Announcement

Collapse
No announcement yet.

what are people's opinions?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: what are people's opinions?

    Originally posted by kallahar View Post
    What rubs me the wrong way is that it feels like defcon has been nickel and diming us for the last few years. Long ago you paid once for your badge, that cash allowed DT to rent the hotel, pay the insurance, cover any problems, and maybe even pay for a few key speakers to present. EVERYONE else volunteered their time and money to make defcon happen, and it takes dozens of people.

    Now it seems like a few people at defcon are attempting to make more money off of us. In my mind, pay-for workshops just say "we want more profit". Who gets that profit? Let me tell you, it's not the volunteers. Security goons work for two shirts and 3 days in a hotel room. We don't even get free food. When I ran the robot contest I put thousands of my own dollars into it with no expectation of a return.

    Those of us that volunteer are the key to defcon's success. If some people start getting paid while others don't, that's going to cause a rift which will tear defcon apart.

    Kallahar
    My concern is the same as yours... to your point "If some people start getting paid while others don't"...

    There's a certain inequality built in though...

    Why should some "key" speakers get paid while others don't?

    Security goons work ?36? hours for ~$750 (going rate for rooms at Rio is $250/night)

    Contest runners get 2 badges (new this year) ($300) for somewhere between 1hr and 1000hrs.

    Speakers get one badge and $200 ($350) or three badges ($450) for 2hrs at defcon and somewhere between 1hr and 40hrs prep.

    Some contests have some expenses covered, some don't.


    If I'm willing to make myself available, with prepared material for 8 hours -- should I do it for free? Should I attempt to get some return for that? How does one draw the line between altruism and 'taking care of business'?


    Can I be morally, ethically and karmically clean if I volunteer *and* try to break even?

    Comment


    • #17
      Re: what are people's opinions?

      Originally posted by Club81 View Post
      I think they should be on Thursday. You can pay extra to go to them, but not miss out on anything in the normal program.
      Due to changes in the Speaker Contract with Blackhat, note that Blackhat speakers are not permitted to be away from Caesars for the duration of the briefings.

      I couldn't be around Defcon on Thursday without breaking my contract with BH.

      Comment


      • #18
        Re: what are people's opinions?

        The other thing to consider is that it looks like total revenue from workshops will be something like $100k -- replacing that revenue with flat rate sales given an approximate attendance number of 10k would require increasing the ticket price from $150 to $160.

        This presumes that whatever the revenue sharing arrangement is (which I still don't know ;) ) is covered out of that incremental general revenue.

        Oi.

        It's amazing how often "business" creeps up on you when you're just trying to be a hacker.

        ...

        And interestingly, I'm quite of the opinion that the price for what you get at defcon is still far FAR too low. I think that $300 is more in line with reality, and would offer the general revenue pot necessary to do some very cool things -- not the least of which is make it easier on those to contribute (where contribute is ~= volunteer) to put more than just whatever spare effort they have into their contribution.

        ...

        Gah.

        I don't know. And this conversation is a GREAT conversation. I just wish it was a conversation we were having in October or November instead of July.

        Comment


        • #19
          Re: what are people's opinions?

          [To be explicit, I am now wearing the horns of an Internet costume, "Devil's Advocate" :]

          [I plan to include my own thoughts in square brackets.]

          [If I come too close to trolling, please let me know. It does not matter if you are a mod or not. Self-regulation is sometimes difficult when entering arguments, and I may not see something as trolling as I write it. My goal is to bring ideas up that may not have been considered, and help bring up valid points for discussion. Thanks!]

          Originally posted by renderman View Post
          It was never implicit that the badge fee got you 'everything', but the whole things was about sharing knowledge and community.
          It is not explicit either. People left to their own decisions will assume all they see as available is included as part of their price. A generation of free-music, commercial-free TV shows, and free movies all pirated and distributed on the Internet can easily see that other costs are free, too. (Yarrr! Pirates, matey!) In the modern day, where concerts are promoted by corporations with ad-space from other companies subsidizing some of the costs, and swag/food vendors charging great dollar amounts for bottled water, food, tee shirts, and more... unless there is a price tag associated with something at a concert, it must be free and part of the cost of a ticket. At Disneyland, anything not charged for in the park is part of your general admission. People take their experiences at other events and leverage that in coming to conclusions, or assumptions when they attend Defcon. Everything that has no price tag is paid for by their general admission, when they buy a badge. Is the expectation such a conclusion unrealistic when there is nothing to say otherwise?

          Originally posted by renderman View Post
          First issue: Several of the classes appear to be the same as Blackhat offerings. Am I not alone in thinking that offering the same training at 1/5th the price reason for Blackhat attendees to be pissed? Also, how many of those people are going to cancel their seat at Blackhat and come to DC to save money? In essence, Blackhat's value has been cheapened.
          Free market is awesome! Competition amongst different people for similar services can bring costs down. Monopolies are often bad for consumers. Don't attendees of Defcon win when they gain access to speakers providing workshop presentations/hands-on/intimate-one-on-one experience at much cheaper prices than elsewhere? This seems to make more expensive workshops more affordable to those that can't afford Blackhat.

          Maybe there is another win that is possible with paid workshops that is not being considered. Maybe there are businesses that have not considered Defcon a "real" security conference, for the sake of education, but instead view it as a frat party with excessive debauchery and hedonism. Maybe the introduction of fee-based workshops will lend some credibility to those bean-counting accountants, and cause managers and directors to reconsider Defcon as an expense that can be covered by an employer for employee education. If this happens, maybe we will get more security professional attending Defcon. This sounds like it has potential as a desired side-effect.

          Originally posted by renderman View Post
          Second issue: Several of these classes either provide no materials, or any other excuse for a cost recovery claim. One can claim that the knowledge is the material provided, I'm of the camp that if I'm being charged, I want a damn book widget, or something to show for it.
          I'm going to take a quote from later in this thread and include it here, out of order as part of a reply:

          Originally posted by Myrcurial View Post
          ... "If some people start getting paid while others don't"...

          There's a certain inequality built in though...

          Why should some "key" speakers get paid while others don't?

          Security goons work ?36? hours for ~$750 (going rate for rooms at Rio is $250/night)

          Contest runners get 2 badges (new this year) ($300) for somewhere between 1hr and 1000hrs.

          Speakers get one badge and $200 ($350) or three badges ($450) for 2hrs at defcon and somewhere between 1hr and 40hrs prep.

          Some contests have some expenses covered, some don't.


          If I'm willing to make myself available, with prepared material for 8 hours -- should I do it for free? Should I attempt to get some return for that? How does one draw the line between altruism and 'taking care of business'?


          Can I be morally, ethically and karmically clean if I volunteer *and* try to break even?
          Originally posted by renderman View Post
          Third issue: This spits in the face of those of us who have put on training classes at the various villages (LPV, HHV, Wireless Village), taught in a corner to small groups (who has'nt done this?), run a contest with our own money and time (L0stboy especially). The inclusion of paid, for profit training flys right in the face of all these people who share thier knowledge freely.
          [Oh man. This is a really good point, and this reply makes me feel sick.]

          A better consideration would be why villages have not provided fee-based classes before. Maybe someone could have helped to create a new cert, and have classes offered at Defcon in the Hardware hacking Village, or Wireless Village, where people like yourself and others could charge money for people to learn something new. You could then take the money you earned, and spend it as you wanted. Maybe you want to throw a party, or give away free beer. In this way, you can exploit those that do not know something but have money to pay for entertainment of those that do know something and are willing to share it, for a price.

          [ug.]

          Originally posted by renderman View Post
          Fourth issue: While I can appreciate charging for 'exclusive' access to an instructor in a limited class setting, charging for this priviledge creates a split of haves and have-nots.
          Money already does this. Why should Defcon be any different than the rest of the world. In economics, costs as money can act as a system to control flow and limit access to a desired "thing." How often have you and others been unhappy at the long lines at Defcon, and the sweaty, smelly people being packed to close together? This is a symptom of prices being too low for the conference. Lines slowly disappear when prices are raised. If you have a room with only enough seats for 20 people, how do you control which 20 people get a seat? A first answer is, "first come, first served," or a FIFO of sorts. This then separates people into haves and have-nots by insider information -- those that hear about it first, get a seat, and everyone else is a, "have-not."

          Have's and Have-nots exist so long as there is a finite "thing" (good or service) with quantity smaller than the number of people that desire it. As a result, how can have vs. have-not be a point as complaint against using monetary cost as a filter when compared to any other filter?

          Originally posted by renderman View Post
          I dont have the cash nor the time to blow a whole saturday on a class I may want to take.
          This is a decision you are free to make, just as someone with cash that is willing and able to spend the money for a workshop can make a decision to attend one. Defcon is often about decisions. Since Defcon 6 or 7, there has been more than one speaking track, so you must decide between these. Since the contest area grew contests, one has to decide between contests and speakers. All are choices, and everyone is responsible for making their own decisions.

          Originally posted by renderman View Post
          Defcon was about the free exchange of knowledge and thats why things have always been free.
          But isn't Defcon many things to many people? So, maybe there are some people for which it was not about the free exchange of knowledge so much as an opportunity to exploit for profit, or break-even. Considering early Defcon, except for "feds" what percent of attendees were able to attend Defcon at company expense? For everyone that had to pay, this exchange of information in Las Vegas, was not a free exchange of information, but had an initial cost, and on-going cost (for rooms, etc.) once they were there.

          [Apologies if by free, you meant "free as in speech" instead of "free as in beer."]

          Originally posted by renderman View Post
          We are risking the inclusive environment of people doing it because they love it and turning it into an exclusive environment of those who can pay to take a class and not contribute back to the community afterwards. Is'nt the restriction of information what we are supposed to be against?
          Private parties, and events like The Summit where people are charged to hang out with an elite of sorts in an atmosphere that reduces the ratio of elite-vs-attendees have been around for years. Opportunity to socialize with these elites has been limited or restricted so how is using cash at-the-door to a workshop any different, where the ratio of attendees to elites is even lower? Perhaps even more expensive workshops could be made available for smaller ratios, all the way down to one on one workshops.

          Originally posted by renderman View Post
          Fifth issue: This is in response to TheCotMan's comment about "Defcon is what you make of it" and the orginizers trying to make something for the corporate types. Is'nt that redundant, is'nt that what Blackhat was supposed to be from the beginning?
          [Ug. Sorry man]

          Why should defcon be denied status among corporate types only to the benefit of conferences like Black Hat? Defcon can be both, if we want it to be. We can cater to both, can't we?

          [I am thinking this post will be my last as Devil's Advocate. You bring up good points, and it is becoming difficult to continue with this side of thought.]


          Originally posted by renderman View Post
          I may be rusty on my history and details, but did'nt Jeff start Blackhat in reponse to the complaints that they wanted Defcon's content without the Defcon stank on thier clean suits? (ok, it was that corporations have an easier time accepting the value of and paying for a $1500 conference rather than a $150 one that has the same content)
          Let us assume that they complained and they got their own conference. Workshops are an opportunity for Defcon to show it too can be a justifiable expense for corporations looking to educate their employees, but at much cheaper prices. With companies still laying-off employees, and some being denied travel expenses to things as expensive as Black Hat because of hard economic times, isn't an opportunity for these security professionals to attend Defcon as a cheaper, by recognized security conference something we should embrace? These are potential peers, and may even be people that attended Black Hat previously, but could not afford it with budget cut-backs.

          [Also, sorry about the lost posts because of the firewall thing. Jeff has been looking into it and has spent a lot of time on it, but the cause for this has been elusive.]

          [I'm also going to try to skip over points that renderman and other have made, like, "I have to choose between a workshop all day Saturday and everything else?"]

          Originally posted by shrdlu View Post
          In addition, I don't really see most of the workshops being presented by people where I can EASILY see credentials. Yeah, yeah, I saw web sites and links and such, but those all mean *I* have to go searching for credentials. Not going to happen, but then, I'm not going to take any of those workshops, either.
          This is good feedback. Maybe the people that have worked on the workshops can use this to improve the web page content for next year if it happens. With only about 1 month until Defcon, and deadlines being what they are, it is entirely possible this information won't go up this year. (I am not involved with workshops. These conclusions are only based on my observations of things at Defcon for a few years.)

          Originally posted by shrdlu View Post
          Sorry, Cot, just being devil's advocate to your devil's advocate (and confessing right up front that I didn't really read through it).
          [You are welcome to provide your thoughts and opinions, and have nothing to be sorry about. We can all enter into a discussion about things that we feel passionate and discuss the problems we see with them, or the lack of problems we see with them, and maybe even the advantages we see in them.

          (Now using the generic "you" in the rest of this reply)

          Other people are welcome to participate in this thread too. I'd like to hear how new-comers feel about this, too. This thread is not just for people that have been to defcon at least XYZ years; you don't need experience to have an opinion, but if you are unable to support your opinion, you will have a difficult time.]

          Originally posted by Myrcurial View Post
          I put a lot into defcon. I've usually got the one talk that is funded by BH, and then I do extra talks, panels, contests and as much extra as I can fit in. I will never be a contributor on the level of The Right Honorable Minister of Offense Ollam, nor The Tireless Moderator of Asshattery TheCotMan, not the Esteemed Renderman (fellow token Canadian and fan boy ish hero of mine) but I'm not a scenewhore or corporate douchebag who comes to defcon for Friday only because he wants to eyeball the scenewhores.
          [Ahh, The other moderators have done more work moderating than me, and I don't think how long a person has been a part of Defcon, or how much they contribute should discount a person's ideas when they are valid and logically supported. Being able to remain rational on topics of discussion which we are passionate is something that should be rewarded.]

          Originally posted by Myrcurial View Post
          This year, I made the decision to be an instructor for a workshop.
          Good for you! And without workshops, this decisions would have been denied to you. Their existence gives you the freedom to choose to contribute with them, or not, but without them, you would only be able to choose between free, not at all, and maybe even not being able to attend defcon if the money gained is used to justify and offset expenses.

          I removed much of your other content, as you are coming in with advantages to having workshops. Thanks for bringing up these points.

          Originally posted by theprez98 View Post
          I like the idea of workshops that are cheaper and shorter than those at Black Hat. But IMO they should be at Black Hat (or Thursday, pre-DEFCON), and not DEFCON-proper.
          Why should Blackhat get all of the workshops like this? Adding them to Defcon may lend it credibility.

          Originally posted by theprez98 View Post
          Everyone has their own idea about what DEFCON is, but to me is that its open. I can go to, and participate in pretty much any talk, event, contest or whatever and no one is going to tell me "no". This is very similar in my mind to what Deviant called the "one badge gets you everything" policy. Now we're segregating off a part of the conference. I just don't like that.
          This is not true. You can't go anywhere at Defcon. You may not visit the Goon room(s) unless you are a goon, or escorted by one. You are not allowed in the speaker room unless you are a speaker or escorted by a goon. You may not enter a speaker track if the room is at maximum occupancy. When a contest has physical items provided for players, you can't join those games when all of these are in the hands of players, and the contests limits players one per item. You can't jump on the CTF in the CTF room and suddenly start playing this game, whenever you want. Defcon is not as open as you describe. There are also private parties, with limited resources in the form of booze, or maximum occupancy in rooms, and access is restricted. Are you under 21? Too bad, access to parties is restricted unless you have an ID that says otherwise. What about the Defcon shoot? Where there are not enough seats in cars for carpooling, or the hackbus, and people are under 24 (approximate age when rental car companies will rent cars) a person is left-out or expected to pay tons of cash to a taxi to take them out, wait and take them back.

          Defcon is not open, and not accessible to everyone. When a resource is limited, discrimination must be used. It may be discrimination based on time, where those there first get the resource, or money, where those that have it and are willing and able to spend it for the resource can get it. There is age discrimination for access to parties with booze, and rental cars. There is favoritism based on perceived status, where some line is drawn between those that are part of an "in crowd" and separated from those that are not. Some decision must be made to limit access to resources that are finite,and all resources are finite.

          Originally posted by acoustica View Post
          (I didn't say I couldn't afford it, just that it's expensive to me! XDD) - 200$ is a lot of freaking money.
          Costs are relative. It is basic economics in the marketplace. There are those willing and able to pay $200, and for those, workshops will make sense. Those that are either unwilling or unable can choose any of the other venues available at Defcon. There is nothing stopping you (generic you) from learning things on your own, and reading on your own. It may be slower, but if you have more time than money, it is an alternative, and you have the freedom to choose. Facebook farmville or learn? Bar or learn? Hang out with friends or learn? See a movie or learn? We all make choices, and hackers do not need people holding their hand to learn something new

          Originally posted by kallahar View Post
          What rubs me the wrong way is that it feels like defcon has been nickel and diming us for the last few years. Long ago you paid once for your badge, that cash allowed DT to rent the hotel, pay the insurance, cover any problems, and maybe even pay for a few key speakers to present. EVERYONE else volunteered their time and money to make defcon happen, and it takes dozens of people.

          Now it seems like a few people at defcon are attempting to make more money off of us. In my mind, pay-for workshops just say "we want more profit". Who gets that profit? Let me tell you, it's not the volunteers. Security goons work for two shirts and 3 days in a hotel room. We don't even get free food. When I ran the robot contest I put thousands of my own dollars into it with no expectation of a return.
          [Ack. My conscience is trying to kill me]

          And whose fault is that? Why don't volunteer ask for more for the work they do, or just stop. Nobody is forcing volunteers to volunteer. Nobody is forcing goons to work for two shirts and a hotel room for 3+days. These are all choices everyone must make on their own. Why should anyone care about people whining about their own decisions? It is like a slide from a Defcon presentation where a tubgirl image is shown, and the speaker says something like, "why do these things always happen to me?" It is a metaphor for being responsible for the decisions that we make. "Doc? It hurts when I do this." If you don't like it, then stop doing it.

          [The burning. THE BURNING. Gahhhhhh!]

          [You bring up some good points Kallahar. Thanks!]

          Originally posted by Deviant Ollam View Post
          See, for me, i am in disagreement with a number of my friends about $200 being a high cost. i don't think it is.
          Costs are relative. A person living below the poverty line in New York will find $200 too high a cost. An "average" computer scientist with MS or PhD in Silicon Valley may find that super cheap. Economics. Willing and able. Blah, blah blah.

          Originally posted by Deviant Ollam View Post
          It seems like this year, DEFCON was simply caught in the swirl of information and ideas that happens whenever a new concept is tried. Not everyone is on the same page, not everyone will be happy with the results, and not everyone understood what they were getting into.
          What is wrong with trying something new? Without trying something new, there would be no invention. We don't always know the outcome of things unless we try. We can make predictions on the outcome, but until we try, how will be know?

          Originally posted by kallahar View Post
          For me, defcon is not about training and it's not about going to talks, it's not about getting certified in anything or traveling down the corporate career path. It's about the people. The people who do this stuff all year long, and we all travel to vegas to hang out together for a week. By adding explicit training and focusing on the talks too much I feel like people aren't coming for the social aspect.
          Then why don't you go out with a bunch of your buddies, and put your time where your complaining pie-hole is and [forum=568]start your own pre-defcon party with more of what you want[/forum]. Isn't that what so many of you write that "Defcon is all about" ? If you think something sucks, don't just sit there and whine about it, actually DO something about it and then support your decision. Contribute into the system and provide more of what you want to see inn the future. Then if it is popular, you can restrict access with fees, or other methods.

          [I am intentionally being a bit of a troll here with some sarcasm provided, because the thing that kallahar and others find they like about Defcon, and feel has been missing is something they have decided to address with their [forum=568]Pre-Defcon Party at the Alexis Park[/forum].]

          Originally posted by renderman View Post
          Firewall ACL's are fighting me editing my previous post
          [Sorry man. The method I described before should allow you to commit you change. After you edit the text area of the forum, select-all, copy, then click submit. When the firewall eats you post, click back, quickly click the text area again, select all, paste, then submit again. If you can do these "back" steps within 5-10 seconds, your edit should get committed. Kludgey, and took some time with Chris and I to narrow down the cause and a work-around, but at least there is a work-around.]

          Originally posted by Myrcurial View Post
          The other thing to consider is that it looks like total revenue from workshops will be something like $100k -- replacing that revenue with flat rate sales given an approximate attendance number of 10k would require increasing the ticket price from $150 to $160.
          [No. Sorry. Workshops usually have a lower ratio of "student" to instructor. Because of this resource limitation, even if badge prices were increased, some other NEW method of discrimination would be required. I do not accept an increase in price as a solution to this workshop cost discussion. Suggestions for alternatives to cash as a filter are welcome.]

          Originally posted by Myrcurial View Post
          And this conversation is a GREAT conversation. I just wish it was a conversation we were having in October or November instead of July.
          [Yes! Thank to everyone for keeping their cool and keeping this discussion rational and coherent]

          [Also, because I used multi-post reply, with interleaved replies to content, I may have mis-attributed a quotation to a person. If this happens, please let me know here in public or PM, and I will fix as soon as possible.]

          [I think this will be my last post as Devil's Advocate unless I see something that needs to be addressed. Myrcurial is providing support for the value in workshops, so my value as Devil's Advocate is not really needed here.]

          [Thanks for tolerating my forum "Cosplay"]

          [I don't think I will ever feel clean again. ;-]
          Last edited by TheCotMan; July 2, 2011, 03:13.

          Comment


          • #20
            Re: what are people's opinions?

            *nevermind*
            Last edited by Quiet; July 2, 2011, 16:06.
            “If someone has a gun and is trying to kill you, it would be reasonable to shoot back with your own gun.” - Dalai Lama (Seattle Times, 05-15-2001).

            Comment


            • #21
              Re: what are people's opinions?

              This thread will take more time to compose a response to, but a few points:

              - This is an experiment. Other hacker cons have trainings components, and DEF CON never did, so I thought I would see if there is any interest.

              - Speakers are pretty cool with basically not getting paid much for a 50 minute talk, but setting up a lab in advance, shipping gear, and being out of the con for a day or two means almost everyone who responded to the Call for Workshops required $$. So we set a price high enough to got most of them.

              - I want to have some free workshops, and we will. The issue is going to be first come first served seating. I can see the lines now.

              The other issue behind the idea of the workshops is to try new things to see what might work for DEF CON 20. I plan to go a bit crazy for the 20th DEF CON, and want to offer different cool learning experiences there.

              Honestly I don't know what to expect on the trainings that people pay for, if they will fill or people will give them a pass. I _do_ expect the free ones to be full is a second. There just aren't many people who wanted to do them.
              PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

              Comment


              • #22
                Re: what are people's opinions?

                I'm not as salty as those who have weighed in on this before, but I've been around for a while and have given several impromptu talks, workshops, knowledge transfers, whatever you want to call that stuff. I come and do this because I can afford it, I love this stuff, and people have at least on occasion wanted to know something that I'm happy to share.

                I understand that the folks holding the workshops are going to want some sort of compensation, though I'm falling on the side with Renderman with how does that work for the other folks who have done free stuff forever? Well, I see some of it like any other community effort. Some people come and give 10000% because they love this and will continue to do so until the wheels fall off. Others have a family, have obligations, life or a reasonable simulation thereof outside of the conference and do what they can when they can because while they love this, the kids still need a parent and someone has to make the donuts.

                But as security becomes more accepted and has a budget in environments, we also have people who bring the corporate mindset and want to make a profit no matter what. Right now, I see more of those folks as consumers of these workshops rather than ones delivering the content.

                I know at least in passing a few of the people giving these workshops. They have given quite a bit of their knowledge out for free in the past and will likely continue to do so. Does it represent a shift in what Defcon was before? Maybe. But the exponential increase of people coming drives some of that as well. Every year, I see the same core of folks that I will likely show some research to, talk about new ideas, collaborate with, and have a thousand hallway-con events with. Maybe there was always a divide and I just was too new to notice. But I see an increasing number of attendees and the same number of people running things.

                So this kind of rambles, but the tl;dnr version is this: I'm not personally a big fan of all this new cost added stuff at defcon. Does it change what I do? Nope. Do I understand why someone might want to share something for money? Sure. It just doesn't line up with my view of things. Ultimately, the mob is going to decide if this idea works. But if you want to learn something about what I've got going on, I'll continue to share it because that is what folks did before me and kept me coming to Vegas in August in the first place.
                ----------------------------------------
                Fraternal Order of Locksport

                Comment


                • #23
                  Re: what are people's opinions?

                  I attended my first Defcon last year. I knew that I was going to be a noob but I had no idea how noob-ish I actually was until I attended some talks. I'm attending again this year. When I saw that there were going to be workshops at DC19, I thought that this might be my opportunity to graduate to, perhaps, ++noob.

                  Why do I care? I teach Computer Security at a college to students who learn about how to write software. These are the graduates who need to know about security to make software more secure. When our grads go into the Real World, they often tell me that my courses gave them far better preparation than grads from other colleges and universities. But I know perfectly well that I know about 1% of what I really should know. And that's why I'm at Defcon and why I'm seriously considering taking a workshop.

                  Originally posted by TheCotMan View Post

                  Free market is awesome! Competition amongst different people for similar services can bring costs down. Monopolies are often bad for consumers. Don't attendees of Defcon win when they gain access to speakers providing workshop presentations/hands-on/intimate-one-on-one experience at much cheaper prices than elsewhere? This seems to make more expensive workshops more affordable to those that can't afford Blackhat.
                  Exactly. I can't afford Blackhat. My employer would not pay for a conference at the cost of Blackhat (which is a separate issue). But the workshops' affordable cost (to me (perhaps to my employer, I don't know)) makes the Defcon workshops very appealing to me. And, in case you're wondering, $200 is a good price point for me. $300 would be significantly harder to justify and $350 would be too expensive.

                  Maybe there is another win that is possible with paid workshops that is not being considered. Maybe there are businesses that have not considered Defcon a "real" security conference, for the sake of education, but instead view it as a frat party with excessive debauchery and hedonism. Maybe the introduction of fee-based workshops will lend some credibility to those bean-counting accountants, and cause managers and directors to reconsider Defcon as an expense that can be covered by an employer for employee education. If this happens, maybe we will get more security professional attending Defcon. This sounds like it has potential as a desired side-effect.
                  My supervisor loves the idea of me attending Defcon. He's leaving at the end of August. Will my next supervisor be as excited about it or will he/she look at the skull-and-crossbones on the Defcon home page and say "are you kidding me?" The workshops would definitely help in being able to justfiy Defcon to someone who is more of an in-the-box thinker.


                  Regarding some of the other issues, the timing might be a problem for me. I'd rather that the workshops were either before or after the main sessions, as I don't want to have to miss sessions that might be of use to me (even at my noob level). But this really should have been discussed many, many months ago, so that people could plan their trips around it. Last year, I booked my flight to arrive hours after Defcon 101 because I had no idea that Defcon 101 existed. This year, I'm arriving on Wednesday and leaving on Monday so that I won't miss anything. July is too late to be introducing this (but better July than not at all).

                  Regarding compensation for the workshop presenters, I think that it's only reasonable, considering the effort that they would have to go through to put such a workshop together. I know Myrcurial based on his donating his time to do a guest lecture for one of my classes. If he's getting compensated for doing an 8 hour long workshop, great. And if that compensation comes from those who got benefit from it, even better.

                  And regarding content, I'd like to see something even more elementary ... something for those who don't have the current hacking background, want it desperately, and don't have the time to get it normally. Don't you think that you'd get 20 to 50 people who would be interested in that level of workshop IF they knew about it ahead of time and could plan a Defcon trip to take that into account? I think so.


                  Other people are welcome to participate in this thread too. I'd like to hear how new-comers feel about this, too. This thread is not just for people that have been to defcon at least XYZ years; you don't need experience to have an opinion, but if you are unable to support your opinion, you will have a difficult time.]
                  I hope to not have a difficult time

                  Comment


                  • #24
                    Re: what are people's opinions?

                    I shared some of my thoughts in the discussion Deviant and others were having on twitter, but having come across this thread I thought I'd write in a bit more depth.

                    While I understand and even share some of the concerns highlighted here, I'm truly undecided on how I feel, and probably won't know for sure until I see how this goes.

                    I have a lot of respect for the people that have given of themselves freely over the years to benefit the greater good. I've directly benefited from the selflessness that leads people to contribute to the community in various ways and am forever indebted. I've also made a conscious effort (especially in the past few years) to give back in the ways I'm able; engaging in discourse by sharing my opinions (sometimes when not asked, heh), helping out in swag sales, co-presenting my first Defcon talk this year, and trying to share what I can while continuing to absorb that which others give. I'm a firm believer that Defcon, and the hacking/security communities at large, are things everyone can contribute to in some way, just as everyone can benefit. "From each according to their ability, to each according to their need" probably sums it up.

                    Unfortunately, when money enters the equation things don't always work out so perfectly. There's bound to be those who can't afford the workshops and feel slighted. Others who have freely contributed might feel offended that there's now some degree of direct financial incentive/gain. But at the end of the day, I'm not sure this is a significant change. Parts of the conference experience have always been limited to various groups in various ways for various reasons. This time it's financial, and officially sanctioned, and there's bound to be a difference of opinions about that.

                    Still, I think this largely fits into the open culture of Defcon. There's money involved, for sure, but I think the amounts are small enough that I don't think any of the workshop leaders / presenters / instructors / whatever are profit-motivated. On the consumer side, this is a way for those who see value to defray the costs involved. I kind of suspect that the lion's share of the revenues will end up in the Rio's bottom line at the end of the day and surely no one is getting rich on this. The numbers of people who are offering and will be able to take part in workshops are small enough that it doesn't seem likely to detract from the rest of the conference overall in a significant way.

                    My real concern is how this will set precedent for the future. Will speakers, contest organizers, goons, and all those who contribute in other ways start to hold back since they aren't being compensated to whatever degree those involved in workshops are? Will folks be less involved in contests, villages, hallway/bar/whatever-con because they're busy with workshops? I don't think either of those will end up being answered in the affirmative, but the jury is still out.

                    There's been dollar signs all over the community on all sides for years. Whitehat, Greyhat, Blackhat, or Purplehat; most of us support ourselves through our skill and in some indirect way, through what we get out of Defcon. Largely, Defcon has managed to stay true to it's roots and promote the open (relatively) free exchange of ideas, and I'm grateful for that. I don't see this as a significant break from that ideal at this point.

                    Comment


                    • #25
                      Re: what are people's opinions?

                      Excellent summary, glad you're thinking about the impacts this has on our culture.

                      Maybe someday we'll see the security goons charging at the door to get in. Or maybe a "fastpass" - $200 extra lets you skip to the front of any line. It's a "value added" service!
                      --- The fuck? Have you ever BEEN to Defcon?

                      Comment


                      • #26
                        Re: what are people's opinions?

                        Things change. I've been going since DC7 in 99' and I've seen the con change rather dramatically for the better and worse (IMHO)

                        Money is always going to be an issue. I charge for giving talks on a different circut I'm on, and I need to make a living. I certainly get that. As several people noted, it's about the culture. I share my knowledge freely at Defcon because I'm getting value from others doing the same. I get back ten fold the knowledge I dispensed over the weekend of a con and that has been one of the best things about it.

                        I noticed a change when Blackhat attendees started showing up because Defcon was something magical and they wanted to see it themselves. This led to alot of people who I term 'lookyloos' who came to see the hackers like we were some sort of Zoo exhibit, but at least those people were there because they wanted to be. Later when Blackhat was including Defcon registration it led to alot more people who wouldn't ordinarily have gone, to stick around for the weekend and 'take up space'

                        I already feel there are two separate groups at con, but the hacker side could at least continue to do what we do.

                        When you start charging for workshops, parties, contests (beyond cost recovery), you setup a system where the flow is one way. You attract more of the people who come, pay for the workshop, absorb some content, then leave without contributing back. Even a complete Defcon n00b that comes with an open mind contributes something. Sometimes by asking questions of those teaching in an open environment where others can learn from the answer. Other times the contribution is just in a positive message about hackers to the family back home.

                        I've seen first timers learn a new skill on friday and be teaching others by sunday. I've seen friendships and collaborations that go off to do amazing things start here. Hell, a couple of marriages started here too.

                        I guess my worry is that in the next few years I'm going to have to make a decision if it's worth the year long work to save up and plan everything for Defcon, just to end up being some circus sideshow for people with expense accounts who I cant learn anything from and all the cool content is locked behind paywalls, all the effort is for nothing. Overly dramatic, yeah, there's still friends there that make the trip worthwhile, but if they have to make similar choices and stop going, well, it all falls apart.

                        I am willing to see how it goes this year with the workshops and give it a fair chance. I would like this thread to be moved to re-created in the post-defcon area of the forum so we can discuss our thoughts afterthe fact.
                        Never drink anything larger than your head!





                        Comment


                        • #27
                          Re: what are people's opinions?

                          My only complaint (still) is that it's during CON. If they were on THUR, I'd be all for it. Want to got? Pay the meager fee. DEF CON workshops are 1/4 (my estimation) of other con trainings. And about 10% of BH trainings. Can't/Don't want to pay? No problem! Talks start on FRI. We (and I mean that as CON-wide) can still be a kick-ass community with trainings in place.

                          Comment


                          • #28
                            Re: what are people's opinions?

                            As a complete cherry to DefCon and pretty much a noob to the entire Con scene, I may not have much of value to add. But, I have spent the last hour of my life reading what is quite obviously a topic many are very passionate about, so I deserve to spend another hour composing a reply I may not post :P

                            I have managed to get corporate sponsorship to the DefCon event. If I can find a way of producing a receipt for the con itself, I'll have managed to attend my first DefCon completely free of charge. Along those same lines, I'm sure I could manage to expense the cost of a workshop if I could only produce a receipt for it as well. But, I will not (the latter anyway... the former would be pretty straightforward).

                            I have read many arguments for and against the workshops. These arguments are as varied and intelligent as those that have presented them (kudos for the Devil's Advocate posts, they sounded painful but honest!).

                            I wholeheartedly support DarkTangent's decision to include the workshops in this year's DefCon lineup. It was a risky proposition not knowing how the body politic would respond. It confirms what I have read elsewhere. DT is committed to the welfare of the hacker society.

                            I have said that I will not attend. It is not because I don't see the value in the workshops (I would love to attend the social engineering workshop). It is not because I oppose paying $200 to attend a dedicated and focused learning experience (you cannot put a price on the value of learning). Rather, I refuse to support the emerging culture of entitlement.

                            More and more I see a culture of entitlement encroaching upon our society. One of the reasons I want to attend DefCon is because the attendees are encouraged (and should be expected) to participate, to volunteer, to GET FRACKING INVOLVED!

                            I don't want anyone to teach me. I want to learn from someone. I want to learn from everyone. I want someone to learn from me.

                            Maybe this reply is completely off topic. Maybe the moderators will edit or delete the post as being idiotic and asinine. In the meantime, think about what message you want to present. Do you want to sit back and watch the learning happen or do you want to get up, get involved, and make a difference?

                            -Q
                            An object at rest, cannot be stopped!

                            Comment


                            • #29
                              Re: what are people's opinions?

                              Sponsorships ARE allowed and companies can create and/or support any Official Contests or Events. However, there are strict rules about what you can and can't do - see below

                              NOT ALLOWED:
                              displaying company swag, logos, banners, etc. DEF CON is not a corporate sales show - if you want to have a booth and push product, hold a recruiting event, etc. Buy a booth at Blackhat or sign up for a vendor table at DEF CON.

                              ALLOWED:
                              You can donate money to support the community, conference, or private events and parties.
                              If the event or contest is not a formal DEF CON Contest or Event you may display company sponsors gear tastefully.
                              (Example: Facebook sponsored Ninja Networks and in turn they had a small logo on the ninja badges)

                              For the record - if you have been planning to push product / company at DEF CON I hope you have reached out the the Vendor Goons and paid your fees.

                              If somebody tries to push product, marketing, or business related shit in the contest area they will be warn and asked to remove / take down whatever has been deemed inappropriate. If they want to bitch and whine, throw a fit, or refuse I WILL PULL THIER BADGE AND THEY WILL BE ASKED TO LEAVE THE CONFERENCE

                              If you have any questions about what is appropriate and what isn't - email me at Pyr0 (AT) Defcon (DOT) org

                              Comment


                              • #30
                                Re: what are people's opinions?

                                Originally posted by Pyr0 View Post
                                Sponsorships ARE allowed and companies can create and/or support any Official Contests or Events. However, there are strict rules about what you can and can't do - see below
                                Thanks Pyro. Now we know the rules contests and events are held to, I'm making a mental note while at con to document what I have some opposition to (if I see any at all) and I encourage others to do the same so we can add some emperical data to this debate.

                                I've never been opposed to sponsorships (realivant ones), but there is a fine line between promotion and pimping (See my thread a while ago about proper shilling technique)
                                Never drink anything larger than your head!





                                Comment

                                Working...
                                X