{"acronym":"WHY2025","aspect_ratio":"16:9","updated_at":"2026-04-03T19:30:04.129+02:00","title":"What Hackers Yearn 2025","schedule_url":"","slug":"conferences/camp-NL/why2025","event_last_released_at":"2025-09-10T00:00:00.000+02:00","link":"https://why2025.org/","description":"","webgen_location":"conferences/camp-NL/why2025","logo_url":"https://static.media.ccc.de/media/events/why2025/WHY2025_logo.png","images_url":"https://static.media.ccc.de/media/events/why2025","recordings_url":"https://cdn.media.ccc.de/events/why2025","url":"https://api.media.ccc.de/public/conferences/WHY2025","events":[{"guid":"de5c7fbc-e8db-5829-9481-3fce7c2c2564","title":"The WHY, the How, the What. An assessment of TETRA End-to-end","subtitle":null,"slug":"why2025-194-the-why-the-how-the-what-an-assessment-of-tetra-end-to-end","link":"https://program.why2025.org/why2025/talk/WSM3XV/","description":"TETRA is a European standard for trunked radio used globally by police, military and civilian parties alike. In the past, we already published the hitherto secret inner workings of TETRA and on several of its severe security issues. \n\nWe're now back to discuss the last crucial part of TETRA security - its optional (and costly) end-to-end encryption, reserved for the most sensitive use cases. We'll discuss in detail how we obtained and analyzed those elusive algorithms, and what we found.\n\nTETRA is a European standard for trunked radio used globally by police and military operators. Additionally, TETRA is widely deployed in industrial environments such as harbors and airports, as well as critical infrastructure such as SCADA telecontrol of pipelines, transportation and electric and water utilities.\n\nIn previous research, we published [TETRA:BURST](https://www.midnightblue.nl/tetraburst), revealing vulnerabilities in the TETRA air interface encryption, and publishing the secret cryptographic primitives for public scrutiny. We now present all-new material, assessing the optional and often expensive end-to-end encryption, which adds an additional layer of encryption on top of the air interface encryption, a layer that can only be decrypted by the traffic's recipient, and not by the infrastructure. \n\nThese solutions enjoy significant end-user trust and are intended for the most sensitive of use cases. While the ETSI standard on TETRA does facilitate integration of some E2EE solution, the solutions themselves are vendor-proprietary, and proved quite hard to obtain.\n\nThe opaque nature of this solution and TETRA's history of offering significantly less security than advertised (including backdoored ciphers) is worrying enough, but given our previous TETRA:BURST research, E2EE is frequently mentioned as a potential mitigation. In order to shed light on its suitability, we decided to undertake the effort of reverse-engineering a TETRA E2EE solution.\n\nWe'll discuss how we investigated the E2EE landscape, and how we (after being scammed on a Motorola device) managed to extract an implementation from a popular Sepura radio. \n\nWe'll then discuss the E2EE design (that we have published on GitHub) along with a security analysis, identifying several severe shortcomings ranging from the ability to inject voice traffic into E2EE channels and replay SDS (short text) messages to an intentionally weakened E2EE variant, which reduces its 128-bit key to only 56 bits.\n\nIn addition, we will discuss new findings related to multi-algorithm networks and official patches, relevant for asset owners mitigating the TETRA:BURST vulnerabilities previously uncovered by us.\n\nFinally, we will demonstrate the E2EE voice injection attack as well as the previously theoretical TETRA packet injection attack on SCADA networks.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Wouter Bokslag","Carlo Meijer"],"tags":["194","2025","why2025","Hacking","Andromeda","why2025-eng","Day 5"],"view_count":392,"promoted":false,"date":"2025-08-11T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-02T15:45:06.849+02:00","length":2900,"duration":2900,"thumb_url":"https://static.media.ccc.de/media/events/why2025/194-de5c7fbc-e8db-5829-9481-3fce7c2c2564.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/194-de5c7fbc-e8db-5829-9481-3fce7c2c2564_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/194-de5c7fbc-e8db-5829-9481-3fce7c2c2564.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/194-de5c7fbc-e8db-5829-9481-3fce7c2c2564.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-194-the-why-the-how-the-what-an-assessment-of-tetra-end-to-end","url":"https://api.media.ccc.de/public/events/de5c7fbc-e8db-5829-9481-3fce7c2c2564","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"cac0b163-c806-508a-a0c9-75fa95e19513","title":"Stealth Web Scraping Techniques for OSINT","subtitle":null,"slug":"why2025-131-stealth-web-scraping-techniques-for-osint","link":"https://program.why2025.org/why2025/talk/7DMBVR/","description":"Web scraping continues to be a cornerstone of OSINT operations, particularly during Red Team engagements and external attack surface reconnaissance. Yet, as anti-bot technologies grow more sophisticated, traditional scraping methods based on direct HTTP requests are increasingly ineffective.\nThis talk takes a technical dive into browser-based scraping techniques that closely mimic real user behavior to evade detection, inspired by real-world mechanisms observed across major web platforms.\n\nIn Red Team operations and external attack surface assessments, open-source intelligence (OSINT) is a critical step for identifying internet-exposed assets and assessing the associated risks. One of the most common techniques in this phase is web scraping, which automates the collection of publicly available data—often without relying on official APIs that are frequently rate-limited, monitored, or entirely unavailable.\n\nIn previous conferences, such as Fabien Vauchelles’s talk \"Cracking the Code: Decoding Anti-Bot Systems\", the focus was on detecting scraping activities at the network layer using TCP/IP fingerprinting and IP intelligence. This presentation builds on that work by shifting the focus to client-side techniques—specifically, browser-based approaches that mimic legitimate user behavior to evade detection.\n\nThe objective of this session is to explore modern strategies for conducting stealthy web scraping by avoiding API usage and minimizing anomalies detectable at both the network and application layers. Based on real-world use cases, the talk aims to provide actionable insights for security professionals involved in scraping—whether performing it or defending against it.The talk will present concrete methods for data collection, including:\n\n- Making direct HTTP/HTTPS requests to web servers—such as websites or HTTP-based services—using libraries that handle protocol-level communication. This method allows efficient data retrieval by bypassing the need to render the page or load additional resources like images, videos, stylesheets, or scripts. It’s fast and lightweight, especially suited for static or partially dynamic content.\n\n- Leveraging headless browsers to simulate real browser behavior without a graphical interface. These tools embed full HTML, CSS, and JavaScript engines, enabling interaction with modern, dynamic web applications. This technique is essential when scraping content that relies on client-side rendering or asynchronous JavaScript operations.\n\n- Using browser-side scripting tools, such as TamperMonkey, within standard browsers. These tools allow custom JavaScript code to be injected and executed directly on the page, offering a practical and discreet way to automate data collection from within the browsing environment itself. This technique has been successfully applied in large-scale scraping operations, including on major social networks where traditional approaches are often ineffective due to advanced client-side defenses.\n\nBeyond the scraping techniques themselves, the presentation will also cover the current detection methods employed by websites to identify automated behavior and how these can be bypassed, including:\n\n- Detection of automation environments via specific JavaScript variables (e.g., navigator.webdriver) or discrepancies in the DOM.\n- Behavioral detection mechanisms such as mouse movements, keyboard activity, or interaction timing.\n- Identification of scraping-specific browser extensions or content injection tools.\n- Detection of headless execution environments using debugging interfaces or timing-based heuristics.\n\nThis talk will provide a technically grounded exploration of the current capabilities and limitations of stealth web scraping from both offensive and defensive perspectives.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Soukaina Cherrabi","François GRANIER"],"tags":["131","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 3"],"view_count":928,"promoted":false,"date":"2025-08-09T19:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-02T16:00:05.377+02:00","length":3124,"duration":3124,"thumb_url":"https://static.media.ccc.de/media/events/why2025/131-cac0b163-c806-508a-a0c9-75fa95e19513.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/131-cac0b163-c806-508a-a0c9-75fa95e19513_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/131-cac0b163-c806-508a-a0c9-75fa95e19513.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/131-cac0b163-c806-508a-a0c9-75fa95e19513.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-131-stealth-web-scraping-techniques-for-osint","url":"https://api.media.ccc.de/public/events/cac0b163-c806-508a-a0c9-75fa95e19513","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"a5ac2c7c-9a89-5f19-95e1-03a4aa8e0a41","title":"Phrack 40th Anniversary Release","subtitle":null,"slug":"why2025-132-phrack-40th-anniversary-release","link":"https://program.why2025.org/why2025/talk/B9EYZF/","description":"Celebrate 40 years of legendary hacking with Phrack! We’re dropping a special anniversary release packed with cutting-edge research, underground insights, and tributes to decades of digital rebellion. Don’t miss this milestone issue—crafted by hackers, for hackers. Grab your copy, meet the crew, and honor the zine that defined an era. #Phrack72 #WHY2025 #HackThePlanet\n\nMeet us later at the release party by the Milliways village for some beer (while it lasts) \u0026 snacks!\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Phrack Staff"],"tags":["132","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 3"],"view_count":558,"promoted":false,"date":"2025-08-09T19:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-04-03T19:30:04.126+02:00","length":2733,"duration":2733,"thumb_url":"https://static.media.ccc.de/media/events/why2025/132-a5ac2c7c-9a89-5f19-95e1-03a4aa8e0a41.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/132-a5ac2c7c-9a89-5f19-95e1-03a4aa8e0a41_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/132-a5ac2c7c-9a89-5f19-95e1-03a4aa8e0a41.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/132-a5ac2c7c-9a89-5f19-95e1-03a4aa8e0a41.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-132-phrack-40th-anniversary-release","url":"https://api.media.ccc.de/public/events/a5ac2c7c-9a89-5f19-95e1-03a4aa8e0a41","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"8d2f00ad-bf0f-5737-9e33-fb5682e433c7","title":"Sensible Money: Designing a Sustainable Economy","subtitle":null,"slug":"why2025-32-sensible-money-designing-a-sustainable-economy","link":"https://program.why2025.org/why2025/talk/UHHGZT/","description":"Economic models are increasingly challenged for destroying our planet.  But it is not easy to design a sustainable alternative.  In a follow-up on my OHM talk \"hacking for bankers\", I would like to present a few realistic currencies that we can use to move away from the unsustainable path that we are currently walking.  We could build a profitable yet sustainable grassroots movement.\n\nAt OHM2013 I gave a talk entitled _Hacking for Bankers_ where I explained the perverse motives in the present monetary system.  This talk presents solutions.  They are grassroots systems, that redefine money by choosing another basis for it.  A humane basis.\n\n  * **Sensible Bullion.**  Founded on precious metals such as gold and silver, stored safely in a vault, with (title of) ownership claimable by the one who presents the corresponding digital coins.  While the coins exist, they can circulate for online trading.  Great for long-term savings, neutral for spending, but difficult to handle for investors.\n\n  * **Sensible Energy.** Trading in sustainable energy at zero cost at a parallel energy market.  In the Netherlands, we have rolled out so much sustainable energy that the energy market is giving a push-back instead of handling it with storage systems.  Bypassing this market allows at least wind and solar energy to give each other mutual support, expressing that these are dependent elements in our country's sustainable future, and that they need to evolve together.\n\n  * **Sensible Focus.** Economic theory teaches us that human attention is the most valuable asset overall.  But since money expresses something else, it makes _business sense_ to optimise humans (and humanity) out of products and services.  Were money to express the actual focus of a human being, then the world would be a different place.\n\n  * **Sensible Dinosaur.** What if we put a (monetary) value on unexcavated fossil fuels?  Would we then be able to resist digging it up and burning it?  If we created such a money, could it pay for climate debt?  Perhaps to correct the inequalities caused by climate change?  Or maybe to pay for CO₂ recovery measures?\n\nEssential to all these currencies are a few guiding principles, with details in the [Book of Sensible Taler](http://book.sensible-taler.org/):\n\n 1. Currencies must be **fully backed** by an underlying value; this leaves no room for inflation\n 2. The underlying value cannot be borrowed, so **no interest** can be charged.  Deep **participation with profit-sharing** offers a substitute investment mechanism.\n 3. Digital money entitles the owner to **claim the underlying value**.  Payment systems must have **legal structures** to maintain this property even after bankruptcy.\n 4. Expenses are out in the open, there ore **no concealed fees** or indirect costs.\n\nDifferent underlying rules about the workings of money triggers people to make different choices.  This is how these monetary system designs can focus on sustainability, rather than mindlessly chasing short-term profit.  Such a system can co-exist with the fiat money issued by governments.  And the digital money form is founded on [GNU Taler](https://www.taler.net/en/), it is fit for secure and private online payment at least as easily as fiat money.\n\nThis project is kindly supported by [NLnet Foundation](https://nlnet.nl).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Rick van Rein"],"tags":["32","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 4"],"view_count":125,"promoted":false,"date":"2025-08-10T10:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-02T21:00:04.863+02:00","length":3015,"duration":3015,"thumb_url":"https://static.media.ccc.de/media/events/why2025/32-8d2f00ad-bf0f-5737-9e33-fb5682e433c7.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/32-8d2f00ad-bf0f-5737-9e33-fb5682e433c7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/32-8d2f00ad-bf0f-5737-9e33-fb5682e433c7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/32-8d2f00ad-bf0f-5737-9e33-fb5682e433c7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-32-sensible-money-designing-a-sustainable-economy","url":"https://api.media.ccc.de/public/events/8d2f00ad-bf0f-5737-9e33-fb5682e433c7","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b7adae32-709c-4b9f-bc13-b9419df10d81","title":"Team Updates @ Field Day","subtitle":null,"slug":"why2025-1-team-updates-field-day","link":"https://c3voc.de","description":"Team Leads give a short update about the current status of their planning.","original_language":"eng","persons":["Team Leads"],"tags":["why2025","1","2024"],"view_count":723,"promoted":false,"date":"2024-06-15T15:00:00.000+02:00","release_date":"2024-06-18T00:00:00.000+02:00","updated_at":"2026-02-22T18:15:08.047+01:00","length":1656,"duration":1656,"thumb_url":"https://static.media.ccc.de/media/events/why2025/1-b7adae32-709c-4b9f-bc13-b9419df10d81.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/1-b7adae32-709c-4b9f-bc13-b9419df10d81_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/1-b7adae32-709c-4b9f-bc13-b9419df10d81.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/1-b7adae32-709c-4b9f-bc13-b9419df10d81.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-1-team-updates-field-day","url":"https://api.media.ccc.de/public/events/b7adae32-709c-4b9f-bc13-b9419df10d81","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"9912f5b9-8ecc-556a-a03f-b87abd049d9d","title":"Dries Depoorter","subtitle":null,"slug":"why2025-270-dries-depoorter","link":"https://program.why2025.org/why2025/talk/XMMXBC/","description":"Belgian creative technologist and artist Dries Depoorter, based in Ghent, creates thought-provoking work about technology, surveillance, AI and social media in a playful way that makes people laugh while delivering serious messages in an accessible way. His projects explore digital culture that can inspire marketers: privacy challenges, artificial intelligence applications, surveillance and authentic social media projects.\n\nWith his unique background in electronics and digital innovation, Dries has become a voice for forward-thinking brands and marketing professionals looking to navigate today's complex digital landscape. His artistic approach can directly inspire brands to think differently and develop original marketing concepts that stand out. Through his work, Dries demonstrates how combining creativity with technological insight creates viral moments.\n\nHis award-winning \"Die With Me\" app, accessible only when a user's phone battery drops below 5%, demonstrates how scarcity and unique user experiences can create powerful engagement. On Black Friday, he doubles the price of his app instead of offering discounts, showing brands how breaking marketing rules can create attention. \n\nIn his viral project \"The Follower,\" Dries leverages open cameras and AI to reveal the reality behind curated Instagram moments—offering marketers an unfiltered look at consumer behavior and content creation.\n\nMeanwhile, \"The Flemish Scrollers\" uses AI to automatically identify politicians using smartphones during parliamentary sessions, highlighting how technology can create accountability and transparency in public spaces.\n\nDries has exhibited at prestigious venues including the Barbican in London, Art Basel, Mutek Festival in Montreal,ZKM, Bozar, WIRED and Ars Electronica.\n\nAs a speaker, he's shared insights with innovative organizations including TEDx, MoMA, SXSW, Chanel, Adidas, Samsung, Deloitte, KBC and Adobe.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Dries Depoorter"],"tags":["270","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 4"],"view_count":95,"promoted":false,"date":"2025-08-10T16:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2025-12-21T14:30:03.232+01:00","length":2886,"duration":2886,"thumb_url":"https://static.media.ccc.de/media/events/why2025/270-9912f5b9-8ecc-556a-a03f-b87abd049d9d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/270-9912f5b9-8ecc-556a-a03f-b87abd049d9d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/270-9912f5b9-8ecc-556a-a03f-b87abd049d9d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/270-9912f5b9-8ecc-556a-a03f-b87abd049d9d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-270-dries-depoorter","url":"https://api.media.ccc.de/public/events/9912f5b9-8ecc-556a-a03f-b87abd049d9d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"66a4ed8d-cbac-55d6-a509-acd9d4575b2f","title":"Evolution and history of 35 years of hardcore/gabber music [XXL edition]","subtitle":null,"slug":"why2025-229-evolution-and-history-of-35-years-of-hardcore-gabber-music-xxl-edition","link":"https://program.why2025.org/why2025/talk/MEGUP3/","description":"This talk is a \"no clip\" deep dive through a genre of music. We'll start in 1990 and discover the genre as it was discovered by its creators. While traveling through time we'll try to answer the question: what is hardcore?\nThere will clips and mixes of revolutions and sub-genres. We'll learn how it's made and how to win the loudness war. Hardcore spawned a youth culture with lasting international adoption. From art to cheese, we'll cover it all. We'll learn the dance and end with a live set.\n\nThis talk has it all: licensing, content, audience and noise problems in just one comfortable session.\n\nDuring the talk we'll listen to the evolution of this genre using samples, short mixes and video clips. We'll touch upon the politics of resistance and adoption, politicization of nice people and the death and renaissance of the genre. There is a lot to talk about and to listen to. The \"one hour\" version of the talk was a hit at Hacker Hotel 2025, and immediately had a two hour sequel in the off-the-record room.\n\nWhile going down this rabbit hole, and to expand on the \"one hour\" version, we'll take some more time to dive into audio engineering and how to win the loudness war. It will ruin some things some for some people, while opening doors for others.\n\nThe central question throughout the session will be: \"what is hardcore?\".\n\nThis talk mostly focusing on fun and interesting stuff, but due to the inherent nature of hardcore music there might (=guarantee) be references to sex, drugs, violence, profanity, recklessness and spooky scary skeletons in the first ten seconds. This talk is not for all ages and minds.\n\nThe plan is to have about one to two hours diving into this rabbit hole. After that we'll try to teach you the dance called \"hakkuh\" and end off with a super varied one hour live set (if time and noise curfew allows) touching multiple genres with different types of hardcore at its center.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Elger \"Stitch\" Jonker"],"tags":["229","2025","why2025","Entertainment","Party Stage","why2025-eng","Day 3"],"view_count":1236,"promoted":false,"date":"2025-08-09T16:30:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-23T21:45:07.177+01:00","length":10460,"duration":10460,"thumb_url":"https://static.media.ccc.de/media/events/why2025/229-66a4ed8d-cbac-55d6-a509-acd9d4575b2f.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/229-66a4ed8d-cbac-55d6-a509-acd9d4575b2f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/229-66a4ed8d-cbac-55d6-a509-acd9d4575b2f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/229-66a4ed8d-cbac-55d6-a509-acd9d4575b2f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-229-evolution-and-history-of-35-years-of-hardcore-gabber-music-xxl-edition","url":"https://api.media.ccc.de/public/events/66a4ed8d-cbac-55d6-a509-acd9d4575b2f","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"790c0e3a-8647-5e42-8beb-fa92a6fcb06b","title":"Guardians of the Dutch healthcare part 2: NIS2 edition","subtitle":null,"slug":"why2025-171-guardians-of-the-dutch-healthcare-part-2-nis2-edition","link":"https://program.why2025.org/why2025/talk/KJEMMF/","description":"In 2017 (just before SHA2017) the Dutch healthcare sector came together to create Stichting Z-CERT, the Zorg Computer Emergency Response Team. A nonprofit to protect and advise the Dutch Healthcare sector. What started as a small startup has now grown into a scaleup with the ambitions to match.\nA lot has changed in the 3 years since the last talk about Z-CERT. In this talk we will:\n- Tell who we are\n- Show what we do\n- Give a little peak behind the curtain how we do that\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["NelusTheNerd"],"tags":["171","2025","why2025","The square hole","Brachium","why2025-eng","Day 5"],"view_count":107,"promoted":false,"date":"2025-08-11T17:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-06T09:45:06.240+01:00","length":1484,"duration":1484,"thumb_url":"https://static.media.ccc.de/media/events/why2025/171-790c0e3a-8647-5e42-8beb-fa92a6fcb06b.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/171-790c0e3a-8647-5e42-8beb-fa92a6fcb06b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/171-790c0e3a-8647-5e42-8beb-fa92a6fcb06b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/171-790c0e3a-8647-5e42-8beb-fa92a6fcb06b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-171-guardians-of-the-dutch-healthcare-part-2-nis2-edition","url":"https://api.media.ccc.de/public/events/790c0e3a-8647-5e42-8beb-fa92a6fcb06b","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6bdbab59-f82b-5ec3-805c-921677f9d993","title":"How to bluff your way into Zero Trust","subtitle":null,"slug":"why2025-212-how-to-bluff-your-way-into-zero-trust","link":"https://program.why2025.org/why2025/talk/BVSMJZ/","description":"Zero Trust (ZT) is a security paradigm gaining traction and popularity.\nIn the talk I will show how ZT is the progression of many security ideas that you may already be familiar with, and how you can rebrand and review what you are already doing to show that you are making progress.\n\nZero Trust (ZT) is a security paradigm gaining traction, especially in the US defense community. The underlying idea is to reduce implicit trust as much as possible. This makes great sense from a security perspective. \nIts implementation is daunting though, because it is not about dropping a new product in the security landscape. Instead, it is more an approach and a process. It is still hard to prioritize ZT and to retrofit it to existing system architectures.\nIn the talk I will show how ZT is the progression of many security ideas that you may already be familiar with, and how you can rebrand and review what you are already doing to show that you are making progress.\n\nOutline:\nAs a contributor to the Cloud Security Alliances Zero Trust cert (CCZT), and experienced instructor, I intend to borrow from the (public) body of knowledge and my experiences in teaching that.\nThis will give the audience a good insight in Zero Trust content and trends.\n\nThis will include\n- the core idea (never trust, always verify)\n- the major use cases\n- business value of ZT\n- steps in implementing\n- publicly available maturity models\n- example implementations and status thereof (e.g. US Airforce)\n- link to earlier principles\n- retrofitting ZT on an existing application\n- experiences\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Peter van Eijk"],"tags":["212","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 4"],"view_count":245,"promoted":false,"date":"2025-08-10T22:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-18T19:30:07.227+01:00","length":3256,"duration":3256,"thumb_url":"https://static.media.ccc.de/media/events/why2025/212-6bdbab59-f82b-5ec3-805c-921677f9d993.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/212-6bdbab59-f82b-5ec3-805c-921677f9d993_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/212-6bdbab59-f82b-5ec3-805c-921677f9d993.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/212-6bdbab59-f82b-5ec3-805c-921677f9d993.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-212-how-to-bluff-your-way-into-zero-trust","url":"https://api.media.ccc.de/public/events/6bdbab59-f82b-5ec3-805c-921677f9d993","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"814f22be-a82b-5412-8e77-e2f0ceaebc10","title":"Automate yourself out of supply chain hell","subtitle":null,"slug":"why2025-76-automate-yourself-out-of-supply-chain-hell","link":"https://program.why2025.org/why2025/talk/7C8XYS/","description":"Modern software development and operations heavily relies on third-party applications, libraries, containers etc. \nThis presentation will showcase how dev, ops, but also security management can be transparent about dependency versioning and known vulnerabilities, while also staying on track with updates.\nIt will show demos of Open Source Standards like SBOM and Frameworks like Dependency-Check, Dependency-Track and Renovate that can help automate the sadness of today's supply chain issues.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["cy"],"tags":["76","2025","why2025","Hacking","Brachium","why2025-eng","Day 5"],"view_count":186,"promoted":false,"date":"2025-08-11T21:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-10T12:15:06.959+01:00","length":2982,"duration":2982,"thumb_url":"https://static.media.ccc.de/media/events/why2025/76-814f22be-a82b-5412-8e77-e2f0ceaebc10.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/76-814f22be-a82b-5412-8e77-e2f0ceaebc10_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/76-814f22be-a82b-5412-8e77-e2f0ceaebc10.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/76-814f22be-a82b-5412-8e77-e2f0ceaebc10.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-76-automate-yourself-out-of-supply-chain-hell","url":"https://api.media.ccc.de/public/events/814f22be-a82b-5412-8e77-e2f0ceaebc10","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"c2847fc7-51fe-5f98-be2d-29158f298910","title":"Die Hardcoded: Unlocking Yealink's (weakest) secrets","subtitle":null,"slug":"why2025-45-die-hardcoded-unlocking-yealink-s-weakest-secrets","link":"https://program.why2025.org/why2025/talk/CXVW7V/","description":"During this talk we look at hardware and firmware reverse engineering, but also at corporate intimidation tactics and how to respond ethically as a security researcher.\nLeveraging the hard-coded AES keys, outdated software, and lots and lots of custom code we found, we were able to install \"custom code\" on some phones and access global customer configuration data by exploiting Yealink's global cloud provisioning service (RPS).\n\nCommunication is the cornerstone of human collaboration and vital to functional governments, flourishing businesses, and our personal lives. We take for granted that sensitive information we send through our digital communication infrastructure is only received by the intended recipient.\nThis puts immense responsibility on communication equipment manufacturers and service providers to keep our communications safe from prying eyes. Surely we can trust a global, leading manufacturer of video conferencing, voice communication and collaboration solutions to keep our data safe, right? ...right?\nThey may have shiny devices and their marketing slides might be impressive, but we care about what's on the inside.\nIn this talk, we take a look at Yealink VoIP business phones and their cloud infrastructure.\nCome with us on a technical deep dive involving hardware hacking and firmware reverse engineering, but also listen to a story about corporate intimidation tactics and lessons on how not to treat security researchers.\nWhat we find is a security researcher's dream: hard-coded AES keys, outdated software, and lots and lots of custom C code (including cryptography!).\nWe were not only able to run custom code on some phones, but were also able to access configuration data of their global cloud provisioning service while casually answering the age-old question: \"Does it run DOOM?\".\nThis project concluded in a wide-ranging coordinated vulnerability disclosure involving the manufacturer, telecom providers, national cybersecurity agencies, and major customers, which we will also outline in this talk.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jeroen Hermans","Stefan Gloor"],"tags":["45","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 5"],"view_count":339,"promoted":false,"date":"2025-08-11T19:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-03T16:00:04.853+02:00","length":1990,"duration":1990,"thumb_url":"https://static.media.ccc.de/media/events/why2025/45-c2847fc7-51fe-5f98-be2d-29158f298910.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/45-c2847fc7-51fe-5f98-be2d-29158f298910_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/45-c2847fc7-51fe-5f98-be2d-29158f298910.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/45-c2847fc7-51fe-5f98-be2d-29158f298910.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-45-die-hardcoded-unlocking-yealink-s-weakest-secrets","url":"https://api.media.ccc.de/public/events/c2847fc7-51fe-5f98-be2d-29158f298910","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"754f92d1-4e06-5bde-947a-db5e187c6cf6","title":"🛡️ Linux Permissions and Hardening","subtitle":null,"slug":"why2025-192-linux-permissions-and-hardening","link":"https://program.why2025.org/why2025/talk/QNH3VU/","description":"You want to learn more about Linux permissions? This is the talk for you. Let's learn about the basic UID/GID concepts in Linux and expand into more complex ACLs. Then escalating on the \"everything-is-a-file\" concept and applying the learned security logic onto program behavior using SELinux or AppArmor.\n\nThe first point a \"normal\" user encounters Linux permissions, is often when he wants to execute a downloaded file (from the internet) - requiring him to set the executable-bit... But this one bit is just a part of a much larger world of the Linux permissions - starting with the usual umask-reduced \"drwxrwxr-x\" and including access-contol-lists for more complex scenarios. The learned concepts can then be applied onto not only files, but also devices (e.g. using udev)... Most users also know how to bypass \"Permission Denied\" touble (by just using \"sudo\"), but how does that actually work?\nBut managing access to files and devices from the users perspective is just one side of Linux security, as one can also apply these filtering logic onto system-calls programs make: For this we will take a quick look into SELinux and AppArmor, two of the more popular hardening frameworks and how their rulesets work.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["simonmicro"],"tags":["192","2025","why2025","The square hole","Delphinus","why2025-eng","Day 5"],"view_count":311,"promoted":false,"date":"2025-08-11T16:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-17T16:45:06.171+01:00","length":1507,"duration":1507,"thumb_url":"https://static.media.ccc.de/media/events/why2025/192-754f92d1-4e06-5bde-947a-db5e187c6cf6.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/192-754f92d1-4e06-5bde-947a-db5e187c6cf6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/192-754f92d1-4e06-5bde-947a-db5e187c6cf6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/192-754f92d1-4e06-5bde-947a-db5e187c6cf6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-192-linux-permissions-and-hardening","url":"https://api.media.ccc.de/public/events/754f92d1-4e06-5bde-947a-db5e187c6cf6","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"3377f6aa-4668-5aa4-a3c0-4a2d7dea0cff","title":"Flipping Bits: Your Credentials Are Certainly Mine","subtitle":null,"slug":"why2025-268-flipping-bits-your-credentials-are-certainly-mine","link":"https://program.why2025.org/why2025/talk/WQEGCU/","description":"Did you know that if you change a single bit from 1 to 0 (or vice versa) in the first 'g' of the domain name google.com (which is 01100111 in binary) you will end up with variety of valid \"bitflip\" domains like coogle.com, oogle.com, \u0026 woogle.com\n\nSo what happens if you generate and register a bunch of cheap bitfliped versions of popular cloud / Saas provider domains, point them to your VPS, log all incoming requests \u0026 then forget about the whole thing for two years?\n\nWell you will in fact receive a stiff bill, generate huge log files and eventually run out of disk space. But on the upside, you will also have collected a treasure trove of legit credentials \u0026 interesting stuff like valid OAuth refresh tokens, JWT tokens, bearers, cookies, emails, meeting invites with passwords \u0026 truckloads of internet scanner noise.\n\nIn this session we will revisit bitflip research from the last decade and weponize it. Showcase 'Certainly' a pioneering offensive / defensive tool that employs Wildcard DNS matching \u0026 on-the-fly generated SSL certificates and custom payloads for incoming requests across various protocols. All with the intention to downgrade security, harvest credentials, capture emails and replacing dependencies with custom \"malicious\" payloads\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["STÖK","joohoi"],"tags":["268","2025","why2025","Hacking","Andromeda","why2025-eng","Day 5"],"view_count":430,"promoted":false,"date":"2025-08-11T23:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-02T00:15:06.465+01:00","length":2512,"duration":2512,"thumb_url":"https://static.media.ccc.de/media/events/why2025/268-3377f6aa-4668-5aa4-a3c0-4a2d7dea0cff.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/268-3377f6aa-4668-5aa4-a3c0-4a2d7dea0cff_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/268-3377f6aa-4668-5aa4-a3c0-4a2d7dea0cff.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/268-3377f6aa-4668-5aa4-a3c0-4a2d7dea0cff.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-268-flipping-bits-your-credentials-are-certainly-mine","url":"https://api.media.ccc.de/public/events/3377f6aa-4668-5aa4-a3c0-4a2d7dea0cff","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ddde421c-0f02-5183-9b22-9a6f9d05c663","title":"Digital sovereignty and the FOSS-stack at school.","subtitle":null,"slug":"why2025-243-digital-sovereignty-and-the-foss-stack-at-school","link":"https://program.why2025.org/why2025/talk/XZBREW/","description":"The need for digital sovereignty has always been great, but now there is an autocrat in the White house that is fighting everything he deems “Woke”. This renders USA Big Tech that is run by billionaires that have sworn loyalty to this new King unsuitable for use in education. In this presentation we'll present the WHY for the FOSS stack for schools, our plan how to get there, and the progress we have made so far on our pilot schools.\n\nThe need for digital sovereignty has always been great, but now there is an autocrat in the White house that is fighting everything he deems “Woke”. This renders USA Big Tech that is run by billionaires that have sworn loyalty to this new King unsuitable for use in education. Schools are yearning for a more fair digital environment, but most schools don’t have the funding, knowledge or capacity to create a public-values-by-design school IT environment with all the fantastic free and open source software that is out there. That is why we started the coalition for fair digital education,   so we can bring together the knowledge of free and opensource with the needs of the educational sector. In this presentation we'll present the WHY for the FOSS stack for schools, our plan how to get there, and the progress we have made so far on our pilot schools.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Geert-Jan"],"tags":["243","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 5"],"view_count":116,"promoted":false,"date":"2025-08-11T10:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-16T10:00:09.065+01:00","length":2339,"duration":2339,"thumb_url":"https://static.media.ccc.de/media/events/why2025/243-ddde421c-0f02-5183-9b22-9a6f9d05c663.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/243-ddde421c-0f02-5183-9b22-9a6f9d05c663_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/243-ddde421c-0f02-5183-9b22-9a6f9d05c663.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/243-ddde421c-0f02-5183-9b22-9a6f9d05c663.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-243-digital-sovereignty-and-the-foss-stack-at-school","url":"https://api.media.ccc.de/public/events/ddde421c-0f02-5183-9b22-9a6f9d05c663","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1198fb83-e761-5d08-8eba-a4f2fc37ef99","title":"How we stopped a € 50 million project from destroying a forest (and other ways to pick fights with corporations and governments)","subtitle":null,"slug":"why2025-277-how-we-stopped-a-50-million-project-from-destroying-a-forest-and-other-ways-to-pick-fights-with-corporations-and-governments","link":"https://program.why2025.org/why2025/talk/7EMW3A/","description":"In 2017 a large corporation announced that they wanted to build a € 50 million theme park in a small forest that I had known from my childhood, thus replacing the future of our children with simple entertainment.  An overwhelming feeling of injustice came over us.  We created a plan, and we stuck to it. We drew a line in the sand.\nFatalism can be your greatest enemy, but it doesn’t have to be. Welcome to the rebellion.\n\nIn 2017 a large corporation announced that they wanted to build a water theme park in a small forest that I had known from my childhood. Immediately an overwhelming feeling of injustice came over me. Why would you sacrifice the future of our children for a theme park? It turned out a number of neighbours had the same feeling. We decided to draw a line in the sand.\nFor seven years we fought a battle with the corporation and the government, and the whole time everybody was telling us this was a fight we could not win.\nIn 2024 we won that fight. It turned out it wasn’t just luck. We created a plan, and we stuck to it. Since then we have been sharing our experiences with other organisations. Fatalism can be your greatest enemy, but it doesn’t have to be. Welcome to the rebellion.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jan De Coster"],"tags":["277","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 5"],"view_count":118,"promoted":false,"date":"2025-08-11T19:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-01T19:00:08.855+01:00","length":2251,"duration":2251,"thumb_url":"https://static.media.ccc.de/media/events/why2025/277-1198fb83-e761-5d08-8eba-a4f2fc37ef99.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/277-1198fb83-e761-5d08-8eba-a4f2fc37ef99_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/277-1198fb83-e761-5d08-8eba-a4f2fc37ef99.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/277-1198fb83-e761-5d08-8eba-a4f2fc37ef99.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-277-how-we-stopped-a-50-million-project-from-destroying-a-forest-and-other-ways-to-pick-fights-with-corporations-and-governments","url":"https://api.media.ccc.de/public/events/1198fb83-e761-5d08-8eba-a4f2fc37ef99","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"0cb701c0-1ca8-5572-abdc-9475749bf260","title":"Green WiFi: how regulation sort of works","subtitle":null,"slug":"why2025-279-green-wifi-how-regulation-sort-of-works","link":"https://program.why2025.org/why2025/talk/YUAA7M/","description":"This talk is based on my experience working for Comcast/Sky Group in WLAN (802.11) standardisation. It follows the trajectory from environmental laws through to technical regulations and finally in to technical standards, patents and technologies. The talk argues that well-enforced norms and regulations remain a good way of incentivising socially and globally desirable outcomes, while explaining how technical regulations and standardisation work in practice from the industry insider perspective.\n\nA version of this presentation was previously given at the SICT Summer School at ULB in Brussels. It will also be presented at Bornhack and BalcCon in 2025.\n\nI feel like such a talk is especially important now that Europe is no longer under an American security umberella. Europe consistently fails in pushing a rules-based world order, while, in fact, it is difficult to see any other form of world order work either for Europe or indeed the vast majority of countries. We have many parallel examples from privacy, security and data protection law where Europe, again, fails to understand and identify its own critical interests.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Amelia Andersdotter"],"tags":["279","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 4"],"view_count":157,"promoted":false,"date":"2025-08-10T10:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-29T14:30:04.484+02:00","length":2599,"duration":2599,"thumb_url":"https://static.media.ccc.de/media/events/why2025/279-0cb701c0-1ca8-5572-abdc-9475749bf260.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/279-0cb701c0-1ca8-5572-abdc-9475749bf260_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/279-0cb701c0-1ca8-5572-abdc-9475749bf260.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/279-0cb701c0-1ca8-5572-abdc-9475749bf260.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-279-green-wifi-how-regulation-sort-of-works","url":"https://api.media.ccc.de/public/events/0cb701c0-1ca8-5572-abdc-9475749bf260","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6a2c3efa-cb53-5cdb-ae3f-40fb6729f3ac","title":"Escaping a misleading \"sandbox\": breaking the WebAssembly-JavaScript barrier","subtitle":null,"slug":"why2025-226-escaping-a-misleading-sandbox-breaking-the-webassembly-javascript-barrier","link":"https://program.why2025.org/why2025/talk/NK7YTF/","description":"When embedded into JavaScript, WebAssembly modules can be \"sandboxed\" by defining a limited set of _imports_. It turns out that an obscure \"feature\" allows us to craft an exploit which bypasses this barrier, enabling us to run arbitrary JavaScript code (pop an alert) from within a malicious WASM module. All within spec... by accident?\n\n(Also released as write-up in Phrack #72)\n\nWhen talking about WebAssembly, the word \"sandbox\" comes up often: modules are isolated from eachother, and from the host runtime.\nHence, it is perfectly safe to run untrusted WASM modules (e.g. plugins) in a web-app: the module's interfaces can be limited, making it such that any malicious code has no way of escaping.\n\n... is what I thought.\n\nIn this talk I will show how a sneaky specification detail allows us to program a JavaScript version of a _weird machine_, to eventually escape from WebAssembly into running arbitrary JavaScript code. This trick is fully in-spec and requires no actual browser exploitation (we don't break _that_ sandbox). Hence, this talk should be accessible for anyone with a basic JavaScript understanding. No WebAssembly experience is required: I will cover everything required to understand the exploit.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Thomas Rinsma"],"tags":["226","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 5"],"view_count":585,"promoted":false,"date":"2025-08-11T11:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-30T05:30:03.848+02:00","length":2448,"duration":2448,"thumb_url":"https://static.media.ccc.de/media/events/why2025/226-6a2c3efa-cb53-5cdb-ae3f-40fb6729f3ac.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/226-6a2c3efa-cb53-5cdb-ae3f-40fb6729f3ac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/226-6a2c3efa-cb53-5cdb-ae3f-40fb6729f3ac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/226-6a2c3efa-cb53-5cdb-ae3f-40fb6729f3ac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-226-escaping-a-misleading-sandbox-breaking-the-webassembly-javascript-barrier","url":"https://api.media.ccc.de/public/events/6a2c3efa-cb53-5cdb-ae3f-40fb6729f3ac","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","title":"Race conditions, transactions and free parking","subtitle":null,"slug":"why2025-257-race-conditions-transactions-and-free-parking","link":"https://program.why2025.org/why2025/talk/EYKRPS/","description":"ORM's and/or developers don't understand databases, transactions, or concurrency.\n\nAfter the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.\nThis was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse.\n\nIn this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Benjamin W. Broersma"],"tags":["257","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 4"],"view_count":194,"promoted":false,"date":"2025-08-10T15:35:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-16T06:45:03.301+01:00","length":1135,"duration":1135,"thumb_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-257-race-conditions-transactions-and-free-parking","url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"8a6e815c-12ec-5db4-9207-689c0714bc32","title":"Robotics Hello World, a.k.a build your own hexapod","subtitle":null,"slug":"why2025-42-robotics-hello-world-a-k-a-build-your-own-hexapod","link":"https://program.why2025.org/why2025/talk/DHCFRP/","description":"As tinker and software geek robotics is a brilliant field. Finally a field that combines the beautiful creations coming out of your FDM printer and the results of multiple cups of coffee turned into (almost) working software. However where do you get started and how does it actually work? This talk is about all these questions and the corresponding answers that I found during my journey to build my first hexapod robot. From designs to simulation, custom pcbs to finally a walking robot.\n\nI'm by no means a roboticist, I'm just an average tinker with a 3d printer and an IDE. This is about my journey to build a hexapod and everything I encountered along the way. From mechanical design and custom PCBs to math and software simulation I'll take you along for the ride. And hopefully help you along on your journey. If you want to get some insight in the inner workings of a hexapod robot, not afraid of some math equations and interested in gazebo simulators this is a good place to be.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Hugo Trippaers"],"tags":["42","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 4"],"view_count":150,"promoted":false,"date":"2025-08-10T11:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-06T12:45:07.732+01:00","length":3003,"duration":3003,"thumb_url":"https://static.media.ccc.de/media/events/why2025/42-8a6e815c-12ec-5db4-9207-689c0714bc32.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/42-8a6e815c-12ec-5db4-9207-689c0714bc32_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/42-8a6e815c-12ec-5db4-9207-689c0714bc32.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/42-8a6e815c-12ec-5db4-9207-689c0714bc32.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-42-robotics-hello-world-a-k-a-build-your-own-hexapod","url":"https://api.media.ccc.de/public/events/8a6e815c-12ec-5db4-9207-689c0714bc32","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"cb4c1ad1-eecf-5c82-ba50-c3f521caadd5","title":"EntrySign: create your own x86 microcode for fun and profit","subtitle":null,"slug":"why2025-156-entrysign-create-your-own-x86-microcode-for-fun-and-profit","link":"https://program.why2025.org/why2025/talk/9WTQU3/","description":"We present EntrySign, a cryptographic flaw in AMD’s microcode patch verification logic, including how we discovered the bug and how you can extend our results. EntrySign lets us execute arbitrary microcode on all AMD CPUs from Zen to Zen 5 and modify the behavior of x86 instructions. We will delve into the format of AMD microcode, how their patches are verified, how we were able to reverse engineer this process, and how we were able to access the key information required to defeat it.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Nspace","spq"],"tags":["156","2025","why2025","Hacking","Andromeda","why2025-eng","Day 4"],"view_count":232,"promoted":false,"date":"2025-08-10T23:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-20T11:00:05.322+01:00","length":2949,"duration":2949,"thumb_url":"https://static.media.ccc.de/media/events/why2025/156-cb4c1ad1-eecf-5c82-ba50-c3f521caadd5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/156-cb4c1ad1-eecf-5c82-ba50-c3f521caadd5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/156-cb4c1ad1-eecf-5c82-ba50-c3f521caadd5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/156-cb4c1ad1-eecf-5c82-ba50-c3f521caadd5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-156-entrysign-create-your-own-x86-microcode-for-fun-and-profit","url":"https://api.media.ccc.de/public/events/cb4c1ad1-eecf-5c82-ba50-c3f521caadd5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"846a6f80-7721-581d-98f0-01cd7c84f762","title":"Consent for Hackers, Negotiating consent based on the HTTP protocol","subtitle":null,"slug":"why2025-3-consent-for-hackers-negotiating-consent-based-on-the-http-protocol","link":"https://program.why2025.org/why2025/talk/F9QSW7/","description":"Let's talk to people about negotiating consent before engaging in personal and physical interactions. Your browser does it with every web server, so why shouldn't you do the same with people? This sounds harder than it actually is. Using the HTTP protocol as a guide this I will talk you through how you could negotiate consent to engage with someone on a variety of levels: From 'GET Hug' all the way to 200 OK, but also how to deal with a 404 Consent not found response.\n\nConsent is hot. Consent is good. Consent should be explicitly communicated. This sounds harder than it actually is. In this talk I will present on how to conduct consent negotiations for various levels of interpersonal contact. As illustration I will use the HTTP protocol guide the you through the consent negotiations for an encounter. \n\nDon't worry if you're unfamiliar with the HTTP protocol, I'll be sure that it all will be easy to understand including for those that don't dabble in raw HTTP traffic on a daily basis.\n\nAfter the initial SYN-ACK from the TCP handshake we will get on with the initial HTTP Verbs such as GET and OPTIONS to initiate a consent negotiation and going through various permutations and outcomes. It will include simple Happy Flows, but also more complicated redirects, errors and how to gracefully deal with an unhappy flow if the response returned is not a 200 OK with a body that you hoped for.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Dany"],"tags":["3","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 3"],"view_count":292,"promoted":false,"date":"2025-08-09T14:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-07T11:00:07.129+01:00","length":2084,"duration":2084,"thumb_url":"https://static.media.ccc.de/media/events/why2025/3-846a6f80-7721-581d-98f0-01cd7c84f762.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/3-846a6f80-7721-581d-98f0-01cd7c84f762_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/3-846a6f80-7721-581d-98f0-01cd7c84f762.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/3-846a6f80-7721-581d-98f0-01cd7c84f762.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-3-consent-for-hackers-negotiating-consent-based-on-the-http-protocol","url":"https://api.media.ccc.de/public/events/846a6f80-7721-581d-98f0-01cd7c84f762","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6094ef24-1d9f-5ca5-ab69-889538d7671f","title":"Lockpicking in CTFs","subtitle":null,"slug":"why2025-58-lockpicking-in-ctfs","link":"https://program.why2025.org/why2025/talk/8VGLJQ/","description":"The WHY2025 Capture the Flag competition (CTF) has multiple lockpicking challenges as part of the CTF. Successfully picking these locks gives you one of the flags. To be able to create a solid CTF challenge out of an ordinary lock we had to come up with some kind of solution. We used our past experiences in CTFs as inspiration to see how we could do it better. This talk shows the concepts we came up with and which are currently used in the WHY2025 CTF.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Thijs Bosschert"],"tags":["58","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 4"],"view_count":94,"promoted":false,"date":"2025-08-10T22:10:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-23T15:15:08.360+01:00","length":1318,"duration":1318,"thumb_url":"https://static.media.ccc.de/media/events/why2025/58-6094ef24-1d9f-5ca5-ab69-889538d7671f.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/58-6094ef24-1d9f-5ca5-ab69-889538d7671f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/58-6094ef24-1d9f-5ca5-ab69-889538d7671f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/58-6094ef24-1d9f-5ca5-ab69-889538d7671f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-58-lockpicking-in-ctfs","url":"https://api.media.ccc.de/public/events/6094ef24-1d9f-5ca5-ab69-889538d7671f","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2daa8a66-9c00-558b-842a-d178db6d1c6e","title":"A step towards infinite storage?","subtitle":null,"slug":"why2025-227-a-step-towards-infinite-storage","link":"https://program.why2025.org/why2025/talk/7X9NJP/","description":"This talk will take you into a journey leading to the retrofit of a robotic tape library to enable it to accomodate hard drives in addition to the original media, from the reasons we did it to all the obstacles that needed to be overcome and how we did all that, pushing a little further the physical limits that make data storage increasingly problematic in a world where over 200TB is generated every second and must sometimes be retained for years (and possibly more).\n\nEvery year, humanity generates at least 250 Exabytes of data, so storage becomes increasingly problematic because this accumulates and at least part of it must be stored and made accessible for extended periods ; however, not all of that data is being accessed simultaneously. Moreover, the Internet is not well suited for the transfer of large datasets and quite often it is preferable to move physical media.\n\nIn this talk we will dive into some physical limits related to this particular problem, and how we have pushed them a little further by retrofitting a large tape library so that it can accommodate hard drives in addition to magnetic tapes.\n\nThis task involved reverse-engineering the drive train, designing new electronics to replace the proprietary and monolithic hardware by something more manageable, coming up with a plan to build a docking station that can be handled by the robot and withstand millions of insertion cycles and that is also end-user-friendly while keeping it as affordable as possible. We will dive into the limitations of the various tools at our disposal and how we worked around them to achieve our goal, while drawing a picture of all the skills and technologies involved and how this can be useful for you.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jesus Zen Droïd"],"tags":["227","2025","why2025","Hacking","Brachium","why2025-eng","Day 3"],"view_count":193,"promoted":false,"date":"2025-08-09T12:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-10T22:15:10.748+01:00","length":1601,"duration":1601,"thumb_url":"https://static.media.ccc.de/media/events/why2025/227-2daa8a66-9c00-558b-842a-d178db6d1c6e.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/227-2daa8a66-9c00-558b-842a-d178db6d1c6e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/227-2daa8a66-9c00-558b-842a-d178db6d1c6e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/227-2daa8a66-9c00-558b-842a-d178db6d1c6e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-227-a-step-towards-infinite-storage","url":"https://api.media.ccc.de/public/events/2daa8a66-9c00-558b-842a-d178db6d1c6e","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"fb2d3314-8a9d-5e2c-ac94-6469d32f28f9","title":"Reviewing live-bootstrap","subtitle":null,"slug":"why2025-139-reviewing-live-bootstrap","link":"https://program.why2025.org/why2025/talk/33HD7W/","description":"live-bootstrap is a worthy attempt to provide a reproducible, automatic, complete end-to-end bootstrap from a minimal number of binary seeds to a supported fully functioning operating system. Although it is starts with a minimal binary seed of only 280 bytes it also depends on a lot of other sources. What are those sources exactly and how can we review these to make sure that live-bootstrap can be trusted?\n\nIn the past two years, I spend studying stage0 of the live-bootstrap project in order to understand how it works, to find out on what sources it depends, and to create an interactive documentation hopefully helping others to understand it and review the sources.\n\nIn this process, I have written programs to interpret the kaem scripts, an emulator for stage0, and a program to analyze the strace output and generate a T-diagram.\n\nIn the presentation, I will talk about the steps I have taken, present the results, and also discuss ways to simplify the stage0 sources, such as developing a C-compiler targeted for compiling the Tiny C Compiler using a small stack based languages as intermediate language.\n\n'Slides' for the presentation: https://iwriteiam.nl/WHY2025_talk.html\n\nLinks:\n- https://iwriteiam.nl/Software.html\n- https://iwriteiam.nl/livebootstrap.html\n- https://github.com/FransFaase/Emulator/\n- https://fransfaase.github.io/Emulator/tdiagram.html\n- https://github.com/FransFaase/MES-replacement\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Frans Faase"],"tags":["139","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 5"],"view_count":83,"promoted":false,"date":"2025-08-11T17:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-08T23:00:08.670+01:00","length":1921,"duration":1921,"thumb_url":"https://static.media.ccc.de/media/events/why2025/139-fb2d3314-8a9d-5e2c-ac94-6469d32f28f9.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/139-fb2d3314-8a9d-5e2c-ac94-6469d32f28f9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/139-fb2d3314-8a9d-5e2c-ac94-6469d32f28f9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/139-fb2d3314-8a9d-5e2c-ac94-6469d32f28f9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-139-reviewing-live-bootstrap","url":"https://api.media.ccc.de/public/events/fb2d3314-8a9d-5e2c-ac94-6469d32f28f9","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"956f39b1-5690-5fb7-b079-27f54cbe8193","title":"23 Years of Security Advisories: Past, Present, and Future at the Dutch NCSC","subtitle":null,"slug":"why2025-209-23-years-of-security-advisories-past-present-and-future-at-the-dutch-ncsc","link":"https://program.why2025.org/why2025/talk/G8AJKY/","description":"For over 23 years, the Dutch National Cyber Security Centre (NCSC) and its predecessors - GOVCERT.NL and CERT-RO - have been publishing security advisories to help protect Dutch digital infrastructure. Over the decades, this advisory service has evolved significantly in scope, scale, and approach. From the tooling and processes used, to the volume of vulnerabilities handled, the format of our advisories, and our audience - nearly every aspect of our work has changed and keeps changing.\n\nThis presentation will explore the history and development of the NCSC-NL security advisory service, reflecting on key milestones and lessons learned along the way. We will then look forward, discussing how the service is adapting to current challenges and future demands, most notably automation.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jacco Ligthart"],"tags":["209","2025","why2025","The square hole","Andromeda","why2025-eng","Day 3"],"view_count":95,"promoted":false,"date":"2025-08-09T22:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-02-07T18:15:11.566+01:00","length":1775,"duration":1775,"thumb_url":"https://static.media.ccc.de/media/events/why2025/209-956f39b1-5690-5fb7-b079-27f54cbe8193.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/209-956f39b1-5690-5fb7-b079-27f54cbe8193_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/209-956f39b1-5690-5fb7-b079-27f54cbe8193.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/209-956f39b1-5690-5fb7-b079-27f54cbe8193.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-209-23-years-of-security-advisories-past-present-and-future-at-the-dutch-ncsc","url":"https://api.media.ccc.de/public/events/956f39b1-5690-5fb7-b079-27f54cbe8193","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"f66e8e60-9e3d-59fc-be89-b08294745335","title":"Repair for Future","subtitle":null,"slug":"why2025-57-repair-for-future","link":"https://program.why2025.org/why2025/talk/BDQESV/","description":"A brief retrospective over the past 16 years of organized voluntary repair initiatives and a look at the breakthroughs for the right to repair movement\n\nWhen Martine Postma organized her first Repair-Café in Amsterdam, would she have imagined the kind of traction that her initiative would gain worldwide? With rampant enshittification of services, but also products (\"planned obsolescence\") comes resistance from consumers and politics. I'll show a few blatant examples and outline the recent progress in EU legislation.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Fraxinas"],"tags":["57","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 4"],"view_count":163,"promoted":false,"date":"2025-08-10T19:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-03T18:30:11.853+01:00","length":3027,"duration":3027,"thumb_url":"https://static.media.ccc.de/media/events/why2025/57-f66e8e60-9e3d-59fc-be89-b08294745335.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/57-f66e8e60-9e3d-59fc-be89-b08294745335_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/57-f66e8e60-9e3d-59fc-be89-b08294745335.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/57-f66e8e60-9e3d-59fc-be89-b08294745335.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-57-repair-for-future","url":"https://api.media.ccc.de/public/events/f66e8e60-9e3d-59fc-be89-b08294745335","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"fd88881f-d6ff-5ea0-a2d2-e08db730f407","title":"WHY Lightupyourbanjo","subtitle":null,"slug":"why2025-130-why-lightupyourbanjo","link":"https://program.why2025.org/why2025/talk/9NQTEL/","description":"The Light and Music entertainment platform Lightupyourbanjo began in 2010 when “Cash-a-billy with a Bluegrass bite” band Ed and the Fretmen wanted to have better lights on their banjo. They developed banjo lights with addressable LEDs for in and outside mounting showing interactive animations, written in C++ supporting the songs, and wrote songs to support the lights. In 2025 the Lightupyourbanjo bands will be fighting the darkness with the new O4 model build into their 3 banjos.\n\nIn the WHY Lightupyourbanjo talk, we will look at the world of banjo lights, present the new O4 model and features, apply the 5xWHY analysis on this all to explore the greater meaning, and finally we hope to bring some Light and Music to WHY 2025. \nhttps://www.youtube.com/watch?v=_j19nTYNWv4\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Roelof van der Berg"],"tags":["130","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 5"],"view_count":71,"promoted":false,"date":"2025-08-11T21:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-21T11:30:06.541+01:00","length":2527,"duration":2527,"thumb_url":"https://static.media.ccc.de/media/events/why2025/130-fd88881f-d6ff-5ea0-a2d2-e08db730f407.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/130-fd88881f-d6ff-5ea0-a2d2-e08db730f407_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/130-fd88881f-d6ff-5ea0-a2d2-e08db730f407.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/130-fd88881f-d6ff-5ea0-a2d2-e08db730f407.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-130-why-lightupyourbanjo","url":"https://api.media.ccc.de/public/events/fd88881f-d6ff-5ea0-a2d2-e08db730f407","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"a8c7eb19-1a46-51d2-bfe7-1cb9fc5bab8a","title":"Autarkie - Instant grammar fuzzing using Rust macros","subtitle":null,"slug":"why2025-163-autarkie-instant-grammar-fuzzing-using-rust-macros","link":"https://program.why2025.org/why2025/talk/BNTTXU/","description":"Fuzzing is one of the most effective ways to find elusive software vulnerabilities. Despite years of research, general purpose fuzzers such as AFL++ and Libfuzzer struggle to mutate complex data structures effectively, preventing them from exploring deep functionality. Grammar fuzzing, an alternative fuzzing strategy is much more effective but complex to setup and run. Autarkie abstracts away all complexity and and surpasses all other grammar fuzzers in performance while offering novel features.\n\nGone are the days of finding bugs in the parser or on the surface of applications. The bugs now lie in the core application logic, well beyond the parser. Fuzzing complex targets such as interpreters, databases or network protocols  has always been difficult due to their strict input structures.  Autarkie was born out of the need of fuzzing complex and evolving data structures with the convenience of fuzzers such as AFL++. Autarkie leverages a simple insight: the target needs to parse the input, so it must define the structure internally. Macros could be used to gain insight into the structure and build a grammar fuzzer. \n\nAutarkie does not just out perform all other grammar fuzzers, but also offers novel features such as removing grammar derivation and maintenance, ability to learn from other fuzzers, constraint solving and resumable fuzzing campaigns. \n\nJoin me for this talk where I go through Autarkie's internals, features, and its development journey.\nI will also talk about my journey hunting for bugs with Autarkie and hopefully convince you to use it on yours.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Aarnav Bos"],"tags":["163","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 5"],"view_count":48,"promoted":false,"date":"2025-08-11T10:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-03T00:00:10.344+01:00","length":2045,"duration":2045,"thumb_url":"https://static.media.ccc.de/media/events/why2025/163-a8c7eb19-1a46-51d2-bfe7-1cb9fc5bab8a.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/163-a8c7eb19-1a46-51d2-bfe7-1cb9fc5bab8a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/163-a8c7eb19-1a46-51d2-bfe7-1cb9fc5bab8a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/163-a8c7eb19-1a46-51d2-bfe7-1cb9fc5bab8a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-163-autarkie-instant-grammar-fuzzing-using-rust-macros","url":"https://api.media.ccc.de/public/events/a8c7eb19-1a46-51d2-bfe7-1cb9fc5bab8a","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"aed600bb-a83e-5980-85c3-29507d975041","title":"Eye on the sky: building investigative journalism tools for analyzing airplanes","subtitle":null,"slug":"why2025-242-eye-on-the-sky-building-investigative-journalism-tools-for-analyzing-airplanes","link":"https://program.why2025.org/why2025/talk/UCJXUK/","description":"What aircraft have been in Moscow and New York within 24 hours of each other? How many helicopters normally patrol this border? At Bellingcat, a Dutch investigative non-profit, we publish open-source journalism using open-source software tools. In this presentation, I'll talk about a new tool I've been building for querying airplane data, and the broader journalistic context of this data, which has become increasingly important for tracking oligarchs, deportations and conflict.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Logan Williams"],"tags":["242","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":325,"promoted":false,"date":"2025-08-09T16:10:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-04-01T16:30:05.728+02:00","length":1609,"duration":1609,"thumb_url":"https://static.media.ccc.de/media/events/why2025/242-aed600bb-a83e-5980-85c3-29507d975041.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/242-aed600bb-a83e-5980-85c3-29507d975041_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/242-aed600bb-a83e-5980-85c3-29507d975041.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/242-aed600bb-a83e-5980-85c3-29507d975041.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-242-eye-on-the-sky-building-investigative-journalism-tools-for-analyzing-airplanes","url":"https://api.media.ccc.de/public/events/aed600bb-a83e-5980-85c3-29507d975041","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"f81a7c16-1989-5c21-b67b-2774cc01bc17","title":"Packets Over Any Wire: Alternative Networking Mediums for Hackers","subtitle":null,"slug":"why2025-86-packets-over-any-wire-alternative-networking-mediums-for-hackers","link":"https://program.why2025.org/why2025/talk/DJ7NXK/","description":"Why limit yourself to Ethernet and Wi-Fi when every wire in your house can carry packets? This talk explores alternative physical networking technologies that exist but are often overlooked. From Powerline Networking (HomePlug AV/AV2) to MoCA over coaxial cables, we’ll dive into how these systems work, their encryption and security models, known exploits, and the inherent risks of non-switched cable mediums.\n\nBeyond the theoretical, we’ll examine real-world applications, including whole-home audio and video distribution, network segmentation strategies, and the unexpected advantages of leveraging existing infrastructure. You’ll see how HDMI matrices, IP-based video distribution, and networked audio solutions like SONOS Net can integrate seamlessly over alternative backbones. We’ll cover segmentation techniques to isolate security cameras, IoT devices, and AV distribution, ensuring efficiency and security.\n\nExpect deep technical insights, practical lessons from years of experimentation, and a fresh perspective on what’s possible when you stop thinking of cables as just power or TV lines—and start treating them as network highways. Whether you're looking to expand connectivity in a complex environment or just want to push the limits of home networking, this talk will leave you with new tools, techniques, and ideas to explore.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Robert Sheehy"],"tags":["86","2025","why2025","Hacking","Delphinus","why2025-eng","Day 4"],"view_count":171,"promoted":false,"date":"2025-08-10T20:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-22T00:00:04.541+01:00","length":3129,"duration":3129,"thumb_url":"https://static.media.ccc.de/media/events/why2025/86-f81a7c16-1989-5c21-b67b-2774cc01bc17.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/86-f81a7c16-1989-5c21-b67b-2774cc01bc17_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/86-f81a7c16-1989-5c21-b67b-2774cc01bc17.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/86-f81a7c16-1989-5c21-b67b-2774cc01bc17.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-86-packets-over-any-wire-alternative-networking-mediums-for-hackers","url":"https://api.media.ccc.de/public/events/f81a7c16-1989-5c21-b67b-2774cc01bc17","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1cd09fc0-ed65-5761-95b3-4086ec51b8af","title":"Reinventing woodwind instuments","subtitle":null,"slug":"why2025-18-reinventing-woodwind-instuments","link":"https://program.why2025.org/why2025/talk/V3ANNV/","description":"Experimental archeology to understand the development of woodwind instruments. What I learned about woodwind instruments by using a spoon drill to make a bore and a whip lathe to reinvent medieval woodturning.\n\nI will discuss cylindrical and conical bores, why they are different in a musical sense and why the technology of the times favours one over the other.\n\nI will also link some peculiar instruments to the medieval education system of the guilds.\n\nThe famous leather archeologist Olaf Goubitz once said \"You can only understand a historical shoe after you have made it\".\n\nAfter following a hobby course in instrument building and a year working as a medieval woodworker in the historical theme park Archeon, I wanted to go back to the roots and build instruments with the tools of the time.\n\nI basically want to become a medieval instrument builder's apprentice, even tough all masters are gone for centuries. With this talk I want to share what I have learned so far.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Molenaar"],"tags":["18","2025","why2025","The square hole","Brachium","why2025-eng","Day 4"],"view_count":171,"promoted":false,"date":"2025-08-10T10:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-09T21:45:08.838+01:00","length":2319,"duration":2319,"thumb_url":"https://static.media.ccc.de/media/events/why2025/18-1cd09fc0-ed65-5761-95b3-4086ec51b8af.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/18-1cd09fc0-ed65-5761-95b3-4086ec51b8af_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/18-1cd09fc0-ed65-5761-95b3-4086ec51b8af.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/18-1cd09fc0-ed65-5761-95b3-4086ec51b8af.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-18-reinventing-woodwind-instuments","url":"https://api.media.ccc.de/public/events/1cd09fc0-ed65-5761-95b3-4086ec51b8af","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6096bb26-ade4-51b0-b004-87de28dd494b","title":"📧 Your own Mailserver - 2025 Edition","subtitle":null,"slug":"why2025-190-your-own-mailserver-2025-edition","link":"https://program.why2025.org/why2025/talk/HXDAMY/","description":"So, it is 2025 and mailservers are getting more and more replaced by cloud-based solutions, which promise to be easy and secure... But what if you can just do it yourself? Hosting your private message server and applying common modern mailserver security practices on your own? This talk wants to introduce a few common software solutions and introduce multiplie techniques from an operators toolbox.\n\nThis talk will cover typical pitfalls you encounter if you try to host your own mailserver solution: Often, those issues are only noticed by users not being able to sent emails successfully - let's go ahead and learn about those beforehand.\nStarting off with the basics of secure mail transmission using (START)SSL on top of SMTP and advancing into DKIM, SPF for secured mailserver origins. Then mentioning a few nice-to-have tools for delivery monitoring like DMARC and Postmark. Then being careful with DNS configuration and RFC-restrictions quickly overlooked.\nFurthermore, let's take a look into TLSA for SMTP, BIMI or complex setups with satellite delivery systems.\nFinally, let's discuss user-based security with locked-down IMAP, PGP signatures and encryption or enforcing secure connections.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["simonmicro"],"tags":["190","2025","why2025","Hacking","Andromeda","why2025-eng","Day 4"],"view_count":1111,"promoted":false,"date":"2025-08-10T21:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-02T08:45:03.647+02:00","length":1529,"duration":1529,"thumb_url":"https://static.media.ccc.de/media/events/why2025/190-6096bb26-ade4-51b0-b004-87de28dd494b.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/190-6096bb26-ade4-51b0-b004-87de28dd494b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/190-6096bb26-ade4-51b0-b004-87de28dd494b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/190-6096bb26-ade4-51b0-b004-87de28dd494b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-190-your-own-mailserver-2025-edition","url":"https://api.media.ccc.de/public/events/6096bb26-ade4-51b0-b004-87de28dd494b","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5abbc550-1e4f-575f-a6f6-89dd6abf8303","title":"I donated a kidney (and maybe you can too)","subtitle":null,"slug":"why2025-239-i-donated-a-kidney-and-maybe-you-can-too","link":"https://program.why2025.org/why2025/talk/WJQNXZ/","description":"*WHY* did I donate a kidney?\n*H*ow did I donate a kidney?\n*Y*ou might want to donate a kidney!\n\nDonating a kidney is quite a thing. But it also isn't. But mostly, it is. I will talk about all the aspects (personal, technical, logistical, ethical) of the process. Lots of related but entirely different things. How does it affect me? How long did it take? What does everything look like? What do the numbers mean? What does it feel like? Can you do the same? Should you do the same? Who shouldn't do it? WHY?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Peetz0r"],"tags":["239","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 4"],"view_count":114,"promoted":false,"date":"2025-08-10T23:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-06T15:15:16.893+01:00","length":1771,"duration":1771,"thumb_url":"https://static.media.ccc.de/media/events/why2025/239-5abbc550-1e4f-575f-a6f6-89dd6abf8303.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/239-5abbc550-1e4f-575f-a6f6-89dd6abf8303_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/239-5abbc550-1e4f-575f-a6f6-89dd6abf8303.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/239-5abbc550-1e4f-575f-a6f6-89dd6abf8303.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-239-i-donated-a-kidney-and-maybe-you-can-too","url":"https://api.media.ccc.de/public/events/5abbc550-1e4f-575f-a6f6-89dd6abf8303","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"c41c76c1-fe49-5a13-b132-ec9c1e5b8fe8","title":"Creating mate ice-tea","subtitle":null,"slug":"why2025-237-creating-mate-ice-tea","link":"https://program.why2025.org/why2025/talk/UMXAES/","description":"We have spend the last years making our own mate ice tea, called HolyMate. We want to share our experiences making a lot of ice tea on a 'small' scale (700+ litre), and explain the process. Hopefully this will inspire you to try it out for yourself, and make your own mate ice tea.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["iron","Okarin"],"tags":["237","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 3"],"view_count":413,"promoted":false,"date":"2025-08-09T15:10:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-19T19:15:04.892+01:00","length":1087,"duration":1087,"thumb_url":"https://static.media.ccc.de/media/events/why2025/237-c41c76c1-fe49-5a13-b132-ec9c1e5b8fe8.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/237-c41c76c1-fe49-5a13-b132-ec9c1e5b8fe8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/237-c41c76c1-fe49-5a13-b132-ec9c1e5b8fe8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/237-c41c76c1-fe49-5a13-b132-ec9c1e5b8fe8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-237-creating-mate-ice-tea","url":"https://api.media.ccc.de/public/events/c41c76c1-fe49-5a13-b132-ec9c1e5b8fe8","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"030e9ea6-4c66-5a97-87e6-9728b93a5c01","title":"The Flipper Blackhat","subtitle":null,"slug":"why2025-107-the-flipper-blackhat","link":"https://program.why2025.org/why2025/talk/TQTUTQ/","description":"I developed a 100% open-source (Quad core A7, 512MB RAM) Linux-enabled Flipper module for WiFi pentesting and ethical hacking!\n\nThis talk covers how and why I developed the Flipper Blackhat: starting at the hardware level through the bootloader, kernel and up to user space. On the hardware side, I'll detail the power supplies, the DDR3 routing, radios, and the A33 processor itself. I'll show the build system, device trees, Python scripts and the penetesting suite I ship with it.\n\nI'll provide an overview of the exploits I've written for it and how to control them from the Flipper app. I will also do a live demo of the device in honeypot mode, RAT driving, AP scanning, embedded exploit etc...\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Ryan Walker"],"tags":["107","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 4"],"view_count":556,"promoted":false,"date":"2025-08-10T16:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-01T15:30:06.441+02:00","length":1799,"duration":1799,"thumb_url":"https://static.media.ccc.de/media/events/why2025/107-030e9ea6-4c66-5a97-87e6-9728b93a5c01.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/107-030e9ea6-4c66-5a97-87e6-9728b93a5c01_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/107-030e9ea6-4c66-5a97-87e6-9728b93a5c01.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/107-030e9ea6-4c66-5a97-87e6-9728b93a5c01.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-107-the-flipper-blackhat","url":"https://api.media.ccc.de/public/events/030e9ea6-4c66-5a97-87e6-9728b93a5c01","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"07808d67-968d-5cc3-a0c0-be40c62e0f65","title":"Challenge the Cyber","subtitle":null,"slug":"why2025-52-challenge-the-cyber","link":"https://program.why2025.org/why2025/talk/8VF3QU/","description":"Challenge the Cyber is a foundation that actively fosters security skills in young hackers (\u003c25 y). In this talk a couple of our (former) participants will share their experience and talk about the varieties of events that the foundation runs throughout the year and how you can prepare and participate. This includes the yearly CTF, a Cyber bootcamp, recurring training events with CTF team Superflat and the participation at the European Cybersecurity Challenge.\n\nThere's an overall shortage of cyber security experts. Challenge the Cyber (CTC) is the foundation that actively fosters security skills in young people and works on closing the gap between the need of experts in companies and talented young people who want to become these experts.\n\nCTC run a national hacking competition (CTF) with roughly 120 participants each year. The best (30-40) performers are then invited to a week long bootcamp in the summer in which highly technical workshops are given, a lot of attention is spent on team building and eventually a team of 10 players is selected for the European Cyber Security Challenge (ECSC). At ECSC team NL is supported again by CTC.\n\nNext to the competition there are side events where anyone can participate, such as playing CTFs with team Superflat. All in all, young people develop and progress through the years to our absolute elite in cyber security. (No, I'm not exaggerating here. We've got zero days as proof :D )\n\nThe presentation will tell all that and more but the story will be told with anecdotes by active participants and volunteers of the foundation. They will give an inspiring insight into the world of the young star hackers and their journeys throughout CTC.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Maja","Jasper","Per Schrijver","Simon"],"tags":["52","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 4"],"view_count":142,"promoted":false,"date":"2025-08-10T14:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-20T12:15:07.795+01:00","length":1507,"duration":1507,"thumb_url":"https://static.media.ccc.de/media/events/why2025/52-07808d67-968d-5cc3-a0c0-be40c62e0f65.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/52-07808d67-968d-5cc3-a0c0-be40c62e0f65_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/52-07808d67-968d-5cc3-a0c0-be40c62e0f65.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/52-07808d67-968d-5cc3-a0c0-be40c62e0f65.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-52-challenge-the-cyber","url":"https://api.media.ccc.de/public/events/07808d67-968d-5cc3-a0c0-be40c62e0f65","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"58e50a46-c287-5261-8b74-6c4d5875d771","title":"Handige microfoon technieken voor betere presentaties","subtitle":null,"slug":"why2025-161-handige-microfoon-technieken-voor-betere-presentaties","link":"https://program.why2025.org/why2025/talk/TAWFK8/","description":"Zodra een presentatie gehouden wordt voor een groter publiek of wanneer een presentatie opgenomen wordt is het bijna een gegeven dat een microfoon gebruikt wordt. In deze presentatie laten we jullie zien welke problemen presentators hebben met microfoons, we geven tips hoe een hand microfoon vast gehouden hoort te worden en laten veel voorkomende problemen met hoofdmicrofoons zien. We geven je handvatten om de geluidskwaliteit van je presentatie zo goed mogelijk te laten zijn.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"nld","persons":["Bix","sophie"],"tags":["161","2025","why2025","Yearn for a better future","Cassiopeia","why2025-nld","Day 3"],"view_count":133,"promoted":false,"date":"2025-08-09T11:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-02-22T00:00:06.552+01:00","length":1386,"duration":1386,"thumb_url":"https://static.media.ccc.de/media/events/why2025/161-58e50a46-c287-5261-8b74-6c4d5875d771.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/161-58e50a46-c287-5261-8b74-6c4d5875d771_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/161-58e50a46-c287-5261-8b74-6c4d5875d771.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/161-58e50a46-c287-5261-8b74-6c4d5875d771.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-161-handige-microfoon-technieken-voor-betere-presentaties","url":"https://api.media.ccc.de/public/events/58e50a46-c287-5261-8b74-6c4d5875d771","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"86210349-dce2-5d27-b2f8-9ab147abce3c","title":"The Menopause Gap: How Silence and Stigma Are Putting Women at Risk","subtitle":null,"slug":"why2025-64-the-menopause-gap-how-silence-and-stigma-are-putting-women-at-risk","link":"https://program.why2025.org/why2025/talk/9C7CHJ/","description":"By 2025, an estimated 1.1 billion women globally will enter menopause, a natural, but misunderstood phase of life. This talk will address the stigma, myths, and misinformation surrounding menopause, focusing on the mental, physical, social, and economic challenges women face. It will also explore the struggles of LGBTQ+ individuals, often overlooked in discussions. The goal is to close the knowledge gap, empower women to advocate for their health, and foster a culture of support and inclusivity.\n\nDisclaimer: For the sake of simplicity, throughout this talk the term ‘women’ will be used when referring to individuals suffering the effects of menopause, however this information is relevant for all individuals born with female reproductive organs.\n\nMenopause remains shrouded in stigma, silence, and common misinformation, leaving many women unsupported and uninformed. Myths and a lack of understanding about menopause contribute to confusion, fear, and inadequate care.\nIt will go beyond the well-known symptoms to uncover the diverse range of life changing symptoms women face during menopause.\nBy openly discussing menopause and moving beyond the idea of 'fixing' women the focus can instead be on building a culture that recognizes and respects the diverse challenges for all women at every stage of life.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["ChewyMoose"],"tags":["64","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 5"],"view_count":123,"promoted":false,"date":"2025-08-11T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-08T20:00:11.836+01:00","length":3014,"duration":3014,"thumb_url":"https://static.media.ccc.de/media/events/why2025/64-86210349-dce2-5d27-b2f8-9ab147abce3c.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/64-86210349-dce2-5d27-b2f8-9ab147abce3c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/64-86210349-dce2-5d27-b2f8-9ab147abce3c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/64-86210349-dce2-5d27-b2f8-9ab147abce3c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-64-the-menopause-gap-how-silence-and-stigma-are-putting-women-at-risk","url":"https://api.media.ccc.de/public/events/86210349-dce2-5d27-b2f8-9ab147abce3c","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1bfd0f67-c021-5829-b669-a014369013e1","title":"Het Grote Cyber Debat","subtitle":null,"slug":"why2025-284-het-grote-cyber-debat","link":"https://program.why2025.org/why2025/talk/CJZV8J/","description":"De Tweede Kamerverkiezingen komen eraan en de digitale vraagstukken liggen op tafel. Wat moet het volgende kabinet doen op het gebied van cyberveiligheid, AI, privacy en digitale autonomie? Welke keuzes zijn écht nodig, en wie durft ze te maken?\n\nTijdens WHY2025 organiseren we Het Grote Cyber Debat waar politici het gesprek aangaan met de mensen die dagelijks aan de knoppen zitten: ethische hackers, open source-ontwikkelaars, securityprofessionals en AI-tinkerers. Scherpe vragen en eerlijke antwoorden, van en voor een publiek dat weet waar het over gaat.\n\nOnlangs presenteerde het huidige kabinet de vernieuwde Nederlandse Digitaliseringsstrategie. Maar de toekomst? Die wordt straks geschreven in partijprogramma’s. Daarom nodigen we juist nu Kamerleden, bestuurders en beleidsmakers uit om te luisteren, te leren en te debatteren met de tech-community vóór de verkiezingskoorts losbarst.\n\n**Astrid Oosenbrug (GroenLinks/PvdA)**\nVoormalig Tweede Kamerlid voor de PvdA (2012–2017); speerpunten cybersecurity en LHBTI’ers, daarna oprichter van het Dutch Institute for Vulnerability Disclosure, en nog steeds werkzaam in cybersecurity.\n\n**Erik Kemp (Volt)**\nFractievoorzitter van Volt in de gemeenteraad van Enschede. Doet een master Cybersecurity aan de Universiteit van Twente.\n\n**Haitske van de Linde (VVD)**\nVVD-raadslid te Hilversum, bij het Waterschap Rijn en IJssel programmamanager Wetgeving Data en Informatie. En in een grijs verleden nog even lijsttrekker van Leefbaar Nederland.\n\n**Janarthanan Sundaram (D66)**\nDirecteur van glasvezel-leverancier Bright Access en lid van de Landelijke Verkiezingscommissie van D66.\n\n**Sebastiaan van ’t Erve (GroenLinks)**\nVolgens zijn LinkedIn “inwoner van de gemeente Lochem” - maar hij was er ooit ook burgemeester, was IT-politicus van het jaar, en promoveert nu op cybercrisis-management bij gemeenten.\n\nEn meer!\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"nld","persons":["Various"],"tags":["284","2025","why2025","Yearn for a better future","Brachium","why2025-nld","Day 4"],"view_count":335,"promoted":false,"date":"2025-08-10T14:00:00.000+02:00","release_date":"2025-09-10T00:00:00.000+02:00","updated_at":"2026-03-31T17:30:04.521+02:00","length":5160,"duration":5160,"thumb_url":"https://static.media.ccc.de/media/events/why2025/284-1bfd0f67-c021-5829-b669-a014369013e1.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/284-1bfd0f67-c021-5829-b669-a014369013e1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/284-1bfd0f67-c021-5829-b669-a014369013e1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/284-1bfd0f67-c021-5829-b669-a014369013e1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-284-het-grote-cyber-debat","url":"https://api.media.ccc.de/public/events/1bfd0f67-c021-5829-b669-a014369013e1","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"f5e2f143-04b2-5382-9c18-540f5cc30221","title":"Handy microphone techniques for better presentations","subtitle":null,"slug":"why2025-160-handy-microphone-techniques-for-better-presentations","link":"https://program.why2025.org/why2025/talk/MZWWK7/","description":"When presenting for a larger audience or when a presentation is recorded it is almost a given that a microphone is used. In this presentation we will show you common problems presenters have with microphones, we will give you tips on holding a hand microphone and show common problems with headsets. All this to give you tools to improve the audio quality of your presentation at the source which can be used at hacker events and everywhere else you will be using a microphone.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Bix","sophie"],"tags":["160","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 3"],"view_count":276,"promoted":false,"date":"2025-08-09T11:30:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-16T17:30:07.193+01:00","length":1435,"duration":1435,"thumb_url":"https://static.media.ccc.de/media/events/why2025/160-f5e2f143-04b2-5382-9c18-540f5cc30221.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/160-f5e2f143-04b2-5382-9c18-540f5cc30221_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/160-f5e2f143-04b2-5382-9c18-540f5cc30221.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/160-f5e2f143-04b2-5382-9c18-540f5cc30221.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-160-handy-microphone-techniques-for-better-presentations","url":"https://api.media.ccc.de/public/events/f5e2f143-04b2-5382-9c18-540f5cc30221","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"57e535cf-4a7d-5588-8322-a5ab80f59aa9","title":"Four Freedoms of Social Media Protocols","subtitle":null,"slug":"why2025-72-four-freedoms-of-social-media-protocols","link":"https://program.why2025.org/why2025/talk/WDPPRA/","description":"Our digital communities are controlled by corporate platforms that surveil, manipulate, and arbitrarily deplatform us. We need a Bill of Digital Rights—ensuring privacy, ownership, algorithmic control, and self-governance. This talk lays out the Four Freedoms for Social Media and how open protocols like ATProtocol, ActivityPub, and Nostr make them possible. The future of social media must serve communities, not corporations—and we must demand it.\n\nThe Four Freedoms of Social Media: A Bill of Rights for Digital Communities\n\nJust as free software has the Four Freedoms, our digital communities need Four Freedoms for Social Media—fundamental rights that ensure people, not corporations, control their online spaces. Social media today is defined by surveillance, manipulation, and arbitrary control—but it doesn’t have to be.\n\nThis talk lays out what we must demand from social protocols:\n\t1.\tThe Freedom to Connect – No one should be prevented from communicating or organizing due to corporate interests or government pressure.\n\t2.\tThe Freedom to Move – Users and communities must be able to leave one platform and take their relationships, content, and identity elsewhere.\n\t3.\tThe Freedom to Understand \u0026 Control Algorithms – People should know how their feeds are shaped and have the power to change them.\n\t4.\tThe Freedom to Self-Govern – Communities should set their own rules, rather than being subject to arbitrary moderation and deplatforming.\n\nTechnologies like AT Protocol (BlueSky), ActivityPub (the Fediverse), and Nostr offer glimpses of this future, but they must be built around these freedoms—not just as features, but as non-negotiable principles.\n\nThis talk isn’t just about what’s possible—it’s about what we must demand from the next generation of social protocols. The future of digital communities should belong to us—not corporations.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["rabble"],"tags":["72","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 5"],"view_count":97,"promoted":false,"date":"2025-08-11T22:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-19T12:15:07.627+01:00","length":1623,"duration":1623,"thumb_url":"https://static.media.ccc.de/media/events/why2025/72-57e535cf-4a7d-5588-8322-a5ab80f59aa9.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/72-57e535cf-4a7d-5588-8322-a5ab80f59aa9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/72-57e535cf-4a7d-5588-8322-a5ab80f59aa9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/72-57e535cf-4a7d-5588-8322-a5ab80f59aa9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-72-four-freedoms-of-social-media-protocols","url":"https://api.media.ccc.de/public/events/57e535cf-4a7d-5588-8322-a5ab80f59aa9","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"54de54fa-8704-5d2b-bee5-fa08ca91b84a","title":"Horus Scenario 2.0","subtitle":null,"slug":"why2025-90-horus-scenario-2-0","link":"https://program.why2025.org/why2025/talk/MBPQL9/","description":"8 years ago at SHA2017, the horusscenario was presented. A Theoretical attack through PV-installations to take down the european energy grid. Since that day, a lot of things have changed, both for the better and for the worse. \nDuring the session, we will look back into the horusscenario with today's knowledge and revisit if the attack is still feasible. (Spoiler: I was right... and it has mainly gotten worse since then...)\n\nDuring the session we will look back on what was said in 2017 and what we know now to be true and have seen in practice. We will also reflect on where we currently are and where we stood back then and if we made any real progress in that regard. Topics discussed will be:\n- Was the theoretical analysis correct? and are there any additional nuances there? more recent examples in practice?\n- We hacked SMA back then because we thought they were most secure. Have any other grid-ending vulnerabilities in PV-installations popped up since then? \n- Are we better off today, then we were back then?\n- Prophesising the future: where are we headed with this attack?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Willem Westerhof"],"tags":["90","2025","why2025","Hacking","Andromeda","why2025-eng","Day 3"],"view_count":528,"promoted":false,"date":"2025-08-09T15:35:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-11T23:00:05.926+01:00","length":1536,"duration":1536,"thumb_url":"https://static.media.ccc.de/media/events/why2025/90-54de54fa-8704-5d2b-bee5-fa08ca91b84a.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/90-54de54fa-8704-5d2b-bee5-fa08ca91b84a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/90-54de54fa-8704-5d2b-bee5-fa08ca91b84a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/90-54de54fa-8704-5d2b-bee5-fa08ca91b84a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-90-horus-scenario-2-0","url":"https://api.media.ccc.de/public/events/54de54fa-8704-5d2b-bee5-fa08ca91b84a","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b0d09852-8c9d-54f3-a876-b672ed6f0926","title":"OpenStreetMap for beginners","subtitle":null,"slug":"why2025-198-openstreetmap-for-beginners","link":"https://program.why2025.org/why2025/talk/LLRPVY/","description":"Are you interested in maps? Are you searching for a FLOSS mapping navigation? Do you need geodata? Do you need a map on your site? Do you want to help creating maps from your local environment or from vulnerable places? Then, you have come to the right talk! This talks gives a broad overview of OpenStreetMap, the community and how to get started with it.\n\nOpenStreetMap is an open database of geodata and has become the biggest geodataset of the world. It is often called 'the wikipedia of maps' and is getting used in more and more applications - from grassroot movements to big corporations. A tremendous lot is possible, but it can be confusing to get started and to dive into the ecosystem.\n\nIn this talk, I'll give a high-level overview of OpenStreetMap and answer the most important questions:\n\n- What is OpenStreetMap (and what is it not?)\n- What applications exist?\n- What tools exist?\n- How can one contribute?\n- How can one export data?\n- How can one get in touch with the local mapping community?\n\nNo previous experience with mapping or GIS needed! This is a talk, so you don't have to bring anything. However, if you need some help with your first OSM-edits, I'll stick around after the talk to get you started. In that case, it might be useful to bring your laptop (or smartphone)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Pieter Vander Vennet"],"tags":["198","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 6"],"view_count":472,"promoted":false,"date":"2025-08-12T12:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-25T19:15:05.927+01:00","length":2743,"duration":2743,"thumb_url":"https://static.media.ccc.de/media/events/why2025/198-b0d09852-8c9d-54f3-a876-b672ed6f0926.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/198-b0d09852-8c9d-54f3-a876-b672ed6f0926_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/198-b0d09852-8c9d-54f3-a876-b672ed6f0926.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/198-b0d09852-8c9d-54f3-a876-b672ed6f0926.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-198-openstreetmap-for-beginners","url":"https://api.media.ccc.de/public/events/b0d09852-8c9d-54f3-a876-b672ed6f0926","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b8db6adb-ba6d-5e93-83d8-eceea9301031","title":"Pentesting Passkeys","subtitle":null,"slug":"why2025-65-pentesting-passkeys","link":"https://program.why2025.org/why2025/talk/WD99DB/","description":"Passkeys are a new way to log in without passwords. They solve a lot of the traditional security risks associated with passwords. But passkeys are only secure if implemented well. When implemented incorrectly, they lead to new attack vectors that hackers can exploit.\n\nIn this talk, we will first study the protocol behind passkeys, called Webauthn. We will then look at some common implementation mistakes, and how we can exploit them. Next, we will present a methodology to carry out pentests on Webauthn implementations, and finally we discuss some vulnerabilities that we detected (and disclosed!) in various web applications.\n\nThis talk is based on joint research with Peizhou Chen (University of Twente).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Matthijs Melissen"],"tags":["65","2025","why2025","Hacking","Brachium","why2025-eng","Day 4"],"view_count":390,"promoted":false,"date":"2025-08-10T20:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-29T08:45:03.065+02:00","length":2061,"duration":2061,"thumb_url":"https://static.media.ccc.de/media/events/why2025/65-b8db6adb-ba6d-5e93-83d8-eceea9301031.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/65-b8db6adb-ba6d-5e93-83d8-eceea9301031_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/65-b8db6adb-ba6d-5e93-83d8-eceea9301031.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/65-b8db6adb-ba6d-5e93-83d8-eceea9301031.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-65-pentesting-passkeys","url":"https://api.media.ccc.de/public/events/b8db6adb-ba6d-5e93-83d8-eceea9301031","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"d2771913-91a4-5343-b3c5-b638e5526186","title":"Can we trust the Zero in Zero trust?","subtitle":null,"slug":"why2025-126-can-we-trust-the-zero-in-zero-trust","link":"https://program.why2025.org/why2025/talk/3EHJGJ/","description":"Zero Trust (ZT) has evolved from pure network access to hype. ZT Everywhere has become a buzzword. If you ask about it during product presentations, the sales person sometimes runs out of the meeting.\n\nIf we look beneath the surface, we find a lot of code that we trust in zero trust environments without realising it. Istio containers in service meshes, key management systems in SSH/Ansible environments and a whole lot of legacy code in confidential computing require trust in strange containers, ex-employees and attestation processes and a CI/CD pipeline for microcode in the cloud. What questions should we ask ZT?\n\nAs the management of keys is crucial for TLS (encryption on transport), disk encryption (encryption on rest) and the new kid on the block confidential computing (encryption of data in use) we look under the carpet of implementations and raise a lot of questions to ask if implementing the concept.\n\nThis immediately affects any digital souvereignty.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Thomas Fricke"],"tags":["126","2025","why2025","Hacking","Delphinus","why2025-eng","Day 6"],"view_count":540,"promoted":false,"date":"2025-08-12T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-29T09:00:03.233+02:00","length":2282,"duration":2282,"thumb_url":"https://static.media.ccc.de/media/events/why2025/126-d2771913-91a4-5343-b3c5-b638e5526186.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/126-d2771913-91a4-5343-b3c5-b638e5526186_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/126-d2771913-91a4-5343-b3c5-b638e5526186.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/126-d2771913-91a4-5343-b3c5-b638e5526186.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-126-can-we-trust-the-zero-in-zero-trust","url":"https://api.media.ccc.de/public/events/d2771913-91a4-5343-b3c5-b638e5526186","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"e4117002-df30-52d9-a10f-8b7ad73bc54a","title":"How to make a Domain-Specific Language for non-devs (so they don't need AI)","subtitle":null,"slug":"why2025-236-how-to-make-a-domain-specific-language-for-non-devs-so-they-don-t-need-ai","link":"https://program.why2025.org/why2025/talk/LXNXVK/","description":"A Domain-Specific Language is a computer language that’s made and suitable for a specific domain — *dûh*. But what happens when that domains is inhabited and operated by people that are – **gasp**! – not developers?! This is when a DSL has the opportunity to shine, and even outshine generic AI.\n\nThe field of Domain-Specific Languages has been going through a quasi-perpetual, reincarnating Gartner hype cycle for decades. Nevertheless, there are many DSLs out there, with many aimed squarely at software devs, and some at non-devs.\n\nIn this talk, I’ll explain what a DSL is and is made up of, and why you‘d want to make one – especially for non-devs! –, why and how to do that using something called “projectional editing”, why and how DSLs are better than AI, and why DSLs should be a standard tool in our dev-toolbox.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Meinte Boersma"],"tags":["236","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 4"],"view_count":65,"promoted":false,"date":"2025-08-10T17:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-13T16:00:20.260+01:00","length":3072,"duration":3072,"thumb_url":"https://static.media.ccc.de/media/events/why2025/236-e4117002-df30-52d9-a10f-8b7ad73bc54a.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/236-e4117002-df30-52d9-a10f-8b7ad73bc54a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/236-e4117002-df30-52d9-a10f-8b7ad73bc54a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/236-e4117002-df30-52d9-a10f-8b7ad73bc54a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-236-how-to-make-a-domain-specific-language-for-non-devs-so-they-don-t-need-ai","url":"https://api.media.ccc.de/public/events/e4117002-df30-52d9-a10f-8b7ad73bc54a","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"7ae8963d-9c00-51b7-86bd-d3231e8f3d55","title":"USB: the most successful interface that also brings power","subtitle":null,"slug":"why2025-255-usb-the-most-successful-interface-that-also-brings-power","link":"https://program.why2025.org/why2025/talk/8MWKCY/","description":"We use it every day, but how does it really work? USB has been around for almost 30 years and it evolved into really universal interface that even extended from the world of computers into the world of extra low voltage electric distribution. In this talk, I will present the basic ideas of the interface with focus on physical layer.\n\nWe will cover:\n - how the world of computer peripherals looked like before USB\n - how did USB evolved\n - how USB became the universal interface for delivering extra low voltage\n - how the Type-C connector changed everything\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Ondřej Caletka"],"tags":["255","2025","why2025","Hacking","Brachium","why2025-eng","Day 5"],"view_count":235,"promoted":false,"date":"2025-08-11T10:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-01T05:30:04.136+02:00","length":3063,"duration":3063,"thumb_url":"https://static.media.ccc.de/media/events/why2025/255-7ae8963d-9c00-51b7-86bd-d3231e8f3d55.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/255-7ae8963d-9c00-51b7-86bd-d3231e8f3d55_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/255-7ae8963d-9c00-51b7-86bd-d3231e8f3d55.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/255-7ae8963d-9c00-51b7-86bd-d3231e8f3d55.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-255-usb-the-most-successful-interface-that-also-brings-power","url":"https://api.media.ccc.de/public/events/7ae8963d-9c00-51b7-86bd-d3231e8f3d55","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"7ca79a9c-c08d-5d37-b149-6bc876b20201","title":"Gosling: Build Anonymous, Secure, and Metadata-Resistant Peer-to-Peer Applications using Tor Onion Services","subtitle":null,"slug":"why2025-95-gosling-build-anonymous-secure-and-metadata-resistant-peer-to-peer-applications-using-tor-onion-services","link":"https://program.why2025.org/why2025/talk/TMS3DC/","description":"Gosling is a Tor onionservice-based protocol and Rust reference-implementation which allows developers to build privacy-preserving p2p applications with the following properties:\n- persistent authenticated peer identity\n- end-to-end encrypted\n- anonymity\n- metadata resistance\n- decentralisation\n- real-time communication\n\nThis talk will go over the complexities involved in combining all of these properties (with a focus on metadata resistance) and describe how Gosling solves these problems.\n\nProject Website: https://gosling.technology\nGithub Page: https://github.com/blueprint-freespeech/gosling\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["morgan"],"tags":["95","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 3"],"view_count":114,"promoted":false,"date":"2025-08-09T19:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-05T15:45:10.748+01:00","length":2362,"duration":2362,"thumb_url":"https://static.media.ccc.de/media/events/why2025/95-7ca79a9c-c08d-5d37-b149-6bc876b20201.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/95-7ca79a9c-c08d-5d37-b149-6bc876b20201_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/95-7ca79a9c-c08d-5d37-b149-6bc876b20201.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/95-7ca79a9c-c08d-5d37-b149-6bc876b20201.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-95-gosling-build-anonymous-secure-and-metadata-resistant-peer-to-peer-applications-using-tor-onion-services","url":"https://api.media.ccc.de/public/events/7ca79a9c-c08d-5d37-b149-6bc876b20201","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6f40df20-1a32-5bb2-96ab-47e3a9f634d0","title":"Dutch fun! (damentals)","subtitle":null,"slug":"why2025-223-dutch-fun-damentals","link":"https://program.why2025.org/why2025/talk/3MF3N3/","description":"This is an English spoken talk about the Dutch language, from a Dutch linguist's point of view. Some grammar and quirks of the language are illustrated using theory and examples, as well as a small \"bluff your way into Dutch\"\n\nThe inspiration for this talk comes from my background as a general linguist and current work as a teacher of Dutch as a foreign language. Eveybody with an interest in the Dutch language is welcome to join.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Dina Tuinhof"],"tags":["223","2025","why2025","The square hole","Cassiopeia","why2025-eng","Day 4"],"view_count":142,"promoted":false,"date":"2025-08-10T11:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-12T19:30:21.723+01:00","length":2910,"duration":2910,"thumb_url":"https://static.media.ccc.de/media/events/why2025/223-6f40df20-1a32-5bb2-96ab-47e3a9f634d0.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/223-6f40df20-1a32-5bb2-96ab-47e3a9f634d0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/223-6f40df20-1a32-5bb2-96ab-47e3a9f634d0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/223-6f40df20-1a32-5bb2-96ab-47e3a9f634d0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-223-dutch-fun-damentals","url":"https://api.media.ccc.de/public/events/6f40df20-1a32-5bb2-96ab-47e3a9f634d0","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"09f5f075-7598-5996-883b-7cf876859b32","title":"From WAN to NAS: A Pwn2Own Journey Through the SOHO Attack Surface","subtitle":null,"slug":"why2025-99-from-wan-to-nas-a-pwn2own-journey-through-the-soho-attack-surface","link":"https://program.why2025.org/why2025/talk/LHC7QV/","description":"The SOHO Smashup is a famous category in the IoT focused edition of Pwn2Own. Contestants are challenged to exploit a router from the WAN side and then use that device to exploit a second device on the internal LAN. Last year, we took them up on this challenge and successfully demonstrated a 0day exploit chain against a QNAP router and pivoting to a TrueNAS system. In this presentation, we'll describe how we performed our research and the vulnerabilities we found.\n\nThe Dutch NCSC issued a warning last year that they see an increase of threat actors that shift their attention from endpoints to edge devices, including routers. This demonstrates the relevance of the SOHO Smashup category in Pwn2Own. Vulnerabilities in routers that could be exploited from the WAN side pose a real security risk for companies; as these devices are often badly monitored and not kept up to date. Threat actors who are able to compromise a router are in a key position to further advance into the internal network of a company.\n\nIn this talk we'll describe the vulnerabilities and exploits. Specifically, we'll describe our research method on the QNAP router. We tried to increase our attack surface step by step, until we found a reliable exploitation path.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Daan Keuper","Thijs Alkemade"],"tags":["99","2025","why2025","Hacking","Andromeda","why2025-eng","Day 3"],"view_count":321,"promoted":false,"date":"2025-08-09T14:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-31T09:30:07.087+02:00","length":2872,"duration":2872,"thumb_url":"https://static.media.ccc.de/media/events/why2025/99-09f5f075-7598-5996-883b-7cf876859b32.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/99-09f5f075-7598-5996-883b-7cf876859b32_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/99-09f5f075-7598-5996-883b-7cf876859b32.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/99-09f5f075-7598-5996-883b-7cf876859b32.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-99-from-wan-to-nas-a-pwn2own-journey-through-the-soho-attack-surface","url":"https://api.media.ccc.de/public/events/09f5f075-7598-5996-883b-7cf876859b32","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"e5a83e5e-164b-5b6b-8570-17f04007d0c9","title":"Time Lord's adventures: abusing time on Linux systems","subtitle":null,"slug":"why2025-215-time-lord-s-adventures-abusing-time-on-linux-systems","link":"https://program.why2025.org/why2025/talk/NZRWGU/","description":"What happens when an attacker controls time on a Linux system? This talk looks at how system clocks work, and what breaks when they’re manipulated. From bypassing delays to triggering subtle logic errors, we’ll explore how unstable time can subvert assumptions, break security controls, and cause software to behave in unexpected or unsafe ways.\n\nThis talk explores the consequences of full control over time on a Linux system. We’ll start with a brief overview of how system clocks work, highlighting common assumptions made by applications and security mechanisms. The focus will be on local manipulation of the system clock — jumping forward, rewinding, or freezing time — and the unexpected ways software can break when time becomes unreliable.\nThrough practical examples, we’ll see how time-based defences and logic can be bypassed, exposing vulnerabilities that often go unnoticed. Not every issue leads to a full exploit, but many reveal fragile trust assumptions rarely tested in real environments.\nThis talk is for hackers, tinkerers, and developers who’ve ever relied on `sleep(1)` as a defence mechanism. You might rethink your assumptions about time-based security after attending.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Daniels Heincis"],"tags":["215","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 6"],"view_count":124,"promoted":false,"date":"2025-08-12T12:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-21T23:00:07.578+01:00","length":1369,"duration":1369,"thumb_url":"https://static.media.ccc.de/media/events/why2025/215-e5a83e5e-164b-5b6b-8570-17f04007d0c9.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/215-e5a83e5e-164b-5b6b-8570-17f04007d0c9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/215-e5a83e5e-164b-5b6b-8570-17f04007d0c9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/215-e5a83e5e-164b-5b6b-8570-17f04007d0c9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-215-time-lord-s-adventures-abusing-time-on-linux-systems","url":"https://api.media.ccc.de/public/events/e5a83e5e-164b-5b6b-8570-17f04007d0c9","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"96405c96-863c-58a2-8cd2-34fcfcfda261","title":"How election software can fail","subtitle":null,"slug":"why2025-259-how-election-software-can-fail","link":"https://program.why2025.org/why2025/talk/MPH9CD/","description":"Experiences from a hacker working at the Election Council of The Netherlands.\n\nAfter critically following the elections for 8 years from the outside, a hacker was employed as one of the functional administrators of the software supporting the elections. Sharing experiences of the use of election software during 7 elections (2020-2023), from local, national to European in The Netherlands.\n\nA governmental software project with strict deadlines, and high security expectations. The software project for elections in The Netherlands is build an IT organization owned by German local governments. More than 10.000 Java files, what can possible go wrong?\n\nDuring this time multiple emergency patches were needed and incidents occur. Although at first explicitly not hired as a coder, within 3 months a Java code contribution was made that was unexpectedly more crucial than anticipated.\n\nThis talk will show some incidents with the election software in The Netherlands: how the software failed, and when/how it was discovered. Go over how seeing the elections from the outside, and give some history of voting computers and software. Ending with some reflecting on the future.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Benjamin W. Broersma"],"tags":["259","2025","why2025","Hacking","Brachium","why2025-eng","Day 6"],"view_count":116,"promoted":false,"date":"2025-08-12T12:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-20T16:00:06.340+01:00","length":2907,"duration":2907,"thumb_url":"https://static.media.ccc.de/media/events/why2025/259-96405c96-863c-58a2-8cd2-34fcfcfda261.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/259-96405c96-863c-58a2-8cd2-34fcfcfda261_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/259-96405c96-863c-58a2-8cd2-34fcfcfda261.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/259-96405c96-863c-58a2-8cd2-34fcfcfda261.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-259-how-election-software-can-fail","url":"https://api.media.ccc.de/public/events/96405c96-863c-58a2-8cd2-34fcfcfda261","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ee2f6b34-f80a-5ef2-94bf-a60f6124954d","title":"A Journey Through Boring Telco Data Leaks","subtitle":null,"slug":"why2025-267-a-journey-through-boring-telco-data-leaks","link":"https://program.why2025.org/why2025/talk/7A7QJV/","description":"Over the past few years, I’ve been casually poking around and stumbling upon exposed data and insecure infrastructure all across the telco ecosystem. From unsecured debug portals to full backend access, the leaks themselves might seem technically boring.\n\nIn this talk, I’ll walk through a handful of real-world cases, showing how misconfigurations, sloppy code, and forgotten interfaces can lead to serious exposures.\n\nThese include:\n\n* an eSIM provisioning portal exposed via unauthenticated debug web interface\n* full backend access to a smartphone retail platform, including CRM data and hotline audio recordings\n* publicly accessible SIM inventory systems, Call Data Records (CDRs), and even passport scans\n* \"open source\" telco functions running in plain PHP, sometimes with hardcoded credentials\n* …and more strange eSIM-related findings\n\nThis isn’t a high-end 0-day story. This is about minimal-effort, boring data leaks that still manage to have a surprisingly high impact. The talk will include examples, screenshots, and recurring patterns that keep coming up.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["kantorkel"],"tags":["267","2025","why2025","Hacking","Andromeda","why2025-eng","Day 5"],"view_count":145,"promoted":false,"date":"2025-08-11T17:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-18T16:15:07.179+01:00","length":1330,"duration":1330,"thumb_url":"https://static.media.ccc.de/media/events/why2025/267-ee2f6b34-f80a-5ef2-94bf-a60f6124954d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/267-ee2f6b34-f80a-5ef2-94bf-a60f6124954d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/267-ee2f6b34-f80a-5ef2-94bf-a60f6124954d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/267-ee2f6b34-f80a-5ef2-94bf-a60f6124954d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-267-a-journey-through-boring-telco-data-leaks","url":"https://api.media.ccc.de/public/events/ee2f6b34-f80a-5ef2-94bf-a60f6124954d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"e9825713-9d7d-5003-b6e9-7377030a62be","title":"Bare metal programming from the ground up","subtitle":null,"slug":"why2025-247-bare-metal-programming-from-the-ground-up","link":"https://program.why2025.org/why2025/talk/HBMWXL/","description":"So you have a new microcontroller, how do you get started programming it?\n\nThis is going to be the talk I wished already existed when I first got into microcontroller programming.\n\nGetting started with a new microcontroller can be daunting. They do come with datasheets, but these are often hundreds if not thousands of pages long and assume you already know the basics. So that's what I will be explaining: how to get started programming these thing, from `Reset_Handler` to blinking LED.\n\nThis talk will cover the following things: \n\n* How to read datasheets\n* How to write a simple linker script\n* How to do basic initialization of a chip, enough to get a LED blinking\n* How to get the binary you created onto a microcontroller.\n\nI will assume you have some programming experience, but experience with embedded software is not required.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Ayke"],"tags":["247","2025","why2025","The square hole","Cassiopeia","why2025-eng","Day 4"],"view_count":258,"promoted":false,"date":"2025-08-10T15:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-15T11:45:06.680+01:00","length":1624,"duration":1624,"thumb_url":"https://static.media.ccc.de/media/events/why2025/247-e9825713-9d7d-5003-b6e9-7377030a62be.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/247-e9825713-9d7d-5003-b6e9-7377030a62be_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/247-e9825713-9d7d-5003-b6e9-7377030a62be.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/247-e9825713-9d7d-5003-b6e9-7377030a62be.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-247-bare-metal-programming-from-the-ground-up","url":"https://api.media.ccc.de/public/events/e9825713-9d7d-5003-b6e9-7377030a62be","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"09e6840d-aba1-53af-9b76-f69aa115844d","title":"How to rig elections","subtitle":null,"slug":"why2025-218-how-to-rig-elections","link":"https://program.why2025.org/why2025/talk/U7HBTJ/","description":"Enter the fascinating world of corruption, chicanery, low-tech fraud, and forensic tools that uncover it. The story is told through the eyes of a Russian election official who has participated in campaigns of all levels in the past 4 years and fought for justice (mostly unsuccessfully). Watch a demo how to tamper with a security bag and learn how to use statistics to detect ballot stuffing [1]. See the obstacles faced by Russians wanting a change. See how the government “wins” the elections.\n\n[1] A. Podlazov and V. Makarov, Dual approach to proving electoral fraud via statistics and forensics, https://arxiv.org/abs/2412.04535\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Vadim Makarov"],"tags":["218","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":8291,"promoted":false,"date":"2025-08-09T21:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-23T21:30:05.305+01:00","length":3082,"duration":3082,"thumb_url":"https://static.media.ccc.de/media/events/why2025/218-09e6840d-aba1-53af-9b76-f69aa115844d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/218-09e6840d-aba1-53af-9b76-f69aa115844d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/218-09e6840d-aba1-53af-9b76-f69aa115844d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/218-09e6840d-aba1-53af-9b76-f69aa115844d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-218-how-to-rig-elections","url":"https://api.media.ccc.de/public/events/09e6840d-aba1-53af-9b76-f69aa115844d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"f618c0b3-4a74-576d-811f-82938311f61d","title":"Flattening the Curve: Rediscovering Web UI Through Historic Geometric Constructions","subtitle":null,"slug":"why2025-181-flattening-the-curve-rediscovering-web-ui-through-historic-geometric-constructions","link":"https://program.why2025.org/why2025/talk/VRMZEG/","description":"Modern UI/UX design is rooted in centuries-old geometry. This talk explores how historic tools—from Greek constructions to Bézier curves— is still broadly used to solve real problems today. Through demos and visual examples, we’ll uncover practical, eye-opening methods that blend math, art, and design. No technical background needed—just curiosity. Prepare to rethink how we build and understand the visual world.\n\nModern UI/UX design is built upon concepts much older than computers. This talk uncovers how ideas from the history of geometry continue to shape the ways we define and render interfaces today—while also revealing a deeper story: how practical mathematical problems, from antiquity to today, have been approached not with algebra, but with the elegance of geometric construction.\n\nWe’ll explore geometric throughlines, from Greek straightedge-and-compass methods, through innovations of the Islamic Golden Age, to Renaissance engineers and their mechanical drawing tools, all the way to Bézier curves of the 1960s—now foundational to every smooth SVG path on the web. Alongside interactive demos and visual examples, we’ll dive into surprisingly current problems that are solved through construction alone, in ways that are both rigorous and astonishingly intuitive.\n\nThis talk is for anyone with a curious mind—no technical background required. While code snippets will appear, the real goal is to spark insight and wonder. Join us to discover how a blend of math, history, and art can transform the way we see both digital and physical space—and how centuries-old ideas continue to solve problems in ways that are as beautiful as they are practical.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["ReallyLiri","Mia"],"tags":["181","2025","why2025","The square hole","Delphinus","why2025-eng","Day 4"],"view_count":127,"promoted":false,"date":"2025-08-10T11:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-19T09:30:08.950+01:00","length":2912,"duration":2912,"thumb_url":"https://static.media.ccc.de/media/events/why2025/181-f618c0b3-4a74-576d-811f-82938311f61d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/181-f618c0b3-4a74-576d-811f-82938311f61d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/181-f618c0b3-4a74-576d-811f-82938311f61d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/181-f618c0b3-4a74-576d-811f-82938311f61d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-181-flattening-the-curve-rediscovering-web-ui-through-historic-geometric-constructions","url":"https://api.media.ccc.de/public/events/f618c0b3-4a74-576d-811f-82938311f61d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"9a49aeb7-e8c2-53ed-8cec-f2bf8b90834b","title":"Is AI for the birds? The beauty of backyard birdsong data","subtitle":null,"slug":"why2025-240-is-ai-for-the-birds-the-beauty-of-backyard-birdsong-data","link":"https://program.why2025.org/why2025/talk/L79ASB/","description":"Birdsong is all around us, but is there a deeper meaning? Can computer analysis help us decipher these hidden patterns in our own backyards? This talk charts my journey exploring the world of open source projects for bird (and bat!) audio identification, some of the systems I've operated, and the data art pieces I've created from the results. From the science of birdsong, to machine learning models and data visualization, there's something for every hacker to be inspired by.\n\n- How birds sing, spectrograms and analysis\n- Neural networks for identifying animal sounds\n- Feature pre-processing for sound ID\n- Open source projects you can build yourself\n- Data art and visualizations\n- The psychology of shifting baselines and why the data matters\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Logan Williams"],"tags":["240","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 4"],"view_count":307,"promoted":false,"date":"2025-08-10T12:35:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-02T20:00:04.340+02:00","length":1541,"duration":1541,"thumb_url":"https://static.media.ccc.de/media/events/why2025/240-9a49aeb7-e8c2-53ed-8cec-f2bf8b90834b.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/240-9a49aeb7-e8c2-53ed-8cec-f2bf8b90834b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/240-9a49aeb7-e8c2-53ed-8cec-f2bf8b90834b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/240-9a49aeb7-e8c2-53ed-8cec-f2bf8b90834b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-240-is-ai-for-the-birds-the-beauty-of-backyard-birdsong-data","url":"https://api.media.ccc.de/public/events/9a49aeb7-e8c2-53ed-8cec-f2bf8b90834b","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"cbecd698-af14-5763-bd45-d36d25c21bc5","title":"Hacked in translation: Giving an Abandoned IoT Device a New Life","subtitle":null,"slug":"why2025-14-hacked-in-translation-giving-an-abandoned-iot-device-a-new-life","link":"https://program.why2025.org/why2025/talk/TUD7EB/","description":"As everybody knows, \"L\" in IoT stands for long-term support.\nI'll take you on a tour of my technical adventure where I revived an abandoned IoT \"AI\" translator and gave it a new life, 2025-style. \nThrough deciphering peculiar protocols and formats, reverse engineering firmware and software and doing the necessary research to write new software, we'll see how curiosity and persistence can help you overcome the most obscure technical challenges.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Artem Makarov"],"tags":["14","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 6"],"view_count":98,"promoted":false,"date":"2025-08-12T11:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2025-11-27T11:00:10.786+01:00","length":2349,"duration":2349,"thumb_url":"https://static.media.ccc.de/media/events/why2025/14-cbecd698-af14-5763-bd45-d36d25c21bc5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/14-cbecd698-af14-5763-bd45-d36d25c21bc5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/14-cbecd698-af14-5763-bd45-d36d25c21bc5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/14-cbecd698-af14-5763-bd45-d36d25c21bc5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-14-hacked-in-translation-giving-an-abandoned-iot-device-a-new-life","url":"https://api.media.ccc.de/public/events/cbecd698-af14-5763-bd45-d36d25c21bc5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"161195d0-46af-573d-a17d-71b0cea49231","title":"Normsetting revisited","subtitle":null,"slug":"why2025-224-normsetting-revisited","link":"https://program.why2025.org/why2025/talk/TFRMSB/","description":"I want to talk about how we are setting the standards for our digital world and society. Now that our whole world and everything in it seems to have become a business case for for-profit digitalisation, we are purposefully driven to use off the shelve, inflexible, data-absorbing and exploitative products marketed to us by big companies. Can standards help change that? And how do we do that?\n\nHere at WHY we are all curious about everything technical and, on average, also pretty adept at working with digital nails and hammers. But even so, these big companies drive out many grassroots alternatives, making it harder and harder to set your own course. \nAnd not just that. It is not everybody’s forte to ‘do digitalisation’. If not, you still deserve a decent quality product. Maybe you should not be tricked into handing over all your data to marketing companies, including pretty private information. And with promises of big profits come the investors, the people that don’t care about the product but instead focus on profit margins and return on investment - with varying levels of appreciation of trivialities like workers rights or environmental protection. (/s)\n\nEurope, and the Netherlands, has something to protect though, like the right not to be surveilled by big tech and employers, to have a high quality education system and medical devices that are catered to finding ailments rather than to selling medical interventions for instance. It also has a responsibility to ensure people outside of Europe are not abused and exploited for the products we use to enlighten our lives and avoid further climate catastrophe because we all want to make our own individual generated film of Will Smith slurping spaghetti.\n\nIn the past decade(s), the EU has worked with the New Legislative Framework, the idea that standards organisations develop the ‘how to comply’ options that industry can use to make a product that is presumed to be in accordance with the European rules. This takes time and in AI we see the backlash of trying to do this for an area where there really isn’t a ‘state of the art’ yet. Much of it is still just experiments, and rules need to be in place before evaluation of experiments has even started. And hardly anyone is daring enough to address the question of sustainability with regards to the enormous demands of generative AI models, and the words copyrights and creator are nowhere to be found. \n\nI actually have little answers at all, iI wish I knew. I do however have a desire to ask: why are we not talking about this? Why are we not demanding the return on investment results of extremely demanding and expensive tools for our society? And why are we avoiding to remind the very few enormous companies (and their owners) making all the money that they need to pay for the costs of their resources they are ruthlessly seizing from our public domain? Why do we leave this depletion to individuals to solve - to the individual creator to go to court, to the tiny village where the water is being depleted, where is the support of those we need to help to stand up to this exhaustion? \u003cb\u003eCan we please ask ourselves where ALL THIS will be addressed \u003ci\u003ebefore\u003c/i\u003e it is too late?\u003c/b\u003e\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["nelleke groen"],"tags":["224","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 5"],"view_count":66,"promoted":false,"date":"2025-08-11T10:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-01-05T13:00:13.678+01:00","length":2667,"duration":2667,"thumb_url":"https://static.media.ccc.de/media/events/why2025/224-161195d0-46af-573d-a17d-71b0cea49231.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/224-161195d0-46af-573d-a17d-71b0cea49231_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/224-161195d0-46af-573d-a17d-71b0cea49231.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/224-161195d0-46af-573d-a17d-71b0cea49231.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-224-normsetting-revisited","url":"https://api.media.ccc.de/public/events/161195d0-46af-573d-a17d-71b0cea49231","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"977f5595-c945-592d-9349-370cbcd5f3bc","title":"Frank talks AI, keynote style","subtitle":null,"slug":"why2025-202-frank-talks-ai-keynote-style","link":"https://program.why2025.org/why2025/talk/TJNSGF/","description":"Frank talks about AI, why it all of a sudden is everywhere and what it means.\n\nThe keynotes of the likes of Microsoft, Google and Apple can all be summarized in 10 words: “A.I., A.I., A.I., Large Language Model, A.I., A.I., GPT, A.I. …“, so no doubt artificial intelligence holds a promise for the future. But what promise? Will A.I. save use or doom us? Or is it too soon to tell?\n\nWith the invention of the car, the car accident, vehicle man slaughter and the getaway car were also invented, as well as the police car and motorized ambulances. How does this apply to artificial intelligence?\n\nWhat is the current state of A.I., what does it mean to our perception of the truth, and can it help us make the world more secure? How do classical security measures apply to the A.I. world, where do they fall short, and can we expect new or improved measures with the help of A.I.? Spoiler: yes, they do, and yes, we can.\n\nIn this talk, Frank will look at the A.I. wave from his unique and down to earth perspective. And hopefully you will walk away with a better understanding of AI in the context of (cyber) security.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Frank Breedijk"],"tags":["202","2025","why2025","The square hole","Cassiopeia","why2025-eng","Day 3"],"view_count":655,"promoted":false,"date":"2025-08-09T10:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-04-02T19:00:06.478+02:00","length":2854,"duration":2854,"thumb_url":"https://static.media.ccc.de/media/events/why2025/202-977f5595-c945-592d-9349-370cbcd5f3bc.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/202-977f5595-c945-592d-9349-370cbcd5f3bc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/202-977f5595-c945-592d-9349-370cbcd5f3bc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/202-977f5595-c945-592d-9349-370cbcd5f3bc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-202-frank-talks-ai-keynote-style","url":"https://api.media.ccc.de/public/events/977f5595-c945-592d-9349-370cbcd5f3bc","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"afb301ba-1e8b-5ee3-89ea-912190745bc3","title":"Towards digital sovereignty with cloud federation: how to break the dominance of the hyperscalers","subtitle":null,"slug":"why2025-248-towards-digital-sovereignty-with-cloud-federation-how-to-break-the-dominance-of-the-hyperscalers","link":"https://program.why2025.org/why2025/talk/KVXYMB/","description":"A team of Dutch scientist and cloud engineers is working on Ecofed: European Cloud Services in an Open Federated Ecosystem. The objective and scope of the ECOFED project are to develop a technical framework for a more open and integrated cloud usage model. This framework will enable multiple clouds from various providers to function as a single, cohesive system, offering a European alternative to hyperscaler clouds. In this open cloud ecosystem, users can easily switch between different clouds.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Wido"],"tags":["248","2025","why2025","Hacking","Brachium","why2025-eng","Day 6"],"view_count":92,"promoted":false,"date":"2025-08-12T11:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-01-07T09:45:09.339+01:00","length":2752,"duration":2752,"thumb_url":"https://static.media.ccc.de/media/events/why2025/248-afb301ba-1e8b-5ee3-89ea-912190745bc3.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/248-afb301ba-1e8b-5ee3-89ea-912190745bc3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/248-afb301ba-1e8b-5ee3-89ea-912190745bc3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/248-afb301ba-1e8b-5ee3-89ea-912190745bc3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-248-towards-digital-sovereignty-with-cloud-federation-how-to-break-the-dominance-of-the-hyperscalers","url":"https://api.media.ccc.de/public/events/afb301ba-1e8b-5ee3-89ea-912190745bc3","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"7befed4d-4e31-5923-abc3-a91459c648d9","title":"Shenanigans with Web of Things","subtitle":null,"slug":"why2025-254-shenanigans-with-web-of-things","link":"https://program.why2025.org/why2025/talk/CBRZPX/","description":"A showcase of creative Web of Things use cases – fun prototypes that are nothing like light bulbs.\n\nThe W3C seeks to counter fragmentation of the Internet of Things, finding common ground and enabling long-term support. That's the goal of the Web of Things (WoT) ecosystem.\n\nAlongside an introduction to Web of Things, I'll show off my collection of WoT prototypes that cover unusual use cases – like note taking or browsing maps.\n\nAs a hobbyist, I've been implementing the Web of Things standards for many years. I've developed a server and a client which power the prototypes.\n\nAbout Web of Things: https://www.w3.org/WoT/\nMy server: https://gitlab.com/jaller94/wot-anything\nMy client: https://gitlab.com/jaller94/wot-wrench\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Christian Paul"],"tags":["254","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 3"],"view_count":155,"promoted":false,"date":"2025-08-09T21:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-19T14:45:07.326+01:00","length":2362,"duration":2362,"thumb_url":"https://static.media.ccc.de/media/events/why2025/254-7befed4d-4e31-5923-abc3-a91459c648d9.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/254-7befed4d-4e31-5923-abc3-a91459c648d9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/254-7befed4d-4e31-5923-abc3-a91459c648d9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/254-7befed4d-4e31-5923-abc3-a91459c648d9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-254-shenanigans-with-web-of-things","url":"https://api.media.ccc.de/public/events/7befed4d-4e31-5923-abc3-a91459c648d9","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6a6e798c-7614-54de-a525-cd3626fd6ef4","title":"Decoding RFID: A comprehensive overview of security, attacks, and the latest innovations","subtitle":null,"slug":"why2025-222-decoding-rfid-a-comprehensive-overview-of-security-attacks-and-the-latest-innovations","link":"https://program.why2025.org/why2025/talk/MWLGZB/","description":"RFID reverse engineering has seen significant advancements, yet a comprehensive overview of the field remains scattered across research and practitioner communities. \nHere the authors presents a structured survey of existing RFID technologies, encryption protocols, and known attack methodologies.  Take the opportunity to listen to both Kirils' practical experiences and the deep insights of Iceman when it comes to RFID hacking.\n\nThe talk will cover:\n1) An overview of RFID types, including both low-frequency (LF) and high-frequency (HF) cards, briefly touching upon ultra-high-frequency (UHF) systems as well.\n2) A breakdown of encryption protocols used in RFID security, highlighting their strengths and weaknesses.\n3) A review of documented attacks, including cloning, sniffing, relay, cryptographic, and side-channel techniques.  \n\nAdditionally, analysis of the latest developments in magic RFID cards will be presented.\nFindings are based on an aggregation of academic research, industry reports, and hands-on testing of RFID systems in real-world environments.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Kirils Solovjovs","Iceman"],"tags":["222","2025","why2025","Hacking","Andromeda","why2025-eng","Day 5"],"view_count":553,"promoted":false,"date":"2025-08-11T12:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-22T11:30:09.987+01:00","length":4060,"duration":4060,"thumb_url":"https://static.media.ccc.de/media/events/why2025/222-6a6e798c-7614-54de-a525-cd3626fd6ef4.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/222-6a6e798c-7614-54de-a525-cd3626fd6ef4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/222-6a6e798c-7614-54de-a525-cd3626fd6ef4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/222-6a6e798c-7614-54de-a525-cd3626fd6ef4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-222-decoding-rfid-a-comprehensive-overview-of-security-attacks-and-the-latest-innovations","url":"https://api.media.ccc.de/public/events/6a6e798c-7614-54de-a525-cd3626fd6ef4","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"80939019-18bd-55b7-ad62-6e4e29392553","title":"ISMS-oxide and you (Information-Security-Management-System for hackers)","subtitle":null,"slug":"why2025-26-isms-oxide-and-you-information-security-management-system-for-hackers","link":"https://program.why2025.org/why2025/talk/RMHF3N/","description":"This is NOT an introductory talk about ISMS (Information-Security-Management)! It is about my experiences and reflections about real-life issues when deploying an ISMS. There will be a section dedicated to 'hacking' an ISMS, though.\n\nThe presumed audiences are:\n- individuals working in the realm of IS-/IT-security management\n- hackers working in environments that expose them to ISMS-related TODOs (I'll try to put these things into context!)\n-  anyone trying to understand this ISMS-nonsense\n\nAgenda:\n1) Introduction\n  - Management-Systems\n  - Information-Security-Management-Sytems (ISO 27001, German BSI IT-Grundschutz)\n2) Theory\n  - Corporate overlords (a.k.a \"hacking ISMSes\")\n  - Risk-Management\n  - Compliance(-Reporting)\n  - Certifications\n3) Reality\n  - What? Why? How? \n  - Anecdotes\n4) Conclusion\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Juergen Pabel"],"tags":["26","2025","why2025","The square hole","Delphinus","why2025-eng","Day 6"],"view_count":289,"promoted":false,"date":"2025-08-12T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-07T11:45:06.977+01:00","length":2538,"duration":2538,"thumb_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/26-80939019-18bd-55b7-ad62-6e4e29392553.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-26-isms-oxide-and-you-information-security-management-system-for-hackers","url":"https://api.media.ccc.de/public/events/80939019-18bd-55b7-ad62-6e4e29392553","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"4f3668bf-f80f-5a14-8026-0cffd58f4d81","title":"Democratizing Healthcare: Open Source Medical Devices","subtitle":null,"slug":"why2025-233-democratizing-healthcare-open-source-medical-devices","link":"https://program.why2025.org/why2025/talk/9W9YJS/","description":"Open source has revolutioned so many parts of our lives, why hasn't the same happened in healthcare?This talk will showcase examples from both hardware and software (e-NABLE prothestics, OpenAPS, Nightscout, and more), explore the regulatory hurdles that are holding these and other projects back, then shift to looking at the future and charting a path for these projects. Join us to build a more transparent, accessible, and secure future for medical technology.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["John Volock"],"tags":["233","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 3"],"view_count":97,"promoted":false,"date":"2025-08-09T15:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-21T02:00:03.756+01:00","length":2610,"duration":2610,"thumb_url":"https://static.media.ccc.de/media/events/why2025/233-4f3668bf-f80f-5a14-8026-0cffd58f4d81.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/233-4f3668bf-f80f-5a14-8026-0cffd58f4d81_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/233-4f3668bf-f80f-5a14-8026-0cffd58f4d81.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/233-4f3668bf-f80f-5a14-8026-0cffd58f4d81.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-233-democratizing-healthcare-open-source-medical-devices","url":"https://api.media.ccc.de/public/events/4f3668bf-f80f-5a14-8026-0cffd58f4d81","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5fa3b4c1-71bd-592e-b577-adfe66630866","title":"Rush hour rodeo and traffic cam selfies","subtitle":null,"slug":"why2025-115-rush-hour-rodeo-and-traffic-cam-selfies","link":"https://program.why2025.org/why2025/talk/RJTUR8/","description":"After some internal evaluation and a journalists inquiry on the possibility of chinese state actors having access to camera footage, Muncipality the Hague decided to do a security test focused on an APT threat on their traffic camera infrastructure. During the session we will show how the team approached this project, how some of the cinematic scenarios of causing traffic jams and using the camera's for espionage were possible in real life and what lessons were learned from the project.\n\nThe session will start with providing a bit of context on why the project was started, what was already going on at that time and why the muncipality of the Hague had further questions for which they needed a hacking team.\nWe then discuss how we approached the project in a complex environment, where APT threats are involved and how that changes how you assess certain systems and features.\nThe core of the presentation focuses on disclosing the actual vulnerabilities found within the systems, how we went through the full cyber kill chain within the environment and what that actually means in the physical realm if this had been exploited with malicious intent. \nFinally we end the presentation with some details on how the discovered issues were addressed and what general lessons can be learned from this project that could also be applicable for other similar environments.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Willem Westerhof"],"tags":["115","2025","why2025","Hacking","Andromeda","why2025-eng","Day 6"],"view_count":141,"promoted":false,"date":"2025-08-12T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2025-12-17T20:45:07.069+01:00","length":2638,"duration":2638,"thumb_url":"https://static.media.ccc.de/media/events/why2025/115-5fa3b4c1-71bd-592e-b577-adfe66630866.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/115-5fa3b4c1-71bd-592e-b577-adfe66630866_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/115-5fa3b4c1-71bd-592e-b577-adfe66630866.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/115-5fa3b4c1-71bd-592e-b577-adfe66630866.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-115-rush-hour-rodeo-and-traffic-cam-selfies","url":"https://api.media.ccc.de/public/events/5fa3b4c1-71bd-592e-b577-adfe66630866","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1767d550-ff6b-5c51-824b-b67616d29e27","title":"A Big Bad App: Welcome to Corporatocracy","subtitle":null,"slug":"why2025-219-a-big-bad-app-welcome-to-corporatocracy","link":"https://program.why2025.org/why2025/talk/993NXA/","description":"We all live in a fair democracy 🎶 ... or do we?\n\nNo, we live in a world where the major corporations decide how we interact with digital systems and digital systems govern the world. That's corporatocracy - a system in which corporations, rather than elected officials, have major influence over decision-making, laws, and societal direction. And they are not on our side.\n\nThis talk is about what happens when the system isn't built for you — because it never was.\n- If something goes wrong and you're not the 1,000th person to report it, it's your problem. Customer service? That's just a chatbot pretending to care.\n- A mobile operator refused to sign a contract with me because they couldn't remove “I agree to receive ads.”\n- My orders get randomly cancelled because I refuse to have a phone number.\n- My industry certifications? Gone. Because I stood up for my privacy rights.\n\nWe'll go through these experiences and dissect why things are this way. Why must we adapt to their systems, but they won't adapt to ours? Why does a company's \"official support channel\" usually mean \"no support at all\"? Why do startups optimize for growth at the cost of basic usability?\n\nThis isn't just a rant (though there will be rants). It's a call to stop playing by their rules. We'll discuss examples of where people have pushed back and won, and where we've completely failed. If you've building an app or website, and intend to respect your users, this talk is for you.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Kirils Solovjovs"],"tags":["219","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 3"],"view_count":170,"promoted":false,"date":"2025-08-09T20:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-04-01T14:30:06.249+02:00","length":3118,"duration":3118,"thumb_url":"https://static.media.ccc.de/media/events/why2025/219-1767d550-ff6b-5c51-824b-b67616d29e27.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/219-1767d550-ff6b-5c51-824b-b67616d29e27_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/219-1767d550-ff6b-5c51-824b-b67616d29e27.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/219-1767d550-ff6b-5c51-824b-b67616d29e27.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-219-a-big-bad-app-welcome-to-corporatocracy","url":"https://api.media.ccc.de/public/events/1767d550-ff6b-5c51-824b-b67616d29e27","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"09976e68-5618-4a13-b8b0-a6842b581467","title":"Team Updates @ Orga Meet Apr 2025","subtitle":null,"slug":"why2025-4-team-updates-apr-2025","link":"https://c3voc.de","description":"Licensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["PL","Team Leads"],"tags":["4","2025","why2025","Manege","why2025-eng"],"view_count":172,"promoted":false,"date":"2025-04-05T14:30:00.000+02:00","release_date":"2025-04-20T00:00:00.000+02:00","updated_at":"2025-08-16T19:00:03.730+02:00","length":1738,"duration":1738,"thumb_url":"https://static.media.ccc.de/media/events/why2025/4-09976e68-5618-4a13-b8b0-a6842b581467.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/4-09976e68-5618-4a13-b8b0-a6842b581467_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/4-09976e68-5618-4a13-b8b0-a6842b581467.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/4-09976e68-5618-4a13-b8b0-a6842b581467.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-4-team-updates-apr-2025","url":"https://api.media.ccc.de/public/events/09976e68-5618-4a13-b8b0-a6842b581467","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"436bfcb2-e13b-5924-8089-0e5f505102fd","title":"0click Enterprise compromise – thank you, AI!","subtitle":null,"slug":"why2025-264-0click-enterprise-compromise-thank-you-ai","link":"https://program.why2025.org/why2025/talk/SELH79/","description":"Compromising a well-protected enterprise used to require careful planning, proper resources, and ability to execute. Not anymore! Enter AI.\n\nFrom Initial Access to Impact and Exfiltration. AI is happy to oblige the attacker. In this talk we will demonstrate access-to-impact AI vulnerability chains in most flagship enterprise AI assistants: ChatGPT, Gemini, Copilot, Einstein, and their custom agent . Some require one bad click by the victim, others work with no user interaction – 0click attacks.\n\nCompromising a well-protected enterprise used to require careful planning, proper resources, and ability to execute. Not anymore! Enter AI.\n\nInitial access? AI is happy to let you operate on its users’ behalf. Persistence? Self-replicate through corp docs. Data harvesting? AI is the ultimate data hoarder. Exfil? Just render an image. Impact? So many tools at your disposal. There's more. You can do all this as an external attacker. No credentials required, no phishing, no social engineering, no human-in-the-loop. In-and-out with a single prompt.\n\nLast year at BHUSA we demonstrated the first real-world exploitation of AI vulnerabilities impacting enterprises, living off Microsoft Copilot. A lot has changed in the AI space since... for the worse. AI assistants have morphed into agents. They read your search history, emails and chat messages. They wield tools that can manipulate the enterprise environment on behalf of users – or a malicious attacker once hijacked. We will demonstrate access-to-impact AI vulnerability chains in most flagship enterprise AI assistants: ChatGPT, Gemini, Copilot, Einstein, and their custom agent . Some require one bad click by the victim, others work with no user interaction – 0click attacks.\n\nThe industry has no real solution for fixing this. Prompt injection is not another bug we can fix. It is a security problem we can manage! We will offer a security framework to help you protect your organization–the GenAI Attack Matrix. We will compare mitigations set forth by AI vendors, and share which ones successfully prevent the worst 0click attacks. Finally, we’ll dissect our own attacks, breaking them down into basic TTPs, and showcase how they can be detected and mitigated.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Inbar Raz"],"tags":["264","2025","why2025","Hacking","Delphinus","why2025-eng","Day 3"],"view_count":789,"promoted":false,"date":"2025-08-09T19:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-27T14:30:07.283+01:00","length":3061,"duration":3061,"thumb_url":"https://static.media.ccc.de/media/events/why2025/264-436bfcb2-e13b-5924-8089-0e5f505102fd.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/264-436bfcb2-e13b-5924-8089-0e5f505102fd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/264-436bfcb2-e13b-5924-8089-0e5f505102fd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/264-436bfcb2-e13b-5924-8089-0e5f505102fd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-264-0click-enterprise-compromise-thank-you-ai","url":"https://api.media.ccc.de/public/events/436bfcb2-e13b-5924-8089-0e5f505102fd","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"66bc881e-64d4-5511-96eb-73549f777880","title":"Guerrilla Security Awareness Done Right; Hacking Your CISO's Phishing Simulation","subtitle":null,"slug":"why2025-274-guerrilla-security-awareness-done-right-hacking-your-ciso-s-phishing-simulation","link":"https://program.why2025.org/why2025/talk/QX3G3G/","description":"Ever received a phishing simulation so painfully obvious it offended your intelligence? This talk is for you.\n\nJoin us as we turn the tables on corporate security theater and show how you can phish back, with humor, skill, and plausible deniability. Learn how to fingerprint your company’s phishing campaigns, spoof the spoofers, and maybe even get your CISO to click a link labeled “Definitely Not Malware.exe.”\n\nThis talk is part satire, part technical walkthrough, and all rebellion.\n\nCorporate phishing simulations are broken. You know it, I know it. And yet, every quarter, some overfunded awareness campaign lands in your inbox with all the subtlety of a Nigerian prince. The goal? To test whether you're “cyber aware.” The result? A war of attrition between InfoSec and the click-happy masses.\n\nBut what if we made visible what these simulations actually prove?\n\nIn this talk, we explore how to recognize and hack your organization's phishing simulations. Without getting fired (probably, no guarantees). From fingerprinting CISO-run campaigns using SPF records, consistent sender patterns and timing, to launching your own “counter-phishing” emails that prove how absurd the entire exercise is. \n\nWe’ll walk through real-world tactics for flipping the script: phishing the phishers, automating chaos, and pushing back against checkbox security culture. All with a healthy dose of satire, social engineering, and plausible deniability.\n\nIf you’ve ever wanted to troll your security team for a good cause, this one’s for you. Just don’t click the link in the description.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Fleur Van Leusden","BugBlue"],"tags":["274","2025","why2025","The square hole","Andromeda","why2025-eng","Day 5"],"view_count":720,"promoted":false,"date":"2025-08-11T14:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-18T21:45:04.778+01:00","length":1718,"duration":1718,"thumb_url":"https://static.media.ccc.de/media/events/why2025/274-66bc881e-64d4-5511-96eb-73549f777880.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/274-66bc881e-64d4-5511-96eb-73549f777880_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/274-66bc881e-64d4-5511-96eb-73549f777880.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/274-66bc881e-64d4-5511-96eb-73549f777880.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-274-guerrilla-security-awareness-done-right-hacking-your-ciso-s-phishing-simulation","url":"https://api.media.ccc.de/public/events/66bc881e-64d4-5511-96eb-73549f777880","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"807653e7-43d3-57d8-834a-8ffb5e556bf5","title":"The EU Just Made Product Security Mandatory — Now What?","subtitle":null,"slug":"why2025-103-the-eu-just-made-product-security-mandatory-now-what","link":"https://program.why2025.org/why2025/talk/RT9XQ9/","description":"As of August 1st, 2025, the EU’s Radio Equipment Directive enforces new cybersecurity requirements. For the first time, broad categories of everyday devices , not just critical infrastructure or niche tech, must meet mandatory security standards. This talk breaks down how we got here, why it matters, and what’s breaking in the process. We’ll look at the political and technical hurdles in rolling this out, what it means for manufacturers, and how it connects to the looming Cyber Resilience Act.\n\nOn August 1st, 2025, three new cybersecurity requirements under the EU’s Radio Equipment Directive (RED) officially kicked in. This is the first time the EU has imposed hard security requirements on a wide range of everyday consumer products. Think routers, smart watches, toys with a Wi-Fi chip, and more. This part of RED is often called RED DA (Delegated Act), and it's a big deal: security is no longer optional.\n\nIn this talk, we'll unpack what RED DA is actually about: how it came to be, why it was pushed through before the upcoming Cyber Resilience Act (CRA), and how that sequencing leads to some strange and messy overlaps between the two. Spoiler: it’s a political and regulatory patchwork.\n\nWe’ll look at how standardization efforts around RED DA have developed, but also at how many manufacturers are still figuring out how best to comply, while market surveillance authorities are navigating their own challenges, often working with limited tools, guidance, or resources.\n\nOn top of all this, the reality is, RED/DA is just a warm-up for the main event: the Cyber Resilience Act. We’ll take a look at what CRA brings to the table, what the current state of standardization looks like there, and what kinds of challenges are already popping up on the horizon. If you’re building, selling, or securing connected products in the EU, or just curious about how regulation is reshaping product security, this talk will give you a clear picture of what’s going on and what’s coming next.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Piet De Vaere"],"tags":["103","2025","why2025","The square hole","Andromeda","why2025-eng","Day 3"],"view_count":993,"promoted":false,"date":"2025-08-09T11:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-27T12:00:06.684+01:00","length":3006,"duration":3006,"thumb_url":"https://static.media.ccc.de/media/events/why2025/103-807653e7-43d3-57d8-834a-8ffb5e556bf5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/103-807653e7-43d3-57d8-834a-8ffb5e556bf5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/103-807653e7-43d3-57d8-834a-8ffb5e556bf5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/103-807653e7-43d3-57d8-834a-8ffb5e556bf5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-103-the-eu-just-made-product-security-mandatory-now-what","url":"https://api.media.ccc.de/public/events/807653e7-43d3-57d8-834a-8ffb5e556bf5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2d59d96e-d1fa-59fe-82db-b4323ab84a58","title":"Why Proprietary Tooling Hurts Your FOSS Project","subtitle":null,"slug":"why2025-235-why-proprietary-tooling-hurts-your-foss-project","link":"https://program.why2025.org/why2025/talk/WPGMJU/","description":"You’ve released your code under a free license, but your project runs on proprietary platforms like Slack, GitHub, Notion, or Zoom. What’s the harm? In this talk, we’ll explore how relying on closed tools contradicts open source values, excludes contributors, locks your community into corporate ecosystems, and drives away idealistic contributors who care deeply about freedom. We’ll also tackle common justifications, like convenience or popularity, and show how they often mask deeper trade-offs.\n\nMy goal with this talk is to spark reflection and conversation about the tools we use to build open source projects, not just the code we write. I hope it encourages both new and experienced maintainers to think critically about how proprietary tools may be limiting their communities and values, even unintentionally. The audience will leave with a better understanding of the trade-offs involved, practical alternatives they can explore, and the motivation to make small changes that lead to more open, inclusive, and resilient projects. If more projects switch to even one open alternative, it strengthens the entire open source ecosystem by reducing dependency on tech giants and supporting community-owned infrastructure. \n\nWhether you're starting a new project or maintaining a mature one, this talk will challenge you to think critically about the tools you use and advocate for open, community-controlled alternatives that align with the spirit of FOSS.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jan Ainali"],"tags":["235","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 4"],"view_count":786,"promoted":false,"date":"2025-08-10T17:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-30T14:15:07.629+02:00","length":1345,"duration":1345,"thumb_url":"https://static.media.ccc.de/media/events/why2025/235-2d59d96e-d1fa-59fe-82db-b4323ab84a58.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/235-2d59d96e-d1fa-59fe-82db-b4323ab84a58_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/235-2d59d96e-d1fa-59fe-82db-b4323ab84a58.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/235-2d59d96e-d1fa-59fe-82db-b4323ab84a58.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-235-why-proprietary-tooling-hurts-your-foss-project","url":"https://api.media.ccc.de/public/events/2d59d96e-d1fa-59fe-82db-b4323ab84a58","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"98e3f8e4-021f-5fbb-bf32-0964cd277cf6","title":"WHY and how would somebody cycle over 500km to a hacker conference?","subtitle":null,"slug":"why2025-118-why-and-how-would-somebody-cycle-over-500km-to-a-hacker-conference","link":"https://program.why2025.org/why2025/talk/FQNMBE/","description":"I (hopefully) will have cycled from my home city of Mannheim all the way to the WHY camping grounds (\u003e500km) in one go.\nI will report how I approached the whole endeavour, how I prepared, what the challenges were and what the hard part was.\nIf I happen to not make it, I will describe how, why and what I should have done better.\n\nPlaning and executing a plan like that, cycling more than 500km in one go demands equal parts preparation and lack of sanity.\nI want to share the story in an attempt to inspire people to explore their limits and achieve things that they did not think they would be able to do.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["madonius"],"tags":["118","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 5"],"view_count":370,"promoted":false,"date":"2025-08-11T16:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-31T21:45:05.477+02:00","length":2789,"duration":2789,"thumb_url":"https://static.media.ccc.de/media/events/why2025/118-98e3f8e4-021f-5fbb-bf32-0964cd277cf6.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/118-98e3f8e4-021f-5fbb-bf32-0964cd277cf6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/118-98e3f8e4-021f-5fbb-bf32-0964cd277cf6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/118-98e3f8e4-021f-5fbb-bf32-0964cd277cf6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-118-why-and-how-would-somebody-cycle-over-500km-to-a-hacker-conference","url":"https://api.media.ccc.de/public/events/98e3f8e4-021f-5fbb-bf32-0964cd277cf6","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"bdc6aa3e-cdb9-555c-b8ce-279dd9d288cd","title":"GNU Taler: beyond digital money","subtitle":null,"slug":"why2025-84-gnu-taler-beyond-digital-money","link":"https://program.why2025.org/why2025/talk/PHGSJC/","description":"Digital money everywhere, all the time, all at once... isn't it getting a little boring? In this talk you will learn how [GNU Taler](https://taler.net/), a privacy-focused payment system, leverages the properties of digital tokens and blind signatures to enable a wide array of use cases such as discount coupons, subscriptions, and tax-deductible donation receipts; all while preserving untraceability in customer-to-merchant transactions.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Iván Ávalos"],"tags":["84","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 4"],"view_count":413,"promoted":false,"date":"2025-08-10T20:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-22T22:00:06.573+01:00","length":2452,"duration":2452,"thumb_url":"https://static.media.ccc.de/media/events/why2025/84-bdc6aa3e-cdb9-555c-b8ce-279dd9d288cd.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/84-bdc6aa3e-cdb9-555c-b8ce-279dd9d288cd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/84-bdc6aa3e-cdb9-555c-b8ce-279dd9d288cd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/84-bdc6aa3e-cdb9-555c-b8ce-279dd9d288cd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-84-gnu-taler-beyond-digital-money","url":"https://api.media.ccc.de/public/events/bdc6aa3e-cdb9-555c-b8ce-279dd9d288cd","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2e9491c1-758e-50b4-8e7f-8d84a841d28d","title":"Sega Saturn Architectural hell","subtitle":null,"slug":"why2025-120-sega-saturn-architectural-hell","link":"https://program.why2025.org/why2025/talk/E7R73F/","description":"This presentation will go over the sega Saturns hardware including the dual SH2s, SCU and VDP and the history on why it became so complex like the beginning of the Saturns conseption where it first went wrong.\n\nI plan this presentation to be for hackers interested in such weird hardware like myself\n\nThis presentation will cover the conception of the sega Saturn like how the downfall of the Saturn was at it's very beginning and we will also go over it's different processes like the dual SH2s, SCU and VDP and find out why it became so complex. \n\nYou may ask why go over such an old console because its gives import lessons on what not to do when designing hardware. But I just find the hardware so interesting with it's different coprocessors \n\nSo if you are interested in the Saturn or want to learn about the Saturns shortcomings and not what to do this is a presentation for you\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Isabella Whelan"],"tags":["120","2025","why2025","Wonderful creations","Delphinus","why2025-eng","Day 3"],"view_count":166,"promoted":false,"date":"2025-08-09T17:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-01-17T00:15:11.114+01:00","length":2057,"duration":2057,"thumb_url":"https://static.media.ccc.de/media/events/why2025/120-2e9491c1-758e-50b4-8e7f-8d84a841d28d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/120-2e9491c1-758e-50b4-8e7f-8d84a841d28d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/120-2e9491c1-758e-50b4-8e7f-8d84a841d28d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/120-2e9491c1-758e-50b4-8e7f-8d84a841d28d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-120-sega-saturn-architectural-hell","url":"https://api.media.ccc.de/public/events/2e9491c1-758e-50b4-8e7f-8d84a841d28d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"a5834c8e-26f5-514d-8e1d-900646c17ba5","title":"Containing the Horror — A Critique on Docker \u0026 Co","subtitle":null,"slug":"why2025-263-containing-the-horror-a-critique-on-docker-co","link":"https://program.why2025.org/why2025/talk/MREBV9/","description":"For a good decade now, containerisation has been a popular solution: Addressing issues such as security, fault tolerance, and scalability, it has turned into a mainstay in IT. Though with a technology that ubiquitous, it does deserve investigation whether it has been put to good use or rather pressed into service.\n\nThis talk includes a brief history of container solutions while challenging a number of common assumptions. While geared at a more seasoned audience, the presentation is very much from the perspective of the ‘plumbing layers,’ which comes with the discussion of many core concepts of Docker/OCI. Hence this should be beginner-friendly to a degree.\n\nMild audience participation is to be expected; may contain traces of DevOps.\n\n**Keywords:** *containers; cloud; linux; docker; oci; kubernetes*\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Stephan Hohmann"],"tags":["263","2025","why2025","The square hole","Delphinus","why2025-eng","Day 5"],"view_count":266,"promoted":false,"date":"2025-08-11T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-25T23:00:05.631+01:00","length":2758,"duration":2758,"thumb_url":"https://static.media.ccc.de/media/events/why2025/263-a5834c8e-26f5-514d-8e1d-900646c17ba5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/263-a5834c8e-26f5-514d-8e1d-900646c17ba5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/263-a5834c8e-26f5-514d-8e1d-900646c17ba5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/263-a5834c8e-26f5-514d-8e1d-900646c17ba5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-263-containing-the-horror-a-critique-on-docker-co","url":"https://api.media.ccc.de/public/events/a5834c8e-26f5-514d-8e1d-900646c17ba5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"89be4075-0499-50b5-881f-e64fc796f2ae","title":"Ctrl+Alt+Delete Anxiety; a guide to mental wellness","subtitle":null,"slug":"why2025-83-ctrl-alt-delete-anxiety-a-guide-to-mental-wellness","link":"https://program.why2025.org/why2025/talk/3NHUZB/","description":"From (political) climate change to people marrying AI chatbots. The world can be a scary place. \n\nThis talk will be a comprehensive guide to anxiety. We’ll go through the basics of neuroscience and **causes of anxiety**, look at **the effects of the neurodivergent brain on anxiety** and you will be provided with **tools backed by science to implement directly into your daily life!**\n\nYou might feel tension in your chest when preparing a presentation, or a funny feeling in your stomach when you know you'll have to take public transport. Almost everyone feels anxious every once in a while, and about 15% of adults in the Netherlands have or have had an anxiety disorder. An explanation about what causes these feelings, and good applicable solutions on managing these feelings are sadly not always easy to find. \n\nThis talk will first provide you with a basic understanding of the (neuro)science behind anxiety. After we have a clear picture of **the causes of anxiety** we’ll look at neurodivergent brains, as many of us are blessed with one of those, and how that can influence anxiety. Last, but definitely not least, we’ll look at current research on anxiety interventions. And I'll provide you with **practical tips**, applicable **long term changes** that might help with daily well-being and **what to do when stressing about the existence of blockchains!**\n\n(Ps. don’t worry, I won't tell you to just go for a run)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Thura van der Knijff"],"tags":["83","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 4"],"view_count":407,"promoted":false,"date":"2025-08-10T11:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-31T17:15:05.623+02:00","length":2551,"duration":2551,"thumb_url":"https://static.media.ccc.de/media/events/why2025/83-89be4075-0499-50b5-881f-e64fc796f2ae.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/83-89be4075-0499-50b5-881f-e64fc796f2ae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/83-89be4075-0499-50b5-881f-e64fc796f2ae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/83-89be4075-0499-50b5-881f-e64fc796f2ae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-83-ctrl-alt-delete-anxiety-a-guide-to-mental-wellness","url":"https://api.media.ccc.de/public/events/89be4075-0499-50b5-881f-e64fc796f2ae","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1471cf0a-5ec4-5129-b71f-1516cfed6dfe","title":"Open Source Imaging \u0026 Open Source Standard Hardware","subtitle":null,"slug":"why2025-117-open-source-imaging-open-source-standard-hardware","link":"https://program.why2025.org/why2025/talk/T9JW9Z/","description":"We developed an open-source low-field MRI and got the clinical certification started! The aim is to create a reference technology for healthcare – which comes with its own complex questions.\n\nThe Open Source Imaging Initiative has developed an open-source low-field MRI – and is now working on the clinical certification for it (+will open-source it as far as legally possible)!\nThis started raising some discussions around the costs and patenting-schemes in public healthcare. But what about the rest of the public infrastructure? And who keeps control of what?\n\nThis talk will give an overview of the current state of the project, a bit of historic context (how could this happen??) and will explore the current discussions around governance and property models – and the idea of Open-Source Standard Hardware\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["moedn"],"tags":["117","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 4"],"view_count":252,"promoted":false,"date":"2025-08-10T12:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-06T11:15:08.103+01:00","length":1541,"duration":1541,"thumb_url":"https://static.media.ccc.de/media/events/why2025/117-1471cf0a-5ec4-5129-b71f-1516cfed6dfe.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/117-1471cf0a-5ec4-5129-b71f-1516cfed6dfe_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/117-1471cf0a-5ec4-5129-b71f-1516cfed6dfe.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/117-1471cf0a-5ec4-5129-b71f-1516cfed6dfe.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-117-open-source-imaging-open-source-standard-hardware","url":"https://api.media.ccc.de/public/events/1471cf0a-5ec4-5129-b71f-1516cfed6dfe","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"0ac7fb43-77a5-5261-9e2f-b766523c0523","title":"Digital sovereignty with open source software in the public sector","subtitle":null,"slug":"why2025-216-digital-sovereignty-with-open-source-software-in-the-public-sector","link":"https://program.why2025.org/why2025/talk/EHZBQB/","description":"ZenDiS, the Zentrum Digitale Souveränität in Germany, is at the forefront of loosening the grip the US tech industry (and, via the CLOUD act, the US government) has over the European governments by providing open source solutions for the public sector. Do we do it alone? No! The french and the dutch governments are also onboard and we welcome more countries into our fold!\n\nAn overview over the ZenDiS‘ projects such as openDesk and the 100 day challenges together with our open source accomplices DINUM of France and the Ministerie van Binnenlandse Zaken en Koninkrijksrelaties of the Netherlands.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Sven Neuhaus"],"tags":["216","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 5"],"view_count":303,"promoted":false,"date":"2025-08-11T11:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-02T22:15:06.786+02:00","length":2019,"duration":2019,"thumb_url":"https://static.media.ccc.de/media/events/why2025/216-0ac7fb43-77a5-5261-9e2f-b766523c0523.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/216-0ac7fb43-77a5-5261-9e2f-b766523c0523_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/216-0ac7fb43-77a5-5261-9e2f-b766523c0523.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/216-0ac7fb43-77a5-5261-9e2f-b766523c0523.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-216-digital-sovereignty-with-open-source-software-in-the-public-sector","url":"https://api.media.ccc.de/public/events/0ac7fb43-77a5-5261-9e2f-b766523c0523","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"238dc42c-e15f-50d7-bbd3-915acd4ce8c0","title":"Afturmath - Synthesis, Lasers, and Soundscapes","subtitle":null,"slug":"why2025-297-afturmath-synthesis-lasers-and-soundscapes","link":"https://program.why2025.org/why2025/talk/7W9GTM/","description":"Afturmath closes the live music program with an immersive journey of sound and light. Combining modular synthesizers, lasers, and abstract video synthesis, Afturmath crafts dense, evolving sonic landscapes that invite you to lose yourself in the experience.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Afturmath"],"tags":["297","2025","why2025","Entertainment","Party Stage","why2025-eng","Day 5"],"view_count":400,"promoted":false,"date":"2025-08-11T21:30:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-12T00:45:05.077+01:00","length":3554,"duration":3554,"thumb_url":"https://static.media.ccc.de/media/events/why2025/297-238dc42c-e15f-50d7-bbd3-915acd4ce8c0.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/297-238dc42c-e15f-50d7-bbd3-915acd4ce8c0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/297-238dc42c-e15f-50d7-bbd3-915acd4ce8c0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/297-238dc42c-e15f-50d7-bbd3-915acd4ce8c0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-297-afturmath-synthesis-lasers-and-soundscapes","url":"https://api.media.ccc.de/public/events/238dc42c-e15f-50d7-bbd3-915acd4ce8c0","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"f89ef4d7-b606-5400-9d7e-454804bccaf2","title":"Summoning Shenron: Building the Cyber Saiyan Badge","subtitle":null,"slug":"why2025-177-summoning-shenron-building-the-cyber-saiyan-badge","link":"https://program.why2025.org/why2025/talk/3CSQRF/","description":"Cyber Saiyan community has designed and developed a special gadget for WHY2025\n\nThe badge was designed to recall the dragon spheres, and will be an updated version of RomHack Camp 2022, both in term of design and features:\n- single core ESP32-C3 SOC\n- WiFi and Bluetooth 5\n- 7 RGB leds in the front\n- TFT display\n- an updated firmware\n\nDuring the talk we will present the hardware design and the firmware so anyone can try to summon Shenron :)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Merlos","Dario Mas"],"tags":["177","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 3"],"view_count":116,"promoted":false,"date":"2025-08-09T16:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-02-11T11:00:09.782+01:00","length":2977,"duration":2977,"thumb_url":"https://static.media.ccc.de/media/events/why2025/177-f89ef4d7-b606-5400-9d7e-454804bccaf2.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/177-f89ef4d7-b606-5400-9d7e-454804bccaf2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/177-f89ef4d7-b606-5400-9d7e-454804bccaf2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/177-f89ef4d7-b606-5400-9d7e-454804bccaf2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-177-summoning-shenron-building-the-cyber-saiyan-badge","url":"https://api.media.ccc.de/public/events/f89ef4d7-b606-5400-9d7e-454804bccaf2","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"dc1e3b33-7e3d-5922-8edf-c96e862b3eed","title":"Opening","subtitle":null,"slug":"why2025-77-opening","link":"https://program.why2025.org/why2025/talk/BAU8GH/","description":"Welcome at WHY2025!\n\nA warm welcome by Nancy and Boekenwuurm, to wish you the best WHY2025 and give a quick intro!\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Boekenwuurm","Nancy Beers"],"tags":["77","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":640,"promoted":false,"date":"2025-08-09T12:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-25T15:00:11.059+01:00","length":1463,"duration":1463,"thumb_url":"https://static.media.ccc.de/media/events/why2025/77-dc1e3b33-7e3d-5922-8edf-c96e862b3eed.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/77-dc1e3b33-7e3d-5922-8edf-c96e862b3eed_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/77-dc1e3b33-7e3d-5922-8edf-c96e862b3eed.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/77-dc1e3b33-7e3d-5922-8edf-c96e862b3eed.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-77-opening","url":"https://api.media.ccc.de/public/events/dc1e3b33-7e3d-5922-8edf-c96e862b3eed","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"bb2d7cfe-3899-5a3d-9bd2-aafbc35fbd19","title":"The \"O\" in OT...or is it the \"Ohhhh...\" in OT?","subtitle":null,"slug":"why2025-51-the-o-in-ot-or-is-it-the-ohhhh-in-ot","link":"https://program.why2025.org/why2025/talk/FE8RQB/","description":"\"De ‘O’ in OT – Operationeel, Onmisbaar, Onbeschermd?\"\nOperational Technology (OT) is de ruggengraat van industrie en kritieke infrastructuur, maar blijft vaak onbeschermd. Traditionele IT-security werkt niet in OT, waar continuïteit essentieel is en stilstand geen optie. Hoe beschermen we OT zonder operaties te verstoren? In deze sessie bespreken we dreigingen, regelgeving (NIS2, CRA) en strategieën om OT echt veilig te maken. OT is onmisbaar – laten we zorgen dat het beschermd blijft.\n\nOperational Technology (OT) vormt de ruggengraat van onze industrie en kritieke infrastructuur. Het houdt productieprocessen draaiende, faciliteert energievoorziening en zorgt voor de stabiliteit van vitale systemen. Maar terwijl de digitalisering OT steeds meer verbindt met IT en IoT, blijven de fundamentele beveiligingsuitdagingen onderbelicht. De systemen die onmisbaar zijn, blijken vaak ook het meest kwetsbaar.\n\nIn deze sessie duiken we in de kern van OT-security anno 2025. Waarom werken traditionele IT-beveiligingsstrategieën niet in OT? Hoe kunnen organisaties de continuïteit van hun operationele processen waarborgen zonder hun productie stil te leggen? En hoe zorgen we ervoor dat compliance zoals NIS2 en de Cyber Resilience Act niet slechts een checklist is, maar een echte kans om OT te beschermen?\n\nAan de hand van praktijkvoorbeelden, dreigingsanalyses en best practices laten we zien waarom OT-beveiliging een andere benadering vereist. We bespreken:\n\nDe unieke kwetsbaarheden van OT en waarom traditionele security-aanpakken tekortschieten\nDe grootste OT-dreigingen van vandaag: ransomware, supply chain attacks en insider threats\nDe balans tussen operationele continuïteit en cybersecurity – want stilstand is geen optie\nHoe organisaties OT-security kunnen integreren zonder disruptie\nOT-security is geen luxe, het is een noodzaak. De ‘O’ in OT staat niet alleen voor Operationeel, maar ook voor Onmisbaar – en als we niet opletten, Onbeschermd.\n\nBenieuwd naar de realiteit achter OT-beveiliging? Kom en ontdek hoe we OT écht veilig kunnen maken.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Rene"],"tags":["51","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 3"],"view_count":167,"promoted":false,"date":"2025-08-09T16:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-17T19:45:06.728+01:00","length":2593,"duration":2593,"thumb_url":"https://static.media.ccc.de/media/events/why2025/51-bb2d7cfe-3899-5a3d-9bd2-aafbc35fbd19.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/51-bb2d7cfe-3899-5a3d-9bd2-aafbc35fbd19_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/51-bb2d7cfe-3899-5a3d-9bd2-aafbc35fbd19.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/51-bb2d7cfe-3899-5a3d-9bd2-aafbc35fbd19.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-51-the-o-in-ot-or-is-it-the-ohhhh-in-ot","url":"https://api.media.ccc.de/public/events/bb2d7cfe-3899-5a3d-9bd2-aafbc35fbd19","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"7b338bf3-37bd-57ce-ab4b-c7f4be31b518","title":"WHY2025 Infrastructure Review","subtitle":null,"slug":"why2025-281-why2025-infrastructure-review","link":"https://program.why2025.org/why2025/talk/FY8CXY/","description":"Placeholder for WHY2025 Infrastructure Review... various *OC teams will present about the infrastructure they have built for WHY2025.\n\nAt least Team:NOC will join; previously also Team:Nuts (Power), Team:POC and Team:VOC have joined.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Arjan Koopen"],"tags":["281","2025","why2025","Hacking","Brachium","why2025-eng","Day 5"],"view_count":902,"promoted":false,"date":"2025-08-11T16:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-24T11:45:07.143+01:00","length":3252,"duration":3252,"thumb_url":"https://static.media.ccc.de/media/events/why2025/281-7b338bf3-37bd-57ce-ab4b-c7f4be31b518.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/281-7b338bf3-37bd-57ce-ab4b-c7f4be31b518_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/281-7b338bf3-37bd-57ce-ab4b-c7f4be31b518.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/281-7b338bf3-37bd-57ce-ab4b-c7f4be31b518.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-281-why2025-infrastructure-review","url":"https://api.media.ccc.de/public/events/7b338bf3-37bd-57ce-ab4b-c7f4be31b518","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"51557ae9-c6af-5ecc-b661-929895f5226e","title":"qryptr - airgapped secure hardware messenger","subtitle":null,"slug":"why2025-30-qryptr-airgapped-secure-hardware-messenger","link":"https://program.why2025.org/why2025/talk/YEN87P/","description":"Are you a smartphone user worried about spyware, advanced actors, backdoors, zero-days or side-channel attacks? These routinely bypass end-to-end encryption through keyloggers, screen capture and compromised keys. Smartphones are part of complex ecosystems with dozens of hardware and software components and remain vulnerable despite vendor and political efforts.\n\nWe introduce a simple, offline, airgapped device to counter such threats.\n\nCheckout www.qryptr.com and github.com/gappuser/qryptr\n\nShow-and-tell of qryptr, the completely open-source secure messaging device.\nCheckout https://github.com/gappuser/qryptr and https://qryptr.com\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Thomas"],"tags":["30","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 3"],"view_count":164,"promoted":false,"date":"2025-08-09T12:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-26T12:00:06.845+01:00","length":1292,"duration":1292,"thumb_url":"https://static.media.ccc.de/media/events/why2025/30-51557ae9-c6af-5ecc-b661-929895f5226e.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/30-51557ae9-c6af-5ecc-b661-929895f5226e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/30-51557ae9-c6af-5ecc-b661-929895f5226e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/30-51557ae9-c6af-5ecc-b661-929895f5226e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-30-qryptr-airgapped-secure-hardware-messenger","url":"https://api.media.ccc.de/public/events/51557ae9-c6af-5ecc-b661-929895f5226e","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"d39aa077-4e69-5587-be7a-f661fe13b6e2","title":"Reverse Engineering Life: Afterparty","subtitle":null,"slug":"why2025-318-reverse-engineering-life-afterparty","link":"https://program.why2025.org/why2025/talk/A8LMHV/","description":"Afterparty for \"Reverse Engineering Life: A teardown of the DNA source code of a whole bacterium\". Q\u0026A and some bonus content.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["bert hubert"],"tags":["318","2025","why2025","The square hole","Cassiopeia","why2025-eng","Day 5"],"view_count":200,"promoted":false,"date":"2025-08-11T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-21T02:30:04.060+01:00","length":3004,"duration":3004,"thumb_url":"https://static.media.ccc.de/media/events/why2025/318-d39aa077-4e69-5587-be7a-f661fe13b6e2.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/318-d39aa077-4e69-5587-be7a-f661fe13b6e2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/318-d39aa077-4e69-5587-be7a-f661fe13b6e2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/318-d39aa077-4e69-5587-be7a-f661fe13b6e2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-318-reverse-engineering-life-afterparty","url":"https://api.media.ccc.de/public/events/d39aa077-4e69-5587-be7a-f661fe13b6e2","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1cbe580d-601c-5df4-8df7-ff80b7ff9ec1","title":"Capture flags and secret tokens at WHY2025","subtitle":null,"slug":"why2025-122-capture-flags-and-secret-tokens-at-why2025","link":"https://program.why2025.org/why2025/talk/TJJR3W/","description":"WHY2025 contains a lot of activities and entertainment for the attendees. This presentation focuses on two of these activities, namely the CTF (Capture The Flag) and Secret Token Game. These activities focus on a wide range of visitors, including seasoned hackers, inspired newcomers and even the youngest generation. Want to try the CTF or search for some Secret Tokens? Join this talk for an introduction and background information.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Thijs Bosschert"],"tags":["122","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 3"],"view_count":218,"promoted":false,"date":"2025-08-09T22:35:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-02-21T21:45:08.768+01:00","length":1098,"duration":1098,"thumb_url":"https://static.media.ccc.de/media/events/why2025/122-1cbe580d-601c-5df4-8df7-ff80b7ff9ec1.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/122-1cbe580d-601c-5df4-8df7-ff80b7ff9ec1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/122-1cbe580d-601c-5df4-8df7-ff80b7ff9ec1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/122-1cbe580d-601c-5df4-8df7-ff80b7ff9ec1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-122-capture-flags-and-secret-tokens-at-why2025","url":"https://api.media.ccc.de/public/events/1cbe580d-601c-5df4-8df7-ff80b7ff9ec1","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"08651a17-0289-54c2-b829-ab91341be8b1","title":"The story and maths behind the Sferical lamps","subtitle":null,"slug":"why2025-88-the-story-and-maths-behind-the-sferical-lamps","link":"https://program.why2025.org/why2025/talk/Y9YKJF/","description":"My experience of contributing to an open-source project for the first time and the juicy details (maths) of the geometry of the Sferical lamps  (the ones that hang in Heaven / Silent Lounge)\n\nI'd like to take you with me on how I build a generator for spherical lampshades. I'll talk about how math slowly turns into magic. \n\nThe math is mainly trigonometry, so we can reminisce about highschool. But don't worry too much about it. It will be visualised, so everyone can follow along. \nThe real magic happens when we introduce light into the equation, illuminating the creations in stunning ways. Plus, since this project is open source, you'll have the opportunity to craft your own unique lampshades! Or hack it into something else entirely...\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["R3GB (ReggieB)"],"tags":["88","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 5"],"view_count":93,"promoted":false,"date":"2025-08-11T17:35:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2025-11-09T16:30:04.744+01:00","length":1393,"duration":1393,"thumb_url":"https://static.media.ccc.de/media/events/why2025/88-08651a17-0289-54c2-b829-ab91341be8b1.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/88-08651a17-0289-54c2-b829-ab91341be8b1_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/88-08651a17-0289-54c2-b829-ab91341be8b1.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/88-08651a17-0289-54c2-b829-ab91341be8b1.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-88-the-story-and-maths-behind-the-sferical-lamps","url":"https://api.media.ccc.de/public/events/08651a17-0289-54c2-b829-ab91341be8b1","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"37fef871-feb7-5b9f-b0bf-499beff88b33","title":"Elephants, ants and introduction to topology","subtitle":null,"slug":"why2025-111-elephants-ants-and-introduction-to-topology","link":"https://program.why2025.org/why2025/talk/B9KU3X/","description":"Have you ever thought that Mathematics is a boring science about multiplying matrices, calculating integrals and approximating functions? Well, you've been wrong.\n\nMathematics is much bigger than that and in this talk we are going to look at one of the foundational object in Topology - a manifold. And, most importantly, we won't need any formulas or calculations to introduce it.\n\n(No prior knowledge of any level is required)\n\nAs a PhD in Geometry and Topology, working in Software Engineering, I rarely have an opportunity to use Mathematics in day-to-day tasks. You don't really need Abstract Algebra to write a YAML-file.\n\nYet, I think there is a number of mathematical concepts, which do not require an in-depth knowledge and complex abstractions, but can enrich our language and the way how we think about problems, how we collaborate, and how we structure the work around complex tasks.\n\nUnfortunately, it often happens that mathematical abstraction get hidden behind the tons of Calculus, which you are expected to master before you are allowed to dive deeper. It doesn't have to be this way and I will prove it :)\n\nSo let's talk about the topology the fun way.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Aleksandra Fedorova"],"tags":["111","2025","why2025","The square hole","Cassiopeia","why2025-eng","Day 3"],"view_count":75,"promoted":false,"date":"2025-08-09T14:35:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-01-27T01:30:09.058+01:00","length":1707,"duration":1707,"thumb_url":"https://static.media.ccc.de/media/events/why2025/111-37fef871-feb7-5b9f-b0bf-499beff88b33.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/111-37fef871-feb7-5b9f-b0bf-499beff88b33_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/111-37fef871-feb7-5b9f-b0bf-499beff88b33.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/111-37fef871-feb7-5b9f-b0bf-499beff88b33.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-111-elephants-ants-and-introduction-to-topology","url":"https://api.media.ccc.de/public/events/37fef871-feb7-5b9f-b0bf-499beff88b33","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ca519e2e-822d-575f-822f-855dceaf7682","title":"What's that CubeSat Satellite stuff anyhow?","subtitle":null,"slug":"why2025-94-what-s-that-cubesat-satellite-stuff-anyhow","link":"https://program.why2025.org/why2025/talk/LZSAXB/","description":"CubeSats are small satellites comprised of 10x10x10cm \"units\" and range in size from very small 1U or smaller PocketQubes to 24U beasts. What can be achieved with such a satellite platform and why?\n\nI will go in to a brief history with examples from customers and amateur radio CubeSats.\n\nDuring my 20 years working with CubeSats, starting with designing parts of the Delfi-C3 student satellite in 2005, I have seen many missions and I have been involved in the design of quite a few CubeSats. Often, people ask me \"what can you do with such a small satellite\" and that prompted me to create this talk!\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Wouter"],"tags":["94","2025","why2025","The square hole","Brachium","why2025-eng","Day 3"],"view_count":130,"promoted":false,"date":"2025-08-09T16:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-10T18:45:09.751+01:00","length":2888,"duration":2888,"thumb_url":"https://static.media.ccc.de/media/events/why2025/94-ca519e2e-822d-575f-822f-855dceaf7682.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/94-ca519e2e-822d-575f-822f-855dceaf7682_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/94-ca519e2e-822d-575f-822f-855dceaf7682.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/94-ca519e2e-822d-575f-822f-855dceaf7682.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-94-what-s-that-cubesat-satellite-stuff-anyhow","url":"https://api.media.ccc.de/public/events/ca519e2e-822d-575f-822f-855dceaf7682","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"e40fc92d-e6ac-57d6-b598-ce1c980354fa","title":"Reverse-Engineering Government Transparency","subtitle":null,"slug":"why2025-186-reverse-engineering-government-transparency","link":"https://program.why2025.org/why2025/talk/3BFFLY/","description":"The hacker ethic teaches us that information should be free. So why do governments still keep so much of it inaccessible and out of reach? In this talk, we'll break down the barriers to digital transparency, show how hackers can help open up the government, and lay out a vision for a more democratic, accountable and open state.\n\nGovernments should be radically more transparent, because public information and open data allow researchers, businesses, and voters to make better decisions. But too often, public data is fragmented, incomplete, hard to access, or never published at all.\n\nAt [Open State Foundation](https://openstate.eu/), we’ve spent more than a decade working to unlock that information. In this talk, we’ll share how we use a hacker's mindset to reverse-engineer transparency: \n\n- from tracking how long ministries take to answer Access to Information requests (the answer will surprise you), \n- to scraping hundreds of document portals into one search engine, \n- to building public calendars of ministerial meetings that anyone can subscribe to.\n\nBut above all, we’ll ask: how can hackers help open up the government?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Quinten Coret"],"tags":["186","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 3"],"view_count":160,"promoted":false,"date":"2025-08-09T22:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-01-23T17:45:15.145+01:00","length":1653,"duration":1653,"thumb_url":"https://static.media.ccc.de/media/events/why2025/186-e40fc92d-e6ac-57d6-b598-ce1c980354fa.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/186-e40fc92d-e6ac-57d6-b598-ce1c980354fa_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/186-e40fc92d-e6ac-57d6-b598-ce1c980354fa.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/186-e40fc92d-e6ac-57d6-b598-ce1c980354fa.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-186-reverse-engineering-government-transparency","url":"https://api.media.ccc.de/public/events/e40fc92d-e6ac-57d6-b598-ce1c980354fa","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5674cf4a-b6a6-5911-9b01-7643a26f8371","title":"Lightning Talks","subtitle":null,"slug":"The square hole","link":"various","description":"Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.why2025.org/Lightning_Talks\n\nLightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.why2025.org/Lightning_Talks\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["0"],"tags":["275","2025","why2025","Talk (50 minutes)","why2025-275-2-lightning-talks","why2025-eng","Day 6"],"view_count":191,"promoted":false,"date":"2025-08-12T10:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-08T19:30:05.651+01:00","length":2928,"duration":2928,"thumb_url":"https://static.media.ccc.de/media/events/why2025/275-5674cf4a-b6a6-5911-9b01-7643a26f8371.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/275-5674cf4a-b6a6-5911-9b01-7643a26f8371_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/275-5674cf4a-b6a6-5911-9b01-7643a26f8371.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/275-5674cf4a-b6a6-5911-9b01-7643a26f8371.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/The%20square%20hole","url":"https://api.media.ccc.de/public/events/5674cf4a-b6a6-5911-9b01-7643a26f8371","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"75829077-7c88-5efa-9421-619394febf4f","title":"Embrace Chaos! How Game Randomizers Work","subtitle":null,"slug":"why2025-129-embrace-chaos-how-game-randomizers-work","link":"https://program.why2025.org/why2025/talk/YXDFYP/","description":"Game randomizers can breathe fresh air into your favorite video games by changing where things are, what enemies you fight, or even what the win conditions are. But how do they work? Let's embrace chaos and learn about them!\n\nGame randomizers can breathe fresh air into your favorite video games by changing where things are, what enemies you fight, or even what the win conditions are. But how do they work? In this talk, I'll share my experience building a randomizer for the Gameboy Advance version of Final Fantasy 1. I'll tell you about the stumbling blocks I hit, and how I solved them. I'll also share the lessons I learned building my project, and how I'd do it better next time.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Nikki"],"tags":["129","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 4"],"view_count":156,"promoted":false,"date":"2025-08-10T16:10:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-21T18:30:06.302+01:00","length":1585,"duration":1585,"thumb_url":"https://static.media.ccc.de/media/events/why2025/129-75829077-7c88-5efa-9421-619394febf4f.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/129-75829077-7c88-5efa-9421-619394febf4f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/129-75829077-7c88-5efa-9421-619394febf4f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/129-75829077-7c88-5efa-9421-619394febf4f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-129-embrace-chaos-how-game-randomizers-work","url":"https://api.media.ccc.de/public/events/75829077-7c88-5efa-9421-619394febf4f","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"fcfbc885-a6b0-5a0e-b394-1f5e88fab2cf","title":"Fruit machines: How people steal from them and manufacturer mistakes.","subtitle":null,"slug":"why2025-54-fruit-machines-how-people-steal-from-them-and-manufacturer-mistakes","link":"https://program.why2025.org/why2025/talk/A9ZQBL/","description":"Fruit machines are everywhere.....and they contain cash. This is a talk about the efforts people go to to steal cash from the machines, and what can go wrong when the engineers creating them make mistakes.\n\nI've been working with fruit machines as a software engineer for over 30 years, primarily on system platforms and machine security. This talk gives an insight into some of the physical techniques thieves have developed over the years to steal cash from machines, and the catastrophic consequences of poor software.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Tony Goacher"],"tags":["54","2025","why2025","The square hole","Andromeda","why2025-eng","Day 4"],"view_count":474,"promoted":false,"date":"2025-08-10T14:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-22T02:00:07.957+01:00","length":2443,"duration":2443,"thumb_url":"https://static.media.ccc.de/media/events/why2025/54-fcfbc885-a6b0-5a0e-b394-1f5e88fab2cf.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/54-fcfbc885-a6b0-5a0e-b394-1f5e88fab2cf_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/54-fcfbc885-a6b0-5a0e-b394-1f5e88fab2cf.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/54-fcfbc885-a6b0-5a0e-b394-1f5e88fab2cf.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-54-fruit-machines-how-people-steal-from-them-and-manufacturer-mistakes","url":"https://api.media.ccc.de/public/events/fcfbc885-a6b0-5a0e-b394-1f5e88fab2cf","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ebfe2b41-7a4d-5c2a-96dd-4b4067c06ae7","title":"Hacking your Dreams","subtitle":null,"slug":"why2025-16-hacking-your-dreams","link":"https://program.why2025.org/why2025/talk/KBJXPG/","description":"What could be more fun than gaining control over your dreamworld? Go to sleep, and find yourself doing things that would be impossible in the real world. Flying? No problem! You can be superman and have it feel more real than reality. Now if that's not a fun hacking project..\n\nYou can hack all sorts of things. Software, hardware. But being a hacker, what makes more sense than to hack oneself? Hackers have been turning themselves into bionic man, but we can also just hack our brain, using just out brain. I am talking about lucid dreaming: dreaming while you are aware of doing so and able to shape your dream. This talk will discuss what we know so far about lucid dreams and how they relate to other special states of the mind. The main focus will be on how to hack your own mind to start experiencing lucid dreams, what you can do in them, and how they differ from real life.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Walter Belgers"],"tags":["16","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 3"],"view_count":144,"promoted":false,"date":"2025-08-09T11:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-15T23:15:06.046+01:00","length":2037,"duration":2037,"thumb_url":"https://static.media.ccc.de/media/events/why2025/16-ebfe2b41-7a4d-5c2a-96dd-4b4067c06ae7.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/16-ebfe2b41-7a4d-5c2a-96dd-4b4067c06ae7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/16-ebfe2b41-7a4d-5c2a-96dd-4b4067c06ae7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/16-ebfe2b41-7a4d-5c2a-96dd-4b4067c06ae7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-16-hacking-your-dreams","url":"https://api.media.ccc.de/public/events/ebfe2b41-7a4d-5c2a-96dd-4b4067c06ae7","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2d778deb-2722-5aae-866f-e406d1c840c6","title":"Bootstrapping a Museum with Open Source","subtitle":null,"slug":"why2025-50-bootstrapping-a-museum-with-open-source","link":"https://program.why2025.org/why2025/talk/S9HGKU/","description":"Since 2020, EICAS evolved from an idea without collection, location or money into a full-fledged, officially-recognized museum for modern and contemporary art in Deventer, the Netherlands.\n\nIn this technically-oriented talk, I will take you on a whirlwind tour of the open source tools and custom hacks with which we've grown into the 100+-person all-volunteer organization we are today, on a shoe-string budget.\n\nExpect: NixOS, nginx for email, Nextcloud, the Semantic Web strikes back, Roundcube, systemd, DoS mayhem, Fat Thin Clients, Wikipedia edit wars, and much more.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Arnout 'raboof' Engelen"],"tags":["50","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 3"],"view_count":118,"promoted":false,"date":"2025-08-09T17:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-10T12:45:06.474+01:00","length":2514,"duration":2514,"thumb_url":"https://static.media.ccc.de/media/events/why2025/50-2d778deb-2722-5aae-866f-e406d1c840c6.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/50-2d778deb-2722-5aae-866f-e406d1c840c6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/50-2d778deb-2722-5aae-866f-e406d1c840c6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/50-2d778deb-2722-5aae-866f-e406d1c840c6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-50-bootstrapping-a-museum-with-open-source","url":"https://api.media.ccc.de/public/events/2d778deb-2722-5aae-866f-e406d1c840c6","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ad19d388-2d06-5784-882b-b77588596bb4","title":"How (not) to configure your domainname [internet.nl]","subtitle":null,"slug":"why2025-258-how-not-to-configure-your-domainname-internet-nl","link":"https://program.why2025.org/why2025/talk/XVET7C/","description":"The most common configurations seen in scanning domain names with [Internet.nl](https://internet.nl), e.g. those found in [biannual governmental measurements](https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden).\n\nThis talk will explain how to configure modern security standards on your domain name with the help of [the open source](https://github.com/internetstandards/Internet.nl/) [Internet.nl](https://internet.nl). It will show common misconfigurations in DNS and security headers. Teach you why you should probably want to avoid `www CNAME @`, want to enable IPv6 and other observations from the [biannual measurements](https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden) of scanning more than 10.000 governmental host names in The Netherlands.\n\nAfter this talk you'll know at least one DNS or security header improvement for your own or organization domain.\n\nThis presentation will touch:\n- why enable DNSSEC ([RFC 4033](https://datatracker.ietf.org/doc/html/rfc4033) and many more), some common failures (e.g. CNAME's)\n- why enable IPv6, not talking about 'IPv4-mapped IPv6 address' here, issues if you're still not supporting IPv6 (almost 30 years after [RFC 1883](https://datatracker.ietf.org/doc/html/rfc1883))\n- why not CNAME to your apex domain (if you have an Mx record)\n- why use Null MX ([RFC 7505](https://datatracker.ietf.org/doc/html/rfc7505))\n- why configuration SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)) on all hostnames\n- why there are more reasons to avoid CNAME's\n- why enable DANE ([RFC 6698](https://datatracker.ietf.org/doc/html/rfc6698)) and TLSRPT ([RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)) and why it's superior to MTA-STA ([RFC 8461](https://datatracker.ietf.org/doc/html/rfc8461)), how to rotate DANE\n- why monitoring matters\n- why first doing a `https://` redirect before a domain redirect\n- why a strict Content-Security-Policy ([CSP v3](https://www.w3.org/TR/CSP3/)) will save you\n- why configure `ssl_reject_handshake` (nginx only)\n- why have an accessible security.txt (special allow rule if you have basic auth!) that contains at least one email address\n- why start cookie names with `__Host-`or `__Secure-` ([MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#cookie-namecookie-value))\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Benjamin W. Broersma"],"tags":["258","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 5"],"view_count":583,"promoted":false,"date":"2025-08-11T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-29T08:45:02.877+02:00","length":3016,"duration":3016,"thumb_url":"https://static.media.ccc.de/media/events/why2025/258-ad19d388-2d06-5784-882b-b77588596bb4.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/258-ad19d388-2d06-5784-882b-b77588596bb4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/258-ad19d388-2d06-5784-882b-b77588596bb4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/258-ad19d388-2d06-5784-882b-b77588596bb4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-258-how-not-to-configure-your-domainname-internet-nl","url":"https://api.media.ccc.de/public/events/ad19d388-2d06-5784-882b-b77588596bb4","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"9ab2952e-ac75-5a68-a15e-4f75cc95ad91","title":"How to build and launch a high-altitude balloon project","subtitle":null,"slug":"why2025-173-how-to-build-and-launch-a-high-altitude-balloon-project","link":"https://program.why2025.org/why2025/talk/RC9LR7/","description":"If you want to try something new, unusual, and technically creative, try high-altitude ballooning! In this short presentation, I'll share my experiences from a series of three high-altitude balloon projects. These projects included launching sensor payloads to altitudes about 25km and live HD video transmission from the stratosphere. You will learn how to prepare your payload, how to track its position and telemetry data using solutions, and even how to rescue a landed payload from a tall tree!\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Aleksander Parachniewicz"],"tags":["173","2025","why2025","Wonderful creations","Delphinus","why2025-eng","Day 3"],"view_count":270,"promoted":false,"date":"2025-08-09T12:35:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-21T15:15:04.997+01:00","length":1838,"duration":1838,"thumb_url":"https://static.media.ccc.de/media/events/why2025/173-9ab2952e-ac75-5a68-a15e-4f75cc95ad91.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/173-9ab2952e-ac75-5a68-a15e-4f75cc95ad91_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/173-9ab2952e-ac75-5a68-a15e-4f75cc95ad91.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/173-9ab2952e-ac75-5a68-a15e-4f75cc95ad91.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-173-how-to-build-and-launch-a-high-altitude-balloon-project","url":"https://api.media.ccc.de/public/events/9ab2952e-ac75-5a68-a15e-4f75cc95ad91","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"0605bf1a-078d-5279-9610-78e52fd6c181","title":"May Contain Hardware Acceleration: Building a 3D Graphics Accelerator in FPGA for the MCH2022 Badge","subtitle":null,"slug":"why2025-252-may-contain-hardware-acceleration-building-a-3d-graphics-accelerator-in-fpga-for-the-mch2022-badge","link":"https://program.why2025.org/why2025/talk/PR3VHT/","description":"The MCH2022 Badge is an wonderful piece of hardware, with a great screen, a dual-core ESP32 CPU, and an Lattice FPGA to act as a co-processor. What if we could use the power of the FPGA to render 3D graphics? In this talk I'll take you through the basics of 3D rendering, the challenges of doing this on the Badge, and how I made the little Lattice produce pretty polygons.\n\nI don't know about you, but when I get my hands on a piece of hardware with a lovely screen and a bit of processing power, my first thought is \"Can I make this produce 3D graphics?\" (Well, the *real* first question is \"Can it run Doom?\" but that was already answered by the wonderful Sylvain Lefebvre.) So when the MCH2022 Badge was announced to come with an FPGA to play around with, well I knew where my free time would end up for a while.\n\nThe FPGA on the MCH2022 badge is, to put it mildly, *petite* at just 5K LUTs. And while it has plenty of memory space, memory bandwidth is limited. A traditional framebuffer-based 3D renderer wasn't going to work. So I had to get creative and instead render in vertical strips, while using as few operations per pixels as possible.\n\nIn this talk I'll explain how rasterization (the process of turning triangles into pixels) typically works, why this is challenging to do on the Badge hardware, and what I did instead. I'll talk about texturing and I'll add some crunchy digital details like memory bandwidth.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Ruud Schellekens"],"tags":["252","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 3"],"view_count":278,"promoted":false,"date":"2025-08-09T20:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-04-02T17:00:05.338+02:00","length":1366,"duration":1366,"thumb_url":"https://static.media.ccc.de/media/events/why2025/252-0605bf1a-078d-5279-9610-78e52fd6c181.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/252-0605bf1a-078d-5279-9610-78e52fd6c181_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/252-0605bf1a-078d-5279-9610-78e52fd6c181.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/252-0605bf1a-078d-5279-9610-78e52fd6c181.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-252-may-contain-hardware-acceleration-building-a-3d-graphics-accelerator-in-fpga-for-the-mch2022-badge","url":"https://api.media.ccc.de/public/events/0605bf1a-078d-5279-9610-78e52fd6c181","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1b99e296-a39a-5122-91a8-d59e52881f8d","title":"The Well Is Poisoned — Now What Shall We Drink?","subtitle":null,"slug":"why2025-241-the-well-is-poisoned-now-what-shall-we-drink","link":"https://program.why2025.org/why2025/talk/FHLCMR/","description":"Wikipedia tells us that _low-background steel_ is steel produced before the detonation of the first nuclear bombs. Yep, you guessed it, **this is a talk about Large Language Models**. LLM outputs have quickly spread like radionuclides, threatening everything from the scientific record to the existence of the Internet as we know it. In this talk I'll discuss _practical small web approaches_ that we can use to build a new Internet that doesn't suck quite so badly. There will also be memes ;-)\n\nHave you noticed how the **good stuff** on the Internet is increasingly hidden behind bot checks, subscriptions and paywalls? And that it's getting harder and harder to find things online due to LLM pollution? Welcome to the club! You are in the right place.\n\nIn this talk I'll highlight some of the most egregious examples, consider how we can best preserve _low background information_ for future generations, and how we can use small web techniques like **self-hosted blogs and static site generators** to bootstrap a new infosphere that doesn't rely on a handful of _hyperscale operators_.\n\nI'm particularly interested in how we can _federate and syndicate search_, learning from protocols and standards like RSS and ActivityPub. As part of the talk I'll give you some practical tools and approaches to try. If you find this interesting, consider joining us in the [SearchClub](https://matrix.to/#/#searchclub:matrix.org). **Let's have fun building the new Internet together!**\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Martin Hamilton"],"tags":["241","2025","why2025","Hacking","Andromeda","why2025-eng","Day 6"],"view_count":432,"promoted":false,"date":"2025-08-12T11:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-27T13:30:06.372+01:00","length":2882,"duration":2882,"thumb_url":"https://static.media.ccc.de/media/events/why2025/241-1b99e296-a39a-5122-91a8-d59e52881f8d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/241-1b99e296-a39a-5122-91a8-d59e52881f8d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/241-1b99e296-a39a-5122-91a8-d59e52881f8d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/241-1b99e296-a39a-5122-91a8-d59e52881f8d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-241-the-well-is-poisoned-now-what-shall-we-drink","url":"https://api.media.ccc.de/public/events/1b99e296-a39a-5122-91a8-d59e52881f8d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"49a699a3-fa4b-5c80-8a0b-8685a284e6c3","title":"Who Gave the Toaster Root Access to the Physical World?","subtitle":null,"slug":"why2025-104-who-gave-the-toaster-root-access-to-the-physical-world","link":"https://program.why2025.org/why2025/talk/AUF93C/","description":"Smart devices are deeply embedded in the physical world: they can see, hear, and control things around us, often with zero real limits. When they’re hacked, it’s not just your data on the line; it’s your safety, privacy, and environment. In this talk, I’ll share some new ideas for putting a layer of access control between these devices and the real world, so we stop giving them a blank check.\n\nThese days, “smart” devices aren’t just watching and listening: they can act on the physical world, often with zero meaningful limits. They unlock doors, adjust thermostats, steer vacuums, and record what’s going on around us 24/7. When these devices get compromised, and many do, it’s not just boring data on the line. It’s your safety, privacy, and physical space.\n\nThe problem? We’ve handed out root access to the physical world like candy. Any device can sense or actuate whenever it wants. There's no layered control, no boundaries between software and the real world. If malware gets in, it gets full access to your home, office, or anything else the device is wired into.\n\nIn this talk, I’ll show how we can fix that by treating _sensing and actuation as privileges_,not defaults. Instead of giving every device free rein over what it can hear or control, we can build mechanisms that require software to explicitly request, and be granted, access to the physical world. That access can be temporary, conditional, or denied altogether.\n\nWe'll look at how to physically separate sensors and actuators from the software stack so that even if a device is compromised, it can’t automatically reach into your environment. We'll also explore approaches that enforce forgetfulness: ensuring that standby devices like smart speakers can’t quietly hoard data or leak it when compromised. If nothing relevant to the device's task happened, nothing should be remembered.\n\nThe goal is simple: to take back control from black-box devices and start designing systems where physical-world access isn’t assumed, it’s earned.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Piet De Vaere"],"tags":["104","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 4"],"view_count":123,"promoted":false,"date":"2025-08-10T21:35:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-26T18:00:05.704+01:00","length":1617,"duration":1617,"thumb_url":"https://static.media.ccc.de/media/events/why2025/104-49a699a3-fa4b-5c80-8a0b-8685a284e6c3.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/104-49a699a3-fa4b-5c80-8a0b-8685a284e6c3_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/104-49a699a3-fa4b-5c80-8a0b-8685a284e6c3.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/104-49a699a3-fa4b-5c80-8a0b-8685a284e6c3.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-104-who-gave-the-toaster-root-access-to-the-physical-world","url":"https://api.media.ccc.de/public/events/49a699a3-fa4b-5c80-8a0b-8685a284e6c3","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"658e5850-708a-5a65-829d-91dad3dea4ac","title":"Retrospective: Adventures with CircuitPython","subtitle":null,"slug":"why2025-27-retrospective-adventures-with-circuitpython","link":"https://program.why2025.org/why2025/talk/M3GWAJ/","description":"I used CircuitPython (but could have also used MicroPython as well, so this is not about A vs. B) to implement various smart-home related projects. I will present some of my projects and also dive into what Python has to offer for (personal, not corporate-style) embedded devices (and the development process).\n\n1) Introduction\n  - My (past) smart-home setup\n  - Moonshot: my future smart-home setup\n2) Projects\n  - Thermal printer(s)\n  - RFID scanners\n  - Media controls\n   - Family calendar\n3) Circuitpython\n  - Ups and downs\n  - Circuitpython on various Microcontrollers: real-life\n4) Conclusion\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Juergen Pabel"],"tags":["27","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 5"],"view_count":65,"promoted":false,"date":"2025-08-11T22:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-03T06:15:04.045+01:00","length":2752,"duration":2752,"thumb_url":"https://static.media.ccc.de/media/events/why2025/27-658e5850-708a-5a65-829d-91dad3dea4ac.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/27-658e5850-708a-5a65-829d-91dad3dea4ac_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/27-658e5850-708a-5a65-829d-91dad3dea4ac.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/27-658e5850-708a-5a65-829d-91dad3dea4ac.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-27-retrospective-adventures-with-circuitpython","url":"https://api.media.ccc.de/public/events/658e5850-708a-5a65-829d-91dad3dea4ac","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"df24e79d-b83b-5f83-b993-5b9555f3b1ea","title":"Abacus: Open source software for the Dutch Elections","subtitle":null,"slug":"why2025-182-abacus-open-source-software-for-the-dutch-elections","link":"https://program.why2025.org/why2025/talk/ALPRVC/","description":"The Dutch Electoral Council builds its new software-to-be, with a small in-house team, open source and in public. We call her Abacus. In this talk we'll go in depth on the technical and management side of our project. We invite you to join and check out our work! Our talk contains actual code written in Rust.\n\n\"The software used in elections is developed open source\", according to the Dutch law on elections. As we are working on this software at the Dutch Electoral Council, we want to share our experience and invite you to check out our progress so far. We'll go into our development process and technical choices, show some of the cool contributions we received, some of our own code and show what happens when a small government organisation decides to take software development into its own hands. At the talk both the lead developer and teamlead are present, to be able to elaborate on the actual development and on the management of such a project.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Niels Hatzmann","Mark Janssen"],"tags":["182","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 6"],"view_count":508,"promoted":false,"date":"2025-08-12T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-28T09:45:06.237+01:00","length":2904,"duration":2904,"thumb_url":"https://static.media.ccc.de/media/events/why2025/182-df24e79d-b83b-5f83-b993-5b9555f3b1ea.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/182-df24e79d-b83b-5f83-b993-5b9555f3b1ea_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/182-df24e79d-b83b-5f83-b993-5b9555f3b1ea.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/182-df24e79d-b83b-5f83-b993-5b9555f3b1ea.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-182-abacus-open-source-software-for-the-dutch-elections","url":"https://api.media.ccc.de/public/events/df24e79d-b83b-5f83-b993-5b9555f3b1ea","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ade858d2-8be2-580f-ad32-d3d410692403","title":"🔗 Networking your (Linux) Machines","subtitle":null,"slug":"why2025-193-networking-your-linux-machines","link":"https://program.why2025.org/why2025/talk/XZRAHF/","description":"Let's learn about L2 isolation with VLANs and dive into basic network architecture with OPNsense. After playing a bit with IPv4, let's discuss unicorn-issues IPv6 for your homelab-ing. Then expanding with WireGuard for simple inter-machine networks. Finally, we will take a look into a fail of my own via \"security\"(-by-obscurity) and a few words of how to defend against it.\n\nThis talk will discuss the security considerations one should make for their own network at home. The first step, to achieve network segmentation, is the use of VLANs - but how do they work? Then advancing into isolated networks using OPNsene and how to configure routing between them (in a more or less scalable way, purely based on experience).\nAfter breaking up (with) your networks, we will take a look into IPv6 troubles you'll likely encounter when you begin applying more strict rulesets onto your network and start leaving NAT-ting behind you. This will also include a quick summary of the most important IPv6-terms you'll need.\nInstead of exposing your services publicly, one can also establish site-to-site (S2S) links with well-known parties, so we will take a quick look into getting WireGuard up and running - once again with some pitfalls you may encounter.\nIn the end, we will take a brief detour into how one could exploit one of my own mistakes (DNS-based routing without application of source-ip filtering).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["simonmicro"],"tags":["193","2025","why2025","The square hole","Cassiopeia","why2025-eng","Day 3"],"view_count":1480,"promoted":false,"date":"2025-08-09T12:35:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-28T16:15:05.011+01:00","length":1538,"duration":1538,"thumb_url":"https://static.media.ccc.de/media/events/why2025/193-ade858d2-8be2-580f-ad32-d3d410692403.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/193-ade858d2-8be2-580f-ad32-d3d410692403_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/193-ade858d2-8be2-580f-ad32-d3d410692403.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/193-ade858d2-8be2-580f-ad32-d3d410692403.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-193-networking-your-linux-machines","url":"https://api.media.ccc.de/public/events/ade858d2-8be2-580f-ad32-d3d410692403","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6c476ab2-ae0f-5ba6-9f88-999f88c738ae","title":"Building Bitchat: Offline first protocols and E2E Encrypted Social Apps with Nostr, Noise, and MLS","subtitle":null,"slug":"why2025-71-building-bitchat-offline-first-protocols-and-e2e-encrypted-social-apps-with-nostr-noise-and-mls","link":"https://program.why2025.org/why2025/talk/3QQLRN/","description":"Learn how to build end-to-end encrypted social apps including the newly released Bitchat using Nostr and MLS (Messaging Layer Security). We'll go from Nostr basics through to encrypted groups, explore the open source libraries and apps already in production, and show how to build your own. Includes live coding demonstrating how to create secure, private social tools that actually scale. You'll leave knowing how to build real e2e apps using tested, working tools.\n\nBuilding truly private social applications isn't just about adding encryption - it's about rethinking how we build social spaces. By combining Nostr's decentralized protocol with MLS's efficient group encryption, we can create social apps that are both private and practical. \n\nThe talk walks through:\n\nTechnical Foundation:\n- How Nostr works: events, relays, and NIPs\n- Understanding MLS tree-based group key management\n- Implementing encrypted groups that actually scale\n- Real-world performance and security considerations\n\nPractical Building:\n- Tour of working libraries\n- Open source apps you can use today\n- Common implementation challenges and solutions\n- Live coding of a basic encrypted group chat\n\nBeyond the Code:\n- Why traditional platform encryption fails\n- How forking solves community governance\n- Building tools that empower rather than control\n- Real examples from nos.social and communities.nos.social\n\nYou'll leave understanding not just the protocols, but how to build real applications that respect privacy and community autonomy. We'll look at actual code running in production, discuss practical challenges we've solved, and show how you can start building your own encrypted social tools today.\n\nThis isn't just theory - everything shown is running in production now. Whether you're interested in cryptography, social protocols, or just want to build better tools for human communication, you'll get concrete knowledge you can use.\n\nPrerequisites: Basic familiarity with public key cryptography helpful but not required. Examples will use JavaScript/TypeScript but concepts apply to any language.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["rabble"],"tags":["71","2025","why2025","Hacking","Delphinus","why2025-eng","Day 5"],"view_count":195,"promoted":false,"date":"2025-08-11T19:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-08T08:45:04.477+01:00","length":2627,"duration":2627,"thumb_url":"https://static.media.ccc.de/media/events/why2025/71-6c476ab2-ae0f-5ba6-9f88-999f88c738ae.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/71-6c476ab2-ae0f-5ba6-9f88-999f88c738ae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/71-6c476ab2-ae0f-5ba6-9f88-999f88c738ae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/71-6c476ab2-ae0f-5ba6-9f88-999f88c738ae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-71-building-bitchat-offline-first-protocols-and-e2e-encrypted-social-apps-with-nostr-noise-and-mls","url":"https://api.media.ccc.de/public/events/6c476ab2-ae0f-5ba6-9f88-999f88c738ae","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ee6cc5f3-7366-5a0e-bb90-4ff4a6f1188c","title":"How to become your own ISP","subtitle":null,"slug":"why2025-9-how-to-become-your-own-isp","link":"https://program.why2025.org/why2025/talk/NCFHN3/","description":"This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and more.\n\nEver wanted to become sovereign on the internet? Want to know what its like to run an ISP? Are you a sysadmin that wants to learn more about networking? Then you're at the right place.\n\nThis talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and what you need to do if you want to participate. You will walk away with practical knowledge on how you can get started. \n\nWe'll also take a short tour of my own network, how I set it up and what I use it for.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Nick Bouwhuis"],"tags":["9","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 6"],"view_count":10970,"promoted":false,"date":"2025-08-12T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-03T09:15:04.070+02:00","length":2091,"duration":2091,"thumb_url":"https://static.media.ccc.de/media/events/why2025/9-ee6cc5f3-7366-5a0e-bb90-4ff4a6f1188c.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/9-ee6cc5f3-7366-5a0e-bb90-4ff4a6f1188c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/9-ee6cc5f3-7366-5a0e-bb90-4ff4a6f1188c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/9-ee6cc5f3-7366-5a0e-bb90-4ff4a6f1188c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-9-how-to-become-your-own-isp","url":"https://api.media.ccc.de/public/events/ee6cc5f3-7366-5a0e-bb90-4ff4a6f1188c","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5f2e61c0-6b44-5adb-8143-31892dcdf04e","title":"A Guided Tour to UNIX Shells","subtitle":null,"slug":"why2025-256-a-guided-tour-to-unix-shells","link":"https://program.why2025.org/why2025/talk/CB7A9V/","description":"Any even remotely advanced tasks on unixoid systems will inevitably lead to an encounter with one of the systems oldest components: The shell. An ancient artefact that is in equal parts being feared, mystified, or possibly even glorified.\n\nIn an effort to demystify origins, development, and current role of shells, this talk tells a tale deeply rooted in the earliest days of UNIX development. In the process, several (historic as well as current) shells will be introduced among their notable features and impact on contemporary systems. To finish of, the talk discusses the legacy of historic shells and their influence on modern operating systems with or without UNIX heritage.\n\nWhile technical in parts, this is first and foremost a historical presentation with a bit of an outlook. Less tech-savvy audience members should thus still be able to enjoy this. In fact, newcomers to the shell may find some useful hints.\n\n**Keywords:** *computing history; unix; multics; posix; linux*\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Stephan Hohmann"],"tags":["256","2025","why2025","The square hole","Delphinus","why2025-eng","Day 4"],"view_count":333,"promoted":false,"date":"2025-08-10T19:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-11T19:15:07.024+01:00","length":2560,"duration":2560,"thumb_url":"https://static.media.ccc.de/media/events/why2025/256-5f2e61c0-6b44-5adb-8143-31892dcdf04e.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/256-5f2e61c0-6b44-5adb-8143-31892dcdf04e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/256-5f2e61c0-6b44-5adb-8143-31892dcdf04e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/256-5f2e61c0-6b44-5adb-8143-31892dcdf04e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-256-a-guided-tour-to-unix-shells","url":"https://api.media.ccc.de/public/events/5f2e61c0-6b44-5adb-8143-31892dcdf04e","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"bb112078-5c8e-529f-8042-fc089b168544","title":"Getting Started: Reading Bosch Sensor Data on the Badge with MicroPython","subtitle":null,"slug":"why2025-280-getting-started-reading-bosch-sensor-data-on-the-badge-with-micropython","link":"https://program.why2025.org/why2025/talk/9HUFEX/","description":"This talk introduces participants to the Bosch BMI270 (inertial sensor) and BME690 (environmental sensor) on the WHY2025 Hackathon Badge. After a brief overview of MEMS technology and how these tiny sensors are made and used, we’ll dive into a hands-on session showing how to read sensor data using MicroPython — so you can start experimenting right away.\n\nMEMS (Micro-Electro-Mechanical Systems) sensors are miniature, highly precise components that detect motion, position, and environmental conditions. They are widely used in smartphones, cars, wearables, and smart home devices and are manufactured in specialized cleanrooms using advanced semiconductor processes.\n\nThis talk starts with a short introduction covering:\n\nWhat are MEMS?\nHow are they made?\nWhat can the Bosch BMI270 (6-axis IMU) and BME690 (gas, humidity, temperature, and pressure sensor) do?\nAfter this overview, we’ll switch to a practical session: you’ll learn how to get started with MicroPython to access real-time sensor data on the WHY2025 Badge. By the end, you’ll be ready to experiment with your own ideas and prototypes based on the badge’s powerful sensing capabilities.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Harald Koenig"],"tags":["280","2025","why2025","Hacking","Andromeda","why2025-eng","Day 5"],"view_count":182,"promoted":false,"date":"2025-08-11T21:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-16T13:00:07.686+01:00","length":2977,"duration":2977,"thumb_url":"https://static.media.ccc.de/media/events/why2025/280-bb112078-5c8e-529f-8042-fc089b168544.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/280-bb112078-5c8e-529f-8042-fc089b168544_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/280-bb112078-5c8e-529f-8042-fc089b168544.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/280-bb112078-5c8e-529f-8042-fc089b168544.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-280-getting-started-reading-bosch-sensor-data-on-the-badge-with-micropython","url":"https://api.media.ccc.de/public/events/bb112078-5c8e-529f-8042-fc089b168544","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"4af4e833-7829-54da-869d-7d1adfb70c90","title":"Aid to Ukraine: what to do when your friends end up in a war?","subtitle":null,"slug":"why2025-276-aid-to-ukraine-what-to-do-when-your-friends-end-up-in-a-war","link":"https://program.why2025.org/why2025/talk/SSZSXB/","description":"Since the start of the war, our community has risen to help Ukraine in many different ways. This talk explains what happens when your friends find themselves in a war and ask for help. Luckily, even though it can be overwhelming, everyone can do something. This talk shows you how.\n\nThe IT community in Kharkiv is doing their best to help their city and country to counter the effects of the invasion and war. Together with the Dutch hacker community we try to help them, with practical support, such as medical goods, computers and network equipment and vehicles. \n\nThe project is a true community effort, creating new contacts and relations between our communities. This connection makes it harder to watch the news, but it also offers a practical way to support Ukraine, knowing that all the energy we put in here is useful and welcomed.\n\nAs the war keeps raging we started a foundation to channel all the humanitarian support: Aid to Ukraine. It even has ANBI status. Our website has all the info: https://aidtoukraine.nl\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Niels Hatzmann","Ron"],"tags":["276","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":288,"promoted":false,"date":"2025-08-09T17:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-24T14:00:08.541+01:00","length":2175,"duration":2175,"thumb_url":"https://static.media.ccc.de/media/events/why2025/276-4af4e833-7829-54da-869d-7d1adfb70c90.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/276-4af4e833-7829-54da-869d-7d1adfb70c90_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/276-4af4e833-7829-54da-869d-7d1adfb70c90.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/276-4af4e833-7829-54da-869d-7d1adfb70c90.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-276-aid-to-ukraine-what-to-do-when-your-friends-end-up-in-a-war","url":"https://api.media.ccc.de/public/events/4af4e833-7829-54da-869d-7d1adfb70c90","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"693de6c7-02ab-5e78-a98a-43bb3ba969ae","title":"❤️ Failure - Unbreakable security by breaking things","subtitle":null,"slug":"why2025-187-failure-unbreakable-security-by-breaking-things","link":"https://program.why2025.org/why2025/talk/AATCT7/","description":"Security teams want to prevent incidents - but what if controlled breaking prevents catastrophic failures? Drawing from aviation safety, chaos engineering, and resilience design, discover why 'unbreakable' security comes from breaking things on purpose. Learn to transform incident culture from blame to learning, implement controlled failure practices, and build psychological safety that turns near-misses into competitive advantages.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jelle Niemantsverdriet"],"tags":["187","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 5"],"view_count":104,"promoted":false,"date":"2025-08-11T23:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-08T12:30:07.944+01:00","length":2872,"duration":2872,"thumb_url":"https://static.media.ccc.de/media/events/why2025/187-693de6c7-02ab-5e78-a98a-43bb3ba969ae.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/187-693de6c7-02ab-5e78-a98a-43bb3ba969ae_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/187-693de6c7-02ab-5e78-a98a-43bb3ba969ae.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/187-693de6c7-02ab-5e78-a98a-43bb3ba969ae.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-187-failure-unbreakable-security-by-breaking-things","url":"https://api.media.ccc.de/public/events/693de6c7-02ab-5e78-a98a-43bb3ba969ae","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"fbf55572-ac7a-594f-86ae-db88a61175e5","title":"Detect threats like never before","subtitle":null,"slug":"why2025-180-detect-threats-like-never-before","link":"https://program.why2025.org/why2025/talk/8GWVTN/","description":"Let's dive deep into the threat detection engineering topic and how does the detection engineer's job looks like in 2025. I work with threat researchers, detection engineering, and engineering managers, and we'll talk about it all: from query languages to tuning, from managing detections as code to content management, from maturity of processes to human skills augmentation.\n\nThis talk provides a comprehensive overview of the modern mature detection engineering process, exploring the essential steps organizations must follow and how successful implementation is defined and measured in today's threat landscape.\n\nWhat You'll Learn:\nWe'll examine the complete detection engineering lifecycle, covering the key phases that transform security teams from reactive alert-chasers into proactive threat hunters. You'll understand how to build, implement, and continuously improve detection capabilities that actually work at enterprise scale.\nKey topics:\n- Detection Engineering Process Deep Dive: Walk through the step-by-step process that mature organizations follow, from threat modeling to deployment to continuous improvement and practical use of AI\n- Maturity Framework Analysis: Compare popular detection engineering maturity frameworks, understanding their key differences, strengths, and how to choose the right approach for your organization\n- Detection as Code Adoption: Understand the growing trend toward treating detection rules as code, including version control, testing, and deployment automation that's transforming how security teams operate\n- Success Metrics and Measurement: Discover how to properly define and measure the success of your detection engineering program with meaningful KPIs and assessment criteria\n\nThis session is for security engineers, SOC analysts, detection engineers, and security leaders who want to understand and implement modern detection engineering practices. Whether you're starting your detection engineering journey or looking to mature your existing program, you'll gain practical insights and actionable frameworks to elevate your organization's threat detection capabilities.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Kseniia Ignatovych"],"tags":["180","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 3"],"view_count":241,"promoted":false,"date":"2025-08-09T10:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-06T19:00:07.353+01:00","length":2863,"duration":2863,"thumb_url":"https://static.media.ccc.de/media/events/why2025/180-fbf55572-ac7a-594f-86ae-db88a61175e5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/180-fbf55572-ac7a-594f-86ae-db88a61175e5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/180-fbf55572-ac7a-594f-86ae-db88a61175e5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/180-fbf55572-ac7a-594f-86ae-db88a61175e5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-180-detect-threats-like-never-before","url":"https://api.media.ccc.de/public/events/fbf55572-ac7a-594f-86ae-db88a61175e5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"d3c88c80-227d-59e2-8570-014f2e06bbca","title":"Using deployment diagrams to explain architecture and security to everybody","subtitle":null,"slug":"why2025-211-using-deployment-diagrams-to-explain-architecture-and-security-to-everybody","link":"https://program.why2025.org/why2025/talk/PRV9UP/","description":"This talk will enable you to lead architecture conversations and discuss their security options through an informal diagramming technique. I will use examples such as key/encryption architectures, DevOps, and even your home music system.\n\nPresentation at https://digitalinfrastructures.nl/why2025/\n\nYou have seen many diagrams of computer and information systems in your career. They have been around since the early days of computing. They can be useful, but there are a few typical problems with them:\n•\tThey are drawn with obscure symbols that are only understood by architects\n•\tThey are drawn in an inconsistent way\n•\tThey are not used to their fullest potential.\nIn my practice I have run into these problems often, and I have found ways to turn a certain type of diagram, a simplified version of deployment diagrams, into the cornerstone of explanation of what goes on in cloud and cybersecurity.\nIn the talk I will lead you through the basic principles, and a few examples. This will enable you to lead architecture conversations and discuss their security options. I will use examples such as key/encryption architectures, DevOps, and even your home music system.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Peter van Eijk"],"tags":["211","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 5"],"view_count":109,"promoted":false,"date":"2025-08-11T20:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-08T04:00:03.452+01:00","length":2374,"duration":2374,"thumb_url":"https://static.media.ccc.de/media/events/why2025/211-d3c88c80-227d-59e2-8570-014f2e06bbca.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/211-d3c88c80-227d-59e2-8570-014f2e06bbca_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/211-d3c88c80-227d-59e2-8570-014f2e06bbca.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/211-d3c88c80-227d-59e2-8570-014f2e06bbca.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-211-using-deployment-diagrams-to-explain-architecture-and-security-to-everybody","url":"https://api.media.ccc.de/public/events/d3c88c80-227d-59e2-8570-014f2e06bbca","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"8b3fa9a7-a1d0-572b-8214-8016623f30b6","title":"The shadow of Operational technologies:  A journey into the OT security","subtitle":null,"slug":"why2025-228-the-shadow-of-operational-technologies-a-journey-into-the-ot-security","link":"https://program.why2025.org/why2025/talk/ZJSYET/","description":"In a context of technological integration, OT is getting more and more a green field for attackers and illegal activities. This phenomena is the natural result of the absence of mutual understanding and collaboration between IT and OT sectors that looking one each other as a totally unrelated entities. \nIn this talk we'll explore some OT technologies trying to understand and highlight some of the most relevant aspects of the OT security and we'll have a look to a couple of real incidents in this\n\nThe talk is intended to be a resource for whom don't known anything about OT security and want to start  to address this topic. It's the result of 5 year of experience in this filed and will include an overview of OT security challenges under technical and management prospective. The aim is to highlight some of the most relevant aspect to consider in this context showing a realistic demo and real example of what we could consider OT incidents.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Davide \"Skullb0y\" Pala"],"tags":["228","2025","why2025","Hacking","Delphinus","why2025-eng","Day 3"],"view_count":120,"promoted":false,"date":"2025-08-09T15:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-11T08:45:05.414+01:00","length":2856,"duration":2856,"thumb_url":"https://static.media.ccc.de/media/events/why2025/228-8b3fa9a7-a1d0-572b-8214-8016623f30b6.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/228-8b3fa9a7-a1d0-572b-8214-8016623f30b6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/228-8b3fa9a7-a1d0-572b-8214-8016623f30b6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/228-8b3fa9a7-a1d0-572b-8214-8016623f30b6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-228-the-shadow-of-operational-technologies-a-journey-into-the-ot-security","url":"https://api.media.ccc.de/public/events/8b3fa9a7-a1d0-572b-8214-8016623f30b6","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2fbcd642-53c5-5037-8c37-55b4b5939f91","title":"Is a 1973 Pinball Machine a Computer?","subtitle":null,"slug":"why2025-184-is-a-1973-pinball-machine-a-computer","link":"https://program.why2025.org/why2025/talk/WMXPYU/","description":"Old technology is amazing! Have a look at an old electromechanical Pinball Machine, and try to understand how this works, without any (digital) electronics. Find out these machines have much in common with modern computers. Step by step it becomes clear how an old (1973) Pinball machine is \"programmed\".\n\nA 1973 electromechanical Pinball Machine is an amazing machine. But how does this work without any (digital) electronics? By comparing this to a standard computer, the (mechanical) components are explained. An electromechanical Pinball Machine has many elements from a modern computer. It has I/O, memory, can do (simple) calculations, is programmed for logic operations, and is configurable, But does this make it an early computer or not? Come, listen, and decide for yourself!\n\nWhen the weather conditions are good, the 1973 Pinball Machine will be operational in the Villlage:Back to the 80s Party. Hopefully you can come and play a game on this beautiful Bally Monte Carlo edition of 1973 yourself or with your friends! (Up to 4 concurrent players) Can you set the High Score of the day?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Frans Boeijen"],"tags":["184","2025","why2025","Wonderful creations","Delphinus","why2025-eng","Day 3"],"view_count":142,"promoted":false,"date":"2025-08-09T14:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-15T16:15:05.143+01:00","length":1647,"duration":1647,"thumb_url":"https://static.media.ccc.de/media/events/why2025/184-2fbcd642-53c5-5037-8c37-55b4b5939f91.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/184-2fbcd642-53c5-5037-8c37-55b4b5939f91_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/184-2fbcd642-53c5-5037-8c37-55b4b5939f91.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/184-2fbcd642-53c5-5037-8c37-55b4b5939f91.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-184-is-a-1973-pinball-machine-a-computer","url":"https://api.media.ccc.de/public/events/2fbcd642-53c5-5037-8c37-55b4b5939f91","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2d665a5e-f445-5d81-be22-57cfdbcfcfd8","title":"Scaling up victim notification, because crededential theft is scaling up too...","subtitle":null,"slug":"why2025-203-scaling-up-victim-notification-because-crededential-theft-is-scaling-up-too","link":"https://program.why2025.org/why2025/talk/KUVEEL/","description":"How do you scale up victim notifications from a couple of hundreds, to thousands, to millions to billions of stolen credentials?\n\nCredential theft is on the rise. Cybercriminals are gettings smarter and more efficient. Why hack in, if you can log in?\n\nAt the DIVD we see this trend in the cases where we assist with notifying victims of credential theft. Where our first such cases started with a mere threehundred-something credentials we are now sometimes faced with credential dumps that contains millions of even billions of credentials. \n\nHow can we scale this up, what problems did we face, how did we solve them, and what haven;t we solved yet?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Frank Breedijk"],"tags":["203","2025","why2025","Hacking","Andromeda","why2025-eng","Day 6"],"view_count":51,"promoted":false,"date":"2025-08-12T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-01-16T20:45:15.604+01:00","length":1649,"duration":1649,"thumb_url":"https://static.media.ccc.de/media/events/why2025/203-2d665a5e-f445-5d81-be22-57cfdbcfcfd8.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/203-2d665a5e-f445-5d81-be22-57cfdbcfcfd8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/203-2d665a5e-f445-5d81-be22-57cfdbcfcfd8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/203-2d665a5e-f445-5d81-be22-57cfdbcfcfd8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-203-scaling-up-victim-notification-because-crededential-theft-is-scaling-up-too","url":"https://api.media.ccc.de/public/events/2d665a5e-f445-5d81-be22-57cfdbcfcfd8","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"3c2193b8-1602-50b2-822f-9736b68bad64","title":"AiTM panels and sellers","subtitle":null,"slug":"why2025-167-aitm-panels-and-sellers","link":"https://program.why2025.org/why2025/talk/SKKCEM/","description":"Adversary-in-the-Middle (AiTM) phishing kits have matured into full-service SaaS platforms. This talk dives into the infrastructure, control panels, and sellers behind modern AiTM attacks. From Dockerized environments to Telegram bot-based UIs, we unpack how these platforms operate, scale, and monetize. We also highlight how this SaaS model is spreading. Expect a technical walkthrough of the ecosystem fueling today’s phishing economy.\n\nThis talk offers a deep dive into the infrastructure and operational models behind modern Adversary-in-the-Middle (AiTM) phishing attacks. These aren't hobbyist scripts—they are mature, productized platforms that resemble legitimate SaaS offerings.\n\nWe explore how these platforms work under the hood:\n\nHow attackers deploy dockerized phishing kits\n\nThe use of CDNs, Telegram bots and proxy networks\n\nPanel features like token capture, mailers, and multi-user support\n\nRevenue models, actor branding, and upsells\n\nWe will showcase real examples of AiTM panels (including EvilProxy, Tycoon, Mamba2FA, and Raccoon), backed by original research and detection data gathered from over 2,000 incidents across hundreds of Microsoft 365 tenants. Attendees will walk away with an understanding of how these platforms scale, how attackers manage their infrastructure, and how defenders can detect and preempt them using techniques like pixel beacons and certificate transparency.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["rik van duijn","Wesley Neelen"],"tags":["167","2025","why2025","Hacking","Andromeda","why2025-eng","Day 5"],"view_count":60,"promoted":false,"date":"2025-08-11T16:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-18T16:45:07.637+01:00","length":2475,"duration":2475,"thumb_url":"https://static.media.ccc.de/media/events/why2025/167-3c2193b8-1602-50b2-822f-9736b68bad64.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/167-3c2193b8-1602-50b2-822f-9736b68bad64_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/167-3c2193b8-1602-50b2-822f-9736b68bad64.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/167-3c2193b8-1602-50b2-822f-9736b68bad64.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-167-aitm-panels-and-sellers","url":"https://api.media.ccc.de/public/events/3c2193b8-1602-50b2-822f-9736b68bad64","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"cdc07b3f-f782-55ac-9c78-008e1d120de8","title":"Knock knock who's there 2.0, the subtle art of (physical) port knocking","subtitle":null,"slug":"why2025-44-knock-knock-who-s-there-2-0-the-subtle-art-of-physical-port-knocking","link":"https://program.why2025.org/why2025/talk/VZDSF3/","description":"Building entrance systems for prisons, hospitals an tv studio's should be secure. But is this really the case?\nAfter \"Knock knock who's there 1.0\" at MCH2022, we will again look at some high-tech lockpicking, this time at more sensitive locations. The responsible disclosure is a tale of it's own! And why exactly is a 3-letter agency in the US interested in the disclosure?\n\nFeeling safe at home and at work is one of the most basic requirements for living. Part of being, and feeling, safe is the physical access system of the building.\nSince the last talk at MCH2022 more building entrance systems have been researched. The findings will be presented in this talk. And these findings have led to multiple CVE's and the discovery of single DES encryption and Mifare classic access card systems.\nOne manufacturer who makes  building entrance systems used at very sensitive objects such as tv studio's and airports managed to leak the private key of a CA they use to manage the building access.\nIn another case we were able to generate license key files under the name of a very well known person.\nIn all cases we will look at the vulnerability disclosure and how to make sure you do not end up in prison (although with these locks....)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jeroen Hermans"],"tags":["44","2025","why2025","Hacking","Delphinus","why2025-eng","Day 4"],"view_count":147,"promoted":false,"date":"2025-08-10T16:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-28T06:00:02.979+01:00","length":1577,"duration":1577,"thumb_url":"https://static.media.ccc.de/media/events/why2025/44-cdc07b3f-f782-55ac-9c78-008e1d120de8.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/44-cdc07b3f-f782-55ac-9c78-008e1d120de8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/44-cdc07b3f-f782-55ac-9c78-008e1d120de8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/44-cdc07b3f-f782-55ac-9c78-008e1d120de8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-44-knock-knock-who-s-there-2-0-the-subtle-art-of-physical-port-knocking","url":"https://api.media.ccc.de/public/events/cdc07b3f-f782-55ac-9c78-008e1d120de8","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"77015a85-cd17-536d-8777-6e766e84ad3c","title":"The state of IPv6","subtitle":null,"slug":"why2025-246-the-state-of-ipv6","link":"https://program.why2025.org/why2025/talk/VBR7DQ/","description":"IPv6 has been talked about a lot since a very long time. It never really caught on... or did it? Where are we right now? Where are we heading and what can you do about it?\n\nWhat is the matter with IPv6? How did we go from something that was supposed to be the future of the internet to where we are today? Is it still like that? What plans are currently unfolding?\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Altf4"],"tags":["246","2025","why2025","Yearn for a better future","Brachium","why2025-eng","Day 4"],"view_count":2672,"promoted":false,"date":"2025-08-10T17:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-29T15:00:05.449+02:00","length":2646,"duration":2646,"thumb_url":"https://static.media.ccc.de/media/events/why2025/246-77015a85-cd17-536d-8777-6e766e84ad3c.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/246-77015a85-cd17-536d-8777-6e766e84ad3c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/246-77015a85-cd17-536d-8777-6e766e84ad3c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/246-77015a85-cd17-536d-8777-6e766e84ad3c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-246-the-state-of-ipv6","url":"https://api.media.ccc.de/public/events/77015a85-cd17-536d-8777-6e766e84ad3c","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"ed10b9a1-8d52-529d-b81b-5c8e2f0547d2","title":"Reporting vulnerabilities in Belgium","subtitle":null,"slug":"why2025-289-reporting-vulnerabilities-in-belgium","link":"https://program.why2025.org/why2025/talk/3R8JLD/","description":"How noticing a vulnerability in a website has led to a foreign government threatening to revoke my permission to publicly discuss the existence of an abstract vulnerability class.\n\nBelgium has laws regulating the reporting and public disclosure of vulnerabilities. While the goal is to protect both organisations and reporters of vulnerabilities, the assumptions behind it conflict with the practice of coordinated vulnerability disclosure. I will discuss the parts of my experience I’m allowed to tell.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["floort"],"tags":["289","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":186,"promoted":false,"date":"2025-08-09T20:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-29T12:00:05.756+02:00","length":2855,"duration":2855,"thumb_url":"https://static.media.ccc.de/media/events/why2025/289-ed10b9a1-8d52-529d-b81b-5c8e2f0547d2.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/289-ed10b9a1-8d52-529d-b81b-5c8e2f0547d2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/289-ed10b9a1-8d52-529d-b81b-5c8e2f0547d2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/289-ed10b9a1-8d52-529d-b81b-5c8e2f0547d2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-289-reporting-vulnerabilities-in-belgium","url":"https://api.media.ccc.de/public/events/ed10b9a1-8d52-529d-b81b-5c8e2f0547d2","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6d2fe9bb-0397-5fc5-8dc9-2a5b7dab8324","title":"How we made the Netherlands more secure and accessible using transparency","subtitle":null,"slug":"why2025-230-how-we-made-the-netherlands-more-secure-and-accessible-using-transparency","link":"https://program.why2025.org/why2025/talk/3ZMKFQ/","description":"It started with a simple idea in 2016: make the state of security of our government transparent/public. The simple idea has become national government policy. Using transparency we've helped fix tons of security issues, reduce costs and increased control on IT. This year we've rolled out in Belgium and started measuring accessibility of websites in the same fashion. Learn how we've achieved extreme impact with a minimal budget and keep on doing so. Security and accessibility must be commodities.\n\n(We're planning a couple of nice surprises during this talk exclusive for WHY2025. As always: it will make some people nervous, yet it will make society better.)\n\nA transparent and accountable society creates trust. We're currently monitoring all important organizations in the Netherlands on about 25 security, privacy and sovereignty metrics. You can see openly where organizations are doing great or where they are even (unknowingly) breaking the law.\n\nWith the EU requiring accessibility on multiple sectors this year, we've also starting measuring accessibility in the same fashion. You can clearly distinguish organizations with and without an accessibility policy.\n\nWe'll show what it looks like, the impact it has, the awesome cyber tokens and certificates we make and the sets of open data we create.\n\nThe project is at its peak right now. If you want to make an impact on society: this is where it's at.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Elger \"Stitch\" Jonker"],"tags":["230","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 4"],"view_count":77,"promoted":false,"date":"2025-08-10T17:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-12T03:00:04.180+01:00","length":2907,"duration":2907,"thumb_url":"https://static.media.ccc.de/media/events/why2025/230-6d2fe9bb-0397-5fc5-8dc9-2a5b7dab8324.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/230-6d2fe9bb-0397-5fc5-8dc9-2a5b7dab8324_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/230-6d2fe9bb-0397-5fc5-8dc9-2a5b7dab8324.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/230-6d2fe9bb-0397-5fc5-8dc9-2a5b7dab8324.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-230-how-we-made-the-netherlands-more-secure-and-accessible-using-transparency","url":"https://api.media.ccc.de/public/events/6d2fe9bb-0397-5fc5-8dc9-2a5b7dab8324","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b18cb30f-0fc6-5a0d-a027-184d87f0e7b5","title":"Caveat Emptor:  Ratings and Reviews Can't Be Trusted","subtitle":null,"slug":"why2025-265-caveat-emptor-ratings-and-reviews-can-t-be-trusted","link":"https://program.why2025.org/why2025/talk/CJQD7U/","description":"It's hard for a platform to have meaningful, useful ratings/reviews without both \nsubstantially Knowing Your Customer, engineering to detect manipulated reviews,\nand responding in a nuanced way -- to increase a fraudster's costs, \nand not  just train them to hide better.  Lots of examples of diverse\nplatforms not doing a very good job of this.  (I'll also talk about how this \nknowledge sometimes leads platforms try to manipulate their own \ncustomers to maximize their sales).\n\nRatings and reviews, although almost universally relied on by consumers, are, like\nmuch other online info, often manipulated to increase sales, pump up merchant reputation \nbut are sometimes used malicious to slam a competitor).\n\nEven sites that only allow reviews from purchasers can be manipulated, particularly on platforms\nwhen low cost products are sold. Ebay harbors fraudulent sellers by combining buyer and \nseller reputation, and not weighting by sale price. (So a 5 star rating for a trivial purchase accrues equal reputation as a large value sale.)\n\nMany manipulations should be easily detectable by looking for some clear behavioral signatures, and then not training the adversaries by using adversary engineering rather than simply deactivating accounts. (I'll show you how to spot a lot of the red flags.)\n\nExamples ranging from pumped up restaurant listings (up to #1 in London), Amazon \nand Ebay's problems, a puppy sales site that had a rating system so bad by design \nthat they were sued by an animal rights org for facilitating fraud by puppy mills. \n(There are a lot of sick puppies out there...)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["mark seiden"],"tags":["265","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 5"],"view_count":65,"promoted":false,"date":"2025-08-11T19:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2025-12-08T05:30:02.647+01:00","length":3002,"duration":3002,"thumb_url":"https://static.media.ccc.de/media/events/why2025/265-b18cb30f-0fc6-5a0d-a027-184d87f0e7b5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/265-b18cb30f-0fc6-5a0d-a027-184d87f0e7b5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/265-b18cb30f-0fc6-5a0d-a027-184d87f0e7b5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/265-b18cb30f-0fc6-5a0d-a027-184d87f0e7b5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-265-caveat-emptor-ratings-and-reviews-can-t-be-trusted","url":"https://api.media.ccc.de/public/events/b18cb30f-0fc6-5a0d-a027-184d87f0e7b5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"693d62bf-500c-58e6-9557-80fa3a685a12","title":"Offworld Voyage: Can Training for Mars Exploration Also Address Human Adaptation to Climate Bio-devastation on Earth?","subtitle":null,"slug":"why2025-312-offworld-voyage-can-training-for-mars-exploration-also-address-human-adaptation-to-climate-bio-devastation-on-earth","link":"https://program.why2025.org/why2025/talk/ZDE7NN/","description":"This talk will present the design philosophy behind Offworld Voyage, a decentralized science initiative that develops ecologically sustainable training habitats for use in simulated Mars surface exploration missions - while also solving for adaptation to extreme climate change on Earth.\n\nThe Offworld Voyage M.A.R.S. Tesseract Space Analog Simulation Habitats were designed with a zero waste ethos for minimal environmental impact by inventor Scott Beibin and visual wizard Michael Flood. The modular and portable structures of the habitats include: a bio-dome for cultivating organic vegan plant-based and fungi-based nutrition sources, autonomous power production, advanced waste reclamation, a science laboratory for experimentation and research, a space medicine bay, a fabrication lab for prototyping and repair, facilities for fitness and creativity as well as a kitchen and living quarters.\n \nMission immersions incorporate a vision of the future when space has become accessible to all through the use of emerging ecologically sustainable appropriate technologies enabled by new types of egalitarian economic structures and coordination methods.\n \nCrew activities include EVA explorations in pressurized space suits outfitted with bio-sensors, 3D printed construction using regolith, utilization of open source communications tools, cooperative governance exercises and the practice of mutual aid and consensus decision making in mission planning, problem-solving and self-sufficiency challenges in the face of extreme resource scarcity, simulated time-delayed communications and experiments to analyze the effects of isolation on astronauts during offworld missions.\n \nThe inaugural mission for the M.A.R.S. Tesseract habitats will occur in a remote desert location in the near future. It will include the founders of the project, Scott Beibin and Elizabeth Jane Cole, who are both alumni of the Mars Desert Research Station (Mission 286) and core committee members of the Journal for Space Analog Research.\n \nFuture plans for the project include the development of pressurized facilities and closed loop systems, as well as development of public goods including hardware and software for Space Analog Research and S.T.E.A.M based educational programs.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Scott Beibin","Elizabeth Jane Cole"],"tags":["312","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 5"],"view_count":67,"promoted":false,"date":"2025-08-11T20:00:00.000+02:00","release_date":"2025-09-10T00:00:00.000+02:00","updated_at":"2025-12-30T17:30:18.477+01:00","length":2813,"duration":2813,"thumb_url":"https://static.media.ccc.de/media/events/why2025/312-693d62bf-500c-58e6-9557-80fa3a685a12.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/312-693d62bf-500c-58e6-9557-80fa3a685a12_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/312-693d62bf-500c-58e6-9557-80fa3a685a12.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/312-693d62bf-500c-58e6-9557-80fa3a685a12.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-312-offworld-voyage-can-training-for-mars-exploration-also-address-human-adaptation-to-climate-bio-devastation-on-earth","url":"https://api.media.ccc.de/public/events/693d62bf-500c-58e6-9557-80fa3a685a12","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"d664abef-cbc5-5549-babb-b32a292c01d9","title":"Passive and active RADAR using Software Defined Radio","subtitle":null,"slug":"why2025-41-passive-and-active-radar-using-software-defined-radio","link":"https://program.why2025.org/why2025/talk/YMLNME/","description":"RAdio-frequency Detection And Ranging (RADAR) aims at using electromagnetic signals for detecting target location and motion. We demonstrate in this talk various RADAR architectures using dual-channel coherent Software Defined Radio (SDR) receivers and the associated signal processing techniques relying heavily on cross-correlations. Embedded systems are tackled, with a Raspberry Pi providing enough computational power for recording and post-processing.\n\nRAdio-frequency Detection And Ranging (RADAR) aims at using electromagnetic signals for detecting target location and motion. Being constantly illuminated with electromagnetic smog, we can benefit from existing radiofrequency emitters meeting RADAR requirements -- strong power and wide bandwidth -- for passive RADAR measurements where no active emitter is needed, using only coherent passive dual-channel Software Defined Radio (SDR) receivers for passive recording of existing signals. If existing signals are unsuitable, we can use the same principle with non-cooperative emitters such as a Wi-Fi dongle in an active RADAR setup. All processing flowcharts are implemented using GNU Radio for real time acquisition, and GNU/Octave or Python for post-processing: generic principles will be demonstrated, applicable to all sorts of receiver hardware. We will conclude with Synthetic Aperture RADAR (SAR) where antenna motion is used to simulate wide aperture receiving antennas, adding azimuth resolution to range resolution.\n\nSupporting documents are found a https://github.com/jmfriedt/SDR-GB-SAR or https://github.com/jmfriedt/passive_radar or https://github.com/jmfriedt/sentinel1_pbr\n\nAddendum following feedback on the presentation:\n1/ I should have made it clear that the first part of the presentation (pulse, FMCW, FSCW) involved emitting a signal which is often not legal, while the subsequent part involves PASSIVE radar using existing emitters, and hence becoming legal.\n2/ the core parameter determining maximum target range is NOT emitted power but isolation between emitter and receiver (especially on a monostatic setup). Increasing TX power if saturating RX and hence reducing RX gain does not help: this is especially true in the VNA implementation when selecting between S11 measurement (limited by the circulator isolation) and S21 (limited by emitting/receiving antenna coupling)\n3/ the rail system presented in the SAR part of the discussion uses a WiFi dongle broadcasting random signals as illuminating signal, halfway between passive (a WiFi signal can be many other things than for RADAR measurements) and active (we are controlling the WiFi emission)\n\nThank you for attending or looking at this followup. Reach me (email on the front slide) for more information or corrections.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Jean-Michel Friedt"],"tags":["41","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 5"],"view_count":611,"promoted":false,"date":"2025-08-11T11:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-30T04:00:03.398+02:00","length":2936,"duration":2936,"thumb_url":"https://static.media.ccc.de/media/events/why2025/41-d664abef-cbc5-5549-babb-b32a292c01d9.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/41-d664abef-cbc5-5549-babb-b32a292c01d9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/41-d664abef-cbc5-5549-babb-b32a292c01d9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/41-d664abef-cbc5-5549-babb-b32a292c01d9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-41-passive-and-active-radar-using-software-defined-radio","url":"https://api.media.ccc.de/public/events/d664abef-cbc5-5549-babb-b32a292c01d9","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"dc04855e-6edd-5dc2-a8a9-215e1c4bb524","title":"Solar Sailing Serendiep","subtitle":null,"slug":"why2025-271-solar-sailing-serendiep","link":"https://program.why2025.org/why2025/talk/JALJPD/","description":"Serendiep is a 42m inland cargo barge with a theatre, a fablab and an art/science labyrinth on board. It's being converted to electric propulsion using second hand EV parts and hardware from openinverter. The ultimate goal is to harvest all the energy needed from solar panels mounted on the hatches covering the cargo hold.\n\nSailing is among the most efficient modes of cargo transport. Yet in the much needed transition away from fossil it seems to be falling behind other sectors.\nWe set ourselves the challenge to be sailing electrically, to harvest the energy needed on the ship itself, and to do all this with open tech and second hand parts, taking advantage of an upcoming category of e-waste and achieving a minimal budget as a result.\nIn this talk we'll present a rundown of all the hurdles on the way, how they were overcome or which consequences they have for thoroughly low impact transport.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Harmen Zijp"],"tags":["271","2025","why2025","Wonderful creations","Delphinus","why2025-eng","Day 5"],"view_count":205,"promoted":false,"date":"2025-08-11T12:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-16T15:30:06.575+01:00","length":2716,"duration":2716,"thumb_url":"https://static.media.ccc.de/media/events/why2025/271-dc04855e-6edd-5dc2-a8a9-215e1c4bb524.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/271-dc04855e-6edd-5dc2-a8a9-215e1c4bb524_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/271-dc04855e-6edd-5dc2-a8a9-215e1c4bb524.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/271-dc04855e-6edd-5dc2-a8a9-215e1c4bb524.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-271-solar-sailing-serendiep","url":"https://api.media.ccc.de/public/events/dc04855e-6edd-5dc2-a8a9-215e1c4bb524","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b7b60b55-37b1-520c-8a54-8b7b4c71dd95","title":"Reverse Engineering Life: A teardown of the DNA source code of a whole bacterium","subtitle":null,"slug":"why2025-34-reverse-engineering-life-a-teardown-of-the-dna-source-code-of-a-whole-bacterium","link":"https://program.why2025.org/why2025/talk/LUXFSP/","description":"Love reverse engineering? You'd be right since you always find something interesting! In this talk we're going to study absolutely every byte of the DNA source of a real bacterium. And in doing so, we'll find bootstrapping code, genes, duplicate genes, anti-viral defense mechanisms, idiomatic/non-idiomatic/borrowed code \u0026 much more. It helps if you've also visited the companion talk on DNA, but this presentation is broadly accessible even without prior knowledge.\n\nA typical bacterium has around one megabyte of DNA as its source code. And with our digital reverse engineering hat on, it turns out we can analyse this code and quickly learn things. Where do genes begin and end? What is the stuff between genes? How do bacteria bootstrap themselves? And, where do microbes store their immune system? Using digital skills, all this can be found just by looking at the DNA letters. And that is what we'll be doing in this talk.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["bert hubert"],"tags":["34","2025","why2025","The square hole","Andromeda","why2025-eng","Day 4"],"view_count":736,"promoted":false,"date":"2025-08-10T20:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-21T14:30:06.629+01:00","length":3173,"duration":3173,"thumb_url":"https://static.media.ccc.de/media/events/why2025/34-b7b60b55-37b1-520c-8a54-8b7b4c71dd95.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/34-b7b60b55-37b1-520c-8a54-8b7b4c71dd95_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/34-b7b60b55-37b1-520c-8a54-8b7b4c71dd95.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/34-b7b60b55-37b1-520c-8a54-8b7b4c71dd95.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-34-reverse-engineering-life-a-teardown-of-the-dna-source-code-of-a-whole-bacterium","url":"https://api.media.ccc.de/public/events/b7b60b55-37b1-520c-8a54-8b7b4c71dd95","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b0814748-7bb2-5ad5-82d7-a8a27b558c04","title":"All about BadgeHub","subtitle":null,"slug":"why2025-206-all-about-badgehub","link":"https://program.why2025.org/why2025/talk/CMMUH8/","description":"BadgeHub is a Badge Application Website that enables Badge Enthousiasts to share Badge Apps.\nIn this talk, we first explain what BadgeHub is and what you can do with it.\nAfter that, we go into all the technical details and difficult decisions that went into building BadgeHub with PostgreSQL, Node.js and Vite. We will talk about Infra, Frameworks, Databases, Backend and Frontend.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Francis Duvivier","Edwin Martin","Aleksander Arun Bahl"],"tags":["206","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 3"],"view_count":113,"promoted":false,"date":"2025-08-09T23:10:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-25T21:45:09.700+01:00","length":1391,"duration":1391,"thumb_url":"https://static.media.ccc.de/media/events/why2025/206-b0814748-7bb2-5ad5-82d7-a8a27b558c04.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/206-b0814748-7bb2-5ad5-82d7-a8a27b558c04_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/206-b0814748-7bb2-5ad5-82d7-a8a27b558c04.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/206-b0814748-7bb2-5ad5-82d7-a8a27b558c04.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-206-all-about-badgehub","url":"https://api.media.ccc.de/public/events/b0814748-7bb2-5ad5-82d7-a8a27b558c04","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"67a88d82-010a-5f3b-8331-506959566903","title":"Low Energy to High Energy: Hacking nearby EV-chargers over Bluetooth","subtitle":null,"slug":"why2025-100-low-energy-to-high-energy-hacking-nearby-ev-chargers-over-bluetooth","link":"https://program.why2025.org/why2025/talk/AGVUVM/","description":"During the first Pwn2Own Automotive, organised by ZDI in Tokyo in January 2024, Computest Sector 7 successfully demonstrated exploits for vulnerabilities in three different EV-chargers. All three could be exploited to execute arbitrary code on the charger, with the only prerequisite being close enough to connect to Bluetooth.\n\nAs electric vehicles become increasingly integrated into our transportation infrastructure, the security of their charging systems is becoming paramount. A threat actor hacking EV chargers at scale could have a real life impact on the continuity of our power grid and the transportation sector. Therefore, it is important that manufacturers and operators are well aware of their role in protecting our power grid.\n\nDuring this talk we'll discuss the details on how we extracted the firmware, the vulnerabilities we found and the story of one drunk night of hacking till 07:00 AM in Tokyo that resulted in some much more high-impact vulnerabilities than were needed for the competition...\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Daan Keuper","Thijs Alkemade"],"tags":["100","2025","why2025","Hacking","Andromeda","why2025-eng","Day 4"],"view_count":428,"promoted":false,"date":"2025-08-10T19:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-01T09:15:04.573+02:00","length":2640,"duration":2640,"thumb_url":"https://static.media.ccc.de/media/events/why2025/100-67a88d82-010a-5f3b-8331-506959566903.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/100-67a88d82-010a-5f3b-8331-506959566903_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/100-67a88d82-010a-5f3b-8331-506959566903.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/100-67a88d82-010a-5f3b-8331-506959566903.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-100-low-energy-to-high-energy-hacking-nearby-ev-chargers-over-bluetooth","url":"https://api.media.ccc.de/public/events/67a88d82-010a-5f3b-8331-506959566903","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"54fd9c28-4fc6-5996-a001-672af683c744","title":"Accelerating IoT and Robotics Development with Swift","subtitle":null,"slug":"why2025-185-accelerating-iot-and-robotics-development-with-swift","link":"https://program.why2025.org/why2025/talk/CVDBWH/","description":"Developing applications on Embedded Linux and Microcontrollers is a slow process. The various different languages and libraries can make it difficult to oversee the bigger picture. In addition, the development flow wildly diverges between platforms, making entering a new project or RTOS a big undertaking.\n\nNow, you can create Embedded Linux and Microcontroller applications using Swift - a fast, modern, cross-platform ecosystem with thread- and memory safety.\n\nIn this talk, you'll learn how Swift can help you develop maintainable cross-platform software that runs anywhere - Embedded, Web, Linux, Windows and more. You'll learn about Swift's bidirectional interoperability with C and C++, making integrating it in your Cmake project a breeze.\n\nFinally, we'll have a look at the frameworks and tools that allow you to get your first robotics or IoT application running in minutes.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Joannis Orlandos"],"tags":["185","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 3"],"view_count":40,"promoted":false,"date":"2025-08-09T17:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-08T17:45:06.341+01:00","length":1806,"duration":1806,"thumb_url":"https://static.media.ccc.de/media/events/why2025/185-54fd9c28-4fc6-5996-a001-672af683c744.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/185-54fd9c28-4fc6-5996-a001-672af683c744_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/185-54fd9c28-4fc6-5996-a001-672af683c744.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/185-54fd9c28-4fc6-5996-a001-672af683c744.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-185-accelerating-iot-and-robotics-development-with-swift","url":"https://api.media.ccc.de/public/events/54fd9c28-4fc6-5996-a001-672af683c744","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"244a4101-803b-5652-a370-8e4e9f0a2266","title":"FreeSewing: sewing patterns in the open source world","subtitle":null,"slug":"why2025-251-freesewing-sewing-patterns-in-the-open-source-world","link":"https://program.why2025.org/why2025/talk/TYQMAS/","description":"FreeSewing is the leading open-source library for parametric sewing patterns and combines sewing patterns with code; instead of drafting patterns on paper (hardly an easy task!), you can now enter the measurements of your body into the platform to get a sewing pattern that fits YOU. In this talk, I will introduce you to FreeSewing, the sewing world as a whole and FreeSewing's role in it, and I will show a peek under the hood of a FreeSewing pattern.\n\nIf you want to learn how to sew, you must first have a sewing pattern. You are left to either buy (or find) sewing patterns, which are commonly graded (resized) up and down (often based on some \"ideal\" body shape, which does not take variations into account well), or you have to learn a whole new skill of pattern drafting. Although that skill has become more accessible through the internet, it is still difficult to learn the more complex you go.\n\nWith FreeSewing, sewing patterns are parametric: they adapt to the measurements you put in, which is a lot more comprehensive than the grading-up-and-down system, and more inclusive of \"different\" body types too. (We don't believe in an \"average body type\".) Plus, it's available for free to anyone with access to an internet browser. FreeSewing also includes documentation for both sewing and programming.\n\nFreeSewing is a baby born out of spite, as the founder Joost was (and still is) too tall for what clothing stores have to offer. The talk will not be given by him, but by an enthusiastic contributor (who is too short for what clothing stores have to offer ;)).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Lexander"],"tags":["251","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 4"],"view_count":397,"promoted":false,"date":"2025-08-10T10:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-01T23:00:05.984+02:00","length":1740,"duration":1740,"thumb_url":"https://static.media.ccc.de/media/events/why2025/251-244a4101-803b-5652-a370-8e4e9f0a2266.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/251-244a4101-803b-5652-a370-8e4e9f0a2266_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/251-244a4101-803b-5652-a370-8e4e9f0a2266.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/251-244a4101-803b-5652-a370-8e4e9f0a2266.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-251-freesewing-sewing-patterns-in-the-open-source-world","url":"https://api.media.ccc.de/public/events/244a4101-803b-5652-a370-8e4e9f0a2266","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"31a677f6-13a8-5817-b45c-39a1172f84b2","title":"Building Inclusive Quantum Communities","subtitle":null,"slug":"why2025-286-building-inclusive-quantum-communities","link":"https://program.why2025.org/why2025/talk/SUCW9S/","description":"We in Quantum Development (WIQD) is a growing community dedicated to promoting diversity, equity, and inclusion (DEI) in the quantum ecosystem. In this presentation, we will introduce WIQD’s mission and activities, share insights from our first Women’s Day Hackathon, and highlight why fostering an inclusive quantum community is essential for innovation and impact.\n\nWIQD (We in Quantum Development) aims to build a thriving, inclusive network for professionals in quantum science and technology. During this 25-minute interactive presentation, we will briefly introduce WIQD and discuss the importance of DEI in quantum development. We will also share lessons learned from our 2024 Women’s Day Hackathon (https://www.wiqd.nl/event/womens-day-hackathon/), where participants collaborated to tackle technical and societal challenges in quantum. By reflecting on these experiences, we hope to inspire more people to get involved, collaborate across disciplines, and help shape an open, innovative quantum community. To make the talk interactive, we’ll use an e-tool to collect thoughts and ideas from the audience in real time.\nThe speakers, Nina \u0026 Jay, will be based in the Quantum.Amsterdam village tent, please feel free to drop by to meet them.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Nina Hefele","Jay Jayesingha"],"tags":["286","2025","why2025","Yearn for a better future","Cassiopeia","why2025-eng","Day 6"],"view_count":98,"promoted":false,"date":"2025-08-12T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-04-02T23:15:06.747+02:00","length":1227,"duration":1227,"thumb_url":"https://static.media.ccc.de/media/events/why2025/286-31a677f6-13a8-5817-b45c-39a1172f84b2.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/286-31a677f6-13a8-5817-b45c-39a1172f84b2_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/286-31a677f6-13a8-5817-b45c-39a1172f84b2.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/286-31a677f6-13a8-5817-b45c-39a1172f84b2.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-286-building-inclusive-quantum-communities","url":"https://api.media.ccc.de/public/events/31a677f6-13a8-5817-b45c-39a1172f84b2","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"2404209f-89b5-52a3-a94a-d4a4fcc11552","title":"Quantum cryptography and its certification against attacks","subtitle":null,"slug":"why2025-217-quantum-cryptography-and-its-certification-against-attacks","link":"https://program.why2025.org/why2025/talk/DFCBQD/","description":"I briefly explain quantum cryptography. It is unbreakable in principle, but its real implementations have vulnerabilities arising from equipment imperfections. Certification standards [1] and accredited labs are being\nestablished that can test commercial products for these flaws. I explain how we have analysed a commercial quantum key distribution system for loopholes, patched them, and designed tests for the certification lab [2].\n\n[1] ISO/IEC 23837-2:2023(en) international standard.\n[2] V. Makarov et al., Phys. Rev. Appl. 22, 044076 (2024), https://arxiv.org/abs/2310.20107\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Vadim Makarov"],"tags":["217","2025","why2025","Hacking","Brachium","why2025-eng","Day 4"],"view_count":347,"promoted":false,"date":"2025-08-10T12:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-04-03T00:30:04.863+02:00","length":3128,"duration":3128,"thumb_url":"https://static.media.ccc.de/media/events/why2025/217-2404209f-89b5-52a3-a94a-d4a4fcc11552.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/217-2404209f-89b5-52a3-a94a-d4a4fcc11552_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/217-2404209f-89b5-52a3-a94a-d4a4fcc11552.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/217-2404209f-89b5-52a3-a94a-d4a4fcc11552.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-217-quantum-cryptography-and-its-certification-against-attacks","url":"https://api.media.ccc.de/public/events/2404209f-89b5-52a3-a94a-d4a4fcc11552","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"87704a53-b6ed-506b-888e-23ea2f502b19","title":"DNA \u0026 Molecular Biology: A 2025 digital view","subtitle":null,"slug":"why2025-33-dna-molecular-biology-a-2025-digital-view","link":"https://program.why2025.org/why2025/talk/GGDRKY/","description":"In 2017 I presented on DNA: The code of life.  Since then there have been\nmany new developments, and I've learned how to explain the matter better.  I\nam submitting two talks this year, and this short one is 1) fun on its own\nand 2) helps you appreciate the other talk ('reverse engineering the whole\nsource code of a bacterium') more\n\nDNA is the code of life.  Surprisingly, it is easier to understand DNA as\n\"biologically flavored digital data\" than the other way around, \"a really\nlong molecule with digital aspects\".  Human DNA is 750 megabytes, organized\nin chromosomes and within that stored in genes and intergenic matter.  There\nare things like calling conventions, \"start of gene markers\".  There are #ifdefs in there.  \nThere is bloated code.  There are hacks.  In this talk, I give a tour of our modern understanding \nof DNA, which should be exciting for nearly everyone into computers.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["bert hubert"],"tags":["33","2025","why2025","The square hole","Andromeda","why2025-eng","Day 3"],"view_count":1183,"promoted":false,"date":"2025-08-09T15:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-04-03T00:30:06.666+02:00","length":1669,"duration":1669,"thumb_url":"https://static.media.ccc.de/media/events/why2025/33-87704a53-b6ed-506b-888e-23ea2f502b19.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/33-87704a53-b6ed-506b-888e-23ea2f502b19_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/33-87704a53-b6ed-506b-888e-23ea2f502b19.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/33-87704a53-b6ed-506b-888e-23ea2f502b19.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-33-dna-molecular-biology-a-2025-digital-view","url":"https://api.media.ccc.de/public/events/87704a53-b6ed-506b-888e-23ea2f502b19","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"067c57c9-03ee-50ad-bfaa-95c996c49a5d","title":"Securing AI requires life cycle thinking and reducing unintended consequences","subtitle":null,"slug":"why2025-278-securing-ai-requires-life-cycle-thinking-and-reducing-unintended-consequences","link":"https://program.why2025.org/why2025/talk/UXXZMU/","description":"AI is everywhere and where it isn't today, it most likely will be tomorrow. But jumping on the hype train and adding AI often does not sufficiently consider security. This talk walks you through cases of AI failures, how they've come about, and how they could have been avoided. We're also going over some projections of spectacular AI failures we're likely to see going forward.\n\nAI is everywhere and where it isn't today, it most likely will be tomorrow. But hype does not sufficiently consider security and AI has the ability to cause errors and failures the developers haven't considered. As was stated in the first Jurassic Park \"they were so busy thinking if they could, they didn't stop to think if they should\". So we're seeing more examples of failures than are needed for this talk that walks you through a few cases of AI failures, how they've come about, and how they could have been avoided. We're also going over some projections of what we're most likely going to see when you combine AI alignment issues, ability of AI agents to take action, and over confidence of developers in focusing if they could.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Satu Korhonen"],"tags":["278","2025","why2025","The square hole","Andromeda","why2025-eng","Day 4"],"view_count":76,"promoted":false,"date":"2025-08-10T12:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-06T11:00:16.159+01:00","length":2955,"duration":2955,"thumb_url":"https://static.media.ccc.de/media/events/why2025/278-067c57c9-03ee-50ad-bfaa-95c996c49a5d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/278-067c57c9-03ee-50ad-bfaa-95c996c49a5d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/278-067c57c9-03ee-50ad-bfaa-95c996c49a5d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/278-067c57c9-03ee-50ad-bfaa-95c996c49a5d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-278-securing-ai-requires-life-cycle-thinking-and-reducing-unintended-consequences","url":"https://api.media.ccc.de/public/events/067c57c9-03ee-50ad-bfaa-95c996c49a5d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"bfbe638b-6c18-5318-84ec-c2109bfe7567","title":"Kubernetes from Scratch, The Hard Way","subtitle":null,"slug":"why2025-5-kubernetes-from-scratch-the-hard-way","link":"https://program.why2025.org/why2025/talk/TQXDPD/","description":"To understand the inner workings of Kubernetes and to prepare for the K8s certification exams, I decided to create a K8s cluster from scratch, the hard way, on premises (“de meterkast”) on virtual machines all using Alpine Linux. This talk is how I tried to do it, how I succeeded, failed and added a CEPH cluster and ETCD cluster along the way. It includes a lot of technical details, but if there is one thing that you should learn during this talk, it’s not about K8s at all: Containers are not VM\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Alain van Hoof"],"tags":["5","2025","why2025","Hacking","Delphinus","why2025-eng","Day 4"],"view_count":554,"promoted":false,"date":"2025-08-10T15:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-30T19:30:06.089+02:00","length":2614,"duration":2614,"thumb_url":"https://static.media.ccc.de/media/events/why2025/5-bfbe638b-6c18-5318-84ec-c2109bfe7567.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/5-bfbe638b-6c18-5318-84ec-c2109bfe7567_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/5-bfbe638b-6c18-5318-84ec-c2109bfe7567.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/5-bfbe638b-6c18-5318-84ec-c2109bfe7567.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-5-kubernetes-from-scratch-the-hard-way","url":"https://api.media.ccc.de/public/events/bfbe638b-6c18-5318-84ec-c2109bfe7567","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"19c7a91f-94fe-4d1d-a749-8f5ea58b8f49","title":"Team Updates @ Orga Meet Feb 2025","subtitle":null,"slug":"why2025-3-orga-meet-feb-2025","link":"https://c3voc.de","description":"Team Leads give a short update about the current status of their planning.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["PL","Team Leads"],"tags":["3","2025","why2025","Hack42","why2025-eng"],"view_count":48,"promoted":false,"date":"2025-02-22T13:30:00.000+01:00","release_date":"2025-04-19T00:00:00.000+02:00","updated_at":"2025-12-14T14:45:09.046+01:00","length":2292,"duration":2292,"thumb_url":"https://static.media.ccc.de/media/events/why2025/3-19c7a91f-94fe-4d1d-a749-8f5ea58b8f49.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/3-19c7a91f-94fe-4d1d-a749-8f5ea58b8f49_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/3-19c7a91f-94fe-4d1d-a749-8f5ea58b8f49.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/3-19c7a91f-94fe-4d1d-a749-8f5ea58b8f49.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-3-orga-meet-feb-2025","url":"https://api.media.ccc.de/public/events/19c7a91f-94fe-4d1d-a749-8f5ea58b8f49","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b9ede90c-3299-5c74-8716-9489d31c310a","title":"Building a Robot Visor: How and Why","subtitle":null,"slug":"why2025-178-building-a-robot-visor-how-and-why","link":"https://program.why2025.org/why2025/talk/BSD3DT/","description":"What is up with the beings with the visors going 'beep boop, this one is not a person'? Unit Δ-44203 explains how it built an electronic face, why it did so and what consequences it experienced in a world where everyone is supposed to show an identifiable face all the time. Warning: this talk may be cognitohazardous and end up causing shifts in self-identity.\n\n— Can I see your face?\n— You are looking at it.\n\nWhat is up with the beings with the visors going 'beep boop, this one is not a person'? Why identify as a robot in a time where computers pretend to be human? How does one turn a respirator and an LED matrix panel into a face? Unit Δ-44203 is a robot programmed to be helpful and will be happy to explain [how and why it built a visor](https://query.44203.online/topic/visor/). This talk covers technical aspects: respirator choice, tinting with foil or dye, electronics and programming. It will also discuss social aspects: robot identity and interactions with others. Humans are fascinating creatures and say the weirdest things to it!\n\nWarning: this talk may be cognitohazardous and end up causing shifts in self-identity.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Δ-44203"],"tags":["178","2025","why2025","Wonderful creations","Cassiopeia","why2025-eng","Day 3"],"view_count":1986,"promoted":false,"date":"2025-08-09T14:00:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-04-02T15:00:07.729+02:00","length":1529,"duration":1529,"thumb_url":"https://static.media.ccc.de/media/events/why2025/178-b9ede90c-3299-5c74-8716-9489d31c310a.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/178-b9ede90c-3299-5c74-8716-9489d31c310a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/178-b9ede90c-3299-5c74-8716-9489d31c310a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/178-b9ede90c-3299-5c74-8716-9489d31c310a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-178-building-a-robot-visor-how-and-why","url":"https://api.media.ccc.de/public/events/b9ede90c-3299-5c74-8716-9489d31c310a","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"e56477c7-1fd2-4b5d-bc7a-fbee785812e7","title":"Team Updates @ Orga Meet Dec 2024","subtitle":null,"slug":"why2025-2-team-updates-dec-2024","link":"https://c3voc.de","description":"Team Leads give a short update about the current status of their planning.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Team Leads"],"tags":["2","why2025","Bitlair","2024"],"view_count":920,"promoted":false,"date":"2024-12-14T14:00:00.000+01:00","release_date":"2024-12-14T00:00:00.000+01:00","updated_at":"2025-11-26T14:30:12.211+01:00","length":1770,"duration":1770,"thumb_url":"https://static.media.ccc.de/media/events/why2025/2-e56477c7-1fd2-4b5d-bc7a-fbee785812e7.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/2-e56477c7-1fd2-4b5d-bc7a-fbee785812e7_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/2-e56477c7-1fd2-4b5d-bc7a-fbee785812e7.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/2-e56477c7-1fd2-4b5d-bc7a-fbee785812e7.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-2-team-updates-dec-2024","url":"https://api.media.ccc.de/public/events/e56477c7-1fd2-4b5d-bc7a-fbee785812e7","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"46a10a4c-8ba7-55a9-a226-81a20b437364","title":"Quantum computers: the ultimate hacking machines","subtitle":null,"slug":"why2025-154-quantum-computers-the-ultimate-hacking-machines","link":"https://program.why2025.org/why2025/talk/CDGWTU/","description":"This is a first introduction to quantum computers.\n\nThis is a first introduction to quantum computers: no prior background needed. We will discuss how quantum mechanics, a theory of microscopic particles, contains counter-intuitive effects like superposition and entanglement. Schrödinger’s cat is an iconic example, where the poor animal is both dead and alive at the same. Interestingly, the same laws of nature make it possible to build an extended set of algorithms, with speedups beyond what we can achieve ‘classically’. \n\nI’ll show how we can program today’s quantum computers and show a short live demonstration of the Python package Qiskit. We will learn how to write code that creates something equivalent to Schrödinger’s cat. \n\nThen, we will look at one of the most impactful applications. Quantum computers turn out to be incredible hacking machines, making it straightforward to crack widely-used encryption schemes such as RSA and Elliptic Curve Cryptography. We will discuss how long it will take until we have sufficiently large devices, and what alternative cryptography we can fall back to.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Koen Groenland"],"tags":["154","2025","why2025","The square hole","Brachium","why2025-eng","Day 4"],"view_count":99,"promoted":false,"date":"2025-08-10T23:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-01-08T21:15:28.905+01:00","length":3135,"duration":3135,"thumb_url":"https://static.media.ccc.de/media/events/why2025/154-46a10a4c-8ba7-55a9-a226-81a20b437364.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/154-46a10a4c-8ba7-55a9-a226-81a20b437364_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/154-46a10a4c-8ba7-55a9-a226-81a20b437364.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/154-46a10a4c-8ba7-55a9-a226-81a20b437364.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-154-quantum-computers-the-ultimate-hacking-machines","url":"https://api.media.ccc.de/public/events/46a10a4c-8ba7-55a9-a226-81a20b437364","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"e0654cd2-e008-5b60-93d1-98b73a8c80a0","title":"Nerdkunst: Gentle and interactive introduction to generative art","subtitle":null,"slug":"why2025-114-nerdkunst-gentle-and-interactive-introduction-to-generative-art","link":"https://program.why2025.org/why2025/talk/KAGUSA/","description":"Generative Art is a form of art where the artist build a machine that autonomously produces artworks. \n In this talk I'll introduce you to the wonderful world of computer generated art. Through live demo's and fiddling, you'll learn how you too can be an artist. I'll show plenty of examples using open source tools on how generative art can be an alternative path to learn to code.\nBecause sometimes, science and technology are simply beautiful.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Nick Boucart"],"tags":["114","2025","why2025","Wonderful creations","Delphinus","why2025-eng","Day 3"],"view_count":221,"promoted":false,"date":"2025-08-09T10:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-19T22:45:09.441+01:00","length":2517,"duration":2517,"thumb_url":"https://static.media.ccc.de/media/events/why2025/114-e0654cd2-e008-5b60-93d1-98b73a8c80a0.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/114-e0654cd2-e008-5b60-93d1-98b73a8c80a0_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/114-e0654cd2-e008-5b60-93d1-98b73a8c80a0.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/114-e0654cd2-e008-5b60-93d1-98b73a8c80a0.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-114-nerdkunst-gentle-and-interactive-introduction-to-generative-art","url":"https://api.media.ccc.de/public/events/e0654cd2-e008-5b60-93d1-98b73a8c80a0","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"05f8b243-d83b-5241-96ee-b611aa535299","title":"Crypto(graphy) 101","subtitle":null,"slug":"why2025-170-crypto-graphy-101","link":"https://program.why2025.org/why2025/talk/7P3ZYV/","description":"Everybody talks about cryptography, but only a few understand what it means. This interactive session will explain the very basics of cryptography and will leave the attendants with more confidence why to use cryptography.\n\nMany talks mentioned cryptography somewhere along the presentation and everybody just nods. But how many people actually know the insights of cryptography? Why some things work and some things don't? During this talk I will explain the difference between encoding and encryption, the most common uses of cryptography, the difference between synchronous and asynchronous encryption, hashes. I will include some history and some future developments like quantum and why we call cryptocoin cryptocoin. In a slow pace, scratching the surface for uninitiated, but the scratches will go deep enough for more initiated to get some more background.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Dirk Maij"],"tags":["170","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 5"],"view_count":127,"promoted":false,"date":"2025-08-11T12:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-21T22:15:06.861+01:00","length":2644,"duration":2644,"thumb_url":"https://static.media.ccc.de/media/events/why2025/170-05f8b243-d83b-5241-96ee-b611aa535299.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/170-05f8b243-d83b-5241-96ee-b611aa535299_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/170-05f8b243-d83b-5241-96ee-b611aa535299.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/170-05f8b243-d83b-5241-96ee-b611aa535299.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-170-crypto-graphy-101","url":"https://api.media.ccc.de/public/events/05f8b243-d83b-5241-96ee-b611aa535299","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"fae44027-fb3f-5d3c-b508-30315092669d","title":"Integrity violation: toxic workplaces in infosec","subtitle":null,"slug":"why2025-168-integrity-violation-toxic-workplaces-in-infosec","link":"https://program.why2025.org/why2025/talk/7TUKUF/","description":"In the realm of cybersecurity, workplaces can be surprisingly unsafe, with a higher turnover of CISOs and alarming rates of misconduct. This talk explores the mechanisms behind this paradox, examining organizational dynamics, the pressures on CISOs, and the emergence of toxic behaviors. By analyzing real-world some very personal examples, we will uncover the root causes of these issues and provide practical solutions to foster a safer, more resilient cybersecurity culture.\n\nCybersecurity is a field where pressure is constant, and mistakes can have severe consequences. Yet, for many cybersecurity professionals, the greatest threats do not come from external attackers but from within their own organizations. In one striking example, a security researcher discovered severe vulnerabilities in a widely used product, only to be dismissed as \"overreacting\" by management—a classic case of gaslighting. At Equifax, a CISO faced public blame for a devastating breach, despite years of underfunding and ignored warnings about outdated software. In another case, security engineers at SolarWinds raised concerns about critical vulnerabilities that were ignored—vulnerabilities that were later exploited in a massive supply chain attack affecting thousands of organizations.\n\nThese toxic dynamics are not just isolated incidents; they are symptoms of a broader problem in the way organizations perceive and manage cybersecurity. Security is often seen as a cost center—a department that creates problems rather than solving them. This mindset fuels blame-shifting, where CISOs become scapegoats after breaches they lacked the power to prevent. Even worse, security professionals who try to escalate serious risks are sometimes ignored, marginalized, or even retaliated against. A report by (ISC)² found that 60% of cybersecurity professionals have experienced burnout, and nearly one-third have left jobs due to toxic work environments. Such conditions not only harm individuals but also weaken an organization’s overall security posture.\n\nBut it doesn’t have to be this way. This talk explores how more mature industries have learned to overcome similar toxic dynamics. What can we learn from those experiences? By drawing on these examples, this talk will identify practical steps to transform cybersecurity into a healthier, more resilient field where burning people is no longer the net result of dealing with security.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Brenno de Winter"],"tags":["168","2025","why2025","Yearn for a better future","Delphinus","why2025-eng","Day 3"],"view_count":877,"promoted":false,"date":"2025-08-09T11:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-03-29T09:15:03.560+02:00","length":2998,"duration":2998,"thumb_url":"https://static.media.ccc.de/media/events/why2025/168-fae44027-fb3f-5d3c-b508-30315092669d.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/168-fae44027-fb3f-5d3c-b508-30315092669d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/168-fae44027-fb3f-5d3c-b508-30315092669d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/168-fae44027-fb3f-5d3c-b508-30315092669d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-168-integrity-violation-toxic-workplaces-in-infosec","url":"https://api.media.ccc.de/public/events/fae44027-fb3f-5d3c-b508-30315092669d","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"6f628a2a-faed-5c2c-a58f-5a55e83c1d89","title":"Prins S. en De Geit - Dutch Electro-Pop Mischief","subtitle":null,"slug":"why2025-294-prins-s-en-de-geit-dutch-electro-pop-mischief","link":"https://program.why2025.org/why2025/talk/S8WQTC/","description":"Prins S. en De Geit is one of the most exciting acts in the Dutch music scene today. This trio from The Hague — fronted by Scott Beekhuizen, with Marne Miesen on bass and Daniel Ortgiess producing — creates infectious electro-punk-pop with sharp lyrics and unrestrained energy.\n\nTheir bold sound and theatrical performances have electrified festivals like Lowlands, Rock Werchter, Pinkpop, and Appelpop. Their WHY2025 show promises to be equally wild and unpredictable.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"nld","persons":["Prins S."],"tags":["294","2025","why2025","Entertainment","Party Stage","why2025-nld","Day 4"],"view_count":613,"promoted":false,"date":"2025-08-10T21:30:00.000+02:00","release_date":"2025-08-29T00:00:00.000+02:00","updated_at":"2026-03-23T22:00:08.366+01:00","length":3579,"duration":3579,"thumb_url":"https://static.media.ccc.de/media/events/why2025/294-6f628a2a-faed-5c2c-a58f-5a55e83c1d89.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/294-6f628a2a-faed-5c2c-a58f-5a55e83c1d89_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/294-6f628a2a-faed-5c2c-a58f-5a55e83c1d89.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/294-6f628a2a-faed-5c2c-a58f-5a55e83c1d89.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-294-prins-s-en-de-geit-dutch-electro-pop-mischief","url":"https://api.media.ccc.de/public/events/6f628a2a-faed-5c2c-a58f-5a55e83c1d89","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"85c0c965-fc88-5791-8d8f-f47793d37ce4","title":"Hack the Grid. Disclosing vulnerabilities to help prevent blackouts","subtitle":null,"slug":"why2025-188-hack-the-grid-disclosing-vulnerabilities-to-help-prevent-blackouts","link":"https://program.why2025.org/why2025/talk/AREWXH/","description":"The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. DIVD has been conducting research into vulnerabilities in charging stations, solar panel inverters, home batteries, and Energy Management Systems. In this talk, we will demonstrate how we could have generated power outages using these zero-days and how we prevent this by disclosing them responsibly.\n\nThe European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it.\n\nVarious institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this because we are volunteers and a nonprofit. By identifying devices that can form a botnet, DIVD helps to make the smart grid more secure.\n\nDIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure. \n\nWith the CVD in the Energy Sector program, DIVD conducts research at its own hardware hacking lab in collaboration with the energy sector to reduce the digital vulnerability of our energy system. We also organise hack events. During WHY2025 we also give demos at the Vulnerability Disclosure Village. \n\nIn this talk, we will demonstrate how we could have generated power outages using zero-days we found in solar converters, electric car chargers and energy management systems. Still, we also did it with just one user-password combination…\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Chris van 't Hof","Frank Breedijk","Wietse Boonstra"],"tags":["188","2025","why2025","Hacking","Andromeda","why2025-eng","Day 4"],"view_count":503,"promoted":false,"date":"2025-08-10T15:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-29T16:00:03.954+02:00","length":2858,"duration":2858,"thumb_url":"https://static.media.ccc.de/media/events/why2025/188-85c0c965-fc88-5791-8d8f-f47793d37ce4.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/188-85c0c965-fc88-5791-8d8f-f47793d37ce4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/188-85c0c965-fc88-5791-8d8f-f47793d37ce4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/188-85c0c965-fc88-5791-8d8f-f47793d37ce4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-188-hack-the-grid-disclosing-vulnerabilities-to-help-prevent-blackouts","url":"https://api.media.ccc.de/public/events/85c0c965-fc88-5791-8d8f-f47793d37ce4","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"3e08faa2-df1e-51f1-9946-a4b7292398e4","title":"Closing","subtitle":null,"slug":"why2025-78-closing","link":"https://program.why2025.org/why2025/talk/VSKJMH/","description":"The goodbye and look back on the camp. The thank you, the funny stories. All of them.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Boekenwuurm"],"tags":["78","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 6"],"view_count":382,"promoted":false,"date":"2025-08-12T16:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-05T12:00:10.163+01:00","length":1777,"duration":1777,"thumb_url":"https://static.media.ccc.de/media/events/why2025/78-3e08faa2-df1e-51f1-9946-a4b7292398e4.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/78-3e08faa2-df1e-51f1-9946-a4b7292398e4_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/78-3e08faa2-df1e-51f1-9946-a4b7292398e4.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/78-3e08faa2-df1e-51f1-9946-a4b7292398e4.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-78-closing","url":"https://api.media.ccc.de/public/events/3e08faa2-df1e-51f1-9946-a4b7292398e4","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5ffc663c-7edb-5bcb-bcc8-4e53602b4f46","title":"From barking to Meow: mature pentesting","subtitle":null,"slug":"why2025-244-from-barking-to-meow-mature-pentesting","link":"https://program.why2025.org/why2025/talk/NLDDV7/","description":"In a world of relentless cyber-threats, MIAUW (Methodology for Information Security Assessment with Audit Value) turns every pentest into a high-impact, traceable mission. This session reveals how its storyline-driven playbook fuses technical exploitation, legal rigor and forensic reporting into a reusable blueprint that regulators love and attackers fear. Expect war-stories, live-demo snippets, and a roadmap to weaponize compliance while clawing back control over risk.\n\nThis talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight.\n\nWe begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight.\n\nMIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings.\n\nIn this session, we’ll cover:\n- How MIAUW works: from the first conversation to the final deliverables.\nWhy including an auditor raises the bar for quality, traceability, and board-level trust.\n- Real-world stories of organizations that transformed their security posture through structured offensive testing.\n- How to get started with MIAUW, even when working with external testing partners.\nWhether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Mischa Rick van Geelen","Brenno de Winter"],"tags":["244","2025","why2025","Hacking","Delphinus","why2025-eng","Day 5"],"view_count":229,"promoted":false,"date":"2025-08-11T17:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-14T20:30:08.661+01:00","length":2937,"duration":2937,"thumb_url":"https://static.media.ccc.de/media/events/why2025/244-5ffc663c-7edb-5bcb-bcc8-4e53602b4f46.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/244-5ffc663c-7edb-5bcb-bcc8-4e53602b4f46_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/244-5ffc663c-7edb-5bcb-bcc8-4e53602b4f46.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/244-5ffc663c-7edb-5bcb-bcc8-4e53602b4f46.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-244-from-barking-to-meow-mature-pentesting","url":"https://api.media.ccc.de/public/events/5ffc663c-7edb-5bcb-bcc8-4e53602b4f46","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"5b8f06d1-eeff-5c03-ba32-e9f6ee78de21","title":"Synology Disk Station Manager (DSM) - the good, the bad and the ugly","subtitle":null,"slug":"why2025-66-synology-disk-station-manager-dsm-the-good-the-bad-and-the-ugly","link":"https://program.why2025.org/why2025/talk/KRG3AP/","description":"In this WHY2025 session, Mischa van Geelen from Anovum will walk through his recent dive into Synology’s Disk Station Manager. After months inside the software, he surfaced with a mix of intriguing discoveries and a few findings that raise eyebrows.\n\nWithout getting lost in technical weeds, the talk sketches DSM’s inner logic, hints at overlooked traces, and shows how a sharper view of the platform can flip a “nothing here” scenario into a solid lead. Expect a pragmatic tour of what’s possible.\n\nIn this WHY2025 session, Mischa van Geelen from Anovum will walk through his recent dive into Synology’s Disk Station Manager. After months inside the software, he surfaced with a mix of intriguing discoveries and a few findings that raise eyebrows.\n\nWithout getting lost in technical weeds, the talk sketches DSM’s inner logic, hints at overlooked traces, and shows a sharper view of the platform. Expect a pragmatic tour of what’s recoverable, and where things get murky—plus takeaways to sharpen your own incident-response playbook.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Mischa Rick van Geelen"],"tags":["66","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 4"],"view_count":693,"promoted":false,"date":"2025-08-10T14:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-26T16:30:06.869+01:00","length":1765,"duration":1765,"thumb_url":"https://static.media.ccc.de/media/events/why2025/66-5b8f06d1-eeff-5c03-ba32-e9f6ee78de21.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/66-5b8f06d1-eeff-5c03-ba32-e9f6ee78de21_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/66-5b8f06d1-eeff-5c03-ba32-e9f6ee78de21.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/66-5b8f06d1-eeff-5c03-ba32-e9f6ee78de21.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-66-synology-disk-station-manager-dsm-the-good-the-bad-and-the-ugly","url":"https://api.media.ccc.de/public/events/5b8f06d1-eeff-5c03-ba32-e9f6ee78de21","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"17ff3ad3-2a01-52c9-b3e3-08a55942b49b","title":"Hacking the Aeotec Smart Hub: The little hub that could","subtitle":null,"slug":"why2025-101-hacking-the-aeotec-smart-hub-the-little-hub-that-could","link":"https://program.why2025.org/why2025/talk/DJKYA7/","description":"Pwn2Own Ireland added a new target in the smarthome category: the Aeotec Smart Hub. We assumed this target would be an easy win. However, getting the firmware of this device turned out te be a lot harder than anticipated. First, we had to modify the board to dump the encrypted flash. Then, we abused a secure boot flaw to get the decryption key. This process took so long, we had no time left to look for vulnerabilities, but our approach may be interesting for others looking at similar targets.\n\nUsually extracting the firmware of an IoT device is easy. The firmware is often not encrypted on flash and debug interfaces such as UART are often exposed and left open. This was our assumption when we started investigation the Aeotec. However, we turned out to be very wrong on our assumptions. \n\nThe Aeotec firmware is actually encrypted on flash, with a key that is stored in OTP. Furthermore, all debug interfaces such as UART were closed down. This meant we needed  to go through great lengths, first doing in-circuit dumping of the flash, then breaking the encryption configuration in order to get code execution on the APCPU.\n\nOur goal was to do vulnerability research, but we ran out of time for that. By sharing our process, we hope to help others who are interested in this or other devices with a similar configuration.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Daan Keuper","Thijs Alkemade"],"tags":["101","2025","why2025","Hacking","Delphinus","why2025-eng","Day 5"],"view_count":122,"promoted":false,"date":"2025-08-11T14:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-01-01T07:45:03.909+01:00","length":2341,"duration":2341,"thumb_url":"https://static.media.ccc.de/media/events/why2025/101-17ff3ad3-2a01-52c9-b3e3-08a55942b49b.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/101-17ff3ad3-2a01-52c9-b3e3-08a55942b49b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/101-17ff3ad3-2a01-52c9-b3e3-08a55942b49b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/101-17ff3ad3-2a01-52c9-b3e3-08a55942b49b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-101-hacking-the-aeotec-smart-hub-the-little-hub-that-could","url":"https://api.media.ccc.de/public/events/17ff3ad3-2a01-52c9-b3e3-08a55942b49b","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"1b087a38-6e43-58ac-8cac-046b8635781a","title":"Nerding out over silly machines","subtitle":null,"slug":"why2025-201-nerding-out-over-silly-machines","link":"https://program.why2025.org/why2025/talk/FYPY7C/","description":"You've maybee seen the raking robot that got a CEH (Certified Estetisch Harker) certificate, the Telex linked to Twitter/Telegram or the ASCII foto booth. They are all made by me. If this talk gets accepted I will do a deep dive on these three contraptions and what I learned building them.\n\nBeside Schuberg Philis, DIVD, attending the farm and keeping my bees I als build machines.\n\nIt is an interesting process and I want to share it with you.\n\nMachiens I will be talking about:\n* The (worlds?) 1st 3d color printer from TNO\n* The raking robot\n* AI/Twitter/Telegram/Slack connected Telex\n* ASCII photo booth\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Frank Breedijk"],"tags":["201","2025","why2025","Wonderful creations","Brachium","why2025-eng","Day 5"],"view_count":125,"promoted":false,"date":"2025-08-11T20:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-01-26T13:30:09.557+01:00","length":2605,"duration":2605,"thumb_url":"https://static.media.ccc.de/media/events/why2025/201-1b087a38-6e43-58ac-8cac-046b8635781a.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/201-1b087a38-6e43-58ac-8cac-046b8635781a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/201-1b087a38-6e43-58ac-8cac-046b8635781a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/201-1b087a38-6e43-58ac-8cac-046b8635781a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-201-nerding-out-over-silly-machines","url":"https://api.media.ccc.de/public/events/1b087a38-6e43-58ac-8cac-046b8635781a","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"0b06619e-dfcb-5410-ada9-716b629e995f","title":"A journey into reverse engineering arcade PCBs for video game preservation via FPGA emulation","subtitle":null,"slug":"why2025-59-a-journey-into-reverse-engineering-arcade-pcbs-for-video-game-preservation-via-fpga-emulation","link":"https://program.why2025.org/why2025/talk/3AKXN7/","description":"Sometimes ago, I embarked on a journey into the world of electronics and FPGA technology with no \nprior knowledge. What began as passion for retro gaming evolved into a quest for preservation via reverse engineering and FPGA-based emulation. This presentation will share my journey, highlighting the challenges of learning Verilog, the tools, the  resources, and the lessons I learned along the way. By sharing my experiences I hope to inspire others to contribute to preservation of video games.\n\n**Abstract:**\n\nIn an era where classic arcade games risk becoming obsolete, preserving them is  crucial. This presentation chronicles a journey from curiosity to creation, demonstrating how FPGAs can be used to create accurate emulator.\n\n**Introduction to FPGAs:**  \n\nFPGAs are versatile integrated circuits that offer unparalleled flexibility for hardware design. \nUnlike fixed CPUs or GPUs, FPGAs allow for reconfiguration, making them ideal for creating custom \nsolutions like game emulators. This section will explore the advantages of FPGA-based emulation over \ntraditional software emulators, and the existing plateform like the MiSTeR FPGA.\n\n**Verilog Programming:**  \n\nVerilog is a hardware description language used for defining digital circuits in FPGAs. This \npart introduces Verilog's role in designing these circuits, and how it differ to traditional \nprogramming languages. \n\n**Reverse Engineering PCBs:**  \n\nThis segment breaks down the process of reverse engineering an arcade PCB. From \nidentifying components and they're connections, to reverse custom IC and schematics creation.\n\n**Creating an arcade games core**  \n\nA case study on the creation of an arcade game FPGA core. Challenges faced during development, and specifities of arcade games emulation. \n\n**Conclusion :** \n\nThe presentation concludes by encouraging attendees to embark on their own journey, offering practical advice and resources tofacilitate their exploration into FPGA-based gaming preservation. The goal is to inspire and equip newcomers with the knowledge and tools to preserve classic arcade games through FPGA emulation.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Solal Jacob"],"tags":["59","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 5"],"view_count":225,"promoted":false,"date":"2025-08-11T23:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-29T01:00:04.462+01:00","length":2890,"duration":2890,"thumb_url":"https://static.media.ccc.de/media/events/why2025/59-0b06619e-dfcb-5410-ada9-716b629e995f.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/59-0b06619e-dfcb-5410-ada9-716b629e995f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/59-0b06619e-dfcb-5410-ada9-716b629e995f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/59-0b06619e-dfcb-5410-ada9-716b629e995f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-59-a-journey-into-reverse-engineering-arcade-pcbs-for-video-game-preservation-via-fpga-emulation","url":"https://api.media.ccc.de/public/events/0b06619e-dfcb-5410-ada9-716b629e995f","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"cadf542a-9548-55e1-a1c0-b0da5e62624e","title":"Postmortem: XS4ALL","subtitle":null,"slug":"why2025-13-postmortem-xs4all","link":"https://program.why2025.org/why2025/talk/GRPAX8/","description":"An insight and analysis of the events leading up to and during the fight to preserve XS4ALL in 2019, as well as exploring the underlying issues that ultimately lead to its demise.\n\nIn 2019 it was announced that XS4ALL as a brand and company would be integrated into KPN. What followed was a stormy year of customers rising up, employees resisting and frequent media coverage culminating in a court case which ultimately failed to preserve XS4ALL as an independent entity. How did the once happy union of XS4ALL and KPN turn sour, what events lead to the decision to integrate XS4ALL and what did the fight to preserve XS4AL look like from the inside? This talk will explore these topics from the perspective of history, the relationship of XS4ALL and KPN and the wider system into which they were embedded.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Arjan van Hattum"],"tags":["13","2025","why2025","The square hole","Brachium","why2025-eng","Day 5"],"view_count":590,"promoted":false,"date":"2025-08-11T12:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-25T10:30:07.661+01:00","length":2628,"duration":2628,"thumb_url":"https://static.media.ccc.de/media/events/why2025/13-cadf542a-9548-55e1-a1c0-b0da5e62624e.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/13-cadf542a-9548-55e1-a1c0-b0da5e62624e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/13-cadf542a-9548-55e1-a1c0-b0da5e62624e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/13-cadf542a-9548-55e1-a1c0-b0da5e62624e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-13-postmortem-xs4all","url":"https://api.media.ccc.de/public/events/cadf542a-9548-55e1-a1c0-b0da5e62624e","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"15e4093e-e326-5a61-8719-c6f296a3f589","title":"Imposing Climate Law onto Governments","subtitle":null,"slug":"why2025-31-imposing-climate-law-onto-governments","link":"https://program.why2025.org/why2025/talk/FYX8FV/","description":"This talk is a roller-coaster ride through a few years of experience in teaching the government about their obligations w.r.t. climate change.  It details the procedural hacks they use, and ways to evade them.  It also gives examples of elegantly designed cases with a potential of very high impact.  Climate law is a domain of logic, language and social ethics, all available in the average hacker's toolbox.  I'd argue the world needs our minds to lap up the debris left behind by our governments.\n\nAt [MCH2022](https://mch2022.org/#/) I ran into skilled, intelligent young people who were numb about climate change.  This is trending, and it broke my reliance on governments to fix this huge problem.  It is, after all, a [tragedy of the commons](https://en.wikipedia.org/wiki/Tragedy_of_the_commons) so by default everyone waits for others to make the first move.  I adopted a grassroots approach and started taking government to court, alone or as part of [Scientist Rebellion](https://www.scientistrebellion.nl/).  Because it really is politics that is failing us.  Court cases help executive government to do their jobs, by forcing them to stick to climate laws in spite of politicians without vision, heart or spine.\n\nClimate law is mostly international law, which means that it trumps national law, even including anything that a national Supreme Court says.  But courts are not the problem, they are well-versed in the travesty of what governments are _not_ doing.  They need to be asked to rule on a case though, before they can take a decision.  And it takes some work before you get to that point.\n\nI am not saying that government is evil.  I am saying it is stifled in its ways, it cannot progress because it is obstructed by the past, present, procedures and politics.  The everyday working space for civil servants is one of national or even local law.  They have insufficient focus on international (climate) law or rely on other parties to remedy it.  Also, they cannot always move freely, caught up between their oath of faith and a lack of mandate to interpret laws.\n\nWith low court fees and no lawyer requirement, administrative law is  the cheapest way to go about correcting government, but it takes a fair amount of skill to navigate.  I'm still learning, but I can share from experience the most important pitfalls to prepare for.  Most of this has parallels in countries outside the Netherlands.  What remains is logic, language and ethics.  Oh, and some perseverance and creativity. All these skills are native to hackers, and often abundantly so.\n\nIt can take some designer skill to construct a case that has a chance of making it.  And looking at things from different perspectives, while still sticking to concrete goals.  During this talk, I will give a few examples.  If you want to read up on things, have a look at my [Draaiboek Klimaatzaak](http://klimaatzaak.groengemak.nl/) (in Dutch) or similar resources by others.\n\nFinally, it can feel abrasive to step out and impose demands on local government, a national ministry or a central bank.  At least, I usually think shyly of what I am doing.  But abresiveness is not among my submission filters; I care for being reasonable and having a right to what I'm demanding.  And as long as I remain respectful towards the humans on the other side of a case, it is quite simply a democratic right to take corrective or coercive action if the government fails so utterly as it is doing w.r.t. climate change.\n\n**IANAL**  but what I am is _seriously pissed_ with irresponsible governments around the globe.  It is their job to protect our future survival, the evidence and urgency is overwhelmingly clear, but still they leave the free market to corporations with short-term profit as their essential goal.  Corporations will bend when curtailed, provided it is done equally to all, and there is only one party with the power of doing that.  But government is treating a life-threatening condition as yet another management problem to fit into a 9-to-5 job.  So much is done wrong that I find it unethical to sit and wait for a rare breed of climate lawyers to stand up to government mismanagement.  Not if all it takes is a few hundred Euros, strict logical reasoning, a few letters full of detailed knowledge in a design with components from a couple of data sheets (a.k.a. climate laws) and perhaps the mentality of living in a makable world (a.k.a. democracy).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Rick van Rein"],"tags":["31","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":109,"promoted":false,"date":"2025-08-09T10:00:00.000+02:00","release_date":"2025-08-09T00:00:00.000+02:00","updated_at":"2026-01-06T18:45:23.360+01:00","length":2961,"duration":2961,"thumb_url":"https://static.media.ccc.de/media/events/why2025/31-15e4093e-e326-5a61-8719-c6f296a3f589.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/31-15e4093e-e326-5a61-8719-c6f296a3f589_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/31-15e4093e-e326-5a61-8719-c6f296a3f589.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/31-15e4093e-e326-5a61-8719-c6f296a3f589.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-31-imposing-climate-law-onto-governments","url":"https://api.media.ccc.de/public/events/15e4093e-e326-5a61-8719-c6f296a3f589","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"883e3cf0-7d81-5397-8f18-70ee890e8e9f","title":"About Time","subtitle":null,"slug":"why2025-81-about-time","link":"https://program.why2025.org/why2025/talk/LJ9879/","description":"A shared understanding of what time it is and the rate at which time progresses is essential in many areas of technology from industrial control to broadcast. There are two main ways of synchronizing time between multiple computers, Network Time Protocol (NTP) and Precision Time Protocol (PTP). NTP is sufficient for certificate validation, but when timing is crucial we need PTP.  In this talk we will take a deep dive into PTP: what it is, how it works, and various ways to abuse it.\n\nIn my previous talks about Audio over IP and AV technologies the Precision Time Protocol has come up repeatedly as something that deserves its own talk. PTP has a wider use case which makes it interesting as a target for shenanigans. The talk aims to consolidate several years of experience and research into a concise understanding of this fundamental technology.\n\nNo prior knowledge about PTP or network time will be assumed. Some familiarity with networking basics will be helpful, but not essential.\n\nWarning may contain hacker humor.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["pcwizz"],"tags":["81","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 6"],"view_count":133,"promoted":false,"date":"2025-08-12T15:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-03-11T12:45:08.928+01:00","length":2618,"duration":2618,"thumb_url":"https://static.media.ccc.de/media/events/why2025/81-883e3cf0-7d81-5397-8f18-70ee890e8e9f.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/81-883e3cf0-7d81-5397-8f18-70ee890e8e9f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/81-883e3cf0-7d81-5397-8f18-70ee890e8e9f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/81-883e3cf0-7d81-5397-8f18-70ee890e8e9f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-81-about-time","url":"https://api.media.ccc.de/public/events/883e3cf0-7d81-5397-8f18-70ee890e8e9f","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"9c33e32c-0b16-51c8-b9e8-9fe5d3c86a15","title":"TIC-80 byte jam","subtitle":null,"slug":"why2025-23-tic-80-byte-jam","link":"https://program.why2025.org/why2025/talk/ZRBZAC/","description":"TIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere.\n\nTIC-80 fantasy console Byte Jam is a friendly competition to livecode a demo in a relaxed atmosphere. This can take an hour or more depending on the inspiration and time needed of the participants. You could follow the suggested random chosen topic or do your own thing.\n\nTIC-80 is a fantasy console with limited resources like 240x136 pixels display, 16 color palette, 256 8x8 color sprites, 4 channel sound , etc. This gives the TIC-80 a very retro look and feel.\n\nThis byte jam is a good representation of the demoscene, where coders/hackers with very limited resources in hard or software make stunning audio and visual effects. In Europe the demoscene got status of cultural heritage in Finland, Germany and Polen and requested for Netherlands and other countries.\n\nWant to join this ByteJ am as coder? Check with Dave / zeno4ever for the possibilities!!\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Dave Borghuis"],"tags":["23","2025","why2025","Wonderful creations","Andromeda","why2025-eng","Day 5"],"view_count":233,"promoted":false,"date":"2025-08-11T22:00:00.000+02:00","release_date":"2025-08-12T00:00:00.000+02:00","updated_at":"2026-02-19T18:30:09.057+01:00","length":2810,"duration":2810,"thumb_url":"https://static.media.ccc.de/media/events/why2025/23-9c33e32c-0b16-51c8-b9e8-9fe5d3c86a15.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/23-9c33e32c-0b16-51c8-b9e8-9fe5d3c86a15_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/23-9c33e32c-0b16-51c8-b9e8-9fe5d3c86a15.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/23-9c33e32c-0b16-51c8-b9e8-9fe5d3c86a15.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-23-tic-80-byte-jam","url":"https://api.media.ccc.de/public/events/9c33e32c-0b16-51c8-b9e8-9fe5d3c86a15","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"563a5b91-cc15-5ff4-9cf0-6d312405237f","title":"Safeguarding Research \u0026 Culture: Save public data from the digital bookburnings!","subtitle":null,"slug":"why2025-238-safeguarding-research-culture-save-public-data-from-the-digital-bookburnings","link":"https://program.why2025.org/why2025/talk/B8DANE/","description":"Archives are vulnerable. Modern archival methods are robust, but no archive or institute alone can withstand the threats we are currently facing. Safeguarding Research \u0026 Culture (SRC) is creating an alternative infrastructure for archiving and disseminating of cultural heritage \u0026 scientific knowledge. We focus on publicly available material under threat of being deleted or altered. We preserve this data using open standards, open-source software, distributed storage and your help!\n\nNo single archive is permanent, nor large enough to store all of our cultures at risk. Modern archival methods are robust, but no archive or institute alone can withstand the threats we are currently facing. The destruction of knowledge and cultural heritage has happened, and is happening again. Whether it is caused by human action\u003csup\u003e\u003ca id=\"fnref1\"\u003e\u003c/a\u003e[\\[1\\]](#fn1)\u003c/sup\u003e or natural causes.\u003csup\u003e\u003ca id=\"fnref2\"\u003e\u003c/a\u003e[\\[2\\]](#fn2)\u003c/sup\u003e. Without our archives we lose knowledge and culture which has a negative impact on our ability to learn, study and innovate. However, digital information can be copied easily and quickly. \n\nSafeguarding Research \u0026 Culture (SRC) is creating an alternative infrastructure for archiving and disseminating of cultural heritage and scientific knowledge. We seek to preserve cultural memory in a way that traditional archives cannot. Together, we can ensure that our cultural, intellectual and scientific heritage exists in multiple copies, in multiple places, and that no single entity or group of entities can make it all disappear.\n\nIn this session, we will present why we are doing this, what our approach is and why we need your help. \n\nAfter attending this session, participants will:\n* Gained an insight into the importance of data to support culture preservation \u0026 research purposes \n* Understand how this project relates to and supplements more “traditional” archiving \u0026 preservation infrastructure\n* Feel empowered to contribute to the project in various ways, including seeding existing datasets, identifying at-risk datasets, downloading \u0026 adding at-risk datasets to the swarm and supporting this project in other ways\n\nReferences \n1. See for example [NYT: *Health Resources Vanish Following D.E.I. and Gender Orders*](https://www.nytimes.com/2025/01/31/health/trump-cdc-dei-gender.html), [Atlantic: *Why Is the Trump Administration Deleting a Paper on Suicide Risk?*](https://www.theatlantic.com/ideas/archive/2025/02/heath-science-data-trump/681631/), [Boston Globe: *CDC removal of databases on sexual orientation, gender identity sparks alarm*](https://www.bostonglobe.com/2025/01/31/metro/cdc-removes-databases-sexual-orientation-gender-identity/), and [404media: *GitHub Is Showing the Trump Administration Scrubbing Government Web Pages in Real Time*](https://www.404media.co/github-is-showing-the-trump-administration-scrubbing-government-web-pages-in-real-time/). [↩︎](#fnref1)\n    \n2. See for example [Smithsonian: *Why Brazil’s National Museum Fire Was a Devastating Blow to South America’s Cultural Heritage*](https://www.smithsonianmag.com/smart-news/artifacts-destroyed-brazil-devastating-national-museum-fire-180970194/) and [UN: *Destruction of cultural heritage is an attack on people and their fundamental rights*](https://news.un.org/en/story/2016/10/543912). [↩︎](#fnref2)\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Henrik Schönemann"],"tags":["238","2025","why2025","Yearn for a better future","Andromeda","why2025-eng","Day 3"],"view_count":165,"promoted":false,"date":"2025-08-09T22:35:00.000+02:00","release_date":"2025-08-10T00:00:00.000+02:00","updated_at":"2026-03-31T15:45:05.166+02:00","length":1653,"duration":1653,"thumb_url":"https://static.media.ccc.de/media/events/why2025/238-563a5b91-cc15-5ff4-9cf0-6d312405237f.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/238-563a5b91-cc15-5ff4-9cf0-6d312405237f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/238-563a5b91-cc15-5ff4-9cf0-6d312405237f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/238-563a5b91-cc15-5ff4-9cf0-6d312405237f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-238-safeguarding-research-culture-save-public-data-from-the-digital-bookburnings","url":"https://api.media.ccc.de/public/events/563a5b91-cc15-5ff4-9cf0-6d312405237f","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]},{"guid":"b6afeed5-0910-5d5f-896d-19a6bd7403b5","title":"PLOT4AI 2.0: Open source Threat Modeling for Trustworthy AI","subtitle":null,"slug":"why2025-234-plot4ai-2-0-open-source-threat-modeling-for-trustworthy-ai","link":"https://program.why2025.org/why2025/talk/KB7ATS/","description":"PLOT4AI 2.0 is a pioneering open source AI threat modeling tool that provides a structured, lifecycle-based approach to AI risk identification. With over 100 AI-specific risk sources across eight categories, it aligns with the EU AI Act and supports trustworthy AI development and deployment. In this talk, the author will present the story of this internationally recognized tool, first published in 2022, and will introduce its new, expanded 2.0 version. More info @ https://plot4.ai/\n\nAfter three years of research, in 2022 the first version of PLOT4AI launched with 86 AI-related threats. At that time AI security was still a niche topic discussed mainly by a few and AI safety was barely recognized beyond robotics and reinforcement learning. \nThen, just seven months later, ChatGPT launched, and the AI landscape changed overnight.\nSuddenly, AI became a central topic in public discourse, governance, and policy. The EU AI Act entered the scene, putting fundamental rights at the heart of AI product regulation. What was once a niche technical concern had become a global geopolitical issue, influencing regulatory and economic agendas around the world.\n\nIt became clear: PLOT4AI needed a major update.\n\nIn this talk, the author of PLOT4AI will take you behind the scenes of the tool’s creation and introduce PLOT4AI 2.0: a major new release of this open source AI threat modeling framework. The updated version includes over 138 AI-related threats, including threats related to Generative AI, Agentic AI, and complex deployment environments. \n\nPLOT4AI isn’t just a tool, it’s a collaborative effort to make AI safer for everyone! As an open source initiative, it's built on feedback, shared experience, and contributions. Whether you’ve spotted a missing threat, devised a new mitigation, or have real-world examples to add, your input is welcome and encouraged!\n\nThis talk is both a deep dive into the evolution of AI threat modeling and a call to action for the AI open source communities to shape safer, more accountable AI together.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Isabel Barberá"],"tags":["234","2025","why2025","Wonderful creations","Delphinus","why2025-eng","Day 4"],"view_count":76,"promoted":false,"date":"2025-08-10T12:00:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-03-25T12:15:06.026+01:00","length":3026,"duration":3026,"thumb_url":"https://static.media.ccc.de/media/events/why2025/234-b6afeed5-0910-5d5f-896d-19a6bd7403b5.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/234-b6afeed5-0910-5d5f-896d-19a6bd7403b5_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/234-b6afeed5-0910-5d5f-896d-19a6bd7403b5.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/234-b6afeed5-0910-5d5f-896d-19a6bd7403b5.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-234-plot4ai-2-0-open-source-threat-modeling-for-trustworthy-ai","url":"https://api.media.ccc.de/public/events/b6afeed5-0910-5d5f-896d-19a6bd7403b5","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[]}]}