schwaben genehmigte im Herbst 2022 die Rodung eines besonders geschützten Bannwalds -- trotz laufender Rechtswidrigkeitsprüfung des gesamten Vorhabens durch Bayerns höchstes Verwaltungsgericht. Denn der Besitzer des angrenzenden Stahlwerks, der zufällig mit seinem Lobbyverband auch größter Spender der CSU ist, Max Aicher, wollte sein klimaschädliches Stahlwerk in den Bannwald hinein erweitern. Daraufhin demonstrierten wir an der Regierung von Schwaben und \"besetzen\" deren Behördenflur symbolisch mit einer satirischen Botschaft. Einen Bannwald roden? – Frech!\n\nWir werden davon erzählen, wie wir für unsere Kritik zu Haft verurteilt wurden, die Haft aber zunächst nicht antraten, sondern eine Woche durch die Öffentlichkeit geisterten, erst eine Woche später eine Lücke im Terminplan entdeckten und dann doch in der Arrestanstalt auftauchten. \nSamuel gibt Einblicke hinter die Mauern der Jugendarrestanstalt und berichtet, wie es den Menschen dort drinnen geht, die dort durch psychischen Schmerz \"resozialisert\" und \"erzogen\" werden sollen.\nÜber Brief und Zettel aus dem Fensterschlitz konnten Unterstützer*innen von außen den Kontakt halten. Eine Gruppe Nerds baute einen FM-Transmitter und versuchte, ein eigenes Knastradio für Samuel einzurichten.\n\nNach zwei Wochen wurde Samuel plötzlich nachts mit all seinen Büchern vor die Tür gesetzt, denn das Bundesverfassungsgericht entschied: Meinungsfreiheit gilt auch in Augsburg. Die Urteile aus Augsburg waren rechtswidrig, nicht mit dem Grundgesetz vereinbar.\nEin eindrucksvolles Beispiel, wie in Deutschland Protest mitunter als „Bedrohung der öffentlichen Ordnung und Sicherheit“ konstruiert und eingeschränkt wird.\n\n**Weitere Infos auf [lohwibleibt.de](https://www.lohwibleibt.de/)** --\nergänzend möchten wir noch mitgeben:\nDer Fall Augsburg ist ein gutes Beispiel, wie der \"Rechtsstaat\" Kapitalinteressen verteidigt. Zwei Wochen Knast sind aber nichts gegen den Verlust der Lebensgrundlagen, der insbesondere Menschen im globalen Süden betrifft. Es ist weiter unsere Verantwortung, uns für eine klimagerechte Welt einzusetzen. Lasst euch nicht einschüchtern und kämpft weiter! Gerichte sind zum Essen da.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Samuel Bosch","Kiki Köffle"],"tags":["38c3","668","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":2005,"promoted":false,"date":"2024-12-29T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T20:00:04.517+02:00","length":2586,"duration":2586,"thumb_url":"https://static.media.ccc.de/media/congress/2024/668-3d69a23a-9488-5544-a4e8-24e9f24561ea.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/668-3d69a23a-9488-5544-a4e8-24e9f24561ea_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/668-3d69a23a-9488-5544-a4e8-24e9f24561ea.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/668-3d69a23a-9488-5544-a4e8-24e9f24561ea.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-gefhrliche-meinung-wenn-wlder-brennen-und-klimaaktivist-innen-im-knast-sitzen","url":"https://api.media.ccc.de/public/events/3d69a23a-9488-5544-a4e8-24e9f24561ea","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c2ba4839-32ad-5e6e-a998-cd2d07ac7448","title":"Von Ionen zu Daten: Die Funktionsweise und Relevanz von (Quadrupol-)Massenspektrometern","subtitle":null,"slug":"38c3-von-ionen-zu-daten-die-funktionsweise-und-relevanz-von-quadrupol-massenspektrometern","link":"https://events.ccc.de/congress/2024/hub/event/von-ionen-zu-daten-die-funktionsweise-und-relevanz-von-quadrupol-massenspektrometern/","description":"Massenspektrometer sind unverzichtbare Analysewerkzeuge in der Chemie und zudem hochinteressante und verblüffende Instrumente. In diesem Talk wird die Massenspektrometrie mit Schwerpunkt auf Quadrupolmassenspektrometer anschaulich vorgestellt.\n\nMassenspektrometer aus der Hacker-Perspektive:\nDie Massenspektrometrie mag auf den ersten Blick kompliziert wirken, doch mit einem grundlegenden Verständnis der Physik und etwas logischem Denken kann man sich überraschend gut in diese Welt einarbeiten. Ich beschäftige mich seit vier Jahren intensiv mit Massenspektrometern – eine Technik, die mich immer mehr fasziniert und in die ich tief eintauche. Dieser Vortrag richtet sich an alle, die bisher wenig bis gar nichts über Massenspektrometrie wissen und erklärt auf zugängliche Weise, wie (Quadrupol-)Massenspektrometer funktionieren und warum sie so entscheidend für die chemische Analyse sind. Wir schauen uns an, wie diese Geräte auf molekularer Ebene arbeiten und welche spannenden Anwendungen es gibt, die unseren Alltag beeinflussen. Dabei werden die physikalischen Grundlagen verständlich erklärt, sodass jeder – auch ohne Vorkenntnisse – nachvollziehen kann, wie und warum diese Technologie so wichtig ist.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sally"],"tags":["38c3","130","2024","Science","Saal GLITCH"],"view_count":1099,"promoted":false,"date":"2024-12-30T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-20T13:30:09.017+01:00","length":2433,"duration":2433,"thumb_url":"https://static.media.ccc.de/media/congress/2024/130-c2ba4839-32ad-5e6e-a998-cd2d07ac7448.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/130-c2ba4839-32ad-5e6e-a998-cd2d07ac7448_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/130-c2ba4839-32ad-5e6e-a998-cd2d07ac7448.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/130-c2ba4839-32ad-5e6e-a998-cd2d07ac7448.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-von-ionen-zu-daten-die-funktionsweise-und-relevanz-von-quadrupol-massenspektrometern","url":"https://api.media.ccc.de/public/events/c2ba4839-32ad-5e6e-a998-cd2d07ac7448","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"16c09f00-0a16-5a11-92b7-7c065b7f1046","title":"Hacking Victorian Bodies: From Grid to Vector Space","subtitle":null,"slug":"38c3-hacking-victorian-bodies-from-grid-to-vector-space","link":"https://events.ccc.de/congress/2024/hub/event/hacking-victorian-bodies-from-grid-to-vector-space/","description":"This performative lecture by SOLID FLESH Collective explores how generative AI can reshape historical body representations into tools for imagining new bodily futures. Drawing from Muybridge’s chronophotography, which fixed bodies into a rigid scientific grid, we investigate AI’s capacity for fluid, multidimensional embodiment. Using open-source AI models to ‘resurrect’ Muybridge’s subjects and defy commercial censorship, we reveal speculative possibilities for bodily motion and identity. Our work positions the ‘vector body’—a digitally-mediated form of self-imagination—within a broader conversation on identity fluidity, algorithmic embodiment, and liberating futures beyond conventional body ideals.\n\nIn this performative lecture, the SOLID FLESH Collective reimagines how artistic practice can transform historical methods of body representation into tools for imagining radical new forms of embodiment. SOLID FLESH Collective, a hybrid space bridging the realms of gym, gallery, and think tank, examines how Muybridge’s chronophotography once ‘solidified’ bodies within a rigid grid, contrasting it with generative AI’s potential for unprecedented fluidity in self-reimagining.\n\nWe present a series of experiments in ‘resurrecting’ Muybridge’s subjects, using open-source AI tools to transform scientific documentation into speculative fictions. When commercial AI flagged these Victorian images as ‘pornographic,’ this rejection spurred us to explore alternate approaches, resulting in the creation of wonderfully surreal, inhuman movements with animDiff—as if the AI, uninformed by human motion, were an animator imagining it for the first time.\n\nThe lecture positions the AI-mediated body within a multidimensional vector space of possibilities, spanning dimensions of gender, age, class, and experience. Through our custom ComfyUI workflow and selected clips from our ongoing film project (solidflesh.com), we show how this ‘vector body’ allows for forms of self-imagination that break free from the solidifying gaze of the camera. Our technical explorations engage larger questions around identity fluidity, algorithmic embodiment, and the possibility of a new, digitally mediated somatic imagination.\n\nAs mainstream AI development often reinforces conventional body ideals, we speculate on alternative futures, asking how these technologies might instead enable liberating bodily self-conceptions. Moving beyond Muybridge’s grid and current AI’s polished limitations, we explore what approaches to algorithmic embodiment might emerge when we embrace the glitches and ‘failures’ of these systems.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Marcin Ratajczyk"],"tags":["38c3","559","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":632,"promoted":false,"date":"2024-12-30T00:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-13T20:15:08.965+01:00","length":2193,"duration":2193,"thumb_url":"https://static.media.ccc.de/media/congress/2024/559-16c09f00-0a16-5a11-92b7-7c065b7f1046.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/559-16c09f00-0a16-5a11-92b7-7c065b7f1046_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/559-16c09f00-0a16-5a11-92b7-7c065b7f1046.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/559-16c09f00-0a16-5a11-92b7-7c065b7f1046.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacking-victorian-bodies-from-grid-to-vector-space","url":"https://api.media.ccc.de/public/events/16c09f00-0a16-5a11-92b7-7c065b7f1046","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a09d44c7-c73b-538e-9cff-5a43d9dfb6f8","title":"Autoritäre Zeitenwende im Zeitraffer","subtitle":null,"slug":"38c3-autoritre-zeitenwende-im-zeitraffer","link":"https://events.ccc.de/congress/2024/hub/event/autoritre-zeitenwende-im-zeitraffer/","description":"Die mittlerweile zerbrochene „Fortschrittskoalition“ hat zuletzt mit dem Bohrhammer Grundrechte abgetragen, als gäbe es einen Preis zu gewinnen. Wer als nächstes das Land regiert, ist offen. Aber progressiver wird es wohl kaum. Warum das keine plötzliche Entwicklung ist und was wir jetzt dagegen tun müssen.\n\nWas die Ampel-Koalition kurz vor ihrem Ende noch mit dem sogenannten „Sicherheitspaket“ einführte, davon hätte ein CSU-Hardliner wie Horst Seehofer vor einigen Jahren nur träumen können: Geflüchteten die Sozialleistungen streichen, biometrische Datenbanken anlegen, alle möglichen Datentöpfe zusammenrühren und analysieren. Ein Teil des Pakets scheiterte am Bundesrat - aber nur, weil es den meisten Ländern nicht weit genug ging.\n\nSo etwas galt noch vor wenigen Monaten als tabu. In einer offenen Demokratie, dachte man, wird so etwas nicht kommen. Doch der autoritäre Überbietungswettbewerb im Namen der Sicherheit ist spätestens seit dem Anschlag von Solingen in vollem Gang.\n\nPolitiker:innen konnten ein mutmaßlich islamistisches Attentat und Migration miteinander verrühren, als gäbe es da einen logischen Zusammenhang. Im Sturm der rassistischen Hetze und Kontroll-Fantasien waren Stimmen für Freiheits- und Menschenrechte kaum mehr zu hören. Jetzt, wo die Bundestagswahl früher kommt als geplant, ist das besonders fatal.\n\nWir zeigen in unserem Vortrag, dass diese autoritäre Wende nicht plötzlich gekommen ist. Die jüngst geplanten Maßnahmen sind der Tiefpunkt einer Entwicklung, die schon seit Jahren von der Ampel vorangetrieben wurde. Und sie sind der Höhepunkt der Desillusionierung mit einer Regierung, die einst als „Fortschrittskoalition“ angetreten ist.\n\nWir zeigen auch, dass es Zeit ist für radikalere Widerworte. Denn wir müssen unsere Freiheit heute dafür nutzen, dass auch morgen noch etwas davon bleibt.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["anna","Chris Köver"],"tags":["38c3","366","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":4894,"promoted":false,"date":"2024-12-28T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T21:30:07.352+02:00","length":3572,"duration":3572,"thumb_url":"https://static.media.ccc.de/media/congress/2024/366-a09d44c7-c73b-538e-9cff-5a43d9dfb6f8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/366-a09d44c7-c73b-538e-9cff-5a43d9dfb6f8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/366-a09d44c7-c73b-538e-9cff-5a43d9dfb6f8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/366-a09d44c7-c73b-538e-9cff-5a43d9dfb6f8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-autoritre-zeitenwende-im-zeitraffer","url":"https://api.media.ccc.de/public/events/a09d44c7-c73b-538e-9cff-5a43d9dfb6f8","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"da83bd0a-bbbb-51e6-af01-9295ce0eebbb","title":"Spatial Interrogations Or the Color of the Sky","subtitle":null,"slug":"38c3-spatial-interrogations-or-the-color-of-the-sky","link":"https://events.ccc.de/congress/2024/hub/event/spatial-interrogations-or-the-color-of-the-sky/","description":"Modern 3D capture through Gaussian Splatting and human memory reveal parallel landscapes – where precise centers fade into probabilistic smears at the edges, and gaps hold as much meaning as detail. This is about the preservation of an ephemeral present in digital amber, an interrogation of how we reconstruct both digital and remembered spaces.\n\nIn July 2023, a new method of reconstructing reality was published in a paper called \"3D Gaussian Splatting for Real-Time Radiance Field Rendering.\" Three months later, the first apps provided this technology in their pseudo social-networks. Gaussian Splatting produces a navigable, though static, 3D reconstruction of events from video footage – but also an intriguing aesthetic. Areas of sharp details are surrounded by calculated uncertainty, creating digital spaces that inadvertently mirror how human memory operates.\n\nThe talk presents a video essay of the same name, exploring this resonance between technology and memory through a crafted blend of found footage, open-source media, and AI-generated elements. By developing custom tools for VR exploration and capture, the work documents these digital spaces from within, creating a choreographed journey through both technical and remembered landscapes. It is both a technical documentation and a poetic interpretation; it’s an interrogation of an emerging technology and a meditation on how we process and reconstruct our experiences, digital and remembered alike. \n\nThe lecture will focus on the technical background, as well as the artistic practices used to create the video essay. From working with virtual reality and experimenting with AI-generated content, to making decisions and non-decisions – it traces the development of a work in the parallel landscapes of emergent technology and lingering memory, of imminent nostalgia and nascent futures.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Artur Neufeld"],"tags":["38c3","230","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":567,"promoted":false,"date":"2024-12-27T20:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T13:00:09.445+02:00","length":2176,"duration":2176,"thumb_url":"https://static.media.ccc.de/media/congress/2024/230-da83bd0a-bbbb-51e6-af01-9295ce0eebbb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/230-da83bd0a-bbbb-51e6-af01-9295ce0eebbb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/230-da83bd0a-bbbb-51e6-af01-9295ce0eebbb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/230-da83bd0a-bbbb-51e6-af01-9295ce0eebbb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-spatial-interrogations-or-the-color-of-the-sky","url":"https://api.media.ccc.de/public/events/da83bd0a-bbbb-51e6-af01-9295ce0eebbb","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"2845809a-1611-5287-b95c-a617c8eee2be","title":"Robot Uprising: a story-driven AI robotics experience","subtitle":null,"slug":"38c3-robot-uprising-a-story-driven-ai-robotics-experience","link":"https://events.ccc.de/congress/2024/hub/event/robot-uprising-a-story-driven-ai-robotics-experience/","description":"It's the 2040’s. The dusty skyline of Helsinki is covered with vertical buildings reaching for the clouds. Autonomous drones deliver messages and items from layer to layer while robots maintain the aerial pathways across buildings. A sense of tension hangs in the air.\n\nSomewhere beneath the surface, hackers and corporates wage war over AI. Will they be able to master it, or will the City succumb to a dark technology? \n\n**Perhaps you can change the fate of things?**\n\nDo you like deep-diving into AI \u0026 robotics, but wish you could escape the inevitable existential dread of techno-capitalist dystopia? If acting it out through a story-driven hackathon sounds interesting, we might just have the right thing for you.\n\n[Robot Uprising](https://robotuprising.fi/) is a community-organised, story-driven AI \u0026 robotics event series. Part LARP, part hackfest, part robotics competition, it all neatly fits together under the umbrella of an overarching cyberpunk story. The story provides inspiration for the events, the events provide the \"historical facts\" that shape how the narrative develops.\n\nIn this talk, we'll take you through the history of Robot Uprising, delve into the technologies (robotics or otherwise) explored through our events, and contemplate how story and hacking intertwine.\n\nOur hope is to convince you of the awesomeness of story-driven hacking and inspire you to create many more events like this all around the world.\n\nYou can join us at [House of Tea after the talk](https://events.ccc.de/congress/2024/hub/en/event/robot-uprising-come-chat-after-our-talk_b0lw/) for a cup of tea and we can continue talking in a more intimate setting.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Karim Hamdi","Katarina Partti","Juho Kostet"],"tags":["38c3","406","2024","Art \u0026 Beauty","Saal 1"],"view_count":528,"promoted":false,"date":"2024-12-29T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-04T15:30:10.012+01:00","length":2334,"duration":2334,"thumb_url":"https://static.media.ccc.de/media/congress/2024/406-2845809a-1611-5287-b95c-a617c8eee2be.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/406-2845809a-1611-5287-b95c-a617c8eee2be_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/406-2845809a-1611-5287-b95c-a617c8eee2be.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/406-2845809a-1611-5287-b95c-a617c8eee2be.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-robot-uprising-a-story-driven-ai-robotics-experience","url":"https://api.media.ccc.de/public/events/2845809a-1611-5287-b95c-a617c8eee2be","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5f1a3c6b-72fb-5154-8146-0d0b0ef51b95","title":"The whois protocol for internet routing policy, or how plaintext retrieved over TCP/43 ends up in router configurations","subtitle":null,"slug":"38c3-the-whois-protocol-for-internet-routing-policy-or-how-plaintext-retrieved-over-tcp-43-ends-up-in-router-configurations","link":"https://events.ccc.de/congress/2024/hub/event/the-whois-protocol-for-internet-routing-policy-or-how-plaintext-retrieved-over-tcp-43-ends-up-in-router-configurations/","description":"Whois is one of the historic internet protocols. There are two types of whois databases on the Internet: domain names, and internet numbers (IP addresses, autonomous system numbers). In this talk, we introduce the history of the whois databases for Internet numbers and explain how they are used (and what is ongoing to replace this way of accessing this information).\n\nSpoiler: yes, people still use MD5 to authenticate updates, and still put policy derived from data retrieved over unauthenticated protocols in their router configurations.\n\nWhois is one of the older protocols still in use on the Internet, playing a critical role in managing and distributing information about domain names and Internet numbers, such as IP addresses and autonomous system numbers (ASNs). This talk focuses on using whois for internet routing information, aka as an internet routing registry.\n\nIt's well known that BGP is a trust-based protocol for distributing internet routes. When network operators configure a BGP link with a peer [another network], they often want to restrict the routes accepted from that peer; A small customer is very unlikely to be the upstream network of a hyperscaler. But how do you gather information about what prefixes and networks are likely announced by that network?\n\nThe session will start by exploring what whois databases contain (\"RPLS - Routing Policy Specification Language\"), and how they have a role as a database for internet routing registry (IRR) information. We explain the various (authoritative and non-authoritative) IRR databases and how they differ. We then continue by describing the routing policy present in these databases.\n\nAfter introducing the information present, we will explain how this policy is applied to routers... as well as the surprisingly fragile aspects of this mechanism (unauthenticated retrieval channels, updates via email with plaintext passwords).\n\nFinally, we introduce the more modern alternatives under development; not only for access to the same IRR information (Registration Data Access Protocol) but also the Routing Public Key Infrastructure, that is currently actively being deployed. We will gloss over the RPKI architecture, and explain that it stores part of the information available in the IRR (and how policy from this distributed system is fed into routers), including the trade-off (centralisation).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Ties de Kock","becha"],"tags":["38c3","819","2024","Stage YELL"],"view_count":1372,"promoted":false,"date":"2024-12-29T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-16T15:45:05.741+01:00","length":3294,"duration":3294,"thumb_url":"https://static.media.ccc.de/media/congress/2024/819-5f1a3c6b-72fb-5154-8146-0d0b0ef51b95.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/819-5f1a3c6b-72fb-5154-8146-0d0b0ef51b95_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/819-5f1a3c6b-72fb-5154-8146-0d0b0ef51b95.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/819-5f1a3c6b-72fb-5154-8146-0d0b0ef51b95.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-the-whois-protocol-for-internet-routing-policy-or-how-plaintext-retrieved-over-tcp-43-ends-up-in-router-configurations","url":"https://api.media.ccc.de/public/events/5f1a3c6b-72fb-5154-8146-0d0b0ef51b95","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"85f8ed00-5e6b-5db1-bbbd-a2561bcf322f","title":"Operation Mindfuck Vol. 7","subtitle":null,"slug":"38c3-operation-mindfuck-vol-7","link":"https://events.ccc.de/congress/2024/hub/event/operation-mindfuck-vol-7/","description":"For the seventh time, we'll present a colorful potpourri of nerdsniping topics: some of our favorite facts about computers, art, and the world! We draw a lot of inspiration from new and absurd ideas, and we'd like to share that enthusiasm with you!\n\n- [Vol. 1](https://blinry.org/operation-mindfuck/) (German)\n- [Vol. 2](https://blinry.org/operation-mindfuck-2/) (German)\n- [Vol. 3](https://blinry.org/operation-mindfuck-3/) (German)\n- [Vol. 4](https://blinry.org/operation-mindfuck-4/) (English)\n- [Vol. 5](https://blinry.org/operation-mindfuck-5/) (English)\n- [Vol. 6](https://blinry.org/operation-mindfuck-6/) (English)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["blinry","bleeptrack"],"tags":["38c3","825","2024","Entertainment","Stage YELL"],"view_count":5470,"promoted":false,"date":"2024-12-27T23:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-25T15:30:07.206+01:00","length":3124,"duration":3124,"thumb_url":"https://static.media.ccc.de/media/congress/2024/825-85f8ed00-5e6b-5db1-bbbd-a2561bcf322f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/825-85f8ed00-5e6b-5db1-bbbd-a2561bcf322f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/825-85f8ed00-5e6b-5db1-bbbd-a2561bcf322f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/825-85f8ed00-5e6b-5db1-bbbd-a2561bcf322f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-operation-mindfuck-vol-7","url":"https://api.media.ccc.de/public/events/85f8ed00-5e6b-5db1-bbbd-a2561bcf322f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b2a4c706-b6fb-55b8-a89f-cd821a8c4f3b","title":"Software accessibility without the fuzz","subtitle":null,"slug":"38c3-software-accessibility-without-the-fuzz","link":"https://events.ccc.de/congress/2024/hub/event/software-accessibility-without-the-fuzz/","description":"We've all heard how important digital accessibility is, at this point. But how does one get started with this complex topic? Let's cover all the techy basics!\n\nSoftware accessibility is important, we all know that by now. In the past years while working as an accessibility consultant, many people have asked me the very same question: How do I get started with this? I'm overwhelmed by all the different resources! Heck, I can't find anything useful!\n\nIn all fairness, I get you. There's so much fuzz surrounding this. Social workers will feel right at home because of this, but frankly, for us techies, it just doesn't work that way. We would like to know what to do precisely, or at least dive deeper into a topic on our own terms.\n\nIn this talk, I would like to give a brief overview over what's important only for programmers and where you can educate yourself further. We can do this together!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Casey Kreer"],"tags":["38c3","783","2024","Stage HUFF"],"view_count":1462,"promoted":false,"date":"2024-12-28T14:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T13:45:06.894+02:00","length":1317,"duration":1317,"thumb_url":"https://static.media.ccc.de/media/congress/2024/783-b2a4c706-b6fb-55b8-a89f-cd821a8c4f3b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/783-b2a4c706-b6fb-55b8-a89f-cd821a8c4f3b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/783-b2a4c706-b6fb-55b8-a89f-cd821a8c4f3b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/783-b2a4c706-b6fb-55b8-a89f-cd821a8c4f3b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-software-accessibility-without-the-fuzz","url":"https://api.media.ccc.de/public/events/b2a4c706-b6fb-55b8-a89f-cd821a8c4f3b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4f4ba783-2390-5252-b183-3c7be50b9a4b","title":"corebooting Intel-based systems","subtitle":null,"slug":"38c3-corebooting-intel-based-systems","link":"https://events.ccc.de/congress/2024/hub/event/corebooting-intel-based-systems/","description":"Gaining a reasonable level of trust on the firmware that runs your everyday activities\n\nCorebootable or not corebootable, that is the question.\n\nThe nerdiest nerds already corebooted their old X230 ThinkPads... but what about your new ThinkPad, or even your gaming rig? Well, Intel has a trick called the \"BootGuard\" inside the Management Engine.\nIt is supposed to protect the firmware and only allow updates from signed sources... somewhat like the Secure Boot. This means we can't coreboot our newer machines, right?\n\n..right? Well, for that to work... it needs team-play between OEMs and Intel, which doesn't always work out. \n\nIn this talk you will learn how to port coreboot to modern Intel systems - how we did it and even got to game on them.\n\nWe'll go over coreboot development, tell you how to find ~~potential subjects~~ compatible mainboards and what it would take to boot on them!). We'll explain what are \"payloads\", which one is right for you, and what it takes to make such system run mainline Linux.\n\nWe'll also take a look at current state of AMD systems and how they're doing with OpenSIL (which will replace AGESA in the coming years).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["aprl","elly"],"tags":["38c3","45","2024","Hardware \u0026 Making","Saal ZIGZAG"],"view_count":3620,"promoted":false,"date":"2024-12-30T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T03:45:02.956+02:00","length":2668,"duration":2668,"thumb_url":"https://static.media.ccc.de/media/congress/2024/45-4f4ba783-2390-5252-b183-3c7be50b9a4b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/45-4f4ba783-2390-5252-b183-3c7be50b9a4b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/45-4f4ba783-2390-5252-b183-3c7be50b9a4b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/45-4f4ba783-2390-5252-b183-3c7be50b9a4b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-corebooting-intel-based-systems","url":"https://api.media.ccc.de/public/events/4f4ba783-2390-5252-b183-3c7be50b9a4b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f1e929eb-5b85-563a-9c40-a489dd7913aa","title":"Beyond BLE: Cracking Open the Black-Box of RF Microcontrollers","subtitle":null,"slug":"38c3-beyond-ble-cracking-open-the-black-box-of-rf-microcontrollers","link":"https://events.ccc.de/congress/2024/hub/event/beyond-ble-cracking-open-the-black-box-of-rf-microcontrollers/","description":"Despite the recent popularity and breadth of offerings of low-cost RF microcontrollers, there is a shared absence of documentation for the internal workings of their RF hardware. Vendors might provide an API for their supported protocols, such as BLE, but their documentation will only provide as much detail as necessary to use these libraries. For practically every BLE MCU available to hobbyists, interfacing with the on-chip radio is limited to secret ROMs or binary blobs. In this talk, we will finally peel back the curtain on one of these RF MCUs, giving the ability to understand and unlock the full potential of the hardware to operate in new modes.\n\nThe TI SimpleLink family of BLE and Sub-GHz RF MCUs present a general-purpose Cortex-M4F platform with extensive documentation for developing custom embedded/IoT devices. With a reference manual filled with countless diagrams and register maps for all its peripherals, the Radio section is surprisingly sparse, only mentioning a high-level API for exchanging commands between an RF coprocessor core. This secondary undocumented CPU is what handles the actual RF communication, running from an inaccessible ROM. There’s no mention of what peripherals lay beyond the coprocessor aside from generic “DSP Modem” and “RF Engine” modules.\n\nThis talk serves to be the unofficial “Radio Reference Manual” of the SimpleLink MCUs, opening the black box of the RF subsystem and painting the full picture on how the radio operates - from the stack to the antenna. As part of this effort to fully understand these chips, we reverse engineered TI’s proprietary RF patch format, which enables SDK updates to introduce support for newer protocols on existing chips. We show how these patches allow you to modify the behavior of almost every part of the RF subsystem, control the RF subsystem in ways not intended, or even replace the ROM firmware entirely. Additionally, we investigate the hidden DSP Modem cores, and decode their proprietary ISA to disassemble and craft new firmware patches for them as well, potentially opening up the door for a cheap single-chip SDR.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Adam Batori","Robert Pafford"],"tags":["38c3","658","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":4180,"promoted":false,"date":"2024-12-29T15:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T04:00:03.152+02:00","length":2421,"duration":2421,"thumb_url":"https://static.media.ccc.de/media/congress/2024/658-f1e929eb-5b85-563a-9c40-a489dd7913aa.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/658-f1e929eb-5b85-563a-9c40-a489dd7913aa_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/658-f1e929eb-5b85-563a-9c40-a489dd7913aa.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/658-f1e929eb-5b85-563a-9c40-a489dd7913aa.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-beyond-ble-cracking-open-the-black-box-of-rf-microcontrollers","url":"https://api.media.ccc.de/public/events/f1e929eb-5b85-563a-9c40-a489dd7913aa","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"091786b6-a7ab-5f39-af44-4cb6751e4df2","title":"Geschredderte Gutachten: Wie nicht nur der Staat bei digitaler Barrierefreiheit versagt","subtitle":null,"slug":"38c3-geschredderte-gutachten-wie-nicht-nur-der-staat-bei-digitaler-barrierefreiheit-versagt","link":"https://events.ccc.de/congress/2024/hub/event/geschredderte-gutachten-wie-nicht-nur-der-staat-bei-digitaler-barrierefreiheit-versagt/","description":"Ein riesiger Teil der digitalen Leistungen der Bundesrepublik sind nicht inklusiv und für alle zugänglich. Eklatante Rechtsbrüche werden ignoriert und es gibt absolut nichts, was wir tun können, außer darüber zu reden.\n\nDie digitale Barrierefreiheit ist kaputt. In den letzten Monaten habe ich viele digitale Angebote des Staates auf deren Barrierefreiheit überprüft und die kritischsten Barrieren an die verantwortlichen Stellen gemeldet. \n\nBeispielsweise war es in der Hochwasser-Krise nach Weihnachten 2023 für blinde Personen in mindestens drei relevanten Bundesländern nicht möglich, den aktuellen Pegelstand an ihrem Wohnort abzurufen. Im Katastrophenschutz sieht es nicht besser aus: Alle vier öffentlich finanzierten Warn-Apps sind für viele Menschen mit Behinderung nicht nutzbar. Und auch das neue, für alle verpflichtende E-Rezept wurde voller Barrieren ausgerollt. \n\nDiese eklatanten Mängel sind leider Dauerzustand. Selbst wenn Barrieren schon intern bekannt sind, dauert es oft Jahre, bis diese behoben werden. An allen Ecken fehlt wichtige Expertise und der weltweite Beratungsmarkt wird beherrscht von Schlangenöl. \n\nBei einer Meldung einer neuen Barriere werfen die Behörden gerne mit Phrasen um sich und beteuern ihren Einsatz für Inklusion. Tatsächlich zeigen meine Erfahrungen ein erschreckendes Muster , das auf systematische Diskriminierung hindeutet. Aber wie können wir dann wirklich und nachhaltig Dinge verbessern? Können wir das überhaupt?\n\nWir schauen uns den traurigen Zustand der digitalen Barrierefreiheit in Deutschland an, benennen Verantwortliche für die Misere und lernen, was wir eigentlich wirklich bräuchten. Von echten Menschen mit Behinderung, mit echter Expertise.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Casey Kreer"],"tags":["38c3","381","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":2302,"promoted":false,"date":"2024-12-29T12:55:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-22T22:15:05.498+01:00","length":2392,"duration":2392,"thumb_url":"https://static.media.ccc.de/media/congress/2024/381-091786b6-a7ab-5f39-af44-4cb6751e4df2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/381-091786b6-a7ab-5f39-af44-4cb6751e4df2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/381-091786b6-a7ab-5f39-af44-4cb6751e4df2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/381-091786b6-a7ab-5f39-af44-4cb6751e4df2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-geschredderte-gutachten-wie-nicht-nur-der-staat-bei-digitaler-barrierefreiheit-versagt","url":"https://api.media.ccc.de/public/events/091786b6-a7ab-5f39-af44-4cb6751e4df2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"233cb1d4-4833-5384-aeee-d99344433e0b","title":"We've not been trained for this: life after the Newag DRM disclosure","subtitle":"","slug":"38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure","link":"https://events.ccc.de/congress/2024/hub/event/we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure/","description":"You've probably already heard the story: we got contracted to analyze a bunch of trains breaking down after being serviced by independent workshops. We reverse engineered them and found code which simulated failures when they detected servicing attempts. We presented our findings at 37C3… and then shit hit the fan.\r\n\r\nThis talk will be an update about what happened since our 37C3 presentation. We’ll talk about:\r\n- Three parliamentary workgroup sessions with dirty bathroom photos on Newag’s offtopic slides, train operators revealing that they paid Newag more than 20k EUR for unlocking a single train, which Newag was able to unlock in 10 minutes, and at the same time saying that they don’t know anything about the locks.\r\n- 140-page lawsuits, accusing us of _copyright violation and unfair competition_ (sic!) with a lot of logical gymnastics.\r\n- How it’s like to repeatedly explain reverse engineering concepts to journalists.\r\n- 6 official investigations, two of them criminal.\r\n- New cases revealed since then (from different train operators).\r\n- and much more!\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Redford","q3k","MrTick"],"tags":["38c3","336","2024","Hardware \u0026 Making","Saal 1"],"view_count":76380,"promoted":false,"date":"2024-12-27T23:00:00.000+01:00","release_date":"2025-01-10T00:00:00.000+01:00","updated_at":"2026-04-03T06:15:03.634+02:00","length":2673,"duration":2673,"thumb_url":"https://static.media.ccc.de/media/congress/2024/336-233cb1d4-4833-5384-aeee-d99344433e0b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/336-233cb1d4-4833-5384-aeee-d99344433e0b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/336-233cb1d4-4833-5384-aeee-d99344433e0b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/336-233cb1d4-4833-5384-aeee-d99344433e0b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure","url":"https://api.media.ccc.de/public/events/233cb1d4-4833-5384-aeee-d99344433e0b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"68ded9c9-72a2-56b7-8191-4cb235bef513","title":"How to Spec - Fun with dinosaurs","subtitle":null,"slug":"38c3-how-to-spec-fun-with-dinosaurs","link":"https://events.ccc.de/congress/2024/hub/event/how-to-spec-fun-with-dinosaurs/","description":"The public image of dinosaurs is largely shaped by art. While paleontology is a dynamic and productive science, it is primarily through paleoart that our perception of prehistoric life takes form. By combining informed speculation with a deep understanding of anatomy, ecology, and geology, paleoartists continuously reimagine extinct organisms in innovative ways.\n\nThe public image of dinosaurs is largely shaped by art. While paleontology is a dynamic and productive science, it is primarily through paleoart that our perception of prehistoric life takes form. This tradition of science informed art form, rooted in a 200-year history, finds its inspiration in the fossil record and the interpretations it offers.\nThe gaps in our knowledge are as influential as the fossils themselves. Through informed speculation and a fundamental understanding of anatomy, ecology and geology a paleoartist is able to bring back extinct organisms in ever new ways.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Joschua Knüppe"],"tags":["38c3","691","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":1042,"promoted":false,"date":"2024-12-27T21:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T06:30:03.729+02:00","length":2460,"duration":2460,"thumb_url":"https://static.media.ccc.de/media/congress/2024/691-68ded9c9-72a2-56b7-8191-4cb235bef513.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/691-68ded9c9-72a2-56b7-8191-4cb235bef513_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/691-68ded9c9-72a2-56b7-8191-4cb235bef513.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/691-68ded9c9-72a2-56b7-8191-4cb235bef513.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-how-to-spec-fun-with-dinosaurs","url":"https://api.media.ccc.de/public/events/68ded9c9-72a2-56b7-8191-4cb235bef513","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"514a24bc-31db-5a04-8e33-8c777742e575","title":"BlinkenCity: Radio-Controlling Street Lamps and Power Plants","subtitle":null,"slug":"38c3-blinkencity-radio-controlling-street-lamps-and-power-plants","link":"https://events.ccc.de/congress/2024/hub/event/blinkencity-radio-controlling-street-lamps-and-power-plants/","description":"A significant portion of Europe's renewable energy production can be remotely controlled via longwave radio. While this system is intended to stabilize the grid, it can potentially also be abused to destabilize it by remotely toggling energy loads and power plants. \n\nIn this talk, we will dive into radio ripple control technology, analyze the protocols in use, and discuss whether its weaknesses could potentially be leveraged to cause a blackout, or – more positively – to create a city-wide Blinkenlights-inspired art installation.\n\nWith three broadcasting towers and over 1.3 million receivers, the radio ripple control system by *EFR (Europäische Funk-Rundsteuerung) GmbH* is responsible for controlling various types of loads (street lamps, heating systems, wall boxes, …) as well as multiple gigawatts of renewable power generation (solar, wind, biogas, …) in Germany, Austria, Czechia, Hungary and Slovakia. \n\nThe used radio protocols Versacom and Semagyr, which carry time and control signals, are partially proprietary but completely unencrypted and unauthenticated, leaving the door open for abuse. \n\nThis talk will cover: \n- An introduction to radio ripple control \n- Detailed analysis of transmitted radio messages, protocols, addressing schemes, and their inherent weaknesses \n - Hardware hacking and reversing \n - Implementation of sending devices and attack PoCs \n - (Live) demonstrations of attacks \n - Evaluation of the abuse potential \n - The way forward\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Fabian Bräunlein","Luca Melette"],"tags":["38c3","198","2024","Security","Saal 1"],"view_count":33455,"promoted":false,"date":"2024-12-28T21:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T17:15:04.316+02:00","length":3672,"duration":3672,"thumb_url":"https://static.media.ccc.de/media/congress/2024/198-514a24bc-31db-5a04-8e33-8c777742e575.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/198-514a24bc-31db-5a04-8e33-8c777742e575_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/198-514a24bc-31db-5a04-8e33-8c777742e575.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/198-514a24bc-31db-5a04-8e33-8c777742e575.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-blinkencity-radio-controlling-street-lamps-and-power-plants","url":"https://api.media.ccc.de/public/events/514a24bc-31db-5a04-8e33-8c777742e575","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"18d1847b-c929-5c98-93ed-f0826a0e08ca","title":"Wie wird gleich?","subtitle":null,"slug":"38c3-wie-wird-gleich","link":"https://events.ccc.de/congress/2024/hub/event/wie-wird-gleich/","description":"Welchen Einfluss hat die Form der Dinge? Wie wirken wir durch die Gestaltung unseren kulturellen Praxen, Architekturen, Sprachen und Strukturen auf uns und die uns umgebende Zukunft ein? Und warum findet sich in zeitgenössischer Design Theorie ein Verb wie *Futuring*?\n\nBasierend auf der Annahme, dass alles mit allem zusammen hängt und ein gemeinsames Interesse besteht, die gesamte Scheiße zum Guten zu wenden, lade ich dazu ein, anhand von Praxisbeispielen aus meiner künstlerischer Forschung und einfachen Live-Experimenten, zu erfahren, wie wir alle Welt gestalten. Und wie wir aus diesem Beteiligt sein Mut ziehen können, einer lebenswerten Zukunft für alle näher zu kommen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["kathia"],"tags":["38c3","652","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":1340,"promoted":false,"date":"2024-12-27T22:05:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-03-19T11:45:08.225+01:00","length":2061,"duration":2061,"thumb_url":"https://static.media.ccc.de/media/congress/2024/652-18d1847b-c929-5c98-93ed-f0826a0e08ca.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/652-18d1847b-c929-5c98-93ed-f0826a0e08ca_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/652-18d1847b-c929-5c98-93ed-f0826a0e08ca.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/652-18d1847b-c929-5c98-93ed-f0826a0e08ca.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-wie-wird-gleich","url":"https://api.media.ccc.de/public/events/18d1847b-c929-5c98-93ed-f0826a0e08ca","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9dee529b-4a70-58c3-82fd-c51497bc7c77","title":"CTF: WTF?! - Capture The Flag für Einsteiger","subtitle":null,"slug":"38c3-ctf-wtf-capture-the-flag-fr-einsteiger","link":"https://events.ccc.de/congress/2024/hub/event/ctf-wtf-capture-the-flag-fr-einsteiger/","description":"Capture The Flag (CTF) für Einsteiger: Wie man legal \"hacken\" ueben kann, warum man das tun sollte und wo man anfaengt.\n\n\"Hacken\" ist längst nicht mehr nur Hobby. WTF? CTF!\n\nWas ist ein \"Capture The Flag\", wie passt das in die aktuelle Menge aus Security Buzzwords, welchen Nutzen kann ich daraus ziehen und wie fange ich an? \nEs werden ein paar einfache Plattformen und Veranstaltungen zum starten und üben gezeigt. Dem folgen Spielarten, Wege \"hacken\" zu lernen, und ein Ausblick auf berufliche Möglichkeiten. \n\nDer Vortrag richtet sich an Einsteiger die neue Herausforderungen suchen und ihr Wissen um IT-Sicherheit vertiefen wollen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["hubertf"],"tags":["38c3","765","2024","Stage HUFF"],"view_count":13634,"promoted":false,"date":"2024-12-27T13:30:00.000+01:00","release_date":"2025-01-08T00:00:00.000+01:00","updated_at":"2026-04-02T12:45:05.916+02:00","length":2281,"duration":2281,"thumb_url":"https://static.media.ccc.de/media/congress/2024/765-9dee529b-4a70-58c3-82fd-c51497bc7c77.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/765-9dee529b-4a70-58c3-82fd-c51497bc7c77_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/765-9dee529b-4a70-58c3-82fd-c51497bc7c77.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/765-9dee529b-4a70-58c3-82fd-c51497bc7c77.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ctf-wtf-capture-the-flag-fr-einsteiger","url":"https://api.media.ccc.de/public/events/9dee529b-4a70-58c3-82fd-c51497bc7c77","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5e5afe9c-dbff-5b05-a11c-202e3ad5ac81","title":"Och Menno: Physik sagt NEIN-Von Kickstartern und SciFi Waffen","subtitle":"","slug":"38c3-och-menno-physik-sagt-nein-von-kickstartern-und-scifi-waffen","link":"https://events.ccc.de/congress/2024/hub/event/och-menno-physik-sagt-nein-von-kickstartern-und-scifi-waffen/","description":"Was haben Triton, Fontus und Railguns gemeinsam ? Coole Sales Slides aber evtl. wenig Ahnung von Physik. Ein kleiner Live Podcast zu Projekten wo eine Grundlage an Physik ein Verschwenden von Geld verhindert hätten.\r\n\r\nDer Failpodcast live auf der Bühne:\r\n\r\nEs gibt viele Projekte die ja wunderschön Shiny aussehen. Und der CEO hat sogar Industriedesign studiert. Und die Slides sind toll. Und es gibt ein tolles 3D Video. Was soll schon schiefgehen ?\r\n\r\nWarum kann man nicht Unterwasser mit der Triton atmen, in der Wüste nicht aus der Fontus trinken ? Ich nehme euch mit in eine kleine Reise durch Kickstarter Fails / Scams bis hin zu Militärprojekten die auf dem Papier schön aussahen aber halt im Ende ne ganze Menge Geld verblasen haben.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ucki (He/Him)"],"tags":["38c3","58296","2024","Sendezentrum","Saal X 07"],"view_count":5870,"promoted":false,"date":"2024-12-29T17:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T01:00:04.261+02:00","length":2647,"duration":2647,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58296-5e5afe9c-dbff-5b05-a11c-202e3ad5ac81.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58296-5e5afe9c-dbff-5b05-a11c-202e3ad5ac81_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58296-5e5afe9c-dbff-5b05-a11c-202e3ad5ac81.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58296-5e5afe9c-dbff-5b05-a11c-202e3ad5ac81.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-och-menno-physik-sagt-nein-von-kickstartern-und-scifi-waffen","url":"https://api.media.ccc.de/public/events/5e5afe9c-dbff-5b05-a11c-202e3ad5ac81","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"8131bc80-bc4d-5767-b9dd-30a1d45a19ea","title":"A dive into DNS","subtitle":null,"slug":"38c3-a-dive-into-dns","link":"https://events.ccc.de/congress/2024/hub/event/a-dive-into-dns/","description":"Everyone kind of forgot about DNS. How does it work, how to claim it back and why?\n\nThis talk will show some data about DNS to see differences between TLD's, will show how the entire thing works and the current problems in some setups. Then show how to make our own authoritative DNS servers in a secure and redundant way to claim ownership of it and decentralise it from the big providers.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["altf4"],"tags":["38c3","686","2024","Stage HUFF"],"view_count":5244,"promoted":false,"date":"2024-12-27T21:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T13:15:04.341+02:00","length":2428,"duration":2428,"thumb_url":"https://static.media.ccc.de/media/congress/2024/686-8131bc80-bc4d-5767-b9dd-30a1d45a19ea.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/686-8131bc80-bc4d-5767-b9dd-30a1d45a19ea_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/686-8131bc80-bc4d-5767-b9dd-30a1d45a19ea.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/686-8131bc80-bc4d-5767-b9dd-30a1d45a19ea.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-a-dive-into-dns","url":"https://api.media.ccc.de/public/events/8131bc80-bc4d-5767-b9dd-30a1d45a19ea","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"faec986b-49c3-5343-9c69-bacb610e9ee3","title":"Transitous - offener Routingdienst für öffentliche Verkehrsmittel","subtitle":null,"slug":"38c3-transitous-offener-routingdienst-fr-ffentliche-verkehrsmittel","link":"https://events.ccc.de/congress/2024/hub/event/transitous-offener-routingdienst-fr-ffentliche-verkehrsmittel/","description":"Unabhängige Apps für den öffentlichen Nahverkehr stehen häufig vor dem Problem, dass sie durch die vielen separaten APIs der Verkehrsbetriebe eingeschränkt sind, die oft nicht über die vollständigen Daten der anderen Betreiber verfügen.\n\nDies macht es unmöglich, vollständige Routen zu erhalten. In Städten wie Paris ist z.B. die Kenntnis der örtlichen Metro erforderlich, da die verschiedenen Bahnhöfe nicht direkt miteinander verbunden sind.\n\nTransitous will dieses Problem auf der Grundlage öffentlich zugänglicher Fahrplandaten lösen.\n\nBestehende Routing-Lösungen aus der Community waren nur für Fahrräder, Autos oder Fußgänger verfügbar.\n\nDadurch blieb den Apps für den öffentlichen Verkehr nur die Möglichkeit, viele verschiedene Betreiber-APIs mit begrenzten Daten zu verwenden.\n\nEinige überließen die Wahl der besten API der Nutzer*in oder versuchten, die beste API auf der Grundlage der regionalen Abdeckung automatisch auszuwählen.\n\nDies verhinderte, Verbindungen über größere Entfernungen einschließlich des Nahverkehrs mit einer einzelnen Anfrage finden zu können.\n\nMit neueren freien und quelloffenen intermodalen Routing-Engines wie MOTIS und der zunehmenden Verfügbarkeit von Fahrplänen der öffentlichen Verkehrsmittel im GTFS- und GTFS-RT-Format im Internet wurde es möglich, dieses Problem zu lösen.\n\nIn diesem Talk wird vorgestellt, was wir bisher erreicht haben und wie das Projekt weiterentwickelt und genutzt werden kann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jonah Brüchert"],"tags":["38c3","693","2024","Stage YELL"],"view_count":3644,"promoted":false,"date":"2024-12-28T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T09:30:05.674+02:00","length":2530,"duration":2530,"thumb_url":"https://static.media.ccc.de/media/congress/2024/693-faec986b-49c3-5343-9c69-bacb610e9ee3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/693-faec986b-49c3-5343-9c69-bacb610e9ee3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/693-faec986b-49c3-5343-9c69-bacb610e9ee3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/693-faec986b-49c3-5343-9c69-bacb610e9ee3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-transitous-offener-routingdienst-fr-ffentliche-verkehrsmittel","url":"https://api.media.ccc.de/public/events/faec986b-49c3-5343-9c69-bacb610e9ee3","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"27b95819-6bba-5d9e-a9e6-41e811c1cf4e","title":"Von Augustus bis Trump – Warum Desinformation ein Problem bleibt und was wir trotzdem dagegen tun können","subtitle":null,"slug":"38c3-von-augustus-bis-trump-warum-desinformation-ein-problem-bleibt-und-was-wir-trotzdem-dagegen-tun-knnen","link":"https://events.ccc.de/congress/2024/hub/event/von-augustus-bis-trump-warum-desinformation-ein-problem-bleibt-und-was-wir-trotzdem-dagegen-tun-knnen/","description":"Trotz intensiver Forschung hinken wir aktuellen Entwicklungen im Bereich Desinformation oft hinterher. In diesem Vortrag erklären wir, warum der Umgang mit Desinformation so herausfordernd ist und welche konkreten Lösungsansätze es gibt.\n\nObwohl wir inzwischen aus Perspektive der Forschung gesicherte Erkenntnisse über Verbreitung und Wirkung von Desinformationen haben und wirksame Präventions- wie auch Interventionsmaßnahmen auf vielen Ebenen diskutiert werden, laufen wir den tatsächlichen Entwicklungen und gesellschaftlichen Konsequenzen von Desinformation nur hinterher. Ein effektiver Umgang mit den unterschiedlichen Spielarten von Desinformation gelingt oft nicht.\n\nMit Blick auf die aktuelle Forschung bieten wir einen Überblick über Lösungen gegen Desinformation. Dieser Talk soll die Begrifflichkeit für die öffentliche Debatte schärfen und die Frage adressieren: Was kann und soll als Desinformation verstanden werden? Darüber hinaus wollen wir diskutieren, warum der Umgang mit Desinformation so schwierig ist und welche individuellen, gesellschaftlichen und politischen Herausforderungen ihn so schwierig machen. Abschließend beantworten wir die Fragen: Was ist zu tun?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Hendrik Heuer","Josephine Schmitt"],"tags":["38c3","246","2024","Science","Saal GLITCH"],"view_count":2792,"promoted":false,"date":"2024-12-29T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-08T19:30:05.810+01:00","length":2354,"duration":2354,"thumb_url":"https://static.media.ccc.de/media/congress/2024/246-27b95819-6bba-5d9e-a9e6-41e811c1cf4e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/246-27b95819-6bba-5d9e-a9e6-41e811c1cf4e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/246-27b95819-6bba-5d9e-a9e6-41e811c1cf4e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/246-27b95819-6bba-5d9e-a9e6-41e811c1cf4e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-von-augustus-bis-trump-warum-desinformation-ein-problem-bleibt-und-was-wir-trotzdem-dagegen-tun-knnen","url":"https://api.media.ccc.de/public/events/27b95819-6bba-5d9e-a9e6-41e811c1cf4e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7f4f44d8-89ea-5a84-8014-090b6ea88f3c","title":"From fault injection to RCE: Analyzing a Bluetooth tracker","subtitle":null,"slug":"38c3-from-fault-injection-to-rce-analyzing-a-bluetooth-tracker","link":"https://events.ccc.de/congress/2024/hub/event/from-fault-injection-to-rce-analyzing-a-bluetooth-tracker/","description":"The Chipolo ONE is a Bluetooth tracker built around the Dialog (now Renesas)\nDA14580 chip. This talk will present the research made on this device, from\nextracting the firmware from the locked down chip using fault injection up to\ngetting remote code execution over Bluetooth.\nThe talk will also present the disclosure process and how the vendor reacted to\nan unpatchable vulnerability on their product.\n\nThis talk will present the journey through the analysis of the Chipolo ONE\nBluetooth tracker. As for lots of IoT devices, this analysis mixes both hardware\nand software attacks so this talk will be packed with lots of techniques that\ncan be applied to other devices as well:\n\n - Using fault injection to bypass the debug locking mechanism on a chip that has\n apparently never been broken before.\n - Reverse engineering an unknown firmware with Ghidra, a PDF and parts of a SDK\n - Analyzing weak cryptographic algorithms to be able to authenticate to any\n device\n - Finding a buffer overflow and achieve code execution over Bluetooth\n - Disclosing an unpatchable vulnerability to the vendor\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Nicolas Oberli"],"tags":["38c3","178","2024","Security","Saal ZIGZAG"],"view_count":1992,"promoted":false,"date":"2024-12-27T17:15:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-23T16:00:06.191+01:00","length":1898,"duration":1898,"thumb_url":"https://static.media.ccc.de/media/congress/2024/178-7f4f44d8-89ea-5a84-8014-090b6ea88f3c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/178-7f4f44d8-89ea-5a84-8014-090b6ea88f3c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/178-7f4f44d8-89ea-5a84-8014-090b6ea88f3c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/178-7f4f44d8-89ea-5a84-8014-090b6ea88f3c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-from-fault-injection-to-rce-analyzing-a-bluetooth-tracker","url":"https://api.media.ccc.de/public/events/7f4f44d8-89ea-5a84-8014-090b6ea88f3c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"05e31b15-63a5-5daf-819d-2cade987e5f9","title":"Der CCC-Jahresrückblick","subtitle":null,"slug":"38c3-der-ccc-jahresrckblick","link":"https://events.ccc.de/congress/2024/hub/event/der-ccc-jahresrckblick/","description":"Wir geben einen Überblick über die Themen, die den Chaos Computer Club 2024 beschäftigt haben.\n\nNeben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte und anstehende Diskussionen reden.\n\nVon der Ampel über den epa bis zur Chatkontrolle, welche Themen haben den CCC in 2024 auf Trab gehalten?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["erdgeist","kantorkel","khaleesi","Linus Neumann","Constanze Kurz"],"tags":["38c3","1","2024","CCC","Saal 1"],"view_count":29906,"promoted":false,"date":"2024-12-28T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-29T11:15:06.384+02:00","length":7348,"duration":7348,"thumb_url":"https://static.media.ccc.de/media/congress/2024/1-05e31b15-63a5-5daf-819d-2cade987e5f9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/1-05e31b15-63a5-5daf-819d-2cade987e5f9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/1-05e31b15-63a5-5daf-819d-2cade987e5f9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/1-05e31b15-63a5-5daf-819d-2cade987e5f9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-der-ccc-jahresrckblick","url":"https://api.media.ccc.de/public/events/05e31b15-63a5-5daf-819d-2cade987e5f9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"0935f414-8d47-5636-8a26-fe2b09148c3b","title":"Navigating the grey","subtitle":null,"slug":"38c3-navigating-the-grey","link":"https://events.ccc.de/congress/2024/hub/event/navigating-the-grey/","description":"Navigating The Gray; Hacker's Compass.\n\nIn an expanding digital world, the lines quickly blur between what's good and what is bad (ethical and not) Without using big complicated words, Ethics are a reference for our action to know good from bad. In this talk we go over a framework of ethics to help predetermine which direction our actions would lead us. \nThis is not a code of ethics saying what is good and what is bad, after all life is somewhere in between, and you do you. This is a more of a measurement tool, like a compass. A hacker's compass, a pocket sized framework of three ethics to triangulate where we are on the gray, and where our actions would take us.\n\nPrepared time for Q\u0026A and little discussion after the talk. I would be happy to learn more from other people's experiences and Ideas on this topic.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["moe"],"tags":["38c3","835","2024","Stage YELL"],"view_count":464,"promoted":false,"date":"2024-12-28T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-01-01T03:15:14.612+01:00","length":2065,"duration":2065,"thumb_url":"https://static.media.ccc.de/media/congress/2024/835-0935f414-8d47-5636-8a26-fe2b09148c3b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/835-0935f414-8d47-5636-8a26-fe2b09148c3b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/835-0935f414-8d47-5636-8a26-fe2b09148c3b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/835-0935f414-8d47-5636-8a26-fe2b09148c3b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-navigating-the-grey","url":"https://api.media.ccc.de/public/events/0935f414-8d47-5636-8a26-fe2b09148c3b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5a32137a-de6c-5f4d-9ac2-d8d4df39ac78","title":"Vulnerability management with DefectDojo","subtitle":null,"slug":"38c3-vulnerability-management-with-defectdojo","link":"https://events.ccc.de/congress/2024/hub/event/vulnerability-management-with-defectdojo/","description":"Defect Dojo is an open source tool for vulnerability management. I will give an introduction into vulnerability management and show how that is implemented with defect dojo\n\nVulnerability management is a try to integrate finding, managing and mitigating of vulnerabilities in code into your workflow. \n\nIt usually starts with some tools to find vulnerabilities in different areas - let it be with image scanning like Trivy and Clair, classical vuln scanning like Nessus, Static code analysis like Sonar or dependency management with the OWASP dependency tracker. \n\nDefect Dojo takes all those reports, dedublicates findings, manages the handling of false positives and gives a Product Owner a tool to the hand how to move that on into your development tracking software like Jira or else. \n\nI will show how all of that works and what advantages this have. Also some insight how its used in a medium size critical infrastructure company.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["mc.fly"],"tags":["38c3","719","2024","Stage HUFF"],"view_count":1171,"promoted":false,"date":"2024-12-29T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T20:15:05.956+02:00","length":2353,"duration":2353,"thumb_url":"https://static.media.ccc.de/media/congress/2024/719-5a32137a-de6c-5f4d-9ac2-d8d4df39ac78.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/719-5a32137a-de6c-5f4d-9ac2-d8d4df39ac78_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/719-5a32137a-de6c-5f4d-9ac2-d8d4df39ac78.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/719-5a32137a-de6c-5f4d-9ac2-d8d4df39ac78.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-vulnerability-management-with-defectdojo","url":"https://api.media.ccc.de/public/events/5a32137a-de6c-5f4d-9ac2-d8d4df39ac78","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f05ded86-d09a-59b9-8023-2ef500f626f9","title":"Wie fliegt man eigentlich Flugzeuge?","subtitle":null,"slug":"38c3-wie-fliegt-man-eigentlich-flugzeuge","link":"https://events.ccc.de/congress/2024/hub/event/wie-fliegt-man-eigentlich-flugzeuge/","description":"Etwas wie die \"Sendung mit der Maus\", dafür mit tiefer fachlicher Ausführung und allen Details. Es handelt vor allem um Technik und Abläufe, die man als Laie oder Fluggast nicht sehen und wissen kann.\n\nFlugzeuge können fliegen, das muss man nicht mehr erklären. Aber hat ein Flugzeug wirklich einen Schlüssel wie ein Auto? Kann ich einfach einsteigen und losfliegen? Die Antwort lautet: Es kommt darauf an.\n\nFliegen ist ein komplexes Zusammenspiel von Technik, Physik, Menschen und Prozessen. Und je nachdem, wie und was man fliegt, was hat ein A380 mit einer Cessna 152 gemeinsam?\n\nWir nehmen euch mit auf einen fiktiven Flug von Frankfurt nach Mumbai und zurück und erklären euch, was alles im Hintergrund passiert und wovon ihr nichts mitbekommt. \n\nEs erwartet euch eine Mischung aus Vortrag, lustigen Geschichten und auch Yak-Shaving, damit wir gemeinsam verstehen, was da eigentlich genau passiert.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christian Lölkes","kleinsophie"],"tags":["38c3","561","2024","Science","Saal 1"],"view_count":7012,"promoted":false,"date":"2024-12-28T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T18:15:05.779+02:00","length":2411,"duration":2411,"thumb_url":"https://static.media.ccc.de/media/congress/2024/561-f05ded86-d09a-59b9-8023-2ef500f626f9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/561-f05ded86-d09a-59b9-8023-2ef500f626f9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/561-f05ded86-d09a-59b9-8023-2ef500f626f9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/561-f05ded86-d09a-59b9-8023-2ef500f626f9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-wie-fliegt-man-eigentlich-flugzeuge","url":"https://api.media.ccc.de/public/events/f05ded86-d09a-59b9-8023-2ef500f626f9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"0c346b37-5f1e-5765-b4cd-0075cadc127e","title":"All Brains are Beautiful! – The Biology of Neurodiversity","subtitle":null,"slug":"38c3-all-brains-are-beautiful-the-biology-of-neurodiversity","link":"https://events.ccc.de/congress/2024/hub/event/all-brains-are-beautiful-the-biology-of-neurodiversity/","description":"How do you think?\nPeople can experience thoughts, feelings, and sensory inputs very differently. While context and substances are known to promote changes in perception and thinking, the biological basis is very diverse, contrary to what is often assumed. Brain cells come in extraordinary varieties in size, shape, and complexity. Their synaptic connectivity provides the foundation of all our sensory input, motor output, cognitive functions, and thoughts. In short: They shape us. This talk gives an introduction about the extent of variability in neuronal patterns that underlies neurodiversity and critically discusses the idea of neurodivergence, diagnosis criteria in Autism and ADHD from a biological and first person-perspective. We find that biological variability of brains is an evolutionary feature that helps us to adapt to our environment but comes with certain risks and downsides in our modern society. While many things are still unknown, scientists have identified genes and environmental impacts that shape our network architecture during brain development and which help to explain why we think and experience the world so differently.\n\nThis talk gives an introduction about the extent of variability in neuronal patterns that underlies neurodiversity and critically discusses the idea of neurodivergence, diagnosis criteria in Autism and ADHD from a biological and affected person-perspective. It aims to clear up stereotypes, dogmas that still stick in our society and provides latest insights from science and community about what makes our brains work so differently.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Marcello"],"tags":["38c3","436","2024","Science","Saal 1"],"view_count":4037,"promoted":false,"date":"2024-12-30T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T19:15:07.979+02:00","length":2463,"duration":2463,"thumb_url":"https://static.media.ccc.de/media/congress/2024/436-0c346b37-5f1e-5765-b4cd-0075cadc127e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/436-0c346b37-5f1e-5765-b4cd-0075cadc127e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/436-0c346b37-5f1e-5765-b4cd-0075cadc127e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/436-0c346b37-5f1e-5765-b4cd-0075cadc127e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-all-brains-are-beautiful-the-biology-of-neurodiversity","url":"https://api.media.ccc.de/public/events/0c346b37-5f1e-5765-b4cd-0075cadc127e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"46d28f57-bc1a-539f-b040-37dc51b176d9","title":"Die Faszination des echten Kugelspiels","subtitle":null,"slug":"38c3-die-faszination-des-echten-kugelspiels","link":"https://events.ccc.de/congress/2024/hub/event/die-faszination-des-echten-kugelspiels/","description":"Der Vortrag ist ein persönlicher Blick auf die Geschichte, Vielfalt und Entwicklung im Bereich der Flipperautomaten und ist motiviert durch die eigene Begeisterung für diese Form von Unterhaltungstechnik. Geschichte und Geschichten der Geräte wird anhand eigener Erfahrungen, Sammlung und Recherche sowie Geschehnissen und eigene Anwendungen der Geräte (Kauf, Reparatur, Restauration, Modifikation, ...) präsentiert und soll die Faszination und das Interesse dafür wecken oder Interessierte zusammenbringen. Es ist geplant, auch Geräte zum Kongress mitzubringen, die bespielt und/oder im Detail erklärt werden können und vielleicht sogar ein Gerät zum Basteln bereit zu stellen.\n\nFlipperautomaten waren für lange Zeit ein fester Bestandteil der Unterhaltungs- und Jugendkultur. Sie vereinen ein reales Spielgeschehen mit echten Kugeln und Hindernissen mit (Elektro-)mechanischer und elektronischer Steuerung und Effekten und sind dabei dem direkten Einfluss der Spieler ausgesetzt. Seit einiger Zeit ist diese Unterhaltung, die zudem meist an Orten außerhalb des eigenen Zuhauses stattfand, nun von rein oder vorwiegend virtuellen Spielangeboten ersetzt worden, die in unserem Kulturkreis vor allem in den eigenen vier Wänden stattfindet. Der Vortrag wirft einen persönlichen Blick zurück auf die Entwicklung und Eigenarten dieser Unterhaltungstechnik und beschreibt eigene Erfahrungen aus einigen Jahren, in denen der Vortragende in diesem Umfeld tätig war. Er gibt auch Einblicke in die verwendete Technik und zieht Parallelen zu aktuellen Einsätzen ähnlicher Unterhaltungsanwendungen wie z. B. Escape-Rooms.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Gunther"],"tags":["38c3","252","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":1997,"promoted":false,"date":"2024-12-28T23:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-01T17:45:10.476+01:00","length":2486,"duration":2486,"thumb_url":"https://static.media.ccc.de/media/congress/2024/252-46d28f57-bc1a-539f-b040-37dc51b176d9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/252-46d28f57-bc1a-539f-b040-37dc51b176d9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/252-46d28f57-bc1a-539f-b040-37dc51b176d9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/252-46d28f57-bc1a-539f-b040-37dc51b176d9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-die-faszination-des-echten-kugelspiels","url":"https://api.media.ccc.de/public/events/46d28f57-bc1a-539f-b040-37dc51b176d9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"e5bd7031-bc26-588e-850f-8b1ff94e1380","title":"Geostationäre Satelliten als Hobby","subtitle":null,"slug":"38c3-geostationre-satelliten-als-hobby","link":"https://events.ccc.de/congress/2024/hub/event/geostationre-satelliten-als-hobby/","description":"Geostationäre Satelliten können ein spannendes Hobby sein, von Satellitenpiraterie über Amateurfunksatelliten bis hin zum digitalen Satellitenrundfunk finden sich viele Betätigungsfelder.\n\nWas sind geostationäre Satelliten, was macht man damit, und warum hört man auf US-Militärsatelliten auch mal Leute Portugisisch sprechen oder Songs von den Bangles? Das sind nur einige Fragen die ich in diesem kleinen Ritt durch die Nachrichtentechnik der Fernmeldesatelliten beantworten werde. Das ganze mit Illustrationen und realen Beispielen sichtbar gemacht, sowie Praxistipps wie man diese Satelliten auch selbst nutzen kann.\n\nDer Vortrag versucht für ein breites Publikum verständlich zu sein und dabei eine Balance zwischen didaktischer Vereinfachung und der korrekten Darstellung von Technologien und Verfahren. Es häufig gezeigt wohin man gehen kann, wenn man mehr wissen will.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christian Berger"],"tags":["38c3","740","2024","Stage YELL"],"view_count":2942,"promoted":false,"date":"2024-12-28T21:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-18T18:15:07.121+01:00","length":2194,"duration":2194,"thumb_url":"https://static.media.ccc.de/media/congress/2024/740-e5bd7031-bc26-588e-850f-8b1ff94e1380.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/740-e5bd7031-bc26-588e-850f-8b1ff94e1380_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/740-e5bd7031-bc26-588e-850f-8b1ff94e1380.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/740-e5bd7031-bc26-588e-850f-8b1ff94e1380.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-geostationre-satelliten-als-hobby","url":"https://api.media.ccc.de/public/events/e5bd7031-bc26-588e-850f-8b1ff94e1380","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f2cf7aa1-4cbb-5ad1-bd51-3ce6e35c5c2e","title":"Selbstverteidigungskurs Meme Warfare","subtitle":null,"slug":"38c3-selbstverteidigungskurs-meme-warfare","link":"https://events.ccc.de/congress/2024/hub/event/selbstverteidigungskurs-meme-warfare/","description":"You are not immune to propaganda and the only winning move is to first recognize you are forced to play The Game\n\nMeme Warfare - das heißt schnelllebige, leicht konsumierbare Propaganda auf Social Media. Jeden Tag sind wir Ziel absichtlicher Meinungsmanipulation - noch mehr wenn es mal wieder auf eine Wahl zugeht. Eine der wichtigsten Punkte von Medienkompetenz ist Propaganda und sog. \"Fake News\" zu erkennen, informiert damit umzugehen und sich vor Einflussnahme zu schützen. Aber wie?\n\nWenig Dinge begegnen uns in unserem Alltag heutzutage häufiger wie Werbung, Propaganda und Desinformation. Dass diese Dinge messbare Effekte auf die Psyche haben und nur deswegen so omnipräsent sein können, machen wir uns als Gesellschaft schon gar nicht mehr klar. Wir sehen aber immer wieder in den Wahlergebnissen und politischen Skandalen der letzen 10 Jahre wie die öffentliche Meinung gezielt beeinflusst wird und wir spüren wie da etwas kippt in unserer Demokratie. \n\nDer Talk ist eine kurze Einführung ins Thema und umfasst drei kurz und knackige Themenblöcke: Was ist überhaupt Propaganda und warum sollte mich das interessieren? Wie sieht Propaganda im Zeitalter von Internet und Social Media aus? Und wie kann ich mich und meine nächsten vor Beeinflussung schützen?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ap_Saegge"],"tags":["38c3","889","2024","Stage YELL"],"view_count":4627,"promoted":false,"date":"2024-12-30T00:20:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-18T18:00:06.479+01:00","length":1240,"duration":1240,"thumb_url":"https://static.media.ccc.de/media/congress/2024/889-f2cf7aa1-4cbb-5ad1-bd51-3ce6e35c5c2e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/889-f2cf7aa1-4cbb-5ad1-bd51-3ce6e35c5c2e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/889-f2cf7aa1-4cbb-5ad1-bd51-3ce6e35c5c2e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/889-f2cf7aa1-4cbb-5ad1-bd51-3ce6e35c5c2e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-selbstverteidigungskurs-meme-warfare","url":"https://api.media.ccc.de/public/events/f2cf7aa1-4cbb-5ad1-bd51-3ce6e35c5c2e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"06c33a51-a3d5-582a-b736-6548e41282e2","title":"Computing Genomes \u0026 what that has to do with privacy","subtitle":null,"slug":"38c3-computing-genomes-what-that-has-to-do-with-privacy","link":"https://events.ccc.de/congress/2024/hub/event/computing-genomes-what-that-has-to-do-with-privacy/","description":"What does it take to get a Genome into the computer?\nA slightly technical, political and personal dive into the field of genomics.\n\nThis will be in the first part an introductory talk to Genomics, covering \"How do you get a genome into your computer?\". As I'm a bioinformaticist, i will briefly mention sequencing, but focus on the computation. Because it turns out that getting a human genome into your computer involves a lot of computation! \n\nIn the second part i will outline where privacy comes in here, and why it is essential, if we want to do work with genomic data responsibly. Understanding privacy goes beyond the technical: economic incentives, legal policy and security need to be taken into consideration to protect genomic data adequately. \n\nIn the third part i will tell of a University program which i organized in which we did our own Genomic Analysis with students, as privacy preserving and digitally sovereign as possible, and tell of the challenges we faced and the learnings we made.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Polaris"],"tags":["38c3","874","2024","Stage YELL"],"view_count":599,"promoted":false,"date":"2024-12-30T12:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-12T01:15:05.055+01:00","length":2832,"duration":2832,"thumb_url":"https://static.media.ccc.de/media/congress/2024/874-06c33a51-a3d5-582a-b736-6548e41282e2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/874-06c33a51-a3d5-582a-b736-6548e41282e2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/874-06c33a51-a3d5-582a-b736-6548e41282e2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/874-06c33a51-a3d5-582a-b736-6548e41282e2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-computing-genomes-what-that-has-to-do-with-privacy","url":"https://api.media.ccc.de/public/events/06c33a51-a3d5-582a-b736-6548e41282e2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4657e8b9-04f6-5bcf-b62e-f9a7322a99a1","title":"Cat ears were just the beginning: Six years in onesies \u0026 what it taught me about life","subtitle":null,"slug":"38c3-cat-ears-were-just-the-beginning-six-years-in-onesies-what-it-taught-me-about-life","link":"https://events.ccc.de/congress/2024/hub/event/cat-ears-were-just-the-beginning-six-years-in-onesies-what-it-taught-me-about-life/","description":"What happens when cat onesies become your daily outfit? This personal story explores my six-year journey wearing cat onesies everywhere—from the reactions of others to practical tips on materials and patterns, and the deeper appeal behind this clothing style.\n\n\"Who defines what 'normal' clothing even is? Who says one can’t just wear a cat onesie as a regular, everyday outfit?\" - Kitty, a few years ago.\nEver wondered what it’s like to wear nothing but cat onesies every day, everywhere, all the time, for years? In this personal story, I’ll share how and why I started wearing onesies daily, how people reacted, which materials and sewing patterns turned out to be practical (and which didn’t), how you can make your own onesie, what all this taught me about life and the deeper reasons why so many of us are curious about this and other unconventional clothing styles.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["glowingkitty"],"tags":["38c3","718","2024","Stage YELL"],"view_count":4951,"promoted":false,"date":"2024-12-28T22:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T10:30:05.601+02:00","length":2508,"duration":2508,"thumb_url":"https://static.media.ccc.de/media/congress/2024/718-4657e8b9-04f6-5bcf-b62e-f9a7322a99a1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/718-4657e8b9-04f6-5bcf-b62e-f9a7322a99a1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/718-4657e8b9-04f6-5bcf-b62e-f9a7322a99a1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/718-4657e8b9-04f6-5bcf-b62e-f9a7322a99a1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-cat-ears-were-just-the-beginning-six-years-in-onesies-what-it-taught-me-about-life","url":"https://api.media.ccc.de/public/events/4657e8b9-04f6-5bcf-b62e-f9a7322a99a1","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"8a97a41a-b4aa-5659-bb9f-f3ee3107a7ea","title":"Gala Be Need Inn - 38c3 Ausgabe","subtitle":null,"slug":"38c3-gala-be-need-inn-38c3-ausgabe","link":"https://events.ccc.de/congress/2024/hub/event/gala-be-need-inn-38c3-ausgabe/","description":"Kein Congress ohne \"Gala Be Need Inn\" , der deutschsprachige Quizpodcast dessen Name ein Anagramm des Originals ist. Wir klären die wirklich wichtigen Fragen des Lebens: Was ist ein Alarmstuhl, was ist die Kotzkurve und wieso haben Schaffner in Frankreich Knallerbsen dabei? Seid dabei, auf der Bühne oder im Publikum!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["MacSnider"],"tags":["38c3","58295","2024","Saal X 07"],"view_count":399,"promoted":false,"date":"2024-12-29T20:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-18T14:30:07.172+01:00","length":5498,"duration":5498,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58295-8a97a41a-b4aa-5659-bb9f-f3ee3107a7ea.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58295-8a97a41a-b4aa-5659-bb9f-f3ee3107a7ea_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58295-8a97a41a-b4aa-5659-bb9f-f3ee3107a7ea.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58295-8a97a41a-b4aa-5659-bb9f-f3ee3107a7ea.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-gala-be-need-inn-38c3-ausgabe","url":"https://api.media.ccc.de/public/events/8a97a41a-b4aa-5659-bb9f-f3ee3107a7ea","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ea95a2c4-0003-54e4-aa19-f50197154205","title":"Das weiß doch niemand - Das Ultimative Super Quiz 3000!","subtitle":null,"slug":"38c3-das-wei-doch-niemand-das-ultimative-super-quiz-3000","link":"https://events.ccc.de/congress/2024/hub/event/das-wei-doch-niemand-das-ultimative-super-quiz-3000/","description":"Lustige Spaßfragen kann ja jeder stellen - jetzt wird's ernst, mit Fragen deren Antworten niemand weiß... oder doch? Finden wir es heraus!\n\nDu machst in Quizduell immer alle platt, hättest beim \"Wer wird Millionär?\" schauen schon 12 Mal die Million gewonnen und bist auch sonst als wandelndes Lexikon und (un)beliebter Klugscheißer bekannt? Dann komm auf die Bühne und beweise es, bei dem ultimativen Super Quiz 3000 mit Fragen deren Antworten dich zum Verzweifeln bringen! \n\nDie Phrase \"omg wer soll das denn wissen?\" könnte während dieser Show öfter zu hören sein - und kann gerne als Trinkspiel genutzt werden.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["MacSnider"],"tags":["38c3","58297","2024","Saal X 07"],"view_count":1483,"promoted":false,"date":"2024-12-28T23:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-27T22:15:05.349+01:00","length":4020,"duration":4020,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58297-ea95a2c4-0003-54e4-aa19-f50197154205.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58297-ea95a2c4-0003-54e4-aa19-f50197154205_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58297-ea95a2c4-0003-54e4-aa19-f50197154205.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58297-ea95a2c4-0003-54e4-aa19-f50197154205.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-das-wei-doch-niemand-das-ultimative-super-quiz-3000","url":"https://api.media.ccc.de/public/events/ea95a2c4-0003-54e4-aa19-f50197154205","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a97720dc-86e7-5447-be4e-1ca3cc1b360f","title":"io_uring, eBPF, XDP and AF_XDP","subtitle":null,"slug":"38c3-iouring-ebpf-xdp-and-afxdp","link":"https://events.ccc.de/congress/2024/hub/event/iouring-ebpf-xdp-and-afxdp/","description":"Modern high-performance networking APIs on Linux - beyond the classic BSD sockets API.\n\nFor many decades, application software programmers have been using the venerable BSD sockets API to make their applications communicate over (at least IP based) networks. Linux has supported TCP/UDP sockets ever since it had a network stack back in the 1990s. While those socket system call APIs are simple and straight-forward, they were designed at a time when internet access happened over dial-up modems and LANs had no more than 10 MBit/s, if at all.\n\nWith today's Multi-Gigabit speeds even in consumer equipment and 40GE/100GE network interface cards for servers being a reality, using those 1980s BSD/POSIX socket interfaces comes with a huge performance penalty.\n\nSome specific use cases like single-flow high-throughput TCP on an end-node have seen optimizations that are transparent to the user (TCP segmentation offloading). But there's only so far you can go with that.\n\nParts of the industry have proposed user-space network stacks built on DPDK - but then basically you do no longer use the Linux kernel network stack at all, and subsequently have none of its features. Yes, that can be fast, but Linux becomes nothing but a bootloader, and you have to implement everything from Ethernet to ARP and IP+TCP in your application.\n\nThe answer of the Linux kernel community over the last 5+ years has been various new mechanisms and interfaces in the Linux kernel that revolutionize the way how applications can achieve higher network I/O\nthroughput - whether an end host (server/client) or a packet-forwarding router/bridge/firewall.\n\nThis talk provides a brief but deeply technical introduction into the problem space, the new mechanisms and their use cases.\n\nWhile the talk discusses features of the Linux kernel, we do not discuss their internals; the focus is on how those mechanisms can be used by applications.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["LaF0rge (He/him)"],"tags":["38c3","338","2024","Security","Saal GLITCH"],"view_count":6846,"promoted":false,"date":"2024-12-28T17:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T08:00:04.008+02:00","length":3417,"duration":3417,"thumb_url":"https://static.media.ccc.de/media/congress/2024/338-a97720dc-86e7-5447-be4e-1ca3cc1b360f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/338-a97720dc-86e7-5447-be4e-1ca3cc1b360f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/338-a97720dc-86e7-5447-be4e-1ca3cc1b360f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/338-a97720dc-86e7-5447-be4e-1ca3cc1b360f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-iouring-ebpf-xdp-and-afxdp","url":"https://api.media.ccc.de/public/events/a97720dc-86e7-5447-be4e-1ca3cc1b360f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"33ec3f8d-2734-5ca8-be30-3f458b539afb","title":"Transparency? Not from the European Commission","subtitle":"","slug":"38c3-transparency-not-from-the-european-commission","link":"https://events.ccc.de/congress/2024/hub/event/transparency-not-from-the-european-commission/","description":"The European Commission is the executive branch of the European Union with the duty to uphold the law. The transparency of the Commission´s actions and decisions range from questionable to abysmal. Attempts by the public to access information are often thwarted. This talk will cover the Commission´s lack of transparency, challenges faced by the public in accessing information, Commission´s tactics and examples of the European Ombudsman´s interventions to improve the situation. Whether you are interested in ChatControl, AI or public procurement, this talk will have you covered.\r\n\r\n~~Redacted~~\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kris Shrishak"],"tags":["38c3","372","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":4887,"promoted":false,"date":"2024-12-27T12:55:00.000+01:00","release_date":"2024-12-27T00:00:00.000+01:00","updated_at":"2026-03-26T10:15:06.202+01:00","length":2157,"duration":2157,"thumb_url":"https://static.media.ccc.de/media/congress/2024/372-33ec3f8d-2734-5ca8-be30-3f458b539afb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/372-33ec3f8d-2734-5ca8-be30-3f458b539afb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/372-33ec3f8d-2734-5ca8-be30-3f458b539afb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/372-33ec3f8d-2734-5ca8-be30-3f458b539afb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-transparency-not-from-the-european-commission","url":"https://api.media.ccc.de/public/events/33ec3f8d-2734-5ca8-be30-3f458b539afb","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"6512be33-401d-5040-9f0d-bd9f7bdfdee2","title":"Observability is just Contextualized Monitoring. Change my mind.","subtitle":null,"slug":"38c3-observability-is-just-contextualized-monitoring-change-my-mind","link":"https://events.ccc.de/congress/2024/hub/event/observability-is-just-contextualized-monitoring-change-my-mind/","description":"The infrastructure industry has recently started co-opting a well-established software engineering practice and is doing so badly. Observability is being overhyped as something revolutionary that you can only practice using the latest new shiny tool. Real observability provides insight only when we take the time to understand what we’re monitoring, why it matters to our organization, and how each metric connects to our goals.\n\nThis talk critiques the tool-centric approach that has taken over infrastructure monitoring, encouraging infrastructure teams to step out of their offices, touch grass, and talk with their organizations to answer the essential question: What is it you want monitored anyway and why?\n\nWe’ll explore the power of applying observability as a practice, not just a product, and highlight F/L/OSS tools that offer powerful, adaptable solutions without the hype. \n\nIf you’re tired of replacing one flashy dashboard with the next, or if you’ve ever wondered whether observability is really the game-changer it’s made out to be, this talk is for you. Let’s take a cue from our software engineering friends and approach observability as a collaborative, cross-functional practice that builds on strategy rather than the next tool.\n\nThe term “observability” is everywhere, packaged as the next game-changer for infrastructure. But beneath the hype, it’s little more than contextualized monitoring—and the infrastructure industry has co-opted it badly. This talk takes a critical look at the tool-centric approach to observability that’s dominating the market and offers an alternative: an approach to observability based on strategy, not the latest tool.\nWe’ll explore the origins of observability as a software engineering practice, where things went wrong as it moved into infrastructure, and how tool-driven marketing misses the point. From understanding why we’re monitoring to identifying what actually matters to our organizations, this session challenges infrastructure teams to rethink observability and ask essential questions that can transform monitoring into a true asset.\nFinally, we’ll dig into powerful F/L/OSS tools that already do the job well, without the hype or the hefty price tag, and consider how infrastructure teams can use and contribute to open-source observability practices that support genuine insight. Join me in side-stepping the hype, and discover how real observability could mean thinking like a hacker—using practical, adaptable, and community-driven solutions that prioritize understanding over just another flashy dashboard.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Obsidian (he/him)"],"tags":["38c3","799","2024","Stage HUFF"],"view_count":1012,"promoted":false,"date":"2024-12-30T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-11T00:00:07.793+01:00","length":1950,"duration":1950,"thumb_url":"https://static.media.ccc.de/media/congress/2024/799-6512be33-401d-5040-9f0d-bd9f7bdfdee2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/799-6512be33-401d-5040-9f0d-bd9f7bdfdee2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/799-6512be33-401d-5040-9f0d-bd9f7bdfdee2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/799-6512be33-401d-5040-9f0d-bd9f7bdfdee2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-observability-is-just-contextualized-monitoring-change-my-mind","url":"https://api.media.ccc.de/public/events/6512be33-401d-5040-9f0d-bd9f7bdfdee2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"6f95336c-76e0-5c3e-91c6-7da80c4c1b89","title":"Can We Find Beauty in Tax Fraud?","subtitle":null,"slug":"38c3-can-we-find-beauty-in-tax-fraud","link":"https://events.ccc.de/congress/2024/hub/event/can-we-find-beauty-in-tax-fraud/","description":"What do Olaf Scholz, blue ikea bags, Moldova, Deutsche Bank, fine art, and Butyrka Prison have in common?\n\nJoin us for a brief stroll through the hidden, shady world of large-scale tax fraud, cross-border financial crime, money laundering, and corruption. We’ll examine both common and lesser-known financial exploits, drawing on revelations from journalists, activists, and investigators over the last few decades.\n\nCan there be beauty in abstraction? And are dividend stripping or VAT fraud diagrams really as dull as they seem? But most importantly: Is defrauding the public of 64 billion euros considered science, engineering, or art? And what does this have to do with you—and why should you care?\n\nUsing real-world case studies, we’ll explore how corporations and individuals defraud populations and how these schemes—though sometimes confusing or complex on the surface—rely on surprisingly simple, chained tactics, much like exploits in information systems. We’ll break down the roles of various actors, service providers, fraudsters, and corrupt officials, as well as their playbooks, exploring how these crimes work or how they break and fail.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["martin"],"tags":["38c3","402","2024","Art \u0026 Beauty","Saal 1"],"view_count":3260,"promoted":false,"date":"2024-12-29T15:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-19T00:45:03.657+01:00","length":2091,"duration":2091,"thumb_url":"https://static.media.ccc.de/media/congress/2024/402-6f95336c-76e0-5c3e-91c6-7da80c4c1b89.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/402-6f95336c-76e0-5c3e-91c6-7da80c4c1b89_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/402-6f95336c-76e0-5c3e-91c6-7da80c4c1b89.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/402-6f95336c-76e0-5c3e-91c6-7da80c4c1b89.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-can-we-find-beauty-in-tax-fraud","url":"https://api.media.ccc.de/public/events/6f95336c-76e0-5c3e-91c6-7da80c4c1b89","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"3fe97197-feee-5191-81c8-51aeff348868","title":"Feelings are Facts: Love, Privacy, and the Politics of Intellectual Shame","subtitle":null,"slug":"38c3-feelings-are-facts-love-privacy-and-the-politics-of-intellectual-shame","link":"https://events.ccc.de/congress/2024/hub/event/feelings-are-facts-love-privacy-and-the-politics-of-intellectual-shame/","description":"A debut of new research and analysis, focused on emotions and the affective register—love! shame! intimacy!\n\nWhat happens when we put love and intimacy at the center of our understanding of privacy, and what are the consequences of their disavowal, in favor of a more familiar technocratic definition of privacy-as-absense? What role does our deep desire for love and belonging, and our concomitant fear of shame and rejection, have to do with the (mis)direction of tech capital and the current, warped shape of the tech industry and its products? We take these questions seriously, and work through their implications together in Hamburg during that brief, liminal window between the winter holidays and the new year.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Meredith Whittaker"],"tags":["38c3","676","2024","CCC","Saal 1"],"view_count":12162,"promoted":false,"date":"2024-12-27T21:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T16:00:03.646+02:00","length":2442,"duration":2442,"thumb_url":"https://static.media.ccc.de/media/congress/2024/676-3fe97197-feee-5191-81c8-51aeff348868.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/676-3fe97197-feee-5191-81c8-51aeff348868_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/676-3fe97197-feee-5191-81c8-51aeff348868.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/676-3fe97197-feee-5191-81c8-51aeff348868.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-feelings-are-facts-love-privacy-and-the-politics-of-intellectual-shame","url":"https://api.media.ccc.de/public/events/3fe97197-feee-5191-81c8-51aeff348868","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"01317302-ef6d-538c-b8ee-b6d16ac4a6f5","title":"\"Natürlich bin ich 18!\" - Altersprüfungen im Netz aus Datenschutzperspektive","subtitle":null,"slug":"38c3-natrlich-bin-ich-18-altersprfungen-im-netz-aus-datenschutzperspektive","link":"https://events.ccc.de/congress/2024/hub/event/natrlich-bin-ich-18-altersprfungen-im-netz-aus-datenschutzperspektive/","description":"„Um nach diesem Begriff zu suchen, dich auf dieser Website anzumelden oder dieses Video anzuschauen, halte bitte deinen Personalausweis bereit, damit wir dein Alter überprüfen können.“\n\nSolche Aufforderungen könnten uns in Zukunft häufiger begegnen, denn immer mehr Websites wollen unser Alter wissen. Doch woher kommt dieses Interesse und ist das eigentlich zulässig? Gemeinsam setzen wir die Datenschutzbrille auf und gehen folgenden Fragen auf den Grund: Welche Methoden der Altersprüfung gibt es und wie funktionieren sie? Können oder sollten Methoden der Altersprüfungen eingesetzt werden und gibt es Fälle, in denen sie sogar eingesetzt werden müssen? Sind Datenschutz und Kinderschutz tatsächlich Gegensätze oder haben sie doch mehr gemeinsam, als oft vermutet wird? Und was sagt eigentlich die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) dazu?\n\nHand aufs Herz – hast du, bevor du 18 warst, Webseiten besucht, die nur für Erwachsene bestimmt waren? Welche Mechanismen haben versucht dich davon abzuhalten? Wie häufig begegnest du diesen Mechanismen heute? \n\nAltersprüfungen sind nicht zuletzt durch die Bestimmungen des Digital Services Act (DSA) und die Diskussionen um die Alterstauglichkeit von Social Media heiß diskutiert. Dabei geht es längst nicht mehr allein um Ab-18-Inhalte. Die Idee ist einfach: Wer zu jung ist, darf bestimmte Bereiche des Internets nicht betreten – wie früher in der Videothek - oder wer zu alt ist, bekommt keinen Zutritt – wie auf manchen Spielplätzen. Aber könntest du dir vorstellen, in der Videothek eine Kopie deines Personalausweises abzugeben, zusammen mit der Liste der Filme, die du ausgeliehen hast?\nDer wichtige Unterschied ist: Um in digitalen Diensten das Alter einer Person prüfen zu können, müssen mehr Daten verarbeitet werden als bei einem kurzen Blick auf den Ausweis, und das ist nicht ohne weiteres zulässig! \n\nDer Umgang mit Methoden der Altersprüfung wird einen erheblichen Teil dazu beitragen, wie das Internet in Zukunft aussehen wird und wie frei es sein wird. Es geht nicht nur darum, wie Kinderschutz im Netz umgesetzt wird, sondern auch, wie viel Teilhabe im Digitalen möglich ist – nicht nur für Kinder. \n\nIn diesem Vortrag erwarten euch ein Überblick über aktuelle (politische) Forderungen nach Altersprüfungen im Internet und den verschiedenen Methoden, die dabei zum Einsatz kommen. Wir machen einen kurzen Exkurs ins Datenschutzrecht und gehen der Frage nach, wie Altersprüfungen, Kinderschutz und Datenschutz zusammenspielen. Nicht zuletzt bekommt ihr die Einschätzung der Bundesbeauftragten für den Datenschutz und die Informationsfreiheit zu hören.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Aline Sylla","Carsten Adrian"],"tags":["38c3","50","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":3981,"promoted":false,"date":"2024-12-27T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T20:30:05.550+02:00","length":2337,"duration":2337,"thumb_url":"https://static.media.ccc.de/media/congress/2024/50-01317302-ef6d-538c-b8ee-b6d16ac4a6f5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/50-01317302-ef6d-538c-b8ee-b6d16ac4a6f5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/50-01317302-ef6d-538c-b8ee-b6d16ac4a6f5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/50-01317302-ef6d-538c-b8ee-b6d16ac4a6f5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-natrlich-bin-ich-18-altersprfungen-im-netz-aus-datenschutzperspektive","url":"https://api.media.ccc.de/public/events/01317302-ef6d-538c-b8ee-b6d16ac4a6f5","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4a3f8f57-3663-5834-96ff-5626aab41cea","title":"Reticulum: Unstoppable Networks for The People","subtitle":null,"slug":"38c3-reticulum-unstoppable-networks-for-the-people","link":"https://events.ccc.de/congress/2024/hub/event/reticulum-unstoppable-networks-for-the-people/","description":"Reticulum is a cryptography-based networking stack for building local and wide-area networks with readily available hardware. Reticulum can continue to operate even in adverse conditions with very high latency and extremely low bandwidth. The vision of Reticulum is to allow anyone to operate their own sovereign communication networks, and to make it cheap and easy to cover vast areas with a myriad of independent, interconnectable and autonomous networks.\n\nOn this talk we shall present Reticulum, a highly resilient cryptography-based networking stack, that you can use to get out of the shackles of surveillance corporate networks. Reticulum is a tool for building networks. Networks without kill-switches, surveillance, censorship and control. Networks that can freely interoperate, associate and disassociate with each other. Reticulum is Networks for Human Beings.\nIt solves the same problem that any network stack does, namely to get data reliably from one point to another over a number of intermediaries. But it does so in a way that is very different from other networking technologies:\n\n- Reticulum does not use source addresses. No packets transmitted include information about the address, place, machine or person they originated from.\n- There is no central control over the address space in Reticulum. Anyone can allocate as many addresses as they need, when they need them.\n- Reticulum ensures end-to-end connectivity. Newly generated addresses become globally reachable in a matter of seconds to a few minutes.\n- Addresses are self-sovereign and portable. Once an address has been created, it can be moved physically to another place in the network, and continue to be reachable.\n- All communication is secured with strong, modern encryption by default.\n- All encryption keys are ephemeral, and communication offers forward secrecy by default.\n- It is not possible to establish unencrypted links in Reticulum networks.\n- It is not possible to send unencrypted packets to any destinations in the network.\n- Destinations receiving unencrypted packets will drop them as invalid.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["markqvist"],"tags":["38c3","837","2024","Stage HUFF"],"view_count":5811,"promoted":false,"date":"2024-12-28T00:50:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T13:30:04.977+02:00","length":2637,"duration":2637,"thumb_url":"https://static.media.ccc.de/media/congress/2024/837-4a3f8f57-3663-5834-96ff-5626aab41cea.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/837-4a3f8f57-3663-5834-96ff-5626aab41cea_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/837-4a3f8f57-3663-5834-96ff-5626aab41cea.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/837-4a3f8f57-3663-5834-96ff-5626aab41cea.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-reticulum-unstoppable-networks-for-the-people","url":"https://api.media.ccc.de/public/events/4a3f8f57-3663-5834-96ff-5626aab41cea","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"efefe020-fecb-5dda-a262-ae051e30f9d5","title":"Pirouette Machines. Fluid Components","subtitle":null,"slug":"38c3-pirouette-machines-fluid-components","link":"https://events.ccc.de/congress/2024/hub/event/pirouette-machines-fluid-components/","description":"This lecture follows the path of an ex-ballerina through fluid computers, handmade semiconductors, and cosmetic synthesisers. We will tackle the seductive side and hidden narratives of circuitry to natural systems, salty fluids, and minerals and discuss the importance of alternative hardware morphologies.\n\nPirouette Machines. Fluid Components embarks on an intimate visual essay on an alternative history of computer hardware in which minerals, cosmetics and fluids mingle in tactile experiments. \n\nA lipstick converted into a strident sound generator resonates through toxic entanglements with one of its main historical ingredients: lead. Following a radioactive decay chain, lead ore or galena is found on our lips and in our early 20th-century technologies such as crystal radio demodulation frenzy.\n\n\nThis talk draws parallels between different types of hardware materialities and personal stories surrounding computing components in their use. Starting with the beauty industry, the talk serpents amongst toxic concoctions filled with heavy metals oscillating to become predecessors to the first transistors and their alternative fluidic siblings that use air and water instead of electricity.\n\n\nFluidics is a technology lost in history. To operate, it requires only simple fluid matter guided by natural phenomena. Much like its mineral counterpart: electronics, fluidics builds circuits for computing. This talk concludes by following the seductive forms that fluidic circuits assume, forms, that can reimagine the morphologies of our current electronic machines.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Ioana Vreme Moser"],"tags":["38c3","474","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":3300,"promoted":false,"date":"2024-12-28T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-28T19:30:05.151+01:00","length":2261,"duration":2261,"thumb_url":"https://static.media.ccc.de/media/congress/2024/474-efefe020-fecb-5dda-a262-ae051e30f9d5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/474-efefe020-fecb-5dda-a262-ae051e30f9d5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/474-efefe020-fecb-5dda-a262-ae051e30f9d5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/474-efefe020-fecb-5dda-a262-ae051e30f9d5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-pirouette-machines-fluid-components","url":"https://api.media.ccc.de/public/events/efefe020-fecb-5dda-a262-ae051e30f9d5","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"abaae1da-cf60-583d-974d-a6af8df1531a","title":"TETRA Algorithm set B - Can glue mend the burst?","subtitle":null,"slug":"38c3-tetra-algorithm-set-b-can-glue-mend-the-burst","link":"https://events.ccc.de/congress/2024/hub/event/tetra-algorithm-set-b-can-glue-mend-the-burst/","description":"In August 2023, we published the TETRA:BURST vulnerabilities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA were handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.\n\n\nThis talk is not TETRA:BURST, but dives into the latest TETRA revision introduced in 2022. Most notably, it contains a new suite of cryptographic ciphers. Of course the cipher available for critical infrastructure and civilian use (TEA7) is intentionally crippled, and of course these ciphers were to be kept secret, but this decision was overruled due to public backlash following our publication last year. In this talk we will present a practical attack on the TEA7 cipher, which while taking a 192-bit key, only offers 56 bits of security. Furthermore, we point out improvements and shortcomings of the new standard, and present an update on TEA3 cryptanalysis, where we previously found a suspicious feature, and draw a parallel with its successor TEA6.\n\nAll in all, in this short and relatively crypto-forward talk, we assess with all-new material whether the new TETRA standard is fit for its intended purpose. This crucial technology seeks to once again take a very central role in our society for decades to come, and its cryptographic resilience is of fundamental importance - for emergency networks, but possibly even more for our critical infrastructure and associated processes.\n\nThe new authentication suite (TAA2, as opposed to the old TAA1) features longer keys and completely new cryptographic primitives. The new Air Interface Encryption algorithms (TEA set B) consist of three new ciphers, for differing target audiences. TEA5 is intended for European emergency networks, and is the successor of TEA2. TEA6 is intended for friendly extra-european emergency and military networks, and replaces TEA3. Lastly, TEA7 is the only one available for use by critical infrastructure and other civil applications, and replaces TEA1.\n\nInitially, ETSI envisaged to keep the new algorithms secret again, once more eliminating the possibility of public scrutiny. However, following our publication, a promise was made to release the algorithms to the public for inspection.\nAdditionally, a statement was made that TEA7 has a reduced effective strength of 56 bits. As mentioned, this algorithm is the successor to TEA1, which has an effective strength of only 32 bits, in a time where 40 bits was the maximum for freely exportable crypto.\n\nIn TETRA:BURST, we presented several vulnerabilities found in the old standard. Obviously, the backdoored TEA1 algorithm is now replaced by a new cipher, and we will dive into how this works, how it can be attacked, and what the practical implications will be. Second, we previously presented a method of decrypting and injecting traffic on all network types, even those using the stronger TEA2 and TEA3 algorithms. This relies on the lack of cryptographic integrity guarantees on message - something that is still unaddressed. We discuss how this leads to issues. Lastly, TETRA:BURST described a way of decrypting the pseudonymized identities of TETRA users (first demonstrated at the 37C3), allowing for a powerful intelligence capability. We will discuss how the new standard seeks to resolve this issue.\n\nLastly, we previously recommended caution regarding TEA3, due to a suspicious feature in its design. While no full attack will be presented, progress in its cryptanalysis was made, which we will discuss during the talk. And, there is an interesting parallel to be drawn between the suspicious quirk in TEA3 and the design of its successor, TEA6.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Wouter Bokslag","Jos Wetzels"],"tags":["38c3","463","2024","Security","Saal ZIGZAG"],"view_count":1791,"promoted":false,"date":"2024-12-29T17:35:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T18:30:04.554+02:00","length":2413,"duration":2413,"thumb_url":"https://static.media.ccc.de/media/congress/2024/463-abaae1da-cf60-583d-974d-a6af8df1531a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/463-abaae1da-cf60-583d-974d-a6af8df1531a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/463-abaae1da-cf60-583d-974d-a6af8df1531a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/463-abaae1da-cf60-583d-974d-a6af8df1531a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-tetra-algorithm-set-b-can-glue-mend-the-burst","url":"https://api.media.ccc.de/public/events/abaae1da-cf60-583d-974d-a6af8df1531a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4c2e05d6-f32f-55ae-8d48-9167bbd84a34","title":"What the PHUZZ?! ","subtitle":"Finding 0-days in Web Applications with Coverage-guided Fuzzing","slug":"38c3-what-the-phuzz-finding-0-days-in-web-applications-with-coverage-guided-fuzzing","link":"https://events.ccc.de/congress/2024/hub/event/what-the-phuzz-finding-0-days-in-web-applications-with-coverage-guided-fuzzing/","description":"PHUZZ is a framework for Coverage-Guided Fuzzing of PHP Web Applications\r\n\r\nFuzz testing is an automated approach to vulnerability discovery. Coverage-guided fuzz testing has been extensively researched in binary applications and the domain of memory corruption vulnerabilities.\r\nHowever, many web vulnerability scanners still rely on black-box fuzzing (e.g., predefined sets of payloads or basic heuristics), which severely limits their vulnerability detection capabilities.\r\nIn this talk, we present our academic fuzzing framework, \"PHUZZ,\" and the challenges we faced in bringing coverage-guided fuzzing to PHP web applications. Our experiments show that PHUZZ outperforms related works and state-of-the-art vulnerability scanners in discovering seven different vulnerability classes.\r\nAdditionally, we demonstrate how PHUZZ uncovered over 20 potential security issues and two 0-day vulnerabilities in a large-scale fuzzing campaign of the most popular WordPress plugins.\r\n\r\nThe World Wide Web has become a fundamental part of modern society, providing crucial services such as social networks, online shopping, and other web applications. To this day, web vulnerabilities continue to be discovered, and data breaches are reported, even on high-profile websites. While several viable methods exist to detect web vulnerabilities, such as penetration tests, source code reviews, and bug bounty programs, these approaches are typically costly and time-intensive. Therefore, discovering web vulnerabilities in an automated and cost-effective fashion is desirable.\r\n\r\nOne method to approach this problem is coverage-guided \"fuzzing\", which has been successfully used to identify memory corruption bugs in binary applications, but has seen limited application to web applications. Our academic research has resulted in an open-source prototype called \"PHUZZ,\" which outperforms classic black-box vulnerability scanners in detecting web vulnerabilities with its fuzzing approach.\r\n\r\nThis talk will first introduce the concept of coverage-guided fuzzing and the differences from black-box web fuzzing performed by vulnerability scanners. After diving into the challenges of applying coverage-guided fuzzing to web applications, we will introduce PHUZZ and explain how its approach allows the detection of a wide variety of web vulnerabilities, including SQLi, RCE, XSS, XXE, open redirection, insecure deserialization, and path traversal in PHP web applications.\r\n\r\nOur comparison of PHUZZ with state-of-the-art black-box vulnerability scanners, using a diverse set of artificial and real-world web applications containing known and unknown vulnerabilities, showed surprising results. Not only does PHUZZ outperform the other vulnerability scanners in the number of discovered vulnerabilities, but it also discovers over a dozen new potential vulnerabilities and two 0-days, which we will discuss in our talk. Finally, we will motivate the use of PHUZZ [1] and coverage-guided fuzzing methods to discover web vulnerabilities.\r\n\r\nThis presentation is based on our academic publication \"What All the PHUZZ Is About: A Coverage-guided Fuzzer for Finding Vulnerabilities in PHP Web Applications\" [0].\r\n\r\n[0] https://dl.acm.org/doi/10.1145/3634737.3661137\r\n[1] https://github.com/gehaxelt/phuzz\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Sebastian Neef (gehaxelt)"],"tags":["38c3","503","2024","Security","Saal ZIGZAG"],"view_count":3636,"promoted":false,"date":"2024-12-27T16:00:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-03-06T08:45:06.695+01:00","length":3617,"duration":3617,"thumb_url":"https://static.media.ccc.de/media/congress/2024/503-4c2e05d6-f32f-55ae-8d48-9167bbd84a34.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/503-4c2e05d6-f32f-55ae-8d48-9167bbd84a34_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/503-4c2e05d6-f32f-55ae-8d48-9167bbd84a34.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/503-4c2e05d6-f32f-55ae-8d48-9167bbd84a34.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-what-the-phuzz-finding-0-days-in-web-applications-with-coverage-guided-fuzzing","url":"https://api.media.ccc.de/public/events/4c2e05d6-f32f-55ae-8d48-9167bbd84a34","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"62cc7bf4-22c6-5ec0-8c94-f9b7cf76f3cd","title":"Moving with feelings: Behind the scenes of a one man show mobile \u0026 fiber operator in Spain","subtitle":null,"slug":"38c3-moving-with-feelings-behind-the-scenes-of-a-one-man-show-mobile-fiber-operator-in-spain","link":"https://events.ccc.de/congress/2024/hub/event/moving-with-feelings-behind-the-scenes-of-a-one-man-show-mobile-fiber-operator-in-spain/","description":"How to run an MVNO with values: What are the requirements? Do you need a government license, maybe a lot of investment? There are different types of MVNOs. We will talk about how to do business as an MVNO while respecting users' privacy, supporting free software, believing in the right to repair and making your customers technologically sovereign.\n\nThe issues with data privacy are being discussed more than ever. However, from the end user perspective, it is difficult to understand the full extent of the impact on their privacy when using well known \"free\" services or maybe acquired hardware like a vacuum cleaner or a cooking robot. On the other side, there are projects that demonstrate that they can do business respecting their users. \n\nOne way to start to take care of your privacy is by using free software, but this software needs to be high quality, easy to use for the end user, has to be documented in a clear way and has to resolve issues and bugs as fast as possible. This is very hard work for the developers, so their work has to be compensated.\n\nLast but not least, the right to repair plays a big role for being technologically sovereign. It's as important to be aware of your privacy when using online services as it is to know how repairable and privacy-respecting hardware is before you buy it.\n\nCan you fight for and support what you believe in while doing business?\nI think so! Let's talk about it.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Edgar Saumell Oechsle"],"tags":["38c3","227","2024","Hardware \u0026 Making","Saal ZIGZAG"],"view_count":827,"promoted":false,"date":"2024-12-30T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-14T11:45:06.903+01:00","length":2430,"duration":2430,"thumb_url":"https://static.media.ccc.de/media/congress/2024/227-62cc7bf4-22c6-5ec0-8c94-f9b7cf76f3cd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/227-62cc7bf4-22c6-5ec0-8c94-f9b7cf76f3cd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/227-62cc7bf4-22c6-5ec0-8c94-f9b7cf76f3cd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/227-62cc7bf4-22c6-5ec0-8c94-f9b7cf76f3cd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-moving-with-feelings-behind-the-scenes-of-a-one-man-show-mobile-fiber-operator-in-spain","url":"https://api.media.ccc.de/public/events/62cc7bf4-22c6-5ec0-8c94-f9b7cf76f3cd","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"8e6f0aeb-d303-520e-997e-ee3da8fef901","title":"Hardware hacking mit Bluetooth Low Energy","subtitle":null,"slug":"38c3-hardware-hacking-mit-bluetooth-low-energy","link":"https://events.ccc.de/congress/2024/hub/event/hardware-hacking-mit-bluetooth-low-energy/","description":"How to remote-control (and build) the weirdest devices with Bluetooth Low Energy and no programming.\n\nWant to build a connected [soap bubble maker | water boiler | door lock | ...]?\nThis talk briefly covers the basics of Bluetooth Low Energy, outlining the effort needed to implement such a technology with raw code.\nIt then focuses on how to leverage said technology without getting your hands dirty by replacing programming with a bit of configuration, demonstrating the usage of the [BLEnky](https://structure.nullco.de/?node_id=66216cdb1a95fb4425f23212\u0026token=3c55f7bb1de0e79c9020dbb09deac741df56fc5474825407abb94f96714ce134\u0026focused_node=6622041d1a95fb4425f2323a) project for quick results.\n\n[Click here for many more examples](https://structure.nullco.de/?node_id=66216cdb1a95fb4425f23212\u0026token=3c55f7bb1de0e79c9020dbb09deac741df56fc5474825407abb94f96714ce134\u0026focused_node=6622041d1a95fb4425f2323a)\n\nSome notable projects will be described, as well as a live hack of some stupid gadget to make it \"smart\".\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Daniel Dakhno"],"tags":["38c3","688","2024","Stage HUFF"],"view_count":4626,"promoted":false,"date":"2024-12-27T22:05:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-03-27T00:00:05.071+01:00","length":2111,"duration":2111,"thumb_url":"https://static.media.ccc.de/media/congress/2024/688-8e6f0aeb-d303-520e-997e-ee3da8fef901.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/688-8e6f0aeb-d303-520e-997e-ee3da8fef901_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/688-8e6f0aeb-d303-520e-997e-ee3da8fef901.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/688-8e6f0aeb-d303-520e-997e-ee3da8fef901.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hardware-hacking-mit-bluetooth-low-energy","url":"https://api.media.ccc.de/public/events/8e6f0aeb-d303-520e-997e-ee3da8fef901","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"0fef4804-3cd8-5202-a0c1-2d2c7a15a149","title":"Clay PCB","subtitle":null,"slug":"38c3-clay-pcb","link":"https://events.ccc.de/congress/2024/hub/event/clay-pcb/","description":"We built an Ethical Hardware Kit with a PCB microcontroller made of wild clay retrieved from the forest in Austria and fired on a bonfire. Our conductive tracks use urban-mined silver and all components are re-used from old electronic devices. The microcontroller can compute different inputs and outputs and is totally open source.\n\nIt is an open secret that the hardware in our smart devices contains not only plastics but also ‘conflict minerals’ such as copper and gold. Technology is not neutral. We investigate alternative hardware from locally sourced materials from a feminist perspective, to develop and speculate upon renewable practices. We call it Feminist Hardware! Feminist Hardware is developed without mining in harmful ways, in an environmentally friendly way, under fair working conditions, and is manufactured from ubiquitously available materials, without generating e-waste, with consent, love and care.\n\nWe researched on fair-traded, ethical, biodegradable hardware for environmental justice, building circuits that use ancient community-centered crafts encouraging de-colonial thinking, market forces to be disobeyed, and future technologies to be imagined. Our artistic outcome is an Ethical Hardware Kit with a PCB microcontroller at its core. Our PCB is made of wild clay retrieved from the forest in Austria and fired on a bonfire. Our conductive tracks used urban-mined silver and all components are re-used from old electronic devices. The microcontroller can compute different inputs and outputs and is totally open source.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Patrícia J. Reis","Stefanie Wuschitz"],"tags":["38c3","680","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":5636,"promoted":false,"date":"2024-12-27T13:50:00.000+01:00","release_date":"2025-01-08T00:00:00.000+01:00","updated_at":"2026-03-30T17:45:07.190+02:00","length":2374,"duration":2374,"thumb_url":"https://static.media.ccc.de/media/congress/2024/680-0fef4804-3cd8-5202-a0c1-2d2c7a15a149.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/680-0fef4804-3cd8-5202-a0c1-2d2c7a15a149_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/680-0fef4804-3cd8-5202-a0c1-2d2c7a15a149.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/680-0fef4804-3cd8-5202-a0c1-2d2c7a15a149.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-clay-pcb","url":"https://api.media.ccc.de/public/events/0fef4804-3cd8-5202-a0c1-2d2c7a15a149","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"573d7919-142b-5856-86b7-f83ecba62e59","title":"Was lange währt, wird endlich gut? Die Modernisierung des Computerstrafrechts","subtitle":null,"slug":"38c3-was-lange-whrt-wird-endlich-gut-die-modernisierung-des-computerstrafrechts","link":"https://events.ccc.de/congress/2024/hub/event/was-lange-whrt-wird-endlich-gut-die-modernisierung-des-computerstrafrechts/","description":"Die Reform des Computerstrafrechts ist längst überfällig. Die bestehende Gesetzgebung ist zunehmend veraltet und entspricht nicht mehr den Anforderungen unserer digitalen Welt. Spätestens seit der Veröffentlichung des aktuellen Koalitionsvertrags hat sich die Bundesregierung die Modernisierung dieses vielfach kritisierten Rechtsbereichs auf die Fahnen geschrieben. Doch was ist seitdem wirklich passiert? Wie sieht der aktuelle Stand der Reformbemühung aus? Was wird sich konkret ändern und welche Auswirkungen wird dies auf die Hacker-Community und die Sicherheitsforschung haben? Und wird das endlich gut?\n\nDas Computerstrafrecht steht seit vielen Jahren in der Kritik – nicht nur von Seiten der Hacker-Community, sondern auch aus der Wissenschaft, der Wirtschaft und sogar von Strafrechtsexperten. Ein zentraler Kritikpunkt ist die Kriminalisierung von Hacking mit guter Absicht, sogenannten ethischen Hackern. Aktuell ist auch diese Form des Hacking strafbar. Initiativen wie Bug Bounty Programme und Disclosure Policies zeigen, dass die Industrie durchaus ein Interesse daran hat, von ethischen Hackern zu profitieren, die Schwachstellen verantwortungsbewusst aufdecken und melden. Seit Ende Oktober ist nun ein Gesetzesentwurf im Umlauf, welcher die Modernisierung des Computerstrafrechts vorsieht.\n \nDieser Vortrag gibt einen Einblick in die Entwicklung dieses Gesetzesentwurfs, den aktuellen Stand der Debatte und die nächsten Schritte. Wir erklären dabei die geplanten Änderungen anhand von praktischen Beispielen und erläutern, welche Aktivitäten zukünftig legal wären und welche weiterhin verboten bleiben.\n \nZiel des Vortrags ist es, die Zuhörenden über den Prozess der Gesetzesänderungen zu informieren. Sie erkennen, welche Möglichkeiten sich aus dem reformierten Computerstrafrecht ergeben und lernen, was beim verantwortungsvollen Aufdecken von Sicherheitslücken beachtet werden muss und welche rechtlichen Grenzen weiterhin bestehen. Zudem wird der Vortrag verdeutlichen, inwieweit die geplante Gesetzesreform als Gewinn für die Hacker-Community angesehen werden kann – oder ob es noch immer Nachbesserungsbedarf gibt.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Florian Hantke","Prof. Dr. Dennis-Kenji Kipker"],"tags":["38c3","344","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":4508,"promoted":false,"date":"2024-12-27T13:50:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T14:15:05.165+02:00","length":2535,"duration":2535,"thumb_url":"https://static.media.ccc.de/media/congress/2024/344-573d7919-142b-5856-86b7-f83ecba62e59.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/344-573d7919-142b-5856-86b7-f83ecba62e59_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/344-573d7919-142b-5856-86b7-f83ecba62e59.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/344-573d7919-142b-5856-86b7-f83ecba62e59.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-was-lange-whrt-wird-endlich-gut-die-modernisierung-des-computerstrafrechts","url":"https://api.media.ccc.de/public/events/573d7919-142b-5856-86b7-f83ecba62e59","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7de6f4a3-1ef5-51df-bcb4-0203669eeb52","title":"Windows BitLocker: Screwed without a Screwdriver","subtitle":null,"slug":"38c3-windows-bitlocker-screwed-without-a-screwdriver","link":"https://events.ccc.de/congress/2024/hub/event/windows-bitlocker-screwed-without-a-screwdriver/","description":"Ever wondered how Cellebrite and law enforcement gain access to encrypted devices without knowing the password? In this talk, we’ll demonstrate how to bypass BitLocker encryption on a fully up-to-date Windows 11 system using Secure Boot. We’ll leverage a little-known software vulnerability that Microsoft has been unable to patch since 2022: bitpixie (CVE-2023-21563).\n\nWe'll live-demo the exploit, and will walk through the entire process—from the prerequisites and inner workings of the exploit to why Microsoft has struggled to address this flaw. We'll also discuss how to protect yourself from this and similar vulnerabilities.\n\nBitLocker is Microsoft’s implementation of full-volume encryption. It offers several modes of operation, but the most widely used is Secure Boot-based encryption.\nMany consumer and corporate clients use it, and it’s starting to be enabled by default under \"Device Encryption\" on newer Windows 11 installations.\n\nIn this mode, the harddrive is encrypted at rest but is automatically unsealed when a legit windows boots, meaning users don't need a separate decryption password. They just have to sign in with their usual user account.\n\nUnfortunately, this configuration has been broken for quite a while. Hardware attacks against a dTPM are widely known, but software attacks are possible as well, at least since 2022, when Rairii discovered the bitpixie bug (CVE-2023-21563).\nWhile this bug is 'fixed' since Nov. 2022 and publically known since 2023, we can still use it today with a downgrade attack to decrypt BitLocker.\n\nIn this talk, we'll dive into:\n\n- How does Secure Boot work, and what role does the TPM play?\n- How can Bitlocker leverage the TPM?\n- How does the bitpixie exploit work? What are PXE boot and BCD?\n- What are the prerequisites for running this exploit?\n- How can you protect yourself against it?\n- Why is it so challenging for Microsoft to fully fix this?\n- How does this affect Linux secure boot?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["th0mas"],"tags":["38c3","816","2024","Stage HUFF"],"view_count":31150,"promoted":false,"date":"2024-12-28T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T21:00:06.416+02:00","length":3399,"duration":3399,"thumb_url":"https://static.media.ccc.de/media/congress/2024/816-7de6f4a3-1ef5-51df-bcb4-0203669eeb52.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/816-7de6f4a3-1ef5-51df-bcb4-0203669eeb52_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/816-7de6f4a3-1ef5-51df-bcb4-0203669eeb52.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/816-7de6f4a3-1ef5-51df-bcb4-0203669eeb52.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver","url":"https://api.media.ccc.de/public/events/7de6f4a3-1ef5-51df-bcb4-0203669eeb52","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ac3b54f0-672b-5f1d-bbf9-593364fb7fe2","title":"Wann klappt der Anschluss, wann nicht und wie sagt man Chaos vorher?","subtitle":null,"slug":"38c3-wann-klappt-der-anschluss-wann-nicht-und-wie-sagt-man-chaos-vorher","link":"https://events.ccc.de/congress/2024/hub/event/wann-klappt-der-anschluss-wann-nicht-und-wie-sagt-man-chaos-vorher/","description":"Gut 1 Mrd. Datenpunkte zu Zugfahrten, wie kann man damit das Zugfahren verbessern? Wir versuchen, die Zuverlässigkeit von Zugverbindungen vor der Buchung zu prognostizieren.\n\nUm allen Bahnfahrenden zu helfen, wollen wir auf Basis eines Kriesel-Artigen Datensatz vorhersagen, welche Anschlusszug verpasst wird und welcher nicht. Dafür schauen wir uns die Verspätungsdaten ganz genau an, um prädiktive Faktoren für Verspätungsvorhersagen zu finden. Wir schauen uns ein paar Techniken für kategorische Datentypen an, bauen ein Machine-Learning-Modell und werden dann nachweisen, ob dieses etwas taugt.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Theo Döllmann"],"tags":["38c3","149","2024","Science","Saal 1"],"view_count":17579,"promoted":false,"date":"2024-12-28T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T23:30:06.202+02:00","length":2499,"duration":2499,"thumb_url":"https://static.media.ccc.de/media/congress/2024/149-ac3b54f0-672b-5f1d-bbf9-593364fb7fe2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/149-ac3b54f0-672b-5f1d-bbf9-593364fb7fe2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/149-ac3b54f0-672b-5f1d-bbf9-593364fb7fe2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/149-ac3b54f0-672b-5f1d-bbf9-593364fb7fe2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-wann-klappt-der-anschluss-wann-nicht-und-wie-sagt-man-chaos-vorher","url":"https://api.media.ccc.de/public/events/ac3b54f0-672b-5f1d-bbf9-593364fb7fe2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a1388d6c-121a-5c73-8e0e-d5100811e32b","title":"KLARHEIT ALS WAFFE","subtitle":null,"slug":"38c3-klarheit-als-waffe","link":"https://events.ccc.de/congress/2024/hub/event/klarheit-als-waffe/","description":"UBERMORGEN infiltriert Kunst, Medien und digitale Monokulturen mit subversiver Affirmation. Wie Donald Trump auch, zerstören sie täglich ihr Geschäftsmodell, um daraus radikal neue Lösungen zu schaffen. Anhand von Projekten wie Vote-Auction, Google Will Eat Itself und PMC Wagner Arts dokumentieren sie ihre künstlerische Evolution im Never-Ending Now. Chaos ist ihre Methode, Kunst ihre Neue Ehrlichkeit, Klarheit ihre Waffe.\n\nDer Vortrag, eine Mischung aus emotionalem Appell und intellektueller Analyse, thematisiert die Notwendigkeit von Klarheit und bewusster Simplifizierung als Gegengewicht zum Streben nach Perfektion in einer Welt der wahrgenommenen und effektiven Hyperkomplexität. UBERMORGEN stellt infrage, wie viel künstlerische Freiheit im aktuellen Zeitalter der „Happy Dystopia“ noch bleibt, respektive was ‘Radikaler Universalismus’ (Abstraktion zwecks Mustererkennung) für weitläufige Möglichkeiten in der Praxis eröffnen, und beleuchtet, wie ihre neuesten Werke das Potenzial kritischer Ästhetik und radikaler Experimente inmitten einer fragmentierten Informationslandschaft ermöglichen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Luzius Bernhard","lizvlx (UBERMORGEN)"],"tags":["38c3","452","2024","Art \u0026 Beauty","Saal 1"],"view_count":2289,"promoted":false,"date":"2024-12-27T17:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T23:15:05.615+02:00","length":3683,"duration":3683,"thumb_url":"https://static.media.ccc.de/media/congress/2024/452-a1388d6c-121a-5c73-8e0e-d5100811e32b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/452-a1388d6c-121a-5c73-8e0e-d5100811e32b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/452-a1388d6c-121a-5c73-8e0e-d5100811e32b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/452-a1388d6c-121a-5c73-8e0e-d5100811e32b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-klarheit-als-waffe","url":"https://api.media.ccc.de/public/events/a1388d6c-121a-5c73-8e0e-d5100811e32b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"8095bb81-072e-509b-a1ca-f7e0263994a7","title":"Knäste hacken","subtitle":null,"slug":"38c3-knste-hacken","link":"https://events.ccc.de/congress/2024/hub/event/knste-hacken/","description":"In Deutschland sitzen über 40.000 Menschen im Knast. Weitgehend ohne Zugang zu digitaler Infrastruktur - außer einem Telefon. Wir schauen uns die Systeme an, die sie nutzen dürfen und in denen sie verwaltet werden.\n\nVon HamSy oder SoPart haben die meisten Menschen noch nie etwas gehört. Außer sie hatten bereits Kontakt mit deutschen Knästen. Das führt dazu, das es kaum Dokumentation darüber gibt, wie Digitalisierung für Menschen dort funktioniert und welche Folgen sie in Zukunft haben kann.\n\nIm letzten Jahr beschäftigte ich mich mit verschiedenen Systemen in deutschen Knästen und möchte über Datenabflüsse und strukturelle Probleme, die verhindern, dass wir Menschen dort Zugang zu digitaler Teilhabe gewähren, sprechen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Lilith Wittmann"],"tags":["38c3","193","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":26260,"promoted":false,"date":"2024-12-29T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T23:30:08.443+02:00","length":2344,"duration":2344,"thumb_url":"https://static.media.ccc.de/media/congress/2024/193-8095bb81-072e-509b-a1ca-f7e0263994a7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/193-8095bb81-072e-509b-a1ca-f7e0263994a7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/193-8095bb81-072e-509b-a1ca-f7e0263994a7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/193-8095bb81-072e-509b-a1ca-f7e0263994a7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-knste-hacken","url":"https://api.media.ccc.de/public/events/8095bb81-072e-509b-a1ca-f7e0263994a7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b6268996-c7cf-5475-9ce5-d38fe377c972","title":"Hackspace-Vorstellungen","subtitle":null,"slug":"38c3-hackspace-vorstellungen","link":"https://events.ccc.de/congress/2024/hub/event/hackspace-vorstellungen/","description":"Eine Vorstellung der Hackspaces\n\nEine Vorstellung der Hackspaces\n\norganisiert via wiki at https://events.ccc.de/congress/2024/hub/de/wiki/hackspace-vorstellungen/\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["deanna"],"tags":["38c3","803","2024","CCC","Stage HUFF"],"view_count":933,"promoted":false,"date":"2024-12-28T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-17T22:45:04.947+01:00","length":4179,"duration":4179,"thumb_url":"https://static.media.ccc.de/media/congress/2024/803-b6268996-c7cf-5475-9ce5-d38fe377c972.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/803-b6268996-c7cf-5475-9ce5-d38fe377c972_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/803-b6268996-c7cf-5475-9ce5-d38fe377c972.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/803-b6268996-c7cf-5475-9ce5-d38fe377c972.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hackspace-vorstellungen","url":"https://api.media.ccc.de/public/events/b6268996-c7cf-5475-9ce5-d38fe377c972","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"66187911-4b3e-5b23-8cd3-2f7cd0fdec83","title":"Microbes vs. Mars: A Hacker's Guide to Finding Alien Life","subtitle":null,"slug":"38c3-microbes-vs-mars-a-hacker-s-guide-to-finding-alien-life","link":"https://events.ccc.de/congress/2024/hub/event/microbes-vs-mars-a-hacker-s-guide-to-finding-alien-life/","description":"Mars is famously the only planet (we know of) that is entirely inhabited by robots. And these robots are working hard on looking for something that would be one of the most significant discoveries in the history of science: Alien life.\nBut how do you look for something that no one has ever seen? And would we recognize it if we find it?\nJoin me on a journey through Mars’ ancient past and Earth’s most extreme environments, where scientists hunt for strange microbes that defy all our expectations: Organisms thriving in salt lakes, breathing metal, and building bizarre microbial ‘cities’ out of rock. Are they the blueprint of what alien life might look like? I will introduce you to the cutting-edge technology we use to analyse and understand them, and how we detect their “biological fingerprints” that might one day help us to find Martian life.\nThis talk will not only give you a deep look behind the scenes of the search for life on Mars, but also a new appreciation for the strange and wonderful life on our own planet.\n\nI am a PhD student in astrobiology and planetary science at the University of Hong Kong and want to introduce you to the exciting research that is happening in the search for life on Mars. We will talk about what Earth and Mars looked like 3 billion years ago, you will get to know some truly weird microbes, learn about the instruments on Mars rovers and the exciting upcoming Mars sample return missions. I will also share highlights from my own research and fieldwork in Mars-like environments: From growing extremophiles in the lab to testing planetary rovers on Mount Etna, and research adventures in the remote deserts of the Atacama and western China.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Anouk Ehreiser"],"tags":["38c3","557","2024","Science","Saal GLITCH"],"view_count":938,"promoted":false,"date":"2024-12-30T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-28T11:15:05.584+01:00","length":2565,"duration":2565,"thumb_url":"https://static.media.ccc.de/media/congress/2024/557-66187911-4b3e-5b23-8cd3-2f7cd0fdec83.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/557-66187911-4b3e-5b23-8cd3-2f7cd0fdec83_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/557-66187911-4b3e-5b23-8cd3-2f7cd0fdec83.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/557-66187911-4b3e-5b23-8cd3-2f7cd0fdec83.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-microbes-vs-mars-a-hacker-s-guide-to-finding-alien-life","url":"https://api.media.ccc.de/public/events/66187911-4b3e-5b23-8cd3-2f7cd0fdec83","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"01c7b0de-ba15-5141-9c7b-1c6e4549c65e","title":"Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network","subtitle":null,"slug":"38c3-guardians-of-the-onion-ensuring-the-health-and-resilience-of-the-tor-network","link":"https://events.ccc.de/congress/2024/hub/event/guardians-of-the-onion-ensuring-the-health-and-resilience-of-the-tor-network/","description":"Millions of internet users around the world rely on Tor to protect themselves from surveillance and censorship. While Tor-powered applications and the Tor protocol are widely known, the community behind it much less so. This talk will highlight the efforts to maintain a healthy and resilient Tor network, emphasizing the crucial role of a diverse, engaged community of relay operators.\n\nWe’ll discuss some recent news, the current state of the network, how we determine its health, and the strategies to strengthen its resilience, addressing challenges around sustainability and governance. If you're interested in understanding the inner workings of the Tor network, this talk is for you.\n\nThis talk is designed to give an overview of Tor's 'new and not-so-new' network health initiatives in response to some of the pressing questions that emerged from the recent reporting about Tor in Germany. After a brief introduction to \"Tor,\" we will primarily focus on issues relating to the Tor network and its community, underscoring the critical importance of distributed trust, transparency, and engagement in maintaining a robust and healthy ecosystem.\n\nWe will provide a short overview of the fundamental components of the Tor network, detailing the different types of relays that constitute its infrastructure and the role these can have through their lifetime. We will emphasize that the network operates independently of the Tor Project, sustained by a decentralized, global community of contributors. By analyzing network metrics—such as relay distribution across countries and Autonomous Systems (AS)—we will highlight the current state of the network and identify opportunities for increasing geographic and technical diversity.\n\nThis is followed by an introduction to the concept of network health. We will define the term, assess the current condition of the Tor network, and showcase the different modes of participation. We will primarily consider this through the lens of an 'alleged' over-reliance on relay concentration in specific regions, such as Europe and the United States. These insights will inform a discussion on how a more geographically distributed network could improve resilience, enhance security, and increase overall functionality.\n\nThe talk will also address the primary challenges facing the Tor network: Sustainability remains a central concern, particularly with regard to maintaining a stable, secure, and decentralized network over time. Additionally, ensuring trust within the community is essential, especially in the face of potential misuse by malicious actors. We will explore the need for incentive structures that encourage the operation of relays while preserving the network’s independence and autonomy. We will review and debate initiatives the Tor Project has proposed to support a decentralized network without imposing centralized control.\n\nIn response to these challenges, we will propose several potential solutions. Expanding outreach efforts to regions outside the Global North could promote greater diversity in the relay community, thereby strengthening the network’s ability to resist censorship and external threats. We will also examine existing incentive frameworks that support relay operators. Furthermore, we will discuss the success of Snowflake proxies—widely adopted in regions with restrictive internet environments—and how it demonstrates how lowering the barrier to entry for running nodes can encourage broader participation from the community.\n\nFinally, we will outline our strategy for ensuring the long-term health of the Tor network, focusing on governance, community engagement, and sustaining the network’s decentralized nature. We will conclude with a call to action, inviting participants to contribute to the continued sustainability and development of the Tor network.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Hiro","Gus"],"tags":["38c3","302","2024","Security","Saal ZIGZAG"],"view_count":1614,"promoted":false,"date":"2024-12-28T20:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-11T14:15:08.621+01:00","length":3619,"duration":3619,"thumb_url":"https://static.media.ccc.de/media/congress/2024/302-01c7b0de-ba15-5141-9c7b-1c6e4549c65e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/302-01c7b0de-ba15-5141-9c7b-1c6e4549c65e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/302-01c7b0de-ba15-5141-9c7b-1c6e4549c65e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/302-01c7b0de-ba15-5141-9c7b-1c6e4549c65e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-guardians-of-the-onion-ensuring-the-health-and-resilience-of-the-tor-network","url":"https://api.media.ccc.de/public/events/01c7b0de-ba15-5141-9c7b-1c6e4549c65e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"03d0f884-57d9-55ce-8d0d-52945e1e805b","title":"Der Milliarden-Steuerraub Cum/Ex","subtitle":"Wie schädlich ist Wirtschaftskriminalität für unsere Gesellschaft?","slug":"38c3-der-milliarden-steuerraub-cum-ex-wie-schdlich-ist-wirtschaftskriminalitt-fr-unsere-gesellschaft","link":"https://events.ccc.de/congress/2024/hub/event/der-milliarden-steuerraub-cum-ex-wie-schdlich-ist-wirtschaftskriminalitt-fr-unsere-gesellschaft/","description":"Nachdem kurz erklärt wird, was Cum/Ex eigentlich ist, widmet sich der Vortrag zunächst der Frage, wie die Aufklärung in diesem international organisierten Fall schwerer Steuerhinterziehung überhaupt gelingen konnte und was noch zu tun ist. Wer sind die Akteure auf Seiten der Finanzbranche und wie ticken die Täter? Anschließend wird der generelle Umgang des Staates mit Wirtschaftskriminalität dargestellt und Lösungsansätze entwickelt. Dabei geht es auch um die Frage, was jeder Einzelne tun kann und warum die NGO Finanzwende ein wichtiger Ort sein kann, um politische Veränderungen bei finanzpolitischen Themen zu bewirken.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Anne Brorhilker"],"tags":["38c3","682","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":37987,"promoted":false,"date":"2024-12-29T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T23:45:05.789+02:00","length":2597,"duration":2597,"thumb_url":"https://static.media.ccc.de/media/congress/2024/682-03d0f884-57d9-55ce-8d0d-52945e1e805b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/682-03d0f884-57d9-55ce-8d0d-52945e1e805b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/682-03d0f884-57d9-55ce-8d0d-52945e1e805b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/682-03d0f884-57d9-55ce-8d0d-52945e1e805b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-der-milliarden-steuerraub-cum-ex-wie-schdlich-ist-wirtschaftskriminalitt-fr-unsere-gesellschaft","url":"https://api.media.ccc.de/public/events/03d0f884-57d9-55ce-8d0d-52945e1e805b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"650adf7d-1623-5462-80b7-1753677bc79a","title":"5 Jahre nach Ibiza","subtitle":null,"slug":"38c3-5-jahre-nach-ibiza","link":"https://events.ccc.de/congress/2024/hub/event/5-jahre-nach-ibiza/","description":"Wie Rechtspopulisten in Österreich innerhalb von 5 Jahren zurück zu alter Größe kamen und sogar die Wahl gewannen.\n\nDie Ibiza-Affäre gilt als einer der größten politischen Skandale in der Geschichte der Zweiten Republik Österreich.\n\nDas heimlich aufgezeichnete Ibiza-Video zeigt den damaligen FPÖ-Chef Heinz-Christian Strache und FPÖ-Politiker Johann Gudenus in einer Villa mit einer vermeintlichen Nichte eines russischen Oligarchen.\n\nSeit dem ist viel passiert. Zu wenig hat sich zum Guten gewandt aber immerhin ist mittlerweile zumindest oberflächlich klarer geworden wie sehr die einzelnen Skandale die die Alpenrepublik erschütterten seit dem in einander verwoben sind. Die Umwälzungen der letzten Jahre nicht nur in Österreich erlauben es Parallelen zu ziehen auch über die Landesgrenzen hinweg.\n\nDie Kausen um den früheren Wirecard Vorstand Jan Marsalek, seines Zeichens zufällig auch Österreicher, lassen sich mit dem Gesamteindruck von Ibiza schlüssig verknüpfen. Die geopolitischen Umwälzungen wie auch die politischen Herausforderungen die selbige für Europa mit sich bringen sollten am Beispiel von der Alpenrepublik nicht nur als Belustigung dienen.\n\nWie schnell und wie weit eines der Vorbilder der EU Länder unter den richtigen Gegebenheiten und Einflüssen sich zum Paria wandeln kann sollte als ernstzunehmende Warnung auch in Deutschland verstanden werden. \nWenn die Säulen der Demokratie ins Wanken geraten ist es oft sehr viel schneller beim Ernstfall als die meisten es sich einreden wollen.\n\nÖsterreich mag klein sein, manchmal auch speziell aber die Faktoren die innerhalb kürzester Zeit von einem Musterschüler ein Sorgenkind machten sind nicht kleinzureden. \n\nFünf Jahre später, im September 2024, wurde die FPÖ mit 29,2 Prozent erstmals Sieger bei einer Parlamentswahl. Mittlerweile steht sie in Prognosen bei über 35% und der allgemeine politische Diskurs hat sich meilenweit verschoben.\n\nEs ist Vorsicht geboten.\nNicht nur in Österreich\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Julian Hessenthaler"],"tags":["38c3","967","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":9320,"promoted":false,"date":"2024-12-29T22:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-29T20:15:06.713+02:00","length":2413,"duration":2413,"thumb_url":"https://static.media.ccc.de/media/congress/2024/967-650adf7d-1623-5462-80b7-1753677bc79a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/967-650adf7d-1623-5462-80b7-1753677bc79a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/967-650adf7d-1623-5462-80b7-1753677bc79a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/967-650adf7d-1623-5462-80b7-1753677bc79a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-5-jahre-nach-ibiza","url":"https://api.media.ccc.de/public/events/650adf7d-1623-5462-80b7-1753677bc79a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"62a6f021-6eac-52bc-bdd7-c3e07289c2b7","title":"Illegal Infrastructure: 12 years of hosting in the greyzone","subtitle":null,"slug":"38c3-illegal-infrastructure-12-years-of-hosting-in-the-greyzone","link":"https://events.ccc.de/congress/2024/hub/event/illegal-infrastructure-12-years-of-hosting-in-the-greyzone/","description":"We provide internet infrastructure and fight to keep it anonymously accessible to all. What did we learn about law enforcement? Why is offshore hosting more important than ever? In our talk we share our perspective, talk about the challenges we faced and provoke ideas to go forward.\n\nFor over 12 years we are providing internet infrastructure (e.g. webspace, domains, servers) for those who need protection because they are not protected by the law. We share our experience that has brought us not only a constant source of technical challanges and puzzels, time and again we also experienced juridical and logistical challenges. We were subject to arbitrary persecution by the police and intelligence agencies and harassment by lawyers and angry individuals. But for a lot of reasons we are still fighting so that internet infrastructures remain accessible to everyone independent of their origin, their ability to get a bank- or paypal account and - hear hear - their need to stay completely anonymous and without surveillance.\nOur journey that began with a radical and very liberal (admittingly naïve) view on a decentralized and free internet (which we in part still hold!), has taken many turbulent turns. It gave us a probably unique perspective on the internet. The 45.000 email complaints that have accumulated in our mailbox are our witness: We really saw a wide variety of weirdness. Motivated by this years motto \"legal illegal scheissegal -- whatever it takes\" we want to highlight some of the bizarre cases we got involved in by constantly operating in between legality and illegality.\nHowever, obscure and questionable, sometimes controversial content is not what motivates us. We serve infrastructure to people and have been at the side of insipring collaborators for many years. Forging those connections we observe that the group of individuals, projects and organizations that reach out for protection has changed a lot over the years. With worry we observe that the group that needs protection is getting broader and broader. If someone had told us 10 years ago that a civil society organization which organizes school walk outs on Fridays for environmental protection would be knocking on our door, we would have reacted with complete disbelief: What on earth, has happened to our society?\nIn our talk we share our perspective on this development. We also provide concrete criticism of new and coming legislation and their consequences which we think are often overlooked. Our ability to protect those who have already been pushed beyond the margins is getting ever more difficult and risky. The rise of fascist governments all over the world will bring arbitrary persecution into new dimensions. We are gradually losing our abilities to protect others. New cybercrime laws that supposedly aim to protect citizens, or anti money laundry laws that aim to prevent the harmful use of digital currencies like shitcoin also have drastic consequences for those who need protection. By exploring these and other topics through our perspective we invite feelings of dissonance: complex issues can be contradicting and difficult to digest: Balancing on the margins of legality to provide new legal grounds is a solidaric act that can increase our societies resilience. Grayzones need to be protected even when they are used by malicious actors. We argue that it is important that more people need to join the fight and dare to step into the grayzone in their own way, with the means they have available. Defending any freedom is best done with a diversity of tactics, direct action and in a decentralized fashion. Most importantly, through strong communities! Form gangs -- Bildet Banden!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kolja","Mark"],"tags":["38c3","812","2024","Stage YELL"],"view_count":6309,"promoted":false,"date":"2024-12-29T01:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-28T17:15:05.960+01:00","length":2436,"duration":2436,"thumb_url":"https://static.media.ccc.de/media/congress/2024/812-62a6f021-6eac-52bc-bdd7-c3e07289c2b7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/812-62a6f021-6eac-52bc-bdd7-c3e07289c2b7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/812-62a6f021-6eac-52bc-bdd7-c3e07289c2b7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/812-62a6f021-6eac-52bc-bdd7-c3e07289c2b7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-illegal-infrastructure-12-years-of-hosting-in-the-greyzone","url":"https://api.media.ccc.de/public/events/62a6f021-6eac-52bc-bdd7-c3e07289c2b7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b019b506-b89a-5b2a-8150-956b7e9134df","title":"Sacrificing Chickens Properly: Why Magical Thinking is Both the Problem and the Solution.","subtitle":null,"slug":"38c3-sacrificing-chickens-properly-why-magical-thinking-is-both-the-problem-and-the-solution","link":"https://events.ccc.de/congress/2024/hub/event/sacrificing-chickens-properly-why-magical-thinking-is-both-the-problem-and-the-solution/","description":"As an Anthropologist, magical thinking is a normal fact of life. Rather than dismissing it outright, our job is to look at its function and yes, rationality, for groups at hand.\n\nStarting out with a story about actual chickens being sacrificed to ensure the harvest, this talk explores the prevalence of useful magical thinking in our own community. Using metaphors, or even personifications, doesn‘t make a person irrational. It‘s applying a principle implicitly onto a subject matter which works completely differently, that would be the problem. After all, unless you are a strict vegetarian, it‘s not the killing of a chicken as such you‘d object to, it‘s the idea that this act makes rain. \n\nWith LLMs, our public sphere has run into a problem where experts are at loss explaining a very complicated thing to a general public, which often lacks the basic terms with which to understand how this mechanism works. The instant personification of LLMs can lead to vast mismatches between their actual capabilities and what those stories imply. Rather than dismissing them outright, the question posed would be, what‘s the alternative?\n\nThe talk is intended to be a light-hearted overview of some examples of both useful and dangerous constructions used to simplify complexity. It aims to touch upon some of the mechanisms that should be heeded in order to be able to tell a better story.\n\nCausality is hard. Hence the hackers jargon file contains certain references about voodoo, deep magic and yes, even the sacrifice of chickens for the greater good. In that case, that good would be „the stakeholder‘s peace of mind“. \n\nRather than looking at the content of the subject matter, this talk is strictly about language. It highlights the issues arising when experts aim to talk about non-experts about subject matters which are not easily put into words. More precisely, not easily understood by human-sized categories of the mind. \n\nThe core point is highlighting what could be called the default library present in humans: Stories, with actors and actions leading to results. Anything that‘s not easily fit into that category struggles to be understood. Underneath this, there‘s a set of basic assumptions, comparable to the terms and capabilities of a programming language or it‘s paradigm, which sets the stage for the human-sized stories to happen in. Those are very hard to even see, let alone change, for any individual. \n\nRather than fighting assumptions, replacing a story with another story can be done far more easily. The challenge addressed in this talk is the tendency of public discourse to revolve around human-sized categories even when faced with system-sized problems. The talk invites to use the ethnographer‘s eye in order to combat dread and anger in the current public discourse. Rather than asking „how can you be so stupid?“, asking „how can you be thinking in the terms you are“ and look for logic. This skill can give you one pointed edge: Discerning active lies and acts of propaganda from honest mistakes brought about by mismatched metaphors. Which, in the end, makes the world look like a much more friendly place.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Senana"],"tags":["38c3","411","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":1702,"promoted":false,"date":"2024-12-29T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-21T11:30:08.707+01:00","length":2396,"duration":2396,"thumb_url":"https://static.media.ccc.de/media/congress/2024/411-b019b506-b89a-5b2a-8150-956b7e9134df.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/411-b019b506-b89a-5b2a-8150-956b7e9134df_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/411-b019b506-b89a-5b2a-8150-956b7e9134df.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/411-b019b506-b89a-5b2a-8150-956b7e9134df.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-sacrificing-chickens-properly-why-magical-thinking-is-both-the-problem-and-the-solution","url":"https://api.media.ccc.de/public/events/b019b506-b89a-5b2a-8150-956b7e9134df","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"6061195f-b992-56e9-ad5a-0bbf50c8f2e0","title":"Vom Betrieb bis ins Netz: Gewerkschaften als Vorbild für modernen Widerstand?","subtitle":null,"slug":"38c3-vom-betrieb-bis-ins-netz-gewerkschaften-als-vorbild-fr-modernen-widerstand","link":"https://events.ccc.de/congress/2024/hub/event/vom-betrieb-bis-ins-netz-gewerkschaften-als-vorbild-fr-modernen-widerstand/","description":"Von kreativen Strategien und Herausforderungen aus der Gewerkschaftsarbeit im Kampf für Arbeiter*innenrechte\n\nArbeitnehmer*innen der IT-Branche sehen sich zunehmend mit Repressionen konfrontiert, die kreative und gemeinsame Formen des Widerstands erfordern. Von Union Busting über unmoralische Praktiken am Arbeitsplatz bis hin zu gesetzlichen Hürden – die Angriffe auf kollektive Arbeitsrechte werden intensiver und vielseitiger. Die Herausforderung, neue Aktionen zu entwickeln, Widerstände zu überwinden, Ideen zu verwerfen und immer wieder neu anzusetzen, ist längst alltäglich geworden. Umso wichtiger ist es, dass wir uns gegenseitig inspirieren und unterstützen. Aktivismusfelder wie Netzpolitik, Klimaschutz und Arbeitsrechte stehen vor ähnlichen Hindernissen – und wir alle profitieren, wenn wir uns austauschen und voneinander lernen.\n\nUnser Vortrag zielt daher nicht darauf ab, allumfassende Lösungen zu bieten. Stattdessen möchten wir aktuelle Missstände aufzeigen und Erfahrungen sowie Lösungsansätze teilen. Gemeinsam wollen wir untersuchen, wie unkonventionelle Ansätze, geteilte Erfahrungen und Zusammenarbeit zu einer stärkeren, solidarischen Zukunft führen können. Mit unserer Erfahrung aus der Gewerkschaftsjugend und aus Tarifkämpfen sprechen wir über Aktionen, Erfolge und Rückschläge – und darüber, wie wir uns in Zukunft besser aufstellen können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Joana Starck","Laurent Kuffert"],"tags":["38c3","655","2024","Ethics, Society \u0026 Politics","Saal ZIGZAG"],"view_count":1036,"promoted":false,"date":"2024-12-29T12:55:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-04-02T01:00:03.249+02:00","length":2441,"duration":2441,"thumb_url":"https://static.media.ccc.de/media/congress/2024/655-6061195f-b992-56e9-ad5a-0bbf50c8f2e0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/655-6061195f-b992-56e9-ad5a-0bbf50c8f2e0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/655-6061195f-b992-56e9-ad5a-0bbf50c8f2e0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/655-6061195f-b992-56e9-ad5a-0bbf50c8f2e0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-vom-betrieb-bis-ins-netz-gewerkschaften-als-vorbild-fr-modernen-widerstand","url":"https://api.media.ccc.de/public/events/6061195f-b992-56e9-ad5a-0bbf50c8f2e0","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"49299a2f-a365-5595-a0f9-5fe88deebf14","title":"Escaping Big Brother (or Your Ex) - counter surveillance for women's shelters","subtitle":null,"slug":"38c3-escaping-big-brother-or-your-ex-counter-surveillance-for-women-s-shelters","link":"https://events.ccc.de/congress/2024/hub/event/escaping-big-brother-or-your-ex-counter-surveillance-for-women-s-shelters/","description":"Maintaining privacy and security when those closest to you is exploiting the worst of surveillance capitalism and patriarchy to pwn you is a user case no one planned for. Or should Big Tech have known better? \nGender-based violence has existed in all societies and centuries, but in the 21st one the digital arena is proving to be especially tricky for victims. \nWhen (primarily) women leave their abusive (primarily) male partners or family members they often have to leave behind everything and make a clean break - including from their digital identities. This is way easier said than done. (Ever tried unsubscribing from.. anything?) Surveillance capitalism has further exacerbated this challenge, as stalker-ware is becoming increasingly prevalent and easy to use, if not a default feature. Stalking As A Service is of course already a thing, and why should you watch someones house in the rain all night when you can let your Tesla do it for you? \nLost your wife? Hide an AirTag in the lining of her bag and have two billion iPhones keep track of her across the planet. Apple won't tell.\n \nIt's almost like society is fundamentally misogynistic and internet accelerated the opportunity for patriarchal control..?\n \nThis talk shares experiences working with women's shelters and training victims as well as activists and professionals in cyber security and opsec.\nThe situation's bad and it's getting worse, fast.\n\nDigital violence, or gender-based violence using digital means, is expressed in control and abuse. Control of finance, social life, the children, the photos, the conversation, relationships, life. Emotional, sexual, financial, psychological abuse - online. Mark Zuckerberg is not the first stalker to creep the Earth but probably the first to become a billionaire scaling his methods and monetizing his crimes.\n\nSharing war stories of practical feminist threat intel with literally lifesaving tech, Elin has advised women's shelters how to protect their clients and Escape Big Brother in Sweden for the past couple of years. This includes perverse exploits, institutional failures, psyops, and how any and everything can be used against you - if the threat actor is persistent enough.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["erlern"],"tags":["38c3","106","2024","Ethics, Society \u0026 Politics","Saal ZIGZAG"],"view_count":3617,"promoted":false,"date":"2024-12-28T23:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T10:30:05.518+02:00","length":2440,"duration":2440,"thumb_url":"https://static.media.ccc.de/media/congress/2024/106-49299a2f-a365-5595-a0f9-5fe88deebf14.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/106-49299a2f-a365-5595-a0f9-5fe88deebf14_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/106-49299a2f-a365-5595-a0f9-5fe88deebf14.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/106-49299a2f-a365-5595-a0f9-5fe88deebf14.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-escaping-big-brother-or-your-ex-counter-surveillance-for-women-s-shelters","url":"https://api.media.ccc.de/public/events/49299a2f-a365-5595-a0f9-5fe88deebf14","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ba90dd9a-cc5f-5701-a585-caca032ed346","title":"State of Surveillance: A year of digital threats to civil society","subtitle":null,"slug":"38c3-state-of-surveillance-a-year-of-digital-threats-to-civil-society","link":"https://events.ccc.de/congress/2024/hub/event/state-of-surveillance-a-year-of-digital-threats-to-civil-society/","description":"The digital arms race between activists and government spies continues to shift and evolve. Through a series of cases studies, researchers from Amnesty International's Security Lab will share surveillance wins, the ongoing challenges, and the new threats on the digital horizon.\n\nDrawing on research by Amnesty International and partners over the past year, we will examine how the digital threats facing activists and journalists continue to evolve and adapt.\n\nProgress has been made in reigning in abuses from highly invasive spyware, with vendors going out of business and others being hit by lawsuits and sanctions. The technical arms race between defenders and the exploit industry also shows signs for cautious optimism. However notorious spyware companies, occasionally with active government protection, continue taking steps to block much needed accountability efforts.\n\nAmnesty International will also the findings of a brand new investigation into the misuse of surveillance technology.\n\nThe work for civil society to defend against these threats remains challenging. Surveillance vendors continue to deploy increasing murky webs of brokers and complex corporate structures to hide their activities, although we will show tactics that can be used to map these. \n\nThe emerging surveillance threats at the intersection of mass surveillance, ad tech, and artificial intelligence are becoming all too real, and surveillance tactics continues to unequally and dangerously impact already marginalized people including woman and LGBTQI activists.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Jurre van Bergen"],"tags":["38c3","388","2024","Security","Saal ZIGZAG"],"view_count":3487,"promoted":false,"date":"2024-12-28T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T02:00:03.820+01:00","length":3599,"duration":3599,"thumb_url":"https://static.media.ccc.de/media/congress/2024/388-ba90dd9a-cc5f-5701-a585-caca032ed346.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/388-ba90dd9a-cc5f-5701-a585-caca032ed346_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/388-ba90dd9a-cc5f-5701-a585-caca032ed346.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/388-ba90dd9a-cc5f-5701-a585-caca032ed346.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-state-of-surveillance-a-year-of-digital-threats-to-civil-society","url":"https://api.media.ccc.de/public/events/ba90dd9a-cc5f-5701-a585-caca032ed346","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"8e56bfbc-4bab-548d-8e15-d0de16c125e7","title":"OMG WTF SSO - A beginner's guide to SSO (mis)configuration","subtitle":null,"slug":"38c3-omg-wtf-sso-a-beginner-s-guide-to-sso-mis-configuration","link":"https://events.ccc.de/congress/2024/hub/event/omg-wtf-sso-a-beginner-s-guide-to-sso-mis-configuration/","description":"A couple years ago I knew basically nothing about Single Sign-On but now I'm talking at 38c3 about it! Come find out how you too can go from beginner to the question-asker who protects your hackerspace/company/etc. from bad SSO implementations.\n\nSingle Sign-On (SSO) is sold as a way to\n•\tcentralize managing your organization’s users,\n•\tmake life easier for your colleagues, and\n•\tenforce consistent security standards.\nBut SSO protocols are just ways for an identity provider to share information about an authenticated identity with another service. Me having a way to tell my vendor “yeah, that’s Bob” doesn’t tell me what the vendor does with this information, or if the vendor always asks me who’s coming in the door.\nA bad SSO implementation can make you think you’re safer, while hiding all the new and fun things that have gone wrong.\nTo get the most out of implementing SSO, I need to know what I’m trying to accomplish and what steps I need to follow to get there. To illustrate why SSO needs to be set up carefully, for each of the things you need to do right, I’ll give you some fun examples of creative ways you and your vendor can do this wrong. We all learn from failure, right???\nI’m sharing this info because this year I got deeply involved in the SSO setup for several vendors at work. It turns out that I’m good at asking weird questions, and it’s an extremely valuable thing to do. If you know how things should be, then you know where they could be broken, and you can ask your vendors (and your colleagues!) “weird questions” before an adversary does.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Adina Bogert-O'Brien"],"tags":["38c3","766","2024","Stage HUFF"],"view_count":2449,"promoted":false,"date":"2024-12-30T00:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-01T10:15:08.748+01:00","length":2578,"duration":2578,"thumb_url":"https://static.media.ccc.de/media/congress/2024/766-8e56bfbc-4bab-548d-8e15-d0de16c125e7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/766-8e56bfbc-4bab-548d-8e15-d0de16c125e7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/766-8e56bfbc-4bab-548d-8e15-d0de16c125e7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/766-8e56bfbc-4bab-548d-8e15-d0de16c125e7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-omg-wtf-sso-a-beginner-s-guide-to-sso-mis-configuration","url":"https://api.media.ccc.de/public/events/8e56bfbc-4bab-548d-8e15-d0de16c125e7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7c34225e-8eca-56b9-ab3a-1e5a5093e671","title":"Philosophical, Ethical and Legal Aspects of Brain-Computer Interfaces","subtitle":null,"slug":"38c3-philosophical-ethical-and-legal-aspects-of-brain-computer-interfaces","link":"https://events.ccc.de/congress/2024/hub/event/philosophical-ethical-and-legal-aspects-of-brain-computer-interfaces/","description":"This talk examines philosophical, legal, and ethical questions of the merging of human minds with intelligent machines through Brain-Computer-Interfaces, provides an overview of current debates and international regulatory development - and what might be at stake when technologies increasingly access the human brain.\n\nHuman minds and machines, or organic and artificial intelligence (AI), are increasingly merging through neurotechnologies such as Brain-Computer-Interfaces (BCIs) that may record or alter brain activity. While most current devices are developed and used for rehabilitative purposes, more and more consumer devices are about to come on the market, and some stakeholders such as Elon Musk and his company Neuralink pursue more transhumanist objectives. This merging of minds and machines raises multiple intriguing philosophical, ethical, and legal questions: Do these devices become part of the person, even more, might the AI operating these devices become part of her? (I argue that it does under certain conditions, creating the most intimate conceivable connection between AI and persons). Are there ethical boundaries, and what is the legal situation, especially with respect to human rights? (I call for a renaissance of the right to freedom of thought to provide at least some principled protection for privacy of thought). \n \nMoreover, the topic has received the attention of international organizations, which will negotiate the first international treaty on the ethics of neurotechnology under the auspices of UNESCO in the beginning of 2025 (expected to be concluded in late 2025). This will set the standards for the future trajectory of the technology, but whether agreement can be found is to be seen. The EU, US, and China have different regulatory approaches with different visions for the future. \n\nThis talk addresses these political, philosophical, legal and ethical questions and presents results of an international research cooperation on the topic, HYBRID MIND, that is funded in Germany by the Federal Ministry of Education and Research and comes to its official conclusion during the days of the 38C3.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Christoph Bublitz"],"tags":["38c3","308","2024","Science","Saal GLITCH"],"view_count":844,"promoted":false,"date":"2024-12-30T15:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-06T23:15:08.671+01:00","length":2417,"duration":2417,"thumb_url":"https://static.media.ccc.de/media/congress/2024/308-7c34225e-8eca-56b9-ab3a-1e5a5093e671.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/308-7c34225e-8eca-56b9-ab3a-1e5a5093e671_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/308-7c34225e-8eca-56b9-ab3a-1e5a5093e671.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/308-7c34225e-8eca-56b9-ab3a-1e5a5093e671.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-philosophical-ethical-and-legal-aspects-of-brain-computer-interfaces","url":"https://api.media.ccc.de/public/events/7c34225e-8eca-56b9-ab3a-1e5a5093e671","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"577adb5e-088c-5e0b-8828-0f9d7ff8011f","title":"38C3: Infrastructure Review","subtitle":"","slug":"38c3-infrastructure-review","link":"https://events.ccc.de/congress/2024/hub/event/38c3-infrastructure-review/","description":"This talks gives a behind the scenes on how the infrastructure side of the event is done.\r\n\r\nA lot of teams help to make this event happen. This talk gives them the opportunity to show you what they do and how they do it.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":[],"tags":["38c3","315","2024","CCC","Saal GLITCH"],"view_count":15796,"promoted":false,"date":"2024-12-30T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T14:15:07.043+02:00","length":5682,"duration":5682,"thumb_url":"https://static.media.ccc.de/media/congress/2024/315-577adb5e-088c-5e0b-8828-0f9d7ff8011f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/315-577adb5e-088c-5e0b-8828-0f9d7ff8011f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/315-577adb5e-088c-5e0b-8828-0f9d7ff8011f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/315-577adb5e-088c-5e0b-8828-0f9d7ff8011f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-infrastructure-review","url":"https://api.media.ccc.de/public/events/577adb5e-088c-5e0b-8828-0f9d7ff8011f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"14afbaa2-a66c-5b8a-89ff-d14df48fdae2","title":"Barrierefreiheit und Inklusion - Eine Einführung, alltägliche Erfahrungen und Absurditäten, und warum es uns alle angeht","subtitle":null,"slug":"38c3-barrierefreiheit-und-inklusion-eine-einfhrung-alltgliche-erfahrungen-und-absurditten-und-warum-es-uns-alle-angeht","link":"https://events.ccc.de/congress/2024/hub/event/barrierefreiheit-und-inklusion-eine-einfhrung-alltgliche-erfahrungen-und-absurditten-und-warum-es-uns-alle-angeht/","description":"Wir schreiben das Jahr 2024. Die Behindertenrechtskonvention der UN wurde vor 16 Jahren verabschiedet. Also sind inzwischen bestimmt sämtliche Barrieren abgebaut worden, Inklusion wird gelebt und beides wird gesellschaftlich als selbstverständlich angesehen und umgesetzt? Das ist bislang leider noch immer bloß utopisches Wunschdenken – deshalb werfen wir in diesem Vortrag einen schonungslosen und ehrlichen Blick auf die Themen Barrierefreiheit und Inklusion, sowie deren konkrete Umsetzung. Wir wollen mit einem Überblick und Grundlagen zum Thema beginnen, um anschließend genauer zu beleuchten, warum der Alltag für betroffene Menschen noch immer voller absurder Hürden ist – und Behindertsein sich oft wie eine Illegal Instruction anfühlt. Da die Thematik uns alle angeht, werden auch konkrete Handlungsansätze vorgestellt, wie wir alle aktiv zu einer inklusiveren und barriereärmeren Gesellschaft beitragen können.\n\nIm ersten Teil des Vortrags wird es einen Überblick zu den Grundlagen von Barrierefreiheit und Inklusion geben: was bedeuten Barrierefreiheit und Inklusion wirklich? Wir betrachten kurz die rechtlichen Rahmenbedingungen, von der UN-Behindertenrechtskonvention bis zu nationalen Vorgaben und Regelungen, die eine Welt ohne Barrieren versprechen – zumindest auf dem Papier. Sie sollen eigentlich den Rahmen für eine Gesellschaft bilden, in der Zugang und Teilhabe keine Ausnahmen, sondern die Regel sind. Denn Barrierefreiheit und Inklusion sind nicht bloß ein „nice to have“, sondern als Menschrenrecht ein grundlegender und essentieller Bestandteil einer gerechten Gesellschaft.\n\nAnschließend widmen wir uns den Absurditäten, die der Alltag für Menschen mit Behinderung bereithält, die von außen betrachtet fast schon humorvoll wirken, aber in Wahrheit ein frustrierendes Trauerspiel für alle darstellen, die täglich damit umgehen müssen. Wir sprechen über Grundlegendes wie Sprache, Konzepte wie die „Disability Tax“, Hilfsmittel und wie die Gesellschaft mit Behinderten umgeht und dass behinderte Menschen am Ende des Tages auch nur ein Teil der Gesellschaft sein wollen.\nDie Beispiele und Erfahrungen sind nicht nur Zeichen für fehlende Umsetzung – sie zeigen auch, wie oberflächlich bis ignorant die Probleme oft behandelt werden (wenn sie es überhaupt werden) und wie tief die Grundsteine und Überzeugungen für Ableismus und Ausgrenzung in der Gesellschaft verwurzelt sind.\n\nDamit der Talk nicht ausschließlich ein frustrierender und hoffnungsloser Rant wird, werden praktische Ansätze vorgestellt, um den Status Quo zu verbessern. Dabei sprechen wir nicht nur über die Verantwortung derer, die Entscheidungen treffen, sondern auch darüber, wie wir alle dazu beitragen können, Barrieren abzubauen eine inklusivere Gesellschaft voranzubringen. Erste Schritte sind zum Beispiel das Hinterfragen eigener Vorurteile und das Erkennen von Barrieren, die wir selbst vielleicht noch nie wahrgenommen haben. Denn am Ende des Tages geht es nicht nur um Gesetze oder gut gemeinte politische Entscheidungen auf geduldigem Papier, sondern darum, ob wir Barrierefreiheit und Inklusion wirklich als Selbstverständlichkeit sehen, umsetzen und leben. Der Vortrag bietet praktische Tipps und Denkanstöße, wie wir alle Barrieren abbauen können – und warum dies letztendlich uns allen zugutekommt.\n\nDie Folien zum Vortrag werden von mir kurz vor dem Vortrag unter folgender Adresse veröffentlicht: https://elfy.dev/38c3-vortrag/ (die Links sind am Ende der Seite).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["elfy"],"tags":["38c3","767","2024","Stage YELL"],"view_count":1478,"promoted":false,"date":"2024-12-29T12:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-24T21:00:09.513+01:00","length":3502,"duration":3502,"thumb_url":"https://static.media.ccc.de/media/congress/2024/767-14afbaa2-a66c-5b8a-89ff-d14df48fdae2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/767-14afbaa2-a66c-5b8a-89ff-d14df48fdae2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/767-14afbaa2-a66c-5b8a-89ff-d14df48fdae2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/767-14afbaa2-a66c-5b8a-89ff-d14df48fdae2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-barrierefreiheit-und-inklusion-eine-einfhrung-alltgliche-erfahrungen-und-absurditten-und-warum-es-uns-alle-angeht","url":"https://api.media.ccc.de/public/events/14afbaa2-a66c-5b8a-89ff-d14df48fdae2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"900481bb-9723-562b-9f39-361f495524b8","title":"From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11","subtitle":null,"slug":"38c3-from-convenience-to-contagion-the-libarchive-vulnerabilities-lurking-in-windows-11","link":"https://events.ccc.de/congress/2024/hub/event/from-convenience-to-contagion-the-libarchive-vulnerabilities-lurking-in-windows-11/","description":"In the October 2023 update, Windows 11 introduced support for 11 additional compression formats, including RAR and 7z, allowing users to manage these types of files natively within File Explorer. The enhancement significantly improves convenience; however, it also introduces potential security risks. To support these various compression formats, Windows 11 utilizes the libarchive library, a well-established open-source library used across multiple operating systems like Linux, BSD, and macOS, and in major projects such as ClickHouse, Homebrew, and Osquery.\n\nThe libarchive has been continuously fuzzed by Google’s OSS-Fuzz project, making it a time-tested library. However, its coverage in OSS-Fuzz has been less than ideal. In addition to the two remote code execution (RCE) vulnerabilities disclosed by Microsoft Offensive Research \u0026 Security Engineering (MORSE) in January, we have identified several vulnerabilities in libarchive through code review and fuzzing. These include a heap buffer overflow vulnerability in the RAR decompression and arbitrary file write and delete vulnerabilities due to insufficient checks of libarchive’s output on Windows. Additionally, in our presentation, we will reveal several interesting features that emerged from the integration of libarchive with Windows.\n\nAnd whenever vulnerabilities are discovered in widely-used libraries like libarchive, their risks often permeate every corner, making it difficult to estimate the potential hazards. Moreover, when Microsoft patches Windows, the corresponding fixes are not immediately merged into libarchive. This delay gives attackers the opportunity to exploit other projects using libarchive. For example, the vulnerabilities patched by Microsoft in January were not merged into libarchive until May, leaving countless applications exposed to risk for four months. The worst part is that the developers might not know the vulnerability details or even be aware of its existence. To illustrate this situation, we will use the vulnerabilities we reported to ClickHouse as an example to demonstrate how attackers can exploit the vulnerabilities while libarchive remains unpatched.\n\nWe will introduce the new Compressed Archived folder feature in Windows 11 and review the vulnerabilities of the previous Compressed (zipped) folder. Next, we will explain how we analyzed the libarchive that Windows 11 introduced to support various compression formats. Despite extensive fuzz testing by OSS-Fuzz, we discovered several vulnerabilities in libarchive through code review and fuzzing, including an RCE (Remote Code Execution) vulnerability. Finally, we will use the ClickHouse case to explain how we triggered an RCE vulnerability in ClickHouse while the patch had not been merged upstream.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["NiNi Chen"],"tags":["38c3","192","2024","Security","Saal ZIGZAG"],"view_count":1155,"promoted":false,"date":"2024-12-30T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T08:45:07.009+02:00","length":2401,"duration":2401,"thumb_url":"https://static.media.ccc.de/media/congress/2024/192-900481bb-9723-562b-9f39-361f495524b8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/192-900481bb-9723-562b-9f39-361f495524b8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/192-900481bb-9723-562b-9f39-361f495524b8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/192-900481bb-9723-562b-9f39-361f495524b8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-from-convenience-to-contagion-the-libarchive-vulnerabilities-lurking-in-windows-11","url":"https://api.media.ccc.de/public/events/900481bb-9723-562b-9f39-361f495524b8","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"af13ffb1-c049-55d5-98db-c13b064d1877","title":"Building Your First LoRa Mesh Network From Scratch","subtitle":null,"slug":"38c3-building-your-first-lora-mesh-network-from-scratch","link":"https://events.ccc.de/congress/2024/hub/event/building-your-first-lora-mesh-network-from-scratch/","description":"In a world of centralized internet control, building your own mesh network isn't just a technical challenge—it's digital independence. This beginner-friendly guide walks through creating resilient mesh networks using accessible hardware like LoRa and ESP devices. From antenna selection to node placement strategy, learn how to build networks that operate independently of traditional infrastructure.\n\nEver wondered how to create your own independent communication network? This practical introduction demonstrates how to build resilient mesh networks using affordable, readily available components. We'll demystify the process while emphasizing legal and responsible deployment.\n\nThe talk breaks down into four key segments:\n\nHardware Selection \u0026 Setup\n\n• Understanding LoRa, ESP, and other low-cost communication devices\n• Choosing the right antennas for your environment\n• Basic hardware configuration and initial setup\n• Cost-effective shopping guide and alternatives\n\nNetwork Planning 101\n\n• Basic principles of mesh network topology\n• Coverage planning and node placement strategy\n• Utilizing existing structures (old TV antennas, tall buildings)\n• Tools and software for network planning\n• Range testing and optimization\n\nPractical Deployment\n\n• Weather-proofing your nodes\n• Power considerations (solar, battery, mains)\n• Legal considerations and responsible deployment\n• Documentation and network monitoring\n• Common pitfalls and how to avoid them\n\nAdvanced Topics \u0026 Future Expansion\n\n• Adding encryption and security layers\n• Integration with other network types\n• Scaling strategies\n• Community building and maintenance\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["WillCrash"],"tags":["38c3","904","2024","Stage YELL"],"view_count":9387,"promoted":false,"date":"2024-12-27T12:55:00.000+01:00","release_date":"2025-01-21T00:00:00.000+01:00","updated_at":"2026-03-30T23:30:09.890+02:00","length":1975,"duration":1975,"thumb_url":"https://static.media.ccc.de/media/congress/2024/904-af13ffb1-c049-55d5-98db-c13b064d1877.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/904-af13ffb1-c049-55d5-98db-c13b064d1877_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/904-af13ffb1-c049-55d5-98db-c13b064d1877.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/904-af13ffb1-c049-55d5-98db-c13b064d1877.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-building-your-first-lora-mesh-network-from-scratch","url":"https://api.media.ccc.de/public/events/af13ffb1-c049-55d5-98db-c13b064d1877","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1273e121-e12d-5995-b526-ce93547c5b11","title":"Ultrawide archaeology on Android native libraries","subtitle":null,"slug":"38c3-ultrawide-archaeology-on-android-native-libraries","link":"https://events.ccc.de/congress/2024/hub/event/ultrawide-archaeology-on-android-native-libraries/","description":"A bug in a scraper script led to us downloading every single native library in every single Android app ever published in any market (~8 million apps). \nInstead of deleting this massive dataset and starting again, we foolishly decided to run some binary similarity algos to check if libraries and outdated and still vulnerable to old CVEs. No one told us we were opening Pandora's box.\nA tragic story of scraping, IP-banning circumvention, love/hate relationships with machine learning, binary similarity party tricks, and an infinite sea of vulnerabilities.\n\nA rumor has been going around: Android developers are slow to update native dependencies, leaving vulnerabilities unpatched.\nIn this talk we will show how *wrong* this rumor is: Android developers are not slow to patch - they never heard of the word patching.\nWe conduct a massive study over the every single app ever published on Android (more than 8 million!).\nWe explore trendy topics like Play Store scraping, Androzoo scraping, Maven repository scraping, the state of the Android ecosystem, binary similarity state-of-the-art methods vs binary similarity pre-historic methods, and the consequences of thinking you know how databases work when you actually don't.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Luca Di Bartolomeo (cyanpencil)","Rokhaya Fall"],"tags":["38c3","311","2024","Security","Saal GLITCH"],"view_count":2558,"promoted":false,"date":"2024-12-29T20:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T03:15:02.726+02:00","length":2369,"duration":2369,"thumb_url":"https://static.media.ccc.de/media/congress/2024/311-1273e121-e12d-5995-b526-ce93547c5b11.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/311-1273e121-e12d-5995-b526-ce93547c5b11_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/311-1273e121-e12d-5995-b526-ce93547c5b11.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/311-1273e121-e12d-5995-b526-ce93547c5b11.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ultrawide-archaeology-on-android-native-libraries","url":"https://api.media.ccc.de/public/events/1273e121-e12d-5995-b526-ce93547c5b11","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c3d0b9e4-7768-5ed7-a1bd-6baca12f2160","title":"Wie man auch mit FOSS Katastrophen-Warnungen bekommt","subtitle":null,"slug":"38c3-wie-man-auch-mit-foss-katastrophen-warnungen-bekommt","link":"https://events.ccc.de/congress/2024/hub/event/wie-man-auch-mit-foss-katastrophen-warnungen-bekommt/","description":"Wetter- und Notfallwarnungen empfangen zu können kann Leben retten. Nutzende, die ihre Privatsphäre nicht Google oder Apple ausliefern möchten sollten dabei nicht im Nachteil sein. Wir berichten über den aktuellen Stand der FOSS Entwicklung und allerlei Beobachtungen rund um Notfallwarnungen.\n\nDie Flutkatastrophe vom Juli 2021 hat schmerzlich bewusst gemacht, wie wichtig die effektive Verteilung von Katastrophenwarnungen ist. Mit der Einführung von Cell-Broadcast in Deutschland gab es diesbezüglich eine deutliche Verbesserung, andere Verbreitungswege werden dadurch aber nicht weniger relevant.\n\nApps wie NINA oder KATWARN stellen mehr Informationen zur Verfügung als in einer Cell Broadcast Nachricht übermittelt werden kann, und ermöglichen es auch, Regionen zu beobachten, in denen man sich nicht selbst aufhält.\n\nDiese Apps sind allerdings nur für die Plattformen von Google und Apple verfügbar, Nutzende freier Plattformen sind außen vor. Kein befriedigender Zustand.\nWas macht man in so einem Fall? Na, das, was man in so einem Fall immer macht: Wir bauen uns die Warn-Apps und die dazu nötige Infrastruktur halt selbst.\n\nBasis dafür bildet das Common Alerting Protocol (CAP) was seit vielen Jahren weltweit im Einsatz ist, und UnifiedPush als freie Alternative zu proprietären Push-Benachrichtigungen. Daraus ergibt sich ein Aggregations-Server der Warnmeldungen aus derzeit 100 Ländern einsammelt und Clients über Ereignisse in für sie relevanten Gebieten informiert.\n\nIn diesem Talk erklären wir, wie CAP funktioniert, wie das in der Welt eingesetzt wird und welche merkwürdige Beobachtungen wir während der Entwicklung gemacht haben.\n\nVon den Entwicklern von FOSSWarn und dem FOSS Public Alert Server.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Nucleus","Volker Krause"],"tags":["38c3","761","2024","Stage HUFF"],"view_count":1557,"promoted":false,"date":"2024-12-30T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T08:00:03.350+02:00","length":2294,"duration":2294,"thumb_url":"https://static.media.ccc.de/media/congress/2024/761-c3d0b9e4-7768-5ed7-a1bd-6baca12f2160.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/761-c3d0b9e4-7768-5ed7-a1bd-6baca12f2160_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/761-c3d0b9e4-7768-5ed7-a1bd-6baca12f2160.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/761-c3d0b9e4-7768-5ed7-a1bd-6baca12f2160.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-wie-man-auch-mit-foss-katastrophen-warnungen-bekommt","url":"https://api.media.ccc.de/public/events/c3d0b9e4-7768-5ed7-a1bd-6baca12f2160","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"efab535f-22b0-50a3-b6cc-4b61097ab4d0","title":"An open-source guide to the galaxy: Our journey with Ariane 6","subtitle":null,"slug":"38c3-an-open-source-guide-to-the-galaxy-our-journey-with-ariane-6","link":"https://events.ccc.de/congress/2024/hub/event/an-open-source-guide-to-the-galaxy-our-journey-with-ariane-6/","description":"The 530 tons and 63 meter tall Ariane 6 rocket finally launched on July 9th 2024 carrying our open-source developed payloads – the SIDLOC experiment and the satellite Curium One – into space. SIDLOC tested a new, open, low-power standard for identifying and precisely locating spacecraft whilst our satellite Curium One established an open-source baseline for larger CubeSat systems and allowed us to test a bunch of new technologies. From sourcing a launch opportunity to the final integration onto the rocket at the spaceport in French Guiana we tell you about our biggest challenges and exceptional experiences of this adventure.\n\nIn this talk members of the Libre Space Foundation will take you on the journey of a rocket's payload: beginning with how the SIDLOC experiment and the satellite Curium One were developed, integrated and finally launched on the Ariane 6 maiden flight into space.\n\n1. **SIDLOC** (Spacecraft Identification and Localization):\nDeveloped in collaboration with ESA, SIDLOC aims to improve space safety and mission success rate by establishing an open beaconing standard for spacecraft identification and localization. SIDLOC uses a low power beacon that utilizes the Spread Spectrum modulation and the cross-correlation properties of the Gold sequences, ensuring proper operation in extremely low SNR environments and identification of the transmitting space object. In addition, SIDLOC can provide localization and orbit determination, utilizing the Doppler frequency offset estimation mechanism that it implements. To achieve that, the open and crowd-sourced SatNOGS network is used, contributing to an independent source of orbital elements and spacecraft identifications, disrupting the existing model. The SIDLOC protocol has been implemented in such a way, so it is easy to integrate to a space object, regardless of its size, with minimal effort.\n\n2. **Curium One**:\nThe satellite Curium One is designed to establish an open-source framework for satellite systems. It features 15 newly designed open-hardware PCBs. From solar generators to the on board computer and high frequency communication boards everything was designed, tested and qualified by the community with the help of Planetary Transportation Systems. Its first signal acquisition was performed by the formerly world's largest radio telescope built in 1956 – the 25m diameter Dwingeloo Radio Observatory.\n\nWe want to tell you about the development and implementation of the core technologies, the biggest challenges we faced during the missions, and the wild jungle experiences at the spaceport in Kourou. We aim to provide an overview of how open-source principles are being applied in space exploration and the benefits and problems of this approach within the space industry.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Manthos Papamatthaiou","Paul Koetter"],"tags":["38c3","462","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":2215,"promoted":false,"date":"2024-12-27T17:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-23T22:00:08.535+01:00","length":2795,"duration":2795,"thumb_url":"https://static.media.ccc.de/media/congress/2024/462-efab535f-22b0-50a3-b6cc-4b61097ab4d0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/462-efab535f-22b0-50a3-b6cc-4b61097ab4d0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/462-efab535f-22b0-50a3-b6cc-4b61097ab4d0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/462-efab535f-22b0-50a3-b6cc-4b61097ab4d0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-an-open-source-guide-to-the-galaxy-our-journey-with-ariane-6","url":"https://api.media.ccc.de/public/events/efab535f-22b0-50a3-b6cc-4b61097ab4d0","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ceb37502-7b3f-5ce0-940c-ffc840ff9cbc","title":"Erpressung aus dem Internet - auf den Spuren der Cybermafia","subtitle":null,"slug":"38c3-erpressung-aus-dem-internet-auf-den-spuren-der-cybermafia","link":"https://events.ccc.de/congress/2024/hub/event/erpressung-aus-dem-internet-auf-den-spuren-der-cybermafia/","description":"Manchmal sind es tausende, manchmal sind es zehntausende von Euros, um die vor allem junge Männer aus Deutschland bei Onlinescams betrogen werden. Die Scham ist zu groß, um darüber zu sprechen, schließlich ist „Mann“ selbst schuld daran. Es geht um Erpressung mit Nacktfotos, Liebes-Fallen und zweifelhafte Investments, die auf dem Vormarsch sind. Der Vortrag folgt den Spuren der Täter:innen und enthüllt eine prosperierende Scam-Industrie in Asien, fest in den Händen der chinesischen Mafia.\n\nAus Scham wollte er eigentlich gar nicht darüber sprechen. Sebastian (26 Jahre) flirtet mit einer Unbekannten aus dem Internet, sie schickt ihm Nacktfotos, fragt, ob auch er sich vor der Kamera für sie auszieht. Er fühlt sich geschmeichelt, sie verabreden sich zum Videocall, er masturbiert vor laufender Kamera. Davon werden Screenshots erstellt und eine Männerstimme fordert ihn auf 2.000 Dollar zu bezahlen, sonst würden die Bilder an all seine Instagram Freunde gehen. „Ich habe zu leichtsinnig im Internet vertraut“, sagt er rückblickend. Für viele Betroffene folgen neben der Scham und dem finanziellen Verlust Angstzuständen und Depressionen, immer gepaart mit dem Gefühl großer Hilflosigkeit, weil sich die Spuren im Netz verlieren.\n\nAusgehend von den Opfern folgen wir den Spuren von Onlineverbrechern, bei denen vor allem (junge) Männer ausgenommen werden. Es gelingt uns Kontakt aufzubauen, zu einem der selbst Täter war. „Neo“ nennt er sich: Der junge Chinese war auf ein verlockend klingendes Jobangebot als englisch Übersetzer eingegangen, wurde gekidnapped und in eine sogenannte Betrugsfabrik verschleppt.\n\nEr berichtet und belegt mit Fotos sowie zahlreichen Unterlagen, wie in Myanmar entlang der Grenze von Thailand hunderttausende Menschen gefangen gehalten und ausgebeutet werden. Der junge Chinese erzählt von Folter und davon, wie sie dort hunderte Menschen im Internet und am Telefon pro Tag abzocken mussten. „Wer nicht gehorchte, bekam Schläge“, sagt er.\n\nNGOs und andere Überlebende berichten von Elektroschocks und einem ausgeklügelten System von Menschenhandel und Ausbeutung. Interpol spricht inzwischen von einer aufsteigenden Industrie, die in der gesamten Region Südostasien an Umsatz inzwischen den Drogenhandel abgelöst hat. Rasante technische Entwicklungen, wie Übersetzungsprogramme, Bots und mit KI generierte Fotos und Videos sorgen dafür, dass sich der Betrug immer weiter globalisiert und nach Deutschland strahlt.\n\n\"Neo\" gelingt es schließlich zu fliehen und hunderte interne Dokumente und Fotos aus der \"Betrugsfabrik\" heraus zu schmuggeln. Der Talk gibt einen Einblick in diese verborgene Welt.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Svea Eckert","Ciljeta Bajrami"],"tags":["38c3","167","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":4849,"promoted":false,"date":"2024-12-28T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T18:45:05.650+02:00","length":2264,"duration":2264,"thumb_url":"https://static.media.ccc.de/media/congress/2024/167-ceb37502-7b3f-5ce0-940c-ffc840ff9cbc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/167-ceb37502-7b3f-5ce0-940c-ffc840ff9cbc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/167-ceb37502-7b3f-5ce0-940c-ffc840ff9cbc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/167-ceb37502-7b3f-5ce0-940c-ffc840ff9cbc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-erpressung-aus-dem-internet-auf-den-spuren-der-cybermafia","url":"https://api.media.ccc.de/public/events/ceb37502-7b3f-5ce0-940c-ffc840ff9cbc","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ae5a41fd-637f-58d6-8d65-23302a821cdc","title":"Feelings of Structure in Life, Art, and Neural Nets","subtitle":null,"slug":"38c3-feelings-of-structure-in-life-art-and-neural-nets","link":"https://events.ccc.de/congress/2024/hub/event/feelings-of-structure-in-life-art-and-neural-nets/","description":"One of the basic ways we navigate the world is through ‘feelings of structure’ -- our experience of the inner logic of a system or a situation as a tone, a vibe, a mood. I argue that building a technical analogy between ‘feelings of structures’ and autoencoder neural networks lets us construct a kind of theory of vibe: a theory that lets us see how sets of material (/digital) objects express a worldview and vice versa, and that can explain the deep role art plays in expressing, developing, and challenging our understanding of the world.\n\nThe story I’m hoping to tell builds up to an account of how the aesthetic unity or ‘vibe’ of an artistic work can model the causal-material structure of a lifeworld. On this account, the meaning of an artistic work lies partly in a dense vibe we can sense when we take in the imaginative landscape of the work -- a dense vibe that acts as a structural representation of a looser, weaker vibe present in the real world and teaches us how to feel it.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Peli Grietzer"],"tags":["38c3","591","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":569,"promoted":false,"date":"2024-12-28T21:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-17T21:30:08.228+01:00","length":2975,"duration":2975,"thumb_url":"https://static.media.ccc.de/media/congress/2024/591-ae5a41fd-637f-58d6-8d65-23302a821cdc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/591-ae5a41fd-637f-58d6-8d65-23302a821cdc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/591-ae5a41fd-637f-58d6-8d65-23302a821cdc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/591-ae5a41fd-637f-58d6-8d65-23302a821cdc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-feelings-of-structure-in-life-art-and-neural-nets","url":"https://api.media.ccc.de/public/events/ae5a41fd-637f-58d6-8d65-23302a821cdc","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"29ccd112-6e4b-50e8-af0c-2a757950d884","title":"Passwort - der heise security Podcast auf dem 38C3","subtitle":null,"slug":"38c3-passwort-der-heise-security-podcast-auf-dem-38c3","link":"https://events.ccc.de/congress/2024/hub/event/passwort-der-heise-security-podcast-auf-dem-38c3/","description":"Der heise security Podcast traut sich raus aus dem gemütlichen Redaktionsstudio und sendet vom 38C3. Zur diesjährigen Congress-Ausgabe hat sich Host Christopher ein paar spannende Themen herausgesucht. Seinen ersten C3 seit zweiundzwanzig Jahren wird er sicher auch mit seinen verklärtern Erinnerungen vergleichen: Wo sind die Wäscheklammern?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Christopher Kunz"],"tags":["38c3","58307","2024","Saal X 07"],"view_count":1582,"promoted":false,"date":"2024-12-28T18:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-28T14:00:04.055+01:00","length":5091,"duration":5091,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58307-29ccd112-6e4b-50e8-af0c-2a757950d884.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58307-29ccd112-6e4b-50e8-af0c-2a757950d884_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58307-29ccd112-6e4b-50e8-af0c-2a757950d884.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58307-29ccd112-6e4b-50e8-af0c-2a757950d884.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-passwort-der-heise-security-podcast-auf-dem-38c3","url":"https://api.media.ccc.de/public/events/29ccd112-6e4b-50e8-af0c-2a757950d884","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"cadd6e9e-d0ac-58d9-ae41-6701db34f68a","title":"UX for Hackers: Why It Matters and What Can You Do","subtitle":null,"slug":"38c3-ux-for-hackers-why-it-matters-and-what-can-you-do","link":"https://events.ccc.de/congress/2024/hub/event/ux-for-hackers-why-it-matters-and-what-can-you-do/","description":"The hacker community is great at making brilliant tools and solving fascinating problems, but we often suck at making the tools and solutions available to the rest of humanity - sometimes even to ourselves. UX and usability are frequently dismissed or misunderstood as the superficial art of adding unnecessary whitespace to perfectly usable things. The assumption is that the prospective users should just \"get better\" at using computers. That's all quite bad - but what's even worse, we often forget that the user - their human brain and their human perception - is often the biggest attack surface, and as we harden our solutions against all technical threats, we prefer to ignore this one.\n\nOver the last couple of years, I have been working on making Qubes OS - a secure operating system - more usable for both hackers and the less technically brilliant users. It has been a very interesting journey that has taught me a lot about clever hackers, so-called normal people and the way you can make security and usability work together, not against each other. In this talk, I will share those insights, show how UX and usability are in fact part of security, discuss some common human interface mistakes open source developers and hackers make - and tell you how you can improve the UX of your projects without dying inside.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Marta \"marmarta\" Marczykowska-Górecka"],"tags":["38c3","827","2024","Stage YELL"],"view_count":2460,"promoted":false,"date":"2024-12-29T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T01:15:04.851+02:00","length":3753,"duration":3753,"thumb_url":"https://static.media.ccc.de/media/congress/2024/827-cadd6e9e-d0ac-58d9-ae41-6701db34f68a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/827-cadd6e9e-d0ac-58d9-ae41-6701db34f68a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/827-cadd6e9e-d0ac-58d9-ae41-6701db34f68a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/827-cadd6e9e-d0ac-58d9-ae41-6701db34f68a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ux-for-hackers-why-it-matters-and-what-can-you-do","url":"https://api.media.ccc.de/public/events/cadd6e9e-d0ac-58d9-ae41-6701db34f68a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"674a7b42-d4ce-5fd1-85fa-d79148639418","title":"Release–Keynote: ChaosGPT und das Large Congress Model","subtitle":null,"slug":"38c3-release-keynote-chaosgpt-und-das-large-congress-model","link":"https://events.ccc.de/congress/2024/hub/event/release-keynote-chaosgpt-und-das-large-congress-model/","description":"ChaosGPT hat den Weg wie wir denken revolutioniert! Die kongresserprobte Technik wird endlich _open source_, CEO Gitte Schmitz und CRO Deliria Tremenz feiern in dieser Keynote den Release des Large Congress Model und erklären, was wirklich in AI steckt.\n\nBeim diesjährigen Kongress hat ChaosGPT erfolgreich hunderte von Anfragen prozessiert und dabei für alle erdenklichen User-Anfragen erstaunlich genaue Antworten erzeugt: und das ganz analog! Als _community-sourced_ generatives Wissensmodell wurden diese sensationellen Erfolge mit einem herausragenden Energieverbrauch von 0 kWh erreicht (in anderen Worten: extrem Klimaneutral!).\n\nWar es bisher eine Black Box? Ja! Wird es OpenSource? Auf jeden Fall!* Das Leitungsteam ist stolz, endlich den gesamten Code hinter ChaosGPT und dem Large Congress Modells (L38C3M) lüften zu können. Nach monatelanger Entwicklungszeit wird es Zeit, das Folle Potential von Analoge Intelligence an die Community zurückzugeben.**\n\nExklusiv geben CEO Gitte Schmitz und CRO Deliria Tremenz einen Einblick hinter die Kulissen des blühenden New-New-Tech StartUps. Mit spielender Leichtigkeit verbinden sie den Track **Queerness** mit dem **Digitalzwang**, und generieren mit ihren Antworten erheblichen Mehrwert für potentielle Angel Investors (und solche die es werden wollen). Lasst uns die verkannten Potentiale der AI lüften!\n\n*Die genutzte Open Source-Definition von Studio Gitte Schmitz umfasst auch die _business models_ \"Open Window\" und \"Freemium\". \n** Eventuelle Nutzungsentgelte werden weiterhin entsprechend Nutzungsordnung (NuOrG §283 Abs.15f) erhoben.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Gitte Schmitz","Deliria"],"tags":["38c3","843","2024","Entertainment","Stage HUFF"],"view_count":1004,"promoted":false,"date":"2024-12-30T00:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T12:45:08.970+02:00","length":1661,"duration":1661,"thumb_url":"https://static.media.ccc.de/media/congress/2024/843-674a7b42-d4ce-5fd1-85fa-d79148639418.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/843-674a7b42-d4ce-5fd1-85fa-d79148639418_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/843-674a7b42-d4ce-5fd1-85fa-d79148639418.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/843-674a7b42-d4ce-5fd1-85fa-d79148639418.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-release-keynote-chaosgpt-und-das-large-congress-model","url":"https://api.media.ccc.de/public/events/674a7b42-d4ce-5fd1-85fa-d79148639418","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"13d09061-168d-5e30-8ac8-eb73a3dbb35f","title":"Breaking NATO Radio Encryption","subtitle":null,"slug":"38c3-breaking-nato-radio-encryption","link":"https://events.ccc.de/congress/2024/hub/event/breaking-nato-radio-encryption/","description":"We present fatal security flaws in the HALFLOOP-24 encryption algorithm, which is used by the US military and NATO. HALFLOOP-24 was meant to safeguard the automatic link establishment protocol in high frequency radio, but our research demonstrates that merely two hours of intercepted radio traffic are sufficient to recover the secret key. In the talk, we start with the fundamentals of symmetric key cryptography before going into the details of high frequency radio, HALFLOOP-24, and the foundation of our attack.\n\nHigh frequency (HF) radio, also known as shortwave radio, is commonly used by the military, other government agencies and industries that need highly robust long-distance communication without any external infrastructures. HF radio uses frequencies between 3 and 30 MHz. These frequencies enable skywave propagation, where the radio signals are reflected by electrically charged particles in the upper atmosphere. While this effect enables communication across very large distances, historically, it required trained and experienced operators to establish a radio link.\n\nThis dependence on operators was reduced by the introduction of the automatic link establishment (ALE) protocol. In a nutshell, an ALE-enabled radio establishes a link to another radio by selecting a suitable frequency according to a propagation model and then transmitting a call frame. If the frequency is good, the other radio receives the frame and the two radios perform a handshake to set up a link. The encryption of these ALE frames is known as linking protection. It is primarily meant to protect unauthorized users from establishing links with radios in a network or interfering with established links. Additionally, encryption of ALE frames also protects the network from certain types of traffic analysis, which is the analysis of operating data such as network structure, frequencies, callsigns and schedules. The first ALE standard did not specify a cipher, but specified how to integrate a stream cipher with ALE. Later standards introduced the 56-bit key Lattice/SoDark cipher, which is now recommended to be replaced with HALFLOOP whenever possible.\n\nHALFLOOP, which is standardized in US standard [MIL-STD-188-14D](https://quicksearch.dla.mil/qsDocDetails.aspx?ident_number=67563) since 2017, is essentially a downscaled version of the Advanced Encryption Standard (AES), which effectively is the most used encryption algorithm today. While this downscaling led to many strong components in HALFLOOP, a fatal flaw in the handling of the so-called tweak enables devastating attacks. In a nutshell, by applying a technique known as differential cryptanalysis, an attacker can skip large parts of the encryption process. In turn, this makes it possible to extract the used secret key and hence enables an attacker to break the confidentiality of the ALE handshake messages and also makes an efficient denial-of-service attack possible.\n\nThese attacks are described in the two research papers, [Breaking HALFLOOP-24](https://doi.org/10.46586/tosc.v2022.i3.217-238) and [Destroying HALFLOOP-24](https://doi.org/10.46586/tosc.v2023.i4.58-82). They were initiated by the presentation of the [Cryptanalysis of the SoDark Cipher](https://doi.org/10.46586/tosc.v2021.i3.36-53), the predecessor of HALFLOOP.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Lukas Stennes"],"tags":["38c3","150","2024","Security","Saal ZIGZAG"],"view_count":32379,"promoted":false,"date":"2024-12-27T14:45:00.000+01:00","release_date":"2025-01-21T00:00:00.000+01:00","updated_at":"2026-03-30T13:00:07.936+02:00","length":3583,"duration":3583,"thumb_url":"https://static.media.ccc.de/media/congress/2024/150-13d09061-168d-5e30-8ac8-eb73a3dbb35f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/150-13d09061-168d-5e30-8ac8-eb73a3dbb35f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/150-13d09061-168d-5e30-8ac8-eb73a3dbb35f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/150-13d09061-168d-5e30-8ac8-eb73a3dbb35f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-breaking-nato-radio-encryption","url":"https://api.media.ccc.de/public/events/13d09061-168d-5e30-8ac8-eb73a3dbb35f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1f094de4-6b22-5484-9b43-9b51f2d40d11","title":"Dead Man’s Switch. An art shield to protect the life of Julian Assange","subtitle":null,"slug":"38c3-dead-man-s-switch-an-art-shield-to-protect-the-life-of-julian-assange","link":"https://events.ccc.de/congress/2024/hub/event/dead-man-s-switch-an-art-shield-to-protect-the-life-of-julian-assange/","description":"Artist Andrei Molodkin held $45million of art hostage to free Julian Assange. He vowed to dissolve Picasso, Rembrandt, Warhol and other masterpieces in acid using a dead man’s switch device inside a 29-tonne Grade 5 Safe Room if Julian Assange was to die in prison. The talk will explain the process and methodology.\n\nDead Man’s Switch is an art shield. It is not a human shield: that is what terrorists produce. Dead Man’s Switch, on the contrary, is a tool for negotiation. \n“Taking hostage” is one of the most common languages used by the power structure. In his artistic career, Andrei Molodkin, developed the method of mirroring the language of power within the formal parameters of Political Minimalism. In the case of the Dead Man’s Switch, the Medusa Gorgon mirror used to hit the power structure has been done by taking hostage the most important of capitalistic symbols, its icons and values. In this catastrophic time, to destroy art is much more taboo than to destroy the life of a person. Arianna Mondin, applied Interpol’s criminal investigation method to the field of architecture in her PhD to unveil the connection between architecture and oil. She used this method in the development strategy of Dead Man’s Switch.\nThe talk will focus on the process of realizing the Dead Man’s Switch to mirror the language of power to release Julian Assange from prison. In particular, it will clarify the operation to involve artists and collectors in participating by donating their artworks to secure the survival of the most consequential political prisoner of our times. The project involved also specialists in security, negotiation, hardware and software, all together organised in a system aimed at reprogramming the power structure.\nThe talk will conclude by explaining the technical details, software and hardware, and the conceptualisation of the counter as a method of escalation and resetting the system.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Andrei Molodkin","Arianna Mondin"],"tags":["38c3","722","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":987,"promoted":false,"date":"2024-12-27T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-20T07:45:04.829+01:00","length":2550,"duration":2550,"thumb_url":"https://static.media.ccc.de/media/congress/2024/722-1f094de4-6b22-5484-9b43-9b51f2d40d11.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/722-1f094de4-6b22-5484-9b43-9b51f2d40d11_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/722-1f094de4-6b22-5484-9b43-9b51f2d40d11.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/722-1f094de4-6b22-5484-9b43-9b51f2d40d11.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-dead-man-s-switch-an-art-shield-to-protect-the-life-of-julian-assange","url":"https://api.media.ccc.de/public/events/1f094de4-6b22-5484-9b43-9b51f2d40d11","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f47ee6a9-1045-52b3-b287-4eab1b2f4160","title":"Mal was mit Holz","subtitle":null,"slug":"38c3-mal-was-mit-holz","link":"https://events.ccc.de/congress/2024/hub/event/mal-was-mit-holz/","description":"Bildervortrag zum Thema \"Nachhaltige Inneneinrichtung\" mit Mitbringseln zum Anfassen sowie Tipps \u0026 Tricks zu Konstruktion, Gestaltung und Durchführung\n\nHolz ist als nachwachsender Rohstoff ein umweltfreundliches Baumaterial, hat als Naturprodukt jedoch seine Eigenheiten. Der Vortrag geht auf die Basics der Holzbearbeitung ein, worauf geachtet werden muss und wie stabile Verbindungen oft völlig ohne Leim oder Schrauben hergestellt werden können. Die Bilder dazu verfolgen zwei Projekte von der Konstruktionszeichnung über die rohen Bohlen bis zum fertigen Produkt und geben Einblicke in das Handwerk, das oft auch ohne Maschinen auskommen kann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Metal_Warrior"],"tags":["38c3","274","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":3014,"promoted":false,"date":"2024-12-30T00:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T17:30:04.809+02:00","length":2622,"duration":2622,"thumb_url":"https://static.media.ccc.de/media/congress/2024/274-f47ee6a9-1045-52b3-b287-4eab1b2f4160.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/274-f47ee6a9-1045-52b3-b287-4eab1b2f4160_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/274-f47ee6a9-1045-52b3-b287-4eab1b2f4160.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/274-f47ee6a9-1045-52b3-b287-4eab1b2f4160.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-mal-was-mit-holz","url":"https://api.media.ccc.de/public/events/f47ee6a9-1045-52b3-b287-4eab1b2f4160","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9c13c191-bf48-5ef5-aeb1-74d75600986d","title":"Projekt Bucketchallenge","subtitle":null,"slug":"38c3-projekt-bucketchallenge","link":"https://events.ccc.de/congress/2024/hub/event/projekt-bucketchallenge/","description":"S3 Buckets mit kübelweise privaten Daten: Finden, melden, kein Problem. Aber grundlegend was ändern? Denkste!\n\nAmazon S3 erlaubt es große Datenmengen für kleines Geld in der Cloud abzulegen. Mit dabei: Die technisch langweiligste Fehlkonfiguration gigantisch skaliert.\n\nFrei zugängliche S3-Buckets mit privaten Daten haben in den letzten Jahren häufig für Schlagzeilen gesorgt. Beispiele aus diesem Jahr sind Multifaktor-SMS oder Dokumente von Finanzdienstleistern. Wir haben uns auf den Weg gemacht um die Situation zu verstehen und zu verbessern. Dazu erklären wir, welche einzigartigen Eigenschaften wir von AWS ausgenutzt haben, um etwa 100 000 offene Buckets zu finden. Mit dabei: medizinische Daten, personenbezogene Daten, Kreditkartendaten, und und und. Wir erklären Ansätze, wie wir anhand von Dateinamen eine Idee bekommen, welche Buckets wir uns ansehen und melden sollten und welche uns nicht interessieren.\n\nDer Versuch die Situation zu verbessern lässt uns mit einer großen Enttäuschung zurück: Verantwortliche Nutzer der Cloud-Services sind nur mühsam zu ermitteln, und die Cloud-Betreiber sind leider auch keine signifikante Hilfe. Einzig die DSGVO scheint den Verantwortlichen ein kleiner Ansporn. Wir stellen dar, was unserer Erfahrung nach hilft Bucket offline zu bekommen, und wann es so gut wie aussichtslos ist.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Kaspar"],"tags":["38c3","585","2024","Security","Saal ZIGZAG"],"view_count":2941,"promoted":false,"date":"2024-12-28T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-24T20:30:07.419+01:00","length":2459,"duration":2459,"thumb_url":"https://static.media.ccc.de/media/congress/2024/585-9c13c191-bf48-5ef5-aeb1-74d75600986d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/585-9c13c191-bf48-5ef5-aeb1-74d75600986d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/585-9c13c191-bf48-5ef5-aeb1-74d75600986d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/585-9c13c191-bf48-5ef5-aeb1-74d75600986d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-projekt-bucketchallenge","url":"https://api.media.ccc.de/public/events/9c13c191-bf48-5ef5-aeb1-74d75600986d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c7f33d43-7099-5a88-bfb3-72a78f21256d","title":"Was tun, wenn man ein Datenleck entdeckt hat?","subtitle":null,"slug":"38c3-was-tun-wenn-man-ein-datenleck-entdeckt-hat","link":"https://events.ccc.de/congress/2024/hub/event/was-tun-wenn-man-ein-datenleck-entdeckt-hat/","description":"Wenn Sicherheitsforscher und Hacker Datenlecks direkt dem dafür Verantwortlichen melden, setzen sich u.U. strafrechtlichem Risiko aus oder werden auch mal schlicht ignoriert. Stattdessen kann es in der Praxis aber auch sinnvoll sein, die Möglichkeiten der DS-GVO und die Befugnisse der Datenschutz-Aufsichtsbehörden zu nutzen, um Sicherheitslücken schnell zu schließen.\n\nAnhand von Beispielen aus der Praxis zeigt der Vortrag, welche Möglichkeiten Sicherheitsforscher haben wenn sie Datenlecks gefunden haben. Eine effektive Möglichkeit kann sein, frühzeitig die Datenschutz-Aufsichtsbehörden einzuschalten, denn diese haben zahlreiche Befugnisse, mit denen sie Datenlecks schnell und effektiv schließen und Beweise sammeln können. \n\nDenn im Gegensatz z.B. zum BSI und anderen Institutionen können die Datenschutz-Aufsichtsbehörden auch außerhalb kritischer Infrastrukturen Unternehmen und Behörden anweisen, Datenlecks unverzüglich zu schließen, den Weiterbetrieb eines entsprechenden Servers untersagen und Bußgelder verhängen.\n\nDas sorgt dafür, dass Datenlecks in der Regel sehr schnell geschlossen werden können.\n\nZudem zeigt der Vortrag, welche Rechte die von einem Datenleck betroffenen Personen haben und wie die Bearbeitung solcher Fälle in der Praxis abläuft.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Alvar C.H. Freude"],"tags":["38c3","881","2024","Stage YELL"],"view_count":1134,"promoted":false,"date":"2024-12-27T16:40:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-18T22:45:06.433+01:00","length":2521,"duration":2521,"thumb_url":"https://static.media.ccc.de/media/congress/2024/881-c7f33d43-7099-5a88-bfb3-72a78f21256d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/881-c7f33d43-7099-5a88-bfb3-72a78f21256d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/881-c7f33d43-7099-5a88-bfb3-72a78f21256d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/881-c7f33d43-7099-5a88-bfb3-72a78f21256d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-was-tun-wenn-man-ein-datenleck-entdeckt-hat","url":"https://api.media.ccc.de/public/events/c7f33d43-7099-5a88-bfb3-72a78f21256d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"3ea9436f-8c47-5a7b-afb7-e1bb84a72050","title":"Fearsome File Formats","subtitle":null,"slug":"38c3-fearsome-file-formats","link":"https://events.ccc.de/congress/2024/hub/event/fearsome-file-formats/","description":"Specifications are enough, they say…\n\n10 years after 31c3's \"Funky File Formats\" …\n\nHave things improved?\n\nWith so many open-source parsers being tested and fuzzed, and widely available specs,\nwhat could go wrong with file formats nowadays ? Nothing to fear, right?\n\nLet's explore even darker corners of their landscape!\nEven extreme simplicity can misleadingly lead to unexpected challenges.\nAnd at the other end of the spectrum, new complex constructs appeared over the years:\nnear-polyglots, timecryption, hashquines … Even AI is an element of the game now.\n\nLet's play FileCraft, and enjoy the ride!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Ange Albertini"],"tags":["38c3","32","2024","Security","Saal 1"],"view_count":13980,"promoted":false,"date":"2024-12-28T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-27T10:15:05.365+01:00","length":2747,"duration":2747,"thumb_url":"https://static.media.ccc.de/media/congress/2024/32-3ea9436f-8c47-5a7b-afb7-e1bb84a72050.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/32-3ea9436f-8c47-5a7b-afb7-e1bb84a72050_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/32-3ea9436f-8c47-5a7b-afb7-e1bb84a72050.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/32-3ea9436f-8c47-5a7b-afb7-e1bb84a72050.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-fearsome-file-formats","url":"https://api.media.ccc.de/public/events/3ea9436f-8c47-5a7b-afb7-e1bb84a72050","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d73d780d-d98e-5e2b-b253-efa523fb82ab","title":"Automation and Empathy: Can We Finally Replace All Artistic Performers with Machines?","subtitle":null,"slug":"38c3-automation-and-empathy-can-we-finally-replace-all-artistic-performers-with-machines","link":"https://events.ccc.de/congress/2024/hub/event/automation-and-empathy-can-we-finally-replace-all-artistic-performers-with-machines/","description":"In this talk, artist and robotic musician Moritz Simon Geist explores whether robots and avatars can establish an emotional connection with a human audience, and examines the implications this has for arts and culture.\n\nAlgorithms and machines are transforming how artworks are produced - but can they replicate the complex psychosocial capacity of empathy in performative arts like music and theater? \nMoritz offers an example-based overview of the history of non-human performers in the arts and shares current state-of-the-art projects in this field. He discusses his personal journey of combining engineering with art, highlighting projects like the \"MR-808 Drum Robot\" and automated installations like \"Don't Look at Me.\" Through these works, he examines how robotic performers impact audience perception and emotional engagement.\nThe talk asks critical questions: How do machines alter the psychosocial dynamics of performance? What are the minimal structures needed to evoke an empathetic response from the audience? How does the concept of the Uncanny Valley, as proposed by Masahiro Mori, influence our reactions to non-human performers?\nSo - can we automate empathy? Let's find out!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["moritz simon geist"],"tags":["38c3","327","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":469,"promoted":false,"date":"2024-12-28T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-07T21:45:15.102+01:00","length":2464,"duration":2464,"thumb_url":"https://static.media.ccc.de/media/congress/2024/327-d73d780d-d98e-5e2b-b253-efa523fb82ab.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/327-d73d780d-d98e-5e2b-b253-efa523fb82ab_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/327-d73d780d-d98e-5e2b-b253-efa523fb82ab.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/327-d73d780d-d98e-5e2b-b253-efa523fb82ab.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-automation-and-empathy-can-we-finally-replace-all-artistic-performers-with-machines","url":"https://api.media.ccc.de/public/events/d73d780d-d98e-5e2b-b253-efa523fb82ab","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"17918b07-99c8-5154-8abe-e5f45865a1e9","title":"Postpartum Punk: make space for unfiltered creativity","subtitle":null,"slug":"38c3-postpartum-punk-make-space-for-unfiltered-creativity","link":"https://events.ccc.de/congress/2024/hub/event/postpartum-punk-make-space-for-unfiltered-creativity/","description":"After years as a journalist and filmmaker covering topics like crypto, holocaust and showbiz, everything changed for me 3 years ago after the birth of my daughter. \n\nWhile I haven't planned to be a mother, I decided to keep this pregnancy at 41, however this grass turn out to be too high for lawn mower – I was ready to go for a rave, not to be locked in a baby dark room for 3 years. \n\nI felt like my brain had been reprogrammed overnight. The analytical mindset I once relied on—quick to analyse, explore, and understand complex topics—seemed to vanish, replaced by a simpler, instinct-driven state that prioritized pure survival and nurturing yet mixed with unhinged chaos, aux naturelle psychedelic downloads plus no sense of inhibition or fear of being seen. \n\nHand cuffed to a rainbow I was gazing at the black clouds. \n\nDespite the shock at this involuntarily IQ transplant, I quickly realised this new mind-tool-set was all in all fulfilling and liberating.\n\nI became my own fire brigade with an alternative emergency strap-on.\n\nWithout the pressure to think analytically, I began channelling this raw energy into my joke band PUShY PUShY PUShY, creating what I now call postpartum punk movement. \n\nThe idea caught on – this summer we have been featured in the Guardian and The New Yorker. \n\nThis fuels my missionarism towards another level: how can we embrace this wild, intuitive mindset, not only as parents but as people? And could new technologies help us experience or even learn from this state?\n\nIn this talk, I’ll share my story and propose some solutions to help people connect and utilise with this raw, abstract, flippant side of the mind, whether or not they’ve experienced parenthood: haptic births, transcranial nursering, chaos VR sessions, neurofeedback baths, quantum aerobics, algorithm jams, and 'Near-Birth-Experiences'\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["-","Ania Poullain-Majchrzak"],"tags":["38c3","421","2024","Art \u0026 Beauty","Saal 1"],"view_count":495,"promoted":false,"date":"2024-12-29T21:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T10:00:04.274+02:00","length":2231,"duration":2231,"thumb_url":"https://static.media.ccc.de/media/congress/2024/421-17918b07-99c8-5154-8abe-e5f45865a1e9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/421-17918b07-99c8-5154-8abe-e5f45865a1e9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/421-17918b07-99c8-5154-8abe-e5f45865a1e9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/421-17918b07-99c8-5154-8abe-e5f45865a1e9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-postpartum-punk-make-space-for-unfiltered-creativity","url":"https://api.media.ccc.de/public/events/17918b07-99c8-5154-8abe-e5f45865a1e9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b60289a7-f1dc-5026-89d6-406341911917","title":"Die Geschlechter denen die sie hacken: Selbstbestimmungsgesetz, Pinke Listen, Überwachungsstaat","subtitle":null,"slug":"38c3-die-geschlechter-denen-die-sie-hacken-selbstbestimmungsgesetz-pinke-listen-berwachungsstaat","link":"https://events.ccc.de/congress/2024/hub/event/die-geschlechter-denen-die-sie-hacken-selbstbestimmungsgesetz-pinke-listen-berwachungsstaat/","description":"Selbstbestimmung ein grundlegendes Prinzip des Hacken, ob technologisch oder geschlechtlich. Doch was wenn Selbstbestimmung nur bedingt umsetzbar ist- im besten Fall und mit staatlicher Repression als Standard?\nSelbstbestimmung selbst gemacht ist eine trans, inter, nonbinäre Aktionsgruppe deren Name Programm ist. Wir wollen das System hacken um wir selbst zu sein, Überwachungsfrei und mit (Kranken)Versicherung. Ob mögliche Informationsweitergabe/Offenbarungsgebot, für alle Menschen, ob Cis oder TIN*, das in letzter Minute für die Bezahlkarte aus dem mangelhaften „Selbstbestimmungs“Gesetz (SBSG) genommen wurde oder die Sabotage und Unmöglichmachung von geschlechtaffirmierender Gesundheitsversorgung- wir stehen wie migrantische Menschen im Mittelpunkt von staatlicher Überwachungsliebe und faschistischer Auslöschungsfantasien, jedoch unbeachtet im Chaos.\nWir wollen dies ändern- hier, dieses Jahr und für alle Zeit. Wir werden den Prozess des SBSG ergründen, den Zusammenhang von (Un)Sicherheitspaket, Überwachungsmaßnahmen und Transsein herstellen wie auch ganz nebenbei illegalisierte Praktiken versichern, durch die Geschlechts-zusatzversicherung. Nur eure Bühne wird gebraucht und die Tastaturen unser aller Geschwister.\n\nTrans*, inter*, nicht-binäre (TIN*) Rechte und Datensicherheit gehen Hand in Hand. Das wollen wir in diesem Beitrag konkretisieren und für mehr Vernetzung zwischen Digitaler (Grund)rechte-/Datensicherheits-szene und TIN* Aktivismus eintreten. Dabei werden Zusammenhänge zwischen (Un)Sicherheitspaket, Überwachungsmaßnahmen und trans Geschlechtlichkeit erkundet und mit konkreten Gesetzesvorschlägen und aktivistischen Aktionen beantwortet, wie auch ein Einblick in die Teils starken parallelen In den Gesetzgebungsprozessen ermöglicht.\n\nSeit 01.11.2024 ist in Deutschland das neue Selbstbestimmungsgesetz (SBGG) in Kraft, das die Änderung von Namens- und Geschlechtseinträgen für TIN* Personen erleichtern soll. Drei Tage vor der Verabschiedung des SBGG am 12.4.2024 wurde dabei das sogenannte “Offenbarungsgebot” im Tausch für die Bezahlkarte für Asylbewerbende aus dem Gesetz herausverhandelt: Insbesondere das Bundesinnenministerium wollte gern eine automatische Weiterleitung persönlicher Daten, darunter Adresse, alter und neuer Geschlechtseintrag, an elf staatliche Institutionen, darunter BKA, Verfassungsschutz, [wie heißen die nochmal richtig: Schwarzgelddezernat und illegale Waffen]. Zu den daraus resultierenden “pinken Listen” ist es nicht gekommen. Allerdings nur unter der Zusicherung, dass die entsprechende Überwachungsmaßnahme für alle Personenstandsänderungen verbindlich wird - das umfasst Eheschließungen, Adoption etc. Eine entsprechende Absichtserklärung sollte im Dezember in den Bundestag gegeben und beschlossen werden, letztlich und vermutlich aber durch das Ende der Ampel vereitelt wurde. Ob, wie und in welcher Form dieses Vorhaben weiterbesteht ist zum jetzigen Zeitpunkt unklar.\n\nDatensicherheit und TIN* Rechte überschneiden sich hier unmittelbar. TIN* Personen werden gegen die Privatsphäre aller Menschen instrumentalisiert. In diesem Beitrag wollen wir darlegen, wie es dazu gekommen ist. Wir wollen auch erörtern, was daran schlecht ist und was wir tun können. Dazu werden wir unter andere die Abschnitte und Anschlussmöglichkeiten zur Datensicherheit aus unserem selbst geschriebenen, community produzierten Selbstbestimmungsgesetz 2.0 vorstellen. Wir wollen aber auch Vorschläge zu konkreten aktivistischen Aktionen machen. Dafür brauchen wir eure Bühne - und die Tastaturen unser aller Geschwister.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jyn","Luce und Zoe für die Queerokratie","Nephthys","Luce deLire"],"tags":["38c3","534","2024","Ethics, Society \u0026 Politics","Saal ZIGZAG"],"view_count":1592,"promoted":false,"date":"2024-12-27T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T15:00:06.226+01:00","length":2478,"duration":2478,"thumb_url":"https://static.media.ccc.de/media/congress/2024/534-b60289a7-f1dc-5026-89d6-406341911917.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/534-b60289a7-f1dc-5026-89d6-406341911917_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/534-b60289a7-f1dc-5026-89d6-406341911917.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/534-b60289a7-f1dc-5026-89d6-406341911917.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-die-geschlechter-denen-die-sie-hacken-selbstbestimmungsgesetz-pinke-listen-berwachungsstaat","url":"https://api.media.ccc.de/public/events/b60289a7-f1dc-5026-89d6-406341911917","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"3266d556-4be7-546a-a54c-238206ac9cc2","title":"KI nach dem Kapitalismus: Hat ChatGPT in der besseren neuen Welt einen Platz?","subtitle":null,"slug":"38c3-ki-nach-dem-kapitalismus-hat-chatgpt-in-der-besseren-neuen-welt-einen-platz","link":"https://events.ccc.de/congress/2024/hub/event/ki-nach-dem-kapitalismus-hat-chatgpt-in-der-besseren-neuen-welt-einen-platz/","description":"Unsere Welt funktioniert nur, wenn sich immer neue Bereiche finden, in denen Profite erbeutet werden können. Nach Blockchain, Metaverse und Web3 ist \"Künstliche Intelligenz\" die neueste Wette der Tech-Investoren auf kräftige Gewinne. Ob \"KI\" tatsächlich irgendeinen gesellschaftlichen Wert hat, ist dabei völlig nebensächlich. Was tun wir also mit \"KI\" nach dem Kapitalismus? Brauchen wir Large Language Models überhaupt in einer Welt, die radikal auf Kooperation statt Konkurrenz, auf Bedürfniserfüllung statt Profit und auf Solidarität statt Privateigentum basiert?\n\nIn diesem Talk besprechen wir, was gegenwärtige \"KI\" ist, wie sich ökonomische Macht in \"KI\" zeigt und wie sich \"KI\" in die breitere Debatte um Technologiekritik einordnet. Wir fragen uns, was man mit Mustererkennung, Deep Learning und Sprachmodellen überhaupt anfangen will in der besseren Welt nach der Revolution und ob uns eine Technologie wie \"KI\" auf dem Weg dahin helfen kann oder eher behindert.\n\nDer Talk wird zu gleichen Teilen von Malte Engeler und Sandra Sieron gehalten.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Malte Engeler","Sandra Sieron"],"tags":["38c3","161","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":2443,"promoted":false,"date":"2024-12-29T17:35:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T14:15:05.004+02:00","length":1931,"duration":1931,"thumb_url":"https://static.media.ccc.de/media/congress/2024/161-3266d556-4be7-546a-a54c-238206ac9cc2.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/161-3266d556-4be7-546a-a54c-238206ac9cc2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/161-3266d556-4be7-546a-a54c-238206ac9cc2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/161-3266d556-4be7-546a-a54c-238206ac9cc2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ki-nach-dem-kapitalismus-hat-chatgpt-in-der-besseren-neuen-welt-einen-platz","url":"https://api.media.ccc.de/public/events/3266d556-4be7-546a-a54c-238206ac9cc2","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d3fd8a6a-97e9-587e-8e30-9042cac58e3d","title":"AI Meets Git: Unmasking Security Flaws in Qodo Merge","subtitle":null,"slug":"38c3-ai-meets-git-unmasking-security-flaws-in-qodo-merge","link":"https://events.ccc.de/congress/2024/hub/event/ai-meets-git-unmasking-security-flaws-in-qodo-merge/","description":"The whole world is talking about AI, and developers are no exception. When a developer hears about a tool that can help them handle git pull requests using AI, it is likely that they will start using it for their open source project.\n\nThis is precisely what's happening with Qodo Merge (formerly PR-Agent), an open source tool that can help review and handle git pull requests by using AI to provide feedback and suggestions to developers. It is getting adopted by more and more open source projects, including popular ones.\n\nIt is so easy to add new features by relying on external tools, yet the consequences on security can be catastrophic.\n\nIndeed, if the tool contains security vulnerabilities, the project using it may become vulnerable too and may grant anyone permissions to perform unexpected actions without realizing it. But everyone wants to use AI so security may be overlooked.\n\nWe found multiple vulnerabilities in Qodo Merge that may lead to privilege escalation on Gitlab, getting write access to Github repositories and leaking Github repository secrets. Additionally we found multiple high profile Github repositories using Qodo Merge with a configuration that makes them vulnerable, such as highly popular projects, government official repositories, self-driving automotive industry projects, blockchains and more.\n\nIn this talk we go through what Qodo Merge is, how it can be used, how it works, how it can be exploited, what projects are affected and what are the impacts. We also mention remediation steps to fix these issues.\n\nQodo (formerly CodiumAI) develops an open source tool called Qodo Merge (formerly PR-Agent). This tool can be setup to automatically analyze pull requests on a Gitlab, Github or Bitbucket project.\n\nQodo Merge uses AI to perform various tasks that may help a developer handle a pull request, such as:\n* Summarizing a pull request\n* Suggesting code changes to improve a pull request\n* Generating a CHANGELOG file entry for a pull request\n* Answering questions about a pull request\n* and more\n\nIn this talk, we describe vulnerabilities we found in Qodo Merge that may lead to privilege escalation on Gitlab, write access to Github repositories and leaking secrets of Github repositories.\n\nWe mention popular open source projects that are vulnerable because they started using Qodo Merge, and discuss how to protect your project from these attacks.\n\nWe also talk about the multiple ways we tried to report those vulnerabilities to the developers of Qodo Merge and the lack of a way for security people to contact them. Finally, we describe the current security posture of the project regarding the vulnerabilities we found.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Nils Amiet"],"tags":["38c3","347","2024","Security","Saal ZIGZAG"],"view_count":1247,"promoted":false,"date":"2024-12-29T12:00:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-20T15:00:05.896+01:00","length":2450,"duration":2450,"thumb_url":"https://static.media.ccc.de/media/congress/2024/347-d3fd8a6a-97e9-587e-8e30-9042cac58e3d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/347-d3fd8a6a-97e9-587e-8e30-9042cac58e3d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/347-d3fd8a6a-97e9-587e-8e30-9042cac58e3d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/347-d3fd8a6a-97e9-587e-8e30-9042cac58e3d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ai-meets-git-unmasking-security-flaws-in-qodo-merge","url":"https://api.media.ccc.de/public/events/d3fd8a6a-97e9-587e-8e30-9042cac58e3d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"98c72b58-744d-5dc7-bf58-45254ce87c00","title":"From Silicon to Sovereignty: How Advanced Chips are Redefining Global Dominance","subtitle":null,"slug":"38c3-from-silicon-to-sovereignty-how-advanced-chips-are-redefining-global-dominance","link":"https://events.ccc.de/congress/2024/hub/event/from-silicon-to-sovereignty-how-advanced-chips-are-redefining-global-dominance/","description":"Recent breakthroughs in machine learning have dramatically heightened the demand for cutting-edge computing chips, driving advancements in semiconductor technologies. At the forefront of this progress is Extreme Ultraviolet (EUV) lithography—a transformative method in microchip fabrication that enables the creation of ultra-small, high-performance devices. However, the path from raw materials to these state-of-the-art chips navigates a complex global supply chain riddled with technical challenges and geopolitical tensions. As nations vie for dominance in computing power, control over this supply chain has emerged as a strategic priority, featuring prominently in a high-stakes competition with global implications. Designed for all audiences, this talk explores the critical intersection of science, technology and global affairs shaping our future.\n\nThis talk centres on the advanced technical processes required to manufacture state-of-the-art computer chips, tracing the journey from raw materials to ultra-miniaturized circuits. We will explore each critical stage in this complex process, beginning with the refinement of ultrapure quartz and progressing through wafer production to the advanced lithography techniques that enable feature sizes down to just a few nanometers—all executed not merely in a laboratory but at an industrial scale that pushes the boundaries of what is technologically possible.\n\nA particular emphasis will be placed on Extreme Ultraviolet (EUV) lithography, a revolutionary technique essential for achieving these ultra-small scales. EUV lithography not only represents the core technological challenge in chip fabrication but also holds a pivotal position in the global semiconductor supply chain, placing it at the intersection of scientific innovation and international politics. The talk will address both the underlying physics and the geopolitical significance of this technology, as nations increasingly view control over semiconductor production as a strategic asset.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Thorsten Hellert"],"tags":["38c3","410","2024","Hardware \u0026 Making","Saal ZIGZAG"],"view_count":9762,"promoted":false,"date":"2024-12-27T19:15:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-04-02T23:15:05.867+02:00","length":2401,"duration":2401,"thumb_url":"https://static.media.ccc.de/media/congress/2024/410-98c72b58-744d-5dc7-bf58-45254ce87c00.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/410-98c72b58-744d-5dc7-bf58-45254ce87c00_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/410-98c72b58-744d-5dc7-bf58-45254ce87c00.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/410-98c72b58-744d-5dc7-bf58-45254ce87c00.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-from-silicon-to-sovereignty-how-advanced-chips-are-redefining-global-dominance","url":"https://api.media.ccc.de/public/events/98c72b58-744d-5dc7-bf58-45254ce87c00","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b34a47c0-4f31-5c3e-9384-afab6f7e365f","title":"38C3: Return to legal constructions","subtitle":null,"slug":"38c3-38c3-return-to-legal-constructions","link":"https://events.ccc.de/congress/2024/hub/event/38c3-return-to-legal-constructions/","description":"Let's join in a quiet moment to bid farewell to the chaotic wonderland that has been 38C3 and prepare ourselves for the harsh reality outside.\n\nGather round and take a deep breath and enjoy the unique atmosphere before you will feel the spirit again at the next hacker event close to you.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Senficon","Gabriela Bogk","Aline Blankertz"],"tags":["38c3","37","2024","CCC","Saal 1"],"view_count":2754,"promoted":false,"date":"2024-12-30T18:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T18:30:07.077+02:00","length":1888,"duration":1888,"thumb_url":"https://static.media.ccc.de/media/congress/2024/37-b34a47c0-4f31-5c3e-9384-afab6f7e365f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/37-b34a47c0-4f31-5c3e-9384-afab6f7e365f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/37-b34a47c0-4f31-5c3e-9384-afab6f7e365f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/37-b34a47c0-4f31-5c3e-9384-afab6f7e365f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-38c3-return-to-legal-constructions","url":"https://api.media.ccc.de/public/events/b34a47c0-4f31-5c3e-9384-afab6f7e365f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f7a65ad7-da22-5821-b071-ded5e66ef6fe","title":"Digitalisierung mit der Brechstange","subtitle":null,"slug":"38c3-digitalisierung-mit-der-brechstange","link":"https://events.ccc.de/congress/2024/hub/event/digitalisierung-mit-der-brechstange/","description":"Fünf Prozent der Bevölkerung im Alter von 16 bis 74 Jahren in Deutschland sind offline. Dafür gibt es verschiedenen Gründe: Manche wollen nicht ins Netz und manche können nicht. Dennoch gibt es zunehmend auch öffentliche Dienstleistungen nur noch digital.\n\nDas wäre kein Problem, wenn gewährleistet wäre, dass alle Zugang zu Geräte, zum Netz und die nötige Unterstützung haben, um die Angebote nutzen zu können. Und wenn wir darauf vertrauen könnten, dass unsere Daten dort sicher sind. \n\nSolange beides nicht gegeben ist, darf niemand ausgeschlossen werden, weil der Zugang fehlt.\n\nMenschen, die noch immer nicht online sind, sind älter, arm, häufig weiblich, manchmal behindert, sind keine Akademiker*innen oder arbeiten in Jobs, bei denen sie nicht vor Computern sitzen. \n\nAber auch durchaus IT-affine Menschen geraten mal ins Straucheln, wenn der Akku vom Gerät mit dem digitalen Ticket nicht mehr mitmacht oder das Funkloch verhindert, dass die digitale Bahncard aktualisiert werden kann, wenn die Kontrolle kommt. \n\nStatt dafür zu sorgen, dass die nötige Infrastruktur läuft und alle die Unterstützung bekommen, die sie brauchen, um die immer anders aussehenden digitalen Behördengänge erledigen zu können, setzt die Bundesregierung auf Zuckerbrot und Peitsche. Es gab Geschenke wie den Kulturpass für 18-Jährige oder eine 200-Euro-Einmalzahlung für Studierende, aber die gab es nur für die, die sie online beantragten. Es wird akzeptiert, dass Post- und Bankfilialen durch Online-Angebote ersetzt werden. Alle, die damit nicht klarkommen, werden höchstens belächelt. Aber das betrifft nicht wenige Menschen, die angesichts dieser Digitalisierung mit der Brechstange im Regen stehen. Sie sind oft so schon auf die eine oder andere Weise benachteiligt und nun durch rein digitale Angebote noch weiter abgehängt. Im Idealfall sollte Digitalisierung das Leben vereinfachen. Tatsächlich trägt diese Digitalisierung zu noch mehr gesellschaftlicher Spaltung bei. \n\nDieser Talk beleuchtet, wen das betrifft und warum, und zeigt Beispiele für Dienstleistungen und Angebote, die nur online zu haben sind – und für die, die keine Skrupel haben angesichts der häufig wenig vertrauenserweckenden Umsetzung. Schließlich wird es auch darum gehen, was nötig wäre, um diese Situation zu ändern.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Anne Roth"],"tags":["38c3","599","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":10063,"promoted":false,"date":"2024-12-28T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-27T14:15:05.011+01:00","length":2383,"duration":2383,"thumb_url":"https://static.media.ccc.de/media/congress/2024/599-f7a65ad7-da22-5821-b071-ded5e66ef6fe.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/599-f7a65ad7-da22-5821-b071-ded5e66ef6fe_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/599-f7a65ad7-da22-5821-b071-ded5e66ef6fe.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/599-f7a65ad7-da22-5821-b071-ded5e66ef6fe.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-digitalisierung-mit-der-brechstange","url":"https://api.media.ccc.de/public/events/f7a65ad7-da22-5821-b071-ded5e66ef6fe","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"415dc303-56fa-5127-aa84-3a20fcb22cde","title":"Breaking the Mirror – A Look at Apple’s New iPhone Remote Control Feature","subtitle":null,"slug":"38c3-breaking-the-mirror-a-look-at-apple-s-new-iphone-remote-control-feature","link":"https://events.ccc.de/congress/2024/hub/event/breaking-the-mirror-a-look-at-apple-s-new-iphone-remote-control-feature/","description":"Exploring the security of the new iPhone Mirroring feature as well as the current threat model of the iOS ecosystem\n\nThe tight integration between devices is something you only get in Apple’s Continuity ecosystem. It enables seamless interaction between devices, such as using your iPhone as a webcam for your Mac and even letting an iPad act as a second screen with stylus input. \n\nAll of this relies on Apple’s Continuity framework, a system that builds on local wireless protocols such as Bluetooth and Wi-Fi to communicate among a user’s devices. The interactions enabled between the devices result in a complex threat model that researchers have started to explore over the past years.\n\nThis summer, Apple newly introduced iPhone Mirroring, a feature that allows users to remote control their locked iPhone wirelessly from their Mac, further blurring the security boundaries in the ecosystem. \n\nHow does this new feature work? Are the security and privacy checks introduced for iPhone Mirroring sufficient or is it possible to trick the system? What do they protect against and how might this differ from how iOS devices are used in practice? In this talk, you will get demos and explanations of bypasses found in early versions of the iOS 18 beta along with an explanation of why and how they work.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Aaron Schlitt"],"tags":["38c3","786","2024","Stage YELL"],"view_count":16015,"promoted":false,"date":"2024-12-27T11:00:00.000+01:00","release_date":"2025-01-08T00:00:00.000+01:00","updated_at":"2026-03-20T19:45:06.152+01:00","length":1803,"duration":1803,"thumb_url":"https://static.media.ccc.de/media/congress/2024/786-415dc303-56fa-5127-aa84-3a20fcb22cde.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/786-415dc303-56fa-5127-aa84-3a20fcb22cde_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/786-415dc303-56fa-5127-aa84-3a20fcb22cde.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/786-415dc303-56fa-5127-aa84-3a20fcb22cde.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-breaking-the-mirror-a-look-at-apple-s-new-iphone-remote-control-feature","url":"https://api.media.ccc.de/public/events/415dc303-56fa-5127-aa84-3a20fcb22cde","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d05bfa58-e6b8-5c35-b271-191e1d09de6a","title":"Gemeinwohlorientierte Forschung mit KI: Missbrauch eindämmen durch Zweckbindung für KI-Modelle","subtitle":null,"slug":"38c3-gemeinwohlorientierte-forschung-mit-ki-missbrauch-eindmmen-durch-zweckbindung-fr-ki-modelle","link":"https://events.ccc.de/congress/2024/hub/event/gemeinwohlorientierte-forschung-mit-ki-missbrauch-eindmmen-durch-zweckbindung-fr-ki-modelle/","description":"Trainierte KI-Modelle sind mächtige Werkzeuge, die in Wissenschaft und Forschung oft für gute Zwecke gebaut werden. Aber wie alle Werkzeuge können sie auch zweckentfremdet werden – in Bereichen, für die sie nicht gedacht waren, in denen sie profitgierigen Interessen dienen und gesellschaftlichen Schaden anrichten. Vor dem Hintergrund des Trends von \"open source\" AI ist die Gefahr der unkontrollierten Zweckentfremdung von KI-Modellen enorm gestiegen. Wir zeigen: Das Risiko einer missbräuchlichen Sekundärnutzung von für Forschungszwecke trainierten KIs ist aktuell die größte regulatorische Lücke, trotz DSGVO und AI-Act. Zugleich ermöglicht das Zweckentfremden von Modellen die immer weiter wachsende Machtposition von Big Tech. Um das Problem zu bekämpfen, muss das Prinzip \"Zweckbindung\" für das Zeitalter der KI geupdated werden.\n\nSkandale wie die Weitergabe von Forschungsdaten der UK Biobank an Versicherungsunternehmen zeigen ein typisches, aber oft übersehenes Risiko im Zusammenhang mit KI: Modelle und Trainingsdaten, die eigentlich dem Gemeinwohl dienen sollten, werden im Schatten der öffentlichen Aufmerksamkeit, jedoch ohne geltendes Recht zu verletzen, für diskriminierende, manipulative und profitorientierte Zwecke zweitverwendet. Wer etwa in der medizinischen Forschung ein Modell zur Erkennung von psychischen Krankheiten anhand von Audiodaten (Stimmaufzeichnung) baut, kann dieses Modell auch außerhalb des medizinischen Kontexts auf beliebige Individuen anwenden – und zum Beispiel bei Video-Bewerbungsgesprächen ein automatisiertes Risiko Scoring damit machen (unsere Beispiele zeigen, dass daran gerade großes Interesse besteht). Der Besitz trainierter KI-Modelle stellt eine enorme Konzentration von Informationsmacht dar – und mit dieser Macht geht ein Missbrauchspotenzial einher, wenn die Tools z.B. in einen kommerziellen Kontext übertragen werden. \nZum Schutz unserer Gesellschaft vor Missbrauch KI-basierter Forschung müssen wir deshalb die Zirkulation trainierter KI-Modelle und anonymisierter Trainingsdaten unter demokratische Kontrolle stellen. Wir brauchen ein Regulierungskonzept, das offene Forschungszwecke ermöglicht und gleichzeitig kommerziellen Missbrauch verhindert. Modelle mit allgemeinem Verwendungszweck wie sie die KI-VO legitimiert, sollte es nicht geben. Als Lösung holen wir das alte, bei der Industrie verhasste und in der Politik fast schon vergessene Datenschutzprinzip der Zweckbindung aus der Mottenkiste und aktualisieren es für die Kontrolle von KI. \nUnser Regulierungsvorschlag einer \"Zweckbindung für KI-Modelle\" beruht auf unserer mehrjährigen interdisziplinären Forschung zwischen Ethik, Rechtswissenschaft und Informatik.\n\nBackground Readings und weitere Infos: \u003ca href=\"https://purposelimitation.ai\"\u003ehttps://purposelimitation.ai\u003c/a\u003e\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rainer Mühlhoff","Hannah Ruschemeier"],"tags":["38c3","460","2024","Science","Saal ZIGZAG"],"view_count":1511,"promoted":false,"date":"2024-12-28T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T12:30:06.435+01:00","length":2511,"duration":2511,"thumb_url":"https://static.media.ccc.de/media/congress/2024/460-d05bfa58-e6b8-5c35-b271-191e1d09de6a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/460-d05bfa58-e6b8-5c35-b271-191e1d09de6a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/460-d05bfa58-e6b8-5c35-b271-191e1d09de6a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/460-d05bfa58-e6b8-5c35-b271-191e1d09de6a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-gemeinwohlorientierte-forschung-mit-ki-missbrauch-eindmmen-durch-zweckbindung-fr-ki-modelle","url":"https://api.media.ccc.de/public/events/d05bfa58-e6b8-5c35-b271-191e1d09de6a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"76e6d65e-7bdd-50bc-8700-d777e05a8eca","title":"BinDa, die flexible Anwesenheitserfassung für Schulen","subtitle":"","slug":"38c3-binda-die-flexible-anwesenheitserfassung-fr-schulen","link":"https://events.ccc.de/congress/2024/hub/event/binda-die-flexible-anwesenheitserfassung-fr-schulen/","description":"Im Rahmen eines vom Prototype Fund geförderten Projektes entstand zusammen mit 4 Schulen die Open Source Software BinBa. Diese Software wurde in enger Zusammenarbeit mit den Schulen konzipiert, umgesetzt und in Betrieb genommen. \r\nIn dem Talk soll der Weg über die Finanzierung mit Hilfe des Prototyp Funds, die Softwareentwicklung zusammen mit den LehrerInnen und SchülerInnen also auch die Inbetriebnahme beleuchtet werden.\r\n\r\nMit dem Talk soll Mut gemacht werden, mehr freie Software zu schaffen, die sich in die IT Landschaft von Schulen gut einfügt und die Bedürfnisse von Schulen in den Vordergrund stellt. \r\nIm Rahmen des Projektes wurde viel Wert darauf gelegt, eine klare Abgrenzung zu existierenden Lösungen an den Schulen im Blick zu behalten und Daten mittels Integration aus diesen Lösungen zu übernehmen. Das ganze unter einer freien Lizenz und freier Software. \r\nSchulIT ist oft geprägt von abgeschlossenen Systemen, die sich nur unzureichend in existerende Lösungen einbinden lassen. Dies endet dann all zu oft in Mehrarbeit, Dateninkonsistenzen und viel Frustration bei allen Beteiligten. \r\nWir möchten mit dem Projekt einen kleinen Impuls liefern, die Art und Weise wie heute Software für Schulen entsteht zu überdenken und auch konkrete Vorschläge dafür liefern.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["derMicha"],"tags":["38c3","902","2024","Stage YELL"],"view_count":9078,"promoted":false,"date":"2024-12-27T14:45:00.000+01:00","release_date":"2024-12-27T00:00:00.000+01:00","updated_at":"2026-03-26T00:15:05.124+01:00","length":2255,"duration":2255,"thumb_url":"https://static.media.ccc.de/media/congress/2024/902-76e6d65e-7bdd-50bc-8700-d777e05a8eca.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/902-76e6d65e-7bdd-50bc-8700-d777e05a8eca_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/902-76e6d65e-7bdd-50bc-8700-d777e05a8eca.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/902-76e6d65e-7bdd-50bc-8700-d777e05a8eca.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-binda-die-flexible-anwesenheitserfassung-fr-schulen","url":"https://api.media.ccc.de/public/events/76e6d65e-7bdd-50bc-8700-d777e05a8eca","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a3bb1ec3-9949-51ab-93db-2d628f5b4242","title":"PC-Abkürzungen: Eine Lesung","subtitle":null,"slug":"38c3-pc-abkrzungen-eine-lesung","link":"https://events.ccc.de/congress/2024/hub/event/pc-abkrzungen-eine-lesung/","description":"Ich lese aus einem antiken Werk zu Computerablürzungen vor\n\nAbkürzungen können alle verwirren, die sich noch nicht länger mit Computern beschäftigen. Aber auch der:dem Veteran:in sind nicht alle Abkürzungen bekannt oder weißt Du, dass IFE für intelligent front end steht, CAFS für Content Adressable File System oder RUN der Befehl ist, um Programme in BASIC auszuführen? Dieser Missstand muss behoben werden und wird es durch eine Lesung aus einem Kompendium gängiger PC-Abkürzungen. Damit auch was für Kenner:innen dabei ist, stammt das Kompendium aus 1994.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["hexchen"],"tags":["38c3","678","2024","Entertainment","Stage YELL"],"view_count":1642,"promoted":false,"date":"2024-12-30T00:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T10:45:05.076+02:00","length":1284,"duration":1284,"thumb_url":"https://static.media.ccc.de/media/congress/2024/678-a3bb1ec3-9949-51ab-93db-2d628f5b4242.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/678-a3bb1ec3-9949-51ab-93db-2d628f5b4242_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/678-a3bb1ec3-9949-51ab-93db-2d628f5b4242.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/678-a3bb1ec3-9949-51ab-93db-2d628f5b4242.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-pc-abkrzungen-eine-lesung","url":"https://api.media.ccc.de/public/events/a3bb1ec3-9949-51ab-93db-2d628f5b4242","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"19b141f2-0f27-5d84-9e90-0d2474d37b7e","title":"Fnord-Nachrichtenrückblick 2024","subtitle":null,"slug":"38c3-fnord-nachrichtenrckblick-2024","link":"https://events.ccc.de/congress/2024/hub/event/fnord-nachrichtenrckblick-2024/","description":"Wir zeigen euch die Fnords in den Nachrichten des Jahres.\n\nEndlich wieder ein normaler Ausklang fürs Jahr!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Fefe","Atoth"],"tags":["38c3","215","2024","Entertainment","Saal 1"],"view_count":94891,"promoted":false,"date":"2024-12-28T01:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T22:30:06.343+02:00","length":5858,"duration":5858,"thumb_url":"https://static.media.ccc.de/media/congress/2024/215-19b141f2-0f27-5d84-9e90-0d2474d37b7e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/215-19b141f2-0f27-5d84-9e90-0d2474d37b7e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/215-19b141f2-0f27-5d84-9e90-0d2474d37b7e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/215-19b141f2-0f27-5d84-9e90-0d2474d37b7e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-fnord-nachrichtenrckblick-2024","url":"https://api.media.ccc.de/public/events/19b141f2-0f27-5d84-9e90-0d2474d37b7e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"85d3fc62-fa24-5040-9a18-70628dea4249","title":"Warum Nutzende Logins nerven","subtitle":null,"slug":"38c3-warum-nutzende-logins-nerven","link":"https://events.ccc.de/congress/2024/hub/event/warum-nutzende-logins-nerven/","description":"Die Verwendung von Nutzernamen und Passwörtern bei Logins ist für uns selbstverständlich. Für technisch weniger versierte Nutzende stellt dieser Prozess jedoch häufig eine nervenaufreibende Herausforderung dar – sowohl in Bezug auf die Nutzerfreundlichkeit als auch auf die Sicherheit. Tauchen wir in die Perspektive genau dieser Nutzenden ein und finden heraus, wo die Probleme liegen. Zudem schauen wir uns alternative Lösungen an, die die Nutzerfreundlichkeit und Sicherheit verbessern können.\n\nDie Authentifizierung mit Nutzername und Passwort ist weit verbreitet und so gut wie überall Standard. Für uns ist das alltäglich und wird deshalb selten hinterfragt. Mit der Hilfe von Passwort-Managern machen wir uns das Leben leichter. Doch wie sieht es für Menschen aus, die weniger Erfahrung mit Technik haben?\n\nAls Frontend-Entwicklerin habe ich Erfahrungen gesammelt, die dazu einladen, unseren Blickwinkel zu erweitern. Denn oft betrachten wir ITler die Welt der Technik nicht mehr aus der Perspektive des Endnutzers.\n\nIn diesem Vortrag versetzen wir uns gemeinsam in die Perspektive von durchschnittlichen Nutzenden und gehen den Prozess eines typischen Login-Verfahrens durch. Dabei finden wir heraus, welche Aspekte Frustration auslösen und warum aktuelle Ansätze wie Passwort-Manager nicht unbedingt eine sinnvolle Lösung für alle darstellen.\n\nAußerdem werfen wir einen Blick auf mögliche Alternativen zu herkömmlichen Login-Verfahren wie zum Beispiel Passkeys, die sowohl Sicherheit als auch Nutzerfreundlichkeit erheblich verbessern. Ich zeige auf, wie wir Logins für alle einfacher, frustfreier und sicherer gestalten können – eine Herausforderung, die nicht nur technisches Know-how, sondern auch ein besonderes Verständnis für die Nutzenden erfordert.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Lena"],"tags":["38c3","748","2024","Stage HUFF"],"view_count":7017,"promoted":false,"date":"2024-12-27T19:15:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-18T18:45:07.856+01:00","length":2020,"duration":2020,"thumb_url":"https://static.media.ccc.de/media/congress/2024/748-85d3fc62-fa24-5040-9a18-70628dea4249.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/748-85d3fc62-fa24-5040-9a18-70628dea4249_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/748-85d3fc62-fa24-5040-9a18-70628dea4249.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/748-85d3fc62-fa24-5040-9a18-70628dea4249.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-warum-nutzende-logins-nerven","url":"https://api.media.ccc.de/public/events/85d3fc62-fa24-5040-9a18-70628dea4249","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4523945f-8db6-5411-a8cb-4f675bee367d","title":"ComeFlyWithUs Podcast","subtitle":null,"slug":"38c3-comeflywithus-podcast","link":"https://events.ccc.de/congress/2024/hub/event/comeflywithus-podcast/","description":"Wir, Steffen \u0026 Olli, besprechen in unserem Podcast alles was die Große und Kleine Fliegerei angeht.\nWir sind ein aktiver und ein Verkehrspilot im Ruhestand.\nHauptthemen: update zu GPS-Spoofing, Flugstrecken in Zeiten von Krisen und Auswirkungen auf die Sicherheit. Ausserdem geht es um aktuelle Vorfälle in der großen und kleinen Luftfahrt.\nTrotz des vermeintlich ernsten Themas sind wir immer mit Humor dabei!\n\nPodcast Webseite: www.comeflywithus.de\n\nWenn ihr Fragen zu dem Thema oder der Sendung habt, gerne platzieren, am besten schon vorab.\nUns wird man kurz vorher antreffen können und wir werden nicht zu übersehen sein!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Steffen Braasch","Olli"],"tags":["38c3","58298","2024","Saal X 07"],"view_count":849,"promoted":false,"date":"2024-12-28T19:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T16:15:08.787+01:00","length":2676,"duration":2676,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58298-4523945f-8db6-5411-a8cb-4f675bee367d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58298-4523945f-8db6-5411-a8cb-4f675bee367d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58298-4523945f-8db6-5411-a8cb-4f675bee367d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58298-4523945f-8db6-5411-a8cb-4f675bee367d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-comeflywithus-podcast","url":"https://api.media.ccc.de/public/events/4523945f-8db6-5411-a8cb-4f675bee367d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5905ae5a-406e-594b-b7bc-c4144bb09ef5","title":"Kein Spaß am Gerät auf 'nem toten Planet(en)!","subtitle":null,"slug":"38c3-kein-spa-am-gert-auf-nem-toten-planet","link":"https://events.ccc.de/congress/2024/hub/event/kein-spa-am-gert-auf-nem-toten-planet-en/","description":"Seit Jahren kämpft das Bits-\u0026-Bäume-Bündnis, dem auch der CCC seit Beginn angehört, für eine ökologische und sozial gerechte Digitalpolitik – 2024 war dabei ein Jahr voller Hochs und Tiefs. Wir kämpfen emsig weiter und stellen unsere gemeinsame Arbeit vor.\n\nVon erstmals sinkenden CO₂-Emissionen in Industrieländern, über den weiterbrennenden KI-Boom mit Nachhaltigkeitsanstrich, die Rolle von digitalen Plattformen für anti-demokratische und nicht-nachhaltige Bewegungen, den ökologischen Fußabdruck von Profiling bis hin zum Tech-Solutionismus von Elon Musk jetzt im Weißen Haus war das Jahr 2024 außergewöhnlich.\n\nVor diesem Hintergrund präsentieren Anja und Rainer von Bits\u0026Bäume in diesem Vortrag einen kleinen Jahresrückblick, stellen die spannenden neuen Ideen für sozial-ökologische Digitalpolitik vor, blicken kritisch auf den weiterhin immensen Ressourcenfußabdruck der Digitalisierung, den aktuellen, demokratiegefährdenen Umgang mit Online-Tracking und umreißen die Bits-\u0026-Bäume-Forderungen an die nächste Bundesregierung. Zusätzlich wird Esther Mwema aus Zambia zu Wort kommen und den Fokus auf die neokoloniale Macht von BigTech auf dem afrikanischen Kontinent lenken. Sie plädiert für neue lokale, demokratisch-selbstbestimmte digitale Infrastrukturen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Anja Höfner","Rainer Rehak"],"tags":["38c3","972","2024","CCC","Saal ZIGZAG"],"view_count":1168,"promoted":false,"date":"2024-12-29T00:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-02T11:00:09.932+01:00","length":2758,"duration":2758,"thumb_url":"https://static.media.ccc.de/media/congress/2024/972-5905ae5a-406e-594b-b7bc-c4144bb09ef5.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/972-5905ae5a-406e-594b-b7bc-c4144bb09ef5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/972-5905ae5a-406e-594b-b7bc-c4144bb09ef5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/972-5905ae5a-406e-594b-b7bc-c4144bb09ef5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-kein-spa-am-gert-auf-nem-toten-planet","url":"https://api.media.ccc.de/public/events/5905ae5a-406e-594b-b7bc-c4144bb09ef5","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"e79b8620-b69e-5d6d-a6d2-d4cfe94a5ffc","title":"Find My * 101","subtitle":null,"slug":"38c3-find-my-101","link":"https://events.ccc.de/congress/2024/hub/event/find-my-101/","description":"I'll introduce the technology underlying bluetooth trackers from Apple and Google, and will describe and show what can actually be seen on the air (using a hackrf/rad1o for example).\n\nThis is part demonstration of what is possible right now, part explanation of the underlying principles, and part invitation to would-be hackers to make creative use of this technology.\n\nApple's \"Find My\" network has been online for more than 5 years. Google has launched its own variant \"Find My Device\" this year. The Apple protocol has been previously reverse-engineered, while Google's specs are publicly available. Both take part in Detecting Unwanted Location Trackers (DULT), an IETF draft.\n\nUnderlying this is standard Bluetooth Low Energy (BLE) which can be analyzed, and toyed with, with all the standard BLE research tools. I'll show how to sniff and interact with these trackers using tools that many hackers might already have available.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Henryk Plötz"],"tags":["38c3","542","2024","Security","Saal 1"],"view_count":22733,"promoted":false,"date":"2024-12-30T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T15:30:06.708+02:00","length":2415,"duration":2415,"thumb_url":"https://static.media.ccc.de/media/congress/2024/542-e79b8620-b69e-5d6d-a6d2-d4cfe94a5ffc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/542-e79b8620-b69e-5d6d-a6d2-d4cfe94a5ffc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/542-e79b8620-b69e-5d6d-a6d2-d4cfe94a5ffc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/542-e79b8620-b69e-5d6d-a6d2-d4cfe94a5ffc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-find-my-101","url":"https://api.media.ccc.de/public/events/e79b8620-b69e-5d6d-a6d2-d4cfe94a5ffc","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4bf7f17e-2158-5b5b-b274-0b595f800371","title":"Blåmba! ☎️ Behind the scenes of a 2000s-style ringtone provider","subtitle":null,"slug":"38c3-blmba-behind-the-scenes-of-a-2000s-style-ringtone-provider","link":"https://events.ccc.de/congress/2024/hub/event/blmba-behind-the-scenes-of-a-2000s-style-ringtone-provider/","description":"A Deep Dive into WAP, SMS, monophonic ringtones and 1-bit graphics.\n\nA key part of early 2000s advertisements were hyperactive frogs and annoying crocodiles trying to lure people into subscribing to overpriced ringtones and silly graphics for their mobile phones.\n\nApart from shady business practices -- how exactly do you send pictures and ringtones to vintage GSM mobile phones (most of which don't even support TCP/IP)?\nIn our quest to learn more, we stumbled across WAP-Push, User Data Headers, Concatenated SMS, SMPP, User Agent Profiles and many more forgotten technologies.\n\nTo put all this knowledge to good use, we built Blåmba -- a Chaos ringtone provider, clearly inspired by the (now long defunct) historic ones. \n\nThen at Chaos Communication Camp 2023 with the C3GSM network, we had the first public instalment of Blåmba.\nThe Chaos community uploaded lovely artwork and new ringtones, sent patches for the software, and had a fun time reviving their old Nokia phones.\n\nThis talk will tell the story behind Blåmba, explain how ringtones (and more) made their way onto your phone, what a WAP gateway did, and what other cool tricks mobile phones could do (if you had the money to pay for GPRS traffic 20 years ago).\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Manawyrm"],"tags":["38c3","260","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":3706,"promoted":false,"date":"2024-12-28T00:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-16T21:45:05.872+01:00","length":1644,"duration":1644,"thumb_url":"https://static.media.ccc.de/media/congress/2024/260-4bf7f17e-2158-5b5b-b274-0b595f800371.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/260-4bf7f17e-2158-5b5b-b274-0b595f800371_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/260-4bf7f17e-2158-5b5b-b274-0b595f800371.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/260-4bf7f17e-2158-5b5b-b274-0b595f800371.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-blmba-behind-the-scenes-of-a-2000s-style-ringtone-provider","url":"https://api.media.ccc.de/public/events/4bf7f17e-2158-5b5b-b274-0b595f800371","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"70957a05-cf9a-5f5d-9480-785dab74f94b","title":"Resource Consumption of AI - Degrow or Die","subtitle":null,"slug":"38c3-resource-consumption-of-ai-degrow-or-die","link":"https://events.ccc.de/congress/2024/hub/event/resource-consumption-of-ai-degrow-or-die/","description":"Not only the energy consumption of AI is exploding. Less known is that other resources like water or metal are also affected. The talk gives an overview on the devastating impact of datacenters on our environment.\n\nDegrowth scenarios seem to be the only way to escape from this ecological nightmare.\n\nSummarizing the known facts and serious predictions the talk gives an overview on the upcoming possible and impossible scenarios of the energy and resource consumptions. Even if predictions are not easy economical and ecological limits are discussed. \n\nFinally, degrowth will be discussed. Can we degrow datacenters without loosing too much of our digital life? How much can be saved using alternative technologies.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Thomas Fricke"],"tags":["38c3","735","2024","Stage HUFF"],"view_count":2380,"promoted":false,"date":"2024-12-30T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T19:45:06.821+02:00","length":2564,"duration":2564,"thumb_url":"https://static.media.ccc.de/media/congress/2024/735-70957a05-cf9a-5f5d-9480-785dab74f94b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/735-70957a05-cf9a-5f5d-9480-785dab74f94b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/735-70957a05-cf9a-5f5d-9480-785dab74f94b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/735-70957a05-cf9a-5f5d-9480-785dab74f94b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-resource-consumption-of-ai-degrow-or-die","url":"https://api.media.ccc.de/public/events/70957a05-cf9a-5f5d-9480-785dab74f94b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9f1d2d2b-f237-50af-a884-0e02478d9d70","title":"Waiter, There's An LLM In My Search!","subtitle":null,"slug":"38c3-waiter-there-s-an-llm-in-my-search","link":"https://events.ccc.de/congress/2024/hub/event/waiter-there-s-an-llm-in-my-search/","description":"This year Large Language Models (LLMs) in search engines told us to put glue on our pizza and eat a small rock every day. This is not ideal, and the consequences of \"AI Overviews\" and similar features could even be deadly for some people, like mushroom foragers. Maybe it's time for a new sort of search? In this talk I'll sketch out some possible futures and look at how we can put search back in the hands of the searcher. Also, there will be memes!\n\nOverall, the state of search right now is: not good. Search engine results are full of AI generated sludge, SEO spam and self-dealing by providers. This talk will look at the options that are open to us to improve search somewhat, including a few tips and tricks that anyone can take advantage of today to make hyperscale search providers like Google more functional again. But in many ways the most interesting question is whether we can find ways to discover stuff online that don't rely on a handful of hyperscale providers to do all the web crawling and indexing, and servicing of people's queries. In particular, what would happen if search was federated - how could we make that scaleable and performant, and what can we learn from the fediverse?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["martinh"],"tags":["38c3","885","2024","Stage YELL"],"view_count":2861,"promoted":false,"date":"2024-12-27T21:10:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-02-26T14:30:05.138+01:00","length":2357,"duration":2357,"thumb_url":"https://static.media.ccc.de/media/congress/2024/885-9f1d2d2b-f237-50af-a884-0e02478d9d70.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/885-9f1d2d2b-f237-50af-a884-0e02478d9d70_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/885-9f1d2d2b-f237-50af-a884-0e02478d9d70.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/885-9f1d2d2b-f237-50af-a884-0e02478d9d70.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-waiter-there-s-an-llm-in-my-search","url":"https://api.media.ccc.de/public/events/9f1d2d2b-f237-50af-a884-0e02478d9d70","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"83f27484-f4d2-565a-82c5-60f386868190","title":"(K)Ein Beinbruch - Datenverarbeitung im CERT","subtitle":null,"slug":"38c3-k-ein-beinbruch-datenverarbeitung-im-cert","link":"https://events.ccc.de/congress/2024/hub/event/k-ein-beinbruch-datenverarbeitung-im-cert/","description":"Das CERT - der allseits bekannte Sanitäts- und Brandschutzdienst des Congresses - ist wie alles andere auch gewachsen. Dazu gehört, dass Patient\\*innen- und Einsatzverwaltung auf Klebezetteln langsam aber sicher nicht mehr skaliert.\n\nJede\\*r auf dem Congress kann mal Hilfe vom CERT benötigen. Um Einsätze zu verwalten, zu protokollieren und zu managen hat der Sanitäts- und Brandschutzdienst der CCC Veranstaltung GmbH in der Vergangenheit vor allem auf Whiteboards und Papier gesetzt. Durch das Wachstum der letzten Jahre skaliert das aber nicht mehr und es musste eine übersichtliche und auf die besonderen Bedürfnisse zugeschnittene Software entwickelt werden.\n\nAuftritt: THOT - Trouble Handling Operations Terminal, die neue Einsatzsteuerungs- und Patient\\*innenmanagementsoftware des CERT, das im Rahmen des Congresses als Open Source Projekt endlich in die Community entlassen wird.\n\nWelche Daten erhoben und wie sie verarbeitet werden wenn es brennt, ihr euch verletzt oder schlimmeres passiert möchten wir euch in diesem Vortrag transparent machen, Fragen beantworten und die Möglichkeit geben, das System im Nachgang selbst unter die Lupe zu nehmen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["TobiasG","pennylane","Blubbel"],"tags":["38c3","785","2024","Stage HUFF"],"view_count":1989,"promoted":false,"date":"2024-12-29T21:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-22T00:00:05.019+01:00","length":3265,"duration":3265,"thumb_url":"https://static.media.ccc.de/media/congress/2024/785-83f27484-f4d2-565a-82c5-60f386868190.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/785-83f27484-f4d2-565a-82c5-60f386868190_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/785-83f27484-f4d2-565a-82c5-60f386868190.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/785-83f27484-f4d2-565a-82c5-60f386868190.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-k-ein-beinbruch-datenverarbeitung-im-cert","url":"https://api.media.ccc.de/public/events/83f27484-f4d2-565a-82c5-60f386868190","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ea98a34a-dca0-5e83-91e4-d0d700236a2c","title":"Vectors, Pixels, Plotters and Public Participation","subtitle":null,"slug":"38c3-vectors-pixels-plotters-and-public-participation","link":"https://events.ccc.de/congress/2024/hub/event/vectors-pixels-plotters-and-public-participation/","description":"The talk introduces technology-driven urban art projects that emphasize public participation and creativity. Each project employs a DIY machine to transform public spaces and create art collaboratively. How were these machines built? How do ideas evolve, and how can creative machines foster community connections? Find the answers and get some inspirations in this entertaining and insightful talk by Niklas a.k.a. royrobotiks.\n\nIn his talk, Niklas will highlight some of his latest projects that use DIY machines to involve communities in creating art together. From a graffiti robot to a giant mosaic that was designed by an entire neighborhood with the help of a mobile arcade machine, he’ll share the stories behind his inventions. He will discuss his sources of inspiration, the creative process and thoughts about inclusiveness guiding the development of the machines, and the joy of watching diverse people interact with and contribute to these unconventional art pieces. \n\nJoin Niklas for an insightful journey into how inventiveness can transform urban environments, while also bringing people together through creativity and play.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Niklas Roy a.k.a. royrobotiks"],"tags":["38c3","550","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":940,"promoted":false,"date":"2024-12-28T20:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-19T19:15:10.502+01:00","length":3061,"duration":3061,"thumb_url":"https://static.media.ccc.de/media/congress/2024/550-ea98a34a-dca0-5e83-91e4-d0d700236a2c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/550-ea98a34a-dca0-5e83-91e4-d0d700236a2c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/550-ea98a34a-dca0-5e83-91e4-d0d700236a2c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/550-ea98a34a-dca0-5e83-91e4-d0d700236a2c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-vectors-pixels-plotters-and-public-participation","url":"https://api.media.ccc.de/public/events/ea98a34a-dca0-5e83-91e4-d0d700236a2c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"8a0381de-2d0e-5c2f-8903-288ca64975e4","title":"Die große Datenschutz-, Datenpannen- und DS-GVO-Show","subtitle":null,"slug":"38c3-die-groe-datenschutz-datenpannen-und-ds-gvo-show","link":"https://events.ccc.de/congress/2024/hub/event/die-groe-datenschutz-datenpannen-und-ds-gvo-show/","description":"Datenschutz darf auch Spaß machen, und alle können dabei etwas lernen, egal ob Einsteiger oder Profi-Hacker: Bei dem Datenschutz- und Datenpannen-Quiz kämpfen vier Kandidat:innen aus dem Publikum zusammen mit dem Publikum um den Sieg. Nicht nur Wissen rund um IT-Sicherheit und Datenschutz, sondern auch eine schnelle Reaktion und das nötige Quäntchen Glück entscheiden über Sieg und Niederlage. Die Unterhaltsame Datenschutz-Quiz-Show mit Bildungsauftrag!\n\nDatenschutz wird oftmals als lästige Pflicht wahrgenommen – aber was will und macht Datenschutz, für was ist er sinnvoll und was ist zu beachten? Die Datenschutz- und DSGVO-Show vermittelt spielerisch Datenschutzgrundlagen, bietet einen Einblick in die Praxis der Datenschutz-Aufsichtsbehörden und zeigt typische technische wie rechtliche Fehler im Umgang mit personenbezogenen Daten. Aber auch für Datenschutz-Profis und Superhirne sind einige harte Nüsse dabei.\n\nDer Moderator arbeitet beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg und berichtet aus der praktischen Arbeit einer Aufsichtsbehörde, nennt rechtliche Grundlagen, gibt Hinweise zu notwendigen technischen Maßnahmen nach Artikel 32 DS-GVO und die oftmals schwierige Risikoabschätzung nach „wir wurden gecybert“-Sicherheitsvorfällen.\n\nIm Quiz selbst müssen die Kandidat:innen in ihren Antworten praktische Lösungsvorschläge für häufige technische und rechtliche Probleme vorschlagen, zum Beispiel welche technischen Maßnahmen bei bestimmten Datenpannen nach dem „Stand der Technik“ angebracht sind, ob man als Website-Betreiber denn nun Google Analytics nutzen darf oder wie man sich gegen (rechtswidrige) Datensammler wehrt. Dadurch können Teilnehmer wie Zuschauer die praktische Anwendung der DS-GVO spielerisch lernen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Alvar C.H. Freude"],"tags":["38c3","948","2024","Entertainment","Stage YELL"],"view_count":5479,"promoted":false,"date":"2024-12-27T22:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T17:30:04.269+02:00","length":5497,"duration":5497,"thumb_url":"https://static.media.ccc.de/media/congress/2024/948-8a0381de-2d0e-5c2f-8903-288ca64975e4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/948-8a0381de-2d0e-5c2f-8903-288ca64975e4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/948-8a0381de-2d0e-5c2f-8903-288ca64975e4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/948-8a0381de-2d0e-5c2f-8903-288ca64975e4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-die-groe-datenschutz-datenpannen-und-ds-gvo-show","url":"https://api.media.ccc.de/public/events/8a0381de-2d0e-5c2f-8903-288ca64975e4","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ff18e2ab-92d1-5c16-b8ed-61efa152f5f0","title":"Automated Malfare - discriminatory effects of welfare automation","subtitle":null,"slug":"38c3-automated-malfare-discriminatory-effects-of-welfare-automation","link":"https://events.ccc.de/congress/2024/hub/event/automated-malfare-discriminatory-effects-of-welfare-automation/","description":"An increasing number of countries is implementing algorithmic decision-making and fraud detection systems within their social benefits system. Instead of improving decision fairness and ensuring effective procedures, these systems often reinforce preexisting discriminations and injustices. The talk presents case studies of automation in the welfare systems of the Netherlands, India, Serbia and Denmark, based on research by Amnesty International.\n\nSocial security benefits provide a safety net for those who are dependent on support in order to make a living. Poverty and other forms of discrimination often come together for those affected. But what happens, when states decide to use Social Benefit Systems as a playground for automated decision making? Promising more fair and effective public services, a closer investigation reveals reinforcements of discriminations due to the kind of algorithms and quality of the input data on the one hand and a large-scale use of mass surveillance techniques in order to generate data to feed the systems with on the other hand.\n\nAmnesty International has conducted case studies in the Netherlands, India, Serbia and, most recently, Denmark. In the Netherlands, the fraud detection algorithm under investigation in 2021 was found to be clearly discriminatory. The algorithm uses nationality as a risk factor, and the automated decisions went largely unchallenged by the authorities, leading to severe and unjustified subsidy cuts for many families. The more recent Danish system takes a more holistic approach, taking into account a huge amount of private data and some dozens of algorithms, resulting in a system that could well fall under the EU's own AI law definition of a social scoring system, which is prohibited. In the cases of India and Serbia, intransparency, problems with data integrity, automation bias and increased surveillance have also led to severe human rights violations.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["AmnestyDigital"],"tags":["38c3","801","2024","Stage YELL"],"view_count":620,"promoted":false,"date":"2024-12-28T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-08T21:45:06.052+01:00","length":2733,"duration":2733,"thumb_url":"https://static.media.ccc.de/media/congress/2024/801-ff18e2ab-92d1-5c16-b8ed-61efa152f5f0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/801-ff18e2ab-92d1-5c16-b8ed-61efa152f5f0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/801-ff18e2ab-92d1-5c16-b8ed-61efa152f5f0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/801-ff18e2ab-92d1-5c16-b8ed-61efa152f5f0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-automated-malfare-discriminatory-effects-of-welfare-automation","url":"https://api.media.ccc.de/public/events/ff18e2ab-92d1-5c16-b8ed-61efa152f5f0","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"3a996036-fd39-51e2-aa14-02257d57ad4b","title":"Hacking Disasters - eine Bastelanleitung für die Chaos-Community","subtitle":null,"slug":"38c3-hacking-disasters-eine-bastelanleitung-fr-die-chaos-community","link":"https://events.ccc.de/congress/2024/hub/event/hacking-disasters-eine-bastelanleitung-fr-die-chaos-community/","description":"Die Klimakrise eskaliert, Naturkatastrophen und Kriege werden mehr: Großes globales Chaos ist absehbar und wer wäre da besser geeignet um zu helfen als die Chaos-Community. CADUS und LNOB zeigen anhand von realen Beispielen aus der Ukraine, vom Balkan, aus Afghanistan, aus Gaza und vom Hochwasser nebenan, wie humanitäre Helfer*innen, Aktivist*innen oder Hacker*innen, mit Software, 3D-Druckern und Akku-Schraubern im Katastrophenfall effizient helfen können - ganz ohne Blaulicht. Dieser Talk bietet der Chaos-Community eine Bauanleitung für humanitäre Interventionen zu Land, zu Wasser und im Internet.\n\nDie Klimakrise eskaliert, Naturkatastrophen und Kriege werden mehr: Großes globales Chaos ist absehbar und wer wäre da besser geeignet um zu helfen als die Chaos-Community. CADUS und LNOB zeigen anhand von realen Beispielen aus der Ukraine, vom Balkan, aus Afghanistan, aus Gaza und vom Hochwasser nebenan, wie humanitäre Helfer*innen, Aktivist*innen oder Hacker*innen, mit Software, 3D-Druckern und Akku-Schraubern im Katastrophenfall effizient helfen können - ganz ohne Blaulicht. Dieser Talk bietet der Chaos-Community eine Bauanleitung für humanitäre Interventionen zu Land, zu Wasser und im Internet. \n\nMit dabei: Eine rollende Intensivstation für die Ukraine auf Basis eines ausrangierten Reisebusses, umgebaut per 3D-Drucker und Schweißgerät. Medikamente aus der Luft per ausgedienten Gleitschirmen für abgeschnittene Orte. Und wie kann an diesen Orten kommuniziert werden? Auch dafür wird an einer fliegenden Lösung gearbeitet.\n\nIn Gaza stellten wir fest, dass der UN-Standard für die Kommunikation über lebenswichtige Informationen wie die Lage von Evakuierungszonen darin besteht, KML-Dateien über WhatsApp-Gruppen zu verschicken. Schnell wurde ein Prototyp für eine Lagekarten-App gebaut, basierend auf einem aus der Chaos-Community supporteten Geoinformationssystem für die Koordination von Einsätzen der zivilen Rettungsflotte auf dem Mittelmeer. \n\nAls in Afghanistan die Taliban die Macht übernahmen dauerte es keine Woche bis sich Aktivist*innen bis zum Deutschen Außenminister persönlich und ins CIA Headquarter durchtelefoniert hatten. Mit Social Engineering Skills und freundlicher IT-Unterstützung aus der Chaos-Community gelang es schließlich, einen Airbus A320 in Kabul zu landen und gefährdete Menschen zu evakuieren. \n\nEgal ob wir gemeinsam mit Aktivist*innen aus der Ukraine mit mobilen Makerspaces in Transportern von Ort zu Ort fahren um die Resilienz im russischen Angriffskrieg durch technische Interventionen zu stärken, oder gemeinsam eine Software für Freiwilligenmanagement schreiben, die beim nächsten Hochwasser nebenan mit einer mobilen Radlader Crew anrücken, es gibt unzählige Möglichkeiten wie sich die Chaos-Community einbringen kann. Wir wollen Mut machen für das \"prepping for future\". Und auch wenn Weihnachten gerade rum ist, haben wir zum Abschluss noch eine Wunschliste mitgebracht.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["corinna","Sebastian Jünemann","Ruben Neugebauer"],"tags":["38c3","779","2024","Stage YELL"],"view_count":2430,"promoted":false,"date":"2024-12-28T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T16:15:05.697+02:00","length":2466,"duration":2466,"thumb_url":"https://static.media.ccc.de/media/congress/2024/779-3a996036-fd39-51e2-aa14-02257d57ad4b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/779-3a996036-fd39-51e2-aa14-02257d57ad4b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/779-3a996036-fd39-51e2-aa14-02257d57ad4b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/779-3a996036-fd39-51e2-aa14-02257d57ad4b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacking-disasters-eine-bastelanleitung-fr-die-chaos-community","url":"https://api.media.ccc.de/public/events/3a996036-fd39-51e2-aa14-02257d57ad4b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9548a3ab-e637-5940-b923-3008af58eee6","title":"IRIS: Non-Destructive Inspection of Silicon","subtitle":null,"slug":"38c3-iris-non-destructive-inspection-of-silicon","link":"https://events.ccc.de/congress/2024/hub/event/iris-non-destructive-inspection-of-silicon/","description":"IRIS (Infra-Red, *in situ*) is a technique for non-destructively inspecting the construction of a select but common type of chip. It can improve visibility into our hardware and provide supporting evidence of its correct construction, without desoldering chips or expensive analytical gear. This talk covers the theory behind IRIS, as well as some embodiments of the technique. I will also frame the relevance of IRIS in the face of various threat scenarios. Time permitting, I’ll also show how you can do it at home by peeking around a few chips as a demo.\n\nDo we really know what chips are inside our devices? To a first order, the answer is “no”. We can read the label printed on the chip's package, but most of us have no way to determine if the silicon actually matches what’s on the label.\n\nThis lack of transparency has lead to much hand-wringing about the safety of our global supply chains, as chips zig-zag the globe on their way to our doorstep: each stop is an opportunity for bad actors to inject malicious hardware, and those of us without access to million-dollar analytical gear have no way of detecting this.\n\nIRIS (Infra-Red, *in situ*) is a technique I have been developing that aims to democratize the inspection of silicon. It turns out that for a select but fairly common type of chip - those in chip-scale packages - a simple modification to an off the shelf microscope camera can enable the visualization of micron-scale features within – without requiring any nasty chemicals or desoldering chips. I will also show how the basic everyday technique can be combined with a Jubilee 3D motion platform to create detailed, full-chip images.\n\nThis talk will cover the basic theory behind the technique, and frame it in the context of several hypothetical threat scenarios that highlight its strengths and limitations. It is important to understand that IRIS is not a panacea for chip verification, but it is a significant step forward in improving transparency. I will also discuss its potential as a new tool for system designers who are serious about enabling user-level hardware verification.\n\nFinally, time permitting and equipment cooperating, I would like to share the simple pleasure of being able to take a peek inside the chips of some common mobile phone motherboards with a live demo.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Andrew 'bunnie' Huang"],"tags":["38c3","39","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":2374,"promoted":false,"date":"2024-12-27T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-23T06:15:03.478+01:00","length":3474,"duration":3474,"thumb_url":"https://static.media.ccc.de/media/congress/2024/39-9548a3ab-e637-5940-b923-3008af58eee6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/39-9548a3ab-e637-5940-b923-3008af58eee6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/39-9548a3ab-e637-5940-b923-3008af58eee6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/39-9548a3ab-e637-5940-b923-3008af58eee6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-iris-non-destructive-inspection-of-silicon","url":"https://api.media.ccc.de/public/events/9548a3ab-e637-5940-b923-3008af58eee6","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"823e5321-df0f-5e6d-a2ba-8166f6fa8be3","title":"read \u0026 delete","subtitle":"","slug":"38c3-read-delete","link":"https://events.ccc.de/congress/2024/hub/event/read-delete/","description":"Das Duo 'read \u0026 delete' präsentiert radikale philosophische Texte mit musikalischer Begleitung\r\n\r\n...\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Elektra"],"tags":["38c3","713","2024","Entertainment","Stage HUFF"],"view_count":3643,"promoted":false,"date":"2024-12-27T14:45:00.000+01:00","release_date":"2024-12-27T00:00:00.000+01:00","updated_at":"2026-03-26T23:15:05.589+01:00","length":3132,"duration":3132,"thumb_url":"https://static.media.ccc.de/media/congress/2024/713-823e5321-df0f-5e6d-a2ba-8166f6fa8be3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/713-823e5321-df0f-5e6d-a2ba-8166f6fa8be3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/713-823e5321-df0f-5e6d-a2ba-8166f6fa8be3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/713-823e5321-df0f-5e6d-a2ba-8166f6fa8be3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-read-delete","url":"https://api.media.ccc.de/public/events/823e5321-df0f-5e6d-a2ba-8166f6fa8be3","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"2abc31f7-32f9-5025-8b7c-97a4f67f7750","title":"Rollstuhlgerechte Toiletten","subtitle":null,"slug":"38c3-rollstuhlgerechte-toiletten","link":"https://events.ccc.de/congress/2024/hub/event/rollstuhlgerechte-toiletten/","description":"Toiletten \"für alle\" sind in weiter Ferne. Wie muss eine Toilette gebaut werden, um tatsächlich für jede Person mit zum Beispiel einem Rollstuhl benutzbar zu sein? Diese Frage beantworten wir in diesem Talk.\n\nToiletten sind ein schwieriges Thema. Sie sind selten zu finden und meistens auch relativ dreckig. Aber was ist, wenn eine rollstuhlgerechte oder oder eine \"Toilette für Alle\" benötigt wird?\n\nAls Chaos-Gemeinschaft und Haecksen tragen wir durch das Mieten von Objekten eine Mitverantwortung, Toiletten entsprechend verfügbar zu machen. Leider hat eine informelle Umfrage in 2024 von den Haecksen gezeigt, dass in Sachen rollstuhlgerechter Toiletten viele Hackspaces kein Angebot machen können. Wir erklären in diesem Talk die passenden DIN-Normen für eine rollstuhlgerechte Toilette und weihen euch in die Details hinter einer höhenverstellbaren Toilette ein.\nWir möchten euch mit diesem Vortrag befähigen, euch in eurer Mietsituation konstruktiv aufzustellen um eine Verbesserung in eurer Umgebung erzielen zu können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["melzai (she/her)"],"tags":["38c3","771","2024","Stage YELL"],"view_count":888,"promoted":false,"date":"2024-12-27T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-18T14:45:06.306+01:00","length":2118,"duration":2118,"thumb_url":"https://static.media.ccc.de/media/congress/2024/771-2abc31f7-32f9-5025-8b7c-97a4f67f7750.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/771-2abc31f7-32f9-5025-8b7c-97a4f67f7750_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/771-2abc31f7-32f9-5025-8b7c-97a4f67f7750.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/771-2abc31f7-32f9-5025-8b7c-97a4f67f7750.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-rollstuhlgerechte-toiletten","url":"https://api.media.ccc.de/public/events/2abc31f7-32f9-5025-8b7c-97a4f67f7750","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b06036e0-00fc-56ca-aa15-590170d0227f","title":"Das IFG ist tot – Best of Informationsfreiheit, Gefangenenbefreiung \u0026 Machtübernahmen","subtitle":null,"slug":"38c3-das-ifg-ist-tot-best-of-informationsfreiheit-gefangenenbefreiung-machtbernahmen","link":"https://events.ccc.de/congress/2024/hub/event/das-ifg-ist-tot-best-of-informationsfreiheit-gefangenenbefreiung-machtbernahmen/","description":"Die Versprechungen waren groß: Blühende Transparenz-Landschaften, Mitbestimmung, Korruptionsprävention, De-mo-kra-tie!\nDas Informationsfreiheitsgesetz sollte den deutschen Staat besser machen. Nach Jahren schlechter Verwaltungspraxis, schlechter Gerichtsurteile und schlechter Politik ist es in wichtigen Teilen aber nutzlos geworden. Das zeigt sich vor allem, wenn man sich Szenarien einer antidemokratischen Regierungsübernahme vorstellt - die Transparenz wäre als erstes hinüber, der Boden dafür ist schon bereit.\nWas tun?\n\nWenn das IFG tot ist, sollten wir dafür kämpfen, es wiederzubeleben – vielleicht als Untote? Zahlreiche Skandale, die FragDenStaat in diesem Jahr aufgedeckt hat, zeigen, wohin der Weg gehen sollte:\n- Wir brauchen mehr Leaks \u0026 illegal instructions für Beamte\n- Es ist Zeit, Verwaltungen zu infiltrieren\n\nMit dem Best of Informationsfreiheit, FragDenStaat, Gefangenenbefreiung und Machtübernahmen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Arne Semsrott"],"tags":["38c3","30","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":19886,"promoted":false,"date":"2024-12-29T20:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T12:00:06.283+02:00","length":2483,"duration":2483,"thumb_url":"https://static.media.ccc.de/media/congress/2024/30-b06036e0-00fc-56ca-aa15-590170d0227f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/30-b06036e0-00fc-56ca-aa15-590170d0227f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/30-b06036e0-00fc-56ca-aa15-590170d0227f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/30-b06036e0-00fc-56ca-aa15-590170d0227f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-das-ifg-ist-tot-best-of-informationsfreiheit-gefangenenbefreiung-machtbernahmen","url":"https://api.media.ccc.de/public/events/b06036e0-00fc-56ca-aa15-590170d0227f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"da7e05ad-c5ef-57e1-99cf-f52f1403b1dd","title":"Hacking Life: How to decode and manipulate biological cells with AI","subtitle":null,"slug":"38c3-hacking-life-how-to-decode-and-manipulate-biological-cells-with-ai","link":"https://events.ccc.de/congress/2024/hub/event/hacking-life-how-to-decode-and-manipulate-biological-cells-with-ai/","description":"AI methods are advancing biological research in diverse directions. In this talk, you will learn how we decode the fundamental building blocks of life with AI, and how it will help us to hack cells to cure diseases and beyond.\n\nThe cell is the fundamental building block of biological organisms, such as us humans. As such, technologies to understand and hack cells enable the cure of diseases and potentially even to expand our life span. In my talk, I provide an overview on how biologists and bioinformaticians use AI to understand and hack cells.\n\nUnderstanding the role of individual cells is a core aspect of biological research, given the extreme diversity of cellular states and functions. A common measurement method to characterize a given cell quantifies which of its genes are activated and how strongly. While this provides a rich high-dimensional readout, it is complex to interpret, given the challenge of deriving an intuition about the meaning of all the individual gene activation levels, as well as their combinatorial effects. \n\nIn my research, I combine recent AI methods, most prominently multimodal large language models, to enable the analysis and interpretation of these measurements with the English language. I will present this work alongside a more general overview into the research landscape of “AI cell models”. Furthermore, I will provide preliminary insights into how these interpretations form the basis to “hack” cells, which is accomplished through the introduction of complex “illegal instructions” in the form of molecular agents, which alter the behavior of the cell's internal programs. \n\nWith this talk, I aim to provide the Chaos community with a focused insight into the biological cell and the ways in which recent developments in AI help us understand and manipulate them.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Moritz Schaefer"],"tags":["38c3","448","2024","Science","Saal ZIGZAG"],"view_count":804,"promoted":false,"date":"2024-12-29T20:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T00:45:05.108+02:00","length":2505,"duration":2505,"thumb_url":"https://static.media.ccc.de/media/congress/2024/448-da7e05ad-c5ef-57e1-99cf-f52f1403b1dd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/448-da7e05ad-c5ef-57e1-99cf-f52f1403b1dd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/448-da7e05ad-c5ef-57e1-99cf-f52f1403b1dd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/448-da7e05ad-c5ef-57e1-99cf-f52f1403b1dd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacking-life-how-to-decode-and-manipulate-biological-cells-with-ai","url":"https://api.media.ccc.de/public/events/da7e05ad-c5ef-57e1-99cf-f52f1403b1dd","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b1740c2f-0c44-5f1b-89ed-456a9eecf0b8","title":"A Competitive Time-Trial AI for Need for Speed: Most Wanted Using Deep Reinforcement Learning","subtitle":null,"slug":"38c3-a-competitive-time-trial-ai-for-need-for-speed-most-wanted-using-deep-reinforcement-learning","link":"https://events.ccc.de/congress/2024/hub/event/a-competitive-time-trial-ai-for-need-for-speed-most-wanted-using-deep-reinforcement-learning/","description":"All challenges and achievements in creating a competitive time-trial AI in NFS:MW.\n\n15 years ago, at the height of my eSports career, I uploaded an (unofficial) ESL record at Need for Speed: Most Wanted (2005) (NFS:MW) to Youtube. In the meantime Deep Reinforcement Learning became popular and ever since I have dreamt of creating a competitive AI for my favorite racing game of all time: NFS:MW. Now finally the time was right: The hardware is fast enough, good software is available, and Sony's AI research has proven the task is actually doable. Hence I thought: \"How hard can it possibly be?\".\n\nThis talk will present in detail all challenges and achievements in creating a competitive time-trial AI in NFS:MW from scratch - including but not limited to - hacking of the game to create a custom API, building a custom (real-time) OpenAI gym environment, steering the game using a virtual controller, and finally successfully training an AI using the Soft-Actor-Critic algorithm. All code including the API is written in Python and is open source.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Sebastian Schwarz"],"tags":["38c3","42","2024","Hardware \u0026 Making","Saal ZIGZAG"],"view_count":2005,"promoted":false,"date":"2024-12-28T00:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-14T09:15:05.639+01:00","length":2640,"duration":2640,"thumb_url":"https://static.media.ccc.de/media/congress/2024/42-b1740c2f-0c44-5f1b-89ed-456a9eecf0b8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/42-b1740c2f-0c44-5f1b-89ed-456a9eecf0b8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/42-b1740c2f-0c44-5f1b-89ed-456a9eecf0b8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/42-b1740c2f-0c44-5f1b-89ed-456a9eecf0b8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-a-competitive-time-trial-ai-for-need-for-speed-most-wanted-using-deep-reinforcement-learning","url":"https://api.media.ccc.de/public/events/b1740c2f-0c44-5f1b-89ed-456a9eecf0b8","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9cedf158-d649-54dc-bbe6-f4c46ad175be","title":"Der Thüring-Test für Wahlsoftware","subtitle":null,"slug":"38c3-der-thring-test-fr-wahlsoftware","link":"https://events.ccc.de/congress/2024/hub/event/der-thring-test-fr-wahlsoftware/","description":"Wähle Dein Risiko!\n\nVor der Bundestagswahl 2017 veröffentlichten wir unsere Analyse über haarsträubende Sicherheitslücken in einer weit verbreiteten Wahlsoftware.\n\nSeitdem ist einiges passiert: Der Hersteller hat die Probleme nicht behoben, das BSI hat einen Stapel Papier produziert, die deutschen Anbieter von Wahlsoftware haben ihr Kartell vergrößert und unterschiedliche Wahl-Pannen untergraben weiterhin das Vertrauen in die Demokratie.\n\nWurden unsere Empfehlungen von 2017 umgesetzt?\nWir nehmen den Decompiler und schauen mal nach.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Linus Neumann","Thorsten Schröder"],"tags":["38c3","282","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":53865,"promoted":false,"date":"2024-12-27T20:15:00.000+01:00","release_date":"2025-01-12T00:00:00.000+01:00","updated_at":"2026-04-03T09:30:04.193+02:00","length":2390,"duration":2390,"thumb_url":"https://static.media.ccc.de/media/congress/2024/282-9cedf158-d649-54dc-bbe6-f4c46ad175be.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/282-9cedf158-d649-54dc-bbe6-f4c46ad175be_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/282-9cedf158-d649-54dc-bbe6-f4c46ad175be.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/282-9cedf158-d649-54dc-bbe6-f4c46ad175be.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-der-thring-test-fr-wahlsoftware","url":"https://api.media.ccc.de/public/events/9cedf158-d649-54dc-bbe6-f4c46ad175be","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4468c374-fb7d-5528-9036-9fbcd76a42cc","title":"Liebe Werte Stiften Alles","subtitle":null,"slug":"38c3-liebe-werte-stiften-alles","link":"https://events.ccc.de/congress/2024/hub/event/liebe-werte-stiften-alles/","description":"Das Podcast-Stiftungs-Abenteuer beginnt \u0026 ihr könnt auf dem #38c3 live bei der Geburt dabei sein. Ja, der Titel 'Liebe Werte Stiften Alles' zunächst klingt wie ein durchgeknalltes Kreuzworträtsel, aber wir versprechen, dass am Ende alles Sinn ergibt ;-)\n\n🎭 Warnung: Dieser Podcast könnte schwerwiegende Nebenwirkungen haben, wie:\n\n- Plötzliche Anfälle von Großzügigkeit\n- Unkontrollierbare Ausbrüche von sinnstiftendem Handeln\n- Chronisches Weltverbesserer-Syndrom\n- Akute Philanthropie-Euphorie\n\ns sind die Zufälle, die unserem Chaos seinen Zauber geben \u0026 ein solcher *zenga*zauber*zufall war es, der Maria Reimer und derPUPE mal wieder für ein neues Abenteuer zusammenbrachte. \n\nDenn derPUPE sinniert seit seinem 50ten Geburtstag viel über Werte und den Sinn des Lebens. Konkret spielt er mit dem Gedanken, eine Stiftung zu gründen. Dazu ist er im Austausch mit Menschen, um sich in das Thema einzunerden und gleichzeitig mit Chaos Wesen zu sprechen, die wellenkompatible Werte haben und auch vorleben. \n\nPlötzlich postet Maria genau zu diesem Thema etwas auf Linkdin - Wow, da paßte mal wieder die liebe Schicksals Glücksdrachen-Fee und kurzentschlossen wurde einfach mal telefonisch angepingt und kurz gemeinsam Gedanken ausgespeichert und gespiegelt. \n\nDiese gemeinsame Gespäch bewies die Wellenkompatibilität zwischen den beiden, und Marias Profession passt auch perfekt zu dieser möglichen Mission. Weil der Flow zwischen ihnen schon beim ersten Gespäch einfach harmonisch und befruchtend war, lag es auf der Hand, das Abenteuer einer Stiftungsgründung mit einem Podcast zu begleiten. \n\nIn diese initialen Geburtsfolge bringen sie unter anderem Antworten auf folgende Fragen mit: \n \nWas will man hinterlassen in einem Leben, das vermutlich mehr als halb vorbei ist? \nKann eine Stiftung ein Stilmittel sein in einer Welt, die besser gepatcht werden muss? Und was hat ein Kinosaal voller Kinder mit derPUPEs Plan zu tun?\n\nP.S,: Angelehnt ist der Titel natürlich an die großartigen Liebe.Freiheit.Alles Sticker. Wer kennt und fühlt es nicht? ;)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["derPUPE","Maria Reimer"],"tags":["38c3","58316","2024","Saal X 07"],"view_count":513,"promoted":false,"date":"2024-12-29T18:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-17T23:00:06.192+01:00","length":2402,"duration":2402,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58316-4468c374-fb7d-5528-9036-9fbcd76a42cc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58316-4468c374-fb7d-5528-9036-9fbcd76a42cc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58316-4468c374-fb7d-5528-9036-9fbcd76a42cc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58316-4468c374-fb7d-5528-9036-9fbcd76a42cc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-liebe-werte-stiften-alles","url":"https://api.media.ccc.de/public/events/4468c374-fb7d-5528-9036-9fbcd76a42cc","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d425f8d8-a9f2-5761-b91a-465257e678ee","title":"Beyond Cryptopartys - wie Aktivistis und Nerds voneinander lernen können","subtitle":"","slug":"38c3-beyond-cryptopartys-wie-aktivistis-und-nerds-voneinander-lernen-knnen","link":"https://events.ccc.de/congress/2024/hub/event/beyond-cryptopartys-wie-aktivistis-und-nerds-voneinander-lernen-knnen/","description":"Seit Jahren bemüht sich die Cryptoparty-Bewegung, digitale Selbstbestimmung in der Gesellschaft zu verbreiten. Besonders Aktivist\\*innen sind sehr auf dieses Wissen angewiesen - doch ein Abend-Workshop von 2-3 Stunden schafft bei ihnen oft mehr Unsicherheiten als vorher. Wie kann man zwischen Nerds und Aktivist*innen übersetzen?\r\n\r\nWir haben viel ausprobiert, teilen unser Konzept mit euch und erzählen, welche Lernatmosphäre \u0026 pädagogischen Mittel es braucht, um die Hürden für nicht-Nerds abzubauen.\r\n\r\nLink zum Hextivisti-Konzept: https://cryptpad.fr/pad/#/2/pad/view/RwZ3IxG-YtcMzIdSB0g2Ti66dL23s9VhPbvjVM2vKQc/\r\nLink zu diversity-sensibler Lehre: https://www.genderdiversitylehre.fu-berlin.de/einstieg/leitlinien/index.html\r\n\r\nFür gesellschaftlichen Wandel ist es unbedingt notwendig, dass sich mehr Menschen mit digitaler Selbstbestimmung auskennen. Vor allem Aktivist\\*innen brauchen Grundwissen und Vernetzung, um Antworten für ihre konkreten Herausforderungen zu finden, insbesondere bei zunehmender Faschisierung von Staat \u0026 Gesellschaft, Abhängigkeit von Big-Tech-Monopolen, und drohenden Klimakatastrophen.\r\n\r\nDas Problem hierbei: anders als Nerds, die sich IT-Sicherheit oft mit Interesse und Angriffslust nähern, haben viele Aktivist\\*innen mit Überforderung und Ängsten zu kämpfen.\r\n\r\nAls Hindernis beim Lernen kommt oft strukturelle Diskriminierung dazu, und das (Wieder-)Erleben von Situationen, die damit einhergehen. Solche Stress-Situationen begünstigen Frust, Fehler, und Grenzüberschreitungen und verstärken Wissens- und Machtasymmetrien - insbesondere unter Zeit- und Repressionsdruck. Jedes frustrierende Erlebnis, jedes nicht verstandene Fachwort verschlimmert diese Hürden, und verschlechtert letztendlich die gelebte IT-Sicherheit.\r\n\r\nWir haben selbst jahrelang schlechte Erfahrungen mit Abend-Workshops gemacht, die in 2-3 Stunden alles Wichtige für Aktivist\\*innen vermitteln sollen (sowohl als Trainer\\*innen als auch als Teilnehmer\\*innen). Wir sind zu dem Schluss gekommen, dass es eine andere Herangehensweise braucht, und man sich ein Wochenende dafür Zeit nehmen sollte.\r\n\r\nDeshalb haben wir ein skalierbares Konzept entwickelt und getestet, welches ermöglicht, dass Nerds und Aktivist\\*innen voneinander lernen können. Dieses Konzept wollen wir hiermit open-sourcen. Wir haben jetzt einige Erfahrung mit unserem Wochenend-Format, und weitere Workshop-Wochenden sind in Planung. \r\n\r\nIm Talk wollen wir unsere Idee, Learnings, Hürden und Erfolgserlebnisse teilen. Wir sprechen darüber, wie wir es schaffen können, Frust abzubauen und eine gute Lernatmosphäre zu schaffen, warum wir dafür ein all-gender-Format gewählt haben, und wieso am besten auch Leute mit wenig Erfahrung im Orga-Team sind. Entstanden ist ein Netzwerk, dass einen fortwährenden Wissens-Austausch ermöglicht und weitere Trainings organisiert.\r\n\r\nWenn es nach uns geht, gehören technische und soziale Skills zusammen. Dabei verschwimmen immer wieder die Grenzen, wer eigentlich von wem lernt.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["missytake","ronja","smartie"],"tags":["38c3","763","2024","Stage YELL"],"view_count":907,"promoted":false,"date":"2024-12-27T17:35:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-17T12:00:08.541+01:00","length":2228,"duration":2228,"thumb_url":"https://static.media.ccc.de/media/congress/2024/763-d425f8d8-a9f2-5761-b91a-465257e678ee.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/763-d425f8d8-a9f2-5761-b91a-465257e678ee_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/763-d425f8d8-a9f2-5761-b91a-465257e678ee.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/763-d425f8d8-a9f2-5761-b91a-465257e678ee.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-beyond-cryptopartys-wie-aktivistis-und-nerds-voneinander-lernen-knnen","url":"https://api.media.ccc.de/public/events/d425f8d8-a9f2-5761-b91a-465257e678ee","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"86cc5d3d-20da-5d3e-99e6-6e790bb8fea4","title":"10 years of emulating the Nintendo 3DS: A tale of ninjas, lemons, and pandas","subtitle":null,"slug":"38c3-10-years-of-emulating-the-nintendo-3ds-a-tale-of-ninjas-lemons-and-pandas","link":"https://events.ccc.de/congress/2024/hub/event/10-years-of-emulating-the-nintendo-3ds-a-tale-of-ninjas-lemons-and-pandas/","description":"How is 3DS preservation faring 10 years after the release of the first emulator? What technical obstacles have we overcome, which ones remain? What hidden gems have we discovered beyond games? Join us on a journey through the struggles, the successes, and the future of 3DS emulation!\n\nThe 3DS marks a key point in the evolution of handheld consoles from embedded systems to more powerful PC-like architectures, which makes it particularly interesting as a target for emulation: We'll look at the technical challenges presented by its unique hardware components and the custom microkernel-based software stack built on top of it, the various approaches taken to emulate them (low-level vs. high-level), and the trends we're seeing for the future.\n\nThese technical challenges are put into historical context by looking at the emulator Citra, its initial way to success, the interplay between emulator developers and console hackers, and the impact of a prominent lawsuit that ultimately led to Citra's shutdown. Additionally we'll highlight broader community efforts like Pretendo that help preserve the platform beyond emulation. Finally we'll provide a status update for our ongoing emulation project Mikage and discuss the future outlook of 3DS preservation.\n\nThis talk will be accessible to a technical audience and gaming enthusiasts alike. We particularly hope to spark new interest in preserving the 3DS legacy and foster new ideas for pushing the boundaries of emulation technology.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["neobrain"],"tags":["38c3","206","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":6616,"promoted":false,"date":"2024-12-28T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T22:30:06.141+02:00","length":3310,"duration":3310,"thumb_url":"https://static.media.ccc.de/media/congress/2024/206-86cc5d3d-20da-5d3e-99e6-6e790bb8fea4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/206-86cc5d3d-20da-5d3e-99e6-6e790bb8fea4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/206-86cc5d3d-20da-5d3e-99e6-6e790bb8fea4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/206-86cc5d3d-20da-5d3e-99e6-6e790bb8fea4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-10-years-of-emulating-the-nintendo-3ds-a-tale-of-ninjas-lemons-and-pandas","url":"https://api.media.ccc.de/public/events/86cc5d3d-20da-5d3e-99e6-6e790bb8fea4","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"e68f8d1a-3c12-59b6-bc36-1e835fd56586","title":"Aufräumen Podcast","subtitle":null,"slug":"38c3-aufrumen-podcast","link":"https://events.ccc.de/congress/2024/hub/event/aufrumen-podcast/","description":"Udo ist vor Ort und wird versuchen Johannes zuzuschalten. Dann räumen wir beide auf. Und ihr könnt zuhören und zugucken! Es wird vielleicht auch ein Gast teilnehmen!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Udo Sauer"],"tags":["38c3","58302","2024","Saal X 07"],"view_count":825,"promoted":false,"date":"2024-12-29T15:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-13T21:30:08.190+01:00","length":2536,"duration":2536,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58302-e68f8d1a-3c12-59b6-bc36-1e835fd56586.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58302-e68f8d1a-3c12-59b6-bc36-1e835fd56586_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58302-e68f8d1a-3c12-59b6-bc36-1e835fd56586.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58302-e68f8d1a-3c12-59b6-bc36-1e835fd56586.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-aufrumen-podcast","url":"https://api.media.ccc.de/public/events/e68f8d1a-3c12-59b6-bc36-1e835fd56586","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"458f0e44-f4f2-595e-811b-698763b86baa","title":"Lightning Talks Day 2","subtitle":"","slug":"38c3-lightning-talks-day-2","link":"https://events.ccc.de/congress/2024/hub/event/lightning-talks-day-2/","description":"Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!\r\n\r\n11:00\tOpening Lightningtalks\r\n11:05\t400kWp Eigenbau-PV als Genossenschaft,mherweg\r\n11:10\tThe Shadow Life of Endless Pots.Jakob Kilian\r\n11:15\tChaos Sticker Collection,mwarning\r\n11:20\tEurobox,Ledge\r\n11:25\tMidimaxe,polygon\r\n11:30\tHamburg Werbefrei - auf zum Volksbegehren!,N. E. Flick\r\n11:35\tReliable Radio Communications,Bernerd DO3RB\r\n11:40\t\"The Sound Of Data - Turning planets, DNA and stock prices into music\",Jonas Scholten\r\n11:45\t\"Moderne Landwirtschaft ist kaputt, oder?\",twe\r\n11:50\tOld-School Demo-Effekte mit pyxel,Marco Bakera\r\n11:55\tRegretBlocker,Andreas Haupt\r\n12:00\t\"Satzungsänderung unter Zuhilfenahme von ReStructuredText, Git und Python\",adnidor\r\n12:05\tPfandgeben die Plattform zum Pfandspenden,Chris\r\n12:10\tGLED,René\r\n12:15\tFrom Pixels to Procedures: An Open Source Design Suite for 2025,Dennis Kobert\r\n12:20\tDas bisschen Haushalt - lässt sich nicht gut verteilen,Rici\r\n12:25\tFreie Software in Organisationen - Das geht!,Leonard Marschke\r\n12:30\tInside a modern groovebox,dena\r\n12:35\tGNU Boot,Denis 'GNUtoo' Carikli\r\n12:40\tFunctional Safety over Industrial Ethernet - Broken by Design,Nick\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":[],"tags":["38c3","77","2024","CCC","Saal GLITCH"],"view_count":3995,"promoted":false,"date":"2024-12-28T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-21T06:15:03.205+01:00","length":5460,"duration":5460,"thumb_url":"https://static.media.ccc.de/media/congress/2024/77-458f0e44-f4f2-595e-811b-698763b86baa.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/77-458f0e44-f4f2-595e-811b-698763b86baa_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/77-458f0e44-f4f2-595e-811b-698763b86baa.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/77-458f0e44-f4f2-595e-811b-698763b86baa.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-lightning-talks-day-2","url":"https://api.media.ccc.de/public/events/458f0e44-f4f2-595e-811b-698763b86baa","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c40406b0-d210-54e7-863f-39fc472429a8","title":"Einstieg in die Teilchenphysik","subtitle":null,"slug":"38c3-einstieg-in-die-teilchenphysik","link":"https://events.ccc.de/congress/2024/hub/event/einstieg-in-die-teilchenphysik/","description":"Was sind die fundamentalen Bestandteile der Materie, und wie interagieren sie miteinander? Die Teilchenphysik beschäftigt sich mit diesen grundlegenden Fragen und bildet die Basis unseres Verständnisses der Naturgesetze. In diesem Talk möchte ich euch einen Einstieg in die spannende Welt der Quarks, Leptonen und Bosonen geben.\n\nIch werde die Grundlagen des Standardmodells der Teilchenphysik erklären, einen Einblick in Experimente wie den Large Hadron Collider (LHC) geben und zeigen, welche Rolle\nTeilchen wie das Higgs-Boson oder Neutrinos spielen. Der Fokus liegt darauf, die Teilchenphysik verständlich und anschaulich zu machen - ganz ohne Vorkenntnisse, aber mit viel Raum für Fragen.\nDieser Talk richtet sich an alle, die mehr über die Grundbausteine der Materie und die Arbeit moderner Physiker:innen erfahren möchten. Egal ob Schüler:in, Student: in oder einfach nur Wissenschaftsinteressierte - hier seid ihr richtig!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rosa"],"tags":["38c3","821","2024","Stage HUFF"],"view_count":2207,"promoted":false,"date":"2024-12-27T23:00:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-22T21:30:07.388+01:00","length":1969,"duration":1969,"thumb_url":"https://static.media.ccc.de/media/congress/2024/821-c40406b0-d210-54e7-863f-39fc472429a8.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/821-c40406b0-d210-54e7-863f-39fc472429a8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/821-c40406b0-d210-54e7-863f-39fc472429a8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/821-c40406b0-d210-54e7-863f-39fc472429a8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-einstieg-in-die-teilchenphysik","url":"https://api.media.ccc.de/public/events/c40406b0-d210-54e7-863f-39fc472429a8","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5a7f47a6-3f4f-5496-8d05-f9b229aad0fc","title":"From Simulation to Tenant Takeover","subtitle":null,"slug":"38c3-from-simulation-to-tenant-takeover","link":"https://events.ccc.de/congress/2024/hub/event/from-simulation-to-tenant-takeover/","description":"All I wanted was for Microsoft to deliver my phishing simulation. This journey took me from discovering trivial vulnerabilities in Microsoft's Attack Simulation platform, to a Chinese company to which Microsoft outsourced its support department that wanted all my access tokens. I finally ended up hijacking remote PowerShell sessions and obtaining all data from random Microsoft 365 tenants, all the while reeling in bug bounties along the way.\n\nThis talk is the result of what happens when you ask a hacker to simply automate sending out a phishing simulation.\n\nMy first attempt with Microsoft's new Attack Simulation platform resulted in three bug bounties for the most trivial vulnerabilities and no more faith in the product. \n\nThen I tried building a phishing simulation program myself and the last thing I needed was to allowlist my IP address in Exchange Online. \n\nI ended up in a rabbit hole where I discovered that Microsoft outsourced their support department to a Chinese company that wanted all my access tokens. \n\nI then tried intercepting client-side requests made by the Security \u0026 Compliance center with the goal of replaying these to a backend API, only to discover that by fiddling with some parameters I could now hijack remote PowerShell sessions and access Microsoft 365 tenants that were not mine. Tenants where I could now export everything, e-mail, files, etc.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Vaisha Bernard"],"tags":["38c3","281","2024","Security","Saal 1"],"view_count":4934,"promoted":false,"date":"2024-12-30T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T13:15:07.410+02:00","length":1795,"duration":1795,"thumb_url":"https://static.media.ccc.de/media/congress/2024/281-5a7f47a6-3f4f-5496-8d05-f9b229aad0fc.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/281-5a7f47a6-3f4f-5496-8d05-f9b229aad0fc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/281-5a7f47a6-3f4f-5496-8d05-f9b229aad0fc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/281-5a7f47a6-3f4f-5496-8d05-f9b229aad0fc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-from-simulation-to-tenant-takeover","url":"https://api.media.ccc.de/public/events/5a7f47a6-3f4f-5496-8d05-f9b229aad0fc","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5ce039da-1667-52c0-8676-fa1d36423033","title":"Typing Culture with Keyboard: Okinawa - Reviving the Japanese Ryukyu-Language through the Art and Precision of Digital Input","subtitle":null,"slug":"38c3-typing-culture-with-keyboard-okinawa-reviving-the-japanese-ryukyu-language-through-the-art-and-precision-of-digital-input","link":"https://events.ccc.de/congress/2024/hub/event/typing-culture-with-keyboard-okinawa-reviving-the-japanese-ryukyu-language-through-the-art-and-precision-of-digital-input/","description":"In a world dominated by digital communication and the drive toward linguistic unification, the simple act of 'typing' varies significantly across languages and writing systems. For European languages like English and German, typing typically involves a set of about 100 letters and symbols. In contrast, Japanese—and by extension, Okinawan—requires three distinct scripts: hiragana, katakana, and kanji. Each of these adds layers of complexity and cultural depth to written expression.\n\nThis presentation delves into the development of an input method engine (IME) for Okinawan, an endangered language spoken in Japan's Ryukyuan archipelago. Moving beyond technical challenges, this project reveals how modern digital ‘calligraphy’ intersects with language preservation. Every keystroke becomes a deliberate cultural choice, as the IME reflects the aesthetic and linguistic essence of Okinawan language.\n\nHighlighting linguistic expression, cultural significance, and the urgent need for language preservation, this talk presents a model for future digital tools that empower endangered languages and cultures to thrive in the digital realm.\n\nThis presentation begins by illustrating how different languages transliterate speech globally and then shifts focus to the Ryukyu-Japonic language family, showcasing how over 10,000 characters can be input on a QWERTY keyboard. The Input Method Engine (IME) has played a unique role in facilitating character input for Chinese, Japanese, and Korean (CJK) languages. This talk explores expanding the CJK family to include Okinawan, addressing how phonologically distinct sounds are recorded and encoded. This addition lays the groundwork for other Okinawan speakers to express themselves and document their lives in today’s interconnected, digital world.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Daichi Shimabukuro"],"tags":["38c3","395","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":1581,"promoted":false,"date":"2024-12-27T11:00:00.000+01:00","release_date":"2025-01-08T00:00:00.000+01:00","updated_at":"2026-02-24T18:45:06.206+01:00","length":1833,"duration":1833,"thumb_url":"https://static.media.ccc.de/media/congress/2024/395-5ce039da-1667-52c0-8676-fa1d36423033.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/395-5ce039da-1667-52c0-8676-fa1d36423033_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/395-5ce039da-1667-52c0-8676-fa1d36423033.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/395-5ce039da-1667-52c0-8676-fa1d36423033.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-typing-culture-with-keyboard-okinawa-reviving-the-japanese-ryukyu-language-through-the-art-and-precision-of-digital-input","url":"https://api.media.ccc.de/public/events/5ce039da-1667-52c0-8676-fa1d36423033","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"270fa44c-821a-577f-8ca3-33e8d4a8c2a7","title":"38C3: Opening Ceremony","subtitle":"","slug":"38c3-opening-ceremony","link":"https://events.ccc.de/congress/2024/hub/event/38c3-opening-ceremony/","description":"Glad you could make it! Take a seat and buckle up for a ride through four days of chaotic adventures.\r\n\r\nThis ceremony will prepare you for the 38C3 in all its glory, underground and above, hacks and trolls, art and radical ideas. Let's kick this thing off together!\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Gabriela Bogk","Aline Blankertz"],"tags":["38c3","2","2024","CCC","Saal 1"],"view_count":13499,"promoted":false,"date":"2024-12-27T10:30:00.000+01:00","release_date":"2024-12-27T00:00:00.000+01:00","updated_at":"2026-03-28T17:45:04.637+01:00","length":1700,"duration":1700,"thumb_url":"https://static.media.ccc.de/media/congress/2024/2-270fa44c-821a-577f-8ca3-33e8d4a8c2a7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/2-270fa44c-821a-577f-8ca3-33e8d4a8c2a7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/2-270fa44c-821a-577f-8ca3-33e8d4a8c2a7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/2-270fa44c-821a-577f-8ca3-33e8d4a8c2a7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-opening-ceremony","url":"https://api.media.ccc.de/public/events/270fa44c-821a-577f-8ca3-33e8d4a8c2a7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a0f85732-adef-50bb-a90f-a64129036df1","title":"Als die Kommentarspalten brannten – 11 Monate Einsatz in Gaza","subtitle":null,"slug":"38c3-als-die-kommentarspalten-brannten-11-monate-einsatz-in-gaza","link":"https://events.ccc.de/congress/2024/hub/event/als-die-kommentarspalten-brannten-11-monate-einsatz-in-gaza/","description":"Der Krieg in Gaza als Reaktion auf die Terrorattacke vom 7. Oktober läuft mittlerweile über ein Jahr. Cadus ist seit Februar diesen Jahres in Gaza im Einsatz. Auch seit Februar diesen Jahres teilen wir wie so viele andere die Erfahrung, das vor dem Hintergrund unseres Einsatzes fernab von Gaza sich leidenschaftlich „politisch“ auseinandergesetzt wird. Nicht ÜBER unseren Einsatz wohlgemerkt, sondern darüber, ob wir jetzt die eine oder andere Seite genug verurteilen würden für die Art und Weise wie der Krieg geführt wird. In unserem Talk „Als die Kommentarspalten brannten – 11 Monate Einsatz in Gaza“ sprechen wir über die Herausforderungen, die unseren Einsatz tatsächlich begleiten.\n\nCadus ist seit Februar 2024 in Gaza im Einsatz. Unsere Arbeit dort umfasst die Stabilisierung schwerstverletzter Zivilist*innen, medical evacuations und Unterstützung/medizinische Absicherung der Einsätze des United Nations Mine Action Service. Dieser Einsatz ist in Bezug auf die Herausfoderungen auf vielen Ebenen noch einmal deutlich anspruchsvoller als das, was wir als CADUS aus anderen Kriegsgebieten gewohnt sind. Seit Februar haben wir mehr als 3500 schwerstverletzte Patient*innen behandelt und mehrere hundert Menschen innerhalb Gazas und aus Gaza heraus evakuiert.\n\nWir beleuchten unseren Katastrophenhilfe-Einsatz aus drei unterschiedlichen Blickwinkeln. Sebastian wird über die logistischen und administrativen Herausforderungen unseres Einsatzes reden. Wie geht das, in einem der aktuell gefährlichsten Kriegsgebiete einen Hilfseinsatz zu starten und am laufen zu halten? Vor allem unter Berücksichtigung der bestehenden umfassenden Embargos und der Behinderungen humanitärer Hilfe\n\nAnna-Lea berichtet darüber, wie wir unsere Teams auf den Einsatz vorbereiten, wie wir versuchen sie während des Einsatzes zu unterstützen, und wie ein Nachsorgeangebot aussehen kann (und muss) für Leute die freiwillig in so einen Einsatz gehen.\n\nMit Nic Zemke hatten wir passend zum 38c3 einen echten Nerd im Einsatz, der darüber sprechen wird wie derzeit Hilfsorganisationen und Vereinte Nationen KML-Files mit überlebenswichtigen Informationen über WhatsApp hin und her schicken und wie wir ein für die Seenotrettung entwickeltes Geoinformationssystem in kürzester Zeit so umgebaut haben, dass die Koordination von Hilfseinsätzen bald hoffentlich weniger Fehleranfällig läuft.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sebastian Jünemann","Anna-Lea Göhl","Nic Zemke"],"tags":["38c3","360","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":3263,"promoted":false,"date":"2024-12-27T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-25T18:45:05.882+01:00","length":3178,"duration":3178,"thumb_url":"https://static.media.ccc.de/media/congress/2024/360-a0f85732-adef-50bb-a90f-a64129036df1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/360-a0f85732-adef-50bb-a90f-a64129036df1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/360-a0f85732-adef-50bb-a90f-a64129036df1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/360-a0f85732-adef-50bb-a90f-a64129036df1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-als-die-kommentarspalten-brannten-11-monate-einsatz-in-gaza","url":"https://api.media.ccc.de/public/events/a0f85732-adef-50bb-a90f-a64129036df1","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b563ba18-dcba-57a4-aec5-969ea621ec52","title":"From Pegasus to Predator - The evolution of Commercial Spyware on iOS","subtitle":null,"slug":"38c3-from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios","link":"https://events.ccc.de/congress/2024/hub/event/from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios/","description":"My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024.\n\nThe talk will start with an analysis how exploits, infection vectors and methods of commercial spyware on iOS have changed over time.\n\nThe second section of the talk is all about advances in detection methods and the forensic sources which are available to discover commercial spyware. This talk will also include a Case Study about the discovery and analysis of BlastPass (one of the latest NSO Exploits).\n\nThe third part will discuss technical challenges and limitations of the detections methods and data sources.\n\nFinally, I will conclude the talk with open research topics and suggestions what Apple or we could technically do to make the detection of commercial spyware better.\n\nThe commercial spyware landscape on iOS has evolved significantly since the discovery of Pegasus in 2016. In this talk, we’ll explore that evolution through four main areas:\n\n1. Spyware Evolution (2016-2024): By analyzing key exploits, tactics, techniques, and procedures (TTPs), infection vectors, and indicators of compromise (IOCs), we’ll trace how spyware has advanced in sophistication, highlighting changes that have led to today’s complex threats.\n2. Advancements in Detection: As spyware has grown more sophisticated, so too have detection capabilities. We’ll review the main actors, public organizations and tools that have shaped spyware detection. This part will also include a case study on my discovery and analysis of a sample NSO‘s BlastPass Exploit chain.\n3. Current and Future Challenges: Looking forward, we’ll examine the pressing challenges in spyware detection and speculate on how commercial spyware might evolve in response to new security measures and technologies.\n4. Recommendations for Research and Detections: Finally, I’ll offer recommendations for advancing research and detection methods and capabilities to combat commercial spyware.\n\nAttendees will gain a comprehensive view of the past, present, and future of spyware on iOS, along with actionable strategies for future research and collaboration.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Matthias Frielingsdorf"],"tags":["38c3","603","2024","Security","Saal GLITCH"],"view_count":25748,"promoted":false,"date":"2024-12-28T13:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T17:15:05.633+02:00","length":3574,"duration":3574,"thumb_url":"https://static.media.ccc.de/media/congress/2024/603-b563ba18-dcba-57a4-aec5-969ea621ec52.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/603-b563ba18-dcba-57a4-aec5-969ea621ec52_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/603-b563ba18-dcba-57a4-aec5-969ea621ec52.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/603-b563ba18-dcba-57a4-aec5-969ea621ec52.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios","url":"https://api.media.ccc.de/public/events/b563ba18-dcba-57a4-aec5-969ea621ec52","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"63ade5c5-70ba-5473-8f36-4e1812caf469","title":"Euclid, das Weltraumteleskop - 180 Millionen Galaxien sind ein guter Anfang","subtitle":null,"slug":"38c3-euclid-das-weltraumteleskop-180-millionen-galaxien-sind-ein-guter-anfang","link":"https://events.ccc.de/congress/2024/hub/event/euclid-das-weltraumteleskop-180-millionen-galaxien-sind-ein-guter-anfang/","description":"„Euclid\" ist seit 2023 das neue Weltraumteleskop der Europäischen Weltraumbehörde mit Beteiligungen eines Wissenschaftskonsortiums aus vierzehn europäischen Ländern, den USA, Kanada und Japan. Gestartet vor knapp eineinhalb Jahren, läuft jetzt seit gut 9 Monaten die wissenschaftliche Himmeldurchmusterung. Auf dem 37C3 konnte ich die ersten fünf \"Early Release Observation\" Bilder vorstellen, seitdem ist viel passiert. Vor allem läuft nach ein paar Anlaufschwierigkeiten die Mission richtig gut und viele hundert Quadratgrad des Himmels sind bereits fertig kartiert - die Datenbearbeitung und Auswertung läuft. Ich werde weitere Bilder und einen kleinen Blick hinter die Kulissen zeigen.\n\nEuclid ist ein astronomisches Weltraumobservatorium, aber zugleich als Gesamtkonzept ein wissenschaftliches Experiment zur besseren Erforschung von \"Dunkler Energie\" und \"Dunkler Materie\". Beim 37C3 hatte ich die Hintergründe dazu erklärt und wie Euclid mit der Vermessung der Formen und Entfernungen von 1-2 Milliarden Galaxien die Entwicklungsgeschichte des Universums nachvollziehen wird.\n\nNach eineinhalb Jahren Erfahrungen mit dem Teleskop und neun Monaten Himmeldurchmusterung haben wir einiges an Erfahrung mit dem Teleskop gesammelt, den ersten Data-Release vorbereitet und jede Menge schöner Bilder gesehen und bestaunt. Wir haben uns aber auch durch Herausforderungen mit dem Teleskop gearbeitet, zum Beispiel durch Eisbeläge auf den Spiegeln oder eine aktuell sehr aktive Sonne. Aber das ist unter Kontrolle.\n\nIch werde einige neue und eindrucksvolle Bilder von Euclid zeigen und den Stand der Dinge skizzieren. Ich werde auch ein bisschen einen Blick hinter die Kulissen geben, wie mit solchen Herausforderungen umgegangen wird und wie die Datenverarbeitung voranschreitet.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Knud Jahnke"],"tags":["38c3","624","2024","Science","Saal GLITCH"],"view_count":3817,"promoted":false,"date":"2024-12-29T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-25T16:00:06.628+01:00","length":2363,"duration":2363,"thumb_url":"https://static.media.ccc.de/media/congress/2024/624-63ade5c5-70ba-5473-8f36-4e1812caf469.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/624-63ade5c5-70ba-5473-8f36-4e1812caf469_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/624-63ade5c5-70ba-5473-8f36-4e1812caf469.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/624-63ade5c5-70ba-5473-8f36-4e1812caf469.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-euclid-das-weltraumteleskop-180-millionen-galaxien-sind-ein-guter-anfang","url":"https://api.media.ccc.de/public/events/63ade5c5-70ba-5473-8f36-4e1812caf469","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"0cb47f08-5e8b-5242-aa21-edf321d9605e","title":"OpenPV - Calculate the solar potential of your building","subtitle":null,"slug":"38c3-openpv-calculate-the-solar-potential-of-your-building","link":"https://events.ccc.de/congress/2024/hub/event/openpv-calculate-the-solar-potential-of-your-building/","description":"Simulating the photovoltaic potential of roofs and facades with WebGL and OpenData in real time\n\nThis talk is a deep dive into the open-source website [openpv.de](https://www.openpv.de/) - prepare yourself for lots of open geodata, physics-based solar irradiance simulation, some shady WebGL code, and insights on how to get funding from the German government for your open-source project.\nWe will look at the available open data of 3D buildings, laser scans, and elevation models from Germany and how we navigated through the jungle of governmental open datasets. Having these valuable datasets allows us to do fancy things - like building a browser-based tool for solar potential simulation. This includes the task of performing physics-based simulation in WebGL, a nice problem we planned to solve in one afternoon but that ended up taking several weekends.\nIn the talk, we also share about the evolution of our project and our experience along the way. We started as a simple free-time project, but evolved and even received public funding from the German Prototype Fund in the end.\n\nCome and listen to our talk if you\n1. think about installing your own PV system,\n2. love open geodata,\n3. want to see some fancy 3D simulations in the browser.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Excusably","Martin Grosshauser"],"tags":["38c3","715","2024","Stage YELL"],"view_count":5111,"promoted":false,"date":"2024-12-28T01:10:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-04-02T15:00:04.944+02:00","length":1746,"duration":1746,"thumb_url":"https://static.media.ccc.de/media/congress/2024/715-0cb47f08-5e8b-5242-aa21-edf321d9605e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/715-0cb47f08-5e8b-5242-aa21-edf321d9605e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/715-0cb47f08-5e8b-5242-aa21-edf321d9605e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/715-0cb47f08-5e8b-5242-aa21-edf321d9605e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-openpv-calculate-the-solar-potential-of-your-building","url":"https://api.media.ccc.de/public/events/0cb47f08-5e8b-5242-aa21-edf321d9605e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c385af7d-d4af-5c80-84bf-a2aac5379dac","title":"Police 2.0: Peaceful activism is terrorism and fakenews are facts","subtitle":null,"slug":"38c3-police-2-0-peaceful-activism-is-terrorism-and-fakenews-are-facts","link":"https://events.ccc.de/congress/2024/hub/event/police-2-0-peaceful-activism-is-terrorism-and-fakenews-are-facts/","description":"On 23 October 2019 peaceful activist Frank van der Linde found out the Dutch Police was associating him with terrorism to other countries' law enforcement.\n \nThis talk goes over the bizarre, worrying and, frankly, quite funny journey that Frank van der Linde has embarked on, hoping on a litigation frenzy to seek justice and fight back against the institutional intimidation of activists.\n\nIn 2014 the Dutch police started monitoring Frank van der Linde after he demonstrated and publicly opposed racism, climate change, animal cruelty, homelessness, and other social injustices. By 2019 the Dutch law enforcement had put him on a terror list and shared his personal data with the German Federal Criminal Police Office, Europol and Interpol. Frank challenged the police for sharing his data and categorising him as \"terrorist\", they responded \"The term ‘terrorism’ is a broad term, and they don't really mean it.\" The Police maintained the categorisation. \n \nLast year, a Dutch police officer blew the whistle and spoke out in favor of Frank during a hearing in court. He told the court that the police file about Frank contained grossly mischaracterised and biased information.\n \nOverall is seems that wherever van der Linde data is processed, data gets lost and accountability processes cave in. To quote Frank, “What do they have to hide?!”\n \nSpeakers: \nFrank van der Linde\nLori Roussey, Director of Data Rights, who participates in supporting Frank courageous journey\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Lori","Frank van der Linde"],"tags":["38c3","359","2024","Ethics, Society \u0026 Politics","Saal ZIGZAG"],"view_count":2012,"promoted":false,"date":"2024-12-27T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T21:15:05.288+02:00","length":2354,"duration":2354,"thumb_url":"https://static.media.ccc.de/media/congress/2024/359-c385af7d-d4af-5c80-84bf-a2aac5379dac.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/359-c385af7d-d4af-5c80-84bf-a2aac5379dac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/359-c385af7d-d4af-5c80-84bf-a2aac5379dac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/359-c385af7d-d4af-5c80-84bf-a2aac5379dac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-police-2-0-peaceful-activism-is-terrorism-and-fakenews-are-facts","url":"https://api.media.ccc.de/public/events/c385af7d-d4af-5c80-84bf-a2aac5379dac","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"94af8bc5-790a-5260-9e51-923589eb1f56","title":"Hacker Jeopardy","subtitle":null,"slug":"38c3-hacker-jeopardy","link":"https://events.ccc.de/congress/2024/hub/event/hacker-jeopardy/","description":"The Hacker Jeopardy is a quiz show.\n\nThe well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;)\n\nThree initial rounds will be played, the winners will compete with each other in the final.\n\nThe event will be in German, we hope to have live translation again.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sec","Ray"],"tags":["38c3","159","2024","Entertainment","Saal 1"],"view_count":13053,"promoted":false,"date":"2024-12-30T00:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T13:00:04.617+02:00","length":6345,"duration":6345,"thumb_url":"https://static.media.ccc.de/media/congress/2024/159-94af8bc5-790a-5260-9e51-923589eb1f56.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/159-94af8bc5-790a-5260-9e51-923589eb1f56_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/159-94af8bc5-790a-5260-9e51-923589eb1f56.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/159-94af8bc5-790a-5260-9e51-923589eb1f56.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacker-jeopardy","url":"https://api.media.ccc.de/public/events/94af8bc5-790a-5260-9e51-923589eb1f56","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d52c42a2-6942-5b6e-8d05-f46780bc280c","title":"The ongoing (silent) storm in the medical devices industry and since when cybersecurity is a thing","subtitle":null,"slug":"38c3-the-ongoing-silent-storm-in-the-medical-devices-industry-and-since-when-cybersecurity-is-a-thing","link":"https://events.ccc.de/congress/2024/hub/event/the-ongoing-silent-storm-in-the-medical-devices-industry-and-since-when-cybersecurity-is-a-thing/","description":"Medical technology is a heavily regulated industry and while there are very big name companies with deep pockets, small to medium manufacturers are struggling to keep up with the sheer amount of cybersecurity requirements. On top of all this, the requirements are many, qualified people are rare, and essential dependencies have shown not to be always stable.\n\n- Intro and giving a tangible sense of how heavily regulated is medical device industry\n- Dates and ongoing movements in the industry (eStar evolution, regulatory bodies, manufacturers, notified bodies, security companies, pentest providers)\n- How are the new aspects affecting new products and product updates: SBOM, threat modeling, security risk management\n- The long list of challenges, pitfalls and other fun aspects: legacy, embedded, certifications, SBOMs, CPEs, NVD chaos, risk management, etc.)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Haitham Abbadi"],"tags":["38c3","738","2024","Stage YELL"],"view_count":2093,"promoted":false,"date":"2024-12-29T17:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T13:00:04.225+02:00","length":3631,"duration":3631,"thumb_url":"https://static.media.ccc.de/media/congress/2024/738-d52c42a2-6942-5b6e-8d05-f46780bc280c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/738-d52c42a2-6942-5b6e-8d05-f46780bc280c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/738-d52c42a2-6942-5b6e-8d05-f46780bc280c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/738-d52c42a2-6942-5b6e-8d05-f46780bc280c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-the-ongoing-silent-storm-in-the-medical-devices-industry-and-since-when-cybersecurity-is-a-thing","url":"https://api.media.ccc.de/public/events/d52c42a2-6942-5b6e-8d05-f46780bc280c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a89328ff-564b-5e25-bebe-66b067309e09","title":"Eat the Rich! Die Menschen wollen soziale Sicherheit, aber kriegen „Deutschland den Deutschen“. Holt das Geld bei den Reichen!","subtitle":null,"slug":"38c3-eat-the-rich-die-menschen-wollen-soziale-sicherheit-aber-kriegen-deutschland-den-deutschen-holt-das-geld-bei-den-reichen","link":"https://events.ccc.de/congress/2024/hub/event/eat-the-rich-die-menschen-wollen-soziale-sicherheit-aber-kriegen-deutschland-den-deutschen-holt-das-geld-bei-den-reichen/","description":"Bezahlkarte bald auch für Bürgergeld-Empfänger*innen, verschärfte Sanktionen, Pauschale für die Kosten der Unterkunft, weniger Regelsatz, Umzugszwang, verschärfte Zumutbarkeitsregelungen für Arbeitsangebote und Komplett-Überwachung: Die Debatte über das Bürgergeld ist völlig durchgedreht. Was kommt noch auf uns zu? Und wie kommen wir aus der Hetz-Spirale wieder heraus?\n\nDie Union hat das Bürgergeld zum wichtigsten Wahlkampfthema 2025 auserkoren und will es am liebsten sofort abschaffen. An Menschen, die Sozialleistungen beziehen, werden soziale und technische Methoden der Entmenschlichung erprobt. Im Talk geht es um die Frage, wie es sich im Bürgergeld lebt, was die Unterschiede zu Hartz IV sind, welche Auswirkungen die Überwachungsmethoden der Jobcenter haben und welche gesellschaftliche Funktion das Bürgergeld erfüllt. Ist das alles wirklich legal? Ist das vielleicht sogar egal? Und vor allem: Was können wir dagegen tun?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Helena Steinhaus"],"tags":["38c3","374","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":17191,"promoted":false,"date":"2024-12-29T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T13:00:06.010+02:00","length":2725,"duration":2725,"thumb_url":"https://static.media.ccc.de/media/congress/2024/374-a89328ff-564b-5e25-bebe-66b067309e09.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/374-a89328ff-564b-5e25-bebe-66b067309e09_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/374-a89328ff-564b-5e25-bebe-66b067309e09.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/374-a89328ff-564b-5e25-bebe-66b067309e09.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-eat-the-rich-die-menschen-wollen-soziale-sicherheit-aber-kriegen-deutschland-den-deutschen-holt-das-geld-bei-den-reichen","url":"https://api.media.ccc.de/public/events/a89328ff-564b-5e25-bebe-66b067309e09","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"10016a60-2556-5f95-89f6-31c2a976eb12","title":"Junghacker:innentag Einführung","subtitle":null,"slug":"38c3-junghacker-innentag-einfhrung","link":"https://events.ccc.de/congress/2024/hub/event/junghacker-innentag-einfhrung/","description":"Zu unserer Freude haben sich in den letzten Jahren immer mehr Junghacker:innen auf dem Congress eingefunden. Daher bieten wir auch diesmal, wie schon in den Vorjahren, einen speziell auf Kinder und Jugendliche zugeschnittenen Junghacker:innentag an. Am zweiten Congresstag, dem 28. Dezember 2024, organisieren Freiwillige aus vielen Assemblies von etwa 10 bis 17 Uhr ein vielseitiges Workshop-Programm für angehende Hacker:innen.\n\nWeitere Informationen siehe [https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/](https://events.ccc.de/2024/11/08/38c3-junghackerinnentag/)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Junghacker-Orga"],"tags":["38c3","1094","2024","CCC","Saal GLITCH"],"view_count":2353,"promoted":false,"date":"2024-12-28T10:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T12:00:06.586+02:00","length":1965,"duration":1965,"thumb_url":"https://static.media.ccc.de/media/congress/2024/1094-10016a60-2556-5f95-89f6-31c2a976eb12.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/1094-10016a60-2556-5f95-89f6-31c2a976eb12_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/1094-10016a60-2556-5f95-89f6-31c2a976eb12.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/1094-10016a60-2556-5f95-89f6-31c2a976eb12.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-junghacker-innentag-einfhrung","url":"https://api.media.ccc.de/public/events/10016a60-2556-5f95-89f6-31c2a976eb12","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"37748745-349c-55fc-9ae5-6444813cc7f7","title":"Der ultimative Rodecaster Pro II Workshop","subtitle":"","slug":"38c3-der-ultimative-rodecaster-pro-ii-workshop","link":"https://events.ccc.de/congress/2024/hub/event/der-ultimative-rodecaster-pro-ii-workshop/","description":"Der Rodecaster Pro II ist derzeit das beste Aufnahmegerät für Podcasts.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Tim Pritlove"],"tags":["38c3","58313","2024","Saal X 07"],"view_count":2273,"promoted":false,"date":"2024-12-27T21:00:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-31T18:45:06.541+02:00","length":4614,"duration":4614,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58313-37748745-349c-55fc-9ae5-6444813cc7f7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58313-37748745-349c-55fc-9ae5-6444813cc7f7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58313-37748745-349c-55fc-9ae5-6444813cc7f7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58313-37748745-349c-55fc-9ae5-6444813cc7f7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-der-ultimative-rodecaster-pro-ii-workshop","url":"https://api.media.ccc.de/public/events/37748745-349c-55fc-9ae5-6444813cc7f7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"43b507c0-3612-51ae-be02-f0634da93166","title":"Klimaschädlich by Design – die ökologischen Kosten des KI-Hypes","subtitle":null,"slug":"38c3-klimaschdlich-by-design-die-kologischen-kosten-des-ki-hypes","link":"https://events.ccc.de/congress/2024/hub/event/klimaschdlich-by-design-die-kologischen-kosten-des-ki-hypes/","description":"Sogenannte Generative KI hat einen hohen Rechenbedarf und braucht damit automatisch viel Energie. Wir wollen zeigen, was die AI-Bubble uns alle bisher an Ressourcen gekostet hat. Wer verdient sich daran dumm und dusslig? Und wer trägt die ökologischen und sozialen Kosten?\n\nSogenannte „Generative KI“ ist nicht nur ein Hype-Thema in Politik und Gesellschaft, mit ihr schießen auch die benötigten Rechenkapazitäten in die Höhe. Der Energiebedarf ist so hoch, dass Google, Microsoft und Meta 2024 nacheinander ihre Klima-Ziele zurücknahmen und nun auf dubiose Kernkraft-Lösungen umsteigen wollen.\n\nDas hat System, denn Big Tech entwickelt und finanziert nicht nur die gehypten KI-Anwendungen, die gleichen Konzerne bieten auch die benötigten Cloud-Kapazitäten an. Von Chile, Spanien bis nach Taiwan – weltweit regen sich Proteste gegen die Infrastruktur hinter dem KI-Boom, von neuen Bergbauprojekten, Chipfabriken bis zu Hyperscale-Rechenzentren. Der steigende Energie-, Wasser- und Ressourcenverbrauch feuert die Klimakrise an, bedroht Ökosysteme und verletzt indigene Landrechte – für erhoffte Milliardengewinne auf der Seite von Big Tech.\n\nIn diesem Vortrag schauen wir auf die ökologischen und menschenrechtlichen Kosten des KI-Booms. Wir tragen die Fakten zusammen und liefern kritische Analysen und Argumentationshilfen zum KI-Hype.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Friederike Karla Hildebrandt","Constanze Kurz"],"tags":["38c3","523","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":10194,"promoted":false,"date":"2024-12-29T21:10:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T17:00:06.420+02:00","length":2331,"duration":2331,"thumb_url":"https://static.media.ccc.de/media/congress/2024/523-43b507c0-3612-51ae-be02-f0634da93166.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/523-43b507c0-3612-51ae-be02-f0634da93166_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/523-43b507c0-3612-51ae-be02-f0634da93166.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/523-43b507c0-3612-51ae-be02-f0634da93166.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-klimaschdlich-by-design-die-kologischen-kosten-des-ki-hypes","url":"https://api.media.ccc.de/public/events/43b507c0-3612-51ae-be02-f0634da93166","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1c8f06f9-ce0d-51bc-9bf3-0a1f71e8e484","title":"Desiring Technology. Über Porno, Abhängigkeit und Fortschritt","subtitle":null,"slug":"38c3-desiring-technology-ber-porno-abhngigkeit-und-fortschritt","link":"https://events.ccc.de/congress/2024/hub/event/desiring-technology-ber-porno-abhngigkeit-und-fortschritt/","description":"Eine wachsende Zahl von Menschen eignet sich ihre empfundene Abhängigkeit von digitaler Pornografie als mystischen Fetisch an – sie konsumieren ihren Konsum. Was ist Gooning, wie hat es sich entwickelt und was kann es uns über unser Verhältnis zu Medientechnologie im weiteren Sinn erzählen?\n\nPornografie gilt als wichtiger Treiber von Digitalisierung. Ihre Nutzung ist damit auch ein kulturelles Labor digitaler Konsumgesellschaft - aber eines, über das relativ wenig gesprochen wird. Was genau machen Leute eigentlich mit Pornos? Wie Pornos konsumiert werden, gibt mehr als nur Aufschluss über den Stand dessen, was wir “Sexualität” nennen. Menschliches Begehren ist die wichtigste Ressource für technische Entwicklung schlechthin, und in den Lustfarmen der Pornokonsumindustrie findet dieser Zusammenhang nur einen besonders deutlichen Ausdruck.\n\nDieser Vortrag erzählt die Geschichte einer relativ jungen Form digitalisierter Sexualität rund um Pornografiekonsum: Gooning. Er beschreibt, wie über die letzten zehn Jahre diese Form der Lust an sich selbst eine innige Verbindung mit digitalen Medien eingegangen ist. Und er nutzt dieses Beispiel, um eine weitere Geschichte zu erzählen: eine Geschichte über menschliche und vor allem männliche Körper, die nicht anders können, als das Neue zu begehren – selbst angesichts der unerwünschten Zukünfte, mit denen die technologisierte Welt, von der sie abhängig geworden sind, sie konfrontiert.\n\nInhaltshinweis Themen: Sexualität, Sucht. Nacktheit im Bildmaterial ist verpixelt. Dennoch nicht empfohlen für Personen unter 18 Jahren.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Arne Vogelgesang"],"tags":["38c3","248","2024","Entertainment","Saal 1"],"view_count":18362,"promoted":false,"date":"2024-12-28T00:15:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-04-03T10:15:05.464+02:00","length":2541,"duration":2541,"thumb_url":"https://static.media.ccc.de/media/congress/2024/248-1c8f06f9-ce0d-51bc-9bf3-0a1f71e8e484.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/248-1c8f06f9-ce0d-51bc-9bf3-0a1f71e8e484_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/248-1c8f06f9-ce0d-51bc-9bf3-0a1f71e8e484.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/248-1c8f06f9-ce0d-51bc-9bf3-0a1f71e8e484.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-desiring-technology-ber-porno-abhngigkeit-und-fortschritt","url":"https://api.media.ccc.de/public/events/1c8f06f9-ce0d-51bc-9bf3-0a1f71e8e484","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"ab1e5592-c1c7-54ea-8170-687e3f73b2d0","title":"Liberating Wi-Fi on the ESP32","subtitle":"","slug":"38c3-liberating-wi-fi-on-the-esp32","link":"https://events.ccc.de/congress/2024/hub/event/liberating-wi-fi-on-the-esp32/","description":"Reverse engineering the Wi-Fi peripheral of the ESP32 to build an open source Wi-Fi stack.\r\n\r\nDuring the 38c3, there are probably multiple thousands of ESP32s in the CCH, all of which run a closed source Wi-Fi stack. And while that stack works, it would be nicer to have an open source stack, which would grant us the ability to modify and audit the software, which carries potentially sensitive data.\r\n\r\nSo we set to work, reverse engineering the proprietary stack and building a new open source one. We soon discovered just how versatile the ESP32 can be, both as a tool for research and IoT SoC, when its capabilities are fully unlocked. This includes using it as a pentesting tool, a B.A.T.M.A.N. mesh router or an AirDrop client.\r\n\r\nYou'll learn something about Wi-Fi, the ESP32, reverse engineering in general and how to approach such a project.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Frostie314159","Jasper Devreker"],"tags":["38c3","226","2024","Hardware \u0026 Making","Saal 1"],"view_count":33777,"promoted":false,"date":"2024-12-27T12:55:00.000+01:00","release_date":"2024-12-27T00:00:00.000+01:00","updated_at":"2026-04-03T21:45:05.859+02:00","length":2334,"duration":2334,"thumb_url":"https://static.media.ccc.de/media/congress/2024/226-ab1e5592-c1c7-54ea-8170-687e3f73b2d0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/226-ab1e5592-c1c7-54ea-8170-687e3f73b2d0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/226-ab1e5592-c1c7-54ea-8170-687e3f73b2d0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/226-ab1e5592-c1c7-54ea-8170-687e3f73b2d0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-liberating-wi-fi-on-the-esp32","url":"https://api.media.ccc.de/public/events/ab1e5592-c1c7-54ea-8170-687e3f73b2d0","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"6df243b9-ad58-5d92-9104-54ff6076608d","title":"sixos: a nix os without systemd","subtitle":null,"slug":"38c3-sixos-a-nix-os-without-systemd","link":"https://events.ccc.de/congress/2024/hub/event/sixos-a-nix-os-without-systemd/","description":"This talk announces the first public release of sixos, a two year project to create a nixpkgs-based operating system using skarnet's s6 supervisor instead of systemd.\n\nThe monolithic design of `systemd` is inconsistent with the UNIX userspace philosophy. Its our-way-or-fork-off policy attracts influence-seekers, and thereby encourages *platform decay* within the free software ecosystem. Systemd's failure to provide Linux-grade ABI stability („we don't break userspace“) creates a large and tempting attack surface for *enshittification*.\n\nThis talk announces the first public release of [sixos](https://codeberg.org/amjoseph/sixos), a two year project to create a nixpkgs-based operating system using [skarnet](https://skarnet.org/software/)'s [`s6`](https://skarnet.org/software/s6/) instead of `systemd`.\n\nSixos replaces NixOS modules with the simpler [`infuse`](https://codeberg.org/amjoseph/infuse.nix) combinator. This allows sixos to treat services the same way nixpkgs handles packages:\n- A service (`svcs/by-name/.../service.nix`) in sixos is a Nix expression, just like an uninstantiated package (`pkgs/by-name/.../package.nix`) in nixpkgs.\n- A sixos target is a derivation, just like an instantiated package in nixpkgs.\n- The sixos target set (`targets`) is a scoped fixpoint, just like the nixpkgs instantiated-package set (`pkgs`).\n- The `override`, `callPackage`, and `overrideAttrs` tools work on targets and services, just like they do on instantiated and uninstantiated packages.\n\nWhenever possible, sixos retains good ideas pioneered by NixOS, like atomically-activated immutable configurations and the layout of `/run`.\n\nSixos is not a fork of NixOS. It shares no code with `nixpkgs/nixos`, nor is any part of it derived from NixOS. Sixos and NixOS both depend on `nixpkgs/pkgs`.\n\nOn [ownerboot](https://codeberg.org/amjoseph/ownerboot) hardware all [mutable firmware](https://codeberg.org/amjoseph/ownerboot/src/branch/master/doc/owner-controlled.md#clarifications) -- all the way back to the reset vector -- is versioned, managed, and built as part of the sixos configuration. This *eliminates the artificial distinction between firmware software and non-firmware software*. On NixOS, either the initrd „secrets“ or the software that decrypts them ([ESP](https://en.wikipedia.org/wiki/EFI_system_partition), [initrd ssh keys](https://github.com/NixOS/nixpkgs/blob/6b88838224de5b86f449e9d01755eae4efe4a1e4/nixos/modules/system/boot/initrd-ssh.nix#L73-L76)) is stored unencrypted on writable media. Ownerbooted sixos closes this loophole without any „trusted computing“ voodoo, eliminating all unencrypted storage except for an eeprom whose hardware write-protect pin is connected to ground.\n\nThe speaker runs ownerbooted sixos on his workstations, servers, twelve routers, stockpile of disposable laptops, and on his company's 24-server/768-core buildfarm. So far all of his attempts to run sixos on his snowboard have failed.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Adam Joseph"],"tags":["38c3","690","2024","Stage HUFF"],"view_count":13260,"promoted":false,"date":"2024-12-27T12:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T20:30:06.593+02:00","length":3365,"duration":3365,"thumb_url":"https://static.media.ccc.de/media/congress/2024/690-6df243b9-ad58-5d92-9104-54ff6076608d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/690-6df243b9-ad58-5d92-9104-54ff6076608d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/690-6df243b9-ad58-5d92-9104-54ff6076608d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/690-6df243b9-ad58-5d92-9104-54ff6076608d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-sixos-a-nix-os-without-systemd","url":"https://api.media.ccc.de/public/events/6df243b9-ad58-5d92-9104-54ff6076608d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"db040c6e-f729-5d54-b59b-a7eac586ce99","title":"Auracast: Breaking Broadcast LE Audio Before It Hits the Shelves","subtitle":null,"slug":"38c3-auracast-breaking-broadcast-le-audio-before-it-hits-the-shelves","link":"https://events.ccc.de/congress/2024/hub/event/auracast-breaking-broadcast-le-audio-before-it-hits-the-shelves/","description":"Auracast, the new Bluetooth LE Broadcast Audio feature has gained some publicity in the last few months. The Bluetooth SIG has been working on the specification of this feature set in the past few years and vendors are only now starting to implement it. Auracast enables broadcasting audio to multiple devices. These broadcasts can also be encrypted. Unfortunately, the security properties of the protocol are vague and insufficient. It has already been shown that these broadcasts can be hijacked by anyone when unencrypted.\n\nWe explain the state of (in)security of the protocol and add to it by showing that even when encrypted, broadcasts can often be cracked easily. We also show that once equipped with the passcode, attackers can eavesdrop and hijack even encrypted broadcasts. Alongside the talk, we will release our toolkit to brute-force authentication codes, decrypt dumped Auracast streams, and hijack encrypted broadcasts.\n\nBluetooth Auracast is a marketing term for a subset of the new \"LE Audio\" features introduced in the Bluetooth 5.2 specification. \nLE Audio is designed to provide better sound quality, longer battery life and new capabilities for audio devices like headphones, earbuds and especially hearing aids. Essentially, Auracast is an audio broadcast feature set for Bluetooth Low Energy. Our talk will focus on the new features introduced in the core spec, namely Broadcast Isochronous streams (BIS).\n\nThe protocol specification for Auracast was released several years ago, and vendors are only now beginning to implement application-level support for it. Previous research from 2023 (the \"BISON\" paper) has already shown that unencrypted Auracast broadcasts can be hijacked.\n\nThe Bluetooth specification is very vague in what security goals it tries to achieve for (encrypted) broadcasts. The core building block for LE Audio broadcasts are Broadcast Isochronous Streams (BIS). Security for BIS is only ever mentioned in terms of confidentiality, which is supposedly achievable by encrypting a BIS. In this talk we'll shed some light on the security properties of Auracast and show that authenticity and confidentiality can be violated, even when broadcasts are encrypted.\n\nTo examine whether the vague specification and the bad examples lead to real-world issues, we have surveyed several implementations of Auracast. We found that on popular devices the default configuration is weak and allows breaking the authenticity and confidentiality of the Auracast broadcast.\n\nAlongside the talk, we will release a toolkit that allows to dump, decrypt and hijack encrypted Auracast broadcasts.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Frieder Steinmetz","Dennis Heinze"],"tags":["38c3","33","2024","Security","Saal ZIGZAG"],"view_count":2057,"promoted":false,"date":"2024-12-29T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T20:45:08.380+02:00","length":2471,"duration":2471,"thumb_url":"https://static.media.ccc.de/media/congress/2024/33-db040c6e-f729-5d54-b59b-a7eac586ce99.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/33-db040c6e-f729-5d54-b59b-a7eac586ce99_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/33-db040c6e-f729-5d54-b59b-a7eac586ce99.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/33-db040c6e-f729-5d54-b59b-a7eac586ce99.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-auracast-breaking-broadcast-le-audio-before-it-hits-the-shelves","url":"https://api.media.ccc.de/public/events/db040c6e-f729-5d54-b59b-a7eac586ce99","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"3a2591c9-e61e-597e-949c-dff77a5e1f12","title":"Self Models of Loving Grace","subtitle":null,"slug":"38c3-self-models-of-loving-grace","link":"https://events.ccc.de/congress/2024/hub/event/self-models-of-loving-grace/","description":"Artificial Intelligence is not just an engineering discipline, but also the most fascinating and important philosophical project ever attempted: the explanation of the mind, by recreating it. This part of the series \"From Computation to Consciousness\" focuses on the nature of the self, agency and identity.\n\nWhen we recognize the paradigm of Artificial Intelligence as a philosophical and scientific framework for understanding the nature of minds like ours, we may begin with an essential question: What does it mean for a machine to feel? How do emotions arise at the intersection between a self and its world—or more precisely, within an a reflexive self model, in response to being dynamically reconfigured by a motivational system, in response to shifts in its alignment to a model of its environment, all within the same mind? \n\nThis inquiry takes us to the core of our own psychological architecture. Who are we when our self-perception alters? What does it mean to depersonalize, to dissolve the boundaries of the self? Can we reverse engineer, debug and reconstruct our identities to become who we want to be? Is there free will? Is it possible to recreate self and sentience in nonbiological substrates? Can AI be conscious? Could we perhaps even extend our own self to non biological substrates?\n\nThis presentation is part of the philosophical series “From Computation to Consciousness,” which draws on insights from AI and cognitive science to explore the nature of intelligence, consciousness, and their realization in the physical universe.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Joscha Bach"],"tags":["38c3","122","2024","Science","Saal ZIGZAG"],"view_count":21661,"promoted":false,"date":"2024-12-28T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:15:05.270+02:00","length":3611,"duration":3611,"thumb_url":"https://static.media.ccc.de/media/congress/2024/122-3a2591c9-e61e-597e-949c-dff77a5e1f12.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/122-3a2591c9-e61e-597e-949c-dff77a5e1f12_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/122-3a2591c9-e61e-597e-949c-dff77a5e1f12.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/122-3a2591c9-e61e-597e-949c-dff77a5e1f12.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-self-models-of-loving-grace","url":"https://api.media.ccc.de/public/events/3a2591c9-e61e-597e-949c-dff77a5e1f12","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"29d46adc-8f2d-55af-9bc3-1d939ecb8446","title":"Longtermismus – der „Geist“ des digitalen Kapitalismus","subtitle":null,"slug":"38c3-longtermismus-der-geist-des-digitalen-kapitalismus","link":"https://events.ccc.de/congress/2024/hub/event/longtermismus-der-geist-des-digitalen-kapitalismus/","description":"Der Vortrag wirft einen sozialwissenschaftlichen Blick auf die Ideologie des Longtermismus. Seine Funktion im digitalen Kapitalismus wird analysiert. Mithilfe von Klassikern der Soziologie wird dargestellt, warum sich diese Ideologie in eine faschistische Richtung entwickelt.\n\nLongtermismus ist die neue Hype-Ideologie des Silicon Valley. Elon Musk und Sam Altman haben sich als Anhänger geoutet, er ist die offizielle Firmenpolitik von OpenAI.\nLongtermismus postuliert, dass wir uns nicht mit der Gegenwart oder der nahen Zukunft beschäftigen sollten, sondern unser politisches Hauptaugenmerk auf die Entwicklung eines Computerhimmels in ferner Zukunft richten sollten. Zentral sind dabei Annahmen über die Entwicklungsmöglichkeiten von künstlicher Intelligenz, die deutlich religiöse Züge tragen.\n\nDer Vortrag stellt die Ergebnisse soziologischer Forschung zu dieser neuen Ideologie vor.\n\nDenn so neu ist das ganze gar nicht. Die „Moral“ des Longtermismus passt erstaunlich gut zu den Geschäftszielen der Digitalkonzerne und macht aus diesen eine Metaphysik. Diese soziale Funktion des Longtermismus ähnelt damit der Funktion, die Max Weber für den Protestantismus als „Geist“ des Kapitalismus im Frühkapitalismus ausgemacht hat. Wie der Protestantismus früher dient der Longtermismus heute einerseits als metaphysische Rechtfertigung der Geschäftsmodelle von Unternehmen und andererseits als individuelle Moral, die ihre Anhänger*innen zu mehr Leistung animieren soll.\n \nGegenwärtig erleben wir einen Rechtsruck im Longtermismus, dessen prominente Vertreter*innen wie Elon Musk oder Peter Thiel sich offen für Donald Trump positionieren. Auch hier ähnelt die Entwicklung des Longtermimsus vergleichbaren früheren Ideologien. Klassische Analysen zeigen, warum individualistische Leistungsideologien das Potenzial haben, in eine faschistische Richtung zu kippen. Der Rechtsruck der Silicon-Valley-Eliten wird so verständlich.\n\nAbschließend wird auf den Einfluss von Musk und Thiel auf die US-Wahlen eingegangen und versucht, die weitere Entwicklung abzuschätzen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Max Franz Johann Schnetker"],"tags":["38c3","237","2024","Ethics, Society \u0026 Politics","Saal ZIGZAG"],"view_count":9657,"promoted":false,"date":"2024-12-30T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T21:30:05.512+02:00","length":2610,"duration":2610,"thumb_url":"https://static.media.ccc.de/media/congress/2024/237-29d46adc-8f2d-55af-9bc3-1d939ecb8446.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/237-29d46adc-8f2d-55af-9bc3-1d939ecb8446_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/237-29d46adc-8f2d-55af-9bc3-1d939ecb8446.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/237-29d46adc-8f2d-55af-9bc3-1d939ecb8446.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-longtermismus-der-geist-des-digitalen-kapitalismus","url":"https://api.media.ccc.de/public/events/29d46adc-8f2d-55af-9bc3-1d939ecb8446","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4c63b6f7-0d8a-5c92-9223-ca3c2cf46b82","title":"Chatbots im Schulunterricht!?","subtitle":null,"slug":"38c3-chatbots-im-schulunterricht","link":"https://events.ccc.de/congress/2024/hub/event/chatbots-im-schulunterricht/","description":"Was können die Tools wirklich, was machen sie mit der “Bildung”, und sollten wir dafür Steuergelder ausgeben?\n\nSpätestens seit dem Hype um ChatGPT werden KI-Tools als magische Technofixes für Lehrkräftemangel und soziale Segregation im Bildungswesen angepriesen. Mehrere Bundesländer haben zum Beispiel Flächenlizenzen für alle Lehrkräfte bei dem Hamburger Unternehmen \"Fobizz\" erworben. Das Unternehmen bietet auf Basis großer Sprachmodelle (meist GPT-3/4) und verschiedener bildgenerierender KIs eine ganze Reihe von Bots sowohl für SchülerInnen als auch für LehrerInnen an: Tools zur automatisierten Korrektur und Bewertung von Hausaufgaben, Chatbot-basierte individuelle Lern-Coaches, Avatare zur Gesprächssimulation (\"mit Angela Merkel chatten\"), oder Bots zur Erstellung von individualisiertem Unterrichtsmaterial.\nWir haben das Fobizz-Tool zur automatisierten Korrektur von Hausaufgaben und Prüfungsleistungen detailliert unter die Lupe genommen. Funktioniert das wirklich? Wie wirkt sich das auf die Qualität des Unterrichts aus? Kann man LehrerInnen und SchülerInnen guten Gewissens darauf loslassen? – Unsere Antwort ist schockierend eindeutig: nein! Und es ist ein Skandal, dass Steuergelder dafür ausgegeben werden. Im Vortrag berichten wir von frustrierenden Irrfahrten wenn SchülerInnen den Korrekturen des KI-Tools folgen; von quasi ausgewürfelten Bewertungen (nach dem Motto: wenn dir die Note für diese Person nicht passt, drück einfach auf \"re-generate\"), und von der impliziten Botschaft an die SchülerInnen: Ihr müsst ChatGPT verwenden, sonst könnt ihr nicht gut abschneiden.\n\nIm zweiten Teil unserer Studie haben wir systematisch mit LehrerInnen gesprochen und ihre Perspektive auf KI im Schulunterricht untersucht. Wir besprechen, wie dystopisch und fehlgeleitet es ist, die sozialpolitischen Probleme im Bildungswesen mit Techno-Tools zu lösen. Während in Großbritannien bereits “teacher-free” KI-Klassen als Pilotprojekt ins neue Schuljahr gestartet sind, scheint man in Deutschland zwar immer noch auf Lehrkräfte im Klassenzimmer zu setzen – doch die Signale der Kultusministerien sind eindeutig: Lieber den Lehrkräftemangel mit den Services privater KI-Unternehmen fixen als echte politische Maßnahmen durchzusetzen, die den Beruf erträglicher und attraktiver machen. Dass das Schulsystem über KI-Tools noch weiter an private Unternehmensinteressen gebunden wird, hat unweigerlich steigende Ungleichheit und Intransparenz zur Folge. \nDa aktuell weitere Bundesländer an der Schwelle stehen, Lizenzverträge mit KI-Unternehmen für Lerntools abzuschließen, steht mit diesem Thema einiges auf dem Spiel.\n\nUnsere Studie zur \"KI-Korrekturhilfe\" von Fobizz kann hier runtergeladen werden: \u003ca href=\"https://doi.org/10.48550/arXiv.2412.06651\"\u003ehttps://doi.org/10.48550/arXiv.2412.06651\u003c/a\u003e\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rainer Mühlhoff","Marte Henningsen"],"tags":["38c3","548","2024","Ethics, Society \u0026 Politics","Saal ZIGZAG"],"view_count":8429,"promoted":false,"date":"2024-12-29T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:15:06.047+02:00","length":2373,"duration":2373,"thumb_url":"https://static.media.ccc.de/media/congress/2024/548-4c63b6f7-0d8a-5c92-9223-ca3c2cf46b82.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/548-4c63b6f7-0d8a-5c92-9223-ca3c2cf46b82_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/548-4c63b6f7-0d8a-5c92-9223-ca3c2cf46b82.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/548-4c63b6f7-0d8a-5c92-9223-ca3c2cf46b82.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-chatbots-im-schulunterricht","url":"https://api.media.ccc.de/public/events/4c63b6f7-0d8a-5c92-9223-ca3c2cf46b82","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"460805ee-d525-548a-b088-c00021a884b9","title":"May the forest be with you – Bäume pflanzen gegen die Klimakrise?","subtitle":null,"slug":"38c3-may-the-forest-be-with-you-bume-pflanzen-gegen-die-klimakrise","link":"https://events.ccc.de/congress/2024/hub/event/may-the-forest-be-with-you-bume-pflanzen-gegen-die-klimakrise/","description":"Der Harz wurde von Borkenkäfern gefressen, nur jeder vierte Baum in Deutschland gilt als gesund und in Russland sowie Nordamerika brennen die Wälder in einem enormen Ausmaß. Gleichzeitig gelten Wälder als eine der Lösungen in der Klimakrise, als CO2-Speicher und Produzent von nachhaltigen, nachwachsenden Rohstoffen. Sind Wälder in Gefahr auf Grund von Dürre, Borkenkäfer und Feuer? Und können wir mit Wiederaufforstungen der Klimakrise was entgegensetzten? Kirsten Krüger forscht an der Technischen Universität München zu Störungsdynamiken in Wäldern und erklärt in ihrem Vortrag, was Wälder eigentlich alles für uns leisten, warum Störungen ein natürlicher Bestandteil von Wäldern sind und Bäume pflanzen allein keine akkurate Antwort auf die Klimakrise ist.\n\nStörungen im Wald durch Dürre, Borkenkäfer und Feuer prägen zunehmen das Landschaftsbild und erhalten mehr Aufmerksamkeit von Medien und Politik. Die Sorge reicht von dem Szenario, dass wir alle Wälder verlieren werden hin zu dem Verlust von einem wertvollen CO2-Speicher und Produzenten von Holz. Global neue Bäume zu pflanzen scheint eine intuitive Antwort drauf zu sein, löst aber nicht die Herausforderung der Klimakrise vor der wir gerade stehen. In meinem Vortrag möchte ich aufklären, warum Störungen im Wald per se kein Problem, sondern ein Teil der Waldentwicklung sind und wie sich diese auf die CO2-Speicherfähigkeit und andere Fähigkeiten von Wäldern auswirken. Wälder sind keine statischen Konstrukte in der Landschaft, sondern ein dynamisches System, welches uns viele Dienstleistungen bereitstellt. Es gibt genug Gründe Bäume zu pflanzen, aber warum, wo und wie sind entscheidende Fragen, die ich beleuchten möchte. Außerdem berichte ich aus der aktuellen Forschung um den Zustand der Wälder, wie vor allem wir Menschen den Wald beeinflussen und möglichen Ansätzen, wie wir Wälder widerstandsfähiger machen können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Kirsten Krüger"],"tags":["38c3","94","2024","Science","Saal ZIGZAG"],"view_count":2018,"promoted":false,"date":"2024-12-29T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:15:06.266+02:00","length":2417,"duration":2417,"thumb_url":"https://static.media.ccc.de/media/congress/2024/94-460805ee-d525-548a-b088-c00021a884b9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/94-460805ee-d525-548a-b088-c00021a884b9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/94-460805ee-d525-548a-b088-c00021a884b9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/94-460805ee-d525-548a-b088-c00021a884b9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-may-the-forest-be-with-you-bume-pflanzen-gegen-die-klimakrise","url":"https://api.media.ccc.de/public/events/460805ee-d525-548a-b088-c00021a884b9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"05f6851b-4892-51ba-a2d1-06a1a9896857","title":"Reverse engineering U-Boot for fun and profit","subtitle":null,"slug":"38c3-reverse-engineering-u-boot-for-fun-and-profit","link":"https://events.ccc.de/congress/2024/hub/event/reverse-engineering-u-boot-for-fun-and-profit/","description":"A field guide to dumping and reverse engineering a bare-metal U-Boot binary, including all the good stuff like funky hardware setups, UART logs, a locked bootloader and unknown base addresses.\n\nWorking on hacking a babyphone and encountering a locked bootloader, we were faced with a major roadblock. So, naturally, we bashed our head against said problem for 2 weeks, coming out the other side with a few fun challenges, solutions and tid-bits.\n\nI want to recreate this experience here in this talk, by doing the whole process all over again, but this time live, in front of an audience.\nIncludes:\n - getting serial logs\n - dumping firmware\n - extracting firmware\n - reverse engineering the U-Boot bootloader, to extract the bootloader password\ntogether with some tips, tricks and snark remarks.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["zeno"],"tags":["38c3","723","2024","Stage HUFF"],"view_count":2692,"promoted":false,"date":"2024-12-27T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T22:15:06.209+02:00","length":3069,"duration":3069,"thumb_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/723-05f6851b-4892-51ba-a2d1-06a1a9896857.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-reverse-engineering-u-boot-for-fun-and-profit","url":"https://api.media.ccc.de/public/events/05f6851b-4892-51ba-a2d1-06a1a9896857","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1d9f5e5a-06c3-5b5f-a195-406f940b3ac3","title":"RadioMining - Playlist-Scraping und Analyse","subtitle":null,"slug":"38c3-radiomining-playlist-scraping-und-analyse","link":"https://events.ccc.de/congress/2024/hub/event/radiomining-playlist-scraping-und-analyse/","description":"Seit einigen Jahren hat Stefan von etwa vierzig regulären deutschen (Pop-)Radiosendern die Playlisten gespeichert. Welche Meta-Informationen sich daraus ergeben und welche Abhängigkeiten von Jahreszeiten, Charts und Ereignissen sich abzeichnen, wird in einem unterhaltsamen Vortrag zum Besten gegeben.\n\nGroße Radiosender stellen die von Ihnen gespielten Lieder zum Nachlesen auf ihrer Homepage bereit. Der Hintergrund dafür ist, dass man leicht sein neues Lieblingsstück, welches man auf dem Weg zur Arbeit gehört hat, wiederfinden kann.\n\nBei näherer Betrachtung werfen diese Playlisten etliche Fragestellungen auf. Werden zum Beispiel den ganzen Tag immer wieder dieselben Lieder gespielt? Spielen alle Radiosender die gleichen Stücke? Was ist der zeitliche Mindestabstand eines Musikstücks, bevor es erneut gespielt wird? Und müssen wir Last Christmas auch in Zukunft ertragen?\n\nIn dem Vortrag wird auch die Beziehung zwischen den \"Charts\" und den Playlisten der Radiosender geprüft. Dabei hat sich auch gezeigt, dass die Charts selbst ein spannendes Analysefeld sind. In die Chartberechnungen wurden MP3-Downloads und später Streams aufgenommen und haben dadurch altbewährte Konzepte verändert.\n\nNeben diesen Fragestellungen werden von Stefan auch technische Dinge beleuchtet. Die Herausforderungen des Scrapings, das Einfügen in eine geeignete Datenbank, die Auswertung selbst (und mit welchen Tools) sowie die Visualisierung von Ergebnissen werden anschaulich präsentiert.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Stefan Magerstedt"],"tags":["38c3","31","2024","Science","Saal GLITCH"],"view_count":7307,"promoted":false,"date":"2024-12-28T21:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T21:00:06.948+02:00","length":3221,"duration":3221,"thumb_url":"https://static.media.ccc.de/media/congress/2024/31-1d9f5e5a-06c3-5b5f-a195-406f940b3ac3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/31-1d9f5e5a-06c3-5b5f-a195-406f940b3ac3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/31-1d9f5e5a-06c3-5b5f-a195-406f940b3ac3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/31-1d9f5e5a-06c3-5b5f-a195-406f940b3ac3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-radiomining-playlist-scraping-und-analyse","url":"https://api.media.ccc.de/public/events/1d9f5e5a-06c3-5b5f-a195-406f940b3ac3","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5abd5a97-4255-5cf7-9635-4bcd5b13ff74","title":"High energy physics aside the Large Hadron Collider","subtitle":null,"slug":"38c3-high-energy-physics-aside-the-large-hadron-collider","link":"https://events.ccc.de/congress/2024/hub/event/high-energy-physics-aside-the-large-hadron-collider/","description":"What are we, and where do we come from? - Searching for flavour in beauty\n\nNowadays the Large Hadron Collider (LHC) at CERN is the best known high energy physics research facility. However, there are other facilities around the world performing cutting edge high energy physics research. Some of these are the so called flavour factories which have a long tradition in high energy physics. Two of these are currently in operation: BES III in China and Belle II in Japan. Collecting huge amounts of data, the goal of these experiments is to measure free parameters of the standard model of particle physics with very high precision to find deviations from predictions by theory. Such deviations can hint to new physics, and physicists are still searching for the reasons of our very existence as by our best knowledge nothing but light should have remained after the big bang. But testing the standard model is challenging. Huge data sets in the order of tera bytes need to be analysed requiring advanced analysis software and techniques. By now these analyses usually employ machine learning and artificial intelligence in various kinds, while using custom hardware and software, and a world spanning computing infrastructure. All of this is only possible with more than 1000 people working together in a collaboration. Part of the work in high energy physics nowadays would not be possible anymore without the groundbreaking research by this year's Nobel laureates for physics.\nIn this talk I will present what flavour physics is, the reasons why flavour physics is interesting and why it matters, and which challenges we are facing, using the Belle II experiment as an example. Most of the challenges are not unique to Belle II but to high energy physics in general, so I will also set this into the bigger context and take a look to what is ahead of us in the field of high energy physics.\n\nDeveloped in the 1950s to 1960s, the standard model of particle physics has been a huge success. However, there are parts it cannot describe:\n* During the big bang the same amount of matter and anti-matter should have been produced, and they should have annihilated only leaving light. But here we are, so there must have been some sort of imbalance or asymmetry. With our current understanding of particle physics and the big bang we cannot explain the amount of asymmetry necessary to explain our existence. So why are we here?\n* We found that neutrinos do have mass, while the SM predicts them to be massless. So why do neutrinos have mass and where does it come from?\n* The orbital velocities of stars in distant galaxies show deviations from expectations if only visible matter is taken into account. These deviations in the galaxy rotational curves hints to additional matter which nowadays we call \"dark matter\". But what is its origin\n* The universe seems to expand with an increasing rate, but what is the driver behind this rate? We now describe this as \"dark energy\" but do not really know what it is made of.\n* ...\n\nCosmology, astrophysics, and high energy physics are working on solving these mysteries. While the first two require observations of space and simulations on earth, the last one can be fully conducted on earth. In high energy physics we currently are following to paths of finding physics beyond our current understanding called the \"standard model\" of particle physics: direct and indirect discoveries. This can be achieved by testing ever higher energies, or by probing known processes with improved precision. The discovery of the Higgs Boson in 2012 was of the first category, a direct discovery at high energies.\n\nFlavour factories work differently. They operate at much lower energies (about 1000 times lower than the Large Hadron collider), but are collecting huge amounts of data to precisely test the standard model to find hints for unknown physics effects. One of the current flavour physics experiments is Belle II in Japan. There physicists try to find hints explaining the asymmetry between matter and anti-matter seen at the big bang, and are searching for dark matter candidates, as well as other indications of deviations from the standard model. By precisely measuring the standard model processes it is possible check for particles 10,000 times heavier than the energies used in Belle II, and 10 times heavier of what the LHC can achieve in direct searches.\n\nThis talk focuses on the challenges that modern high energy physics experiments, as well as other experiments are facing, and how to tackle them, as well as the public relevance of the research fields.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Christian Wessel"],"tags":["38c3","641","2024","Science","Saal GLITCH"],"view_count":995,"promoted":false,"date":"2024-12-29T17:35:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T18:00:04.153+02:00","length":2431,"duration":2431,"thumb_url":"https://static.media.ccc.de/media/congress/2024/641-5abd5a97-4255-5cf7-9635-4bcd5b13ff74.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/641-5abd5a97-4255-5cf7-9635-4bcd5b13ff74_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/641-5abd5a97-4255-5cf7-9635-4bcd5b13ff74.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/641-5abd5a97-4255-5cf7-9635-4bcd5b13ff74.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-high-energy-physics-aside-the-large-hadron-collider","url":"https://api.media.ccc.de/public/events/5abd5a97-4255-5cf7-9635-4bcd5b13ff74","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f9202f5f-c6ee-533b-8a4d-18138a2dad48","title":"Binging on drug checking data","subtitle":null,"slug":"38c3-binging-on-drug-checking-data","link":"https://events.ccc.de/congress/2024/hub/event/binging-on-drug-checking-data/","description":"A trip into party drug trends: Seeking insight among poorly formatted data, media misinformation, repressive laws and risky chemicals\n\nBerlin recently launched a public drug checking service — an admirable first for Germany.\nWhat can the data unveil?\n\nThis talk aims to elevate your mental state towards clarity over party drug trends in 2024 by serving a mix of Berlin’s drug testing data – both public and unpublished – with a few potent adulterants: Snazzy info graphics, shoddy code and a bunch of original research.\n\nObserve badly copy-pasted tag soup transform into beautiful and impactful open-eye visuals. Watch sales terms purportedly specifying precise chemical formulas exposed as mere smoke and mirrors, and find even names derived from each other labeling vastly different things. See patterns revealed and dots connected, like how an international interplay of both draconian and liberal legal frameworks created a perfect storm of unintended, risky consequences – or on the other hand, how the absence of reliable data creates a breeding ground for the viral spread of irrational fears. See through falsehoods regularly published on these topics in the press.\n\nBefore this risks turning into a bad trip, find zen with some practical risk management tips and pointers to helpful support services.\n\nIn less poetic terms, I’ll be covering recent trends regarding these psychoactive substances:\nEcstasy \u0026 “blue punishers”, cocaine, fentanyl, mephedrone, 3-MMC, 2C-B, “tusi”, “monkey dust” and more.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["c3o"],"tags":["38c3","841","2024","Stage HUFF"],"view_count":2629,"promoted":false,"date":"2024-12-28T20:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T18:15:04.480+02:00","length":3159,"duration":3159,"thumb_url":"https://static.media.ccc.de/media/congress/2024/841-f9202f5f-c6ee-533b-8a4d-18138a2dad48.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/841-f9202f5f-c6ee-533b-8a4d-18138a2dad48_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/841-f9202f5f-c6ee-533b-8a4d-18138a2dad48.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/841-f9202f5f-c6ee-533b-8a4d-18138a2dad48.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-binging-on-drug-checking-data","url":"https://api.media.ccc.de/public/events/f9202f5f-c6ee-533b-8a4d-18138a2dad48","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b85ccc8d-52ce-5532-ac8e-c970d458ecd0","title":"Mushroom-DJs, Strong AI \u0026 Climate Change: Connecting the Dots with Artistic Research","subtitle":null,"slug":"38c3-mushroom-djs-strong-ai-climate-change-connecting-the-dots-with-artistic-research","link":"https://events.ccc.de/congress/2024/hub/event/mushroom-djs-strong-ai-climate-change-connecting-the-dots-with-artistic-research/","description":"The exploratory nature of artistic research can aide in the production of knowledge. Sometimes, this takes a detour through music-making mushrooms and making moonshine, sometimes it deals with societal reverberations of AI usage or how lithium extraction affects the planet. This talk gives an insight on how we do technology-assisted artistic research at ZKM | Hertzlab, the artistic research \u0026 development department of the Center for Art and Media, Karlsruhe.\n\nArtistic research takes the exploratory impulse of art and combines it with the wish for knowing the world that characterizes scientific research. It is neither science communication, nor purely artistic practice - it is located somewhere in between. As a field of its own, artistic research is still relatively young; at ZKM | Center for Art and Media, Karlsruhe, we explore what this means in the context of one of Europe's oldest media art institutions. Our six themes - lifecycles, connect, a common(s) world, ai-lab, post-human world, fellow futures - guide us in what we hope is a contribution to larger discourses from the point of view of art.\n\nWith examples and projects, this talk will illuminate artistic research practices, its benefits and challenges and how having a hacker mindset is the first step into becoming an artistic researcher.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["twena"],"tags":["38c3","456","2024","Art \u0026 Beauty","Saal GLITCH"],"view_count":472,"promoted":false,"date":"2024-12-29T22:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-10T08:30:05.657+01:00","length":2253,"duration":2253,"thumb_url":"https://static.media.ccc.de/media/congress/2024/456-b85ccc8d-52ce-5532-ac8e-c970d458ecd0.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/456-b85ccc8d-52ce-5532-ac8e-c970d458ecd0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/456-b85ccc8d-52ce-5532-ac8e-c970d458ecd0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/456-b85ccc8d-52ce-5532-ac8e-c970d458ecd0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-mushroom-djs-strong-ai-climate-change-connecting-the-dots-with-artistic-research","url":"https://api.media.ccc.de/public/events/b85ccc8d-52ce-5532-ac8e-c970d458ecd0","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"da0f79d3-6767-532c-9b14-0e6902677b67","title":"Ultraschall Workshop","subtitle":null,"slug":"38c3-ultraschall-workshop","link":"https://events.ccc.de/congress/2024/hub/event/ultraschall-workshop/","description":"\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Udo Sauer"],"tags":["38c3","58312","2024","Saal X 07"],"view_count":695,"promoted":false,"date":"2024-12-27T22:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-11T13:45:07.661+01:00","length":5233,"duration":5233,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58312-da0f79d3-6767-532c-9b14-0e6902677b67.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58312-da0f79d3-6767-532c-9b14-0e6902677b67_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58312-da0f79d3-6767-532c-9b14-0e6902677b67.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58312-da0f79d3-6767-532c-9b14-0e6902677b67.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ultraschall-workshop","url":"https://api.media.ccc.de/public/events/da0f79d3-6767-532c-9b14-0e6902677b67","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"dc4e157d-d980-59e5-ac72-685a9c077f7b","title":"Lightning Talks Day 3","subtitle":"","slug":"38c3-lightning-talks-tag-3","link":"https://events.ccc.de/congress/2024/hub/event/lightning-talks-tag-3/","description":"Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!\r\n\r\n11:00\tOpening Lightningtalks\r\n11:05\t\"Digital integrity of the human person, A new fundamental right\",Alexis Roussel\r\n11:10. RDP to RCE in 5 minutes,Dor Dali\r\n11:15\tStatic Security Analysis Tools for Java,Markus Toran\r\n11:20\tFrom Apple litigation to Legal Eduation: how the FSFE can help you,Ana Galan\r\n11:25\tDoes the Doomguy live in a simulation? Gaming and Quantum Mechanics,gabriele\r\n11:30\tC02 negative energy production,coalburner3000\r\n11:35\tDetecting Fake Base Stations with CellGuard on iOS,jiska\r\n11:40\tHow to build a giant inflatable crab,rahix\r\n11:45\tIllegal Instruction into Machine Learning,Dennis Eisermann\r\n11:50\tiOS Inactivity Reboot,jiska\r\n12:55\tLLMs hallucinate graphs too!,Erwan\r\n12:00\tLibreOffice WASM \u0026 JS - Blending a C++ FOSS into a web app,kolAflash\r\n12:05\tYouth Hacking 4 Freedom,Sofía Aritz Albors Escobés\r\n12:10\tShovel: leveraging Suricata for Attack-Defense CTF,quiet_table\r\n12:15\tA tiny self-contained piece of (home)automation infrastructure,luz\r\n12:20\tThe helyOS Open Source Control Tower Framework - How to tell our robots what to do?,Felix\r\n12:25\tRDMA for No-Compromises Remote Desktop Experiences,Tim Dettmar\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":[],"tags":["38c3","674","2024","CCC","Stage HUFF"],"view_count":1266,"promoted":false,"date":"2024-12-29T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T23:15:05.064+01:00","length":5102,"duration":5102,"thumb_url":"https://static.media.ccc.de/media/congress/2024/674-dc4e157d-d980-59e5-ac72-685a9c077f7b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/674-dc4e157d-d980-59e5-ac72-685a9c077f7b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/674-dc4e157d-d980-59e5-ac72-685a9c077f7b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/674-dc4e157d-d980-59e5-ac72-685a9c077f7b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-lightning-talks-tag-3","url":"https://api.media.ccc.de/public/events/dc4e157d-d980-59e5-ac72-685a9c077f7b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"cf4a49d8-4717-52ec-ad96-4a250c5abf83","title":"What's inside my train ticket?","subtitle":null,"slug":"38c3-what-s-inside-my-train-ticket","link":"https://events.ccc.de/congress/2024/hub/event/what-s-inside-my-train-ticket/","description":"Ever wondered what data is stored inside DB print-at-home train tickets or those in your local transport association's app? Join me for the deep dive into digital railway ticketing you didn't know you needed.\n\nAfter getting my shiny new Deutschlandsemesterticket from University I was so annoyed with the quality of the SaarVV app that I set out to put my train tickets into Apple Wallet - whether the train companies wanted me to or not.\n\nWhat followed was several weeks of banging my head against the wall and googling various terms with \"filetype:pdf\" until I understood how they're encoded.\n\nThis talk is a highly condensed executive summary of the most interesting parts of that journey - from the surprising to the downright weird. Finally, I'll cover how you can issue your own train tickets - for fun and absolutely no profit!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["TheEnbyperor (it/its)"],"tags":["38c3","802","2024","Stage YELL"],"view_count":20099,"promoted":false,"date":"2024-12-30T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T22:45:05.281+02:00","length":2444,"duration":2444,"thumb_url":"https://static.media.ccc.de/media/congress/2024/802-cf4a49d8-4717-52ec-ad96-4a250c5abf83.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/802-cf4a49d8-4717-52ec-ad96-4a250c5abf83_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/802-cf4a49d8-4717-52ec-ad96-4a250c5abf83.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/802-cf4a49d8-4717-52ec-ad96-4a250c5abf83.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-what-s-inside-my-train-ticket","url":"https://api.media.ccc.de/public/events/cf4a49d8-4717-52ec-ad96-4a250c5abf83","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"0b03d192-fa2b-5ebe-a983-0d1ba2551cf7","title":"Was tun gegen den Rechtsruck (in Ostdeutschland)? - Solidarität! - Das Netzwerk Polylux stellt sich vor!","subtitle":null,"slug":"38c3-was-tun-gegen-den-rechtsruck-in-ostdeutschland-solidaritt-das-netzwerk-polylux-stellt-sich-vor","link":"https://events.ccc.de/congress/2024/hub/event/was-tun-gegen-den-rechtsruck-in-ostdeutschland-solidaritt-das-netzwerk-polylux-stellt-sich-vor/","description":"Das Netzwerk Polylux hat sich vor 5 Jahren gegründet um dem Rechtsruck in Ostdeutschland etwas entgegen zu setzen. Polylux fördert, was die AfD hasst. Solidarisch, Unbürokratisch und Antifaschistisch. Für eine kritische und starke Zivilgesellschaft wo es sie am meisten braucht: Im ländlichen Raum in Ostdeutschland.\n\nWir sind ein ehrenamtliches Netzwerk, das seit 2019 aktiv ist um antifaschistische Projekte in Ostdeutschland (vor allem) finanziell zu unterstützen. Schon damals brachte uns die Sorge um wegbrechende Finanzierungsmöglichkeiten angesichts einer schwachen Linken und der immer stärker werdenden Rechten auf die Idee, eine finanzielle, nachhaltige Unabhängigkeit für die aktive Zivilgesellschaft zu schaffen. In den letzten Jahren haben wir über 200.000 Euro an linke Projekte in Ostdeutschland weiterverteilen können und zeigen somit, dass wir eine Unterstützungsplattform aufgebaut haben, die uns unabhängig macht von staatlichen Förderungen und für eine emanzipatorische Bewegung eine dauerhafte und nachhaltige Alternative sein kann. Denn unser Netzwerk ist unabhängig von aktuellen politischen Machtverteilungen und Mehrheiten.\n\nIm \"Superwahljahr\" 2024 hatten wir uns vorgenommen auf 1000 monatlich zahlende Fördermitglieder zu kommen, um dem Rechtsruck nach den anstehenden Kommunal- und Landtagswahlen in Sachsen, Thüringen und Brandenburg noch mehr entgegen setzen zu können. Dieses Ziel haben wir gleich doppelt erreicht. Im Oktober 2024 hatten wir 2500 Fördermitglieder und sehr viele Einzelspenden und mediale Aufmerksamkeit.\n\nUnser Prinzip ist recht einfach: Wir sammeln Gelder über Fördermitgliedschaften und Spenden und verteilen sie an Projekte im ländlichen ostdeutschen Raum um. Durch das Netzwerk bekommen die Initiativen größere Sichtbarkeit. Dabei halten wir unser Antragsprozedere für die Projekte so einfach und simple wie möglich. Denn diese sollen für eine Förderung nicht noch mehr arbeit haben uns sich auf ihre Arbeit vor Ort konzentrieren können. Dabei Grenzen wir uns ganz bewusst, von \"normalen\" Fördertöpfen ab. Denn wir sind selbst alle in der Szene aktiv, leben in Ostdeutschland und kennen die Verhältnisse im ländlichen Raum aus eigener Erfahrung sehr gut. Wir wissen selbst, wie es ist als Queere Menschen, als Migrant*innen, als Linke hier gegen eine Politik aktiv zu sein, die alles kritische kriminalisiert und versucht einzuschüchtern. \nMehr zu unserer Arbeit und wen wir unterstützen findet Ihr auf unserer Website: www.polylux.network\n\nAuf dem 38C3 wollen wir uns, unsere Idee, unser Netzwerk und ein paar der tollen Projekte im Osten kurz vorstellen. Im Rahmen des Talks gehen wir kurz darauf ein woher der Rechtsruck in Ostdeutschland kommt und was Besonderheiten im Vergleich mit den alten Bundesländern sind - vor allem aber wollen wir aufzeigen, wie wir eine langfristige und nachhaltige Struktur aufbauen können.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Jaša"],"tags":["38c3","780","2024","Stage HUFF"],"view_count":1871,"promoted":false,"date":"2024-12-27T17:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-29T18:00:07.314+02:00","length":2574,"duration":2574,"thumb_url":"https://static.media.ccc.de/media/congress/2024/780-0b03d192-fa2b-5ebe-a983-0d1ba2551cf7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/780-0b03d192-fa2b-5ebe-a983-0d1ba2551cf7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/780-0b03d192-fa2b-5ebe-a983-0d1ba2551cf7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/780-0b03d192-fa2b-5ebe-a983-0d1ba2551cf7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-was-tun-gegen-den-rechtsruck-in-ostdeutschland-solidaritt-das-netzwerk-polylux-stellt-sich-vor","url":"https://api.media.ccc.de/public/events/0b03d192-fa2b-5ebe-a983-0d1ba2551cf7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"dbf59b24-24ac-55a4-bad7-4b2ff5dae02f","title":"„Konnte bisher noch nie gehackt werden“: Die elektronische Patientenakte kommt - jetzt für alle!","subtitle":null,"slug":"38c3-konnte-bisher-noch-nie-gehackt-werden-die-elektronische-patientenakte-kommt-jetzt-fr-alle","link":"https://events.ccc.de/congress/2024/hub/event/konnte-bisher-noch-nie-gehackt-werden-die-elektronische-patientenakte-kommt-jetzt-fr-alle/","description":"In wenigen Wochen werden die Gesundheitsdaten von rund 73 Millionen in Deutschland Krankenversicherten ohne deren Zutun über Praxis- und Krankenhausgrenzen hinweg zentral in einer Akte zusammengeführt - in der [„elektronischen Patientenakte für alle“](https://www.bundesgesundheitsministerium.de/themen/digitalisierung/elektronische-patientenakte/epa-fuer-alle.html).\n\nFortsetzung von 36C3 - [„Hacker hin oder her“: Die elektronische Patientenakte kommt!](https://media.ccc.de/v/36c3-10595-hacker_hin_oder_her_die_elektronische_patientenakte_kommt)\n\nIn wenigen Wochen startet die [„elektronische Patientenakte (ePA) für alle“](https://www.bundesgesundheitsministerium.de/themen/digitalisierung/elektronische-patientenakte/epa-fuer-alle.html): Medizinische Befunde, Medikationslisten und weitere Gesundheitsdaten von rund 73 Millionen in Deutschlang Krankenversicherten werden dann ohne deren Zutun über Praxis- und Krankenhausgrenzen hinweg in einer zentralen Akte zusammengeführt.\n\nBisher musste die ePA explizit beantragt werden. Ab Januar 2025 dagegen erhalten alle gesetzlich Versicherten, die nicht widersprechen, automatisch eine solche ePA.\n\nEine moderne Sicherheitsarchitektur ermöglicht dabei, dass die enthaltenen Gesundheitsinformationen in der ePA mit den höchsten Sicherheitsstandards geschützt werden.\n\n„Der Datenschutz und die Datensicherheit waren uns zu jedem Zeitpunkt das wichtigste Anliegen“, so Gesundheitsminister Karl Lauterbach. „Ein solches System konnte bisher noch nie gehackt werden“.\n\nDoch die Vergangenheit hat gezeigt: [„Vertrauen lässt sich nicht verordnen“](https://www.ccc.de/en/updates/2023/digitalegesundheit).\n\nFortsetzung von 36C3 - [„Hacker hin oder her“: Die elektronische Patientenakte kommt!](https://media.ccc.de/v/36c3-10595-hacker_hin_oder_her_die_elektronische_patientenakte_kommt)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Martin Tschirsich","Bianca Kastl"],"tags":["38c3","135","2024","Security","Saal 1"],"view_count":141235,"promoted":false,"date":"2024-12-27T14:45:00.000+01:00","release_date":"2025-01-14T00:00:00.000+01:00","updated_at":"2026-04-01T21:45:04.828+02:00","length":3562,"duration":3562,"thumb_url":"https://static.media.ccc.de/media/congress/2024/135-dbf59b24-24ac-55a4-bad7-4b2ff5dae02f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/135-dbf59b24-24ac-55a4-bad7-4b2ff5dae02f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/135-dbf59b24-24ac-55a4-bad7-4b2ff5dae02f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/135-dbf59b24-24ac-55a4-bad7-4b2ff5dae02f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-konnte-bisher-noch-nie-gehackt-werden-die-elektronische-patientenakte-kommt-jetzt-fr-alle","url":"https://api.media.ccc.de/public/events/dbf59b24-24ac-55a4-bad7-4b2ff5dae02f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"bdefc4b9-04e5-5e2a-94dc-ab4166aafcac","title":"Privacy-preserving (health) data processing is possible!","subtitle":null,"slug":"38c3-privacy-preserving-health-data-processing-is-possible","link":"https://events.ccc.de/congress/2024/hub/event/privacy-preserving-health-data-processing-is-possible/","description":"Is it possible to do research on health data without violating the privacy of the entire population?\n\nThe European Health Data Space is on the horizon, and it doesn't look like we can be satisfied with its implementation for now. Health data of all European insurance holders will be collected and retended not only for individual medical care, but also for scientific use.\n\nThe so-called *secondary use* explicitly refers not only to academic research, but also to for-profit organizations. Not only universities will be able to access the data, but also, for example, the pharma industry and the big data companies such as Apple and Google. Claiming to improve the user experience of their proprietary health apps (anticipatory conjecture by the speakers), the most personal of all data will be placed in hands where it really does not belong to.\n\nSo are we doomed? We say no!\n\nIn this presentation, we will show how *probabilistic data structures* can be used to process personal data without compromising the privacy of individuals. We will show the results of a case study with exemplary health data.\n\nWith this presentation, we want to point out that it is quite possible to give third parties certain access to health data, while preserving privacy for individuals.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["mcnesium","bngl"],"tags":["38c3","789","2024","Stage HUFF"],"view_count":532,"promoted":false,"date":"2024-12-28T21:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-14T12:00:09.160+01:00","length":2915,"duration":2915,"thumb_url":"https://static.media.ccc.de/media/congress/2024/789-bdefc4b9-04e5-5e2a-94dc-ab4166aafcac.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/789-bdefc4b9-04e5-5e2a-94dc-ab4166aafcac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/789-bdefc4b9-04e5-5e2a-94dc-ab4166aafcac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/789-bdefc4b9-04e5-5e2a-94dc-ab4166aafcac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-privacy-preserving-health-data-processing-is-possible","url":"https://api.media.ccc.de/public/events/bdefc4b9-04e5-5e2a-94dc-ab4166aafcac","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a33c84f6-5fc2-50db-9798-38e35be8a7ac","title":"Let's build dodos! How generative AI is upturning the world of synthetic biology and hopelessly overwhelming traditional governance instruments.","subtitle":null,"slug":"38c3-let-s-build-dodos-how-generative-ai-is-upturning-the-world-of-synthetic-biology-and-hopelessly-overwhelming-traditional-governance-instruments","link":"https://events.ccc.de/congress/2024/hub/event/let-s-build-dodos-how-generative-ai-is-upturning-the-world-of-synthetic-biology-and-hopelessly-overwhelming-traditional-governance-instruments/","description":"Have you always wanted to build an egg-laying woolly milk sow or bring the legendary dodo \nback to life? The dream of some biologists to not only understand organisms, but also to redesign, build or bring living beings back to life is accelerating towards reality with the convergence of synthetic biology and generative AI in ‘generative biology’. For example, large language models are now being used to write genes and proteins, while complex laboratory tests are being replaced by machine vision and automation. \nThe pace of these developments is so fast that they are barely noticed by the public, politicians or related experts such as environmental scientists. Questions about the reliability and safety of these new biodigital methods and applications are not yet being asked and research into risk assessment methods is not keeping pace. At the same time, this shift of generative AI systems from generating text and images to generating protein, bacteria, viruses and organisms could transform many areas of life, from medicine and the environment to bioweapons. So let's talk about it and discuss it.\n\nThis is what the talk will be about:\n- What is the science behind synthetic biology? What is genome editing, CRISPR/cas, RNAi or off-target effects etc.? \n- And how does generative AI and generative biology come into play? What is actually happening in laboratories and corporate R\u0026D around the world, including in the USA and China? I will report on AI platforms that generate designs for novel viruses and proteins to experiments ranging from medical drug development and attempts to bring extinct species back to life. I will also present current scenarios in the field of bioweapons. \n- How big tech is moving to get into bioeconomy – Titans such as Google, Microsoft, Nvidia, Alibaba, Meta, Amazon and Salesforce, with no specific experience in life sciences, are now the leaders in a new ‘generative biology’ run.\n- I will then continue with our own research on risk and technology assessment of genetically modified organisms and synthetic biology. This includes experiments and method development on biosafety, but also poses more fundamental questions such as investigating if the AI/biodigital design of nature is in line with nature conservation concepts or asking if democratization of biotech research (garage biology) relates to “dual use” risks. We also work on instruments to better understand impacts on society and improved social participation. \n- Finally, I would like to report on the very controversy negotiations on this topic at the UN Convention on Biological Diversity in Colombia in November – among parties, with perspectives from developing countries, indigenous peoples and local communities, scientist and others and discuss ways forward for fair, multidisciplinary assessment and oversight that is urgently needed.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Margret Engelhard"],"tags":["38c3","531","2024","Science","Saal ZIGZAG"],"view_count":739,"promoted":false,"date":"2024-12-29T15:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-19T16:45:07.078+01:00","length":2655,"duration":2655,"thumb_url":"https://static.media.ccc.de/media/congress/2024/531-a33c84f6-5fc2-50db-9798-38e35be8a7ac.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/531-a33c84f6-5fc2-50db-9798-38e35be8a7ac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/531-a33c84f6-5fc2-50db-9798-38e35be8a7ac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/531-a33c84f6-5fc2-50db-9798-38e35be8a7ac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-let-s-build-dodos-how-generative-ai-is-upturning-the-world-of-synthetic-biology-and-hopelessly-overwhelming-traditional-governance-instruments","url":"https://api.media.ccc.de/public/events/a33c84f6-5fc2-50db-9798-38e35be8a7ac","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7a704cd7-ae73-5427-968b-88201d57f993","title":"How election software can fail","subtitle":null,"slug":"38c3-how-election-software-can-fail","link":"https://events.ccc.de/congress/2024/hub/event/how-election-software-can-fail/","description":"Experiences from a hacker working at the Election Council of The Netherlands.\n\nAfter critically following the elections for 8 years from the outside, a hacker was employed as one of the functional administrators of the software supporting the elections. Sharing experiences of the use of election software during 7 elections (2020-2023), from local, national to European in The Netherlands.\n\nA governmental software project with strict deadlines, and high security expectations. The software project for elections in The Netherlands is build an IT organization [owned by German local governments](https://www.regioit.de/unternehmen/zahlen-daten-fakten). More than 10.000 Java files, what can possible go wrong?\n\nDuring this time multiple emergency patches were needed and incidents occur. Although at first explicitly *not* hired as a coder, within 3 months a Java code contribution was made that was unexpectedly more crucial than anticipated.\n\nThis talk will show some incidents with the election software in The Netherlands: how the software failed, and when/how it was discovered. Go over how seeing the elections from the outside, and give some history of voting computers and software. Ending with some reflecting on the future.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Benjamin W. Broersma"],"tags":["38c3","514","2024","Security","Saal GLITCH"],"view_count":1775,"promoted":false,"date":"2024-12-29T23:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-27T20:15:07.321+01:00","length":3478,"duration":3478,"thumb_url":"https://static.media.ccc.de/media/congress/2024/514-7a704cd7-ae73-5427-968b-88201d57f993.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/514-7a704cd7-ae73-5427-968b-88201d57f993_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/514-7a704cd7-ae73-5427-968b-88201d57f993.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/514-7a704cd7-ae73-5427-968b-88201d57f993.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-how-election-software-can-fail","url":"https://api.media.ccc.de/public/events/7a704cd7-ae73-5427-968b-88201d57f993","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"98C007E2-A3B2-44FD-ADF5-D21224DE0988","title":"Rekordbox, gib mir meine Daten! - Überblick von Datenzugriff in DJ Software \u0026 Hardware","subtitle":null,"slug":"38c3-rekordbox-gib-mir-meine-daten-berblick-von-datenzugriff-in-dj-software-hardware","link":"https://events.ccc.de/congress/2024/hub/en/event/rekordbox-gib-mir-meine-daten-berblick-von-datenzugriff-in-dj-software-hardware/","description":"Wir Hackende müssen eine große Gefahr für unsere eigenen Daten sein, wenn die Hersteller die Maßnahmen ergreifen, die ich euch in diesem Talk unter Anderem vorstelle. Wie bekomme ich Daten aus DJ-Systemen und vielleicht auch wieder hinein?\n\nWenn wir als DJs Daten in DJ Systeme eingeben, wollen wir diese vielleicht auslesen oder von außen mit unserer eigenen Software verändern. Dieser Talk ist ein Überblick über die Entwicklung und den Stand von Datenbanken, Reverse Engineering, Netzwerk Protokoll Mitschnitten und Verschlüssellung. Leider machen uns das AlphaTheta, Serato und co. schwieriger als es sein muss. Manchmal ist es kaum zu fassen, wie weit sie dafür gehen. Hinweis: Dieser Talk kann Spuren von SQL beinhalten.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["function"],"tags":["100002","2024","38c3","Chaos Computer Music Club","38c3-deu"],"view_count":401,"promoted":false,"date":"2024-12-30T14:30:00.000+01:00","release_date":"2025-03-17T00:00:00.000+01:00","updated_at":"2026-03-26T23:15:05.610+01:00","length":1914,"duration":1914,"thumb_url":"https://static.media.ccc.de/media/congress/2024/100002-98C007E2-A3B2-44FD-ADF5-D21224DE0988.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/100002-98C007E2-A3B2-44FD-ADF5-D21224DE0988_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/100002-98C007E2-A3B2-44FD-ADF5-D21224DE0988.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/100002-98C007E2-A3B2-44FD-ADF5-D21224DE0988.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-rekordbox-gib-mir-meine-daten-berblick-von-datenzugriff-in-dj-software-hardware","url":"https://api.media.ccc.de/public/events/98C007E2-A3B2-44FD-ADF5-D21224DE0988","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5697c3e4-97c8-5599-8818-9d39b3e00230","title":"Das Technikjahr 2024 - Ki, Klima, Crypto (mspr0 \u0026 Ali Hackalife) Auch-interessant!","subtitle":null,"slug":"38c3-das-technikjahr-2024-ki-klima-crypto-mspr0-ali-hackalife-auch-interessant","link":"https://events.ccc.de/congress/2024/hub/event/das-technikjahr-2024-ki-klima-crypto-mspr0-ali-hackalife-auch-interessant/","description":"Ali Hackalife (Auch-interessant!) und Michael Seemann (wmr) sprechen über das vergangene Technikjahr.\n\nDer Auch-interessant! Podcast (https://auch-interessant.de ) ist ein Podcast der sich sowohl mit Technik als auch Gesellschaftsthemen befasst. Öfter war der Computer-Philosoph Michael Seemann (mspr0) zu Gast. Auf dem 38c3 treffen sich Ali und mspr0 um auf das vergangene Technikjahr zurück zu schauen.\nWie geht es Alis Technik-Optimismus nach diesem Jahr. Und was lief anders als erwartet.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ali Hackalife","Michael Seemann"],"tags":["38c3","58308","2024","Saal X 07"],"view_count":1299,"promoted":false,"date":"2024-12-29T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-25T20:30:08.208+01:00","length":4394,"duration":4394,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58308-5697c3e4-97c8-5599-8818-9d39b3e00230.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58308-5697c3e4-97c8-5599-8818-9d39b3e00230_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58308-5697c3e4-97c8-5599-8818-9d39b3e00230.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58308-5697c3e4-97c8-5599-8818-9d39b3e00230.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-das-technikjahr-2024-ki-klima-crypto-mspr0-ali-hackalife-auch-interessant","url":"https://api.media.ccc.de/public/events/5697c3e4-97c8-5599-8818-9d39b3e00230","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"e3bb8bc4-a3e2-5968-b1d3-ec61fff42810","title":"Life in the Lager: How it is \u0026 how to support","subtitle":null,"slug":"38c3-life-in-the-lager-how-it-is-how-to-support","link":"https://events.ccc.de/congress/2024/hub/event/life-in-the-lager-how-it-is-how-to-support/","description":"Was ist ein Lager und warum ist es so schrecklich und unmenschlich? Wir werden einen Überblick über betroffene Perspektiven mit Selbst­erfahrungen geben, wie man in Lagern (Wohnheimen, EAE) lebt.\n\nWir geben einen Überblick über die rassistische Bezahlkarte, sowie die Einschränkung der Freiheit wie schwer ist und über das Leben von Jugendliche in Lagern.\nWas machen wir? Wie können wir unterstützen und worauf sollte man achten?\n\nWir sind eine selbstorganisierte Initiative von Migrantinnen mit Fluchterfahrung, die in Ostdeutschland Rassismus im Alltag erlebt haben. Wir wollen ihre Lebenssituation sichtbarer machen und langfristig mehr gesellschaftliche Solidarität erreichen. In dieser Präsentation sprechen wir über das harte Leben in den Lagern und ländlichen Regionen, über den alltäglichen Rassismus in Behörden, am Arbeitsplatz …, Wir werden auch über die Bezahlkarte und Essensscheine sprechen, basierend auf unseren eigenen Erfahrungen. Diese Maßnahmen sind nicht nur rassistisch, sie entmenschlichen die Betroffenen – besonders Jugendliche. Sie verletzen ihre Würde, Wir geben auch Beispiele, wie jeder von euch konkret unterstützen und Solidarität zeigen kann.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Hafid"],"tags":["38c3","418","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":686,"promoted":false,"date":"2024-12-27T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-25T08:30:05.772+01:00","length":2497,"duration":2497,"thumb_url":"https://static.media.ccc.de/media/congress/2024/418-e3bb8bc4-a3e2-5968-b1d3-ec61fff42810.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/418-e3bb8bc4-a3e2-5968-b1d3-ec61fff42810_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/418-e3bb8bc4-a3e2-5968-b1d3-ec61fff42810.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/418-e3bb8bc4-a3e2-5968-b1d3-ec61fff42810.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-life-in-the-lager-how-it-is-how-to-support","url":"https://api.media.ccc.de/public/events/e3bb8bc4-a3e2-5968-b1d3-ec61fff42810","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"41121e23-9a94-5c8b-9eb4-28e18492d0ae","title":"Lokalnews-Mining","subtitle":null,"slug":"38c3-lokalnews-mining","link":"https://events.ccc.de/congress/2024/hub/event/lokalnews-mining/","description":"Ihr wolltet schon immer wissen was der „Morgenthau-Plan“ mit Kreisverkehren und „Schönwetterfreizeitsportgeräten“ zu tun hat? Dann lasst mich euch mitnehmen in die wundersamen, obskuren und humoristisch wertvollen Untiefen eines lokalen Nachrichtenportals. Was kann die interessierte Beobachterin von außen über das System lernen? Welche Werkzeuge brauchen wir für diese Expedition? Welche Kreaturen der Nacht kriechen durch die Untiefen der anonymen Kommentarfunktion? Und kann man eigentlich auch etwas Schönes aus den Daten machen, die da täglich ins Netz gekippt werden?\n\nWie viele Orte in Deutschland hat Lübeck eine von diesen etwas schrägen Lokalnews-Seiten, die wirken, als wären sie in der Zeit stecken geblieben. Aber dennoch sind sie irgendwie wichtig sind für das Leben in der Region. Der schnöde Wetterbericht, Beschwerden über Baustellen, Filz-Workshops und Veranstaltungsankündigungen für die LAN-Party des CDU-Ortsverbandes - alles kann einem hier begegnen. Natürlich garniert von Kommentaren aus dem ganzen Spektrum des Wahnsinns.\nSeit über einem Jahr sammle ich die Daten, die diese obskure Seite ins Internet bläst, werte sie aus und bastele daraus nützliche oder wenigstens lustige Dinge. Von all diesen Abenteuern meines Hobby-Projekts „hl-lol“ möchte ich euch berichten.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Alexton"],"tags":["38c3","854","2024","Entertainment","Stage YELL"],"view_count":2555,"promoted":false,"date":"2024-12-30T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T12:15:04.716+02:00","length":3063,"duration":3063,"thumb_url":"https://static.media.ccc.de/media/congress/2024/854-41121e23-9a94-5c8b-9eb4-28e18492d0ae.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/854-41121e23-9a94-5c8b-9eb4-28e18492d0ae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/854-41121e23-9a94-5c8b-9eb4-28e18492d0ae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/854-41121e23-9a94-5c8b-9eb4-28e18492d0ae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-lokalnews-mining","url":"https://api.media.ccc.de/public/events/41121e23-9a94-5c8b-9eb4-28e18492d0ae","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"9210d33c-ab1b-580e-9f03-02893a3f0c8d","title":"Open, Large, and Complex: Managing a 3,500 m² *space with 400+ Members","subtitle":null,"slug":"38c3-open-large-and-complex-managing-a-3-500-m-space-with-400-members","link":"https://events.ccc.de/congress/2024/hub/event/open-large-and-complex-managing-a-3-500-m-space-with-400-members/","description":"A 3,500 m² hack and make space with 400+ members brings unique challenges in community management, public-sector partnerships, and balancing open culture with safety regulations. This talk shares practical insights on fostering an inclusive, large-scale hack/make/arts/culture space, from founding hurdles to the realities of maintaining creative freedom within structural limits.\n\nWhat happens when a hack and make space scales to 3,500 m² with over 400 members? We will offer insights into the challenges and opportunities of managing a large, open community space for makers, hackers, artists and the genernal public. From navigating partnerships with public institutions to balancing open community management, we'll discuss key lessons learned. Topics include the founding journey and public-sector collaboration, maintaining an inclusive culture within a massive member base, and meeting building code on a limited budget. We’ll also explore the dynamic between spontaneous initiatives and intentional space design, sharing experiences that range from community-driven projects to governance challenges. Join us to explore how scale impacts everything—from creative freedom to structural limitations—and how a space can thrive with size.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["codemonk","Schumi"],"tags":["38c3","684","2024","Stage YELL"],"view_count":906,"promoted":false,"date":"2024-12-28T23:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-03T01:45:04.650+01:00","length":3751,"duration":3751,"thumb_url":"https://static.media.ccc.de/media/congress/2024/684-9210d33c-ab1b-580e-9f03-02893a3f0c8d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/684-9210d33c-ab1b-580e-9f03-02893a3f0c8d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/684-9210d33c-ab1b-580e-9f03-02893a3f0c8d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/684-9210d33c-ab1b-580e-9f03-02893a3f0c8d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-open-large-and-complex-managing-a-3-500-m-space-with-400-members","url":"https://api.media.ccc.de/public/events/9210d33c-ab1b-580e-9f03-02893a3f0c8d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"fdb48d2b-748c-52ec-bf44-da974653fed9","title":"0, 1 oder 2","subtitle":"Hackerei und Cyberbrei","slug":"38c3-0-1-oder-2-hackerei-und-cyberbrei","link":"https://events.ccc.de/congress/2024/hub/event/0-1-oder-2-hackerei-und-cyberbrei/","description":"Der Quizshow-Klassiker für die ganze Chaosfamilie: Bei uns sind nicht nur pfiffige Hacker:innen, sondern auch flinke Beine gefragt. 0, 1 oder 2? Wer es weiß, ist dabei! Nur echt mit dem Kamera-Nerd!\r\n\r\nAuf einzigartige Weise wird Wissensvermittlung mit Bewegung verknüpft und bietet Nerds anspruchsvolle Unterhaltung. Das Beste aus Besserwisserei und Tele-Aerobic. Drei Teams aus dem Publikum treten gegeneinander an. \r\n\r\nDie Kandidat:innen müssen Fragen rund um IT-Sicherheit, CCC, Netzpolitik, Hacking-Kultur, Raketenwissenschaft oder Frickeln beantworten und damit ihr Wissen unter Beweis stellen. Für jedes Thema gibt es Spezial-Expert:innen auf der Couch sowie Show- und Musikeinlagen. Dem besten Team winkt der begehrte \"0, 1 oder 2\"-Überraschungspreis.\r\n\r\nDie Rate-Show wird von Erisvision in Koproduktion mit C3VOC, CCH und Gefahrengebiet TV Productions präsentiert.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Erisvision"],"tags":["38c3","508","2024","Entertainment","Saal 1"],"view_count":5308,"promoted":false,"date":"2024-12-29T00:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-09T15:15:06.183+01:00","length":5290,"duration":5290,"thumb_url":"https://static.media.ccc.de/media/congress/2024/508-fdb48d2b-748c-52ec-bf44-da974653fed9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/508-fdb48d2b-748c-52ec-bf44-da974653fed9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/508-fdb48d2b-748c-52ec-bf44-da974653fed9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/508-fdb48d2b-748c-52ec-bf44-da974653fed9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-0-1-oder-2-hackerei-und-cyberbrei","url":"https://api.media.ccc.de/public/events/fdb48d2b-748c-52ec-bf44-da974653fed9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"20224ba0-dbaa-5631-82dc-70a751aa799c","title":"EU's Digital Identity Systems - Reality Check and Techniques for Better Privacy","subtitle":null,"slug":"38c3-eu-s-digital-identity-systems-reality-check-and-techniques-for-better-privacy","link":"https://events.ccc.de/congress/2024/hub/event/eu-s-digital-identity-systems-reality-check-and-techniques-for-better-privacy/","description":"Digital identity solutions, such as proposed through the EU's eIDAS regulation, are reshaping the way users authenticate online. In this talk, we will review the currently proposed technical designs, the impact such systems will have, and provide an outlook on how techniques from modern cryptography can help to improve security and privacy.\n\nDigital Identity solutions are on the rise all around the world. In particular the European Union is establishing a range of ambitious proposals like eIDAS to establish a general purpose platform for identification, authentication and transfer of personal data that will be used by eGovernment, logging into Facebook, public transport, eCommerce and doctor visits. With the Digital Euro, the EU Digital Travel App, Age Verification Apps and many other proposals we can see the scary trajectory the EU is headed towards. This talk provides a critical reality check about the underlying technology, the impact these systems will have on our privacy on a daily basis and what security (hell) we can expect. \n\nThe talk will also give an overview of the proposed technical eIDAS architecture, and the [Cryptographers' Feedback on the EU Digital Identity’s ARF](https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/200). We will also provide a brief introduction into zero-knowledge proofs, the security and privacy properties they can provide for Digital Identities, and what is missing to bring these technologies into reality.\n\nThomas Lohninger has worked for the digital rights NGO epicenter.works to advocate for [strong privacy in the eIDAS law](https://epicenter.works/en/thema/eid-digital-public-infrastructures) on EU level. He is a member of the [Ad-Hoc Technical Advisory Group of the EU-Commission on eIDAS Wallet](https://epicenter.works/en/content/nda-of-the-ad-hoc-technical-advisory-group-of-the-eu-commission-on-eidas-wallet) and the only civil society Jury member of the SPRIND Funke on [EUDI WALLET Prototypes](https://epicenter.works/en/content/germany-eidas-wallet-jury-agreement-nda) of the German government.\n\nAnja Lehmann is a professor for cryptography at the Hasso-Plattner-Institute, University of Potsdam, with a focus on developing privacy-enhancing technologies, in particular enabling privacy-preserving authentication. She is a Jury member of the SPRIND Funke on [EUDI WALLET Prototypes](https://www.sprind.org/impulse/challenges/eudi-wallet-prototypes#anchor-jury) and also supports the SPRIND EUDI project on the integration of zero-knowledge proofs since October 2024.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Anja Lehmann","socialhack"],"tags":["38c3","528","2024","Security","Saal GLITCH"],"view_count":4447,"promoted":false,"date":"2024-12-27T20:15:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T17:45:06.531+02:00","length":2511,"duration":2511,"thumb_url":"https://static.media.ccc.de/media/congress/2024/528-20224ba0-dbaa-5631-82dc-70a751aa799c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/528-20224ba0-dbaa-5631-82dc-70a751aa799c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/528-20224ba0-dbaa-5631-82dc-70a751aa799c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/528-20224ba0-dbaa-5631-82dc-70a751aa799c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-eu-s-digital-identity-systems-reality-check-and-techniques-for-better-privacy","url":"https://api.media.ccc.de/public/events/20224ba0-dbaa-5631-82dc-70a751aa799c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1364b135-4556-5967-a12c-f596821cb3b3","title":"Opt Green: Coordinating a Windows 10-to-Linux upcycling campaign across Free Software communities worldwide","subtitle":null,"slug":"38c3-opt-green-coordinating-a-windows-10-to-linux-upcycling-campaign-across-free-software-communities-worldwide","link":"https://events.ccc.de/congress/2024/hub/event/opt-green-coordinating-a-windows-10-to-linux-upcycling-campaign-across-free-software-communities-worldwide/","description":"Windows 10 security updates end on 14 October 2025, KDE's 29th birthday and also, ironically, International E-Waste Day [1] (you cannot make these things up!). Hundreds of millions of functioning devices [2] will become e-waste. This means manufacturing and transporting new ones, which is perhaps the biggest waste of all: hardware production alone can account for over 75% of a device's CO2 emissions over its lifespan.\n\nFree Software is a solution, today, and if we work together Windows 10 could truly be the last version of Windows users ever use! In this talk I will present the issue of e-waste and the importance of right-to-repair software, and invite the audience to participate in coordinating a global, unified Free Software campaign over the next year to raise awareness about the environmental harm of software-driven hardware obsolescence, while promoting upgrading users from Windows 10 to GNU/Linux directly. Extending hardware's operating life with Free Software is good for users, and better for the environment. Let's think big and act boldly as a unified community! \n\n[0] https://arstechnica.com/gadgets/2024/10/lots-of-pcs-are-poised-to-fall-off-the-windows-10-update-cliff-one-year-from-today/\n[1] https://weee-forum.org/iewd-about/\n[2] https://www.canalys.com/insights/end-of-windows-10-support-could-turn-240-million-pcs-into-e-waste\n\nThis is a talk about digital sustainability and the role software plays in hardware longevity.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["joseph"],"tags":["38c3","824","2024","Stage YELL"],"view_count":2161,"promoted":false,"date":"2024-12-28T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T15:15:03.638+02:00","length":2750,"duration":2750,"thumb_url":"https://static.media.ccc.de/media/congress/2024/824-1364b135-4556-5967-a12c-f596821cb3b3.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/824-1364b135-4556-5967-a12c-f596821cb3b3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/824-1364b135-4556-5967-a12c-f596821cb3b3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/824-1364b135-4556-5967-a12c-f596821cb3b3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-opt-green-coordinating-a-windows-10-to-linux-upcycling-campaign-across-free-software-communities-worldwide","url":"https://api.media.ccc.de/public/events/1364b135-4556-5967-a12c-f596821cb3b3","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"c32eae4d-9995-52e8-acac-42f0ebef792e","title":"Queersupport - weil junge Queers ein offenes Ohr brauchen!","subtitle":null,"slug":"38c3-queersupport-weil-junge-queers-ein-offenes-ohr-brauchen","link":"https://events.ccc.de/congress/2024/hub/event/queersupport-weil-junge-queers-ein-offenes-ohr-brauchen/","description":"Der Queersupport stellt sich vor: Eine bundesweite, digitale Beratungsstruktur für und von jungen Queers. Hier supporten junge queere Menschen Peer-to-Peer online. Angegliedert an eine queere Fachberatung. Mit einem hohen Anspruch an Datenschutz und digitaler Souveränität.\n\nDer Queersupport vom Jugendnetzwerk Lambda (der einzige queere, bundesweite Jugendverband in Deutschland) supportet junge Queers (und auch deren Angehörige und gesetzliche Vertreter:innen) bei all ihren Fragen und Krisen rund um die Themen Coming Out, Transition, Identität, Familie, Schule, etc.\nDas besondere am Queersupport ist, dass hier sowohl ehrenamtliche junge Queers, als auch hauptamtliche Fachberater*innen beraten. Dadurch entsteht ein super Netzwerk für die Ratsuchenden.\n\nNeben dem Aspekt des Peer-to-Peer ist uns Intersektionalität sehr wichtig - denn wir wollen für viele queere Menschen da sein können. Das beginnt im hauptamtlichen Team (wir sind unterschiedlich positioniert: Queer, trans, be_hindert, Rom*ni, PoC, weiß, autistisch, ...) und geht weiter bei den ehrenamtlichen (die Peers sind fast alle auch mehrfachmarginalisiert).\n\nWir legen großen Wert auf souverän betriebene, freie Software, Datenschutz und Nutzer:innenfreundlichkeit. Wir entwickeln deshalb selbst, auf Basis verschiedener OpenSource Tools, ein für uns passendes Setting. Auch weil wir glauben, dass diese Themen gerade für marginalisierte Menschen besonders wichtig sind, da sie sich am wenigsten darauf verlassen können, dass Technik großer Internetgiganten ihre Interessen berücksichtigen oder propietärer Settings auch nutzbar bleiben, wenn der politische Wind sich dreht.\n\nIn unserem Talk wollen wir unsere Struktur konzeptionell und technisch vorstellen und mit euch diskutieren, wie wir solche Arbeit unabhängig und nachhaltig gestalten können. Wir gehen darauf ein, welche Bedarfe junge Queers (online) haben und führen aus, welches technische Setting wir ihnen derzeit anbieten können und perspektivisch anbieten wollen. \nWir möchten diskutieren, welche besonderen Anforderungen (marginalisierte) Queers an gegenseitige Unterstützung online haben – konzeptionell und technisch. Und wie wir in bessere Kooperation kommen können, über marginalisierte Gruppen hinweg eine souveräne digitale Infrastruktur zur Selbsthilfe aufzubauen.\n\nEinen ersten Blick könnt ihr hier schon mal wagen: https://queersupport.de \nOder uns auf dem CCC in unserer Assembly besuchen und mit uns quatschen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Queersupport","V"],"tags":["38c3","790","2024","Stage YELL"],"view_count":474,"promoted":false,"date":"2024-12-29T11:00:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-04T18:15:05.942+01:00","length":2474,"duration":2474,"thumb_url":"https://static.media.ccc.de/media/congress/2024/790-c32eae4d-9995-52e8-acac-42f0ebef792e.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/790-c32eae4d-9995-52e8-acac-42f0ebef792e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/790-c32eae4d-9995-52e8-acac-42f0ebef792e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/790-c32eae4d-9995-52e8-acac-42f0ebef792e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-queersupport-weil-junge-queers-ein-offenes-ohr-brauchen","url":"https://api.media.ccc.de/public/events/c32eae4d-9995-52e8-acac-42f0ebef792e","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"99379f6c-0172-555f-a310-300978026f36","title":"KI-Karma next Level: Spiritueller IT-Vertrieb","subtitle":null,"slug":"38c3-ki-karma-next-level-spiritueller-it-vertrieb","link":"https://events.ccc.de/congress/2024/hub/event/ki-karma-next-level-spiritueller-it-vertrieb/","description":"Der IT-Vertrieb ist ein Feld voll dorniger Chancen. Ein Grund mehr, gemeinsam von innovativen Branchen in Form von \"Neuen Religiösen Bewegungen\" (Sekten) zu lernen, um unseren erwachten beruflichen Neustart zu pitchen.\n\nHaben Sie schon einmal einer Messe evangelikaler fundamentalistischer Splittergruppen beigewohnt und sich gefragt, wie sie Menschen dazu bringen könnten in Code zu reden wenn sie Änderungswünsche äußern, statt in Zungen? Wäre es nicht ein echter game-changer, wenn Wunderheilungen auch im Außendienst einsetzbar wären? Sind Sie neidisch, weil jeder gewöhnliche Doomsday-Kult trotz falscher Prophezeiungen seine Kundenbindung stabil hält, während Sie für alles mögliche haftbar gemacht werden? Haben Sie manchmal das Gefühl, ihr Team schwingt nicht auf derselben feinstofflichen Ebene wie Sie? \n\n**** Dann sind SIE hier genau RICHTIG!1 ***\n\nIm Rahmen des 42-Stufen-Programms für feinstoffliche IT tauchen wir diesmal in den Code von Gruppendynamiken ein. In diesem Kompaktseminar lernen Sie zentrale Erfolgsstrategien bekannter Leader der bekanntesten Spiritualitäts-Startups der letzten Jahrzehnte kennen. Erweitern Sie ihre Wissens-Meridiane und werden Sie Teil einer schwingenden Gemeinschaft, die sich mit dem feinstofflichen Wissen inspirierender Datenbanken vernetzt.\n\nDie Chakra-Bausteine des Kurses sind wie folgt:\n\n* Software Wunderheilung \n* Energetisches Community-Building\n* Code-Channeling \n* Cyber-Marketing\n\nAnhand von Praxisbeispielen aus den Branchen IT und Spiritualität erarbeiten wir ein Erfolgskonzept, das Sie im Handumdrehen zum erfolgreichen erwachten Entrepreneur machen kann. \n\nHinweis:\n\nDieser Kurs ist der zweite Teil eines 42-Stufenprogramms, kann aber auch ohne Vorwissen von Einsteigern gebucht werden.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Katharina Nocun"],"tags":["38c3","638","2024","Entertainment","Saal 1"],"view_count":6225,"promoted":false,"date":"2024-12-28T23:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T09:45:06.229+02:00","length":2742,"duration":2742,"thumb_url":"https://static.media.ccc.de/media/congress/2024/638-99379f6c-0172-555f-a310-300978026f36.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/638-99379f6c-0172-555f-a310-300978026f36_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/638-99379f6c-0172-555f-a310-300978026f36.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/638-99379f6c-0172-555f-a310-300978026f36.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ki-karma-next-level-spiritueller-it-vertrieb","url":"https://api.media.ccc.de/public/events/99379f6c-0172-555f-a310-300978026f36","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7ec6ad03-b55e-5fe1-b3be-5da66d456058","title":"Dialing into the Past: RCE via the Fax Machine – Because Why Not?","subtitle":null,"slug":"38c3-dialing-into-the-past-rce-via-the-fax-machine-because-why-not","link":"https://events.ccc.de/congress/2024/hub/event/dialing-into-the-past-rce-via-the-fax-machine-because-why-not/","description":"Remember the days when faxes were the pinnacle of office tech, and the sound of a paper getting pulled in was as satisfying as a fresh cup of coffee? Well, it's time to dust off those memories and reintroduce ourselves to the quirky world of printers and their forgotten fax interfaces – yes, those relics that make us all feel like we're in an '80ies sci-fi movie – and specifically, how they can unlock a new frontier in printer security exploits!\n\nIn this talk, we'll show you how we leveraged a printer bug that we found at Pwn2Own Ireland this year to gain remote code execution. Over its fax interface. You might think, \"Who cares about faxes?\" – but what if I told you that lurking within this vintage feature is a potential pathway for remote code execution? That's right, while everyone else is busy patching the latest vulnerabilities in trendy software and half the world is obsessed with cloud security, we'll be having a blast with tech that should've been retired to the attic long ago, exploiting a feature that's older than some of the attendees!\n\nWe'll explore how this vintage tech can be the gateway to some serious mischief. Think of the possibilities: municipalities, banks, courts, you pick your favorite bureaucracy. Unfortunately, we can't do any of those things -- that'd be naughty -- so we're restricted to doing the stupidest things we can think of in our live demos. In case you're wondering: of course we'll be running doom on this thing, proving that even the most outdated tech can still pack a punch, as we take control over this device in style. Expect a mix of technical insights and many moments of \"why would you do that?\".\n\nSo join us in this wild ride through simpler times -- who knew the key to world domination lays in a dusty fax machine?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Rick de Jager","Carlo Meijer"],"tags":["38c3","648","2024","Security","Saal ZIGZAG"],"view_count":2993,"promoted":false,"date":"2024-12-29T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T11:30:06.750+02:00","length":2328,"duration":2328,"thumb_url":"https://static.media.ccc.de/media/congress/2024/648-7ec6ad03-b55e-5fe1-b3be-5da66d456058.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/648-7ec6ad03-b55e-5fe1-b3be-5da66d456058_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/648-7ec6ad03-b55e-5fe1-b3be-5da66d456058.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/648-7ec6ad03-b55e-5fe1-b3be-5da66d456058.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-dialing-into-the-past-rce-via-the-fax-machine-because-why-not","url":"https://api.media.ccc.de/public/events/7ec6ad03-b55e-5fe1-b3be-5da66d456058","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"edf543d8-da0b-53fb-9966-255b78de7fb9","title":"Mit dem Kärcher durch die Datentröge der Polizeien","subtitle":null,"slug":"38c3-mit-dem-krcher-durch-die-datentrge-der-polizeien","link":"https://events.ccc.de/congress/2024/hub/event/mit-dem-krcher-durch-die-datentrge-der-polizeien/","description":"Daten, Daten, Daten. Sicherheitsbehörden wollen immer mehr davon. Doch zu welchem Zweck und wo kommt machine learning ins Spiel? Wir liefern einen Überblick und besprechen Auskunftsansprüche, Beschwerdemöglichkeiten und Gegenmaßnahmen.\n\nNicht erst seit dem diesjährigen Sicherheitspaket befinden sich deutsche Geheimdienste und Polizeibehörden in einer Datensammelwut. Spätestens seit dem 11. September 2001 und dem Terrorismusbekämpfungsgesetz dienen terroristische Anschläge als Legitimation für die Politik, den Sicherheitsbehörden die Befugnisse zu geben, die diese ohnehin schon lange fordern. Dabei wachsen die Datenbanken der Behörden stetig. Ihre Namen sind INPOL-neu, PMS links/rechts/sport oder rosa Liste (IGVP), ATD, PIAV (Polizeilicher Informations- und Analyseverbund). Oft kommt es vor, dass auch eigentlich Unbeteiligte in diesen Listen landen, so bleiben z. B. Personen gegen die ermittelt wurde, weiterhin in INPOL gespeichert, nachdem das Verfahren längst eingestellt wurde. Ebenso sollen, wie im Sicherheitspaket geplant, biometrischer Daten mit öffentlich im Internet verfügbaren Daten abgeglichen werden. Den Betroffenen ist dabei meist nicht klar, ob und in welchen Datenbanken sie landen; der Dschungel an Datenbanken und Zuständigkeiten ist auch kaum zu überblicken. Betroffene werden weder automatisch informiert noch gilt die DSGVO für Ermittlungsbehörden. Teilweise werden sogar gesetzliche Informationspflichten, wie beispielsweise über Unbeteiligte in Funkzellenabfrage schlicht nicht eingehalten.\n\nDie immer größer werdenden Datenmengen sind kaum durch Menschen zu verarbeiten. Deshalb soll auf sogenannte künstliche Intelligenz wie autmatisierte Gesichtserkennung, Ganganalysen oder Analysen von \"auffälligem Verhalten\" gesetzt werden. Dabei werden Entscheidungen, die bisher durch Menschen getroffenen wurden, an Computer ausgelagert. Der Computer entscheidet also, wer am Bahnhof kontrolliert wird und damit über den Eingriff in dessen Grundrechte.\n\nWas können wir tun?\nJanik steht selbst in diversen Datenbanken der Polizei. Er erzählt im Vortrag über seinen langen Weg, um Auskunft bei den verschiedenen Landes- und Bundesbehörden zu erhalten. Entlang dieses Weges musste er Klage einreichen, weil die Behörden keine Auskunft erteilte, er musste Beschwerden beim BfDI einreichen, da das BKA Fotos von seinem Gesicht aus einer erkennungsdienstlichen Behandlung zweckentfremdete, um damit eine Marktanalyse von Gesichtserkennungssoftwaren durchzuführen.\n\nSeine Rechtsanwältin Bea erklärt die rechtlichen Hintergründe und setzt sich mit der Frage auseinander, mit welcher Vorstellung von Verantwortung im polizeilichen Dienst wir es zukünftig zu tun haben werden.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["bea","besen"],"tags":["38c3","891","2024","Stage YELL"],"view_count":25304,"promoted":false,"date":"2024-12-27T20:15:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-03-31T13:30:05.927+02:00","length":2494,"duration":2494,"thumb_url":"https://static.media.ccc.de/media/congress/2024/891-edf543d8-da0b-53fb-9966-255b78de7fb9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/891-edf543d8-da0b-53fb-9966-255b78de7fb9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/891-edf543d8-da0b-53fb-9966-255b78de7fb9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/891-edf543d8-da0b-53fb-9966-255b78de7fb9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-mit-dem-krcher-durch-die-datentrge-der-polizeien","url":"https://api.media.ccc.de/public/events/edf543d8-da0b-53fb-9966-255b78de7fb9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"eae441d0-1814-5c38-82f7-8fc0143896a7","title":"Nein zur Bezahlkarte - Rechte Symbolpolitik mit Solidarität aushebeln","subtitle":null,"slug":"38c3-nein-zur-bezahlkarte-rechte-symbolpolitik-mit-solidaritt-aushebeln","link":"https://events.ccc.de/congress/2024/hub/event/nein-zur-bezahlkarte-rechte-symbolpolitik-mit-solidaritt-aushebeln/","description":"Im Februar dieses Jahres wurde in Hamburg als Pilotprojekt die sogenannte „SocialCard“ eingeführt. Bei dieser Bezahlkarte handelt es sich um eine Visa Debitkarte, die an geflüchtete Menschen in der Erstaufnahme ausgegeben wird und mit massiven Einschränkungen verbunden ist: Es können keine Überweisungen oder Lastschriftverfahren getätigt werden, Onlinehandel ist gar nicht oder nur mit Sondergenehmigung der Behörde möglich. Die Bezahlkarte reduziert außerdem den monatlichen Barbetrag, der abgehoben werden kann auf 50 € für Erwachsene und 10 € für Menschen unter 18 Jahren. Die Abhebung ist nur gegen Gebühren am Automaten oder beim Einkauf im Supermarkt möglich, der meist mit einem Mindesteinkaufswert von mindesten 10 € verbunden ist. \n\n50 € Bargeld reichen einfach nicht um ein selbstbestimmtes Leben zu führen.\n\nWir haben uns deswegen zusammengeschlossen und mit Hilfe von vielen solidarischen Leuten einen Gutschein-Tausch gestartet, um Menschen mit Bezahlkarte zu unterstützen und zu Bargeld zu verhelfen.\n\nWir wollen so viele Menschen wie möglich erreichen und ermutigen sich zu beteiligen, auszutauschen, eigene Strukturen aufzubauen oder zusammen mit uns gegen die Bezahlkarte zu protestieren. Denn sie ist nur der Anfang. Wir wissen, dass die „SocialCard“ derzeit an den vulnerabelsten Menschen getestet wird und in Zukunft auf alle Sozialleistungsempfänger ausgerollt werden soll. \n\nAlso lasst uns und zusammen die Bezahlkarte stoppen.\n\nWir vernetzen und solidarisieren uns bundesweit mit Gruppen, die eine Tauschstelle einrichten und sich aktiv gegen die rechte Symbolpolitik stellen. Wir setzen uns dafür ein, dass die diskriminierende und entmündigende Bezahlkarte abgeschafft und durch ein Basiskonto ersetzt wird.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Munir \u0026 Jot"],"tags":["38c3","720","2024","Stage HUFF"],"view_count":1968,"promoted":false,"date":"2024-12-29T13:50:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-06T14:15:09.837+01:00","length":2391,"duration":2391,"thumb_url":"https://static.media.ccc.de/media/congress/2024/720-eae441d0-1814-5c38-82f7-8fc0143896a7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/720-eae441d0-1814-5c38-82f7-8fc0143896a7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/720-eae441d0-1814-5c38-82f7-8fc0143896a7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/720-eae441d0-1814-5c38-82f7-8fc0143896a7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-nein-zur-bezahlkarte-rechte-symbolpolitik-mit-solidaritt-aushebeln","url":"https://api.media.ccc.de/public/events/eae441d0-1814-5c38-82f7-8fc0143896a7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"59022846-b130-581e-a89f-ecf6e7e43940","title":"libobscura: Cameras are difficult","subtitle":null,"slug":"38c3-libobscura-cameras-are-difficult","link":"https://events.ccc.de/congress/2024/hub/event/libobscura-cameras-are-difficult/","description":"I'm not big-brained enough to use cameras on Linux, so I decided to write my own camera stack (based on a real story).\n\nThe libobscura experiment exists to find out what a point-and-shoot API abstracting Video4Linux should look like. It has its roots on one hand in the Librem 5 project, where I wrote some 70% of the camera stack, and on the other hand in libcamera, which I found too difficult to use.\n\nYou think controlling a modern camera is easy? Think again. Between pixel formats, depths, media entities, pads and links, sensitivity, denoising, phase detection, shutter lengths, DMAbuf, OpenGL, feedback loops, requests, and statistics, there's enough opportunities to get lost in the detail.\n\nThankfully, Prototype Fund thinks I'm up for the challenge, so they are funding me through libobscura in order to get lost, and maybe find something in the process.\n\nProject repo: https://codeberg.org/libobscura/libobscura\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["DorotaC"],"tags":["38c3","66","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":8913,"promoted":false,"date":"2024-12-27T11:00:00.000+01:00","release_date":"2025-01-08T00:00:00.000+01:00","updated_at":"2026-03-12T16:15:08.690+01:00","length":2472,"duration":2472,"thumb_url":"https://static.media.ccc.de/media/congress/2024/66-59022846-b130-581e-a89f-ecf6e7e43940.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/66-59022846-b130-581e-a89f-ecf6e7e43940_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/66-59022846-b130-581e-a89f-ecf6e7e43940.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/66-59022846-b130-581e-a89f-ecf6e7e43940.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-libobscura-cameras-are-difficult","url":"https://api.media.ccc.de/public/events/59022846-b130-581e-a89f-ecf6e7e43940","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"6cce986f-4677-5d59-8f52-f49d357566b6","title":"Security Nightmares","subtitle":null,"slug":"38c3-security-nightmares","link":"https://events.ccc.de/congress/2024/hub/event/security-nightmares/","description":"Der IT-Sicherheitsalptraum-Rück­blick: Manchmal belustigend, zuweilen beunruhigend, aber mit Ausblick.\n\nEs ist wieder ein Jahr vergangen und niemand ist von einem Smartmeter erwürgt worden: Ist überhaupt etwas Berichtenswertes passiert? Und wenn nein, wird es denn nächstes Jahr wenigstens schlimmer?\n\nWir betrachten das vergangene Jahr, versuchen Muster zu erkennen und zu ahnen, wie es weitergehen muss, denn vorgewarnt zu sein, heißt gewappnet zu sein. Und sei es nur mit Popcorn und „In Übereinstimmung mit der Prophezeihung!“-Schildern.\n\nPublikumseinwürfe willkommen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ron","Constanze Kurz"],"tags":["38c3","533","2024","CCC","Saal 1"],"view_count":52198,"promoted":false,"date":"2024-12-30T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T11:00:05.862+02:00","length":3877,"duration":3877,"thumb_url":"https://static.media.ccc.de/media/congress/2024/533-6cce986f-4677-5d59-8f52-f49d357566b6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/533-6cce986f-4677-5d59-8f52-f49d357566b6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/533-6cce986f-4677-5d59-8f52-f49d357566b6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/533-6cce986f-4677-5d59-8f52-f49d357566b6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-security-nightmares","url":"https://api.media.ccc.de/public/events/6cce986f-4677-5d59-8f52-f49d357566b6","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d2e4cfa2-e882-5345-b480-e3470df55588","title":"MacOS Location Privacy Red Pill: A Rabbit Hole Resulting in 24 CVEs","subtitle":null,"slug":"38c3-macos-location-privacy-red-pill-a-rabbit-hole-resulting-in-24-cves","link":"https://events.ccc.de/congress/2024/hub/event/macos-location-privacy-red-pill-a-rabbit-hole-resulting-in-24-cves/","description":"User location information is inherently privacy sensitive as it reveals a lot about us: Where do we work and live? Which cities, organizations \u0026 institutions do we visit? How does our weekly routine look like? When are we on a vacation and not at home?\nMacOS has introduced multiple layers of security mitigations to protect sensitive user location information from attackers and malicious applications over the years — but are these enough?\n\n­­­­­­In this talk, we dive into how attackers could have exploited multiple design flaws, information disclosures and logic vulnerabilities spread all across the macOS stack, leading to all kinds of ways to bypass the macOS TCC Location Services privacy protection and precisely localize the user without consent. \nWe will show how attackers could have retrieved precise real time \u0026 historical geographic user locations hiding in various components of the persistence layer, within application state restoration files and error log messages that could be triggered via reliably exploitable HTTP response callback race conditions. \nDigging deeper, we find that the precise user location can be reconstructed with lossless precision by combining various sources of metadata, which were accessible through different pathways and quirks of the operating system, such as: Access point SSID’s + signal strength data, Apple Maps location query data caches, custom application binary plists and even Find My widget UI structure metadata enabling to precisely reconstruct the victims AirTag locations. \nThese issues have been responsibly reported in the scope of the Apple Security Research program and resulted in 24 CVE entries in Apple’s security advisories for macOS.\n\nWe will finish of by investigating how we can prevent such issues in the future: Extended automated privacy focused integration testing, shifting responsibility of privacy preservation from developers to the system framework level and a more privacy focused API architecture of localization relevant frameworks.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Adam M."],"tags":["38c3","656","2024","Security","Saal GLITCH"],"view_count":2114,"promoted":false,"date":"2024-12-28T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-13T00:00:05.823+01:00","length":3485,"duration":3485,"thumb_url":"https://static.media.ccc.de/media/congress/2024/656-d2e4cfa2-e882-5345-b480-e3470df55588.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/656-d2e4cfa2-e882-5345-b480-e3470df55588_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/656-d2e4cfa2-e882-5345-b480-e3470df55588.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/656-d2e4cfa2-e882-5345-b480-e3470df55588.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-macos-location-privacy-red-pill-a-rabbit-hole-resulting-in-24-cves","url":"https://api.media.ccc.de/public/events/d2e4cfa2-e882-5345-b480-e3470df55588","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7586d408-8e63-5734-889c-acf80bec8760","title":"Investigating the Iridium Satellite Network","subtitle":null,"slug":"38c3-investigating-the-iridium-satellite-network","link":"https://events.ccc.de/congress/2024/hub/event/investigating-the-iridium-satellite-network/","description":"The Iridium satellite (phone) network is evolving and so is our understanding of it. Hardware and software tools have improved massively since our last update at 32C3. New services have been discovered and analyzed. Let's dive into the technical details of having a lot of fun with listening to satellites.\n\nWe'll cover a whole range of topics related to listening to Iridium satellites and making sense of the (meta) data that can be collected that way:\n\n - Overview of new antenna options for reception. From commercial offerings (thanks to Iridium Time and Location) to home grown active antennas.\n - How we made it possible to run the data extraction from an SDR on just a Raspberry Pi.\n - Running experiments on the Allen Telescope Array.\n - Analyzing the beam patterns of Iridium satellites.\n - Lessons learned in trying to accurately timestamp Iridium transmissions for future TDOA analysis.\n - What ACARS and Iridium have in common and how a community made use of this.\n - Experiments in using Iridium as a GPS alternative.\n - Discoveries in how the network handles handset location updates and the consequences for privacy.\n - Frame format and demodulation of the Iridium Time and Location service.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Sec","schneider"],"tags":["38c3","158","2024","Hardware \u0026 Making","Saal 1"],"view_count":7080,"promoted":false,"date":"2024-12-27T16:00:00.000+01:00","release_date":"2024-12-29T00:00:00.000+01:00","updated_at":"2026-03-29T06:00:03.022+02:00","length":3687,"duration":3687,"thumb_url":"https://static.media.ccc.de/media/congress/2024/158-7586d408-8e63-5734-889c-acf80bec8760.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/158-7586d408-8e63-5734-889c-acf80bec8760_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/158-7586d408-8e63-5734-889c-acf80bec8760.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/158-7586d408-8e63-5734-889c-acf80bec8760.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-investigating-the-iridium-satellite-network","url":"https://api.media.ccc.de/public/events/7586d408-8e63-5734-889c-acf80bec8760","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f3483ff0-d680-5aed-8f8b-8fc9e191893f","title":"Och Menno - How NOT to build a submarine","subtitle":"","slug":"38c3-och-menno-how-not-to-build-a-submarine","link":"https://events.ccc.de/congress/2024/hub/event/och-menno-how-not-to-build-a-submarine/","description":"Nachdem im letzten Jahr erklärt wurde, wie man erfolgreich ein UBoot baut, gucken wir darauf was bei TITAN und anderen Ubooten schief ging, und was man daraus für Projektleitung und sicheres Design lernen kann.\r\n\r\nUboote verfolgen mich im Och Menno Podcast seit über 5 Jahren, die Technik dahinter ist gleichzeitig faszinierend und ihre Geschichte ist voll erschreckenden Fehlern und Unglücken.\r\nVon Ubooten die sich beim Spülen der Toilette selber versenken, zu der britischen K Klasse hin zu TITAN ist die Geschichte der Unterwasserfahrzeuge voll von Fehlschlägen.\r\nNachdem die Analyse des Unglücks der TITAN die meist gehörte Folge 2024 ist kommt der Podcast auf die Bühne mit zusätzlichen Erkenntnissen aus dem Untersuchungsausschuss der US Coast Guard.\r\nWarum baut man Uboote so wie man sie baut? Warum ist ein disruptiver Startup Ansatz nicht immer hilfreich? Gibt es evtl. Gründe warum Ingenieure mit Berufserfahrung zur Vorsicht geraten haben? Und was könne wir hier für unser eigenes Berufsleben lernen? Und wenn das alles nicht hilft gibt es ja immer noch Sarkasmus und den Galgenhumor der aus dem Podcast bekannt ist …\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Ucki (He/Him)"],"tags":["38c3","58292","2024","Sendezentrum","Saal X 07"],"view_count":36740,"promoted":false,"date":"2024-12-27T19:00:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-04-03T00:45:05.434+02:00","length":2786,"duration":2786,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58292-f3483ff0-d680-5aed-8f8b-8fc9e191893f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58292-f3483ff0-d680-5aed-8f8b-8fc9e191893f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58292-f3483ff0-d680-5aed-8f8b-8fc9e191893f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58292-f3483ff0-d680-5aed-8f8b-8fc9e191893f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-och-menno-how-not-to-build-a-submarine","url":"https://api.media.ccc.de/public/events/f3483ff0-d680-5aed-8f8b-8fc9e191893f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"f6814c4a-7455-5591-90da-3e4bfd2f6630","title":"Databroker Files: Wie uns Apps und Datenhändler der Massenüberwachung ausliefern","subtitle":null,"slug":"38c3-databroker-files-wie-uns-apps-und-datenhndler-der-massenberwachung-ausliefern","link":"https://events.ccc.de/congress/2024/hub/event/databroker-files-wie-uns-apps-und-datenhndler-der-massenberwachung-ausliefern/","description":"Databroker verschleudern unsere Daten. Über einen Datenmarktplatz konnten wir 3,6 Milliarden Handy-Standortdaten aus Deutschland ergattern. Darin fanden wir detaillierte Bewegungsprofile, unter anderem von Geheimagent:innen, Soldat:innen und hochrangigen Regierungsbeamt:innen. Hier hört ihr die absurde Geschichte, wie einfach solche Daten zu haben sind, was den zügellosen Datenhandel so gefährlich macht – und wie wir gemeinsam für eine Lösung kämpfen können.\n\nAus 3,6 Milliarden Handy-Standortdaten konnten wir uns ein mächtiges Massenüberwachungs-Tool basteln, das in den falschen Händen viel Schaden anrichten könnte. Wir konnten sehen, auf welchem Weg mutmaßliche Angestellte der NSA zur Arbeit fahren, wo Angehörige der Armee ins Bordell gehen und wo Staatsbeamt:innen wohnen. All das war möglich durch die Gratis-Kostprobe eines Datenhändlers – wer ein paar Tausend Euro im Monat ausgibt, könnte sich noch viel mehr Daten besorgen.\n\nAuf unsere Recherchen gab es schockierte Reaktionen aus Bundestag und Bundesregierung, EU-Parlament und Pentagon. Aber Lippenbekenntnisse sind nicht genug, um die kommerzielle Massenüberwachung durch Handy-Apps zu stoppen. Wir zeigen, wie jede:r Einzelne aktiv werden kann und was sich rechtlich ändern muss. Und: Unsere Recherchen zu den Databroker Files gehen weiter. \n\nTeam netzpolitik.org: Sebastian Meineck; Ingo Dachwitz. Team BR: Katharina Brunner, Rebecca Ciesielski, Maximilian Zierer, Robert Schöffel, Eva Achinger. Hier ist die Übersicht der dazugehörigen Veröffentlichungen: https://netzpolitik.org/2024/databroker-files-die-grosse-datenhaendler-recherche-im-ueberblick/\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Sebastian Meineck","Ingo Dachwitz","Katharina Brunner","Rebecca Ciesielski"],"tags":["38c3","262","2024","Ethics, Society \u0026 Politics","Saal 1"],"view_count":11268,"promoted":false,"date":"2024-12-29T12:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T19:30:05.036+02:00","length":2356,"duration":2356,"thumb_url":"https://static.media.ccc.de/media/congress/2024/262-f6814c4a-7455-5591-90da-3e4bfd2f6630.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/262-f6814c4a-7455-5591-90da-3e4bfd2f6630_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/262-f6814c4a-7455-5591-90da-3e4bfd2f6630.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/262-f6814c4a-7455-5591-90da-3e4bfd2f6630.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-databroker-files-wie-uns-apps-und-datenhndler-der-massenberwachung-ausliefern","url":"https://api.media.ccc.de/public/events/f6814c4a-7455-5591-90da-3e4bfd2f6630","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"76ee194a-c269-50e0-b616-04f38fa329cb","title":"Dude, Where's My Crypto? - Real World Impact of Weak Cryptocurrency Keys","subtitle":null,"slug":"38c3-dude-where-s-my-crypto-real-world-impact-of-weak-cryptocurrency-keys","link":"https://events.ccc.de/congress/2024/hub/event/dude-where-s-my-crypto-real-world-impact-of-weak-cryptocurrency-keys/","description":"We present Milksad, our research on a class of vulnerabilities that exposed over a billion dollars worth of cryptocurrency to anyone willing to 'crunch the numbers'.\nThe fatal flaw? Not enough chaos.\nLearn how we found and disclosed issues in affected open source wallet software, brute-forced thousands of individual affected wallets on a budget, and traced over a billion US dollars worth of prior transactions through them.\n\nIn July 2023, people in our circle of friends noticed a series of seemingly impossible cryptocurrency thefts, which added up to over one million US dollars. \nA common denominator was discovered across the set of victims we knew: the wallet software `libbitcoin-explorer`. Vulnerable versions used a weak pseudorandom number generator when creating cryptocurrency wallets. Within a short period of time, we disclosed the vulnerability, [CVE-2023-39910](https://milksad.info/disclosure.html). \nUsing this weakness, attackers were able to compute private keys of victims, which is supposed to be impossible under normal circumstances.\n\nIn this talk we \n* 📜 - tell the story of uncovering a digital currency heist\n* 🌐 - dive into similar vulnerabilities\n* 🔍 - trace the movement of coins\n* ⚖ - outline ethical challenges of cryptocurrency security research\n* 🛡 - explore methods to defend and protect against this bug class\n\nOur intention is to share the story of how little details can have big consequences and the importance of quality chaos.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["sather"],"tags":["38c3","527","2024","Security","Saal GLITCH"],"view_count":1574,"promoted":false,"date":"2024-12-30T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T21:30:06.574+02:00","length":2394,"duration":2394,"thumb_url":"https://static.media.ccc.de/media/congress/2024/527-76ee194a-c269-50e0-b616-04f38fa329cb.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/527-76ee194a-c269-50e0-b616-04f38fa329cb_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/527-76ee194a-c269-50e0-b616-04f38fa329cb.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/527-76ee194a-c269-50e0-b616-04f38fa329cb.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-dude-where-s-my-crypto-real-world-impact-of-weak-cryptocurrency-keys","url":"https://api.media.ccc.de/public/events/76ee194a-c269-50e0-b616-04f38fa329cb","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"90ca3d2c-ac12-5542-8eac-aa7876a9c104","title":"Stadt.Land.Klima! - Für Transparenz im Kommunalen Klimaschutz","subtitle":null,"slug":"38c3-stadt-land-klima-fr-transparenz-im-kommunalen-klimaschutz","link":"https://events.ccc.de/congress/2024/hub/event/stadt-land-klima-fr-transparenz-im-kommunalen-klimaschutz/","description":"Kommunaler Klimaschutz ist oft undurchsichtig, komplex und bürokratisch – das wollen wir ändern!\n\nAls gemeinsames bewegungsübergreifendes Projekt \"Stadt.Land.Klima!\" machen wir (fehlenden) kommunalen Klimaschutz sichtbar, messbar \u0026 verständlich!\nMit einem einheitlichen Maßnahmenkatalog können alle klimainteressierten Menschen den Fortschritt ihrer Stadt oder Gemeinde bewerten und in unserem Ranking sichtbar machen: https://www.stadt-land-klima.de/municipalities\n\nDarüber hinaus möchten wir die vielen verschiedenen lokalen Akteure der Klimagerechtigkeitsbewegung in den einzelnen Kommunen zusammenbringen, Kooperationen fördern und Erfolgsprojekte einzelner Gruppen deutschlandweit teilen!\n\nKommunaler Klimaschutz ist oft undurchsichtig, komplex und bürokratisch – das wollen wir ändern!\n\nStadt.Land.Klima! ist ein gemeinsames bewegungsübergreifendes Portal für kommunalen Klimaschutz, was den Forschritt von Kommunen beim Klimaschutz sichtbar \u0026 messbar machen will.\nDas Herzstück davon ist ein klares Ranking, das zeigt, wie viele Klimaschutzmaßnahmen ein Ort bereits umgesetzt hat. Statt komplizierter CO₂-Bilanzen zählt der Maßnahmenkatalog konkrete Schritte zur Klimaneutralität - und ist gleichzeitig eine Roadmap für die Kommune auf dem Weg zur Klimaneutralität.\n\nDie Bewertungen kommen direkt von den Klimaaktiven vor Ort – z.B. von ForFuture-Ortsgruppen, LocalZero-Lokalteams oder lokalen Klimainitiativen. \n\nAber der Plan geht über das Ranking hinaus: Wir wollen die vielen Initiativen, Angebote und Projekte der Klimabewegung vor Ort zusammenbringen, Kooperationen zwischen Organisationen fördern und Klima-Erfolgsprojekte einzelner Gruppen deutschlandweit teilen!\n\nStadt.Land.Klima! wird komplett ehrenamtlich betrieben - von den Lokalteams, unserem SocialMedia-Team, unseren Designer- und Developer:innen und verschiedensten Fachexpert:innen. Die Applikation ist Open-Source und freut sich immer über Contributions: https://github.com/StrategieLukas/stadt-land-klima \n\nGemeinsam wird kommunaler Klimaschutz sichtbar und wirksam.\nMach mit \u0026 bewerte DEINE Kommune!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Lukas (@strategielukas)"],"tags":["38c3","692","2024","Stage YELL"],"view_count":753,"promoted":false,"date":"2024-12-30T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-05T17:45:05.573+01:00","length":2875,"duration":2875,"thumb_url":"https://static.media.ccc.de/media/congress/2024/692-90ca3d2c-ac12-5542-8eac-aa7876a9c104.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/692-90ca3d2c-ac12-5542-8eac-aa7876a9c104_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/692-90ca3d2c-ac12-5542-8eac-aa7876a9c104.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/692-90ca3d2c-ac12-5542-8eac-aa7876a9c104.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-stadt-land-klima-fr-transparenz-im-kommunalen-klimaschutz","url":"https://api.media.ccc.de/public/events/90ca3d2c-ac12-5542-8eac-aa7876a9c104","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"d6f06237-7a1a-5831-ab28-f5f621fd007d","title":"Der Schlüssel zur COMpromittierung: Local Privilege Escalation Schwachstellen in AV/EDRs","subtitle":null,"slug":"38c3-der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs","link":"https://events.ccc.de/congress/2024/hub/event/der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs/","description":"Im vergangenen Jahr wurden von uns in fünf kritische Schwachstellen in Endpoint Protection Software entdeckt, die es uns ermöglichen, auf Basis von COM-Hijacking unsere Privilegien auf Windows-Endpunkten zu erweitern. In diesem Vortrag demonstrieren wir, wie COM-Hijacking genutzt werden kann, um Code im Kontext geschützter Frontend-Prozesse auszuführen. Zudem zeigen wir auf, wie COM Hijacking das Vertrauensverhältnis zwischen geschützten Frontend-Prozessen und Backend-Diensten aushebelt um höhere Privilegien (Local Privilege Escalation) auf Systemen zu erhalten. Des Weiteren erklären wir unsere Methodik und Vorgehensweise um solche Schwachstellen zu finden und auszunutzen. Abschließend enthüllen wir Details zu den von uns gefundenen Schwachstellen und diskutieren mögliche Gegenmaßnahmen.\n\nCOM-Hijacking ist vor allem als Technik bekannt, um auf Windows-Endpunkten Persistenz zu erreichen. In diesem Vortrag stellen wir jedoch eine weniger bekannte, aber äußerst wirkungsvolle Anwendung vor: Wir haben COM-Hijacking eingesetzt, um Code in die geschützten Frontend-Prozesse von Sicherheitsprodukten einzuschleusen. Dadurch konnten wir die Vertrauensbeziehung zwischen diesen Prozessen und den privilegierten Backends ausnutzen und hohe Privilegien auf dem Endpunkt erlangen.\n\nIn unserem Vortrag erläutern wir detailliert unsere Vorgehensweise zur Identifikation dieser Schwachstellen und stellen die technischen Aspekte der von uns entdeckten Lücken im Detail vor. Im ersten Teil des Vortrags zeigen wir, wie wir mittels COM-Hijacking in der Lage waren, Code im Kontext der geschützten Frontend-Prozesse auszuführen. Im zweiten Teil analysieren wir die Kommunikationsmechanismen zwischen Frontend und Backend und legen offen, wie wir diese Vertrauensverbindung kompromittieren konnten. Abschließend erklären wir verschiedene Techniken, die es uns ermöglichte, unsere Privilegien auf Systemebene erfolgreich zu erweitern und diskutieren Gegenmaßnahmen die ähnliche Schwachstellen verhindern könnten.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Kolja Grassmann","Alain Rödel"],"tags":["38c3","815","2024","Stage YELL"],"view_count":1321,"promoted":false,"date":"2024-12-28T16:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-20T16:15:05.709+01:00","length":3199,"duration":3199,"thumb_url":"https://static.media.ccc.de/media/congress/2024/815-d6f06237-7a1a-5831-ab28-f5f621fd007d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/815-d6f06237-7a1a-5831-ab28-f5f621fd007d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/815-d6f06237-7a1a-5831-ab28-f5f621fd007d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/815-d6f06237-7a1a-5831-ab28-f5f621fd007d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-der-schlssel-zur-compromittierung-local-privilege-escalation-schwachstellen-in-av-edrs","url":"https://api.media.ccc.de/public/events/d6f06237-7a1a-5831-ab28-f5f621fd007d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"7bd7dba1-b9a8-5fe8-94f7-9fc9d1704877","title":"The Design Decisions behind the first Open-Everything FABulous FPGA","subtitle":null,"slug":"38c3-the-design-decisions-behind-the-first-open-everything-fabulous-fpga","link":"https://events.ccc.de/congress/2024/hub/event/the-design-decisions-behind-the-first-open-everything-fabulous-fpga/","description":"With the availability of robust silicon-proven open-source tools, IPs, and process design kits (PDKs), it is now possible to build complex chips without industry tools. This is exactly what we did to design our first open-everything FABulous FPGA, which is an example of open silicon that is designed and programmed entirely with open tools.\n\nProduced in the Skywater 130nm process node, our chip features 672 LUTs (each with 4 inputs and a flop), 6 DSP blocks (8x8 bit multipliers with 20-bit accumulators), 8 BRAMs (with 1KB each), and 12 register file primitives (each having 32 4-bit words with 1 write and 2 read ports). The resources are sufficient to run, for instance, a small RISC-V system on the fabric. The FPGA comes with a small board that is designed to fit into an audio cassette case and that can be programmed directly via an USB interface. Moreover, the FPGA supports partial reconfiguration, which allows us to swap the logic of parts of the FPGA while continuing operation in the rest of the chip.\n\nThe chip was designed with the help of the versatile FABulous framework, which integrates several further open-source projects, including Yosys, nextpnr, the Verilator, OpenRAM, and the OpenLane tool suite. FABulous was used for various embedded FPGAs, including multiple designs manufactured in the TSMC 28nm process node.\n\nThe talk will discuss and analyze differences and similarities with industry FPGAs and dive into design decision taken and optimizations applied to deliver good quality of results (with respect to area cost and performance). The talk will highlight state-of-the-art in open-source FPGA chip design and provide a deeper than usual discussion on the design principles of these devices.\n\nThe talk will target both FPGA novices and experts and discuss the technology from two angles: 1) the capabilities of open tools to build an entire FPGA ecosystem and 2) FPGA technology insights.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Dirk"],"tags":["38c3","586","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":3468,"promoted":false,"date":"2024-12-29T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-01T18:30:04.774+02:00","length":2464,"duration":2464,"thumb_url":"https://static.media.ccc.de/media/congress/2024/586-7bd7dba1-b9a8-5fe8-94f7-9fc9d1704877.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/586-7bd7dba1-b9a8-5fe8-94f7-9fc9d1704877_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/586-7bd7dba1-b9a8-5fe8-94f7-9fc9d1704877.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/586-7bd7dba1-b9a8-5fe8-94f7-9fc9d1704877.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-the-design-decisions-behind-the-first-open-everything-fabulous-fpga","url":"https://api.media.ccc.de/public/events/7bd7dba1-b9a8-5fe8-94f7-9fc9d1704877","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"91f0bb90-fb4a-585f-920e-155fb8a01cb4","title":"arafed futures - An Artist Dialogue on Chip Storage and AI Accelerationism","subtitle":null,"slug":"38c3-arafed-futures-an-artist-dialogue-on-chip-storage-and-ai-accelerationism","link":"https://events.ccc.de/congress/2024/hub/event/arafed-futures-an-artist-dialogue-on-chip-storage-and-ai-accelerationism/","description":"The global chip shortage during the COVID-19 pandemic brought semiconductor production into focus, sparking accelerated efforts to meet the surging demand for digital infrastructure. This phenomenon not only expanded AI capabilities but also introduced unexpected computational artifacts. \nOne such artifact is the word “arafed”, a term absent from any dictionary yet mysteriously appears across contexts from image prompts to Amazon product descriptions. Such unintended linguistic artifacts, born from transformer-based AI models, exemplify how digital artifacts emerge into realities with which we cohabitate.\nThe talk investigates how supply-chains break and AI-words spread from an artistic research perspective. Mapping both the abstract landscapes of embedding spaces, that are filled with emergent words and images, and the tangible, geopolitical realities of global semiconductor supply chains.\n\nThe accelerating pace of generative AI has put a strain on the interconnected software and hardware systems necessary for generative AI. The artist duo explores the media specificity of generative artificial intelligence. The talk consists of two parts: The material aspects of AI, specifically the story of semiconductor and chip shortage. And the spread of hallucinations like terms that escaped their embedding space into language.\nThe working of LLMs is often limited by computational power. These obstacles tethered abstract computation to the physical world, exposing how materiality plays a critical role in the implementation of AI. The investigation begins by examining the causes of the chip shortage — a disruption that brought the semiconductor industry and its surrounding geopolitical tensions into discourse. \nOn the hardware level, NVIDIA’s A100 chips, produced using Taiwan’s TSMC 7nm process, exemplify this intersection, providing the power to expand large language models (LLMs) and image generators. On the software level, the increasing demand for ai-as-service accelerates the use of models with complex pipelines. This interconnected use of models, in turn, leads to the emergence of unexpected artifacts that are morphing back into everyday reality.\nWhile browsing AI-generated images on social media, one might come across the word \"arafed\" in image descriptions, such as, \"an arafed man in a white robe riding on top of a blue car.\". Yet, a dictionary definition is nowhere to be found. An image search for \"arafed\" reveals something striking: all resulting images appear AI-generated, spread across various image-sharing and stock photography platforms.\nThe term \"arafed\" seems to lack a clear origin, but a few posts attribute it to the BLIP-2 model, an image-captioning system that generates descriptive text from image inputs. However, the BLIP-2 paper doesn't mention \"arafed\" but running BLIP-2 clearly produces descriptions containing this artifact-like word, as if \"arafed\" has embedded itself in the model's vocabulary. Through the widespread and often unintentional use of BLIP-2 in libraries, extensions, and services, the interconnected nature of software has spread the word into research papers, Amazon descriptions, and even other datasets, further revealing the brittle infrastructure generative-ai systems are built upon.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Ting-Chun Liu","Leon-Etienne Kühr"],"tags":["38c3","653","2024","Art \u0026 Beauty","Saal ZIGZAG"],"view_count":1037,"promoted":false,"date":"2024-12-28T17:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-24T05:45:03.536+01:00","length":3613,"duration":3613,"thumb_url":"https://static.media.ccc.de/media/congress/2024/653-91f0bb90-fb4a-585f-920e-155fb8a01cb4.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/653-91f0bb90-fb4a-585f-920e-155fb8a01cb4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/653-91f0bb90-fb4a-585f-920e-155fb8a01cb4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/653-91f0bb90-fb4a-585f-920e-155fb8a01cb4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-arafed-futures-an-artist-dialogue-on-chip-storage-and-ai-accelerationism","url":"https://api.media.ccc.de/public/events/91f0bb90-fb4a-585f-920e-155fb8a01cb4","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a7ccfab4-e391-57f4-a45a-34da24027735","title":"WissPod Jahresrückblick 2024 oder: Reichweite, my ass!","subtitle":null,"slug":"38c3-wisspod-jahresrckblick-2024-oder-reichweite-my-ass","link":"https://events.ccc.de/congress/2024/hub/event/wisspod-jahresrckblick-2024-oder-reichweite-my-ass/","description":"Mit unseren Gästen sprechen wir über Podcasts in der Wissen{schaft}skommunikation, über Ziele und Kriterien – und darüber wieso Reichweite alleine nicht glücklich macht!\n\nMelanie Bartos und Bernd Rupp blicken zurück auf das wissenschaftspodcasts.de-Jahr 2024 und sprechen über die Perspektiven, die sich für das Wissenschaftspodcast-Jahr 2025 bereits abzeichnen.\nDabei beleuchten wir die Herausforderungen bei der Kuration, die Anmeldezahlen neuer Wissenschaftspodcasts, die Weiterentwicklung der Website sowie den Aufbau und die Betreuung der WissPod-Community. Diese umfasst inzwischen rund 370 Wissenschaftspodcasts mit insgesamt über 28.000 Episoden.\nWie immer zeigen wir, wie neue Wissenschaftspodcasts in die Kuration aufgenommen werden, was sie während des Kurationsprozesses erwartet.\nWir möchten darüber diskutieren, welche Rolle Reichweite noch spielt und wie sinnvoll es ist, sie als zentrale Größe zu betrachten. Das möchten wir entlang zweier Aspekte tun: Einerseits das Hosting und die langfristige Archivierung von Podcasts, andererseits die Kommunikationswege mit unseren Hörer:innen, wie sie beispielsweise das Fediverse eröffnet. Gemeinsam mit unseren Gästen und dem Publikum vor Ort wollen wir diesen vieldiskutieren Fragestellungen mit der Podcast-Brille etwas auf den Grund gehen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["rupi42ai","melbartos"],"tags":["38c3","58301","2024","Saal X 07"],"view_count":988,"promoted":false,"date":"2024-12-28T21:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-13T14:30:06.587+01:00","length":5413,"duration":5413,"thumb_url":"https://static.media.ccc.de/media/congress/2024/58301-a7ccfab4-e391-57f4-a45a-34da24027735.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/58301-a7ccfab4-e391-57f4-a45a-34da24027735_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/58301-a7ccfab4-e391-57f4-a45a-34da24027735.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/58301-a7ccfab4-e391-57f4-a45a-34da24027735.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-wisspod-jahresrckblick-2024-oder-reichweite-my-ass","url":"https://api.media.ccc.de/public/events/a7ccfab4-e391-57f4-a45a-34da24027735","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"732d3256-e21d-5476-94db-01f93b4f51ed","title":"Open Accessibility - (nicht nur) F/OSS barriereärmer gestalten!","subtitle":null,"slug":"38c3-open-accessibility-nicht-nur-f-oss-barrierermer-gestalten","link":"https://events.ccc.de/congress/2024/hub/event/open-accessibility-nicht-nur-f-oss-barrierermer-gestalten/","description":"Barrierefreiheit für alle, immer und überall, zumindest in F/OSS-SW wie Communities, ist bisher ein frommer Wunsch. Warum ist das so und wie lässt es sich grundlegend ändern?\n\nAccessibility spielt bisher in Deutschland, wenn überhaupt, nur bei Webseiten eine Rolle. Desktop-Software, Online-Kommunikation, IT-Systeme generell sind hingegen für die meisten Menschen mit Behinderungen nicht oder nur mit großen Einschränkungen nutzbar. Diese Mängel werden bisher meist durch individuelle Workarounds versucht zu beheben, nur, damit beim nächsten Upgrade alles wieder vorbei ist. \nFür diese Misere gibt es technische, soziale wie gesellschaftliche und rechtliche Gründe, vielmehr: Defizite. Diese werde ich vorstellen. Darauf aufbauend plädiere ich für grundlegenden Verbesserungen und zeige mögliche Ansätze dafür u.a. den Bereichen Standards, individuelles Engagement, Prozesse und Organisation von Communities. Fragen, Diskussion und eigene Vorschläge sind erwünscht!\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Irmhild Rogalla"],"tags":["38c3","808","2024","Stage HUFF"],"view_count":418,"promoted":false,"date":"2024-12-29T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T23:15:06.710+01:00","length":2406,"duration":2406,"thumb_url":"https://static.media.ccc.de/media/congress/2024/808-732d3256-e21d-5476-94db-01f93b4f51ed.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/808-732d3256-e21d-5476-94db-01f93b4f51ed_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/808-732d3256-e21d-5476-94db-01f93b4f51ed.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/808-732d3256-e21d-5476-94db-01f93b4f51ed.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-open-accessibility-nicht-nur-f-oss-barrierermer-gestalten","url":"https://api.media.ccc.de/public/events/732d3256-e21d-5476-94db-01f93b4f51ed","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b1d47db5-3bb9-5e0b-8ce0-ed2fd143b1c6","title":"Instructions unclear - Über die (In-)Accessibility von Symbolen","subtitle":null,"slug":"38c3-instructions-unclear-ber-die-in-accessibility-von-symbolen","link":"https://events.ccc.de/congress/2024/hub/event/instructions-unclear-ber-die-in-accessibility-von-symbolen/","description":"Ein Talk über die Kommunikation ohne gesprochene oder geschriebene Sprache\n\nKommunikation ist ja schon mit Worten manchmal schwierig - Wie ist das eigentlich, wenn man NICHT mit Worten kommunizieren kann? (Sei dies durch Sprachbarrieren, Psychische oder körperliche Beeinträchtigungen oder einfach nur aus Platzmangel)\nIn diesem Talk werde ich mich auf eine ehrliche und hoffentlich auch etwas humoristische Art mit der Kommunikation mithilfe von Symbolen auseinandersetzen.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["sebz"],"tags":["38c3","747","2024","Stage HUFF"],"view_count":2266,"promoted":false,"date":"2024-12-27T23:55:00.000+01:00","release_date":"2024-12-28T00:00:00.000+01:00","updated_at":"2026-03-28T17:15:05.455+01:00","length":1487,"duration":1487,"thumb_url":"https://static.media.ccc.de/media/congress/2024/747-b1d47db5-3bb9-5e0b-8ce0-ed2fd143b1c6.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/747-b1d47db5-3bb9-5e0b-8ce0-ed2fd143b1c6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/747-b1d47db5-3bb9-5e0b-8ce0-ed2fd143b1c6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/747-b1d47db5-3bb9-5e0b-8ce0-ed2fd143b1c6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-instructions-unclear-ber-die-in-accessibility-von-symbolen","url":"https://api.media.ccc.de/public/events/b1d47db5-3bb9-5e0b-8ce0-ed2fd143b1c6","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"4fe0a9de-3ca2-5847-b9db-a5096c016b6a","title":"7 Years Later: Why And How To Make Portable Open Hardware Computers","subtitle":null,"slug":"38c3-7-years-later-why-and-how-to-make-portable-open-hardware-computers","link":"https://events.ccc.de/congress/2024/hub/event/7-years-later-why-and-how-to-make-portable-open-hardware-computers/","description":"After more than 7 years, a small team of hackers and designers in Berlin are about to release the third generation of their Open Hardware laptop family: MNT Reform Next. Here, Lukas \"minute\" Hartmann will discuss why we need Open Hardware computers, what we learned through trial, error and hardship of designing and hand-assembling over 1000 of them by hand, and how you can claw back some autonomy over your hardware from Big Computer.\n\nThe talk will illustrate, with many pictures and without holding back, interesting problems and solutions we encountered while creating 3 laptops on shoestring budgets.\nAiming to inspire more people to take custom hardware into their own hands, I will quickly walk through the essential tools and methods that you can use to create your own Open Source Hardware computing devices or modifying existing ones, like:\n - How and why I choose chips and components\n - How to get them into KiCAD for electronics, and get boards made\n - Use FreeCAD and OpenSCAD for 3D modeling, and get enclosures made, also from unorthodox materials\n - Cables, connectors and screws considerations\n - Firmware and Kernel troubles (designing Hardware for Linux)\n - Our basics of community participation (GitLab, IRC, Discourse)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["minute"],"tags":["38c3","855","2024","Stage HUFF"],"view_count":2379,"promoted":false,"date":"2024-12-28T16:40:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-12T21:30:08.080+01:00","length":2336,"duration":2336,"thumb_url":"https://static.media.ccc.de/media/congress/2024/855-4fe0a9de-3ca2-5847-b9db-a5096c016b6a.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/855-4fe0a9de-3ca2-5847-b9db-a5096c016b6a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/855-4fe0a9de-3ca2-5847-b9db-a5096c016b6a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/855-4fe0a9de-3ca2-5847-b9db-a5096c016b6a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-7-years-later-why-and-how-to-make-portable-open-hardware-computers","url":"https://api.media.ccc.de/public/events/4fe0a9de-3ca2-5847-b9db-a5096c016b6a","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"cddb9e32-0503-5ad5-adbe-3e8d63f6e51f","title":"Wir wissen wo dein Auto steht","subtitle":"Volksdaten von Volkswagen","slug":"38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen","link":"https://events.ccc.de/congress/2024/hub/event/wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen/","description":"Bewegungsdaten von 800.000 E-Autos sowie Kontaktinformationen zu den Besitzern standen ungeschützt im Netz. Sichtbar war, wer wann zu Hause parkt, beim BND oder vor dem Bordell.\r\n\r\nWelche Folgen hat es, wenn VW massenhaft Fahrzeug-, Bewegungs- und Diagnosedaten sammelt und den Schlüssel unter die Fußmatte legt?\r\n\r\nWas verraten Fahrzeugdaten über die Mobilität von Behörden, Ämtern, Ministerien, Lieferdiensten, Mietwagenfirmen, etc.?\r\n\r\nWofür werden diese Daten überhaupt gesammelt?\r\n\r\nWir zeigen Kurioses bis Bedenkliches - natürlich mit mehr Respekt für den Datenschutz, als diejenigen, die die Daten gesammelt haben.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Michael Kreil","Flüpke"],"tags":["38c3","598","2024","Security","Saal 1"],"view_count":216703,"promoted":false,"date":"2024-12-27T22:05:00.000+01:00","release_date":"2024-12-31T00:00:00.000+01:00","updated_at":"2026-04-03T20:45:06.855+02:00","length":2326,"duration":2326,"thumb_url":"https://static.media.ccc.de/media/congress/2024/598-cddb9e32-0503-5ad5-adbe-3e8d63f6e51f.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/598-cddb9e32-0503-5ad5-adbe-3e8d63f6e51f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/598-cddb9e32-0503-5ad5-adbe-3e8d63f6e51f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/598-cddb9e32-0503-5ad5-adbe-3e8d63f6e51f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen","url":"https://api.media.ccc.de/public/events/cddb9e32-0503-5ad5-adbe-3e8d63f6e51f","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"fe30704a-9169-55c9-863a-ab9768168321","title":"Hacker's Guide to Meshtastic: Off-Grid, Encrypted LoRa Meshnets for Cheap!","subtitle":null,"slug":"38c3-hacker-s-guide-to-meshtastic-off-grid-encrypted-lora-meshnets-for-cheap","link":"https://events.ccc.de/congress/2024/hub/event/hacker-s-guide-to-meshtastic-off-grid-encrypted-lora-meshnets-for-cheap/","description":"Beginners can now create off-grid, encrypted mesh networks for cheap, with applications in emergency communication, sensor monitoring, and more! These mesh networks have been popping up in cities all over the world, and this talk will go over everything a beginner needs to run or build their own nodes.\n\nIf you've ever wanted to legally create off-grid, encrypted mesh networks that can span over a hundred miles, you can get started with Meshtastic for around $10.\n\nThis talk will serve as a beginner user's guide to Meshtastic, covering everything from hardware basics to advanced software configuration. We will explore making custom Meshtastic hardware, real-world results from deploying Meshtastic in Los Angeles, and attacks against mesh networks. \n\nAttendees will learn about LoRa, Meshtastic node and antenna options, software setup and configuration to extend its functionality, and real-world deployments of remote nodes.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Kody Kinzie"],"tags":["38c3","442","2024","Hardware \u0026 Making","Saal ZIGZAG"],"view_count":4217,"promoted":false,"date":"2024-12-29T22:05:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T21:30:06.130+02:00","length":2526,"duration":2526,"thumb_url":"https://static.media.ccc.de/media/congress/2024/442-fe30704a-9169-55c9-863a-ab9768168321.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/442-fe30704a-9169-55c9-863a-ab9768168321_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/442-fe30704a-9169-55c9-863a-ab9768168321.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/442-fe30704a-9169-55c9-863a-ab9768168321.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacker-s-guide-to-meshtastic-off-grid-encrypted-lora-meshnets-for-cheap","url":"https://api.media.ccc.de/public/events/fe30704a-9169-55c9-863a-ab9768168321","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"b85b6868-be2d-5d42-99a0-54ffc0578bb7","title":"Einstieg in den Amateurfunk","subtitle":null,"slug":"38c3-einstieg-in-den-amateurfunk","link":"https://events.ccc.de/congress/2024/hub/event/einstieg-in-den-amateurfunk/","description":"Erklärung von Amateurfunk und der neuen Prüfung für Neulinge\n\nIm Amateurfunk kann ich weltweit und über Satelliten kostenlos Gespräche führen. Dazu darf ich sogar selbstgebaute Empfänger und Sender benutzen. Oder auch einen Computer zur Kommunikation einsetzen. Damit das funktioniert, gibt es ein paar Regeln, die gelernt werden müssen und für die es eine Prüfung gibt.\n\nSeit diesem Sommer gibt es für den Amateurfunk in Deutschland eine Prüfung für eine Einstiegs-Klasse. Ich zeige dir, was du für die Prüfung lernen musst. Und was du nach bestandener Prüfung für Neulinge machen darfst, damit du am weltweiten Amateurfunk teilnehmen kannst.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Pylon (he/him)"],"tags":["38c3","781","2024","Stage YELL"],"view_count":3255,"promoted":false,"date":"2024-12-28T20:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-02T16:15:05.816+02:00","length":2470,"duration":2470,"thumb_url":"https://static.media.ccc.de/media/congress/2024/781-b85b6868-be2d-5d42-99a0-54ffc0578bb7.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/781-b85b6868-be2d-5d42-99a0-54ffc0578bb7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/781-b85b6868-be2d-5d42-99a0-54ffc0578bb7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/781-b85b6868-be2d-5d42-99a0-54ffc0578bb7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-einstieg-in-den-amateurfunk","url":"https://api.media.ccc.de/public/events/b85b6868-be2d-5d42-99a0-54ffc0578bb7","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"922cc80e-c00a-5da0-b7c5-cdccfec9fa2c","title":"Demystifying Common Microcontroller Debug Protocols","subtitle":null,"slug":"38c3-demystifying-common-microcontroller-debug-protocols","link":"https://events.ccc.de/congress/2024/hub/event/demystifying-common-microcontroller-debug-protocols/","description":"Many developers know that the answer to \"How do I debug this microcontroller\" is either \"JTAG\" or \"SWD\". But what does that mean, exactly? How do you get from \"Wiggling wires\" to \"Programming a chip\" and \"Halting on breakpoints\"? This talk will cover how common debug protocols work starting from signals on physical wires, cover common mechanisms for managing embedded processors, and ending up at talking to various common microcontrollers.\n\nEmbedded programming is the art of shrinking complex programs in tiny packages by throwing away unnecessary features. With modern microcontrollers, debugging need not be one of the features thrown away. Most modern chips include some form of low-level access, but the technical details aren't widely understood. Many users of embedded firmware will use their preferred debugger without thinking too hard about what's going on underneath.\n\nWe'll start by covering what it means to debug embedded software. The primitives required to have an interactive debug session are surprisingly minimal. From this, we'll build up a list of requirements and \"nice to haves\" to make a debugging environment comfortable, and reference existing \"bespoke\" debug approaches. We'll cover several examples of debug engines ranging from cores designed to go into FPGAs to tiny 8-bit microcontrollers.\n\nNext, we'll take a step back and describe the common lower-level protocols such as JTAG and SWD. These describe physical signals that go between the host and the target. We'll compare various protocols and see how they map onto the higher-level primitives discussed earlier. Armed with examples, we'll see how the protocol stack is formed.\n\nNext, we'll use the knowledge of low-level protocol implementations and the requirements for debugging to look at common abstractions on top of physical transports to implement core control. This will bridge the gap between \"JTAG or SWD are the protocol\" to \"Poking a value in memory on a microcontroller\". In this section, we'll cover the more common and generic uses such as Arm's ADI and the RISC-V DMI and see how complex and cross-target configurations are built to be rigid enough to have rich debug features while flexible enough to handle a wide range of processor configurations.\n\nFinally, we'll cover common tasks such as programming flash memory, watchpoints, and single-step debugging -- things that we take for granted in the desktop world and would like to have when programming for a potato that costs less than an actual potato.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Sean \"xobs\" Cross"],"tags":["38c3","191","2024","Hardware \u0026 Making","Saal GLITCH"],"view_count":7285,"promoted":false,"date":"2024-12-27T14:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-31T23:45:06.963+02:00","length":2647,"duration":2647,"thumb_url":"https://static.media.ccc.de/media/congress/2024/191-922cc80e-c00a-5da0-b7c5-cdccfec9fa2c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/191-922cc80e-c00a-5da0-b7c5-cdccfec9fa2c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/191-922cc80e-c00a-5da0-b7c5-cdccfec9fa2c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/191-922cc80e-c00a-5da0-b7c5-cdccfec9fa2c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-demystifying-common-microcontroller-debug-protocols","url":"https://api.media.ccc.de/public/events/922cc80e-c00a-5da0-b7c5-cdccfec9fa2c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"cd267c38-36ba-5cec-b2e6-10f864664b3d","title":"From Critical Making via unmaking towards (un)making","subtitle":null,"slug":"38c3-from-critical-making-via-unmaking-towards-un-making","link":"https://events.ccc.de/congress/2024/hub/event/from-critical-making-via-unmaking-towards-un-making/","description":"In this talk, an advocate of (un)making, Yoshinari Nishiki, dives into the historical foundation of the concept. Starting from the Maker movement, transitioning to Critical Making, evolving into unmaking, and culminating in (un)making, Yoshinari emphasizes a process defined by the deliberate absence of production, where (un)making itself embodies the act of not producing. Unmaking is a newly emerged term in the fields of HCI and design that references the idea of unlearning. In unmaking, researchers have explored the realms of making beyond the pursuit of plastic perfection: one prominent study investigated the aesthetics found in the processes of decay in 3D-printed objects. In (un)making, however—a variant of unmaking—Yoshinari attempts to step away from production itself while still generating monetary value.\n\nAs profit-making entities increasingly face pressure to claim—whether superficially or substantially—that they are reducing their environmental impact, the overall trend of relentless production remains largely unchanged and unchallenged. This raises a critical question: can we ever truly stop making? One reason we find it nearly impossible to stop is that the urge to make is deeply ingrained in our nervous systems.\n\nWhile pioneering researchers have begun to explore this issue by moving beyond unlearning to the concept of unmaking, little insight has emerged regarding the dilemma of value creation. Put simply, people cannot stop making things because they need to keep earning. Universal Basic Income (UBI) is not a straightforward solution, as it could further reinforce the monetary logic of resource acquisition. Instead, we need to (re)develop skills to derive benefits from our surroundings with minimal effort.\n\nThis is precisely what Yoshinari Nishiki is exploring in his engineering PhD on (un)making. However, to address the historical complexities of production, it is essential to revisit the evolution of our modes of making. In this talk, Yoshinari carefully traces the origins of (un)making, from the Maker movement and Critical Making to the emerging concepts of unmaking and (un)making.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Yoshinari Nishiki"],"tags":["38c3","689","2024","Stage HUFF"],"view_count":439,"promoted":false,"date":"2024-12-28T11:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-23T09:15:05.924+01:00","length":2178,"duration":2178,"thumb_url":"https://static.media.ccc.de/media/congress/2024/689-cd267c38-36ba-5cec-b2e6-10f864664b3d.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/689-cd267c38-36ba-5cec-b2e6-10f864664b3d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/689-cd267c38-36ba-5cec-b2e6-10f864664b3d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/689-cd267c38-36ba-5cec-b2e6-10f864664b3d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-from-critical-making-via-unmaking-towards-un-making","url":"https://api.media.ccc.de/public/events/cd267c38-36ba-5cec-b2e6-10f864664b3d","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"716710bb-bda3-55b4-9794-e1a5a3e17b18","title":"Hacking yourself a satellite - recovering BEESAT-1","subtitle":null,"slug":"38c3-hacking-yourself-a-satellite-recovering-beesat-1","link":"https://events.ccc.de/congress/2024/hub/event/hacking-yourself-a-satellite-recovering-beesat-1/","description":"In 2013, the satellite BEESAT-1 started returning invalid telemetry, rendering it effectively unusable. Because it is projected to remain in orbit for at least another 20 years, recovering the satellite and updating the flight software would enable new experiments on the existing hardware. However, in addition to no access to telemetry, the satellite also has no functional software update feature. This talk will tell the story of how by combining space and computer security mindsets, the fault was correctly diagnosed without telemetry, software update features were implemented without having them to begin with, and the satellite was recovered in September of 2024.\n\nIn 2009, BEESAT-1 was launched into low earth orbit as the first 1U CubeSat of Technische Universität Berlin. In 2011, the satellite started returning invalid telemetry data. After a short amount of time spent diagnosing the issue, operators switched to the redundant on-board computer, which initially resolved the issue. However in 2013 the issue reoccurred on the second computer. With no other on-board computer available to switch to, operations largely ceased besides occasional checks every few years to see whether the satellite was still responding to commands at all.\n\nA recovery of BEESAT-1 back into an operational state was made particularly attractive considering that due to its higher orbit, it is currently estimated to remain in space for another 20 years or more, while many of the other spacecraft of the BEESAT series have since burned up in the atmosphere. Additionally, the spacecraft is equipped with a number of sensors and actuators which were not fully utilized during the primary mission and could be used in an extended mission. However, to fully utilize all the available hardware on the spacecraft, a software update is required. Unfortunately, the software update functionality was not completed at the time of launch and as a consequence is in a nonfunctional state. An alternate solution must be devised.\n\nFollowing an extensive effort that diagnosed the telemetry problem, developed a solution that would remedy both the telemetry problem and allow the upload of new flight software, and implemented this solution on the actual spacecraft in orbit, the satellite was finally recovered into an operational state with the ability to perform a software update in September 2024.\n\nThis talk will cover the recovery process from beginning to end, including:\n- A brief overview of how BEESAT-1 works and is operated\n- Diagnosing the loss of telemetry without access to said telemetry\n- Engineering a solution to the diagnosed issue, including:\n\t- figuring out how to upload new software without a feature intended for that task\n\t- establishing a development and testing setup for flight software development years after the original setup was dismantled\n\t- developing a patch to enable returning the satellite to an operational state and establish the ability to upload new flight software, while under the constraints posed by the lack of a proper upload method and without compromising the safety of the spacecraft\n- Implementing this solution on the actual spacecraft in space\n- A brief look at the current state of the spacecraft and remaining future tasks\n\nAlong the way, some of the fun and unexpected moments experienced while working with the 15 year old software and hardware will be shared. The talk is likely to be a mix of technical and non-technical. I hope to provide enough context so that you can follow without a background in space systems or computer security.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["PistonMiner"],"tags":["38c3","340","2024","Hardware \u0026 Making","Saal 1"],"view_count":66755,"promoted":false,"date":"2024-12-28T19:15:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T12:15:08.015+02:00","length":3498,"duration":3498,"thumb_url":"https://static.media.ccc.de/media/congress/2024/340-716710bb-bda3-55b4-9794-e1a5a3e17b18.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/340-716710bb-bda3-55b4-9794-e1a5a3e17b18_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/340-716710bb-bda3-55b4-9794-e1a5a3e17b18.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/340-716710bb-bda3-55b4-9794-e1a5a3e17b18.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-hacking-yourself-a-satellite-recovering-beesat-1","url":"https://api.media.ccc.de/public/events/716710bb-bda3-55b4-9794-e1a5a3e17b18","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"13802a20-4b8f-5848-9611-1f0b260605c9","title":"Is Green Methanol the missing piece for the Energy Transition?","subtitle":null,"slug":"38c3-is-green-methanol-the-missing-piece-for-the-energy-transition","link":"https://events.ccc.de/congress/2024/hub/event/is-green-methanol-the-missing-piece-for-the-energy-transition/","description":"In an accelerating climate crisis, renewable energy and electrification are the most important tools to reduce greenhouse gas emissions. However, in sectors where electrification is infeasible or impossible, other solutions will be needed. While hydrogen gets a lot of attention, it suffers from challenges like being difficult to transport and store. While it does not receive nearly as much attention as hydrogen, another molecule, methanol, could play a crucial role in bringing down emissions in challenging sectors like shipping, aviation, or the chemical industry.\n\nMethanol is the simplest carbon-containing liquid and is currently almost exclusively made from fossil fuels. However, it could be made by utilizing renewable energy, green hydrogen, and carbon dioxide, and such green methanol could play an important role in a climate-neutral future - both as a fuel and as a chemical feedstock[1].\n\nMethanol is relatively easy to store and transport. It could provide energy during times with little sun and wind and possibly even balance multi-year fluctuations [2][3]. It could also serve as a shipping fuel and, indirectly, help make aviation fuels. Furthermore, it could form the basis of a fossil-free production of chemical products like plastics [4][5]. That raises important questions about stranded assets in today's chemical industry, as the existing plastic production with steam crackers could become obsolete.\n\nDespite its prospects, methanol is no magic silver bullet. Making it from CO2 requires enormous amounts of energy. It should be used carefully and only where efficient direct electrification is infeasible (no methanol car, sorry). Alternative production pathways using climate-friendly biomass and waste have turned out to be challenging in the past, but they could lower some of the enormous energy needs.\n\n[1] [From Coal enabler to the Minimal Green Methanol Economy, Industry Decarbonization Newsletter, 2024](https://industrydecarbonization.com/news/from-coal-enabler-to-the-minimal-green-methanol-economy.html)\n\n[2] [Ultra-long-duration energy storage anywhere: Methanol with carbon cycling, Joule, Brown, Hampp, 2023](https://www.cell.com/joule/abstract/S2542-4351(23)00407-5)\n\n[3] [Should we burn Methanol when the Wind does not blow?, Industry Decarbonization Newsletter, 2023](https://industrydecarbonization.com/news/should-we-burn-methanol-when-the-wind-does-not-blow.html)\n\n[4] [Climate change mitigation potential of carbon capture and utilization in the chemical industry, PNAS, Kätelhön et al, 2019](https://www.pnas.org/doi/full/10.1073/pnas.1821029116)\n\n[5] [How to make Plastics without Fossil Fuels, Industry Decarbonization Newsletter, 2023](https://industrydecarbonization.com/news/how-to-make-plastics-without-fossil-fuels.html)\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Hanno Böck"],"tags":["38c3","358","2024","Science","Saal GLITCH"],"view_count":1455,"promoted":false,"date":"2024-12-30T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-02-05T10:30:08.606+01:00","length":2558,"duration":2558,"thumb_url":"https://static.media.ccc.de/media/congress/2024/358-13802a20-4b8f-5848-9611-1f0b260605c9.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/358-13802a20-4b8f-5848-9611-1f0b260605c9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/358-13802a20-4b8f-5848-9611-1f0b260605c9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/358-13802a20-4b8f-5848-9611-1f0b260605c9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-is-green-methanol-the-missing-piece-for-the-energy-transition","url":"https://api.media.ccc.de/public/events/13802a20-4b8f-5848-9611-1f0b260605c9","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"1c6eb229-0988-53f4-8aa3-1d68cda60206","title":"Fake-Shops von der Stange: BogusBazaar","subtitle":null,"slug":"38c3-fake-shops-von-der-stange-bogusbazaar","link":"https://events.ccc.de/congress/2024/hub/event/fake-shops-von-der-stange-bogusbazaar/","description":"Du bestellst im Internet? Natürlich bestellst Du im Internet. Aber dieses Mal wird Deine Ware nicht geliefert. Stattdessen sind Dein Geld und Deine Kreditkartendaten nun in China. Das ist BogusBazaar. Wir teilen unsere Einblicke in die Arbeitsweise dieser Bande.\n\nIn den vergangenen drei Jahren hat allein diese eine kriminelle Organisation, die wir BogusBazaar nennen, auf mehr als 75.000 Domains gefälschte Markenshops aufgesetzt und damit eine Million Bestellungen mit einem Auftragsvolumen von mehr als 50 Millionen USD abgewickelt.\n\nEin ausgeklügeltes und über die Jahre gewachsenes Setup ermöglicht einen reibungslosen Prozess vom Kopieren der originalen Markenläden, über das Aufsetzen gefälschter Webshops und dem Konfigurieren der Produkte, bis hin zum Orchestrieren der Zahlungsinfrastruktur.\n\nWir hatten einen einmaligen Einblick in dieses Setup und in die Arbeitsweise dieser Bande. Neben Kundendaten und Quellcode konnten wir auch Verträge und Dokumentation studieren und mit den Opfern über ihre Erfahrungen sprechen. In diesem Talk berichten wir über die Hintergründe unserer Recherche. [Die Zeit](https://www.zeit.de/2024/21/gefaelschte-online-shops-fake-shops-betrug-china), [The Guardian](https://www.theguardian.com/money/article/2024/may/08/chinese-network-behind-one-of-worlds-largest-online-scams) und [Le Monde](https://www.lemonde.fr/en/pixels/article/2024/05/08/online-scams-behind-the-scenes-of-the-world-s-largest-network-of-fake-online-retailers_6670775_13.html) berichteten.\n\nDer Vortrag ist ein Spin-Off aus der Reihe „[Hirne Hacken](https://media.ccc.de/v/36c3-11175-hirne_hacken)\" (36C3), „[Hirne Hacken - Hackback Edition](https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edition)“ (37C3) und „[Disclosure, Hack und Back](https://media.ccc.de/v/camp2023-57272-disclosure_hack_and_back)“ (Chaos Communication Camp '23) und will Einblicke in das Handeln von Kriminellen geben, die auch weiterhin aktiv sind. Damit Ihr nicht auf sie hereinfallt.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["kantorkel","Kai Biermann"],"tags":["38c3","521","2024","Security","Saal 1"],"view_count":13448,"promoted":false,"date":"2024-12-28T20:30:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T20:30:06.709+02:00","length":3835,"duration":3835,"thumb_url":"https://static.media.ccc.de/media/congress/2024/521-1c6eb229-0988-53f4-8aa3-1d68cda60206.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/521-1c6eb229-0988-53f4-8aa3-1d68cda60206_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/521-1c6eb229-0988-53f4-8aa3-1d68cda60206.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/521-1c6eb229-0988-53f4-8aa3-1d68cda60206.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-fake-shops-von-der-stange-bogusbazaar","url":"https://api.media.ccc.de/public/events/1c6eb229-0988-53f4-8aa3-1d68cda60206","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"db6b17d6-88e3-5665-b1d8-1c8348c1431b","title":"Ten Years of Rowhammer: ","subtitle":"A Retrospect (and Path to the Future)","slug":"38c3-ten-years-of-rowhammer-a-retrospect-and-path-to-the-future","link":"https://events.ccc.de/congress/2024/hub/event/ten-years-of-rowhammer-a-retrospect-and-path-to-the-future/","description":"The density of memory cells in modern DRAM is so high that disturbance errors, like the Rowhammer effect, have become quite frequent. An attacker can exploit Rowhammer to flip bits in inaccessible memory locations by reading the contents of nearby accessible memory rows. Since its discovery in 2014, we have seen a cat-and-mouse security game with a continuous stream of new attacks and new defenses. Now, in 2024, exactly 10 years after Rowhammer was discovered, it is time to look back and reflect on the progress we have made and give an outlook on the future. Additionally, we will present an open-source framework to check if your system is vulnerable to Rowhammer.\r\n\r\nIn 2014, Kim et al. reported a new disturbance effect in modern DRAM that they called Rowhammer.\r\nThe Rowhammer effect flips bits in inaccessible memory locations just by reading the content of nearby memory locations that are attacker-accessible. \r\nThey trigger the Rowhammer effect by accessing memory locations at a high frequency, using memory accesses and flushes.\r\nThe root problem behind Rowhammer is the continuous increase in cell density in modern DRAM.\r\nIn early 2015, Seaborn and Dullien were the first to demonstrate the security impact of this new disturbance effect.\r\nIn two different exploit variants, they demonstrated privilege escalation from the Google Chrome NaCl sandbox to native code execution and from unprivileged native code execution to kernel privileges.\r\nLater, in 2015, Gruss et al. demonstrated that this effect can even be triggered from JavaScript, which they presented in their talk \"Rowhammer.js: Root privileges for web apps?\" at 32C3.\r\n\r\nNow, in 2024, it is precisely 10 years after Rowhammer was discovered.\r\nThus, we believe it is time to look back and reflect on the progress we have made.\r\nWe have seen a seemingly endless cat-and-mouse security game with a constant stream of new attacks and new defenses.\r\nWe will discuss the milestone works throughout the last 10 years, including various mitigations (making certain instructions illegal, ECC, doubled-refresh rate, pTRR, TRR) and how they have been bypassed.\r\nWe show that new Rowhammer attacks pushed the boundaries further with each defense and challenge. While initial attacks required native code on Intel x86 with DDR3 memory, subsequent attacks have also been demonstrated on DDR4 and, more recently, DDR5. Attacks have also been demonstrated on mobile Arm processors and AMD x86 desktop processors. Furthermore, instead of native code, attacks from sandboxed JavaScript or even remote attacks via network have been demonstrated as well.\r\nFurthermore, we will discuss how the Rowhammer effect can be used to leak memory directly, as well as related effects such as Rowpress. We will discuss these research results and show how they are connected.\r\nWe will then talk about the lessons learned and derive areas around the Rowhammer effect that have not received sufficient attention yet.\r\nWe will outline what the future of DRAM disturbance effects may look like, covering more recent effects and trends in computer systems and DRAM technology.\r\n\r\nFinally, an important aspect of our talk is that we invite everyone to contribute to solving one of the biggest unanswered questions about Rowhammer:\r\nWhat is the real-world prevalence of the Rowhammer effect? How many systems, in their current configurations, are vulnerable to Rowhammer?\r\nAs large-scale studies with hundreds to thousands of systems are not easy to perform, such a study has not yet been performed. Therefore, we developed a new framework to check if your system is vulnerable to Rowhammer, incorporating the state-of-the-art Rowhammer techniques and tools.\r\nThus, we invite everyone to participate in this unique opportunity at 38C3 to join forces and close this research gap together.\r\n\r\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Daniel Gruss","Martin Heckel","Florian Adamsky"],"tags":["38c3","255","2024","Security","Saal 1"],"view_count":2294,"promoted":false,"date":"2024-12-30T12:00:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T10:30:05.101+02:00","length":2494,"duration":2494,"thumb_url":"https://static.media.ccc.de/media/congress/2024/255-db6b17d6-88e3-5665-b1d8-1c8348c1431b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/255-db6b17d6-88e3-5665-b1d8-1c8348c1431b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/255-db6b17d6-88e3-5665-b1d8-1c8348c1431b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/255-db6b17d6-88e3-5665-b1d8-1c8348c1431b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-ten-years-of-rowhammer-a-retrospect-and-path-to-the-future","url":"https://api.media.ccc.de/public/events/db6b17d6-88e3-5665-b1d8-1c8348c1431b","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"a5f09a3a-1734-5ce2-8870-77e118f25dae","title":"Net Neutrality: Why It Still Matters (More Than Ever!)","subtitle":null,"slug":"38c3-net-neutrality-why-it-still-matters-more-than-ever","link":"https://events.ccc.de/congress/2024/hub/event/net-neutrality-why-it-still-matters-more-than-ever/","description":"Net Neutrality is a core pillar of the open internet. But we witness a coordinated, world-wide attack from the telecom industry on the very foundation that ties the internet together. The interconnection of autonomous parts of the internet used to be a non-political and non-commercial field that not many paid attention to. But through heavy lobbying activity we are on the brink of regulating interconnection in the EU, Brazil and India to establish a new payment obligation that would force everyone who wants to send a significant amount of data to customers. Telecom companies would end up being paid twice for the same traffic, from their customers and the content and cloud providers that want to reach them.\n\nThis talk by Raquel Renno Nunes from Article 19 and Thomas Lohninger from epicenter.works gives insights into the global civil society fight against the telecom industry. We will lift the veil about the lobbying of companies like Deutsche Telekom, Orange and A1 and showcase strategies how NGOs fought back in Latin America and Europe. This war for the open internet is only heating up. European Commissioner Henna Virkkunen for Digital will have in her hands to uphold net neutrality in Europe.\n\nWe want to extend our perspective by also looking at the successful fight in Latin America. Brazil in particular made their own experience with Zero-Rating tariffs that connected millions of Brazilians only to a selected few Apps instead of the whole internet. We will showcase how WhatsApp became a catalyst for the spread of fake news around the election of Jair Bolsonaro.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["socialhack","Raquel Renno Nunes","Jürgen Bering"],"tags":["38c3","501","2024","Ethics, Society \u0026 Politics","Saal GLITCH"],"view_count":10199,"promoted":false,"date":"2024-12-29T00:55:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-04-03T14:30:05.887+02:00","length":2410,"duration":2410,"thumb_url":"https://static.media.ccc.de/media/congress/2024/501-a5f09a3a-1734-5ce2-8870-77e118f25dae.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/501-a5f09a3a-1734-5ce2-8870-77e118f25dae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/501-a5f09a3a-1734-5ce2-8870-77e118f25dae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/501-a5f09a3a-1734-5ce2-8870-77e118f25dae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-net-neutrality-why-it-still-matters-more-than-ever","url":"https://api.media.ccc.de/public/events/a5f09a3a-1734-5ce2-8870-77e118f25dae","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"5cd2c35d-9b24-54dc-a040-61b5a0e4511c","title":"we made a globally distributed DNS network for shits and giggles","subtitle":null,"slug":"38c3-we-made-a-globally-distributed-dns-network-for-shits-and-giggles","link":"https://events.ccc.de/congress/2024/hub/event/we-made-a-globally-distributed-dns-network-for-shits-and-giggles/","description":"DNS infrastructure is a bespoke pile of interconnected \"standards\", and its management is often treated as an afterthought. With Project SERVFAIL we aim to change that perception, providing both general docs and a community-run alternative to commercial nameservers - all of which while staying exceedingly *silly*.\n\nWhat started as a joke shitpost on fedi ended up with us spending multiple weeks hacking on everything DNS: from infra setups, through automating DNSSEC deployments, up to writing a fully custom zone edit website.\n\nWith [Project SERVFAIL](https://beta.servfail.network), we set out to discover what we could do better than the status quo. With barely any progress in the past 15 years, the NS provider field has seemingly stagnated. We set out to change that - and while SERVFAIL is still a Work in Progress, we're already at a point where we have a lot to share: stories of horror, upstream negligence, but also of hope and wonder for the future.\n\nAll of this while still bringing a vibe that wouldn't let you mistake us for for an enterprise - and for free, OSS, of course.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["sdomi","famfo","merlin (he/him)"],"tags":["38c3","768","2024","Stage HUFF"],"view_count":2664,"promoted":false,"date":"2024-12-29T15:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T15:00:06.817+02:00","length":2621,"duration":2621,"thumb_url":"https://static.media.ccc.de/media/congress/2024/768-5cd2c35d-9b24-54dc-a040-61b5a0e4511c.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/768-5cd2c35d-9b24-54dc-a040-61b5a0e4511c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/768-5cd2c35d-9b24-54dc-a040-61b5a0e4511c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/768-5cd2c35d-9b24-54dc-a040-61b5a0e4511c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-we-made-a-globally-distributed-dns-network-for-shits-and-giggles","url":"https://api.media.ccc.de/public/events/5cd2c35d-9b24-54dc-a040-61b5a0e4511c","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"2658199b-303a-5fe8-a7c4-17152071eab1","title":"How Roaming Agreements Enable 5G MitM Attacks","subtitle":null,"slug":"38c3-how-roaming-agreements-enable-5g-mitm-attacks","link":"https://events.ccc.de/congress/2024/hub/event/how-roaming-agreements-enable-5g-mitm-attacks/","description":"End-users in cellular networks are at risk of connecting to fake base stations, and we show that mitigations pushed in 5G are insufficient.\n\nMachine-in-the-Middle (MitM) attackers aim to overhear and manipulate network traffic. The MitM position can also be used as an entry point for baseband exploitation. Proceeding from there, attackers can gain full control of a user’s phone. Standardization bodies pushed many mitigations against MitM into the specification of cellular networks. However, roaming agreements still enable powerful attackers to perform seamless attacks – even in 5G!\n\nIn this talk, you’ll learn about the complex nature of cellular roaming and how roaming is implemented in recent smartphones. The specification puts a lot of trust in network operators. This impedes security in real-world deployments. We show that the capabilities of network operators exceed the intended capabilities of lawful interception. If those are abused, end-users have no possibility of noticing the attacks.\n\nAttacks on roaming are challenging to prevent or even detect in practice. The specification needs a major update to make cellular roaming secure. Users at risk should be aware of the current state of the system. We discuss multiple mitigations, including solutions for end-user devices.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["Swantje Lange"],"tags":["38c3","863","2024","Stage YELL"],"view_count":2362,"promoted":false,"date":"2024-12-27T13:50:00.000+01:00","release_date":"2025-01-21T00:00:00.000+01:00","updated_at":"2026-03-30T23:15:05.701+02:00","length":2388,"duration":2388,"thumb_url":"https://static.media.ccc.de/media/congress/2024/863-2658199b-303a-5fe8-a7c4-17152071eab1.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/863-2658199b-303a-5fe8-a7c4-17152071eab1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/863-2658199b-303a-5fe8-a7c4-17152071eab1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/863-2658199b-303a-5fe8-a7c4-17152071eab1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-how-roaming-agreements-enable-5g-mitm-attacks","url":"https://api.media.ccc.de/public/events/2658199b-303a-5fe8-a7c4-17152071eab1","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"28ca8db9-c378-57b4-b471-c43428572bba","title":"Fehlercode 406: Request not acceptable. Digitalzwang als Human Security-Problem","subtitle":null,"slug":"38c3-fehlercode-406-request-not-acceptable-digitalzwang-als-human-security-problem","link":"https://events.ccc.de/congress/2024/hub/event/fehlercode-406-request-not-acceptable-digitalzwang-als-human-security-problem/","description":"Schon die neue Bahncard in der App integriert und dabei erfolglos versucht, dem Tracking auszuweichen? \nDigitalzwang kostet: Und zwar uns, den Nutzer:innen von Diensten von Unternehmen, Behörden, oder anderen Anbietern (auch du, Deutsche Bahn!). Dabei ist es weniger ein Problem, ob digitalisiert wird, sondern wie. Ich argumentiere, dass mit der fortschreitenden Digitalisierung eine Bringschuld von Anbietern auf die einzelnen Verbraucher:innen übertragen wird. \nBetroffene von Digitalzwang erfahren dabei höhere Kosten in ihrem Alltag: Sie müssen mehr Geld ausgeben, um einer Datenabgabe zu entkommen, oder brauchen mehr Zeit für Dienstleistungen, weil diese sie ausschließen. Dabei reicht der Rahmen über die vermeintlich Technik-feindlichen Senioren weit hinaus, und betrifft arme, körperlich behinderte, oder Datenschutz-affine Menschen genau so. \nDigitalcourage hat bereits beim Fireshonks 2022 ein Best-Off ihres Digitalzwangmelders vorgestellt. Ich habe jetzt eine Übersicht aufgebaut, um das Problem zu visualisieren. Durch die Analyse von Forschungsinterviews mit Betroffenen zeige ich, wer von Digitalzwang betroffen ist, in welchen Formen Digitalzwang auftritt, und welche Auswirkungen er auf ihr Leben hat. Dabei zeige ich, dass der Digitalzwang in seinen verschiedenen Facetten mehr ist als nur „unangenehm“: Er wirkt als Brennglas für bestehende Probleme und führt zu Ausgrenzungen und Einschränkungen.\n\nComputer können das Leben verbessern. Digitalisierung macht viele Prozesse schneller und leichter umsetzbar, zumindest in der Theorie. Was aber, wenn man gar keinen Zugang zu digitalen Angeboten hat, oder ihn aus Sorge von Datenmissbrauch ausschließen muss? Armut, Behinderung, fehlende Umgangserfahrung oder eine hohe Datenhygiene führen dazu, dass Menschen sich im Alltag einschränken müssen, weil ihnen der Zugang zu einem Gut nicht offen steht. Das geht los bei Rabattaktionen im Supermarkt und geht bis zu Einschränkungen in der Mobilität – die Deutsch Bahn lässt grüßen.\nIch zeige, in welchen Bereichen des Lebens Digitalzwang auftritt und wie vielseitig er sich gestaltet. Hierfür habe ich Forschungsinterviews mit Menschen geführt, die sich von Digitalzwang betroffen sehen. Im Gespräch habe ich erfahren, mit welchen Formen des Zwangs sie konfrontiert waren und wie schwer diese Eingriffe waren. Dabei zeigt sich, dass Digitalzwang zwar ein Problem für sich ist, jedoch oft intersektionell wirkt: Armut, Behinderung oder fehlende Bildung werden durch eine exklusive Digitalisierung noch verstärkt. \nDigitalzwang ist damit nicht nur unangenehm, sondern wird in vielen Fällen zu einem Human Security-Problem. Dieses Konzept geht davon aus, dass Sicherheit nicht nur die Abwesenheit von Gewalt ist, sondern ein Zustand, indem sich Menschen frei entwickeln können. Ein Ausschluss aus einer Gesellschaft oder eine Beschränkung im eigenen Leben wirken diesem Zustand entgegen. Anhand der Beispiele, die ich durch die Interviews gesammelt habe, zeige ich, wie die Auswirkungen von Digitalzwang diese Probleme erzeugen können.\nDabei müssen wir uns die Frage stellen, wie wir mit der Digitalisierung umgehen wollen. Um dabei nicht ganz im Pessimismus zu versinken, gehe ich auch auf positive Beispiele ein: Wo wird gut und nutzerfreundlich digitalisiert?\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Scherrie"],"tags":["38c3","820","2024","Stage HUFF"],"view_count":1521,"promoted":false,"date":"2024-12-28T15:45:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-26T08:15:04.637+01:00","length":2234,"duration":2234,"thumb_url":"https://static.media.ccc.de/media/congress/2024/820-28ca8db9-c378-57b4-b471-c43428572bba.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/820-28ca8db9-c378-57b4-b471-c43428572bba_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/820-28ca8db9-c378-57b4-b471-c43428572bba.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/820-28ca8db9-c378-57b4-b471-c43428572bba.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-fehlercode-406-request-not-acceptable-digitalzwang-als-human-security-problem","url":"https://api.media.ccc.de/public/events/28ca8db9-c378-57b4-b471-c43428572bba","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]},{"guid":"29cca23e-1ba0-586e-9c22-99b382b22464","title":"Der Mythos der „gezielten Tötung”. Zur Verantwortung von KI-gestützten Zielsystemen am Beispiel „Lavender“","subtitle":null,"slug":"38c3-der-mythos-der-gezielten-ttung-zur-verantwortung-von-ki-gesttzten-zielsystemen-am-beispiel-lavender","link":"https://events.ccc.de/congress/2024/hub/event/der-mythos-der-gezielten-ttung-zur-verantwortung-von-ki-gesttzten-zielsystemen-am-beispiel-lavender/","description":"Das Lavender-KI-Zielsystem zeigt gut, wie Kriegsautomatisierung aktuell aussieht und was daran falsch läuft.\n\nDas Thema „KI in der Militärtechnik“ und die Beziehung zwischen Mensch und Maschine ist seit Jahrzehnten ein theoretisches Thema in der Philosophie, den Sozialwissenschaften und den kritischen Algorithmus-Studien. Doch in den letzten Jahren wurden Waffensysteme mit KI-Komponenten entwickelt und jüngst in bewaffneten Konflikten praktisch eingesetzt. Am Beispiel des KI-gestützten Zielwahlsystem Lavender, das vom israelischen Militär IDF im derzeit laufenden Gaza-Krieg eingesetzt wird, werden die aktuellen Entwicklungen aufgezeigt und in den historisch-technischen Kontext der „Signature Strikes“ der USA in Waziristan (Pakistan) oder Afghanistan gesetzt, sowie konkrete technische Designentscheidungen vorgestellt und kritisch diskutiert. Dabei entstehen auch Fragen von Verantwortungsverlagerung und Rechtsumgehung.\n\nDie hier vorgestellten Erkenntnisse beruhen auf einer gemeinsamen Analyse von Expert:innen des Forums InformatikerInnen für Frieden und Gesellschaftliche Verantwortung (FIfF e.V.) zusammen mit der Informationsstelle Militarisierung (IMI e.V.) und der Arbeitskreis gegen bewaffnete Drohnen e.V., die die Praxis der KI-basierten „gezielten Tötung“ wie etwa durch Lavender als Kriegsverbrechen zu ächten sucht.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"deu","persons":["Rainer Rehak"],"tags":["38c3","760","2024","Stage HUFF"],"view_count":7648,"promoted":false,"date":"2024-12-28T17:35:00.000+01:00","release_date":"2024-12-30T00:00:00.000+01:00","updated_at":"2026-03-30T14:15:07.583+02:00","length":2810,"duration":2810,"thumb_url":"https://static.media.ccc.de/media/congress/2024/760-29cca23e-1ba0-586e-9c22-99b382b22464.jpg","poster_url":"https://static.media.ccc.de/media/congress/2024/760-29cca23e-1ba0-586e-9c22-99b382b22464_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2024/760-29cca23e-1ba0-586e-9c22-99b382b22464.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2024/760-29cca23e-1ba0-586e-9c22-99b382b22464.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/38c3-der-mythos-der-gezielten-ttung-zur-verantwortung-von-ki-gesttzten-zielsystemen-am-beispiel-lavender","url":"https://api.media.ccc.de/public/events/29cca23e-1ba0-586e-9c22-99b382b22464","conference_title":"38C3: Illegal Instructions","conference_url":"https://api.media.ccc.de/public/conferences/38c3","related":[]}]}