27C3: Day 1

Hello from Berlin, where we arrived after a good 8:40 travel time on Sunday evening, 1:30 behind schedule... At least ICE trains are very comfortable and have power outlets. ;)
The first day of congress was a mixed experience... On one side the new ticket-presale system had the pleasant effect of eliminating the usual Monday morning queue to get tickets, on the other hand I'm not so sure it managed to reach the goal of keeping the participants to a manageable level, every conference room is routinely full, every table in the hackcenter and upstairs too, and lots of people have to sit on the floors just to get some kind of place (especially in the evening)... I really hoped that if they actually limited the number of tickets with the presale system, they also would have based the number of them on the sum of real, available chairs in the building (or just a little more), seems that was wishful thinking.
I also can't really support the table reservation system for groups in the HackCenter, you get entire tables reserved by projects that no one ever heard of, and which are not there most of the time, but leave an incredible mess of hardware and junk to occupy the table. Which brings me to another point: looking at HackCenter tables, one can come to only one conclusion: hackers are freaking messy! There's bottles, caps, paper, junk, half-eaten food and everything in between lying around, people just leave it there when they go away, and it's not like there isn't a trashcan every 10 meters or even less... Use them? If you don't find one, organize one? Just keep the place tidy, please.
Also the first day was plagued by infrastructure problems, LAN works well, WLAN was mostly unusable (either you got no IP or it was so slow to be unusable, things seem to be better now), the streams initially didn't really work (sound just disappeared at random, even over DVB-T at times), in the evening they actually worked very well over DVB-T, over LAN I couldn't (and still can't) watch 10 minutes without it dieing and me having to restart it.
So let's come to the talks, which are the main reason I'm here:

  • 12:30, "Code deobfuscation by optimization": didn't see it as the room was overloaded and the streams broken, will have to download a recording when they're available...
  • I managed to follow some of the "Copyright Enforcement Vs. Freedoms" and "Von Zensursula ├╝ber Censilia ..." talks on a big screen upstairs outside of the conference room, they both made some great points on why censorship and too tight copyright enforcement are bad and not helpful at all.
  • 16:00, "Automatic Identification of Cryptographic Primitives in Software": this time I managed to find place in the conference room, but I might not have bothered, while the talk wasn't bad, I couldn't see anything exciting or groundbreaking in it, it all boiled down to using some heuristics and signatures to find if a program was using crypto code and what kind of crypto code, it's an interesting, kinda specialized way to analyze binaries, using more or less reliable techniques to do it.

After that we went to eat, got a really great pizza at an Italian place on the Fernsehturm square, right besides the Rathaus. Food really costs less here.
After we were back at the BCC the real fun began:

  • 20:30, "Desktop on the Linux": it was just a big ROFL, the speaker (while he made some very good points about avoiding complexity and putting lots of stuff together, which I agree with) had not really researched every issue in-depth, and sitting in the audience was Lennart Poettering, which pretty much trashed him on every point he was trying to make by explaining why those decisions were made, how the implementation really works in-depth, and so on. It was almost sad to watch, while the speaker had some good points, he didn't manage to really bring any of them across without trashing and laughter ensuing.

And then the good stuff came:

  • 21:30, "Recent advances in IPv6 insecurities": really great talk, the speaker was very good, you saw right away this guy is used to giving talks. Very interesting and understandable explanations of the security problems he found in the IPv6 protocol, lots of images, very good English accent. All in all a very enjoyable and informative talk!
  • 23:00, "Adventures in analyzing Stuxnet": like the speaker would say it: "Hey dude, this was fucking awesome!", really. The talk by Microsoft's Bruce Dang was incredibly interesting, he explained how they handled finding the various zero-day bugs Stuxnet used to infect a Windows system, how they used various debugging techniques, binary analysis, team work with other Windows subsystem teams and so on to understand how Stuxnet actually got onto a Windows system and how to fix those flaws. Very informative stuff, and presented in a very relaxed and funny, down-to-earth way. As one spectator said at the end: "I never expected to enjoy a Microsoft talk so much!".
  • Last but not least, 00:15 brought the "Pentanews Game Show", a new multi-player game show they introduced this year, based on "Who wants to be a millionaire?" but with IT-news related questions, quite enjoyable and funny. I personally like this game much more than "Hacker Jeopardy" (which will be on Day 3).

Posted by Luca Longinotti on 28 Dec 2010 at 12:12
Categories: Longi, CCC Comments

blog comments powered by Disqus