Podcast
Chaos Computer Club - recent events feed (low quality)
Hosted by CCC media team · EN
Der Chaos Computer Club ist die größte europäische Hackervereinigung, und seit über 25 Jahren Vermittler im Spannungsfeld technischer und sozialer Entwicklungen.
66episodes
Episodes
Newest firstAll episodes
Infrastructure Review & Closing (gpn24)
1w ago01:16:35Tap to summarizeGroße Zahlen und ganz viel WOW Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/MTP7YB/
Transcribe →
Popping podman/dockers bonnet: Unraveling the image pull process while developing for Forgejo (gpn24)
1w ago00:17:28Tap to summarizeDeveloping an OCI image pull through cache for Forgejo had some interesting rabbit holes and it was surprisingly hard to get in depth information on a supposedly well known system. So I got to deep dive and do bits of research and reverse engineering to make the parts communicate properly. In this talk I'll share my insights into the process of pulling OCI images according to the distribution spec (and its slight deviations) and try to answer questions like: - Which requests are sent by Podman or the Docker daemon when doing `docker pull image`? - Whats that with the /v2 endpoint and discovery? - How about authentication? - What does the pull sequence look like? - Help, I got an index manifest, what should I do? - How should Forgejo communicate with the daemon for a successful pull? If there is time, I'll also share small pieces of knowledge of where the implementation sits in the Forgejo codebase and how it interacts with the existing package registry. - PR containing the implementation: https://codeberg.org/forgejo/forgejo/pulls/11611 Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/8SDDSH/
Transcribe →
Pixel Bureaucracy At The Scale Of Chaos - or: Torturing 286 People By Pretending To Be The Government (gpn24)
1w ago00:59:01Tap to summarizeThis talk could be described as "pixelebbe Wrapped", except that it is at a different time of the year, has better jokes, provides more technical and moral insights and is not personalized. So erm it probably isn't a "pixelebbe Wrapped" at all, but hey, learn how we built and hosted pixelebbe, achieved better uptime than GitHub and spent only a reasonable amount of effort on this shitpost-turned-project (that's what we tell ourselves at night). In the history of human kind, there is a set of unfortunate innovations that have caused a lot of suffering and destroyed many lives. One might think of the nuclear bomb, or the internet. One could also think of pixelebbe. At least if one were to be untroubled by accusations of exaggeration and over-dramatising. Well what is pixelebbe? It's a pixel-setting experience designed to frustrate the player using everyones' favorite thing: ✨ excessive bureaucracy ✨. The idea is very simple: we provide a 40x30 canvas, everyone can then tell us to set a specific pixel to a specific colour from our limited colourset, which we then do and so a picture will be created. Just add on top of that large amounts of red tape, such as limited office hours, a dedicated queueing system, having to use an official government form, very strict formality control and stamps. In this talk, we want to lift the curtains and give a backoffice tour through pixelebbe. We'll talk about the technology abused to build and host pixelebbe, how we made professional software designed to look like it was put together in 2 hours. We'll even leak official secrets and risk going to pixeljail. There'll be time for a Q&A and a rare live-pixel-setting-session. Rumour has it, that even our agency lead might appear on stage, which had been notoriously always-absent during 39c3. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/VJDF8H/
Transcribe →
WAF: Wrong Approach Firewall (gpn24)
1w ago01:01:42Tap to summarizeWeb Application Firewalls (WAFs) for filtering based on HTTP and payload are omnipresent. In this talk an argument will be made that, in many cases, the wrong approach for implementing WAFs is chosen: They are implemented as "deny firewalls" which specifically forbid "bad" traffic based on pattern rules, while for network security (layers 3/4) professionals would only ever follow an "allow firewall" approach, which explicitly lets "good" traffic pass and denies everything else. "deny WAFs" are oftentimes marketed as simple, easy to use, out-of-the-box solutions, but, by design, they can only prevent known exploits. Also, practical aspects limit their potential, when rulesets breaking functionality have to be disabled. While the "allow WAF" approach presented here implies more effort, its main advantage is protection against new attack vectors ("zero days") and it comes with a lot of side benefits, such as improved performance and resilience through caching. Concepts will be introduced: * HTTP Basics * Signed URLs / signed requests * Regular Expressions * HTTP Caching Practical examples with Vinyl Cache will be presented: * Rules based on HTTP method and URL * Header filtering * Regular Expressions on body data Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/9TSLFQ/
Transcribe →
Building video games with 20 year old tech (gpn24)
1w ago00:19:10Tap to summarizeThe market is full of high-performance graphics APIs like Vulkan and fantastic engines like Unreal and Unity. So, why not use DirectX 9 and a self-built engine instead? ;) In this talk we'll take a quick stroll down memory lane, to look at the tech used to build video games in the 2000s. Then we'll see what we can build today using the tech from back then. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/JD3RUJ/
Transcribe →
Gemeinsam Wissens-Infrastruktur bauen: föderierte Wikibase für Video- und Podcasts (gpn24)
1w ago00:41:38Tap to summarizeDas WissKomm Wiki hat Förderung, einen laufenden Prototypen und 100.000+ identifizierte Videos. Dieser Talk zeigt, was schon läuft: föderierte Wikibase, automatische Transkription per Whisper, SPARQL-Queries über Wissenschaftsmedien. Mit Arrrrrmin haben wir LanzMining von der GPN23 zu SpeakerMining aufgebaut und ins WissKomm Wiki integriert - eine vollständige Pipeline, die aus ZDF-Archiv-PDFs einen verlinkten Wissensgraph erzeugt: 10.000+ Personenerwähnungen, 120.000+ Wikidata-Triples, OpenRefine-Kuration. Genau das skalieren wir im WissKomm Wiki auf Wissenschaftsvideos und -podcasts. Plus die offenen Probleme, an denen wir gemeinsam arbeiten möchten, am besten gleich im GPN24 Hackathon. 2021: Idee GPN22: Präsentation im CCC. GPN23: Prototyp, Antrag in der Schwebe, Arrrrrmin stellt LanzMining vor. GPN24: Das Projekt läuft: Gefördert durch FDM-NDS dürfen wir jetzt zeigen, wie LanzMining, WissKomm Wiki und viele ähnliche Projekte zusammenpassen. Ein Einblick: [GPN23, media.ccc.de](https://media.ccc.de/v/gpn23-299-ctrl-f-for-facts-mit-dem-wisskomm-wiki-filterblasen-erkennen-und-fakten-sichtbar-machen). Im Talk gehen wir endlich über Konzepte hinaus in die Anwendung! Auf der GPN23 hat Arrrrrmin mit LanzMining gezeigt, was möglich ist, wenn man TV-Archivdaten strukturiert erschließt. Wir haben das weitergebaut zur vollständigen Pipeline Speaker Mining. Ausgangspunkt: ZDF-Archiv-PDFs des Markus-Lanz-Talks. Semantisch disambiguiert mit OpenRefine, dedupliziert auf Wikibase bereitgestellt und letztlich nachhaltig frei verfügbar. Wer mag, kann live über SPARQL-Queries Fragen stellen: - wer war wie oft zu Gast? Mit welcher Rollenverteilung? Wir gehen noch tiefer in die Analyse: Visualisierung der Rollenverteilung, wie von LanzMining bereits vorgemacht: Indem wir Klassen wie Rollen und Instanzen wie Markus Lanz statistisch unter die Lupe nehmen, können wir mit Speaker Mining bildlich machen, was unsere Medienlandschaft ausmacht. Die aktuelle WissKomm-Wiki-Infrastruktur besteht aus einer föderierten Wikibase via Wikibase.cloud (wie ein eigenes Wikidata), langfristig verknüpft mit einem Full Text Wiki für Transkripte. Via SPARQL kann nach Properties und Datenquellen gefiltert werden. Speaker Mining zeigt, wohin das führt: Wenn Sendungsarchiv-Metadaten maschinenlesbar in einer Wikibase liegen, kann man fragen: Wer war wann zu Gast, mit welcher Rolle, aus welcher Institution? Whisper läuft noch lokal, transkribiert offline, und die Ergebnisse landen vorerst nicht im Wiki - bis wir im Projekt die Rechtsfragen geklärt haben. Ziel dafür: Ende Juni steht der Fragenkatalog, und im September haben wir unser Rechtsgutachten. Experimentell haben wir so schon mal 230+ Folgen Lanz & Precht transkribiert und analysiert - die ersten Ergebnisse sind ganz spannend. Der Blick auf die beiden *sozusagen*-Experten ist nur ein erster Einblick in das, was langfristig möglich sein soll. Der nächste Schritt geht gen Wissenschafts-Podcasts, wie dem jüngst mit dem ÖFG-Preis für Wissenschaftsjournalismus ausgezeichneten Podcast [Das Klima](https://dasklima.podigee.io/) von u.a. FuzzyLeapfrog, die von Beginn an bei Speaker Mining mitgewirkt hat. Jetzt geht es darum, die Community aufzubauen: Der [Matrix-Channel](https://matrix.to/#/#wisskomm.wiki:matrix.org) ist aufgesetzt, das Community-Team steht bereit und arbeitet fleißig mit unserem gemeinnützigen Verein daran, die gewachsenen Strukturen der vergangenen fünf Jahre auf bleibende Strukturen zu stellen. Das Open Science Lab aus Hannover übernimmt die fundamentale Infrastruktur, und der Verein übernimmt experimentellere Interfaces wie Gamification oder Plugins. * Föderierte Wiki-Architektur: Wikibase + Full Text Wiki, verbunden über interne Queries * Module für Datenakquise, Zwischenspeicherung, Transkription (Whisper ASR, lokal) * Interfaces: nicht nur für Forschende und Entwickler\*innen, sondern auch für Urheber\*innen und Plattformbetreibende * Federation mit Wikidata, ORKG, TIB AV-Portal - ohne deren Infrastruktur zu überlasten Wer mitmachen will: Wir vom WissKomm Wiki sind auf der GPN, sprecht uns an :) Zum Talk gibts hoffentlich noch den Workshop. **Links** * [GPN23: CTRL+F for Facts (WissKomm Wiki)](https://media.ccc.de/v/gpn23-299-ctrl-f-for-facts-mit-dem-wisskomm-wiki-filterblasen-erkennen-und-fakten-sichtbar-machen) * [GPN23: LanzMining (Arrrrrmin)]([https://media.ccc.de/v/gpn23](https://media.ccc.de/v/gpn23-213-lanzmining-wer-spricht-denn-da-)) * [Projekt](https://borgnetzwerk.org/wisskomm-wiki) * SciCom Wiki: [Code](https://gitlab.com/wisskomm-wiki), [Paper](https://arxiv.org/abs/2511.09248), * Speaker Mining: [Code](https://github.com/borgnetzwerk/speaker-mining), [Paper]( https://doi.org/10.48550/arXiv.2606.02905)) Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/G9VCNN/
Transcribe →
Three Languages, Triple the Confusion (gpn24)
1w ago00:20:21Tap to summarizeThis code runs without errors, but still confuses. In this talk, we explore some subtle quirks of C, Python, and Java (and others) that catch even experienced developers off guard. No bugs, no typos - just the language doing exactly what it was designed to do. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/HZ8XUT/
Transcribe →
MMO-CHIP: From Microscope to Verilog in an hour (gpn24)
1w ago00:58:45Tap to summarizeReverse engineering old custom chips from microscope pictures is cool, but oh so painfully slow! Last time I did this (talk at 38C3), I spent two weeks waking up, annotating wires in Inkscape, going to bed, and then dreaming about more wires. So I decided to bite the bullet and finally build some better tooling, to keep future me more sane as well. In this talk I'll present _MMO-CHIP_, an open source silicon reverse engineering tool I built for helping preserve and emulating custom undocumented chips, like the DSPs used in old synthesizers. It's web based and allows collaborative annotation, it handles giant pictures effortlessly and integrates a lot of features specifically designed for digitizing silicon, including some computer vision techniques. It's even able to infer the logical formula of complex logic gates, just from a few scribbles! I will explain in detail how the algorithms used work, and how you can use it to go from microscope to simulable Verilog code in less than an hour (or even less if you draw in multiplayer with some friends!). Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/FWCJ73/
Transcribe →
DI.Days as Anarchist Practice/Anarchist Practices for DI.Days (gpn24)
1w ago00:44:54Tap to summarizeDigital Independence Days are a response to the growing monopolization of technology and the recent loss of trust in US-based tech firms after the USA's shift towards authoritarianism. The (communicated) goal is to protect our current democracy and our current freedoms from deteriorating even further. Conserving the status quo and preventing a further loss of freedoms is likely not enough. I want to highlight the larger transformative potential in this project. By applying anarchist practices to DI.Days, we can imagine a world of decentralized and democratized software, platforms and infrastructure. A world where individuals act as sovereign providers and users of technology. A world where the providers of technology do no have the ability to enact arbitrary power upon users. A world where consenting to the sharing of data is real and not a lie hidden by "Accept all cookies" or "Agree to the Terms and Conditions". Moving from imagining such a future to prefiguring it, I want to look at anarchistic practices that might realize such a transformation and the role of DI.Days in it. The talk will have the following structure: 1. Introduction to social(ist) and small-a anarchism and some of their lines of thoughts and practices especially applied to education and organizing 2. What are DI.Days, what do they promise, and what do they look like in practice (at least in Karlsruhe) 3. Daydreaming a utopia for technology use on the basis of anarchist principles (and the hopes of DI.Days) 4. What practical small steps can lead there? And why are DI.Days a good project for making these steps? Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/TVNEUB/
Transcribe →
Medikationsplan24.ti - der digital gerührte Medikationsprozess (gpn24)
1w ago00:53:21Tap to summarizeIm Juli startet auf der Infrastruktur der ePA der digital gestützte Medikationsprozess (dgMP). Woher kommt er, wie funktioniert er und welche Risiken bringt er mit sich? Im Juli startet auf der Infrastruktur der ePA der digital gestützte Medikationsprozess (dgMP) als Kombination aus elektronischen Medikationsplan und elektronischer Medikationsliste. Hiermit bekommen alle Leistungserbringende und Apotheken der Versicherten Zugriff auf dieselbe Datenbank mit geplanten, verordneten und ausgegebenen Medikamenten. Was ein therapeutischer Traum ist, kann für Versicherte erhebliche Folgen haben. In diesem Talk werden wir uns über die Geschichte der Medikationspläne, den geplanten Abläufen und den Chancen und Risiken für Leistungserbringende und Versicherte unterhalten. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn24/talk/XQSPCY/
Transcribe →