Learn basic woodworking skills and power tools while building a coaster to take home. Sign up HERE! This class is open to all, no experience or membership necessary. Attendees must only become CRASH Space members if they would like to continue to use the tools for their own projects in the future. Each class is a one-off, with projects including coasters, stools, and flower presses.
Come Learn Risography at CrashSpace! Risography Crash Course! Bright Colors! Grungy dots! Unpredictable alignments! A Risograph is somewhere between a photocopy and a screen print. Beloved by zine creators, poster makers and retro design enthusiasts, Risography provides intense colors with just enough unpredictability to make it interesting. In this class we will learn Risography basics, reasoning about spot colors and get hands on experience with a Risograph printer. We will learn both traditional and digitally aided Risograph layout techniques. With 7 eye-popping colors to choose from, everyone who takes a class will leave with 15 copies of a 3 color print. Bring a sketch, a laptop, inspiration or all 3! All duplicating supplies provided — just bring your imagination (and a sketch, if you’ve got one) All skill levels welcome — total beginners especially Up to 3 color prints per member to take home Ages 18+ Where : CrashSpace, 10526 Venice Blvd., Culver City, CA 90232 When : June 20, 3 – 5pm Cost : $10 Sign up on Eventbrite: https://www.eventbrite.com/e/beginner-risograph-class-tickets-1990730266817?aff=oddtdtcreator
Transform used bike chains into kinetic jewelry and small wearable objects with movement, memory, and a little bit of steel magic. In this hands-on workshop, we’ll transform used bike chains into kinetic jewelry and small wearable objects with movement, memory, and a little bit of steel magic. Participants will learn how to clean, break down, and repurpose bike chain into pieces that can become a necklace, bracelet, keychain, gift, or small talisman. We’ll also explore heat painting steel, using flame and temperature to bring out shifting blues, golds, purples, and other iridescent tones in the metal. Kinetic jewelry offers a small source of movement, texture, and tactile stimulation, something to fidget with, focus on, or carry as a grounding object. Your finished piece might commemorate the bike you crossed the country with, hold the story of a beloved ride, or become a gift for someone who would rather skip the subway and bomb down Broadway on two wheels instead. Participants are welcome to bring their own retired bike chain, especially one with personal meaning, or use materials provided in class. No prior jewelry-making or bike repair experience needed, just curiosity, hands, and a willingness to play with metal, motion, and memory. Your instructor: Adela Wagner is a Brooklyn-based interdisciplinary artist, community organizer, and long-distance cyclist whose work often lives at the intersection of movement, memory, and care. Their cycling life began in NYC on a rusted Craigslist bike and eventually carried them across six states on a solo ride from Pennsylvania to Georgia, through Czech mountain roads, and into mutual aid rides, street activism, and bike community. For Adela, the bicycle is both a practical tool and a vessel for story: a way to move through fear, build connection, carry grief, and find freedom in the flow state. This is a masks optional workshop More info and RSVP
Auf Japanisch begrüßt man den Morgen mit "ohayou gozaimasu". Wenn wir hingegen die News des Monats begrüßen, fühlen wir uns mehr nach "oh herrje gozaimasu". Von Microsoft-Bashing über Kernel-Exploits bis zu DNSSEC-Rucklern ist wieder alles dabei. Auf Basis der Livesendung vom 26. Mai 2026. Shownotes: Shownotes als Textdatei Shownotes als Webseite pentaradio24 vom 26. Mai 2026 (MPEG-Audio, 106.1 MiB) pentaradio24 vom 26. Mai 2026 (MPEG4-Audio, 77.4 MiB) pentaradio24 vom 26. Mai 2026 (Ogg Vorbis, 84.2 MiB) pentaradio24 vom 26. Mai 2026 (Opus, 46.5 MiB)
Offene Töpferwerkstatt Mitmachen Du hast ein Töpferprojekt, das du umsetzen möchtest? Dann steht dir das Atelier der Binary Kitchen zur Verfügung. Das Angebot ist kein Workshop, wir bieten also keine Anleitung und keine Projektideen, sondern die Möglichkeit, selbstständig bei uns zu werkeln. Übliche Materialien wie Modellierton, Glasuren und Töpferscheibe sind vorhanden, wenn du Besonderheiten haben möchtest, kannst du diese natürlich mitbringen.
Sede 102 sul EQS 102/103 bloco A sala 88 Centro Empresarial São Francisco (antigo Cine Centro São Francisco) CEP 70330-400 *Não* Estamos [mais] remotos! set/2025 a maio/2026 Uma breve história do Calango Hacker Clube até aqui (setembro de 2025)
English version below Lichter ein- und auschalten für Fortgeschrittene. Mit vielen Bunti-Blinki-Lichtern. Kommt zu unserem Lichtworkshop am Dienstag, von 17:00 - 19:00 im maschinenraum. Wann? : 02.06.2026, 17:00 - 19:00 Uhr Wo? : maschinenraum Wer? : Loui Hier geht es zu allen Workshops aus unserer Reihe: https://blog.maschinenraum.tk/2026/05/20/neue-workshopreihe-im-mai-juni-startet-heute/ Switching lights on and off for advanced learners. With lots of colourful flashing lights. Come to our Lighting Workshop on Tuesday, from 17:00 - 19:00 at maschinenraum. When? : 02.06.2026, 17:00 - 19:00 Where? : maschinenraum Who? : Loui See all workshops from our series: https://blog.maschinenraum.tk/2026/05/20/neue-workshopreihe-im-mai-juni-startet-heute/
Rückblick: Jung Hacker*innen-Tag 2026-05 Trotz der vielen Feiertage im Mai haben wir ein Wochenende gefunden, um uns mal wieder im Jugendtreff zu treffen. Diesen haben wir auch dokumentiert. Dieses Mal gab es kein großes Überthema, sondern die Teilnehmenden durften selbst entscheiden, welche Projekte umgesetzt werden. Ein Schwerpunkt lag auf dem Thema 3D-Design. Es wurden neue Halter für die Werkzeuge in unserer Werkstatt designt, gedruckt und getestet. Selbstverständlich haben wir auch den neuen PRUSA XL benutzt, um mit verschiedenen Farben selbst designte Namensschilder zu drucken. Neben den unterschiedlichen Materialien, die in einem Druckvorgang genutzt werden können, ist der Drucker auch deutlich schneller, sodass an einem Tag direkt mehrere Projekte gedruckt und ggf. wieder verbessert werden können. Daneben wurde auch mit Scratch programmiert. An unserem Schwarz-Weiß-Fernseher wurde ein wenig herumexperimentiert. An dem einen oder anderen Elektronik- und Bastelprojekt wurde gearbeitet. Natürlich gab es auch eine kleine Pause mit Eis und einem (Papier-)Flieger-Wettbewerb. Den Termin für den nächsten „Tag der jungen Hacker*innen” gibt es aber schon: Sonntag, der 28.06.2026, von 13:00 bis 17:00 Uhr. Jetzt kostenlos anmelden . Das ist auch der letzte Termin vor den Sommerferien.
We at Hackeriet had the great pleasure of hosting a workshop by Harrison Sand. Harrison has been looking at telco security from the side of phishing groups, SIM farms, Wi-Fi Calling and packet captures. Think of this post as a map. The point is to connect the pieces well enough that a responsible researcher that can read a pcap can recognize the trust boundaries, and know what needs authorization before touching anything live. Bottom line up front, modern mobile calling is several ordinary systems stacked together: DNS, IPsec, SIM-backed authentication, carrier profiles, SIP, and operator policy. Start With Fraud The research started with phishing groups. The infrastructure behind messages that look like Autopass, Posten, bank warnings, and delivery notices. That led to SIM farms. A SIM farm is a rack of SIM cards attached to hardware that can send messages through a web interface or API. Europol has published examples from cybercrime-as-a-service cases. The hardware is modems, SIM slots, management software, and enough automation to send at scale. SIM farms explain the attacker incentive. Phone numbers still matter. Even when scams move to iMessage or RCS, a phone number is often part of account creation, reputation, and delivery. Wi-Fi Calling adds another question: if a phone can act like a normal subscriber over Wi-Fi, what does that path look like? Two Research Paths There are two paths through the material. The first path teaches observation. The second teaches architecture. It can be smart to try to keep them separated mentaly. One path starts with your phone. Plug in your own device, capture your own traffic, and look at what the handset and network exchange. On iPhone, Remote Virtual Interface capture can expose several interfaces. One of those views can show SIP traffic that would otherwise feel hidden behind the modem and IPsec. Android varies by device, firmware, modem, and access level. The other path starts with the subscriber connection. A Wi-Fi Calling client has to find the operator’s ePDG, authenticate using SIM-backed material, receive inner connectivity, and register to IMS over SIP. The Subscriber Path The rough chain looks like this: SIM / USIM -> ePDG discovery -> IKEv2 / IPsec -> SIM-backed AKA authentication -> inner IPv6 connectivity -> P-CSCF / IMS SIP edge -> SIP REGISTER -> SIP AKA / digest challenge -> subscriber session Terminology note: people often say “SIM” for the physical card and everything on it. More precisely, modern mobile networks use a USIM, the Universal Subscriber Identity Module, for subscriber identity and AKA, Authentication and Key Agreement. Some IMS setups also involve ISIM, the IP Multimedia Services Identity Module, for SIP/IMS identities. The phone first needs an ePDG, the Evolved Packet Data Gateway. Many operators use a standardized DNS name based on MCC and MNC, the mobile country code and mobile network code. Some do not. Those operators may rely on carrier profiles shipped through iOS or Android. After discovery, the device establishes IKEv2/IPsec to the operator. The SIM participates in AKA-style authentication. Think of the SIM as a small cryptographic oracle: software sends a challenge, the SIM returns a response, and the private key material stays on the card. If the ePDG authentication succeeds, the client gets inner network connectivity, often IPv6, plus enough configuration to reach the IMS, IP Multimedia Subsystem, SIP edge. The endpoint you talk to is usually a P-CSCF, the Proxy-Call Session Control Function. Calling it “the SIP server” is close enough for a hallway conversation, but P-CSCF is the more precise term. SIP registration comes next. The client sends REGISTER , receives a challenge, consults SIM/USIM-backed material, and sends an authenticated response. Once registration succeeds, the subscriber can maintain state for calls and messages under the operator’s policy. That is the architectural story Harrison walked through. ePDG gets you onto the operator path. SIM-backed AKA proves the subscription. SIP/IMS handles the call and messaging signaling. Carrier Profiles Count Carrier profiles are part of the system. They can define Wi-Fi Calling domains, IMS settings, radio options, display names, and operator-specific behavior. On iOS, firmware and carrier bundles can be inspected with tools such as ipsw . That does not require touching subscribers or sending traffic into the operator network. This is a good passive research target. You can learn which operators use standard ePDG DNS, which ship custom domains, and what assumptions the phone carries before it sends a packet. SIP Makes The Policy Visible SIP looks familiar if you have spent time with HTTP. It has methods, headers, identity fields, user-agent-style strings, routing data, and provisional responses such as ringing. IMS uses SIP with 3GPP extensions. Headers can carry access-network type, cell identity, Wi-Fi access information, preferred identity, and network-provided values. Some of those fields make sense inside a trusted operator domain. They become a problem when they cross to the wrong party. The Telia case showed this clearly. During his research, Harrison found that Telia call signaling could expose the base station of the person being called. NRK later documented the issue and showed that affected users could be located to roughly 100 to 200 meters in Oslo. Telia fixed it before publication. The Telia case matters because SIP headers sit on trust boundaries. A proxy has to decide what to preserve, strip, rewrite, or mark as network-provided. If that policy is wrong, a diagnostic field becomes location data. Caller Identity Needs Enforcement SIP has several identity-like fields. A call can contain caller identity, preferred identity, authorization identity, subscriber identity, and network-provided identity. Some of this exists for legitimate reasons. A company may want employees to call out from the main switchboard number. That only works safely if the network checks the requested identity against what the subscriber or organization is allowed to use. A recent Telia press release about a closed spoofing weakness. The same boundary problem shows up there: domestic networks and inter-operator paths can trust each other in ways that anti-spoofing systems built for foreign ingress do not cover. Observing Your Own Phone Device-side capture is the safer entry point. With iPhone RVI-style capture, Wireshark can show SIP call setup from your own device. You may see access-network headers, provisional responses, user-agent behavior, and the difference between outer encrypted transport and inner signaling. Remember that this is observing your phone, not the phone network. It still changes how the system feels. A mobile call stops being a sealed black box. You can see what the handset says, what the network returns, and which metadata appears during call setup. For a first lab, that is a good start. Why The Work Is Awkward Telco research crosses too many layers for one neat mental model. Some behavior is in the SIM. Some is in the modem. Some is in the OS. Some is in carrier profiles. Some is in IPsec negotiation. Some is in IMS/SIP. Some is in vendor equipment from Ericsson, Nokia, Cisco, Alcatel-Lucent, or whoever sold the operator a box years ago. The disclosure path is also harder than in web security. Operators run emergency-call infrastructure. Lawful intercept exists. Regulations limit what can be shown to outside researchers. The operator may not control the code that implements the broken behavior. Another point that should worry operators: AI lowers the cost of reading huge protocol documents and building enough glue code to test an idea. More people will be able to ask telco questions that previously required years of background. The answer is to make responsible research possible before irresponsible research finds the same edges, not to hope nobody looks. Thanks to Harrison Sand for the research and workshop this post is based on. Further Reading NRK on the Telia location issue: https://www.nrk.no/norge/sikkerhetshull-avslorte-telia-kunders-posisjon-1.17842282 Telia / NTB on the closed spoofing issue: https://kommunikasjon.ntb.no/pressemelding/18924675/telia-har-lukket-spoofing-hull-i-mobilnettet Europol on cybercrime-as-a-service and SIM-farm infrastructure: https://www.europol.europa.eu/media-press/newsroom/news/cybercrime-service-takedown-7-arrested iOS Remote Virtual Interface capture tooling: https://github.com/gh2o/rvi_capture iOS firmware and carrier-profile tooling: https://github.com/blacktop/ipsw RFC 7315, SIP private header extensions for 3GPP: https://www.rfc-editor.org/rfc/rfc7315 3GPP TS 23.003, ePDG naming and operator identifiers. strongSwan documentation for IKEv2/IPsec and EAP-AKA-related pieces: https://docs.strongswan.org/ Google Geolocation API docs, for context on why cell IDs can become location data: https://developers.google.com/maps/documentation/geolocation/requests-geolocation
Der Innenausschuss des Berliner Abgeordnetenhauses wird am Montag ab 9 Uhr eine öffentliche Anhörung über Verhaltensscanner durchführen. Für den Chaos Computer Club (CCC) wird Matthias Marx über die technischen Erkenntnisse und Grundrechtsgefahren bei der Verhaltenserkennung Auskunft geben. Berlin will eine softwaregestützte Videoüberwachung mit Verhaltensanalyse zum Einsatz bringen. Der CCC , die längst nicht nur in der Hauptstadt diskutiert werden. kritisiert die Pläne zur Verhaltensüberwachung Schon 2023 startete etwa auf dem Hamburger Hansaplatz ein Pilotprojekt, wo nichtsahnende Passanten seit dem letzten Jahr auch als Trainingsmaterial von Software (heute: „KI“) herhalten müssen. In Berlin will die Polizei demnächst das Anlernen und Alpha-Tests der unausgereiften Software an mehreren Berliner Orten starten. Die Anhörung wird . gestreamt : Links Ausschuss für Inneres, Sicherheit und Ordnung, Montag, 1. Juni, von 9 bis 12 Uhr, Raum 311, https://www.parlament-berlin.de/termine/detail/5757
