Berlin: the aftermath

Got back from Berlin on Sunday evening, this time the train was only five minutes late, so I got on the connecting trains just fine.
Looking back at my stay in Berlin: 27C3 was great (read the other blog posts for a summary), the hotel we stayed at, Agon am Alexanderplatz, was great too, normal prices, clean, very spacey rooms, they were in fact old apartments converted to hotel rooms, so we had a big bedroom, bathroom, and a kitchen/living room area too, great to keep drinks chilled! I definitely recommend the place.
Food in Berlin was also usually great, be it from the BCC's catering, Las Malvinas (steak-house), or Piazza Rossa (pizzeria, Italian restaurant), or other places we went to, but I wanted to mention those two in particular as they were really good and relatively cheap, at least compared to our prices here in Switzerland.
On Friday we mostly relaxed at the hotel, seeing as the weather didn't really encourage much sightseeing, and then we went to the big New Year's Eve party at the Brandenburger Tor, which was really awesome, the Hermes House Band was great ("Country Roads, take me home, to the place, I belong, West Virginia, ..." ;) ). The fireworks weren't that impressive in my opinion, I expected much more from such an event, Lugano's are both bigger and last longer, and we're just a small swiss town!
I've uploaded a few photos I took with my new digital camera.
I spent most of Saturday in bed, as I managed to catch a cold, but that's getting better now, slowly. Watched a few of the talks I didn't see at CCC on the laptop. The official recordings are now being published, so if any talk interests you, download and watch it, it's worth it.

  • "Hackers and Computer Science" is really awesome, watch that one!
  • "Reverse Engineering a real-world RFID payment system" was very interesting too, as was
  • "Chip and PIN is Broken", both concerning the security of widely used payment systems.
  • "Rootkits and Trojans on Your SAP Landscape" was kinda scary, this one is probably very interesting for any Wirtschafts-Informatik student.
  • Finally managed to watch "Console Hacking 2010", which brings great news: it will soon be possible to install Linux on the PS3 again, and boot it directly.
  • "Data Recovery Techniques" was a very informative talk about storage media and how and when they can be recovered in practice.
  • "USB and libusb" gives a great overview of what USB is, how it works, and how to program it under Linux, really worth a viewing if you plan to do anything with USB.

Posted by Luca Longinotti on 04 Jan 2011 at 16:32
Categories: Longi, CCC Comments

27C3: Day 4

Last day of 27C3 (but not last day in Berlin!), the weather is the usual: foggy and damn cold.
I thought to visit the Fernsehturm tomorrow, but that doesn't make much sense if the fog covers the city and you don't even see a mile in the distance...
I managed to get a 27C3 T-shirt, but no jacket, as those were all sold out right away, at least in my size, like no one could predict that people would buy jackets when it's -10 °C outside, and that IT guys mostly aren't an S or an M size. :(
Arrived at about 12:20 at the BCC, managed to get the same places as yesterday, and it seems to me that today there are less people around.

  • 12:45 "Cybernetics for the Masses", I didn't really know what to expect here, and it totally blew me away: that woman is a mix of awesomeness and total craziness (though she calls it curiosity, and I can kinda understand that :D). She presented a few projects she did on herself, concerning body modification through sub-dermal implants, though she kinda seems to disregard her own health doing them. Not something for me.
  • 13:45 "Hackers and Computer Science", I kinda started watching this as a filler, waiting for "Data Analysis in Terabit Ethernet Traffic" to start, but then this turned out to be an amazing talk about how Hacking is (or should be) considered its own discipline, and how it deeply connects to academic research and topics, and how the interaction between the two should be increased. In the end "Data Analysis in Terabit Ethernet Traffic" wasn't even transmitted over stream, so I didn't see it at all.
  • 16:00 "How the Internet sees you" promised to be a good talk, but I was disappointed, I mean, I already know that my ISP can look at my packets and can thus tell basic stuff like source IP, destination IP, size, etc. and that he can see the DNS queries I make (as he owns the DNS server usually), and so on...
    I hoped to see some special tools in action that actually give you precise user tracking, and maybe some real world cases from ISPs having to tap someone for law-enforcement, but this wasn't the case, there were just a few graphs about how the traffic was distributed at the Congress, and that was it. So I switched to "International Cyber Jurisdiction", which raised very interesting points about how jurisdiction matters in the Internet-Age and how it gets a lot more complicated.
  • 17:15 will bring "Security Nightmares", which usually is a very good talk about security problems, both in retrospective and in the future.

We'll go grab a bite at Las Malvinas, it's a steak-house near the hotel, and it looks like they have some really great meat. I'll probably not blog anything until after I return to Switzerland, because WLAN at the hotel is very expensive. By the way, it's offered by our very own Swisscom! Yeah, Swisscom does hotel WLAN in other countries, surprising!

Posted by Luca Longinotti on 30 Dec 2010 at 16:50
Categories: Longi, CCC Comments

27C3: Day 3

Today we slept in even longer and arrived at the Congress past 12:30...
Found a nice place upstairs, facing Alexa. Ate lots of awesome Belgian butter waffles!

  • 14:00 "Cognitive Psychology for Hackers", awesome talk on psychological "hacks" on humans, biases and so on that influence our decision making, very well done, great examples, I'll probably buy the book he cited at the end, as I'm very interested in this too, and he even mentioned "Harry Potter and the Methods of Rationality", a fan-fiction I've been following, as being very much spot-on in its explanation of rational thinking.
  • 16:00 "Console Hacking 2010" was gearing up to be great, presenting results on hacking the PS3 now that you can't run Linux on it anymore by default, but I had massive problems with the stream, it continued to die on me (I'll have to download it later!), so I started playing with the LigHTTPD installation that powers this blog, setting up SSL (so now you can also use https:// to access it) correctly, with a real certificate (at least on Firefox), thanks to StartSSL, great service there. I also fixed redirection from other subdomains/domains, so now or automatically redirect you to the blog.
    I also now serve my Trac installation over HTTPS on, thanks to mod_proxy.

Between exploring Lighty's configuration syntax, eating a very good curry&rice from the BCC's catering and getting more waffles from Alexa, I missed a few talks in the evening.

  • 21:45 "Zero-sized heap allocations vulnerability analysis" gave an interesting introduction to a problem not every programmer is aware of, and then went off into verification land, so I switched to "Fnord-Jahresrückblick 2010", which was hilarious, as usual.
  • Around 23:15 "Hacker Jeopardy" started, which is disputing its final round as I'm writing this, it's a cool game to play with your colleagues, some incredibly tricky and funny questions in there.

Posted by Luca Longinotti on 30 Dec 2010 at 01:25
Categories: Website, Longi, CCC Comments

27C3: Day 2

Day 2 of Congress started late, sleeping is important!
At around 11:00 we were there again, and again upstairs, which I personally prefer: it's much more open, there's a better view of outside (I know it's strange, but I kinda like those things called windows :D ) and better lightning. Network seems to work better than yesterday, LAN works fine, WLAN on the phone too, and the streams are mostly stable.

  • 12:30, I started by following the "Lying To The Neighbors" talk about tracker-less BitTorrent, but, while it was interesting and well done, I don't use tracker-less BitTorrent, and it couldn't hold my attention, so I switched over to the "Reverse Engineering the MOS 6502 CPU" talk, which I found more enjoyable.
  • 14:00, "I Control Your Code" was a very well done overview of the main flaws in programs that allow for compromise of your system, how they work, and how user-space virtualization (basically another layer of indirection that translates code and adds lots of checks, both static and dynamic, to prevent problems) could mitigate/block them.
    It was a very informative talk, providing examples, and both explaining basic as well as more advanced attacks and techniques.
  • 16:00, "Is the SSLiverse a safe place?" provided an overview on how SSL is deployed worldwide (courtesy of the EFF's SSL Observatory project) and what problems there are in the current SSL infrastructure (mostly related to trusting too many CAs, that can't really be verified as being trustworthy).
  • 17:15, the talk I wanted to watch about "Data Analysis in Terabit Ethernet Traffic" by Lars Weiler got moved to Day 4, so I watched part of FX's talk on "Building Custom Disassemblers", very interesting, but also very specialized, I don't think I'll ever have to analyze the binary code from some PLC or other obscure embedded device in the near future myself.
  • 18:30 brought "Defense is not dead", a talk on how todays computers still rely on security models from the 70/80s, and how there actually are programming languages, techniques and so on that were developed in the last 20 years that can prevent many of the security problems we encounter constantly, along with formal verification of code (or parts of it at least), and how using those can lead to more secure computers.

We then went to get some food at Alexa (hmm Nordsee, fish, yeah!), to be ready for the expected highlight of the day:

  • 20:00, "High-speed high-security cryptography: encrypting and authentication the whole Internet", by Daniel J. Bernstein, a very interesting talk on why DNSSEC and HTTPS are incomplete (and sometimes faulty) solutions to fully securing the Internet, and how to deploy new protocols he developed (CurveCP and DNSCurve) to fix that. While it sounds great and seems to be deployable easily and without breaking compatibility too much, I don't really see this taking over HTTPS/DNSSEC's market share easily, but we'll see.

After that, we went back to the Hotel, where we watched four episodes of "Two and a Half Men" on the television (awesome, I hadn't seen those yet!), and coded a little; I managed to finish the Rig stack and queue and write much better documentation for them.

Posted by Luca Longinotti on 29 Dec 2010 at 15:00
Categories: Longi, CCC Comments

27C3: Day 1

Hello from Berlin, where we arrived after a good 8:40 travel time on Sunday evening, 1:30 behind schedule... At least ICE trains are very comfortable and have power outlets. ;)
The first day of congress was a mixed experience... On one side the new ticket-presale system had the pleasant effect of eliminating the usual Monday morning queue to get tickets, on the other hand I'm not so sure it managed to reach the goal of keeping the participants to a manageable level, every conference room is routinely full, every table in the hackcenter and upstairs too, and lots of people have to sit on the floors just to get some kind of place (especially in the evening)... I really hoped that if they actually limited the number of tickets with the presale system, they also would have based the number of them on the sum of real, available chairs in the building (or just a little more), seems that was wishful thinking.
I also can't really support the table reservation system for groups in the HackCenter, you get entire tables reserved by projects that no one ever heard of, and which are not there most of the time, but leave an incredible mess of hardware and junk to occupy the table. Which brings me to another point: looking at HackCenter tables, one can come to only one conclusion: hackers are freaking messy! There's bottles, caps, paper, junk, half-eaten food and everything in between lying around, people just leave it there when they go away, and it's not like there isn't a trashcan every 10 meters or even less... Use them? If you don't find one, organize one? Just keep the place tidy, please.
Also the first day was plagued by infrastructure problems, LAN works well, WLAN was mostly unusable (either you got no IP or it was so slow to be unusable, things seem to be better now), the streams initially didn't really work (sound just disappeared at random, even over DVB-T at times), in the evening they actually worked very well over DVB-T, over LAN I couldn't (and still can't) watch 10 minutes without it dieing and me having to restart it.
So let's come to the talks, which are the main reason I'm here:

  • 12:30, "Code deobfuscation by optimization": didn't see it as the room was overloaded and the streams broken, will have to download a recording when they're available...
  • I managed to follow some of the "Copyright Enforcement Vs. Freedoms" and "Von Zensursula über Censilia ..." talks on a big screen upstairs outside of the conference room, they both made some great points on why censorship and too tight copyright enforcement are bad and not helpful at all.
  • 16:00, "Automatic Identification of Cryptographic Primitives in Software": this time I managed to find place in the conference room, but I might not have bothered, while the talk wasn't bad, I couldn't see anything exciting or groundbreaking in it, it all boiled down to using some heuristics and signatures to find if a program was using crypto code and what kind of crypto code, it's an interesting, kinda specialized way to analyze binaries, using more or less reliable techniques to do it.

After that we went to eat, got a really great pizza at an Italian place on the Fernsehturm square, right besides the Rathaus. Food really costs less here.
After we were back at the BCC the real fun began:

  • 20:30, "Desktop on the Linux": it was just a big ROFL, the speaker (while he made some very good points about avoiding complexity and putting lots of stuff together, which I agree with) had not really researched every issue in-depth, and sitting in the audience was Lennart Poettering, which pretty much trashed him on every point he was trying to make by explaining why those decisions were made, how the implementation really works in-depth, and so on. It was almost sad to watch, while the speaker had some good points, he didn't manage to really bring any of them across without trashing and laughter ensuing.

And then the good stuff came:

  • 21:30, "Recent advances in IPv6 insecurities": really great talk, the speaker was very good, you saw right away this guy is used to giving talks. Very interesting and understandable explanations of the security problems he found in the IPv6 protocol, lots of images, very good English accent. All in all a very enjoyable and informative talk!
  • 23:00, "Adventures in analyzing Stuxnet": like the speaker would say it: "Hey dude, this was fucking awesome!", really. The talk by Microsoft's Bruce Dang was incredibly interesting, he explained how they handled finding the various zero-day bugs Stuxnet used to infect a Windows system, how they used various debugging techniques, binary analysis, team work with other Windows subsystem teams and so on to understand how Stuxnet actually got onto a Windows system and how to fix those flaws. Very informative stuff, and presented in a very relaxed and funny, down-to-earth way. As one spectator said at the end: "I never expected to enjoy a Microsoft talk so much!".
  • Last but not least, 00:15 brought the "Pentanews Game Show", a new multi-player game show they introduced this year, based on "Who wants to be a millionaire?" but with IT-news related questions, quite enjoyable and funny. I personally like this game much more than "Hacker Jeopardy" (which will be on Day 3).

Posted by Luca Longinotti on 28 Dec 2010 at 12:12
Categories: Longi, CCC Comments

27C3, we're definitely coming!

Yeah, me and a friend will be present at this year's Chaos Communication Congress.
I'm keeping up my "every-two-years" schedule, went to the 23rd, 25th, and now 27th Congress.
I managed to get tickets at the last sales window, thankfully, since we already got the rooms and train reserved and paid for before we even knew that they changed the ticket selling system this year...
So I missed the first two pre-sales, but managed to get two tickets on the last one... It would not have been fun to go to Berlin and just watch the Congress from outside!
We'll be in Berlin from the evening of the 26th to the morning of the 2nd, which means we'll also be celebrating New Year's Eve in the big city of Berlin, that ought to be lots of fun! ;)
Let me know if you'll be there too, see you there!

Posted by Luca Longinotti on 11 Dec 2010 at 00:29
Categories: Longi, CCC Comments

27C3, we're coming!

Again this year I'll be present at the Chaos Communication Congress in Berlin, along with a bunch of friends. I've been to 23C3, 25C3 and now it's time for 27C3. I really hope that it's gonne be awesome like the last times, the venue is really great, and the talks are usually very interesting and diverse. This year they changed how tickets are handled, but that shouldn't be a problem.

Posted by Luca Longinotti on 24 Sep 2010 at 17:54
Categories: Longi, CCC Comments

Happy 2007!

Happy new year people!!! ;)

I wish you all a great 2007 full of fun and happiness and all the other good stuff (new hardware comes to mind).
23C3 finished two days ago, it was really great fun with great talks and great people (yeah, Polish guy living in the USA, from the university near Atlanta, you know who you are ;) ).
Now we've passed yesterday by visiting Berlin and at the moment we're connected through the Hostel's connection... It's depressing to know it's at least twice as fast as my home DSL.
By the way, all this convinced me to come to FOSDEM 07, so be prepared to know chtekk (or be scared, that depends).

Posted by Luca Longinotti on 01 Jan 2007 at 01:16
Categories: Longi, CCC Comments

Greetings from 23C3

Yo! Greetings from the 23C3, the Chaos Computer Congress in Berlin.

Great talks and great people here, at the moment I'm attending a talk about JSON RPC (who knows, maybe that can/will be used someday to improve SysCP), and before that I attended a really great talk about backbone hacking. As you can see from this blog post, the wireless network works well (as does the wired one). :)

With regards to Gentoo devs, I've already seen and got to know hansmi, KillerFox and Pylon. I've also been told that mabi is around and hanno should be too (at least based on the fact he gave a Lightning Talk about XGL yesterday, which I sadly missed), we should really define a place to meet and get to know eachother... That goes for Gentoo and SysCP users too.
I myself can usually be found attending some talk or down in the Hackcenter (central position, at a round table). Have fun!

Posted by Luca Longinotti on 28 Dec 2006 at 12:42
Categories: Longi, Gentoo, CCC Comments

(Page 1 of 1)