From 01.09 - 03.09.2023, the 19th MRMCD (MetaRheinMainChaosDays) took place on the premises of TU Darmstadt. The event is organised by the registered association of the same name, regional hackspaces and universities. As a special feature, each conference is held under a motto determined in advance, which is also reflected in the decoration of the premises. For me, it was the first CCC-related event - and a clear contrast to other open source and vendor conferences I have attended so far.

Whose reality is it?

The theme for this year was "Whose reality is it?". Above all, criticism of artificial intelligence was the proverbial thread running through the decoration of the premises. Thus, these were decorated with numerous - partly entertaining, partly almost believable - deepfake photographs. Various pop culture allusions (red/blue jelly beans as "truth pills" known from Matrix) as well as creative puns on drink/menus (Flat White Earth) rounded off the decoration.

45 talks and numerous self-organised sessions ensured a great diversity of content. Thematically, everything was represented from political sessions (e.g. Adbusting: Worte als politische Maßnahme or Memetische Agitation des jungen Rechtsaußenspektrums: Mechanismen, Strategien, Narrative)*) to Meetups (NixOS, Freifunk) to technical deep-dives and lockpicking courses.

In the Capture the Flag, visitors interested in security could compete in more than 20 challenges - some of the results have now been summarised here. Various DJ sets (Lying Basses!) provided a pleasant ambience - the highlight was a Pornophonique concert on the first evening.

The angel system for volunteers, well-known in CCC circles, was part of the event - as was the actively used Eventphone. Here, DECT phones brought along could be used on the premises - desired extensions could be registered in advance.

The thematic focus of the event differs noticeably from other events I have attended so far (e.g. FrOSCon, OSAD). For example, net-political and partly socio-critical topics are more important and manufacturers are deliberately not offered a stage. The event sees itself as community-oriented, but this does not detract from the organisation and implementation. The circle of participants is extremely diverse, which I personally very much welcome.

Talks

Most of the talks can be consumed afterwards in the schedule or on the server of the C3VOC.

Amusingly, Opening and Closing were turned inside out in terms of tense.

Among the technically interesting talks for me was Fahrplan Chaos. It reported on the various (obscure) data sources and their problematic specifics for Deutsche Bahn timetables.

No less interesting was the talk Linux Audit Framework - An Introduction by Sergej Schmidt, which dealt entirely with the Linux framework 'auditd'. Besides some basics, he also showed some tips for easier evaluation of unreadable logs - for example by using Splunk Cisco.

In the lecture: Kein Bock mehr von X und co. durchgenommen zu werden? Dann machs dir doch selbst!, the operator of the Mastodon instance darmstadt.social (known from the Tagesschau 😝) reported on the advantages of the decentralised network. He also pointed out legal and technical challenges that arise as well as his personal approaches to solving them.

Two highlights were also the network policy talks Digitalisierung 2.0 - jetzt nachhaltig gedacht and Palantir - Deutsche Polizeiarbeit verfassungswidrig by Manuel 'HonkHase' Atug and Caroline Krohn. The former presented the mission of the recently founded AG Nachhaltige Digitalisierung. This group has so far defined 10 basic principles to positively influence the long-term consequences of digitalisation today through security by design approaches and repeated public relations work. Numerous security-related incidents in recent years have proven that there is obviously a great need for this.

The duo's second presentation was dedicated to the Gotham software of the US surveillance company Palantir, which is regrettably present in European and also German police work. Bavaria has used a framework agreement to actively undermine the negative assessment of the Federal Ministry of the Interior and to enable other federal states to circumvent the award procedure. Hesse already uses similar software with HessenData, which is undoubtedly unconstitutional. Atug and Krohn pointed out the fatal consequences of reckless use.

I myself was also allowed to contribute to the programme with a presentation (Linux Host Security - Lessons Learned & Practical Tips). The feedback from the participants was very valuable - so I again took away numerous tool tips that can be helpful in optimising the security of Linux systems.

Conclusion

Next year, the conference will celebrate its 20th anniversary from 03.10 - 06.10.2024 - and, according to the MRMCD team, we can expect big surprises. I had a lot of fun at the event - I gained a lot of new impressions and am already looking forward to the next event.