Sharing the highlights: What did you learn at #31C3?

Were you at #31C3? Was it informative or inspiring: any new knowledge, projects or ideas?

Let’s share highlights from the event with those who could not join us on location!

Please add one or more things from 31C3 that you think the rest of the community should know about to the list below. It could be a talk, a workshop, a project, an idea etc:

It’s easy, just login and then edit this wiki directly:

1. Biometric authentication systems are not secure- learn how fingerprints can be hacked using available software and digital camera:

In the past, it used to be necessary to gain access to physical objects that a person had touched in order to gain access to the individual’s fingerprints or to hack a biometric database. But this is no longer the case. During #31C3 1C3, biometrics researcher Jan Krissler showed how he had created usable fingerprints of Germany’s Federal Minister of Defense, Ursula von der Leyen – without coming into physical contact with her in any way. With the help of software available to everyone, like VeriFinger, Krissler used a digital camera to photograph the minister’s hands during a public speech. As she moved her hands about during the speech, Krisler captured high resolution images of von der Leyen’s fingertips. He manipulated those images with the commercially available software, “VeriFinger,” to create fingerprints that can fool biometric authentication. Watch presentation here: [URL]

2. Assembly of everything federated, decentralized and social. Diaspora, Friendica, Red, GNU Social, Twister, and all other wonderful decentralized, federated projects welcome!

Founding_Species_of_the_Federation.jpg726×844 227 KB

by @elf_Pavlik

We’ve met with The Federation Assembly, to discuss coordinating work with W3C Social Web Activity. I work with topic of decentralized social platforms heavily in last years and also participate in working group (WG) and interest group (IG) created at W3C few months ago. People leading GNU Media Goblin development already joined WG, also one of developers from Diaspora joined us very rectenly. During our meeting at 31C3 we had chance to catch up with each other, understand better current state of all the represented projects (also including Friendica!) and search for ways to better coordinate all this work with the work we do in groups hosted by W3C. I still need to write more in depth report from that meeting and will and soon will link to it from a comment here.

3. It is time to re-prioritize crypto and security for layfolks (but not necessarily for the reasons you think).

As is CCC tradition, many talks at 31C3 covered security, surveillance and protection from the same. We learned that the Internet is mass-surveilled, with no legal protection for your data (unless you are American), and that mobile phones (and by extension mobile banking, two-steps verification etc.) are actually fairly easy to crack. However, some encryption tools are still holding out.

@msanti and @Alberto propose the Edgeryders community – even, and especially, its less technical part – pays more attention to security. We should not do it for our own security, which is perceived as low priority by most of us as we have nothing to hide; we should do it for others, like the courageous journalists and whistleblowers keeping our society marginally truer and more free, who need more people to use crypto so they can “get lost in then crowd”: and for ourselves, as a shared learning journey to upskill all of Edgeryders. In other words, we should do it not as individuals, but as a community. Crypto never went mainstream because it is hard, but (1) the tech is getting easier and (2) the more skilled edgeryders can help the less skilled ones. While at 31C3, we started the Community Crypto project. A little hacking by Massimo brought us within spitting distance of a user-friendly solution: if we can get a reply from the Mailpile team we are in business! We could maybe join forces with Ecobytes for the provision of mailboxes, I have a hunch they might be interested.

+1 from @elf_Pavlik

4. Setting up community kitchens and food/drink based activities are great way to bring a diverse group of people together and serve the community at events.

Makgeolli workshop during #31C3 lead by Algoldor, photos by Lotte Smelik

As Alberto points out the congress experience “was made so much better by having a “home” in the broader 31C3 space”. From the experience of building and running the unMonastery and our annual LOTE events, we have collectively learned how important food is for health and well-being of communities and individuals. Not just eating good, healthy food but the activities of preparing it and how we go about eating it.  So collaborating with a community of hackers and food and drink enthusiasts who run activities at hacker events like ccc camps and OHM was a no-brainer. So we joined the Food Hacking Base assembly: @Thomas_Goorden and I led a weMixology/Agape workshop with help from @SamMuirhead. Also a tea corner was set up by Thomas @msanti and @Dorotea.

Over the years the Food Hacking Base community has managed to collect equipment to be able to set up a fully functional kitchen for a large number of people with stoves, ovens, sinks and lots of work surfaces plus all the smaller stuff like knives, cutting boards and even more advanced equipment. The kitchen is used both 1) to run experimental or pedagogical food related activities like cheese making, or Korean Fermented food and beverage production workshops…2) to cook healthy, delicious food by event participants for conference/camp/event participants. This is also very helpful for people who wish to have a bit more control of what they eat (and how much it costs) than is allowed by e.g. commercial catering services. I (Nadia) ended up spending a lot of time at the FHB during #31C3 and am considering setting an Edgeryders food hacking group in Brussels this year. let’s see. A huge thank you to Frantisek, Marcel, Ingo, Brabo, Daan, Lotte and the rest of the FHB community, it was great!

5. Workshop “The Machine To Be Another”

http://www.themachinetobeanother.org/

As a follow-up of the talk: http://events.ccc.de/congress/2014/Fahrplan/events/6385.html they organized a Workshop on day 4.

It was supposed to test the equipment, but some hardware problems stopped the demo. Some of the team will be in Berlin the first weeks of January, more info on twitter: beanotherlab

There are 2 main setups:

1. One "user" with the visor (containing some accelerometers), and a "performer", mounting a custom support for a camera, The performer 'clones' all the movements of the user while the camera relays this images to the user, that can experience different types of reactions because they're seeing another's arms.
2. Two "performers", wearing both a visor with a camera on it. So each one sees from the other's perspective. This setup works best with, i.e., dancers that ave a high perception of their bodies and are able to rapidly immerse in this experience.

In general, they are searching for suggestion for new application of the actual prototype or to possible improvements.

by @msanti

6. 2015 is going to be an important year for copyright reform

One of the more interesting talks was - for me - Julia Reda’s “Correcting copywrongs” (Well worth watching.) The short version is that there is a gigantic need in the EU to consolidate copyright law over the different member states, simply because it has become nigh impossible to know what copyright law you might be breaking in any random EU country by doing simple things like taking panoramic pictures or quoting people. The current chaotic situation is - probably above all else - commercially unattractive, which is why we may expect reform soon. Cynicism aside, this is cause for cautious optimism, as we may use this opportunity to finally get some more decent copyright law in place (assuming the simple fact that it is probably not going away soon). One big advantage for the general public is the big success that was the EU copyright consultation, in which it became clear that the copyright industries’ desires are often highly conflicting with civilian uses of authored work. Since copyright has been skewed so much against consumers, we might actually see a correction in the other direction and Julia Reda seems very ready for that discussion.

By @Thomas_Goorden

• Amen to that by @Alberto

7. Most cell phone (GSM) networks are incredibly insecure

One of the more shocking demonstrations of the security vulnerabilities of cell phone networks was “SS7: Locate. Track. Manipulate.” in which the presenter showed that pretty much any cell phone can be located or redirected, even if you only have the number. This is due to fundamental security flaws in the telephony system which was originally designed with “benevolent state actors” in mind, which is to say incredibly bad at protecting any modicum of privacy. Unfortunately, there is very little one can do, save for just turning the cell phone off (but your number and probably SMS’s can still be redirected then). There are a few cell phone companies that are taking measures to prevent some of the worst infractions, but it’s hard to even verify that. One thing you can do is install the “SnoopSnitch”, which at least detects some involuntary changes to your network settings.

By @Thomas_Goorden

…

Mailpile

@almereyda uses Mailpile… and @Smari currently works on it?

BTW Brennan Novak, another Mailpile core contributor, participates in IndieWeb community!

• ping @gandhiano

I know, but…

@Smari has been only sporadically in touch since LOTE1. I think the Mailpile channels are probably the most convenient for him (or Bjarni, or Brennan) to to talk to us.

BTW, yesterday Smari announced on Facebook that he is moving on to a new job in Sarajevo. He did not mention the future of Mailpile. Their blog announced a 1.0 version for December; I am currently running the beta, which was released in September. The latest post on the Mailpile blog was in November, and wondered whether to abandon PGP/MIME and specify a new standard for PGP over email. I have no expertise to deduce the technical implications of such a move, but if they decide to do this before 1.0 rather than later that might mean a long delay of 1.0 itself, even if Smari’s new commitments are neutralized (by someone new on the team, for example).

Mailpile seems really nice and something we definitely want to offer in Ecobytes (@almereyda had already proposed it), but it’s just the client part and we can probably set it up to relay to whatever server.

@elf_pavlik We are also planning a migration and setup of a new mail server. I think this is definitely an area where we should merge efforts, because (almost) no one really likes to setup MTAs, spam filters, web interfaces and it’s a huge maintenance work to keep it updated, efficient and free of all the threats derived from the (arcaic) implementation of mail in the internet.

@almereyda is involved in it at the technical level, I am involved also in planning. Please, if you have someone else willing to join the setup of a proper mail VM for Ecobytes (inc. of course all the collectives which we allow to relay), then I very strongly recommend to join efforts! The same for simply Mailpile - if anyone feels like setting up one for testing in our infrastructure just say and me or @almereyda can provide you access to the VM.

About “The Machine To Be Another”

@Nadia I talked to them in order to describe the Edgeryders community, and if you are interested about your master thesis, feel free to contact them at beanotherlab@gmail.com