It's been two days since I returned from the 28th Chaos Communication Congress in Berlin. Enough I guess to recover my sleep cycle and detox from Club Mate and other caffeinated drinks. Those were also the primary reasons why I didn't feel capable of writing a coherent blog post about the happenings inside the Berliner Congress Center during the congress. However, I do have a ton of notes and I'll try to share my thoughts on the congress in a few retrospective posts.
The best way to start would probably be at the talks. Two of those have circled the web and I can't add anything that hasn't already been said about them: How governments have tried to block Tor by Tor project developers Jacob Appelbaum and Roger Dingledine rightfully received a standing ovation while Cory Doctorow's The coming war on general computation had a fan-made transcript within hours. Both are well worth a look, including the Q & A sessions that followed.
GSM and mobile phones remain in the focus of security researches and reverse engineers. Karsten Nohl released a set of tools for assessing the security of calls made through your local mobile operator and an IMSI catcher detector. Both require only an OsmocomBB-compatible phone and I would love to see how Slovenian operators score on the former. There was also a very interesting talk by Guillaume Delugré on Reverse-engineering a Qualcomm baseband. In a flawless demonstration he showed how he managed to inject a GNU debugger compatible interface into a proprietary real-time OS running on the baseband processor inside a USB 3G dongle. We might soon see a OsmocomBB equivalent for UMTS based on this hardware.
Outside of the limelight there was the usual spectrum of talks on all sorts of topics. Continuing the CCC camp's hackers in space theme there was the unveiling of the new lunar rover by the Part Time Scientists team. The work they are doing on their hardware is impressive to say the least, however the presentation they gave was somewhat poorly prepared. Inviting questions from the audience with cheap give-aways might work on disinterested college undergraduates, but it just looked silly with this crowd.
Anyone dealing with wireless networks will probably be interested in Packets in packets talk about how the noisy nature of a radio link can be exploited to attack security of low level code even if the attacker only has access to protocols further up the OSI stack. And talking about security, Peter Eckersley of Electronic Frontier Foundation presented their Sovereign Keys proposal for fixing the current, broken situation regarding SSL certificate authorities.
Old home computers are still a popular topic, as proved by the Atari 2600 and the Commodore 64 demo talks. So is Bitcoin, although I haven't heard anything about this electronic currency I haven't seen before.
Leaving computers aside for a moment, there was also an interesting talk about Eating in the Anthropocene, which had a refreshingly rational approach to the topic of genetically modified organisms. These are usually automatically considered evil, even in the population frequenting this kind of events.
On a similar note, I should also mention something that happened on the final track of lightning talks. One of the speakers ringed all the bells of a new-age pseudo-scientific nonsense. While the IRC channel immediately exploded with skeptical remarks, the real-life audience actually patiently waited for the end of the four minute slot. A few people then gave a courtesy applause and the rest of us expressed our disagreement. Nick Farr, moderator for the session and otherwise a very respected member of the congress organization team, scolded us for not respecting the speaker's effort and gave the speaker an extra minute that was otherwise reserved for well-received talks. I think speaker was shown enough courtesy by giving him an equal opportunity to make a convincing case for his negative-ions-atmosphere-fertilization thing. Giving him extra time in my opinion showed lack of respect for all of the other speakers before him that presented more sensible topics.
Finally I should also mention there was an unscheduled panel on depression, motivated by the recent suicide of Diaspora developer Ilya Zhitomirskiy. It focused mostly on personal stories, but the IRC discussion it triggered raised some questions I would very much like to see discussed more in-depth, like how much is depression correlated with the hacker culture and motivations behind it.
This more or less covers the talks I attended and found worth sharing. Of course, you can find the whole list of talks, plus official video and audio recordings, on the Congress Wiki.
This year quite a few of the more security-oriented technical talks moved to a smaller, parallel event called BerlinSides at the other end of the city. I would certainly attend a few of the talks scheduled there and some actually choose to hop between the two events. However in hindsight, I didn't miss them at 28C3. The better selection of talks meant less of the bad feeling that I'm missing interesting presentations in the upper floors and more time socializing and doing other awesome things in the hackcenter. But more about that in the next part. Stay tuned.