Yet another year is over without me having been at one of teh big Chaos events. Congress stays one of my favouruite vents. Until I'll be there in person, again, I mostly consume it over the fediverse
and look forward to watching interesting and entertaining talk recordings. I don't usually do this, but this time I felt like recommending the talks I got the best out of.
56 min - deutsch - CCC & Community - Marc-Uwe Kling and Linus Neumann
Die meiste Zeit Unterhaltung von Mark-Uwe Kling. Er liest sein Comics über Elon Musk und Jeff Bezos auf dem Mars. Das ganze ist Publikums-Lockmittel für die Vorstellung der Idee des Digitalen
Unabhängigkeitstags (DUT)/Digital Independence Day (DID). Unter dem Hashtag #DUTgemacht bzw. #DIDit sollen Interessierte von nun an an jedem ersten Sonntag im Monat den Umstieg weg von geschlossenen
Plattformen, von Millardären kontrollierten Diensten und gesellschaftsschädlichen Apps und Webseiten besprechen bzw. öffentlich mit dem Erfolgreichen Verzicht angeben. Dazu gäbe es eineiges zu sagen.
Vielleicht werde ich das ja noch in einem eigenen Post darüber. Es ist aus unterschiedlichen Gründen gar keine so schlechte Idee und sie wurde öffentlichkeitswirksam vorgestellt. Der DUT hat jetzt schon
viele Vertreter und kann als erfolgreich eingeführt betrachtet werden. Projektwebseite: di.day
The idea of a monthly Digital Independence Day (DID) on which many people draw attention to and discuss possibilities to remove power from billionaires and their
corporations by choosing to use alternatives is a good one. There's a few things to talk about here. And maybe I will in a separate post.
60 min - Englisch - Security - Q Misell and 551724 / maya boeckh
Entertaining story of an investigation into fake and otherwise illegitimately sold German train tickets, a stolen signing key, communication with transport companies, a QR code that is illegal to
scan. Just a good and entertaining story.
56 min - Englisch - Hardware - Severin von Wnuck-Lipinski and Hajo Noerenberg
20 year old washing machines have interesting interfaces for analising and controlling their sensors and actuators. Software for service technitions, firmware dump of a controller, finding the reason
why a machine is no longer spin-drying. Newer machines have even more interfaces. Custom apps for controlling and reading them would be interesting. A good insight into those things (not a comnplete
overview) based on the speaker's experiences.
58 min - English - Security - Johann Rehberger
Demonstrating AI agent exploits, many of them surprisingly simple!
40 min - English - Ethics, Society & Politics - Udbhav Tiwari and Meredith Whittaker
In-depth introduction to the privacy-invading design and features of an OS-integrated AI agent (Microsoft Recall). This was quite interesting and reveiling to me because I have had hardly more
information on it than the headlines conveyed and I have no experience with AI agents myself. The talk covers reliability, vulnerability, privacy-intruding design and functioning principle, and an appeal
to the people creating agentic systems ("touch grass, press pause" and "stop reckless deployment"). I cocur with most of what's said in the talk, bt also learned some details about MS Recall. Apparently
the negative hype wasn't exaggerated. This is an extraordinary bad design, made by combining bad ideas, resulting in software that antagonises the user more than anything MS has ever tried.
38 min - deutsch - Ethics, Society & Politics - Nico Semsrott
Nico Semsrott stellt die PRÜF-Kampagne vor. Inklusive Gemeinschaftsrituale (naja, nur Singen). Aber gute Vorstellung und Erklärung der Kampagne.
56 min - deutsch - Ethics, Society & Politics - Helena Steinhaus
Über die aktuelle Bürgergelddebatte, armenfeindliche Politik, grubndgesetzwidrige Sanktionen, Bestrafung von Schwäche. Parteiische, oft polemisch, manchmal u7nsachlich. Aber ich denke das ist
erkenn-und einortenbar. Trotzdem eine intere4ssante Dartstellung einer wichtige Sichtweise und mangels sozialerer Gesetze und Politik leider notwendiger zuvilgesellschaftlicher Hilfe.
38 min - English - Art & Beauty - Ting-Chun Liu and Leon-Etienne Kühr
Really interesting insight into how artificial neural neutworks convert between text tokens and images (generating images from text prompts).
39 min - English - Art & Beauty - Lyra Rebane
I love this talk because it's about a topic I've been interested in for years without ever taking the time to learn much about it. Lyra presents examples of CSS crimes (tricks that abuse
features of CSS). Using checkboxes or details elements to influence arbitrary elements on a page are relatively well known crimes and can be used to create complex GUIs that look like they are
probably built with JS. But there are many more tricks that allow for surprising GUI features. Just a few examples: A card game, random choice buttons, movable "windows", a 2D grid map with Zelda
style character movement, binary operator implementation. Apparently people take this to the extreme (as I could have expected) and there is a CPU implemented in CSS that executes binary code. Lots
to check out if I wanted to spend time getting into this topic. Check out her blog.
52 min - deutsch - Security - Mischa Meier (mmisc) and Annika Kuntze
Den hier möchte ich hier erwähnen, weil zur Zeit überwiegend die einseitige Sichtweise geteilt wird, dass KI-generierte Bug-Reports bzw. Reports über durch KI gefundene Bugs unbrauchbar und durch die extreme Zeitverschwendung schädlich für ehrenamtlich entwickelte Software ist. Dieses hauptsächlich durch die Talks einer Person verbreitete Sichtweise habe ich keine eigene Erfahrung und keinen Widerspruch entgegenzusetzen. Aber die hier präsentierte Arbeit legt nahe, dass es stark auf die Qualität der Bugsuche mit KI ankommt und darauf, wie Agenten zur Bugsuche und Fehlerquotenverringerung eingesetzt wird. (Das hat auch Daniel Stenberg mittlerweile erfahren/eingestanden.)
36 min - English - Art & Beauty - yomimono
This isn't really a topic I'm interested in getting into. I won't try cross stitching because I have enough topics I don't spend any time actually doing anything in. But I liked the talk and it was and interesting insight into the hobby that is suited for newbs and not only about the software. This is actually one of two cross stitching talks at 39c3. The other one has some interesting bits as well for somebody who doesn't really care about stitching and is well worth watching if you do.
54 min - Endlish - Security - mixy1, Luke Bjorn Scerri and girogio
Three students from Malta enthusiastically tell their side of their incredible story of being arrested for responsibly disclosing a vulnerability they found in a mobile app. It's a story about Maltese law, police, politics and media representation.
40 min. - English - Ethics, Society & Politics - Klaus Landefeld
The tiresome topic of data retention laws is one that I almost didn't want to include on this list here. But it is not only an important issue (The fight against them is not going well if we stop talking about it because it is exhausting to repeat the same points against the same kind of misinformation for generations.) but also a good (re-)intoduction and summary of the concept of data retention, it's problems and the political history of such laws.
45 min. - English - Ethics, Society & Politics - Kate Sim
On proposed technological and legal pseudo-solutions for increasing child safety on the internet, the alleged divide between privacy and safety, real and practical dangers of sexual exploitation of children on the internet and what we can do to actually improve child safety.