Announcement

Collapse
No announcement yet.

what are people's opinions?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dark Tangent
    replied
    Re: what are people's opinions?

    This thread will take more time to compose a response to, but a few points:

    - This is an experiment. Other hacker cons have trainings components, and DEF CON never did, so I thought I would see if there is any interest.

    - Speakers are pretty cool with basically not getting paid much for a 50 minute talk, but setting up a lab in advance, shipping gear, and being out of the con for a day or two means almost everyone who responded to the Call for Workshops required $$. So we set a price high enough to got most of them.

    - I want to have some free workshops, and we will. The issue is going to be first come first served seating. I can see the lines now.

    The other issue behind the idea of the workshops is to try new things to see what might work for DEF CON 20. I plan to go a bit crazy for the 20th DEF CON, and want to offer different cool learning experiences there.

    Honestly I don't know what to expect on the trainings that people pay for, if they will fill or people will give them a pass. I _do_ expect the free ones to be full is a second. There just aren't many people who wanted to do them.

    Leave a comment:


  • Quiet
    replied
    Re: what are people's opinions?

    *nevermind*
    Last edited by Quiet; July 2, 2011, 16:06.

    Leave a comment:


  • TheCotMan
    replied
    Re: what are people's opinions?

    [To be explicit, I am now wearing the horns of an Internet costume, "Devil's Advocate" :]

    [I plan to include my own thoughts in square brackets.]

    [If I come too close to trolling, please let me know. It does not matter if you are a mod or not. Self-regulation is sometimes difficult when entering arguments, and I may not see something as trolling as I write it. My goal is to bring ideas up that may not have been considered, and help bring up valid points for discussion. Thanks!]

    Originally posted by renderman View Post
    It was never implicit that the badge fee got you 'everything', but the whole things was about sharing knowledge and community.
    It is not explicit either. People left to their own decisions will assume all they see as available is included as part of their price. A generation of free-music, commercial-free TV shows, and free movies all pirated and distributed on the Internet can easily see that other costs are free, too. (Yarrr! Pirates, matey!) In the modern day, where concerts are promoted by corporations with ad-space from other companies subsidizing some of the costs, and swag/food vendors charging great dollar amounts for bottled water, food, tee shirts, and more... unless there is a price tag associated with something at a concert, it must be free and part of the cost of a ticket. At Disneyland, anything not charged for in the park is part of your general admission. People take their experiences at other events and leverage that in coming to conclusions, or assumptions when they attend Defcon. Everything that has no price tag is paid for by their general admission, when they buy a badge. Is the expectation such a conclusion unrealistic when there is nothing to say otherwise?

    Originally posted by renderman View Post
    First issue: Several of the classes appear to be the same as Blackhat offerings. Am I not alone in thinking that offering the same training at 1/5th the price reason for Blackhat attendees to be pissed? Also, how many of those people are going to cancel their seat at Blackhat and come to DC to save money? In essence, Blackhat's value has been cheapened.
    Free market is awesome! Competition amongst different people for similar services can bring costs down. Monopolies are often bad for consumers. Don't attendees of Defcon win when they gain access to speakers providing workshop presentations/hands-on/intimate-one-on-one experience at much cheaper prices than elsewhere? This seems to make more expensive workshops more affordable to those that can't afford Blackhat.

    Maybe there is another win that is possible with paid workshops that is not being considered. Maybe there are businesses that have not considered Defcon a "real" security conference, for the sake of education, but instead view it as a frat party with excessive debauchery and hedonism. Maybe the introduction of fee-based workshops will lend some credibility to those bean-counting accountants, and cause managers and directors to reconsider Defcon as an expense that can be covered by an employer for employee education. If this happens, maybe we will get more security professional attending Defcon. This sounds like it has potential as a desired side-effect.

    Originally posted by renderman View Post
    Second issue: Several of these classes either provide no materials, or any other excuse for a cost recovery claim. One can claim that the knowledge is the material provided, I'm of the camp that if I'm being charged, I want a damn book widget, or something to show for it.
    I'm going to take a quote from later in this thread and include it here, out of order as part of a reply:

    Originally posted by Myrcurial View Post
    ... "If some people start getting paid while others don't"...

    There's a certain inequality built in though...

    Why should some "key" speakers get paid while others don't?

    Security goons work ?36? hours for ~$750 (going rate for rooms at Rio is $250/night)

    Contest runners get 2 badges (new this year) ($300) for somewhere between 1hr and 1000hrs.

    Speakers get one badge and $200 ($350) or three badges ($450) for 2hrs at defcon and somewhere between 1hr and 40hrs prep.

    Some contests have some expenses covered, some don't.


    If I'm willing to make myself available, with prepared material for 8 hours -- should I do it for free? Should I attempt to get some return for that? How does one draw the line between altruism and 'taking care of business'?


    Can I be morally, ethically and karmically clean if I volunteer *and* try to break even?
    Originally posted by renderman View Post
    Third issue: This spits in the face of those of us who have put on training classes at the various villages (LPV, HHV, Wireless Village), taught in a corner to small groups (who has'nt done this?), run a contest with our own money and time (L0stboy especially). The inclusion of paid, for profit training flys right in the face of all these people who share thier knowledge freely.
    [Oh man. This is a really good point, and this reply makes me feel sick.]

    A better consideration would be why villages have not provided fee-based classes before. Maybe someone could have helped to create a new cert, and have classes offered at Defcon in the Hardware hacking Village, or Wireless Village, where people like yourself and others could charge money for people to learn something new. You could then take the money you earned, and spend it as you wanted. Maybe you want to throw a party, or give away free beer. In this way, you can exploit those that do not know something but have money to pay for entertainment of those that do know something and are willing to share it, for a price.

    [ug.]

    Originally posted by renderman View Post
    Fourth issue: While I can appreciate charging for 'exclusive' access to an instructor in a limited class setting, charging for this priviledge creates a split of haves and have-nots.
    Money already does this. Why should Defcon be any different than the rest of the world. In economics, costs as money can act as a system to control flow and limit access to a desired "thing." How often have you and others been unhappy at the long lines at Defcon, and the sweaty, smelly people being packed to close together? This is a symptom of prices being too low for the conference. Lines slowly disappear when prices are raised. If you have a room with only enough seats for 20 people, how do you control which 20 people get a seat? A first answer is, "first come, first served," or a FIFO of sorts. This then separates people into haves and have-nots by insider information -- those that hear about it first, get a seat, and everyone else is a, "have-not."

    Have's and Have-nots exist so long as there is a finite "thing" (good or service) with quantity smaller than the number of people that desire it. As a result, how can have vs. have-not be a point as complaint against using monetary cost as a filter when compared to any other filter?

    Originally posted by renderman View Post
    I dont have the cash nor the time to blow a whole saturday on a class I may want to take.
    This is a decision you are free to make, just as someone with cash that is willing and able to spend the money for a workshop can make a decision to attend one. Defcon is often about decisions. Since Defcon 6 or 7, there has been more than one speaking track, so you must decide between these. Since the contest area grew contests, one has to decide between contests and speakers. All are choices, and everyone is responsible for making their own decisions.

    Originally posted by renderman View Post
    Defcon was about the free exchange of knowledge and thats why things have always been free.
    But isn't Defcon many things to many people? So, maybe there are some people for which it was not about the free exchange of knowledge so much as an opportunity to exploit for profit, or break-even. Considering early Defcon, except for "feds" what percent of attendees were able to attend Defcon at company expense? For everyone that had to pay, this exchange of information in Las Vegas, was not a free exchange of information, but had an initial cost, and on-going cost (for rooms, etc.) once they were there.

    [Apologies if by free, you meant "free as in speech" instead of "free as in beer."]

    Originally posted by renderman View Post
    We are risking the inclusive environment of people doing it because they love it and turning it into an exclusive environment of those who can pay to take a class and not contribute back to the community afterwards. Is'nt the restriction of information what we are supposed to be against?
    Private parties, and events like The Summit where people are charged to hang out with an elite of sorts in an atmosphere that reduces the ratio of elite-vs-attendees have been around for years. Opportunity to socialize with these elites has been limited or restricted so how is using cash at-the-door to a workshop any different, where the ratio of attendees to elites is even lower? Perhaps even more expensive workshops could be made available for smaller ratios, all the way down to one on one workshops.

    Originally posted by renderman View Post
    Fifth issue: This is in response to TheCotMan's comment about "Defcon is what you make of it" and the orginizers trying to make something for the corporate types. Is'nt that redundant, is'nt that what Blackhat was supposed to be from the beginning?
    [Ug. Sorry man]

    Why should defcon be denied status among corporate types only to the benefit of conferences like Black Hat? Defcon can be both, if we want it to be. We can cater to both, can't we?

    [I am thinking this post will be my last as Devil's Advocate. You bring up good points, and it is becoming difficult to continue with this side of thought.]


    Originally posted by renderman View Post
    I may be rusty on my history and details, but did'nt Jeff start Blackhat in reponse to the complaints that they wanted Defcon's content without the Defcon stank on thier clean suits? (ok, it was that corporations have an easier time accepting the value of and paying for a $1500 conference rather than a $150 one that has the same content)
    Let us assume that they complained and they got their own conference. Workshops are an opportunity for Defcon to show it too can be a justifiable expense for corporations looking to educate their employees, but at much cheaper prices. With companies still laying-off employees, and some being denied travel expenses to things as expensive as Black Hat because of hard economic times, isn't an opportunity for these security professionals to attend Defcon as a cheaper, by recognized security conference something we should embrace? These are potential peers, and may even be people that attended Black Hat previously, but could not afford it with budget cut-backs.

    [Also, sorry about the lost posts because of the firewall thing. Jeff has been looking into it and has spent a lot of time on it, but the cause for this has been elusive.]

    [I'm also going to try to skip over points that renderman and other have made, like, "I have to choose between a workshop all day Saturday and everything else?"]

    Originally posted by shrdlu View Post
    In addition, I don't really see most of the workshops being presented by people where I can EASILY see credentials. Yeah, yeah, I saw web sites and links and such, but those all mean *I* have to go searching for credentials. Not going to happen, but then, I'm not going to take any of those workshops, either.
    This is good feedback. Maybe the people that have worked on the workshops can use this to improve the web page content for next year if it happens. With only about 1 month until Defcon, and deadlines being what they are, it is entirely possible this information won't go up this year. (I am not involved with workshops. These conclusions are only based on my observations of things at Defcon for a few years.)

    Originally posted by shrdlu View Post
    Sorry, Cot, just being devil's advocate to your devil's advocate (and confessing right up front that I didn't really read through it).
    [You are welcome to provide your thoughts and opinions, and have nothing to be sorry about. We can all enter into a discussion about things that we feel passionate and discuss the problems we see with them, or the lack of problems we see with them, and maybe even the advantages we see in them.

    (Now using the generic "you" in the rest of this reply)

    Other people are welcome to participate in this thread too. I'd like to hear how new-comers feel about this, too. This thread is not just for people that have been to defcon at least XYZ years; you don't need experience to have an opinion, but if you are unable to support your opinion, you will have a difficult time.]

    Originally posted by Myrcurial View Post
    I put a lot into defcon. I've usually got the one talk that is funded by BH, and then I do extra talks, panels, contests and as much extra as I can fit in. I will never be a contributor on the level of The Right Honorable Minister of Offense Ollam, nor The Tireless Moderator of Asshattery TheCotMan, not the Esteemed Renderman (fellow token Canadian and fan boy ish hero of mine) but I'm not a scenewhore or corporate douchebag who comes to defcon for Friday only because he wants to eyeball the scenewhores.
    [Ahh, The other moderators have done more work moderating than me, and I don't think how long a person has been a part of Defcon, or how much they contribute should discount a person's ideas when they are valid and logically supported. Being able to remain rational on topics of discussion which we are passionate is something that should be rewarded.]

    Originally posted by Myrcurial View Post
    This year, I made the decision to be an instructor for a workshop.
    Good for you! And without workshops, this decisions would have been denied to you. Their existence gives you the freedom to choose to contribute with them, or not, but without them, you would only be able to choose between free, not at all, and maybe even not being able to attend defcon if the money gained is used to justify and offset expenses.

    I removed much of your other content, as you are coming in with advantages to having workshops. Thanks for bringing up these points.

    Originally posted by theprez98 View Post
    I like the idea of workshops that are cheaper and shorter than those at Black Hat. But IMO they should be at Black Hat (or Thursday, pre-DEFCON), and not DEFCON-proper.
    Why should Blackhat get all of the workshops like this? Adding them to Defcon may lend it credibility.

    Originally posted by theprez98 View Post
    Everyone has their own idea about what DEFCON is, but to me is that its open. I can go to, and participate in pretty much any talk, event, contest or whatever and no one is going to tell me "no". This is very similar in my mind to what Deviant called the "one badge gets you everything" policy. Now we're segregating off a part of the conference. I just don't like that.
    This is not true. You can't go anywhere at Defcon. You may not visit the Goon room(s) unless you are a goon, or escorted by one. You are not allowed in the speaker room unless you are a speaker or escorted by a goon. You may not enter a speaker track if the room is at maximum occupancy. When a contest has physical items provided for players, you can't join those games when all of these are in the hands of players, and the contests limits players one per item. You can't jump on the CTF in the CTF room and suddenly start playing this game, whenever you want. Defcon is not as open as you describe. There are also private parties, with limited resources in the form of booze, or maximum occupancy in rooms, and access is restricted. Are you under 21? Too bad, access to parties is restricted unless you have an ID that says otherwise. What about the Defcon shoot? Where there are not enough seats in cars for carpooling, or the hackbus, and people are under 24 (approximate age when rental car companies will rent cars) a person is left-out or expected to pay tons of cash to a taxi to take them out, wait and take them back.

    Defcon is not open, and not accessible to everyone. When a resource is limited, discrimination must be used. It may be discrimination based on time, where those there first get the resource, or money, where those that have it and are willing and able to spend it for the resource can get it. There is age discrimination for access to parties with booze, and rental cars. There is favoritism based on perceived status, where some line is drawn between those that are part of an "in crowd" and separated from those that are not. Some decision must be made to limit access to resources that are finite,and all resources are finite.

    Originally posted by acoustica View Post
    (I didn't say I couldn't afford it, just that it's expensive to me! XDD) - 200$ is a lot of freaking money.
    Costs are relative. It is basic economics in the marketplace. There are those willing and able to pay $200, and for those, workshops will make sense. Those that are either unwilling or unable can choose any of the other venues available at Defcon. There is nothing stopping you (generic you) from learning things on your own, and reading on your own. It may be slower, but if you have more time than money, it is an alternative, and you have the freedom to choose. Facebook farmville or learn? Bar or learn? Hang out with friends or learn? See a movie or learn? We all make choices, and hackers do not need people holding their hand to learn something new

    Originally posted by kallahar View Post
    What rubs me the wrong way is that it feels like defcon has been nickel and diming us for the last few years. Long ago you paid once for your badge, that cash allowed DT to rent the hotel, pay the insurance, cover any problems, and maybe even pay for a few key speakers to present. EVERYONE else volunteered their time and money to make defcon happen, and it takes dozens of people.

    Now it seems like a few people at defcon are attempting to make more money off of us. In my mind, pay-for workshops just say "we want more profit". Who gets that profit? Let me tell you, it's not the volunteers. Security goons work for two shirts and 3 days in a hotel room. We don't even get free food. When I ran the robot contest I put thousands of my own dollars into it with no expectation of a return.
    [Ack. My conscience is trying to kill me]

    And whose fault is that? Why don't volunteer ask for more for the work they do, or just stop. Nobody is forcing volunteers to volunteer. Nobody is forcing goons to work for two shirts and a hotel room for 3+days. These are all choices everyone must make on their own. Why should anyone care about people whining about their own decisions? It is like a slide from a Defcon presentation where a tubgirl image is shown, and the speaker says something like, "why do these things always happen to me?" It is a metaphor for being responsible for the decisions that we make. "Doc? It hurts when I do this." If you don't like it, then stop doing it.

    [The burning. THE BURNING. Gahhhhhh!]

    [You bring up some good points Kallahar. Thanks!]

    Originally posted by Deviant Ollam View Post
    See, for me, i am in disagreement with a number of my friends about $200 being a high cost. i don't think it is.
    Costs are relative. A person living below the poverty line in New York will find $200 too high a cost. An "average" computer scientist with MS or PhD in Silicon Valley may find that super cheap. Economics. Willing and able. Blah, blah blah.

    Originally posted by Deviant Ollam View Post
    It seems like this year, DEFCON was simply caught in the swirl of information and ideas that happens whenever a new concept is tried. Not everyone is on the same page, not everyone will be happy with the results, and not everyone understood what they were getting into.
    What is wrong with trying something new? Without trying something new, there would be no invention. We don't always know the outcome of things unless we try. We can make predictions on the outcome, but until we try, how will be know?

    Originally posted by kallahar View Post
    For me, defcon is not about training and it's not about going to talks, it's not about getting certified in anything or traveling down the corporate career path. It's about the people. The people who do this stuff all year long, and we all travel to vegas to hang out together for a week. By adding explicit training and focusing on the talks too much I feel like people aren't coming for the social aspect.
    Then why don't you go out with a bunch of your buddies, and put your time where your complaining pie-hole is and [forum=568]start your own pre-defcon party with more of what you want[/forum]. Isn't that what so many of you write that "Defcon is all about" ? If you think something sucks, don't just sit there and whine about it, actually DO something about it and then support your decision. Contribute into the system and provide more of what you want to see inn the future. Then if it is popular, you can restrict access with fees, or other methods.

    [I am intentionally being a bit of a troll here with some sarcasm provided, because the thing that kallahar and others find they like about Defcon, and feel has been missing is something they have decided to address with their [forum=568]Pre-Defcon Party at the Alexis Park[/forum].]

    Originally posted by renderman View Post
    Firewall ACL's are fighting me editing my previous post
    [Sorry man. The method I described before should allow you to commit you change. After you edit the text area of the forum, select-all, copy, then click submit. When the firewall eats you post, click back, quickly click the text area again, select all, paste, then submit again. If you can do these "back" steps within 5-10 seconds, your edit should get committed. Kludgey, and took some time with Chris and I to narrow down the cause and a work-around, but at least there is a work-around.]

    Originally posted by Myrcurial View Post
    The other thing to consider is that it looks like total revenue from workshops will be something like $100k -- replacing that revenue with flat rate sales given an approximate attendance number of 10k would require increasing the ticket price from $150 to $160.
    [No. Sorry. Workshops usually have a lower ratio of "student" to instructor. Because of this resource limitation, even if badge prices were increased, some other NEW method of discrimination would be required. I do not accept an increase in price as a solution to this workshop cost discussion. Suggestions for alternatives to cash as a filter are welcome.]

    Originally posted by Myrcurial View Post
    And this conversation is a GREAT conversation. I just wish it was a conversation we were having in October or November instead of July.
    [Yes! Thank to everyone for keeping their cool and keeping this discussion rational and coherent]

    [Also, because I used multi-post reply, with interleaved replies to content, I may have mis-attributed a quotation to a person. If this happens, please let me know here in public or PM, and I will fix as soon as possible.]

    [I think this will be my last post as Devil's Advocate unless I see something that needs to be addressed. Myrcurial is providing support for the value in workshops, so my value as Devil's Advocate is not really needed here.]

    [Thanks for tolerating my forum "Cosplay"]

    [I don't think I will ever feel clean again. ;-]
    Last edited by TheCotMan; July 2, 2011, 03:13.

    Leave a comment:


  • Myrcurial
    replied
    Re: what are people's opinions?

    The other thing to consider is that it looks like total revenue from workshops will be something like $100k -- replacing that revenue with flat rate sales given an approximate attendance number of 10k would require increasing the ticket price from $150 to $160.

    This presumes that whatever the revenue sharing arrangement is (which I still don't know ;) ) is covered out of that incremental general revenue.

    Oi.

    It's amazing how often "business" creeps up on you when you're just trying to be a hacker.

    ...

    And interestingly, I'm quite of the opinion that the price for what you get at defcon is still far FAR too low. I think that $300 is more in line with reality, and would offer the general revenue pot necessary to do some very cool things -- not the least of which is make it easier on those to contribute (where contribute is ~= volunteer) to put more than just whatever spare effort they have into their contribution.

    ...

    Gah.

    I don't know. And this conversation is a GREAT conversation. I just wish it was a conversation we were having in October or November instead of July.

    Leave a comment:


  • Myrcurial
    replied
    Re: what are people's opinions?

    Originally posted by Club81 View Post
    I think they should be on Thursday. You can pay extra to go to them, but not miss out on anything in the normal program.
    Due to changes in the Speaker Contract with Blackhat, note that Blackhat speakers are not permitted to be away from Caesars for the duration of the briefings.

    I couldn't be around Defcon on Thursday without breaking my contract with BH.

    Leave a comment:


  • Myrcurial
    replied
    Re: what are people's opinions?

    Originally posted by kallahar View Post
    What rubs me the wrong way is that it feels like defcon has been nickel and diming us for the last few years. Long ago you paid once for your badge, that cash allowed DT to rent the hotel, pay the insurance, cover any problems, and maybe even pay for a few key speakers to present. EVERYONE else volunteered their time and money to make defcon happen, and it takes dozens of people.

    Now it seems like a few people at defcon are attempting to make more money off of us. In my mind, pay-for workshops just say "we want more profit". Who gets that profit? Let me tell you, it's not the volunteers. Security goons work for two shirts and 3 days in a hotel room. We don't even get free food. When I ran the robot contest I put thousands of my own dollars into it with no expectation of a return.

    Those of us that volunteer are the key to defcon's success. If some people start getting paid while others don't, that's going to cause a rift which will tear defcon apart.

    Kallahar
    My concern is the same as yours... to your point "If some people start getting paid while others don't"...

    There's a certain inequality built in though...

    Why should some "key" speakers get paid while others don't?

    Security goons work ?36? hours for ~$750 (going rate for rooms at Rio is $250/night)

    Contest runners get 2 badges (new this year) ($300) for somewhere between 1hr and 1000hrs.

    Speakers get one badge and $200 ($350) or three badges ($450) for 2hrs at defcon and somewhere between 1hr and 40hrs prep.

    Some contests have some expenses covered, some don't.


    If I'm willing to make myself available, with prepared material for 8 hours -- should I do it for free? Should I attempt to get some return for that? How does one draw the line between altruism and 'taking care of business'?


    Can I be morally, ethically and karmically clean if I volunteer *and* try to break even?

    Leave a comment:


  • Myrcurial
    replied
    Re: what are people's opinions?

    Originally posted by kallahar View Post
    So are there partial talks, or are the times wrong, or the map wrong? Are they really nine hours long?
    8 hours long with a 1 hour break for "lunch".

    Leave a comment:


  • kallahar
    replied
    Re: what are people's opinions?

    Also there seems to be more workshops than rooms... The map shows 7 workshop rooms, but the schedule says:

    Friday: Embedded System Design, Car Hacking, SQL, Engineering, FOCA, Mobile, Presentation, MITM, sexism (9)
    Saturday: Embedded System Design, Engineering, Mobile, Wifi, I2P, Binary, MITM, sexism (8)

    So are there partial talks, or are the times wrong, or the map wrong? Are they really nine hours long?

    Kallahar

    Leave a comment:


  • renderman
    replied
    Re: what are people's opinions?

    Firewall ACL's are fighting me editing my previous post:

    One question for DT or anyone in the know is 'What was the need or motivation for the workshops'? There may be something we're missing in this debate and I'd rather hear it from the proverbial horses mouth. Perhaps some problem that needed solving that we are not aware of.

    Leave a comment:


  • kallahar
    replied
    Re: what are people's opinions?

    Some quotes from DT:

    "Black Hat is like college and Defcon is the fraternity party."

    "First three years everybody at the show was there cause they cared. You know, you couldn't get a job in security. You did this cause you loved it. Then all of a sudden you could start getting jobs. Then all of a sudden money entered the equation. And then feel the underground rapidly changed around Defcon 4 to 5, 6, 7, 8, 9, until the bubble burst."

    "And you know instead of talking about the routers and their packets, and their firewall rule sets, they started talking about stock options and, you know, and setup options and how much they're getting in salary and benefits. ... And pretty soon they are getting paid a lot of money and -- and the culture gets kind of infected by money."

    For me, defcon is not about training and it's not about going to talks, it's not about getting certified in anything or traveling down the corporate career path. It's about the people. The people who do this stuff all year long, and we all travel to vegas to hang out together for a week. By adding explicit training and focusing on the talks too much I feel like people aren't coming for the social aspect.

    So in summary, everyone gets something different out of defcon, and there's something for everyone :) Having pay workshops doesn't harm me directly, but it seems like it will attract more corporate drones than "hackers".

    Kallahar

    Leave a comment:


  • Deviant Ollam
    replied
    Re: what are people's opinions?

    See, for me, i am in disagreement with a number of my friends about $200 being a high cost. i don't think it is.

    I am not rolling in dough, i'm just trying to keep a proper perspective on what is being offered and what is being paid. And $200 for a full day with any of those heavy-hitter speaker/trainers is well below what one would normally pay. (and i say this as a speaker, trainer, and workshop organizer who has performed those duties probably at more conferences than some folk even know exist, heh)

    I have built sets of trainings that my company offers at Black Hat. I am super proud to be there, as i make great contacts and send loads of students away very happy and educated (our feedback scores are off the charts, muthafukkaz! hah) and it funds my company and my life for at least the next couple months. The pricing model is pretty spot-on for Black Hat, and other events around the world who seek to offer sessions lasting one or two full days have to match it or not be taken seriously (both by trainers and by students)

    The whole "workshop" model has been a difficult one to execute at many events because, quite often, this is the most misunderstood category of conference offering...
    Talk / Presentation / Briefing - People can wrap their head around these terms. No matter what word is being used, it is understood that a briefing is something that typically takes one hour (but sometimes can be as short as a half hour or as long as a two-hour double slot) and can be attended by anyone with a con badge, assuming room size doesn't become an issue.

    People attend with the expectation of mostly one-way communication, maybe some Q&A at the end, and little attention being focused on individual audience members by a speaker who spends 99% of the time on the stage.

    Any materials or tools that are relevant might be present, shown to the crowd, and used in a live demo... but they belong to the speaker and stay on stage.

    The presenter, for their part, expects to be admitted to the con for free and (depending on the price and budget of the event) may expect to have room and/or travel covered or to receive an honorarium.

    This is all just industry standard, no matter what con you attend.

    Training - This, too, is well-understood and accepted by all parties. Trainings are at least a full day long, but far more typically they are two-day sessions, although some last a full work week, but i think that gets crazy. Participants in a training pay a separate fee to be there, and the sweet spot tends to be about $1,000 USD per 8-hour day of your butt in a chair, drinking from a firehose.

    The cost is acceptable, because that hose is being wielded by notable folk in the security scene who aren't just good at what they do, but also good at making you do what they do. That's what a lot of people don't understand about trainings until they've sat in a good one... it's not just about the knowledge, it's about the delivery. A really great trainer (i.e. - Joe McCray, Moxie Marlinspike, Major Malfunction and Zac Franken, etc) delivers material in such a way that people can go from zero to hero in a ridiculously short window.

    Students expect, and receive, dedicated instruction from someone walking around the room, seeing that each person is on the same page, and pacing the course accordingly. Often, each and every attendee will have a copy of the software in use, or an ISO image, or a toolkit, or other kickass goodies (look at our "Tampering with Security Seals" training... we're giving people all sorts of solvents, hypodermics, heat elements, etc etc etc. Pray that we don't have Medics called to our room!) and much of these materials are kept by the students when they leave.

    Prices often fluctuate up or down depending on early- or late-reg, but you're not seeing numbers below four figures without someone raising an eyebrow and saying "this isn't worth my time" in one way or another.

    Trainers are usually paid a percentage of the admission proceeds, or some pre-negotiated per-head-fee. The big variable (and if you get into this field, ask about this up front with all new events!) is whether those numbers start getting calculated BEFORE or AFTER costs are factored in. (more on this in a separate post, perhaps) Still, trainers go in with the expectation of making money per-student and that this money is coming directly from the students.

    Whether trainer travel and lodging is covered by the event varies a great deal. The fact that it often isn't is why so many trainers are keen to also be speakers at cons, since that covers their airfare and often some of their room costs.

    Workshops - aaaah... now we come to the oddball term. Everyone has a different opinion of what a "workshop" is at a conference. Most people can agree that a "workshop" is "somewhere in between a talk and a training" but then things get hairy.

    For me, a workshop is typically held in a separate area of a conference, and room size can typically limit attendance. I think a max of 30 to 50 people is where a "workshop" becomes unfeasible. This is because unlike talks, where all communication is one-way, there is a more intimate feel to a workshop and a real back-and-forth with the speaker and audience. The speaker might leave the stage for as much as a third of the time, to mingle and get up close with the participants.

    Often, with workshops, there are hands-on materials or other supplies... but it's quite common for there to not be enough for everyone. Sometimes people share among a single table or down a row. Other specialty items might only be present in a quantity of one or two, but will be passed around the room, etc.

    Workshops are rarely less than two hours long. Three is a more relevant figure for the low end. A half-day is more common. A whole day is definitely not the norm, but is still possible. I have never in my life heard of a "workshop" that is more than a single day.

    The REAL place where the "workshop" definition gets gray is where money comes into play.

    I have run workshops where i was paid a flat, pre-negotiated fee. I have run workshops where i was paid according to how many butts were in seats. I have run workshops where i wasn't paid at all.

    I have run workshops where people could simply sign-up if they were attendees of the hosting conference (but space was limited and sign-ups happen on-site as often as they happen pre-con via the web)

    I have run workshops where there was a sign-up fee. Sometimes i saw a piece of that, sometimes i didn't.

    Currently, when a new event approaches me asking about a "workshop" i try to steer them towards a system where i am paid a flat, pre-negotiated fee for my additional time, preparation, and materials. I recommend that they model their affair in a way that badge-wearing attendees do not have to pay to sit in on the workshop, although this almost always means capping attendance at a hard limit of 25 to 30 people, and making a sign-up or lottery system of sorts.


    It seems like this year, DEFCON was simply caught in the swirl of information and ideas that happens whenever a new concept is tried. Not everyone is on the same page, not everyone will be happy with the results, and not everyone understood what they were getting into.

    It's particularly difficult for some of the presenters, i think. As Myrcurial stated... he didn't even know that attendees to his session were going to be charged, per se.

    I think if this is successful, maybe we'll see the process revised in the future. I think that charging people to attend may vanish, as we become more integrated with the Rio and have a better feel for our space.

    I think that attendee charges may also drop or cease when people realize that a full-day session is bloody insane and is going to burn up the speakers and alienate/disconnect the participants from the rest of DEFCON. I predict half-day sessions will become the norm, and that they may even be Thursday as opposed to during DEFCON.

    That's assuming the idea continues at all... maybe after DC19 people will not respond well or things will change more overall.

    We'll just have to wait and see... but i harbor no ill will to anyone who was behind the idea, anyone who stands at the front of those rooms, or anyone who sits in the seats. As long as i have a crowd of jubilant people playing Gringo Warrior on Saturday and watching the madness, then i'm happy. If everyone is in Rodrigo and Chema and Myrcurial and Irongeek's workshops... then i'll think it was a poor notion.
    Last edited by Deviant Ollam; July 1, 2011, 12:03.

    Leave a comment:


  • kallahar
    replied
    Re: what are people's opinions?

    What rubs me the wrong way is that it feels like defcon has been nickel and diming us for the last few years. Long ago you paid once for your badge, that cash allowed DT to rent the hotel, pay the insurance, cover any problems, and maybe even pay for a few key speakers to present. EVERYONE else volunteered their time and money to make defcon happen, and it takes dozens of people.

    Now it seems like a few people at defcon are attempting to make more money off of us. In my mind, pay-for workshops just say "we want more profit". Who gets that profit? Let me tell you, it's not the volunteers. Security goons work for two shirts and 3 days in a hotel room. We don't even get free food. When I ran the robot contest I put thousands of my own dollars into it with no expectation of a return.

    Those of us that volunteer are the key to defcon's success. If some people start getting paid while others don't, that's going to cause a rift which will tear defcon apart.

    Kallahar

    Leave a comment:


  • acoustica
    replied
    Re: what are people's opinions?

    Coming from someone who has to fly out from somewhere else to get there, and isn't exactly in the greatest of jobs (I didn't say I couldn't afford it, just that it's expensive to me! XDD) - 200$ is a lot of freaking money. That being said, you can't always expect someone to do something out of good graces. People with ordinary jobs (IE non Bill Gates / Steve Jobs people) typically just don't have the money to provide things for free. However, I like how they decided to do the DC Shoot: Everyone pays a smaller fee to add up to roughly the cost. I saw a link awhile back to the different workshops, and they do seem extremely interesting. I can understand a fee for thoroughly teaching some of those things, but I'm a little iffy about the amount...

    Leave a comment:


  • theprez98
    replied
    Re: what are people's opinions?

    I find myself coming down on the same side as Dev, Render, others.

    I like the idea of workshops that are cheaper and shorter than those at Black Hat. But IMO they should be at Black Hat (or Thursday, pre-DEFCON), and not DEFCON-proper.

    Everyone has their own idea about what DEFCON is, but to me is that its open. I can go to, and participate in pretty much any talk, event, contest or whatever and no one is going to tell me "no". This is very similar in my mind to what Deviant called the "one badge gets you everything" policy. Now we're segregating off a part of the conference. I just don't like that.

    For the presenter, we've all been there--we need money to live and that's a way to do it. I can't fault someone for wanting to make money. I just think it belongs at BH and not DEFCON.

    For the attendee, you pay $$ to get into the conference, then you miss a full day to pay $200 more. I'm not sure I understand why someone who is probably already strapped would make that financial decision.
    Last edited by theprez98; July 1, 2011, 09:55.

    Leave a comment:


  • Myrcurial
    replied
    Re: what are people's opinions?

    I slept on this one because (for obvious reasons) I'm **involved**.

    This is going to be pretty scattershot, so feel free to stick with it or skip it entirely. Note that for contractual reasons, I cannot discuss Blackhat (There are significant changes to the BH Speaker Agreement for 2011) but I am a Speaker who receives flight, hotel, admittance and remuneration for the work I do there.

    I've been a fan of defcon since the beginning. I've been too busy or too poor to get involved until the second decade -- not a new-comer, but not as much of an old hand as many. My first defcon experience was simultaneously epic and a complete fucking disaster. Since then, I chose to get involved rather than slinking away and pouting.

    I put a lot into defcon. I've usually got the one talk that is funded by BH, and then I do extra talks, panels, contests and as much extra as I can fit in. I will never be a contributor on the level of The Right Honorable Minister of Offense Ollam, nor The Tireless Moderator of Asshattery TheCotMan, not the Esteemed Renderman (fellow token Canadian and fan boy ish hero of mine) but I'm not a scenewhore or corporate douchebag who comes to defcon for Friday only because he wants to eyeball the scenewhores.


    This year, I made the decision to be an instructor for a workshop.

    Here's the sad part folks. I made the decision to be an instructor for the money.

    I didn't realize that there was going to be a pass-along cost -- I wasn't aware of that until yesterday. But I am painfully aware that despite having flight and admission covered, going to defcon costs me a good chunk of change every year. Hacker Pyramid costs me (and a small group of very dedicated mules, assistants and volunteers) between $500-$750 depending on prizes -- there is no funding from defcon other than providing space to do it. I do HP and talks and panels and all of it... With a real job that isn't very glamourous, 2 little kids who need a dad, one bigger kids who doesn't need me much but does need someone available to listen and a wonderful wife who is putting herself through university at the same time as her oldest daughter is also attending university. I don't have the spare $$ to dump on defcon -- it's something I do because I think that my contribution helps make defcon better for everyone and because I owe defcon for what it has given me over the past two decades. I appreciate that and I'm paying it forward, but I really don't want to be taken advantage of, and there are a lot of takers at defcon. This is true of so much of defcon, the contributors (arguably 500-600 of the ~10k attendees) give a lot and usually take quite the shit talking for not doing enough or providing enough or being enough. And selfishly, having the chance to get paid for some of what I do at defcon while being able to reach an audience that was committed to learning was a pretty good offer.

    The defcon staff worked harder than they should have in order to schedule around everything I wanted to do at defcon. Much harder. And I'm very grateful.

    I have no idea if I'm going to get even one sign up for my workshop. Selfishly I hope to, because it would lift a bunch of the financial burden of being at defcon. Selfishly I hope to, because it would give me a self-esteem boost that people think I'm worth listening to -- and I am that insecure... Sadly. Unselfishly I hope to, because I think that what I've got to say is something that lots of people could use for their real lives -- a direct path to making more money, being more successful and being happier. I've given a lot of that away for free over the years... And I'm continuing to give a lot away for free.

    Am I shitting on all that is defcon? I really don't think so. I would argue that as much as defcon belongs to all of us, it's still DTs thing - and he likes the workshop idea and when I've asked for his support, he's been there for me -so I'm there for him -- it's karma bitches.

    My teenage / early 20s fantasies of being perceived as "good enough" / "'leet enough" are coming true 20 years later... People I've respected/admired/idolized for half my life know who I am... And give a shit when I say things. I am that much of an insecure spaz that I really care how others think of me.

    So, if defcon workshops never happen again, I'll be part of that failure -- but I tried. If defcon workshops do happen again (as part of the inevitable maturation of defcon) then I'll be part of that success. Either way - I tried. For reasons both good and bad. And that puts me in the shrinking minority of attendees.

    As Blackhat continues to change, so does Defcon and so do the attendees of both. There is lots of room for new blood, maybe even for Defcon TNG, but only if people step up, expose themselves to risk and ridicule and fucking *DO* something. (Seriously, the next fucking scenewhore that publicly dumps on me or pulls shit like happened at another recent con during my talk -- who refuses to contribute themselves -- is going to get my boot print on their ass.)

    Maybe that's the basis for my whole argument. Contribute. Whether you manage to make money, break even or lose your shirt... Contribute.

    I do.

    Do you?

    Leave a comment:

Working...
X