WingNews logo WingNews
top | item 46464742

(no title)

neiman | 1 month ago

Where were people's favourite lectures?

I attended 7 talks.

My favourite talk by far was hacking the GPG. Brilliant, really: https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical...

The "In-house electronics manufacturing from scratch" was a very inspiring talk: https://media.ccc.de/v/39c3-in-house-electronics-manufacturi...

The rest were less good for me personally. Either over-dramatic and shallow (with a sexy-sounding topic) or too procedural in topics I'm not an expert in.

discuss

order

weinzierl|1 month ago

Somehow it did not get much attention, but Signal president Meredith Whittaker (together with Udbhav Tiwari) spoke about the risks and threats from AI-enabled systems.

AI Agent, AI Spy

https://media.ccc.de/v/39c3-ai-agent-ai-spy

I also found the talk about Asahi interesting, both from a technical standpoint but also as a nice update what the current status is.

Asahi Linux - Porting Linux to Apple Silicon

https://media.ccc.de/v/39c3-asahi-linux-porting-linux-to-app...

Finally, not recorded, but workshops like

Foundation workshop: Hands-on, how does the Internet work?

by Ingo Blechschmidt, is congress at its best. Getting a diverse set of people with various backgrounds and knowledge levels to ARP spoof in a little over an hour is art.

https://events.ccc.de/congress/2025/hub/event/detail/foundat...

Phelinofist|1 month ago

The Asahi talk was good, but the video switched waaaayyyyy too often between slide only -> slide + speaker -> stage -> only speaker. Made me kinda uncomfortable.

Beretta_Vexee|1 month ago

"Liberation of the Freebox", A slightly crazy Frenchman embarks on a quest to find exploit and write a complex exploit chain, using PrDoom and the Linux HFS+ driver to gain root privileges on his set-top box. All this in order to unlock the recording of somewhat rubbish TV channels such as TF1 and M6.

And he waited almost ten years and the retirement of the hardware to reveal it because he didn't want it to be patched.

If you are into hardware emulation "From silicon to Darude sand-storm" is fun.

the https://media.ccc.de/v/39c3-from-silicon-to-darude-sand-stor...

xorcist|1 month ago

Absolutely Cory Doctorow's, for the showmanship alone. Lovely background slides. The message itself might not resonate with everyone.

The talk "Look Up" about unencrypted data over DVB satellite links was also though provoking, both in presentation and in technical content. If there's that much data unencrypted over a mainstream IP link, imagine how much is still on legacy protocols in 2025.

robingchan|1 month ago

order by personal rank:

Sandstorm JP-8000 sawtooth DSP reversing https://www.youtube.com/watch?v=XM_q5T7wTpQ

Washing machines hacking https://www.youtube.com/watch?v=Q1S-PVo3GlA

AMD (ps5 sorta) security: https://www.youtube.com/watch?v=cVJZYT8kYsI

cool demo for the BT headphones talk: https://www.youtube.com/watch?v=TK5Tz4Bt94Y

precise time syncing with PTP: https://www.youtube.com/watch?v=dOt-zRIG5co

x86 > arm with intermediate: https://www.youtube.com/watch?v=3yDXyW1WERg

Linux-Fan|1 month ago

> precise time syncing with PTP: https://www.youtube.com/watch?v=dOt-zRIG5co

I am not so much into videos but due to some extended interest in the matter I decided to watch the recording of that talk and I do not regret it. Much recommended to everyone who is interested in the state of the art of precision time synchronization over network. Also, in my opinion this talk is presented masterfully with most of the time actually spent on a convincing live demo.

https://media.ccc.de/v/39c3-excuse-me-what-precise-time-is-i...

g-mork|1 month ago

Just for sheer geekery's sake probably the ISDN talk.

For OMG eye opening factor the FreeBSD jails talk (how the hell is this thing still so buggy?) and the talk on unencrypted satellite links

For excellent follow-along value and dedication to ridiculously pointless cause the Freebox talk. "Technically I don't own this box so instead of risking damaging it I'm going to take the extremely long and entertaining route around, somehow involving Doom WAD files"

For showmanship probably the Tegra talk

jacquesm|1 month ago

> For OMG eye opening factor the FreeBSD jails talk (how the hell is this thing still so buggy?)

Because everything that complex is going to be that buggy.

With the bugs they found fix a constant number of them still remains.

lskkgklglw|1 month ago

The biggest problem with ccc is that: 0. They are releasing too few tickets. 1. They are releasing the tickets too late. 3. Still not able to pay with card?

I live somewhat nearby, but can’t book or plan a visit because of this. I appreciate that they are releasing videos shortly afterwards though.

atoav|1 month ago

Ad too few tickets: I happen to live close by the venue (CCH in Hamburg) they fill up. And they do fill it up. That is the limiting factor.

Some person that wanted to get a ticket not getting one is bad, but what is worse is to have more visitors than you or the venue can safely handle. This and of course you still want it to work for the type of event you're doing, with multiple stages, parallel talks, ideally minimum walking distances, not a lot of extra tech to rent in terms of projection, sound etc.

To my knowledge the 3C congresses have been a story of growth and having to move to the next-bigger venue throughout the years.

neiman|1 month ago

You can pay with a card, but there is an additional 5 Euros fee (which is fair enough).

I booked a refundable hotel already in the summer, in case I won't get the tickets. But getting the ticket this year was relatively easy (though maybe I just got lucky).

cguess|1 month ago

There wasn't even enough assembly space this year, it was bursting at the seams. Sadly I think CCH is just too small for this conference. There's a much bigger conference space space down the street, but the rumor is that going back to Leipzig (where it was held during the renovation of CCH) is back in discussion. That place was too big though.

Beretta_Vexee|1 month ago

At the time when this took place in Berlin, in the Berlin Congress Center, which was rather small, there were only a few hundred seats available, and most of them had already been allocated before they even went on sale.

It was also a great excuse to spend New Year's Eve in Berlin.

rft|1 month ago

I still have to go through my watch list, the age old issue of not having my slides done before congress...

The 10 year of Dieselgate is interesting just from a "how bad is it really?" PoV, I saw the part about curves and other defeat devices already [1].

The Rowhammer talk is likely going to be great as well, I like Daniel's work [2].

The practical Cross-VM Spectre was interesting to show this is still a problem [3].

The opensource secure element was good for trying such a thing, but I wasn't that impressed with the content [4].

[1] https://cfp.cccv.de/39c3/talk/7MSRA7/ https://media.ccc.de/v/39c3-10-years-of-dieselgate

[2] https://cfp.cccv.de/39c3/talk/3JXAJJ/ https://media.ccc.de/v/39c3-rowhammer-in-the-wild-large-scal...

[3] https://cfp.cccv.de/39c3/talk/ATYLN9/ https://media.ccc.de/v/39c3-spectre-in-the-real-world-leakin...

[4] https://cfp.cccv.de/39c3/talk/9DYZXG/ https://media.ccc.de/v/39c3-lessons-from-building-an-open-ar...

pseudohadamard|1 month ago

The Deutschlandticket talk was pretty cool. As Malcolm Tucker would say, "what a catastrofuck".

Miele washing machine hacking, very nice, I was going to say I'd be waiting to see someone integrate it into HA... and then looked up the Github repo and there's HA integration already there.

Alconicon|1 month ago

I think the blue team ctf ai talk was a good benchmark were we at right now https://media.ccc.de/v/39c3-breaking-bots-cheating-at-blue-t...

lmeyerov|1 month ago

Thank you, and happy to answer questions on that, it's been a crazy time!

Maybe of relevance to non-security people here:

1. Most of it is about AI investigating event data in general, not just SOC/IR: cyber, intel, fraud, SRE, and we're even messing with customer 360 & social media data

2. For anyone into vibes coding or building agents, I encourage jumping to the "self-writing AI" section where we're finding we are moving internally from vibes coding -> vibes engineering -> and finally now to eval-driven AI coding loops

And, for anyone in security, doing careful evals here has indeed strongly colored my view on the market :)

dkga|1 month ago

The WhiteDate talk was pretty cool!

jacquesm|1 month ago

That in-house electronics one is gold.