An overview of the programme can be found here.
Stuxnet became known as the most complex malware in history. It was also the first cyberwar weapon that was actually used. While there are many publications on the Windows part of Stuxnet, in this talk we primarily focus on "Payload" that runs on Siemens controls. We also explain the fundamental differences between IT security and the security of industrial control systems.
Ralph Langner is a consultant for industrial networks. He has more than twenty years of experience as a consultant in over 100 industrial companies from the auto industry to nuclear power plants. His analysis of the Stuxnet-malware, based on his own reverse engineering of malicious code, found a world-wide attention.
Data recovery has always been a field with many legends. In this talk, we reveal some of them. We give a brief overview of rescue layers and techniques as well as some helpful information about how to communicate with the hard drive on an out-of-band interface. Finally, we show how to change the serial number of a hard drive to the name of the girlfriend.
IPv6 was designed 15 years ago, and in 2011 it will finally be deployed on the Internet. This brings a lot of new challenges, and in this talk we will look at the security risks that come with IPv6. A Hacker look is provided on the new Internet protocol together with the tools to test the issues. Beware: several of the problems presented have not been solved until today. However, recommendations on securing against these problems are given as well, so the audience can sleep a bit better at night.
The popular GSM cell phone standard uses outdated security and provides much less protection than its increasing use in security applications suggests. Our research aims to bridge the disconnect between technical facts and security perception by creating GSM tools that allow users to record and analyze GSM data to see what security features were really implemented by their operator.
The talk discusses a GSM debugging tool that consists entirely of open source software and open radio hardware. We will demonstrate how to record and decode GSM calls, even encrypted ones.
Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them. Systems that could not withstand curiosity include the Mifare and Legic RFID cards, DECT and GSM cell phones, and encrypted car immobilizers. Karsten is helping Fortune500 in risk modeling and mitigation.
Drones form a new trend in consumer electronics. Within this area, the Parrot ARDrone introduced last year stands out by combining two cameras, a WiFi network connection and many other features. This presentation gives a short introduction into the technical internals of the drone. Then, a program is presented that demonstrates different areas of application for the ARDrone. It can now be controlled by a PC using a joystick, gamepad or even a Wii remote or voice control. Marker detection and business logic for hovering above the marker demonstrate its application areas within the field of computer vision. The presentation will be accompanied by live demonstrations.
Team Black Sheep is at the forefront of innovation front of the "First Person View" flight, in which an aircraft with a built-in camera sends video data to the virtual reality glasses of the ground-based pilots. This opens up an unconquered experience. Its limits are constantly extended by the Team Black Sheep. For example, at the Matterhorn or the urban canyons of New York City.
An avatar robot is supposed to go to a classical music concert for his controlling person - Does the organizer have to let in the avatar? If not, what if the controlling person is handicapped and connected to his private home? Does he have a special right of access to public events with the avatar? Do you have to offer loading and maintenance stations for avatars, analogous to public restrooms? Does the avatar pay the price of admission for children or adults? Do you need a driver's license for operating an avatar in public space?
A party guest with AI personality assistant and augmented reality module identifies the participants via automatic face recognition based on the social networks of known guests. The wizard makes social behavior and conversation proposals on the basis of the published states of preferences and relationships. Is the software manufacturer liable if the wizard makes a mistake and the guest gets a slap in the face? Is the software manufacturer liable if several guests use the same assistant version and simultaneously try to use the identical pattern of action? If the guest uses the assistant in a multithreaded mode and some parts of the communication are done entirely by the assistant and the assistant autonomously makes legal transactions, e.g. ordering a drink for a third person, are these transactions valid?
Can an employer in sensitive areas such as the police or an operator of nuclear power plants, require his workers to always wear passive recording personal assistants at work? Can the behavior of the employee be transferred to a monitoring and analysis system for real time comparison with standards? Is it possible that the assistant gets active in order to enforce compliance rules?
Intelligence relies on knowledge. Artificial Intelligence even more so. Where do AI systems get this knowledge from? In the past researchers in AI built up large repositories of knowledge either completely manually or completely automatically. Manually created resources, however, lack coverage, up-to-dateness, and objectivity. Automatically created resources do not have the quality for challenging AI applications.
In this presentation I will introduce our work on extracting knowledge from Wikipedia, realizing a middle ground between completely manual and completely automatic creation of knowledge resources. Wikipedia provides a repository for world knowledge with more structure than the web and more coverage than manually created knowledge bases. I show how to create a semantic network by means of analyzing the Wikipedia category structure, I describe how to induce an isa hierarchy on top of the Wikipedia categorization, and I finish with our current work on a large multingual conceptual network with many types of labeled semantic relations.
"Leisure time? I automated it." - Automating browser-games is a popular hobby for programmers. New technologies and insights can be learned in a playful way. In addition, bots also eliminate annoying micro-management. In this talk, a classic strategy game is presented with examples how to automate it with Perl scripts.
Sensors are everywhere: Examples include community-held sensors such as accelerometers in cell phones, GPS receivers and navigation devices in cars, infrastructural sensors such as smart meters in the power grid, sensors for environmental monitoring and many others. Harnessing these sensing resources could have enormous benefit on the productivity, quality and security of our society.
In order to make use of these resources, we need to address important research challenges: How can we model and robustly reason about data obtained from heterogeneous, noisy sensors? How can we efficiently make informed, distributed decisions under uncertainty? How can we cope with constraints due to limited battery, computational power and communication capability? How can we extract most useful information from the massive amounts of data originating from large-scale sensor and information networks?
In this talk, I will discuss some of these challenges and possible approaches to address them, based on statistical inference, discrete optimization and Bayesian experimental design. I will illustrate them in the context of real-world sensing problems, including autonomous environmental monitoring, protecting drinking water distribution networks, and earthquake detection from community-held accelerometers.
The D Programming Language was born out of the idea to give programmers the power of C++ without the need to have "superman" powers. During the implementation of this idea it became obvious that much more is needed than just providing an easier syntax and polished interfaces. A modern programming language must directly support efficiency, correctness and multithreading in a usable manner. This langauge is D 2.0.
Watch in mesmerized terror as Damian hacks code in five unrelated languages (none of them Perl). Along the way, you'll also learn about modern archaeological techniques, bidirectional cross- dressing, Ancient Greeks hackers, improbable romances, the real Club Med, why programmers shouldn't frequent casinos, the language of moisture vaporators, C++ mysticism, conversational Latin, state machines on steroids, feeding the dog the old-fashioned way, the shocking truth about anime, programming without variables or subroutines, the Four Voids of the Apocalypse, Microsoft's new advertising campaign, what the Romans used instead of braces, drunken stonemasons, the ancient probabilistic wisdom of bodkins, how to kill a language with a single byte, and the price of fish.
Monster World is one of the most successful games of wooga. In March 2011 it had over 6.5 million MAU (monthly active users), which made it possible to increase the game team from five to fifteen people within the last year. Since every game has its own independent team structure with dedicated resources, the company structure from wooga is nontypical for the IT industry. Originally Monster World was developed with Scrum and Sönke as a Scrum Master. The scrum process resulted in some inefficiencies and missing flexibility. Hence, some elements of Kanban were introduced. In this talk, we present our experience of this Scrum/Kanban mix which has been used for 6 months.
To be able to perform comprehensive technical and functional tests of application releases, a production-like testing environment is required. This is the only way to avoid surprises while updating and deploying the production environment. Creating such an environment is a task that should not be underestimated. It has a high complexity and requires considerable effort.
Combining the continuous integration server "Jenkins" with scripting, it is possible to set up, update and reconfigure the whole environment with a single click of a button. This is achieved by automating tasks like repeatedly setting up a test database with updated data from production, adjusting the configuration for the test environment and running automated tests, which can then be executed by Jenkins.
We talk about our experience from multiple projects in which we successfully adopted this approach for different applications.
Lusini is a B2B market place for hotel and gastronomy needs. Lusini is also a Munich-based startup founded in 2010. This is the report from the beginning of development in May/June 2010 to the going live in December, up until now. This talk is about the process as well as the tools and technologies used in the project. We have been using agile methods like Scrum and Kanban from the beginning. Almost all of the software products used are open source. Expect lessons learned from the day to day work in a an e-commerce startup.
At the moment there are two much-discussed approaches for the agile development of products: Scrum and Kanban. Typically only one procedure model is deployed in a project. Based on suggestions offered by a TNG consultant, Ticket Online introduced Scrum and Kanban in parallel, organised as two sub-teams which can be changed dynamically. This talk presents experiences with the parallel adoption and discusses why this approach can help in many major product development projects.
The introduction of agile methods like Scrum and Kanban is in full activity in german business companies. Oftentimes, however, the high expectations adjusted to these new methods are not or only partially fulfilled. This talk discusses different behaviour patterns often observed in practical experience, which lead to continuous difficulties, and also presents possible solutions how to handle the intersection from the classical to the agile world successfully. Thereby, not only patterns inside the team, but especially processes and behaviour patterns of the organisation in which the team is embedded, are considered.
Software developers struggle with complex problems for a living. Unfortunately, we don't have time to keep up with the enormous amount of research in cognitive science that would help us be better thinkers. Linda Rising will share what she has been able to uncover. Some of it is surprising, even counterintuitive. Linda will report on the research and provide some tips for better thinking.
After decades of domination, the relational world created their stubbornly persistent antagonists with the NoSQL systems. Nowadays the question is not whether NoSQL is being used, but what kind of technologies are being used in parallel. In addition, there is the enormous pressure of the cloud and with it the "everything-as-a-service" offering. There are now hundreds of suppliers of MongoDB - and many other NoSQL DBs - "as a service". Even Amazon has NoSQL included in their diverse service portfolio. And all for good reason.
In this talk, we consider the NoSQL foundation and the various application areas. Other interesting questions include: What impact has scheme freedom on the application? How do I deal with it? How do I install NoSQL in the cloud and what to consider? Based on such issues, the various groups and NoSQL databases are presented in order to get a better understanding of the NoSQL potential.
NOVA, the first video 3D LED system in the world, was installed in the Zurich central railway station in 2006. The system was completely developed from scratch, including all the hardware and software necessary for the preparation and import of the contents. In this talk, a designer will tell from her perspective about her personal experiences made during the launch of a media art project in the public space as well about the challenges faced in the development and commercialization of this new technology.