Onion Services: Design, Protocol and Implementation (gpn23)

Chaos Computer Club - recent events feed (high quality)

Player FM - Internet Radio Done Right

36 subscribers

Added seven years ago

محتوای ارائه شده توسط CCC media team. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط CCC media team یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Everyday AI Podcast – An AI and ChatGPT Podcast

1
EP 580: Cracking the AI Productivity Paradox: Insights for Business Leaders 30:54

13 روز پیش30:54

پخش در آینده

لیست ها

پسندیدن

دوست داشته شد

30:54

AI makes us all more productive.... so why isn't revenue soaring? That's the AI Productivity Paradox. ↳ Does that mean GenAI doesn't work? ↳ Or do we all collectively stink at measuring GenAI ROI? ↳ Or are employees just pocketing that time savings? Faisal Masud is a tech veteran with answers. He's the President of HP Digital Services, and he's going to help us solve the AI Productivity Paradox. Newsletter: Sign up for our free daily newsletter More on this Episode: Episode Page Join the discussion: Have a question? Join the convo here. Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineup Website: YourEverydayAI.com Email The Show: info@youreverydayai.com Connect with Jordan on LinkedIn Topics Covered in This Episode: AI Productivity Paradox Explained Hybrid Work's AI Integration Challenges Generative AI Impact on Large Enterprises Raising Productivity Expectations in AI Era AI Tools vs. Traditional Employment Roles Effective AI Policy Implementation in Enterprises Building Internal AI Capabilities Strategy Insights from AI-Based Easy Button History Timestamps: 00:00 "Your Daily AI Insight Hub" 03:43 Workforce Experience Platform Overview 07:46 High Hiring Bar Enhances Productivity 10:31 Enterprise Productivity Lag with GenAI 15:53 AI Integration in Workflows 19:01 Raising Expectations in Tech Management 21:57 Hiring for Future-Ready Roles 25:23 Staples' Innovative "Easy Button" Strategy 27:22 Less is More for Success Keywords: AI productivity paradox, generative AI, productivity improvements, employee experience, HP Digital Services, hybrid work, employee productivity, generative AI wave, AI tools, workforce experience platform, AI PCs, employee sentiment data, hybrid work challenges, generative AI boom, overemployment, AI policy, large enterprises, business leaders, remote work, Microsoft Copilot, improved productivity, customer experience, agentic workflows, AI-enabled tasks, augmented roles, future of work, AI solutions, digital transformation, management challenges, augmented society, productivity metrics, less is more approach, efficient work processes. Send Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Ready for ROI on GenAI? Go to youreverydayai.com/partner…

حدود یک سال پیش 58:31

MP4•خانه قسمت

Onion Services are a crucial part of the Tor ecosystem and provide a clever way for anonymously hosting location hidden network services. Almost all of us know about them but how do they work in detail? This talk explains the technical details from .onion addresses up to the transfer of actual TCP stream data. This talk aims to give an introduction into the design, protocol and implementation of onion services. The idea is to give the audience an understanding of what happens internally inside the Tor network from what .onion addresses actually are over the cryptographic building blocks over to the actual messages sent over the protocol. The audience is expected to have a basic understanding of what the idea behind Tor is, as well as a high-level overview on the cryptographic primitives. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://cfp.gulas.ch/gpn23/talk/DVRLWC/

2022 قسمت

#Tech #Ccc Congress Hacking Security Netzpolitik #Germany #CCC media team #Video

Onion Services: Design, Protocol and Implementation (gpn23)

Chaos Computer Club - recent events feed (high quality)

36 subscribers

published حدود یک سال پیش

اشتراک گذاری

MP4•خانه قسمت

2022 قسمت

#Tech #Ccc Congress Hacking Security Netzpolitik #Germany #CCC media team #Video

All episodes

1
Closing (WHY2025) 29:37

۲ روز پیش29:37

29:37

The goodbye and look back on the camp. The thank you, the funny stories. All of them. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/VSKJMH/

1
Can we trust the Zero in Zero trust? (WHY2025) 38:02

۲ روز پیش38:02

38:02

Zero Trust (ZT) has evolved from pure network access to hype. ZT Everywhere has become a buzzword. If you ask about it during product presentations, the sales person sometimes runs out of the meeting. If we look beneath the surface, we find a lot of code that we trust in zero trust environments without realising it. Istio containers in service meshes, key management systems in SSH/Ansible environments and a whole lot of legacy code in confidential computing require trust in strange containers, ex-employees and attestation processes and a CI/CD pipeline for microcode in the cloud. What questions should we ask ZT? As the management of keys is crucial for TLS (encryption on transport), disk encryption (encryption on rest) and the new kid on the block confidential computing (encryption of data in use) we look under the carpet of implementations and raise a lot of questions to ask if implementing the concept. This immediately affects any digital souvereignty. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/3EHJGJ/…

1
About Time (WHY2025) 43:38

۲ روز پیش43:38

43:38

A shared understanding of what time it is and the rate at which time progresses is essential in many areas of technology from industrial control to broadcast. There are two main ways of synchronizing time between multiple computers, Network Time Protocol (NTP) and Precision Time Protocol (PTP). NTP is sufficient for certificate validation, but when timing is crucial we need PTP. In this talk we will take a deep dive into PTP: what it is, how it works, and various ways to abuse it. In my previous talks about Audio over IP and AV technologies the Precision Time Protocol has come up repeatedly as something that deserves its own talk. PTP has a wider use case which makes it interesting as a target for shenanigans. The talk aims to consolidate several years of experience and research into a concise understanding of this fundamental technology. No prior knowledge about PTP or network time will be assumed. Some familiarity with networking basics will be helpful, but not essential. Warning may contain hacker humor. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/LJ9879/…

1
Abacus: Open source software for the Dutch Elections (WHY2025) 48:24

۲ روز پیش48:24

48:24

The Dutch Electoral Council builds its new software-to-be, with a small in-house team, open source and in public. We call her Abacus. In this talk we'll go in depth on the technical and management side of our project. We invite you to join and check out our work! Our talk contains actual code written in Rust. "The software used in elections is developed open source", according to the Dutch law on elections. As we are working on this software at the Dutch Electoral Council, we want to share our experience and invite you to check out our progress so far. We'll go into our development process and technical choices, show some of the cool contributions we received, some of our own code and show what happens when a small government organisation decides to take software development into its own hands. At the talk both the lead developer and teamlead are present, to be able to elaborate on the actual development and on the management of such a project. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/ALPRVC/…

1
Rush hour rodeo and traffic cam selfies (WHY2025) 43:58

۲ روز پیش43:58

43:58

After some internal evaluation and a journalists inquiry on the possibility of chinese state actors having access to camera footage, Muncipality the Hague decided to do a security test focused on an APT threat on their traffic camera infrastructure. During the session we will show how the team approached this project, how some of the cinematic scenarios of causing traffic jams and using the camera's for espionage were possible in real life and what lessons were learned from the project. The session will start with providing a bit of context on why the project was started, what was already going on at that time and why the muncipality of the Hague had further questions for which they needed a hacking team. We then discuss how we approached the project in a complex environment, where APT threats are involved and how that changes how you assess certain systems and features. The core of the presentation focuses on disclosing the actual vulnerabilities found within the systems, how we went through the full cyber kill chain within the environment and what that actually means in the physical realm if this had been exploited with malicious intent. Finally we end the presentation with some details on how the discovered issues were addressed and what general lessons can be learned from this project that could also be applicable for other similar environments. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/RJTUR8/…

1
ISMS-oxide and you (Information-Security-Management-System for hackers) (WHY2025) 42:18

۲ روز پیش42:18

42:18

This is NOT an introductory talk about ISMS (Information-Security-Management)! It is about my experiences and reflections about real-life issues when deploying an ISMS. There will be a section dedicated to 'hacking' an ISMS, though. The presumed audiences are: - individuals working in the realm of IS-/IT-security management - hackers working in environments that expose them to ISMS-related TODOs (I'll try to put these things into context!) - anyone trying to understand this ISMS-nonsense Agenda: 1) Introduction - Management-Systems - Information-Security-Management-Sytems (ISO 27001, German BSI IT-Grundschutz) 2) Theory - Corporate overlords (a.k.a "hacking ISMSes") - Risk-Management - Compliance(-Reporting) - Certifications 3) Reality - What? Why? How? - Anecdotes 4) Conclusion Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/RMHF3N/…

1
How to become your own ISP (WHY2025) 34:51

۲ روز پیش34:51

34:51

This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and more. Ever wanted to become sovereign on the internet? Want to know what its like to run an ISP? Are you a sysadmin that wants to learn more about networking? Then you're at the right place. This talk will take you along with a deep dive on how the internet works at its core and how you can participate yourself. You'll learn all about BGP, AS- numbers, IP-prefixes and what you need to do if you want to participate. You will walk away with practical knowledge on how you can get started. We'll also take a short tour of my own network, how I set it up and what I use it for. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/NCFHN3/…

1
Scaling up victim notification, because crededential theft is scaling up too... (WHY2025) 27:29

۲ روز پیش27:29

27:29

How do you scale up victim notifications from a couple of hundreds, to thousands, to millions to billions of stolen credentials? Credential theft is on the rise. Cybercriminals are gettings smarter and more efficient. Why hack in, if you can log in? At the DIVD we see this trend in the cases where we assist with notifying victims of credential theft. Where our first such cases started with a mere threehundred-something credentials we are now sometimes faced with credential dumps that contains millions of even billions of credentials. How can we scale this up, what problems did we face, how did we solve them, and what haven;t we solved yet? Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/KUVEEL/…

1
Building Inclusive Quantum Communities (WHY2025) 20:27

۲ روز پیش20:27

20:27

We in Quantum Development (WIQD) is a growing community dedicated to promoting diversity, equity, and inclusion (DEI) in the quantum ecosystem. In this presentation, we will introduce WIQD’s mission and activities, share insights from our first Women’s Day Hackathon, and highlight why fostering an inclusive quantum community is essential for innovation and impact. WIQD (We in Quantum Development) aims to build a thriving, inclusive network for professionals in quantum science and technology. During this 25-minute interactive presentation, we will briefly introduce WIQD and discuss the importance of DEI in quantum development. We will also share lessons learned from our 2024 Women’s Day Hackathon (https://www.wiqd.nl/event/womens-day-hackathon/), where participants collaborated to tackle technical and societal challenges in quantum. By reflecting on these experiences, we hope to inspire more people to get involved, collaborate across disciplines, and help shape an open, innovative quantum community. To make the talk interactive, we’ll use an e-tool to collect thoughts and ideas from the audience in real time. The speakers, Nina & Jay, will be based in the Quantum.Amsterdam village tent, please feel free to drop by to meet them. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/SUCW9S/…

1
OpenStreetMap for beginners (WHY2025) 45:43

۲ روز پیش45:43

45:43

Are you interested in maps? Are you searching for a FLOSS mapping navigation? Do you need geodata? Do you need a map on your site? Do you want to help creating maps from your local environment or from vulnerable places? Then, you have come to the right talk! This talks gives a broad overview of OpenStreetMap, the community and how to get started with it. OpenStreetMap is an open database of geodata and has become the biggest geodataset of the world. It is often called 'the wikipedia of maps' and is getting used in more and more applications - from grassroot movements to big corporations. A tremendous lot is possible, but it can be confusing to get started and to dive into the ecosystem. In this talk, I'll give a high-level overview of OpenStreetMap and answer the most important questions: - What is OpenStreetMap (and what is it not?) - What applications exist? - What tools exist? - How can one contribute? - How can one export data? - How can one get in touch with the local mapping community? No previous experience with mapping or GIS needed! This is a talk, so you don't have to bring anything. However, if you need some help with your first OSM-edits, I'll stick around after the talk to get you started. In that case, it might be useful to bring your laptop (or smartphone) Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/LLRPVY/…

1
How election software can fail (WHY2025) 48:27

۲ روز پیش48:27

48:27

Experiences from a hacker working at the Election Council of The Netherlands. After critically following the elections for 8 years from the outside, a hacker was employed as one of the functional administrators of the software supporting the elections. Sharing experiences of the use of election software during 7 elections (2020-2023), from local, national to European in The Netherlands. A governmental software project with strict deadlines, and high security expectations. The software project for elections in The Netherlands is build an IT organization owned by German local governments. More than 10.000 Java files, what can possible go wrong? During this time multiple emergency patches were needed and incidents occur. Although at first explicitly not hired as a coder, within 3 months a Java code contribution was made that was unexpectedly more crucial than anticipated. This talk will show some incidents with the election software in The Netherlands: how the software failed, and when/how it was discovered. Go over how seeing the elections from the outside, and give some history of voting computers and software. Ending with some reflecting on the future. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/MPH9CD/…

1
Time Lord's adventures: abusing time on Linux systems (WHY2025) 22:49

۲ روز پیش22:49

22:49

What happens when an attacker controls time on a Linux system? This talk looks at how system clocks work, and what breaks when they’re manipulated. From bypassing delays to triggering subtle logic errors, we’ll explore how unstable time can subvert assumptions, break security controls, and cause software to behave in unexpected or unsafe ways. This talk explores the consequences of full control over time on a Linux system. We’ll start with a brief overview of how system clocks work, highlighting common assumptions made by applications and security mechanisms. The focus will be on local manipulation of the system clock — jumping forward, rewinding, or freezing time — and the unexpected ways software can break when time becomes unreliable. Through practical examples, we’ll see how time-based defences and logic can be bypassed, exposing vulnerabilities that often go unnoticed. Not every issue leads to a full exploit, but many reveal fragile trust assumptions rarely tested in real environments. This talk is for hackers, tinkerers, and developers who’ve ever relied on `sleep(1)` as a defence mechanism. You might rethink your assumptions about time-based security after attending. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/NZRWGU/…

1
Towards digital sovereignty with cloud federation: how to break the dominance of the hyperscalers (WHY2025) 45:52

۳ روز پیش45:52

45:52

A team of Dutch scientist and cloud engineers is working on Ecofed: European Cloud Services in an Open Federated Ecosystem. The objective and scope of the ECOFED project are to develop a technical framework for a more open and integrated cloud usage model. This framework will enable multiple clouds from various providers to function as a single, cohesive system, offering a European alternative to hyperscaler clouds. In this open cloud ecosystem, users can easily switch between different clouds. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/KVXYMB/…

1
The Well Is Poisoned — Now What Shall We Drink? (WHY2025) 48:02

۳ روز پیش48:02

48:02

Wikipedia tells us that _low-background steel_ is steel produced before the detonation of the first nuclear bombs. Yep, you guessed it, **this is a talk about Large Language Models**. LLM outputs have quickly spread like radionuclides, threatening everything from the scientific record to the existence of the Internet as we know it. In this talk I'll discuss _practical small web approaches_ that we can use to build a new Internet that doesn't suck quite so badly. There will also be memes ;-) Have you noticed how the **good stuff** on the Internet is increasingly hidden behind bot checks, subscriptions and paywalls? And that it's getting harder and harder to find things online due to LLM pollution? Welcome to the club! You are in the right place. In this talk I'll highlight some of the most egregious examples, consider how we can best preserve _low background information_ for future generations, and how we can use small web techniques like **self-hosted blogs and static site generators** to bootstrap a new infosphere that doesn't rely on a handful of _hyperscale operators_. I'm particularly interested in how we can _federate and syndicate search_, learning from protocols and standards like RSS and ActivityPub. As part of the talk I'll give you some practical tools and approaches to try. If you find this interesting, consider joining us in the [SearchClub](https://matrix.to/#/#searchclub:matrix.org). **Let's have fun building the new Internet together!** Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/FHLCMR/…

1
Hacked in translation: Giving an Abandoned IoT Device a New Life (WHY2025) 39:09

۳ روز پیش39:09

39:09

As everybody knows, "L" in IoT stands for long-term support. I'll take you on a tour of my technical adventure where I revived an abandoned IoT "AI" translator and gave it a new life, 2025-style. Through deciphering peculiar protocols and formats, reverse engineering firmware and software and doing the necessary research to write new software, we'll see how curiosity and persistence can help you overcome the most obscure technical challenges. Licensed to the public under https://creativecommons.org/licenses/by/4.0/ about this event: https://program.why2025.org/why2025/talk/TUD7EB/…

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.