adds 36c3 talks post

2020-02-05 08:58:32 -05:00 · 2020-02-05 08:58:32 -05:00 · 0606f0003d
commit 0606f0003d
parent f3327b471e
1 changed files with 398 additions and 0 deletions
--- a/content/36c3_talks.md
+++ b/content/36c3_talks.md
@ -0,0 +1,398 @@
 Title: 36c3 talks
 Date: 2020-02-02T14:35-05:00
 Author: Wxcafé
 Category: 
 Slug: content/36c3_talks
 So a bit over a month ago, like every year, hackers gathered in Leipzig, Germany
 for the Chaos Communication Congress. This year, like the year before,
 I couldn't go to congress (last year because I was moving over an ocean, this
 year because I didn't plan early enough and the trip from NYC to Leipzig needs
 to be planned...), so I was stuck with watching the recordings of the talks (and
 just miss spending time with friends, unfortunately...). 
 The problem with watching congress recordings is that they're all uploaded at
 the same time, and you don't have the sort of curation effect of being
 physically constrained on what you can watch: when you're *at* congress, there's
 (at least) 4 talks at the same, plus assemblies, and friends to see, and more
 things that mean you have to curate on-the-fly what you're gonna see and what
 you aren't. On the other hand, when you get all the talks dumped on you at the
 same time, you don't have that effect, and you have to choose between like 60
 talks and don't know which are going to be interesting, and which aren't.
 Last year, I simply watched the infrastructure talk, and gave up because
 I didn't have time to spend on watching all of the talks. This year, for 36c3,
 I decided to spend that time and watch everything that sounded vaguely
 interesting. To spare you the work of going through everything, I'm collecting
 them all here and giving them a short summary and a 1-5 ⭐ rating reflecting how
 much it was interesting to me. So here goes:
 ---
 [36c3 Infrastructure Review](https://media.ccc.de/v/36c3-11235-36c3_infrastructure_review) ⭐⭐⭐⭐
 Like each year, the infrastructure review talks about how congress works and the
 people who make it work. I love watching these, I loved being an Angel when
 I was there, and I really like learning about the parts of organizing I didn't
 know about. This time it's a bit rushed unfortunately but it's still a nice talk
 ---
 [A dozen more things you didn't know Nextcloud could do](https://media.ccc.de/v/36c3-oio-160-a-dozen-more-things-you-didn-t-know-nextcloud-could-do) ⭐⭐
 Good talk on nextcloud. Starts talking about the cloud in general and data
 privacy and stuff like that, then presents upcoming and existing features of
 nextcloud, many of which I didn't know were there
 ---
 [a home among the stars: Galina Balashova, architect of the soviet space programme](https://media.ccc.de/v/36c3-oio-201-a-home-among-the-stars-galina-balashova-architect-of-the-soviet-space-programme) ⭐⭐⭐⭐
 Great presentation of the Soviet space program interior design and of the
 history of the person who designed all of it, Galina Balashova. I was riveted
 ---
 [All wireless communication stacks are equally broken](https://media.ccc.de/v/36c3-10531-all_wireless_communication_stacks_are_equally_broken) ⭐⭐
 Review of vulnerabilities in various wireless communications stacks. A bit light
 imo, and a bit hard to follow, but a good reminder that you shouldn't trust
 these
 ---
 [A systematic evaluation of OpenBSD's mitigations](https://media.ccc.de/v/36c3-10519-a_systematic_evaluation_of_openbsd_s_mitigations) ⭐⭐⭐⭐
 Ah, the infamous OpenBSD talk! Very interesting, honestly, most of the points
 are very true and need to be fixed. I found he nitpicked a little bit though,
 and he was kinda aggressive and not very sociable ("I haven't interacted with
 the OpenBSD community once"), and then he seems kinda surprised not to have
 received a warm welcome. That being said, the talk is very informative and does
 contain a lot of very worrying information and valid criticism
 ---
 [Boot2root](https://media.ccc.de/v/36c3-10706-boot2root) ⭐⭐⭐⭐
 Your bootloader, it's been a while since you thought about it too much, huh?
 Well, it's a critical component of the security chain of trust, and they're...
 really bad. This talk explores exactly how bad they are.
 ---
 [DC/DC Converters: Everything You Wanted To Know About Them](https://media.ccc.de/v/36c3-134-dc-dc-converters-everything-you-wanted-to-know-about-them) ⭐⭐⭐⭐
 I approached this thinking "Everything I want to know about DC/DC converters?
 uh... I can't think of a thing..." and left with a better understanding of power
 supplies and a now-satisfied curiosity for electronics. Good talk!
 ---
 [Don't Ruck Us Too Hard - Owning Ruckus AP Devices](https://media.ccc.de/v/36c3-10816-don_t_ruck_us_too_hard_-_owning_ruckus_ap_devices) ⭐⭐⭐
 Classic junk hacking, still pretty fun to watch and examine
 ---
 [Hacking (with) a TPM](https://media.ccc.de/v/36c3-10564-hacking_with_a_tpm) ⭐⭐⭐⭐⭐
 Great talk about how TPMs work, how we can actually use them from linux, what we
 can do with them... Wanted to learn about TPMs for years, this gave me exactly
 what I wanted.
 ---
 [Hacking Sony PlayStation Blu-ray Drives](https://media.ccc.de/v/36c3-10567-hacking_sony_playstation_blu-ray_drives) ⭐⭐⭐
 Interesting subject and great research, pretty old stuff by now though and the
 talk itself isn't that good (mostly reading his slides, stuff like that).
 ---
 [How to Break PDFs](https://media.ccc.de/v/36c3-10832-how_to_break_pdfs) ⭐⭐⭐⭐
 Fun talk about design problems in the PDF standard that allow for forged
 signatures and stuff like that.
 ---
 [Infrastructure of Wikipedia](https://media.ccc.de/v/36c3-73-infrastructure-of-wikipedia) ⭐⭐⭐⭐
 Had no idea how wikipedia was run infrastructure-wise, this is a comprehensive
 explanation of just that. Very surprised by how small their operation is given
 the scale of wikipedia.
 ---
 [Intel Management Engine deep dive](https://media.ccc.de/v/36c3-10694-intel_management_engine_deep_dive) ⭐⭐⭐⭐
 Missed all the previous Intel ME talks at congress, so this was a good
 refresher. It's an impressive talk from a technical point of view, and very
 informative too
 ---
 [It's not safe on the streets... especially for your 3DS!](https://media.ccc.de/v/36c3-10796-it_s_not_safe_on_the_streets_especially_for_your_3ds) ⭐⭐⭐⭐
 Very cool talk on the Streetpass protocol, how it works, and how it's
 exploitable. Definitely makes me wanna experiment with my 3ds again! (oops,
 I forgot to play the games 😩)
 ---
 [KTRW: The journey to build a debuggable iPhone](https://media.ccc.de/v/36c3-10806-ktrw_the_journey_to_build_a_debuggable_iphone) ⭐⭐⭐⭐⭐
 iOS exploitation is always really cool. iOS kernel exploitation is even cooler.
 Using that to make a step-by-step debuggable iPhone, with a demo on-stage?
 Amazing. Admitting your exploit has been redundant/outdated since right before
 you released it and all that work could have been avoided, with a smile?
 Priceless
 ---
 [Look at ME! - Intel ME Investigation](https://media.ccc.de/v/36c3-149-look-at-me-intel-me-investigation) ⭐⭐⭐⭐
 Good overview of what you missed in the previous ME talk (and also really helps
 understanding that other talk, you should watch this one first!). No reverse
 engineering has been performed in the making of this presentation, of course
 ---
 [Messenger Hacking: Remotely Compromising an iPhone through iMessage](https://media.ccc.de/v/36c3-10497-messenger_hacking_remotely_compromising_an_iphone_through_imessage) ⭐⭐⭐⭐
 Another iOS exploitation talk, this time 0 interaction, with memory corruption
 through what's essentially text messages? Really cool
 ---
 [No Body's Business But Mine, a dive into Menstruation Apps](https://media.ccc.de/v/36c3-10693-no_body_s_business_but_mine_a_dive_into_menstruation_apps) ⭐⭐⭐⭐
 Important research on menstruation apps data sharing (mal)practices. Pretty good
 talk too, a bit light on the research but it's cool that they contacted and got
 an answer from the companies in question.
 ---
 [Plundervolt: Flipping Bits from Software without Rowhammer](https://media.ccc.de/v/36c3-10883-plundervolt_flipping_bits_from_software_without_rowhammer) ⭐⭐⭐⭐⭐
 I love hardware attacks and fault injection attacks, this is a hardware attack
 using fault injection all from software. It's great. It's not very practical,
 and the target is pretty small, but it's really amazing to learn about, and the
 presentation is great too
 ---
 [Practical Cache Attacks from the Network and Bad Cat Puns](https://media.ccc.de/v/36c3-10884-practical_cache_attacks_from_the_network_and_bad_cat_puns) ⭐⭐⭐⭐
 Yay, yet another CPU cache attack! And this one is over the network too, which
 is way broader in application than the previous examples! Very good technical
 talk.
 ---
 [Refactoring qaul.net in Rust (Internet independent mesh communication App)](https://media.ccc.de/v/36c3-oio-143-refactoring-qaul-net-in-rust-internet-independent-mesh-communication-app-) ⭐⭐⭐⭐⭐
 I love hearing about alternative communication platforms, and I love the ones
 that don't depend on a centralized or even federated infrastructure (we're gonna
 need them after the end of capitalism when we're reducing our collective energy
 consumption). This is about just that, and it's fun, and my friend is speaking
 too so.
 ---
 [SELECT code_execution FROM * USING SQLite;](https://media.ccc.de/v/36c3-10701-select_code_execution_from_using_sqlite) ⭐⭐⭐⭐
 Is SQLite secure? It's software so obviously not, but how insecure is it? This
 talk goes into how to corrupt memory in SQLite, and that's pretty good given the
 number of things that use it.
 ---
 [SIM card technology from A-Z](https://media.ccc.de/v/36c3-10737-sim_card_technology_from_a-z) ⭐⭐⭐⭐
 Smartcards are cool. SIM Cards are cool! I love learning about stuff like that
 where there's not a lot of (publicly-available) documentation and it's hard to
 experiment by yourself, and this goes into great detail
 ---
 [Server Infrastructure for Global Rebellion](https://media.ccc.de/v/36c3-11008-server_infrastructure_for_global_rebellion) ⭐⭐⭐⭐⭐⭐⭐⭐⭐⭐
 Probably the most important talk of 36c3 in my opinion. Too many
 activist/political groups don't think nearly enough about infrastructure and
 security, and act as if talking openly was fine and noone was spying on them.
 Guess what.
 There's also a shortage of politically-invested systems and network admins, and
 we need more, we need way more. The distributed architecture of the system
 that's presented here, with the implicit transfer of knowledge that goes with
 it, is incredibly good and very effective against getting compromised.
 I'll leave the rest for when you to discover in the talk, but definitely watch
 it.
 Be warned though, the first... maybe 20 minutes? are not about infrastructure,
 they're about global warming. And while this is a very important topic it can
 also be very overwhelming (and it definitely is here), so you might want to skip
 that if it makes you anxious. Otherwise, be prepared.
 ---
 [Storing energy in the 21st century](https://media.ccc.de/v/36c3-157-storing-energy-in-the-21st-centruy) ⭐⭐⭐
 Everything you've ever wanted to know about batteries. Unfortunately cut a bit
 short at the end because of poor time management, but still.
 ---
 [System Transparency](https://media.ccc.de/v/36c3-139-system-transparency) ⭐⭐⭐
 More TPM stuff, but also an interesting view of what secure systems could be on
 the cloud (probably *won't* be, but *could* be).
 ---
 [Tales of old: untethering iOS 11](https://media.ccc.de/v/36c3-11034-tales_of_old_untethering_ios_11) ⭐⭐⭐⭐
 iOS talk again, the coolest humble brag talk I've ever seen ("yeah so we chained
 this exploit with this exploit, then chained this exploit to it, then exploited
 this and then this... and now we have code execution! So that was easy, next
 up..."), and some comically bad patching by Apple.
 ---
 [TamaGo - bare metal Go framework for ARM SoCs.](https://media.ccc.de/v/36c3-10597-tamago_-_bare_metal_go_framework_for_arm_socs) ⭐⭐⭐⭐
 That's a very cool project, honestly. I'm all for better firmwares, and this
 seems like order of magnitudes better than what's out there to build these.
 Hilarious watching the speaker clarify at every step he doesn't think Go is
 better than rust etc too.
 Go /might not/ be the best language for the job, though. A rust equivalent would
 be better (do not email me about this thanks)
 ---
 [The KGB Hack: 30 Years Later](https://media.ccc.de/v/36c3-11031-the_kgb_hack_30_years_later) ⭐⭐
 Interesting topic, relating to the origins of the CCC and the cold war, but the
 talk itself isn't that well told unfortunately
 ---
 [The Large Hadron Collider Infrastructure Talk](https://media.ccc.de/v/36c3-10760-the_large_hadron_collider_infrastructure_talk) ⭐⭐⭐⭐
 Lots of infrastructure talks this year, huh? Very cool, I love hearing about
 physics stuff when I don't have to learn anything, and this is exactly that.
 They have very, very tight and specific constraints, and it's amazing how they
 managed to build the hardware they needed to meet these constraints
 ---
 [The One Weird Trick SecureROM Hates](https://media.ccc.de/v/36c3-11238-the_one_weird_trick_securerom_hates) ⭐⭐⭐⭐⭐
 ANOTHER iOS talk? Lots of iOS talks this year, huh? This one talks about an
 unpatcheable exploit in the boot ROM of iPhones up to the last model. Boom.
 Obviously a great talk
 ---
 [The Ultimate Acorn Archimedes talk](https://media.ccc.de/v/36c3-10703-the_ultimate_acorn_archimedes_talk) ⭐⭐⭐⭐
 A very british talk about an old RISC computer? I'm here for it.
 ---
 [The challenges of Protected Virtualization](https://media.ccc.de/v/36c3-107-the-challenges-of-protected-virtualization) ⭐⭐
 This one presents the concept of an Ultravisor, some sort of more privileged
 hypervisor that would enable VMs that are protected from the host. I'm not
 really convinced honestly but go give it a listen to make up your own mind
 ---
 [The sustainability of safety, security and privacy](https://media.ccc.de/v/36c3-10924-the_sustainability_of_safety_security_and_privacy) ⭐⭐⭐
 It's hard to patch things for a long time, and yet we're going to have to start
 because we need to start being <strike>more</strike> sustainable. 
 ---
 [ The technical is political – tech’s role in oppression and what technicians can do against it](https://media.ccc.de/v/36c3-150-the-technical-is-political-tech-s-role-in-oppression-and-what-technicians-can-do-against-it) ⭐⭐⭐⭐
 This one may be a bit obvious, honestly, but it's still good and important to
 see these things said at a hacker forum like congress is, and they aren't told
 too badly, so... yeah?
 ---
 [TrustZone-M(eh): Breaking ARMv8-M's security](https://media.ccc.de/v/36c3-10859-trustzone-m_eh_breaking_armv8-m_s_security) ⭐⭐⭐⭐
 Fault injection is fun! Fault injection is cool, and that's what he's doing
 here with very precisely timed undervoltage (he's got a cute little device to
 help too). Also gives all the context you need, good talk
 ---
 [Uncover, Understand, Own - Regaining Control Over Your AMD CPU](https://media.ccc.de/v/36c3-10942-uncover_understand_own_-_regaining_control_over_your_amd_cpu) ⭐⭐⭐⭐
 The Intel ME talk, but about the AMD PSP. They reverse-engineered it pretty
 well, and explain not only how it works but also how they reimplemented part of
 the firmware and a userland proxy too.
 ---
 [Understanding millions of gates](https://media.ccc.de/v/36c3-10976-understanding_millions_of_gates) ⭐⭐⭐⭐⭐
 Very interesting talk, about reverse engineering integrated circuits from
 pictures of the chip surface. Hardware reverse-engineering and amazing-looking
 graphs get a thumbs-up from me
 ---
 [What the World can learn from Hongkong](https://media.ccc.de/v/36c3-10933-what_the_world_can_learn_from_hongkong) ⭐⭐⭐⭐⭐
 I was a bit weary of this one because western liberals love to use revolts in
 foreign countries as examples that liberalism is so good. But this talk is
 politically well thought-out, and it has a lot of very good protest tactics
 suggestions. Good stuff here too
 ---
 [What's left for private messaging?](https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging) ⭐
 Secure messaging rehash of old debates, the threat modelling is always the same
 (the state or a state-like actor is spying on you), not much usability concern,
 and no accessible suggestions. Meh
 ---
 [Wifibroadcast](https://media.ccc.de/v/36c3-10630-wifibroadcast) ⭐⭐⭐⭐⭐
 This guy is maybe the most nonchalant I've seen so far, and he gives a talk
 that's so mind-blowing that the tone difference made me feel weird. How the fuck
 can wifi do that? What's the catch? There has to be a catch, right?
 ---
 [X11 and Wayland: A tale of two implementations](https://media.ccc.de/v/36c3-87-x11-and-wayland-a-tale-of-two-implementations) ⭐⭐⭐
 A guy implements his window manager on two different backends and lives to tell
 the tale
 ---
 [ZombieLoad Attack](https://media.ccc.de/v/36c3-10754-zombieload_attack) ⭐⭐⭐⭐⭐
 Yet Another Cache Leak in Intel CPUs, but this one is very well told! One of
 these guys also worked on Plundervolt which is really impressive, stop breaking
 Intel CPUs that much!
 ---
 So... Yeah that's it. Not all talks are covered here, because I didn't watch all
 of them, because they didn't all look interesting and I don't have unlimited
 time to do that! But you should have enough to keep busy for a few days.
 That's obviously far from the same experience as being at CCC, but I hope it
 helps reconnect a little, and I definitely hope I can be there next year!