Defcon 17 suggestions

Re: Defcon 17 suggestions

Okay, it's complicated. Okay, it's prone to failure. But party passes would be one hell of an application!

I was toying around with the idea of random IDs and Bloom filters for counting interactions (and possibly badge exploits if that had panned out), but it didn't really work without support of the creator of the badge. There could be multiple layers, though, such that parties could be "first degree", "second degree". If you've spoken with someone that spoke to a party organizer, your badge could validate you. Those that forge their filter (it wouldn't difficult, but neither would it be trivial) deserve to get into parties.

It would be silly, but I don't think that silly would scare any of us away.

Re: Defcon 17 suggestions

Someone earlier mentioned this but noone else picked up on it.

I would love to see more hands-on demonstrations and workshops. I know, I know, VERY hard to do with so many people attending.

I wandered by the Hardware Hacking Village, but didn't stop in b/c I didn't have anything of my own to work with, and didn't see anyone selling kits to get started (and I am a RANK amateur)[I don't mean I smell bad, I swear...]. As well, the HHV was fairly unstructured, which is intimidating for a newbie.

As well, I went to meet people, but most of the events were either unfriendly towards meeting people (talks) or ended up with large groups of people who already knew each other congregating (Thurs. night). I did meet some people, but none of it was...lasting? Just brush by contacts of people across the nation. Obviously not bad, but I'd like to see something more targeted.

The best time I had was in the Q and A session after the talk concerning InfoSec careers. It was small, there was back and forth discussion, and people in there were interested in the same thing. I would love to see more small group meetings. Maybe regional rooms where people from the NE could go and meet people close to their area, or if someone is moving somewhere?

Anyways, the long and short of it (TLDR) is I would love to see more small group stuff.

M.

Re: Defcon 17 suggestions

And you were a very good bartender.

Al

Re: Defcon 17 suggestions

if you got a full badge you had something to play with :P and they were giving out the mini usb ports .

everyone in there was great too:)

Re: Defcon 17 suggestions

I've been hearing a lot of this about the HHV. Not many seemed to notice the following though:

There were kits being sold down in the vendor area (although they sold out quick) that were designed to be used in the HHV. The whole weekend there was a crew of guys who donated their time to assist people in the hacking of their badges and other projects. If you want to improve the HHV somehow please venture over to the HHV thread. This was the first year after all and was not planned to be very structured but more of a "let's just try this out". This was actually discussed before con on in the HHV thread. However, due to some key individuals (A, Sugardaddy, bombnav, smitty, etc...see back of defcon program) there was a organized chaos in the room. The structure may not have been obvious but there was a lot of it. The HHV was originally designed to target people who consider themselves "newbies" and attract a crossover interest. So if you have more ideas on how to make it more user friendly to someone as yourself, please send your comments to the HHV threads.

Re: Defcon 17 suggestions

I agree with your idea. I think that maybe if some traces from unused ports (like D so you had access to the comparator or ADC) to some pads were made available, this would allow for more modifications to the badge. I can't tell you what a pain it was trying to "wire bond" to a surface mount with the irons that were available (although it was fun none the less ).

At the same time I can see the points of those who claim that 90% of attendees aren't going to want or need this extra functionality. I just tend to agree with those like Voltage Spike and Deviant who are trying to make modding the badge easier.

Re: Defcon 17 suggestions

well... if the badge had more of the "open ended" functionality but less of the actual base components it would be cheaper and easier in the end to produce badges, no? that way, anyone who wants to can buy the parts needed (as opposed to DT and crew designing and funding them) and the rest of the crowd can just have wicked cool circuit board badges but not spend time or money on them if that's not their thing.

Re: Defcon 17 suggestions

{user's groups and meeting people]
That was exactly my point of the EEE meet...(well, not to miss you!) but so people could meet each other. I have only read the 1st page of this thread so far, but an idea could be an assigned breakout type room in the main hallway and a white dry erase board... or also a planned thing such and such a group gets the room for one hour, etc...


{Badges}
I also agree on the badge thing... I om one of those people who is completely LOST when I get a badge and don't know what to do with this giant plastic and metal thing around my neck. I know that Kingpin and others have tried to make modding the badge more accessable by putting information on the DefCon CD, but people like me who bring an EEE to DC are lost...as well as people who just plain don't think to look.

Re: Defcon 17 suggestions

Anything to stop me from stepping on batteries people lost and nearly killing myself is a plus in my book. I'd enjoy having a blank slate to work with as well. My suggestion would be less sharp edges which draw blood. I liked the DC14 badge in that aspect.

Re: Defcon 17 suggestions

The B&W *used* to be dry in the AP days. People could carry in from the bars outside, but there was no booze that I was aware of sold on actual B&W grounds. Am I wrong?

If that's the case, then why does it matter if there's a bar in there that everyone's ignoring? Get rid of it!

Adam

Re: Defcon 17 suggestions

There seems to need to be a tradeoff between functionality for those who want to mod and those who don't. If you make it a bare bones badge that has plenty of room to expand, the modders will love it and the regular folks won't be excited by it. If you make it feature loaded like the past two years, it makes life harder on the modders and more useful to the general population. I think there is a way both can be accommodated...

Take this years badge: if the SD card had been left off and replaced with just traces that could have been used for moding I think it would have maintained functionality (TV-B-Gone) and given modders room to expand (all those open pins). Don't get me wrong, I enjoyed the file transfer portion and trying to find a buffer overflow to exploit...but it seemed like not many had a SD card on them. Great idea but ultimately the crowd didn't react as expected. It's a slippery slope ahead for the badge it seems...but either way it goes, it will be enjoyed none the less!

Re: Defcon 17 suggestions

Hmm, I get to play with bloom filters and they are muchos fun but no good for unique identification. You do get quite a few false positives especially if your number of entries starts to get too big.

(My first experiment with bloom filters ended up with solid 1's, doh!)

Someone faking the bloom filter would be pretty hard but, due to the number of false positives you get, any idiot could just try their luck with a random key (brute forceing your way into a party gains a whole new meaning).

Also if someone managed to flood your bloom filter input you would be royally screwed as they are one way.

I like the idea though, let the plotting commence.....

I am waiting for someone to put the obfuscated password to a party next to the door, like a geek captcha!


My suggestions for Defcon 17? Some kind of noticeboard would be great saying when things have been moved or changed. Sometimes you don't know something has changed so you don't know to ask, for example the minibosses playing on Sunday. Simple yet effective.
Also if room parties could specify if they are an open invite or more private would stop me worrying that I am crashing someone's private party without realising it!
Maybe that was just because I was new so didn't know the SOP.

Re: Defcon 17 suggestions


Yeah...it's called the Info Booth. It's been running in the contest/hang out area for about 4 years now. They post all schedule updates and any other relevant info and it's projected on the wall in that room.

Re: Defcon 17 suggestions

Actually, my bright orange shirt dates it back further.. Infobooth was active at the AP for 3 years ..

Re: Defcon 17 suggestions

We are talking about a small number of insertions (maybe 500 for the moderately social), and we can spare, say, 8K if we use the onboard flash. Obtaining a false positive rate below a couple of percent is possible (unless I've done my math incorrectly).

Well sure. But think how popular that "all-invite" guy will be...

It has been done. I like the idea, but it can cause traffic problems as conveying the idea secretly is difficult.

In addition to the Info Center as already noted, twitter was decently effective at being informative about the schedule changes and events.