27C3: Day 4

Last day of 27C3 (but not last day in Berlin!), the weather is the usual: foggy and damn cold.
I thought to visit the Fernsehturm tomorrow, but that doesn't make much sense if the fog covers the city and you don't even see a mile in the distance...
I managed to get a 27C3 T-shirt, but no jacket, as those were all sold out right away, at least in my size, like no one could predict that people would buy jackets when it's -10 °C outside, and that IT guys mostly aren't an S or an M size. :(
Arrived at about 12:20 at the BCC, managed to get the same places as yesterday, and it seems to me that today there are less people around.

  • 12:45 "Cybernetics for the Masses", I didn't really know what to expect here, and it totally blew me away: that woman is a mix of awesomeness and total craziness (though she calls it curiosity, and I can kinda understand that :D). She presented a few projects she did on herself, concerning body modification through sub-dermal implants, though she kinda seems to disregard her own health doing them. Not something for me.
  • 13:45 "Hackers and Computer Science", I kinda started watching this as a filler, waiting for "Data Analysis in Terabit Ethernet Traffic" to start, but then this turned out to be an amazing talk about how Hacking is (or should be) considered its own discipline, and how it deeply connects to academic research and topics, and how the interaction between the two should be increased. In the end "Data Analysis in Terabit Ethernet Traffic" wasn't even transmitted over stream, so I didn't see it at all.
  • 16:00 "How the Internet sees you" promised to be a good talk, but I was disappointed, I mean, I already know that my ISP can look at my packets and can thus tell basic stuff like source IP, destination IP, size, etc. and that he can see the DNS queries I make (as he owns the DNS server usually), and so on...
    I hoped to see some special tools in action that actually give you precise user tracking, and maybe some real world cases from ISPs having to tap someone for law-enforcement, but this wasn't the case, there were just a few graphs about how the traffic was distributed at the Congress, and that was it. So I switched to "International Cyber Jurisdiction", which raised very interesting points about how jurisdiction matters in the Internet-Age and how it gets a lot more complicated.
  • 17:15 will bring "Security Nightmares", which usually is a very good talk about security problems, both in retrospective and in the future.

We'll go grab a bite at Las Malvinas, it's a steak-house near the hotel, and it looks like they have some really great meat. I'll probably not blog anything until after I return to Switzerland, because WLAN at the hotel is very expensive. By the way, it's offered by our very own Swisscom! Yeah, Swisscom does hotel WLAN in other countries, surprising!

Posted by Luca Longinotti on 30 Dec 2010 at 16:50
Categories: Longi, CCC Comments



27C3: Day 3

Today we slept in even longer and arrived at the Congress past 12:30...
Found a nice place upstairs, facing Alexa. Ate lots of awesome Belgian butter waffles!

  • 14:00 "Cognitive Psychology for Hackers", awesome talk on psychological "hacks" on humans, biases and so on that influence our decision making, very well done, great examples, I'll probably buy the book he cited at the end, as I'm very interested in this too, and he even mentioned "Harry Potter and the Methods of Rationality", a fan-fiction I've been following, as being very much spot-on in its explanation of rational thinking.
  • 16:00 "Console Hacking 2010" was gearing up to be great, presenting results on hacking the PS3 now that you can't run Linux on it anymore by default, but I had massive problems with the stream, it continued to die on me (I'll have to download it later!), so I started playing with the LigHTTPD installation that powers this blog, setting up SSL (so now you can also use https:// to access it) correctly, with a real certificate (at least on Firefox), thanks to StartSSL, great service there. I also fixed redirection from other subdomains/domains, so now www.longitekk.com or test.longitekk.com automatically redirect you to the blog.
    I also now serve my Trac installation over HTTPS on dev.longitekk.com, thanks to mod_proxy.

Between exploring Lighty's configuration syntax, eating a very good curry&rice from the BCC's catering and getting more waffles from Alexa, I missed a few talks in the evening.

  • 21:45 "Zero-sized heap allocations vulnerability analysis" gave an interesting introduction to a problem not every programmer is aware of, and then went off into verification land, so I switched to "Fnord-Jahresrückblick 2010", which was hilarious, as usual.
  • Around 23:15 "Hacker Jeopardy" started, which is disputing its final round as I'm writing this, it's a cool game to play with your colleagues, some incredibly tricky and funny questions in there.

Posted by Luca Longinotti on 30 Dec 2010 at 01:25
Categories: Website, Longi, CCC Comments



27C3: Day 2

Day 2 of Congress started late, sleeping is important!
At around 11:00 we were there again, and again upstairs, which I personally prefer: it's much more open, there's a better view of outside (I know it's strange, but I kinda like those things called windows :D ) and better lightning. Network seems to work better than yesterday, LAN works fine, WLAN on the phone too, and the streams are mostly stable.

  • 12:30, I started by following the "Lying To The Neighbors" talk about tracker-less BitTorrent, but, while it was interesting and well done, I don't use tracker-less BitTorrent, and it couldn't hold my attention, so I switched over to the "Reverse Engineering the MOS 6502 CPU" talk, which I found more enjoyable.
  • 14:00, "I Control Your Code" was a very well done overview of the main flaws in programs that allow for compromise of your system, how they work, and how user-space virtualization (basically another layer of indirection that translates code and adds lots of checks, both static and dynamic, to prevent problems) could mitigate/block them.
    It was a very informative talk, providing examples, and both explaining basic as well as more advanced attacks and techniques.
  • 16:00, "Is the SSLiverse a safe place?" provided an overview on how SSL is deployed worldwide (courtesy of the EFF's SSL Observatory project) and what problems there are in the current SSL infrastructure (mostly related to trusting too many CAs, that can't really be verified as being trustworthy).
  • 17:15, the talk I wanted to watch about "Data Analysis in Terabit Ethernet Traffic" by Lars Weiler got moved to Day 4, so I watched part of FX's talk on "Building Custom Disassemblers", very interesting, but also very specialized, I don't think I'll ever have to analyze the binary code from some PLC or other obscure embedded device in the near future myself.
  • 18:30 brought "Defense is not dead", a talk on how todays computers still rely on security models from the 70/80s, and how there actually are programming languages, techniques and so on that were developed in the last 20 years that can prevent many of the security problems we encounter constantly, along with formal verification of code (or parts of it at least), and how using those can lead to more secure computers.

We then went to get some food at Alexa (hmm Nordsee, fish, yeah!), to be ready for the expected highlight of the day:

  • 20:00, "High-speed high-security cryptography: encrypting and authentication the whole Internet", by Daniel J. Bernstein, a very interesting talk on why DNSSEC and HTTPS are incomplete (and sometimes faulty) solutions to fully securing the Internet, and how to deploy new protocols he developed (CurveCP and DNSCurve) to fix that. While it sounds great and seems to be deployable easily and without breaking compatibility too much, I don't really see this taking over HTTPS/DNSSEC's market share easily, but we'll see.

After that, we went back to the Hotel, where we watched four episodes of "Two and a Half Men" on the television (awesome, I hadn't seen those yet!), and coded a little; I managed to finish the Rig stack and queue and write much better documentation for them.

Posted by Luca Longinotti on 29 Dec 2010 at 15:00
Categories: Longi, CCC Comments



27C3: Day 1

Hello from Berlin, where we arrived after a good 8:40 travel time on Sunday evening, 1:30 behind schedule... At least ICE trains are very comfortable and have power outlets. ;)
The first day of congress was a mixed experience... On one side the new ticket-presale system had the pleasant effect of eliminating the usual Monday morning queue to get tickets, on the other hand I'm not so sure it managed to reach the goal of keeping the participants to a manageable level, every conference room is routinely full, every table in the hackcenter and upstairs too, and lots of people have to sit on the floors just to get some kind of place (especially in the evening)... I really hoped that if they actually limited the number of tickets with the presale system, they also would have based the number of them on the sum of real, available chairs in the building (or just a little more), seems that was wishful thinking.
I also can't really support the table reservation system for groups in the HackCenter, you get entire tables reserved by projects that no one ever heard of, and which are not there most of the time, but leave an incredible mess of hardware and junk to occupy the table. Which brings me to another point: looking at HackCenter tables, one can come to only one conclusion: hackers are freaking messy! There's bottles, caps, paper, junk, half-eaten food and everything in between lying around, people just leave it there when they go away, and it's not like there isn't a trashcan every 10 meters or even less... Use them? If you don't find one, organize one? Just keep the place tidy, please.
Also the first day was plagued by infrastructure problems, LAN works well, WLAN was mostly unusable (either you got no IP or it was so slow to be unusable, things seem to be better now), the streams initially didn't really work (sound just disappeared at random, even over DVB-T at times), in the evening they actually worked very well over DVB-T, over LAN I couldn't (and still can't) watch 10 minutes without it dieing and me having to restart it.
So let's come to the talks, which are the main reason I'm here:

  • 12:30, "Code deobfuscation by optimization": didn't see it as the room was overloaded and the streams broken, will have to download a recording when they're available...
  • I managed to follow some of the "Copyright Enforcement Vs. Freedoms" and "Von Zensursula über Censilia ..." talks on a big screen upstairs outside of the conference room, they both made some great points on why censorship and too tight copyright enforcement are bad and not helpful at all.
  • 16:00, "Automatic Identification of Cryptographic Primitives in Software": this time I managed to find place in the conference room, but I might not have bothered, while the talk wasn't bad, I couldn't see anything exciting or groundbreaking in it, it all boiled down to using some heuristics and signatures to find if a program was using crypto code and what kind of crypto code, it's an interesting, kinda specialized way to analyze binaries, using more or less reliable techniques to do it.

After that we went to eat, got a really great pizza at an Italian place on the Fernsehturm square, right besides the Rathaus. Food really costs less here.
After we were back at the BCC the real fun began:

  • 20:30, "Desktop on the Linux": it was just a big ROFL, the speaker (while he made some very good points about avoiding complexity and putting lots of stuff together, which I agree with) had not really researched every issue in-depth, and sitting in the audience was Lennart Poettering, which pretty much trashed him on every point he was trying to make by explaining why those decisions were made, how the implementation really works in-depth, and so on. It was almost sad to watch, while the speaker had some good points, he didn't manage to really bring any of them across without trashing and laughter ensuing.

And then the good stuff came:

  • 21:30, "Recent advances in IPv6 insecurities": really great talk, the speaker was very good, you saw right away this guy is used to giving talks. Very interesting and understandable explanations of the security problems he found in the IPv6 protocol, lots of images, very good English accent. All in all a very enjoyable and informative talk!
  • 23:00, "Adventures in analyzing Stuxnet": like the speaker would say it: "Hey dude, this was fucking awesome!", really. The talk by Microsoft's Bruce Dang was incredibly interesting, he explained how they handled finding the various zero-day bugs Stuxnet used to infect a Windows system, how they used various debugging techniques, binary analysis, team work with other Windows subsystem teams and so on to understand how Stuxnet actually got onto a Windows system and how to fix those flaws. Very informative stuff, and presented in a very relaxed and funny, down-to-earth way. As one spectator said at the end: "I never expected to enjoy a Microsoft talk so much!".
  • Last but not least, 00:15 brought the "Pentanews Game Show", a new multi-player game show they introduced this year, based on "Who wants to be a millionaire?" but with IT-news related questions, quite enjoyable and funny. I personally like this game much more than "Hacker Jeopardy" (which will be on Day 3).

Posted by Luca Longinotti on 28 Dec 2010 at 12:12
Categories: Longi, CCC Comments



Merry Christmas!

I wish everyone an awesome and merry Christmas, have lots of fun (and presents)!

On another note, exams finally ended, I'm pretty confident about most of them, so, yay!

Posted by Luca Longinotti on 24 Dec 2010 at 17:45
Categories: Longi Comments



27C3, we're definitely coming!

Yeah, me and a friend will be present at this year's Chaos Communication Congress.
I'm keeping up my "every-two-years" schedule, went to the 23rd, 25th, and now 27th Congress.
I managed to get tickets at the last sales window, thankfully, since we already got the rooms and train reserved and paid for before we even knew that they changed the ticket selling system this year...
So I missed the first two pre-sales, but managed to get two tickets on the last one... It would not have been fun to go to Berlin and just watch the Congress from outside!
We'll be in Berlin from the evening of the 26th to the morning of the 2nd, which means we'll also be celebrating New Year's Eve in the big city of Berlin, that ought to be lots of fun! ;)
Let me know if you'll be there too, see you there!

Posted by Luca Longinotti on 11 Dec 2010 at 00:29
Categories: Longi, CCC Comments



ExpoVina 2010, HP 7.1

Went to ExpoVina again this year, awesome as always, great wines, great people and great company! ;)
The port wines at Amarela were incredible, and as usual it isn't only wine you get to taste there. Had to order the chocolate-pepper, yum!!! And the bread with the right olive oil... delightful!
Bindella also got all the good Italian dessert wines, and "Vigna Senza Nome" was even at a reduced price!

On another note, I went to watch "Harry Potter and The Deathly Hallows - Part 1" yesterday evening at the Abaton, which thankfully has extremely comfortable seats, as I alternated between moments of sleepiness (thankfully much fewer than in the 5th and 6th movies!), and moments of "Gaahh wtf eh?"... I admit to never having finished reading book 7, as it just sucked so much, and the film reflects that, completely random items quest, coupled with teenage angst, and let's add a few mythical artifacts just for fun, and don't get me started on the magic, that's probably my biggest gripe with the HP films: the magic effects just SUCK, it's always just random lights and explosions that do comparatively little damage (only cool explosion I saw was Hermione using Bombarda once, why don't you always use it, if you know it, wtf? And Voldemort's lightning spell towards the end). Basically I find the magic much too tame, I mean, if you can control energy and the elements, make it go Boom! more often... And the flying black clouds of Death Eeaterness, the LOLZ, I can't remember anything in the books that justifies that... Will have to wait till July 2011 for the second part, which I'll probably still watch in a masochistic attempt at completing the set. :)
In the end there thankfully is fan-fiction, much of which I find better than the original books, and there are other, much better fantasy series to keep one's self entertained, The Dresden Files, The Mistborn Trilogy, and the king, The Lord of the Rings.

Posted by Luca Longinotti on 19 Nov 2010 at 14:46
Categories: Longi Comments



A few useful pieces of software

Continuing my series about useful software I use daily, I decided to finish it up quickly by just posting a few names, links and descriptions.

  • XMonad - tiling window manager, totally changed how I interact with my desktop, the keyboard is a much more efficient way to do things ;)
  • LLVM + Clang - new virtual machine / compiler infrastructure and C/C++ compiler based on it, much faster than GCC and with much more helpful error messages, but not with all of its extensions and features
  • Eclipse - the open-source IDE, makes programming faster and more fun!
  • CDT for Eclipse - C/C++ plug-in for Eclipse, makes developing C projects that much easier
  • PyDev for Eclipse - Python plug-in, to support your favorite scripting language better ;)
  • SSHFS - mounts remote file-systems over SSH, providing strong encryption and authentication (uses the FUSE framework on Linux)

I'll soon start posting about my latest software project, Rig, which I have been working on for quite a while, so stay tuned!

Quick events guide:

  • 4 November, big ASTAZ party (aka. Free-Alcohol) @ Dynamo Zürich
  • 4-18 November, ExpoVina 2010 @ Bürkliplatz Zürich

Posted by Luca Longinotti on 30 Oct 2010 at 00:32
Categories: Longi, Software Comments



iPhone isch en Diebstahl and ASTAZ Party!

I promised I'd blog this one... :P
The other day I was in Zürich with a friend of mine and she's a big Apple fan.
As we were exiting a store, a family passed us and the store alarm system went off for them, no idea why.
Still, my friend goes "I heard that can also happen if you've got an iPhone, together with some store security systems!", to which I couldn't resist replying: "Well, sure, I mean, the iPhone is a robbery!" :D
AHAHAHA epic comeback win! :P
(Yeah, I don't like Apple products that much ;) )
To conclude some photos from the ASTAZ Glows in the Dark party yesterday evening at Dynamo, the fluorescent light theme was really cool!

Posted by Luca Longinotti on 15 Oct 2010 at 20:25
Categories: Longi Comments



ESF 2010!

A day is about the time needed to recuperate from ESF 2010 (ErstSemestrigenFest, translates to FreshmanParty) at ETH Hönggerberg, so it's time to blog about it. ;)
It was a great party! The party itself was awesome, lots and lots of people (it is the biggest student party in Switzerland, with about 5000 attendees), several floors, lots of bars, great music and light effects, big screens et all. There even was a corner with PlayStations since Sony was a sponsor, where you could relax by playing using the remote controls, I actually didn't try that, but it was an interesting idea. HP also had some kind of game set up with model car races. All in all the party was really cool, but the external organisation (tickets, wardrobe, shuttle buses) sucked big time, interminable waits (>1 hour) for tickets and later cloaks, they mixed up a lot of clothing too, and the buses were incredibly irregular, like having three buses at once going one route, and no bus doing the other route for over half an hour, despite there being the same amount of people waiting on both... Same problems as last year to be honest... Only time I saw it working was two years ago, when they actually set up parallel ticket stands with multiple queues, same for the wardrobe, no idea why they don't do that anymore. And no idea why they don't just have 2-3 more buses doing the rounds and space them out evenly, it's not like there isn't capacity for it (at night the buses aren't used by normal public transport and VSETH has more than enough money for a few more as far as I know).
Still, big congrats for the party itself, it really was great, I'll be there again next year for sure!
Here two videos (FLV format) I took with my phone of the two floors to give you an idea:

While I was transferring them from the cell, I actually noticed I had a few pics from Energy 2010 @ StreetParade still on there, so I uploaded them too. They are all from David Guetta's performance, those light-guys with the laser pointers looked really cool. :D

Posted by Luca Longinotti on 01 Oct 2010 at 22:24
Categories: Longi Comments




<< Previous Page -- Next Page >> (Page 2 of 4)