39th Chaos Communication Congress Videos

(media.ccc.de)

323 points by Jommi8 hours ago

11 comments

neiman7 hours ago
Where were people's favourite lectures?I attended 7 talks.My favourite talk by far was hacking the GPG. Brilliant, really: <a href="https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i" rel="nofollow">https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical...</a>The "In-house electronics manufacturing from scratch" was a very inspiring talk: <a href="https://media.ccc.de/v/39c3-in-house-electronics-manufacturing-from-scratch-how-hard-can-it-be" rel="nofollow">https://media.ccc.de/v/39c3-in-house-electronics-manufacturi...</a>The rest were less good for me personally. Either over-dramatic and shallow (with a sexy-sounding topic) or too procedural in topics I'm not an expert in.
- weinzierl6 hours ago
 Somehow it did not get much attention, but Signal president Meredith Whittaker (together with Udbhav Tiwari) spoke about the risks and threats from AI-enabled systems.AI Agent, AI Spy<a href="https://media.ccc.de/v/39c3-ai-agent-ai-spy" rel="nofollow">https://media.ccc.de/v/39c3-ai-agent-ai-spy</a>I also found the talk about Asahi interesting, both from a technical standpoint but also as a nice update what the current status is.Asahi Linux - Porting Linux to Apple Silicon<a href="https://media.ccc.de/v/39c3-asahi-linux-porting-linux-to-apple-silicon" rel="nofollow">https://media.ccc.de/v/39c3-asahi-linux-porting-linux-to-app...</a>Finally, not recorded, but workshops likeFoundation workshop: Hands-on, how does the Internet work?by Ingo Blechschmidt, is congress at its best. Getting a diverse set of people with various backgrounds and knowledge levels to ARP spoof in a little over an hour is art.<a href="https://events.ccc.de/congress/2025/hub/event/detail/foundation-workshop-hands-on-how-does-the-internet" rel="nofollow">https://events.ccc.de/congress/2025/hub/event/detail/foundat...</a>
 - aberoham24 minutes ago
 Meredith's talk was extremely scripted, not very original and then she ducked out of taking any audience questions. Udbhav awkwardly stood there but seemed like he could have had much more to say. It was hard to watch.Mona Wang's talk early on Day 2 wasn't recorded but was the polar opposite -- Original, off-the-cuff, engaging, and just fun to witness.<a href="https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/protecting-the-network-data-of-one-billion-people-breaking-network-crypto-in-popular-chinese-mobile-apps" rel="nofollow">https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/...</a> <a href="https://m0na.net/papers/wirewatch.pdf" rel="nofollow">https://m0na.net/papers/wirewatch.pdf</a>
- pamcake6 hours ago
 I also enjoyed the GPG talk. Other highlights:Not an Impasse: Child Safety, Privacy, and Healing Together: <a href="https://media.ccc.de/v/39c3-not-an-impasse-child-safety-privacy-and-healing-together" rel="nofollow">https://media.ccc.de/v/39c3-not-an-impasse-child-safety-priv...</a>APT Down and the mystery of the burning data centers: <a href="https://media.ccc.de/v/39c3-apt-down-and-the-mystery-of-the-burning-data-centers" rel="nofollow">https://media.ccc.de/v/39c3-apt-down-and-the-mystery-of-the-...</a>Bluetooth Headphone Jacking: A Key to Your Phone: <a href="https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone" rel="nofollow">https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-ke...</a>
- Beretta_Vexee4 hours ago
 "Liberation of the Freebox", A slightly crazy Frenchman embarks on a quest to find exploit and write a complex exploit chain, using PrDoom and the Linux HFS+ driver to gain root privileges on his set-top box. All this in order to unlock the recording of somewhat rubbish TV channels such as TF1 and M6.And he waited almost ten years and the retirement of the hardware to reveal it because he didn't want it to be patched.If you are into hardware emulation "From silicon to Darude sand-storm" is fun.the <a href="https://media.ccc.de/v/39c3-from-silicon-to-darude-sand-storm-breaking-famous-synthesizer-dsps" rel="nofollow">https://media.ccc.de/v/39c3-from-silicon-to-darude-sand-stor...</a>
- rft1 hour ago
 I still have to go through my watch list, the age old issue of not having my slides done before congress...The 10 year of Dieselgate is interesting just from a "how bad is it really?" PoV, I saw the part about curves and other defeat devices already [1].The Rowhammer talk is likely going to be great as well, I like Daniel's work [2].The practical Cross-VM Spectre was interesting to show this is still a problem [3].The opensource secure element was good for trying such a thing, but I wasn't that impressed with the content [4].[1] <a href="https://cfp.cccv.de/39c3/talk/7MSRA7/" rel="nofollow">https://cfp.cccv.de/39c3/talk/7MSRA7/</a> <a href="https://media.ccc.de/v/39c3-10-years-of-dieselgate" rel="nofollow">https://media.ccc.de/v/39c3-10-years-of-dieselgate</a>[2] <a href="https://cfp.cccv.de/39c3/talk/3JXAJJ/" rel="nofollow">https://cfp.cccv.de/39c3/talk/3JXAJJ/</a> <a href="https://media.ccc.de/v/39c3-rowhammer-in-the-wild-large-scale-insights-from-flippyr-am" rel="nofollow">https://media.ccc.de/v/39c3-rowhammer-in-the-wild-large-scal...</a>[3] <a href="https://cfp.cccv.de/39c3/talk/ATYLN9/" rel="nofollow">https://cfp.cccv.de/39c3/talk/ATYLN9/</a> <a href="https://media.ccc.de/v/39c3-spectre-in-the-real-world-leaking-your-private-data-from-the-cloud-with-cpu-vulnerabilities" rel="nofollow">https://media.ccc.de/v/39c3-spectre-in-the-real-world-leakin...</a>[4] <a href="https://cfp.cccv.de/39c3/talk/9DYZXG/" rel="nofollow">https://cfp.cccv.de/39c3/talk/9DYZXG/</a> <a href="https://media.ccc.de/v/39c3-lessons-from-building-an-open-architecture-secure-element" rel="nofollow">https://media.ccc.de/v/39c3-lessons-from-building-an-open-ar...</a>
- xorcist4 hours ago
 Absolutely Cory Doctorow's, for the showmanship alone. Lovely background slides. The message itself might not resonate with everyone.The talk "Look Up" about unencrypted data over DVB satellite links was also though provoking, both in presentation and in technical content. If there's that much data unencrypted over a mainstream IP link, imagine how much is still on legacy protocols in 2025.
- robingchan6 hours ago
 order by personal rank:Sandstorm JP-8000 sawtooth DSP reversing <a href="https://www.youtube.com/watch?v=XM_q5T7wTpQ" rel="nofollow">https://www.youtube.com/watch?v=XM_q5T7wTpQ</a>Washing machines hacking <a href="https://www.youtube.com/watch?v=Q1S-PVo3GlA" rel="nofollow">https://www.youtube.com/watch?v=Q1S-PVo3GlA</a>AMD (ps5 sorta) security: <a href="https://www.youtube.com/watch?v=cVJZYT8kYsI" rel="nofollow">https://www.youtube.com/watch?v=cVJZYT8kYsI</a>cool demo for the BT headphones talk: <a href="https://www.youtube.com/watch?v=TK5Tz4Bt94Y" rel="nofollow">https://www.youtube.com/watch?v=TK5Tz4Bt94Y</a>precise time syncing with PTP: <a href="https://www.youtube.com/watch?v=dOt-zRIG5co" rel="nofollow">https://www.youtube.com/watch?v=dOt-zRIG5co</a>x86 > arm with intermediate: <a href="https://www.youtube.com/watch?v=3yDXyW1WERg" rel="nofollow">https://www.youtube.com/watch?v=3yDXyW1WERg</a>
- g-mork4 hours ago
 Just for sheer geekery's sake probably the ISDN talk.For OMG eye opening factor the FreeBSD jails talk (how the hell is this thing still so buggy?) and the talk on unencrypted satellite linksFor excellent follow-along value and dedication to ridiculously pointless cause the Freebox talk. "Technically I don't own this box so instead of risking damaging it I'm going to take the extremely long and entertaining route around, somehow involving Doom WAD files"For showmanship probably the Tegra talk
 - jacquesm3 hours ago
 > For OMG eye opening factor the FreeBSD jails talk (how the hell is this thing still so buggy?)Because everything that complex is going to be that buggy.With the bugs they found fix a constant number of them still remains.
 - pantalaimon6 minutes ago
 Linus said 'many eyes make all bugs shallow', but compared to Linux, there are not many eyes looking at FreeBSD.
- lskkgklglw2 hours ago
 The biggest problem with ccc is that: 0. They are releasing too few tickets. 1. They are releasing the tickets too late. 3. Still not able to pay with card?I live somewhat nearby, but can’t book or plan a visit because of this. I appreciate that they are releasing videos shortly afterwards though.
 - neiman2 hours ago
 You can pay with a card, but there is an additional 5 Euros fee (which is fair enough).I booked a refundable hotel already in the summer, in case I won't get the tickets. But getting the ticket this year was relatively easy (though maybe I just got lucky).
- sunbum3 hours ago
 <a href="https://media.ccc.de/v/39c3-css-clicker-training-making-games-in-a-styling-language" rel="nofollow">https://media.ccc.de/v/39c3-css-clicker-training-making-game...</a> The CSS clicker talk was really entertaining as well as just technological amazing!
- nickslaughter023 hours ago
 The Last of Us - Fighting the EU Surveillance Law Apocalypse<a href="https://media.ccc.de/v/39c3-the-last-of-us-fighting-the-eu-surveillance-law-apocalypse" rel="nofollow">https://media.ccc.de/v/39c3-the-last-of-us-fighting-the-eu-s...</a>
- Alconicon6 hours ago
 I think the blue team ctf ai talk was a good benchmark were we at right now <a href="https://media.ccc.de/v/39c3-breaking-bots-cheating-at-blue-team-ctfs-with-ai-speed-runs" rel="nofollow">https://media.ccc.de/v/39c3-breaking-bots-cheating-at-blue-t...</a>
- weinzierl4 hours ago
 Demystifying Fuzzer Behaviour<a href="https://m.youtube.com/watch?v=h3UcecN5fvQ" rel="nofollow">https://m.youtube.com/watch?v=h3UcecN5fvQ</a>
- SoylentBob7 hours ago
 The one on the bluetooth headphone vulnerabilities was quite fun: <a href="https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone" rel="nofollow">https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-ke...</a>
- jacquesm3 hours ago
 That in-house electronics one is gold.
- rs_rs_rs_rs_rs6 hours ago
 The one on bsd jails <a href="https://media.ccc.de/v/39c3-escaping-containment-a-security-analysis-of-freebsd-jails" rel="nofollow">https://media.ccc.de/v/39c3-escaping-containment-a-security-...</a>The one on whatsapp bugs <a href="https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices" rel="nofollow">https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-wh...</a>
Fnoord5 hours ago
I haven't seen all of them (which I wanted to see) yet, I had a lot of fun with various talks. Thus far, my favourite one was hands down [1], and I can explain why. I am not at all good with hardware, nor hardware designing i.e. I'm not the target audience for this talk.However, the talk was beautiful. It went quick, was informative, good slides, very respectful Q&A (comms and quality-wise), and it had a message of DIY _and_ inspiring hope. It is easy to criticize X or say we need to do better with Y. These guys are doing it, and their journey and findings is completely open source (even though there was substantial financial risk involved). The hacker spirit 101.[1] <a href="https://media.ccc.de/v/39c3-in-house-electronics-manufacturing-from-scratch-how-hard-can-it-be" rel="nofollow">https://media.ccc.de/v/39c3-in-house-electronics-manufacturi...</a>
utopiah1 hour ago
Upvoted since mine <a href="https://news.ycombinator.com/item?id=46452407">https://news.ycombinator.com/item?id=46452407</a> didn't take off.PS: HN sucks with dupes.
kherud7 hours ago
One interesting detail: In previous years, Joscha Bach gave a talk on AI, consciousness, and related topics (see e.g. [0]). A similar talk was planned for this year as well, but after emails between him and Epstein were made public (see his comment on this in [1]), his talk was canceled. Instead, there appears to have been an event that critically addressed the situation [2]. Unfortunately it was not recorded. Did anyone attend? A discussion between Joscha and his critics would have been really interesting.[0] <a href="https://media.ccc.de/v/38c3-self-models-of-loving-grace" rel="nofollow">https://media.ccc.de/v/38c3-self-models-of-loving-grace</a>[1] <a href="https://joscha.substack.com/p/on-the-jeffrey-epstein-affair" rel="nofollow">https://joscha.substack.com/p/on-the-jeffrey-epstein-affair</a>[2] <a href="https://events.ccc.de/congress/2025/hub/en/event/detail/tech-transcendentalism-as-hypermodern-myth-and-neo" rel="nofollow">https://events.ccc.de/congress/2025/hub/en/event/detail/tech...</a>
- pantalaimon28 minutes ago
 He did have an anual talk beginning with 30C3<a href="https://media.ccc.de/search?p=Joscha" rel="nofollow">https://media.ccc.de/search?p=Joscha</a>
- anotheryou6 hours ago
 Well that discussion talk is not an open discourse about the situation...He quoted what he believed was scientific evidence in a private conversation that became public, has comments on fashism being efficient are clearly anti-facist and believed to observe a gender stereotype. No matter if the facts were true, it should be possible to discuss such things (especially those you think are facts) in private without getting canceled. Even if they would play in to the hand of racism or sexism if made as public statements.I found his appology a bit weak, but I also don't see his offense, despite the messages in public being offensive and possibly harmful.
 - viccis3 hours ago
 I think people have little patience lately for tolerating private discussion they find objectionable with Epstein.
 - lukan1 hour ago
 I think people have little patience (or rather fear) to engage with different points of view in general these days.
 - viccis1 hour ago
 I think people have found out the hard way that the paradox of tolerance is real.
 - BoredPositron58 minutes ago
 No tolerance for the intolerant.
 lukan44 minutes ago
 Can you show me, where exactly Joshua Bach stands for intolerance?
- looperhacks3 hours ago
 Assembly events like [2] are not recorded because they are largely self-organized and barely moderated (if at all).
 - lukan57 minutes ago
 This one was moderated, though."The main part of the workshop consists of a moderated deliberative discussion with the audience."I think it is a bit ironic, that Joshua got canceled because of a private conversation - and the debate about it is not recorded, so .. in effect people are more free to express their opinions without getting canceled.Disapointing to me. Joshua seems to have points of views I find debatable (I don't know much about him) But canceling to not have to stand his opinions? That is very much against the hacker spirit to me and he is a smart guy who knows a lot about AI.
- Alconicon6 hours ago
 Urgh wtf...This meta discussion synopsis "Tech-Transcendentalism as Hypermodern Myth and Neofeudal Ideology [all creatures welcome]" feels like reading a rabit hole of a mountain.I would have loved another talk from Joscha, the critisism is weirdly ignorant.
- weinzierl6 hours ago
 To add some context and to spare readers who, like me, know nothing about Joscha Bach and only little about Epstein from having to go through all the linked material:The allegations do not appear to involve abuse or moral complicity with Epstein. Instead, they seem to focus on emails Bach exchanged with Epstein concerning IQ, race, and possibly sex. Bach denies these allegations of racism and sexism.That is at least how I understand the material based on the provided links.
 - jtefera4 hours ago
 For context, this is the email exchange between Joscha and Epstein: <a href="https://www.jmail.world/thread/HOUSE_OVERSIGHT_026406?view=inbox" rel="nofollow">https://www.jmail.world/thread/HOUSE_OVERSIGHT_026406?view=i...</a> (original doc: <a href="https://epstein-emails.sfo3.digitaloceanspaces.com/docs/HOUSE_OVERSIGHT_026406.pdf" rel="nofollow">https://epstein-emails.sfo3.digitaloceanspaces.com/docs/HOUS...</a>).
- walls5 hours ago
 "All of the people I know who were friends with this sociopathic child-trafficking pedophile told me he was reformed now" is certainly something to put out there.
blakesterz7 hours ago
<a href="https://media.ccc.de/v/39c3-a-post-american-enshittification-resistant-internet#t=0" rel="nofollow">https://media.ccc.de/v/39c3-a-post-american-enshittification...</a>Cory Doctorow's talk is quite strong.
- teroshan6 hours ago
 Transcript of the speech on his blog: <a href="https://pluralistic.net/2026/01/01/39c3/#the-new-coalition" rel="nofollow">https://pluralistic.net/2026/01/01/39c3/#the-new-coalition</a>An excerpt:> I assume you've spotted the pattern by now: the US trade representative has forced every one of its trading partners to adopt anticircumvention law, to facilitate the extraction of their own people's data and money by American firms. But of course, that only raises a further question: Why would every other country in the world agree to let America steal its own people's money and data, and block its domestic tech sector from making interoperable products that would prevent this theft?> Here's an anecdote that unravels this riddle: many years ago, in the years before Viktor Orban rose to power, I used to guest-lecture at a summer PhD program in political science at Budapest's Central European University. And one summer, after I'd lectured to my students about anticircumvention law, one of them approached me.> They had been the information minister of a Central American nation during the CAFTA negotiations, and one day, they'd received a phone-call from their trade negotiator, calling from the CAFTA bargaining table. The negotiator said, "You know how you told me not to give the Americans anticircumvention under any circumstances? Well, they're saying that they won't take our coffee unless we give them anticircumvention. And I'm sorry, but we just can't lose the US coffee market. Our economy would collapse. So we're going to give them anticircumvention. I'm really sorry."> That's it. That's why every government in the world allowed US Big Tech companies to declare open season on their people's private data and ready cash.> The alternative was tariffs. Well, I don't know if you've heard, but we've got tariffs now!> I mean, if someone threatens to burn your house down unless you follow their orders, and then they burn your house down anyway, you don't have to keep following their orders. So…Happy Liberation Day?
- divan5 hours ago
 I shared this link on my personal FB page couple of times and it was automatically removed within seconds.
 - crtasm5 hours ago
 I imagine it will be uploaded to the youtube channel soon: <a href="https://www.youtube.com/@mediacccde" rel="nofollow">https://www.youtube.com/@mediacccde</a>
 - sneak5 hours ago
 Then why continue to donate time and attention to censorship platforms? Having a Facebook account is completely optional.
 - divan4 hours ago
 Network effects, obviously.
 - aweiher3 hours ago
 I’d argue that what you're experiencing isn't the Network Effect anymore, but rather Vendor Lock-in.The Network Effect implies the platform gets better for you as more people join. If they are deleting your content, the network is no longer serving you—it’s just holding you hostage. This is enshitification as it best. (this ironie with a cory doctorow link)At this stage, it’s just a walled garden. Staying because 'everyone is here' while being silenced is learned helplessness.You're voluntarily staying in a walled garden that refuses to let you speak.But: The door is wide open, you can go.
 - blurbleblurble5 hours ago
 Wild.
- yunnpp3 hours ago
 Precisely the first video I started downloading and I didn't even realize it was from Cory.It carries even more weight now that "post-American" is coming from...an American. This guy stands for his ideals, I envy such resolve.
 - cyberpunk2 hours ago
 In the talk he mentions he’s from Canada…
 - pa7ch1 hour ago
 He has been living in LA and working for the EFF for some time now.
fbias4 hours ago
I can’t not see Catbert in the video player iconography. Someone tell me they did this intentionally.
- st_goliath4 hours ago
 The icon is supposed to represent one of those waving cat figurines: <a href="https://en.wikipedia.org/wiki/Maneki-neko" rel="nofollow">https://en.wikipedia.org/wiki/Maneki-neko</a>It has some long tradition placing those visibly on the podium. As the story goes, the idea is that you can immediately see if the video stream freezes up (because the cat in the video suddenly stops waving). You wouldn't immediately catch that in between talks (when you have some time to fix the issue) if the camera was just pointed at an empty stage with no movement. I think at 30C3 or so, I saw one that was placed so that it would repeatedly knock on the microphone as well.Anyway, the waving cat has become a bit of a meme by itself and mascot of the VOC, hence also the (animated) icon in video player.
 - fbias4 hours ago
 Thank you both!
- ximm4 hours ago
 It is a Maneki-neko (beckoning cat / Winkekatze). The video team started putting them on podiums so they could see when a stream was frozen. So it became kind of a mascot.
ChrisArchitect5 hours ago
Some popular selections with discussion so far:Bluetooth Headphone Jacking: A Key to Your Phone [video]<a href="https://news.ycombinator.com/item?id=46453204">https://news.ycombinator.com/item?id=46453204</a>Hacking Washing Machines [video]<a href="https://news.ycombinator.com/item?id=46428496">https://news.ycombinator.com/item?id=46428496</a>Escaping containment: A security analysis of FreeBSD jails [video]<a href="https://news.ycombinator.com/item?id=46436828">https://news.ycombinator.com/item?id=46436828</a>All my Deutschlandtickets gone: Fraud at an industrial scale [video]<a href="https://news.ycombinator.com/item?id=46411930">https://news.ycombinator.com/item?id=46411930</a>
grantcas1 hour ago
[dead]
TheCraiggers6 hours ago
[flagged]
cocodill48 minutes ago
Unfortunately, the congress is getting worse and worse every year. There are fewer and fewer interesting and technical topics. "It used to be better" moment.
- sllabres22 minutes ago
 None of these interesting as "technical topic"? (only examples)51 Ways to Spell the Image GiraffeWho cares about the Baltic Jammer?Asahi Linux - Porting Linux to Apple SiliconThe art of text (rendering)Excuse me, what precise time is It?DNGerousLINKCPU Entwicklung in FactorioHow to render cloud FPGAs uselessBreaking architecture barriers: Running x86 games and apps on ARMCracking open what makes Apple's Low-Latency WiFi so fastReverse engineering the Pixel TitanM2 firmwareNot To Be Trusted - A Fiasco in Android TEEsCelestial navigation with very little mathTextiles 101: Fast Fiber TransformEscaping Containment: A Security Analysis of FreeBSD JailsDon’t look up: There are sensitive internal links in the clear on GEO satellitesOpening pAMDora's box and unleashing a thousand paths on the journey to play Beatsaber custom songsLessons from Building an Open-Architecture Secure ElementAnd of course some of the Lightning Talks...