| | IT Security Track |
| |
Anatomy of the Stuxnet-Worm
Ralph Langner,
Langner Communications
|
|
Stuxnet became known as the most complex malware in history.
It was also the first cyberwar weapon that was actually used.
While there are many publications on the Windows part of Stuxnet, in this talk we primarily focus on
"Payload" that runs on Siemens controls. We also explain the fundamental differences
between IT security and the security of industrial control systems.
Ralph Langner is a consultant for industrial networks.
He has more than twenty years of experience as a consultant in over 100 industrial companies from the auto
industry to nuclear power plants. His analysis of the Stuxnet-malware, based on his own reverse engineering of malicious code, found a world-wide attention.
|
|
| |
Data Recovery Techniques - Fun with Hard Drives
Peter "vic" Franck,
Attingo Datenrettung GmbH
|
|
Data recovery has always been a field with many legends.
In this talk, we reveal some of them. We give a brief overview of rescue layers and techniques as well as some
helpful information about how to communicate with the hard drive on an out-of-band interface.
Finally, we show how to change the serial number of a hard drive to the name of the girlfriend.
|
|
| |
Recent advances in IPv6 insecurities
Marc "vanHauser" Heuse,
selbständiger IT-Security Berater
|
|
IPv6 was designed 15 years ago, and in 2011 it will finally be deployed on the Internet.
This brings a lot of new challenges, and in this talk we will look at the security risks that come with IPv6.
A Hacker look is provided on the new Internet protocol together with the tools to test the issues.
Beware: several of the problems presented have not been solved until today.
However, recommendations on securing against these problems are given as well, so the audience can sleep a bit better at night.
|
|
| |
GSM: SRLY?
Dr. Karsten Nohl,
"Security Research Labs
|
|
The popular GSM cell phone standard uses outdated security and provides much
less protection than its increasing use in security applications suggests.
Our research aims to bridge the disconnect between technical facts and security
perception by creating GSM tools that allow users to record and analyze GSM data
to see what security features were really implemented by their operator.
The talk discusses a GSM debugging tool that consists entirely of open source
software and open radio hardware. We will demonstrate how to record and decode
GSM calls, even encrypted ones.
Karsten is a cryptographer and security researcher. He likes to test security
assumptions in proprietary systems and typically breaks them. Systems that could
not withstand curiosity include the Mifare and Legic RFID cards, DECT and GSM
cell phones, and encrypted car immobilizers. Karsten is helping Fortune500 in
risk modeling and mitigation.
|
|
| | Robotics Track |
| |
AR-Drohne .Net Control Library
Thomas Endres,
TNG
|
|
Drones form a new trend in consumer electronics.
Within this area, the Parrot ARDrone introduced last year stands out by combining two cameras, a WiFi network connection and many other features.
This presentation gives a short introduction into the technical internals of the drone.
Then, a program is presented that demonstrates different areas of application for the ARDrone.
It can now be controlled by a PC using a joystick, gamepad or even a Wii remote or voice control.
Marker detection and business logic for hovering above the marker demonstrate its application areas within the field of computer vision.
The presentation will be accompanied by live demonstrations.
|
|
| |
Extreme First Person View-Flight
Trappy, Team Black Sheep
|
|
Team Black Sheep is at the forefront of innovation front of the "First Person View" flight, in which an aircraft with
a built-in camera sends video data to the virtual reality glasses of the ground-based pilots.
This opens up an unconquered experience. Its limits are constantly extended by the Team Black Sheep.
For example, at the Matterhorn or the urban canyons
of New York City.
|
|
| |
Avatars, Robots, AI - learning shocks for our legal system
Prof. Dr. Peter Bräutigam,
Head of IT Practice, Noerr LLP
and Henrik Klagges,
TNG
|
|
An avatar robot is supposed to go to a classical music concert for his controlling person -
Does the organizer have to let in the avatar? If not, what if the controlling person is handicapped and
connected to his private home?
Does he have a special right of access to public events with the avatar?
Do you have to offer loading and maintenance stations for avatars, analogous to public restrooms?
Does the avatar pay the price of admission for children or adults?
Do you need a driver's license for operating an avatar in public space?
A party guest with AI personality assistant and augmented reality module identifies
the participants via automatic face recognition based on the social networks of known guests.
The wizard makes social behavior and conversation proposals on the basis of the published
states of preferences and relationships.
Is the software manufacturer liable if the wizard makes a mistake and the guest gets a slap in the face?
Is the software manufacturer liable if several guests use the same assistant version and
simultaneously try to use the identical pattern of action?
If the guest uses the assistant in a multithreaded mode and some parts of the communication
are done entirely by the assistant and the assistant autonomously makes legal transactions,
e.g. ordering a drink for a third person, are these transactions valid?
Can an employer in sensitive areas such as the police or an operator of nuclear power plants,
require his workers to always wear passive recording personal assistants at work?
Can the behavior of the employee be transferred to a monitoring and analysis system
for real time comparison with standards? Is it possible that the assistant gets
active in order to enforce compliance rules?
|
|
| | AI Track |
| |
Knowledge Extraction from Wikipedia: An Opportunity for AI
Prof. Dr. Michael Strube,
Heidelberg Institute for Theoretical Studies gGmbH
|
|
Intelligence relies on knowledge. Artificial Intelligence even more
so. Where do AI systems get this knowledge from? In the past
researchers in AI built up large repositories of knowledge either
completely manually or completely automatically. Manually created
resources, however, lack coverage, up-to-dateness, and
objectivity. Automatically created resources do not have the quality
for challenging AI applications.
In this presentation I will introduce our work on extracting knowledge
from Wikipedia, realizing a middle ground between completely manual and
completely automatic creation of knowledge resources. Wikipedia
provides a repository for world knowledge with more structure than the
web and more coverage than manually created knowledge bases. I show
how to create a semantic network by means of analyzing the Wikipedia
category structure, I describe how to induce an isa hierarchy on top
of the Wikipedia categorization, and I finish with our current work on
a large multingual conceptual network with many types of labeled
semantic relations.
|
|
| |
Browser Games Scripting with Perl
BotMaster J
|
|
"Leisure time? I automated it." - Automating browser-games is a popular hobby for programmers.
New technologies and insights can be learned in a playful way.
In addition, bots also eliminate annoying micro-management.
In this talk, a classic strategy game is presented with examples how to automate it with Perl scripts.
|
|
| |
Optimizing Sensing for Decision Making
Dr. Andreas Krause,
ETH Zürich
|
|
Sensors are everywhere: Examples include community-held sensors such
as accelerometers in cell phones, GPS receivers and navigation devices
in cars, infrastructural sensors such as smart meters in the power
grid, sensors for environmental monitoring and many others. Harnessing
these sensing resources could have enormous benefit on the
productivity, quality and security of our society.
In order to make use of these resources, we need to address important
research challenges: How can we model and robustly reason about data
obtained from heterogeneous, noisy sensors? How can we efficiently
make informed, distributed decisions under uncertainty? How can we
cope with constraints due to limited battery, computational power and
communication capability? How can we extract most useful information
from the massive amounts of data originating from large-scale sensor
and information networks?
In this talk, I will discuss some of these challenges and possible
approaches to address them, based on statistical inference, discrete
optimization and Bayesian experimental design. I will illustrate them
in the context of real-world sensing problems, including autonomous
environmental monitoring, protecting drinking water distribution
networks, and earthquake detection from community-held accelerometers.
|
|
| | Programming Languages-Track |
| |
The "D" Programming Language
Robert Pintarelli,
TNG
|
|
The D Programming Language was born out of the idea to give programmers
the power of C++ without the need to have "superman" powers. During the
implementation of this idea it became obvious that much more is needed
than just providing an easier syntax and polished interfaces. A modern
programming language must directly support efficiency, correctness and
multithreading in a usable manner. This langauge is D 2.0.
|
|
| |
Fun With Dead Languages (in English)
Dr. Damian Conway,
Associate Professor, Monash University; Thoughtstream
|
|
Watch in mesmerized terror as Damian hacks code in five unrelated languages (none of them Perl).
Along the way, you'll also learn about modern archaeological techniques, bidirectional cross- dressing,
Ancient Greeks hackers, improbable romances, the real Club Med, why programmers shouldn't frequent casinos,
the language of moisture vaporators, C++ mysticism, conversational Latin, state machines on steroids,
feeding the dog the old-fashioned way, the shocking truth about anime, programming without variables or subroutines,
the Four Voids of the Apocalypse, Microsoft's new advertising campaign, what the Romans used instead of braces, drunken stonemasons,
the ancient probabilistic wisdom of bodkins, how to kill a language with a single byte, and the price of fish.
|
|
| |
Erlang (in English)
Francesco Cesarini,
Gründer, CTO & Chief Strategy Officer, Erlang Solutions
|
|
|
|
| |
JavaScript WTFs, or: How I Learned To Stop Worrying And Love The Botch That Is ECMAScript
Raphael Pigulla,
Lead Developer JavaScript, BoerseGo AG
|
|
While for many things JavaScript may not be your weapon of choice, in oftentimes
will be the only one with which the battle can be fought. In the past 15 years
it has evolved from a once crude bludgeon to a highly versatile swiss army knife,
except many people still don't know on which end to hold it.
This talk will take a look at some of the quirks and more obscure ways
to shoot yourself in the foot with JavaScript. We will also highlight some of
its beauty and hidden gems - and discuss why so many programmers fail so horribly in using them.
Raphael Pigulla is the Lead JavaScript developer at BörseGo AG in Munich
with focus on User Interface Architecture and Software Quality Assurance.
He has studied Computer Science and Psychology at the University of
Passau and Westminster, Pennsylvania.
|
|
| | Agile Methodology Track |
| |
Scrum & Kanban for Social Games
Sönke Bullerdiek,
Senior Project Manager for Monster World at wooga
|
|
Monster World is one of the most successful games of wooga. In March 2011 it had over 6.5 million MAU (monthly active users),
which made it possible to increase the game team from five to fifteen people within the last year.
Since every game has its own independent team structure with dedicated resources,
the company structure from wooga is nontypical for the IT industry.
Originally Monster World was developed with Scrum and Sönke as a Scrum Master.
The scrum process resulted in some inefficiencies and missing flexibility.
Hence, some elements of Kanban were introduced.
In this talk, we present our experience of this Scrum/Kanban mix which has been used for 6 months.
|
|
| |
Continuous Deployment of Test Systems
Wolfram Koska und Dr. Martin Wagner,
TNG
|
|
To be able to perform comprehensive technical and functional tests of application releases, a production-like testing environment is required.
This is the only way to avoid surprises while updating and deploying the production environment.
Creating such an environment is a task that should not be underestimated.
It has a high complexity and requires considerable effort.
Combining the continuous integration server "Jenkins" with scripting, it is possible to set up, update and reconfigure the whole environment with a single click of a button.
This is achieved by automating tasks like repeatedly setting up a test database with updated data from production, adjusting the configuration for the test environment and running automated tests, which can then be executed by Jenkins.
We talk about our experience from multiple projects in which we
successfully adopted this approach for different applications.
|
|
| |
Deliver Business Value Every Week: Agile E-Commerce Startup
Martin Kreidenweis,
TNG
|
|
Lusini is a B2B market place for hotel and gastronomy needs.
Lusini is also a Munich-based startup founded in 2010.
This is the report from the beginning of development in May/June 2010 to the going live in December, up until now.
This talk is about the process as well as the tools and technologies used in the project.
We have been using agile methods like Scrum and Kanban from the beginning. Almost all of the software products used are open source.
Expect lessons learned from the day to day work in a an e-commerce startup.
|
|
| |
Successful product management with Scrum and Kanban
Gerhard Müller,
TNG,
and Balthes Katzenberger,
Ticket Online Software GmbH
|
|
At the moment there are two much-discussed approaches for the agile development of products: Scrum and Kanban.
Typically only one procedure model is deployed in a project.
Based on suggestions offered by a TNG consultant, Ticket Online introduced Scrum and Kanban in parallel, organised as two sub-teams which can be changed dynamically.
This talk presents experiences with the parallel adoption and discusses why this approach can help in many major product development projects.
|
|
| |
Scrum Do's & Don'ts for line managers
Eike Reinel,
TNG
|
|
The introduction of agile methods like Scrum and Kanban is in full activity in german business companies.
Oftentimes, however, the high expectations adjusted to these new methods are not or only partially fulfilled.
This talk discusses different behaviour patterns often observed in practical experience, which lead to continuous difficulties, and also presents possible solutions how to handle the intersection from the classical to the agile world successfully.
Thereby, not only patterns inside the team, but especially processes and behaviour patterns of the organisation in which the team is embedded, are considered.
|
|
| |
Problem-solving and Decision-making (in Englisch)
Dr. Linda Rising, independent consultant
|
|
Software developers struggle with complex problems for a living.
Unfortunately, we don't have time to keep up with the enormous amount of
research in cognitive science that would help us be better thinkers.
Linda Rising will share what she has been able to uncover. Some of it is
surprising, even counterintuitive. Linda will report on the research and
provide some tips for better thinking.
|
|
| |
Agile Risk Management – annihilate the probability
Dr. Robert Dahlke,
TNG
|
|
Risk Management is about handling events that cause damage to your project if they occur. This discipline is not explicitly described in agile project frameworks. Nevertheless, it can be incorporated very successfully. The motto is: annihilate the probability, the earlier the better.
|
|
| | Tools Track |
| |
NoSQL
Prof. Dr. Stefan Edlich,
University of Applied Sciences Berlin
|
|
After decades of domination, the relational world created their stubbornly persistent antagonists with the NoSQL systems.
Nowadays the question is not whether NoSQL is being used, but what kind of technologies are being used in parallel.
In addition, there is the enormous pressure of the cloud and with it the "everything-as-a-service" offering.
There are now hundreds of suppliers of MongoDB - and many other NoSQL DBs - "as a service".
Even Amazon has NoSQL included in their diverse service portfolio. And all for good reason.
In this talk, we consider the NoSQL foundation and the various application areas.
Other interesting questions include: What impact has scheme freedom on the application?
How do I deal with it? How do I install NoSQL in the cloud and what to consider? Based on such issues,
the various groups and NoSQL databases are presented in order to get a better understanding of the NoSQL potential.
|
|
| |
Introduction to Rule Based Systems (in Englisch)
Mark Proctor,
JBoss Rules Lead
|
|
Introduces Drools and explains what a rule based system is and how it
works. We will also cover event processing on a rule based system.
|
|
| | Digital Art Track |
| |
The Nova Video-3D-LED-System
Martina Eberle, Master of Arts in Design, eMBA,
Nova Labs / ETH Zürich
|
|
NOVA, the first video 3D LED system in the world, was installed in the
Zurich central railway station in 2006. The system was completely
developed from scratch, including all the hardware and software necessary
for the preparation and import of the contents. In this talk, a designer
will tell from her perspective about her personal experiences made during
the launch of a media art project in the public space as well about the
challenges faced in the development and commercialization of this new technology.
|
|
| | Startup's Corner-Track |
| |
Latest Developments in Computer-aided Medical Procedures & Augmented Reality
Professor Dr. Nassir Navab,
TU Munich
|
|
Professor Navab will talk about the newest developments in his research group at the TU Munich.
|
|
| |
A Revolutionary Solution in Ultrasound Diagnostics
Michael Hohenester and Sebastian Wittmeier, CEO and CTO at
Curefab
|
|
The managers of Curefab GmbH will present for 10 minutes a revolutionary solution in
Ultrasound diagnostics (e.g. vascular diagnostics for stroke prevention) and
how they raised their medical equipment start-up.
|
|
| |
Soft Tissue Image-guided Surgery
Dr. Joerg Traub,
CEO bei Surgic Eye
|
|
A highly innovative solution in soft tissue image guided surgery (e.g. to trace
small malignant lymph nodes) is presented, together with how their medical equipment
start-up was raised.
|
|
| |
Web-based 360°-Management with Small Improvements
Per Fragemann,
CEO at Small Improvements
|
|
Small Improvements is an intuitive, web-based 360°-management system that simplifies employee performance reviews, feedback and reporting.
|
|
| |
Nanotechnologie für schnellste DNA-Analysen
Dr. Federico Buersgens,
Geschäftsführer bei GNA Biosolutions GmbH
|
|
GNA Biosolutions is developing proprietary technology platforms for ultrafast, laser-based DNA analysis with nano particles up to marketability. This will result in a fast analysis methodology for pathogenic agent detection, bio security and pharmacogenomics.
|
|
| |
The Surgical Team Simulator
Dr. Stefan Taing,
Medability
|
|
The team from Medability has set itself the target to revolutionize the training and advanced education of surgery teams via the new
Surgical Team Simulator (STS). The STS allows for the first time that the surgeon being trained can simultaneously see, hear and feel the virtual patient.
|
|