rc3-franconiannet

The EU Commission is using education politics and digitization to increase European Integration and move beyond ERASMUS+. Current trends in European Higher Education Policy include the European University Initiative, Micro-Credentials, Virtual Exchange, Internationalization at Home or the Student eCard. We want to show you how these ideas and concepts are interconnected and discuss the pros and cons of the current developements as they can lead to more democracy and more cooperation as well as to more isolation. As the common notion of an "ever closer union" has failed with Brexit, new ways are considered to increase Europeanization. Although the idea is as old as the Union itself a new concept has taken center stage promising to create greater cohesion within the union: the European University. In November 2017, the European Commission went public with plans to start a so-called "Sorbonne Process" in order to create an EU-wide common educational area (EEA) in which mutual recognition of qualifications, mobility and improvement of language acquisition are tackled in unison. These efforts include the introduction of European University Alliances (EUAs) and a Student eCard. The latter aims to improve the exchange of bureaucratic information between universities in the EU. Other concepts like Micro-credentials, Virtual Exchange and Internationalization at Home have later been added to these new efforts by the Commission. The EUAs have become important testing fields and launch pads for these ideas and student representatives are increasingly worried about their implications for the future of education. But while these new instruments can fundamentally change the nature of higher education, there are also reasons for optimism. From the beginning on some of the EUAs have included democratic student involvement in all their structures. We hope that these early efforts can lead to new forms of student representation, teaching young students democratic cooperation on a European level and helping them represent their interests even better. This talk will introduce you to current trends in European Higher Education Policy with special attention on how digitization is used to further strategic goals of the EU Commission. The implementation of the European Universities will not be without conflict and conflicting positions: Micro-Credentials, European Student eCards and new democratic structures can lead into a benevolent as well as a malign future. Our talk aims to cover all relevant dimensions and offer you the opportunity to discuss with us the problems at hand. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/Y7GFRS/

The EU Commission is using education politics and digitization to increase European Integration and move beyond ERASMUS+. Current trends in European Higher Education Policy include the European University Initiative, Micro-Credentials, Virtual Exchange, Internationalization at Home or the Student eCard. We want to show you how these ideas and concepts are interconnected and discuss the pros and cons of the current developements as they can lead to more democracy and more cooperation as well as to more isolation. As the common notion of an "ever closer union" has failed with Brexit, new ways are considered to increase Europeanization. Although the idea is as old as the Union itself a new concept has taken center stage promising to create greater cohesion within the union: the European University. In November 2017, the European Commission went public with plans to start a so-called "Sorbonne Process" in order to create an EU-wide common educational area (EEA) in which mutual recognition of qualifications, mobility and improvement of language acquisition are tackled in unison. These efforts include the introduction of European University Alliances (EUAs) and a Student eCard. The latter aims to improve the exchange of bureaucratic information between universities in the EU. Other concepts like Micro-credentials, Virtual Exchange and Internationalization at Home have later been added to these new efforts by the Commission. The EUAs have become important testing fields and launch pads for these ideas and student representatives are increasingly worried about their implications for the future of education. But while these new instruments can fundamentally change the nature of higher education, there are also reasons for optimism. From the beginning on some of the EUAs have included democratic student involvement in all their structures. We hope that these early efforts can lead to new forms of student representation, teaching young students democratic cooperation on a European level and helping them represent their interests even better. This talk will introduce you to current trends in European Higher Education Policy with special attention on how digitization is used to further strategic goals of the EU Commission. The implementation of the European Universities will not be without conflict and conflicting positions: Micro-Credentials, European Student eCards and new democratic structures can lead into a benevolent as well as a malign future. Our talk aims to cover all relevant dimensions and offer you the opportunity to discuss with us the problems at hand. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/Y7GFRS/

Vor 4 Jahren erblickte Mastodon das Licht der Welt. Schnell bekam das Fediverse dadurch neuen Aufwind. Nun ist es Zeit in dieser Beziehung die rosarote Brille abzulegen. Welche Autorität haben große Instanzen gegenüber kleinen? Sind wir vor den Gefahren großer gated Plattformen gewappnet? Wollen wir die Platzhirsche der sozialen Netzwerke wirklich aufbrechen? In diesem Vortrag möchte ich aufzeigen, wie wir das Fediverse gestalten können, um für die vor uns liegenden Fallen bereit zu sein. Die Hoffnungen um das Fediverse sind groß. Viele erwarten sich immer wieder, dass es die digitale Öffentlichkeit nachhaltig verändern wird. Manche meinen gar es würde reichen die großen Plattformen wie Facebook und Twitter dazu zu zwingen mit dem Fediverse zu föderieren. Doch sind wir überhaupt bereit, dass Millionen neue User ins Fediverse geschwemmt werden? Mastodon konnte zahlreichen Communities ein eigenes Zuhause geben. Doch wie gehen wir damit um, wenn sich große Instanzen dazu entscheiden die Föderation wieder abzuschalten und ihre Nutzer*innen bei ihnen einzusperren? Die Probleme, die mit einem wachsenden Netzwerk einhergehen, sind vielfältig, aber nicht unlösbar. Aber solange wir die metaphorische rosarote Brille aufgesetzt haben, neigen wir dazu, die Lösungen nur in der föderierten Struktur des Fediversums zu sehen. Unweigerlich ignorieren wir auch welche Probleme von den dominierenden Plattformen einfach nur übernommen werden und welche Probleme die Eigenheiten dieser Struktur selbst mit sich bringen. Nur wenn wir darüber reden, beginnen wir auch über die Lösungen zu sprechen. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/3TWRBB/

Vor 4 Jahren erblickte Mastodon das Licht der Welt. Schnell bekam das Fediverse dadurch neuen Aufwind. Nun ist es Zeit in dieser Beziehung die rosarote Brille abzulegen. Welche Autorität haben große Instanzen gegenüber kleinen? Sind wir vor den Gefahren großer gated Plattformen gewappnet? Wollen wir die Platzhirsche der sozialen Netzwerke wirklich aufbrechen? In diesem Vortrag möchte ich aufzeigen, wie wir das Fediverse gestalten können, um für die vor uns liegenden Fallen bereit zu sein. Die Hoffnungen um das Fediverse sind groß. Viele erwarten sich immer wieder, dass es die digitale Öffentlichkeit nachhaltig verändern wird. Manche meinen gar es würde reichen die großen Plattformen wie Facebook und Twitter dazu zu zwingen mit dem Fediverse zu föderieren. Doch sind wir überhaupt bereit, dass Millionen neue User ins Fediverse geschwemmt werden? Mastodon konnte zahlreichen Communities ein eigenes Zuhause geben. Doch wie gehen wir damit um, wenn sich große Instanzen dazu entscheiden die Föderation wieder abzuschalten und ihre Nutzer*innen bei ihnen einzusperren? Die Probleme, die mit einem wachsenden Netzwerk einhergehen, sind vielfältig, aber nicht unlösbar. Aber solange wir die metaphorische rosarote Brille aufgesetzt haben, neigen wir dazu, die Lösungen nur in der föderierten Struktur des Fediversums zu sehen. Unweigerlich ignorieren wir auch welche Probleme von den dominierenden Plattformen einfach nur übernommen werden und welche Probleme die Eigenheiten dieser Struktur selbst mit sich bringen. Nur wenn wir darüber reden, beginnen wir auch über die Lösungen zu sprechen. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/3TWRBB/

_electronic _techno electronic music played live with blinking bleep-boxes and boing-boom-tschak-machines about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/XA7YXL/

_electronic _techno electronic music played live with blinking bleep-boxes and boing-boom-tschak-machines about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/XA7YXL/

_techno auf ihrer Umlaufbahn durch das Internet. Mit Eiḿert und Stockhausen im Nacken sitzen sie flatterfingrich an den Instrumenten ihrer Raumstation. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/9QPNVQ/

_techno auf ihrer Umlaufbahn durch das Internet. Mit Eiḿert und Stockhausen im Nacken sitzen sie flatterfingrich an den Instrumenten ihrer Raumstation. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/9QPNVQ/

Basics for 3d construction with the program Blender, with design-tips for 3d-printing. In this workshop I will explain the (in my opinion) basics to construct 3d models for technical parts (by which I mean simple geometries, and no fancy sculptures which blender is actually meant for). In the beginnint I will lay out some design tips of these parts for fused plastic filament 3d-printing. I will try to make this accessible for absolute Blender-beginners and people who do not yet have much experience with 3d-printing but want to create their own models. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/VK8AKC/

Basics for 3d construction with the program Blender, with design-tips for 3d-printing. In this workshop I will explain the (in my opinion) basics to construct 3d models for technical parts (by which I mean simple geometries, and no fancy sculptures which blender is actually meant for). In the beginnint I will lay out some design tips of these parts for fused plastic filament 3d-printing. I will try to make this accessible for absolute Blender-beginners and people who do not yet have much experience with 3d-printing but want to create their own models. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/VK8AKC/

Frauen gelten insbesondere als perfide Zielscheibe von Hass und Hetze im digitalen Diskurs. Wir schauen uns die Dimension der digitalen Gewalt gegen Frauen genauer an. Die Bandbreite unterschiedlicher Erscheinungsformen sowie ihre Strafbarkeit wird vorgestellt. Wir beleuchten die unterschiedlichen Ursachen und zeigen davon ausgehend die daraus entstehenden Probleme und Konsequenzen. Handlungsmöglichkeiten und ein interaktiver Austausch bieten einen aktiven Abschluss. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/KCHU8D/

Frauen gelten insbesondere als perfide Zielscheibe von Hass und Hetze im digitalen Diskurs. Wir schauen uns die Dimension der digitalen Gewalt gegen Frauen genauer an. Die Bandbreite unterschiedlicher Erscheinungsformen sowie ihre Strafbarkeit wird vorgestellt. Wir beleuchten die unterschiedlichen Ursachen und zeigen davon ausgehend die daraus entstehenden Probleme und Konsequenzen. Handlungsmöglichkeiten und ein interaktiver Austausch bieten einen aktiven Abschluss. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/KCHU8D/

Die Geschichte einer etwas ungewöhnlichen Hausbesetzung im schwäbischen Reutlingen (kein Witz!) und was sich daraus bisher entwickelt hat - zusammen mit einer Idee, wie selbstbestimmtes Wohnen aussehen kann und meinen bisherigen Erfahrungen, was auf unserem Weg hilfreich war. Wir befinden uns im Jahre 2019 n.Chr. Der ganze Wohnungsmarkt im Ländle wird von gierigen Vermieter*innen kontrolliert... Im ganzen Ländle? Nein! Die aus unbeugsamen Reutlinger*innen bestehende 'Crew' hört nicht auf, dem Wucher Widerstand zu leisten. Und das Leben ist nicht leicht für die GWG und ihre Verbündeten... So begann im Mai letzten Jahres die Geschichte der Hausbesetzung der K39 in Reutlingen - und weil sowas in der schwäbischen Provinz (nimmt man mal die typischen Uni-Städte Tübingen und Freiburg aus) wirklich ungewöhnlich ist, war ich natürlich neugierig genug, da mal vorbeizuschauen... Zwischenzeitlich ist viel passiert. Was genau passiert ist, wie es (hoffentlich) weitergeht, aber auch was das Mietshäuser Syndikat ist und was ich persönlich auf dem bisherigen Weg gelernt habe, soll Inhalt des Talks sein. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/KEVUCM/

Die Geschichte einer etwas ungewöhnlichen Hausbesetzung im schwäbischen Reutlingen (kein Witz!) und was sich daraus bisher entwickelt hat - zusammen mit einer Idee, wie selbstbestimmtes Wohnen aussehen kann und meinen bisherigen Erfahrungen, was auf unserem Weg hilfreich war. Wir befinden uns im Jahre 2019 n.Chr. Der ganze Wohnungsmarkt im Ländle wird von gierigen Vermieter*innen kontrolliert... Im ganzen Ländle? Nein! Die aus unbeugsamen Reutlinger*innen bestehende 'Crew' hört nicht auf, dem Wucher Widerstand zu leisten. Und das Leben ist nicht leicht für die GWG und ihre Verbündeten... So begann im Mai letzten Jahres die Geschichte der Hausbesetzung der K39 in Reutlingen - und weil sowas in der schwäbischen Provinz (nimmt man mal die typischen Uni-Städte Tübingen und Freiburg aus) wirklich ungewöhnlich ist, war ich natürlich neugierig genug, da mal vorbeizuschauen... Zwischenzeitlich ist viel passiert. Was genau passiert ist, wie es (hoffentlich) weitergeht, aber auch was das Mietshäuser Syndikat ist und was ich persönlich auf dem bisherigen Weg gelernt habe, soll Inhalt des Talks sein. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/KEVUCM/

Names of people cannot be invalid. People have names. Most people do. People have first names and last names. Many people do. People have any sorts of names that often don’t fit fixed fields in the forms. These names may contain letters, accented letters, and other characters, that may cause problems to your code depending on the encoding you use. They may look differently in uppercase and lowercase, or may not be case foldable at all. Searching and sorting these names may be tricky too. And if you design an application, web form, and/or database dealing with personal names, you’ll have to take that into account. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/XRLPKJ/

Names of people cannot be invalid. People have names. Most people do. People have first names and last names. Many people do. People have any sorts of names that often don’t fit fixed fields in the forms. These names may contain letters, accented letters, and other characters, that may cause problems to your code depending on the encoding you use. They may look differently in uppercase and lowercase, or may not be case foldable at all. Searching and sorting these names may be tricky too. And if you design an application, web form, and/or database dealing with personal names, you’ll have to take that into account. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/XRLPKJ/

From the AFL++ team comes a talk about the core concepts of fuzzing, novel fuzzing research, a library, and parts of fuzzing that can be edited and swapped out. In this talk, we present the theory, building blocks and ideas behind our evolution to AFL++, a powerful and flexible new fuzzer design. Instead of a command line tool one-trick-pony, security researchers will be able to build the perfect fuzzer for their target, and extend parts of their fuzzer with their own code. After dealing with the monolithic C codebase inherited from AFL for over a year, we learned how to build a better toolsuite from scratch, as a library, with reusable components and easily maintainable code. The design of the framework follows a clear division of fuzz testing concepts into interconnected entities. Like LEGO bricks, each part of the fuzzer can be swapped out with other implementations, and behavior. The first prototype, libAFL, was developed as one of the AFL++ Google Summer of Code projects in C. After seeing that the concepts work in practice, we are now creating a powerful fuzzing framework in Rust. This talk discusses these concepts and how they relate to existing fuzzers at the state of the art. Thanks to its flexibility, the library can be used to reimplement a wide variety of fuzzers. We discuss how we tackle common problems like scaling between cores, and embedding the fuzzer directly into the target for maximum speed. The building blocks discussed in this talk will be the engine under the hood of a future AFL++ release, and, hopefully, your next custom-build fuzzer. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/DT7VHD/

From the AFL++ team comes a talk about the core concepts of fuzzing, novel fuzzing research, a library, and parts of fuzzing that can be edited and swapped out. In this talk, we present the theory, building blocks and ideas behind our evolution to AFL++, a powerful and flexible new fuzzer design. Instead of a command line tool one-trick-pony, security researchers will be able to build the perfect fuzzer for their target, and extend parts of their fuzzer with their own code. After dealing with the monolithic C codebase inherited from AFL for over a year, we learned how to build a better toolsuite from scratch, as a library, with reusable components and easily maintainable code. The design of the framework follows a clear division of fuzz testing concepts into interconnected entities. Like LEGO bricks, each part of the fuzzer can be swapped out with other implementations, and behavior. The first prototype, libAFL, was developed as one of the AFL++ Google Summer of Code projects in C. After seeing that the concepts work in practice, we are now creating a powerful fuzzing framework in Rust. This talk discusses these concepts and how they relate to existing fuzzers at the state of the art. Thanks to its flexibility, the library can be used to reimplement a wide variety of fuzzers. We discuss how we tackle common problems like scaling between cores, and embedding the fuzzer directly into the target for maximum speed. The building blocks discussed in this talk will be the engine under the hood of a future AFL++ release, and, hopefully, your next custom-build fuzzer. about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/DT7VHD/

Tox [0] is a free and open source peer-to-peer instant messaging protocol and implementation, that aims to provide secure messaging. It’s intended as an end-to-end encrypted (E2EE) and distributed Skype replacement. Tox’ cryptography is based on the NaCl library from Daniel J. Bernstein [1]. The cryptographic primitives for the key exchange (X25519), authentication (Poly1305) and symmetric encryption (XSalsa20) are state of the art peer-reviewed algorithms. Unfortunately Tox’ authenticated key exchange (AKE) during Tox’ cryptographic handshake is a "home-brewed" cryptographic protocol (remember: do not roll your own crypto!) and is known to be vulnerable to key compromise impersonation (KCI) attacks [2]. In this talk we will show why this vulnerability is challenging to exploit in practice. However, we will also present a fix to this vulnerability by designing and implementing a new cryptographic Tox handshake with formally-verified security properties. KCI is a vulnerability of AKE protocols, which in this case could enable an attacker, who compromised the static long-term private X25519 [3] key of a Tox user Alice, to impersonate any other Tox user (with certain assumptions) to Alice ("reverse impersonation"). Furthermore, this would enable this attacker to perform a Man-in-the-Middle (MitM) attack and therefore tampering of exchanged messages. X25519 key pairs, that are necessary for the distributed hash table (DHT), make an actual KCI-attack more complex as suggested in the initial vulnerability report by Jason A. Donenfeld. The Noise Protocol Framework [4] from Trevor Perrin (co-author of Signal [5]) was used to design a new KCI-resistant Tox’ handshake. The Noise Protocol Framework is intended to use by protocol designers to create secure channel protocols based on Diffie-Hellman (DH) key agreement. Noise provides different handshake patterns for different use cases. These patterns define a sequence of DH operations to calculate a shared symmetric session key. The security properties of these patterns are formally verified. These security properties can include forward secrecy, identity hiding and most notably KCI-resistance. A handshake pattern is instantiated by DH functions, cipher functions and hash functions to give a concrete Noise protocol. Such Noise protocols are already used in some applications, like WireGuard VPN [6]. The Noise protocol used in Tox is Noise_IK_25519_ChaChaPoly_SHA512. The Noise-C library from Rhys Weatherley [7] was used to implement the new AKE in c-toxcore [8]. The implementation is currently in proof-of-concept state and will be further improved. In future work, instead of using the Noise-C library, which supports most of Noise’ handshake patterns and all cryptographic primitives, only the Noise protocol used in the Tox handshake will be implemented in c-toxcore. This will remove Noise-C as a dependency (i.e the only other dependency is NaCl/libsodium), reduce source lines of code and therefore reduce the attack surface. Noise also provides functions to further improve security, like session re-keying, which could also be adopted in Tox. Terminology in context of Tox: * Tox is the name of the protocol in general * The implementation of Tox is toxcore - a network library (see [8]) * The clients (using toxcore) have specific names (e.g. qTox [9]) ____ * Full Master Thesis: https://pub.fh-campuswien.ac.at/obvfcwhsacc/content/titleinfo/5430137 * [0] https://tox.chat/ * [1] https://nacl.cr.yp.to/ * [2] https://github.com/TokTok/c-toxcore/issues/426 * [3] https://ed25519.cr.yp.to/ * [4] https://noiseprotocol.org/ * [5] https://signal.org/docs/ * [6] https://www.wireguard.com/ * [7] https://rweather.github.io/noise-c/index.html * [8] https://github.com/TokTok/c-toxcore * [9] https://github.com/qTox/qTox about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/PWNJYW/

Tox [0] is a free and open source peer-to-peer instant messaging protocol and implementation, that aims to provide secure messaging. It’s intended as an end-to-end encrypted (E2EE) and distributed Skype replacement. Tox’ cryptography is based on the NaCl library from Daniel J. Bernstein [1]. The cryptographic primitives for the key exchange (X25519), authentication (Poly1305) and symmetric encryption (XSalsa20) are state of the art peer-reviewed algorithms. Unfortunately Tox’ authenticated key exchange (AKE) during Tox’ cryptographic handshake is a "home-brewed" cryptographic protocol (remember: do not roll your own crypto!) and is known to be vulnerable to key compromise impersonation (KCI) attacks [2]. In this talk we will show why this vulnerability is challenging to exploit in practice. However, we will also present a fix to this vulnerability by designing and implementing a new cryptographic Tox handshake with formally-verified security properties. KCI is a vulnerability of AKE protocols, which in this case could enable an attacker, who compromised the static long-term private X25519 [3] key of a Tox user Alice, to impersonate any other Tox user (with certain assumptions) to Alice ("reverse impersonation"). Furthermore, this would enable this attacker to perform a Man-in-the-Middle (MitM) attack and therefore tampering of exchanged messages. X25519 key pairs, that are necessary for the distributed hash table (DHT), make an actual KCI-attack more complex as suggested in the initial vulnerability report by Jason A. Donenfeld. The Noise Protocol Framework [4] from Trevor Perrin (co-author of Signal [5]) was used to design a new KCI-resistant Tox’ handshake. The Noise Protocol Framework is intended to use by protocol designers to create secure channel protocols based on Diffie-Hellman (DH) key agreement. Noise provides different handshake patterns for different use cases. These patterns define a sequence of DH operations to calculate a shared symmetric session key. The security properties of these patterns are formally verified. These security properties can include forward secrecy, identity hiding and most notably KCI-resistance. A handshake pattern is instantiated by DH functions, cipher functions and hash functions to give a concrete Noise protocol. Such Noise protocols are already used in some applications, like WireGuard VPN [6]. The Noise protocol used in Tox is Noise_IK_25519_ChaChaPoly_SHA512. The Noise-C library from Rhys Weatherley [7] was used to implement the new AKE in c-toxcore [8]. The implementation is currently in proof-of-concept state and will be further improved. In future work, instead of using the Noise-C library, which supports most of Noise’ handshake patterns and all cryptographic primitives, only the Noise protocol used in the Tox handshake will be implemented in c-toxcore. This will remove Noise-C as a dependency (i.e the only other dependency is NaCl/libsodium), reduce source lines of code and therefore reduce the attack surface. Noise also provides functions to further improve security, like session re-keying, which could also be adopted in Tox. Terminology in context of Tox: * Tox is the name of the protocol in general * The implementation of Tox is toxcore - a network library (see [8]) * The clients (using toxcore) have specific names (e.g. qTox [9]) ____ * Full Master Thesis: https://pub.fh-campuswien.ac.at/obvfcwhsacc/content/titleinfo/5430137 * [0] https://tox.chat/ * [1] https://nacl.cr.yp.to/ * [2] https://github.com/TokTok/c-toxcore/issues/426 * [3] https://ed25519.cr.yp.to/ * [4] https://noiseprotocol.org/ * [5] https://signal.org/docs/ * [6] https://www.wireguard.com/ * [7] https://rweather.github.io/noise-c/index.html * [8] https://github.com/TokTok/c-toxcore * [9] https://github.com/qTox/qTox about this event: https://pretalx.rc3.studio/rc3-channels-2020/talk/PWNJYW/