Re: Defcon 20 Suggestion Essay

Yes, but it is not old enough to buy alcohol in Nevada. :-)

This is something I have observed with many people. Many people claim their first Defcon felt more like a hacker convention, but later Defcon drifted away from this feeling.
Is this because it has always been drifting away from being a hacker convention or is it because people attending Defcon for the first time have no expectations about a Hacker Convention, and their first Defcon sets a bar, and expectations for what a Hacker convention is, and any change away from that is evaluated as a drifting away from what a hacker convention is or should be? Maybe it is neither of these, but something else.

I am too close to this to know which of the above may be the answer, but I still push this as a point as something to think about with respect to how Defcon is evaluated as a Hacker Convention. (Others have claims Defcon 5 was the first time Defcon stopped being a Hacker Convention because of the dot-com boom co-opted contributors to previous years, causing them to, "sell out," to, "the man." Other push this date further out to Defcon 8, 9 and 10. Some recent attendees, having attended Defcon 15 as their first Defcon, claim Defcon 15 was the last year it was a real hacker convention.

I'd like to suggest a reason for this is a cost delta. If 2 human badges are offered as an alternate to $200, the actual cost of those 2 human badges is much less than $200. The only costs are for the production/manufacturing of the badge and a per-capita cost aggregated over all other "free" badges (for goons, volunteers, other speakers, etc) as a percent of all sales of badges for cash to cover the cost of manufacturing these badges given out for, "free."

(The cost of making, shipping and distributing "free" badges is made possible through encumbering paying members of Defcon with a cost for entry. Effectively, if we consider Defcon as a government, paying attendees are "taxed" so that non-paying or subsidized, or compensated attendees can get one or more free badges.)

A payment of $300 (cash) to speakers instead of 2 badges is much more expensive than $200 (cash) which is probably 2 to 4 times more expensive than 2 "free" humans badges.

Choosing to go this direction would likely mean more speakers would choose $300 instead of 2 badges, and this extra cost (likely 4-8 times more than 2 "free" badges) would mean cash would needed for this, which would increase the cost paid by paying attendees to more than $150/badge.

There is no need to comment on how cheap $150 is for a conference like Defcon, especially when compared to other conventions. I understand this side, and others. This is meant to describe some of the likely costs involved with a $300 payment instead of the offered "2 human badges or $200.

This has been discussed before, but volunteers have been lacking. An idea has been proposed several time by different people to provide a video booth for people to provide rejected presentations in front of a camera for inclusion into a drop-box. Ideas related to this have included incorporating a live drop-box in the booth for documents associated with the video presentation to be uploaded by wifi to smb share, usb ports, etc. People could even record these things on their own, place their video on a thumb-drive and upload it that way.

These have been good ideas, but the problems involved with this idea include:
* Who is going to spend all Defcon monitoring this for vandalism?
* Who will build this software to make this work as a drop-box, and not let others read that drop box?
* Will someone that steps forward to do this choose to profiteer on the data they capture?
* Someone to review submitted content for plagiarism, copyright infringement, etc. before making them available to others to download.
* Was the provided video made by the person that submitted it with rights to duplicate? (How would anyone verify this?)

Such content (with support and permission from DT) could be added to the defcon media server.

One attempt at this has been, "the Defcon confession booth," but lack of privacy and a way to avoid the background noise of people talking have been difficult. Additionally, few videos have been recorded or put online, or announced as available on the main defcon site. (I've seen a few, but not many.)

It is a good idea. Who will support it?

This is my primary concern with, "Defcon Kids," as I've seen it elsewhere. The attempt to make Las Vegas, "Family Friendly," for example, lead to more enforcement of city laws and a greater presence of law enforcement to squash many kinds of expressive behavior on the strip. Parents that expect other people to change for the sake of their kids are annoying.

Yes. And consider this: speakers now arriving to pick up speaker badges must use their real names, and provide government issued photo ID. [Edited: see DT's reply below stating that government ID is not require if just picking up badges, and NOT picking up a check.]

I can understand how this might be done to avoid identity theft to steal speaker badges, but could be solved with a pre-shared secret, and allow people to use pseudonyms again, but as Defcon has gotten older so have the contributors, and many have, "matured," and chose to drop their nicknames for many reasons. One of these reasons has been because they found it difficult to leverage their nickname prestige into advantages in the job market to make more money.

This is a difficult issue. Imposing restrictions on what contests, events and parties may announce/"advertise" would likely be viewed as fascist or authoritarian or a restriction on their speech, or censorship. Really, it isn't any of these, as Defcon is not a government, but people will likely complain as though it is acting like one.

It is a double-standard for me to bring this up, as I enforce restrictions on content in the forums based on the present rules:
* Weed out advertising/spam
* No politics or Religion

However, Defcon contests, events, and parties have included advertising, and some events are quite political (consider the EFF and this year, consider the vendor room with the EFF donations table and ACLU donations table,)

In these two areas, the Defcon forums does not offer the same content as Defcon, and that does make me feel uneasy, but our little governing system of the forums based on a the votes of mods and admins says that these are the rules we will enforce, and these rules exist based on past experiences and how to handle problems from the past. (We are not a democracy or republic, but more of a collection of benevolent dictators that attempt to make decisions based on user behavior.)

I think Defcon is a little like the forums in this way, or maybe the other way around. The people that run departments make decisions based on the problems they see at Defcon, and take actions to solve the problems they see. It is easy to ignore or be oblivious to other issues or concerns about Defcon unless they are pointed out, brought-up for discussion, or complained about with constructive criticism. Contention in this space comes to exist when one person's freedom is the cause of another person's complaint and calls are made to restrict behavior, or actions.

One example of this is the, "Goon Card," incident of last Defcon. An action by one or more people was viewed as undesirable, so a reduction in freedom of expression is imposed to deny people from behaving in a way that was viewed as undesirable.

This same system is at work when we call to have restrictions placed on people running contests, events, parties, or whatever at Defcon.

I recognize that imposing restrictions on people's freedom for some things can have value. For example, a freedom of expression in the form of one person killing another person is a freedom that often denied. Most of use would agree with restricting such freedom. Then what we would argue over is what freedoms should be restricted by a central authority. Next, a system of enforcement and penalty would be required because without enforcement, laws are meaningless, and without penalties, enforcement is meaningless.

So, on the topic of advertising at Defcon: I don't like it, but how would something be done about the problems of advertising? Who would enforce it? What would be the penalty for abusing restrictions on advertising?

Thanks for your paper. I agreed with many parts.

Re: Defcon 20 Suggestion Essay

Render,

Thank you for posting this. I should have reminded you it was time to go public. Between your writing and DO's post I think we hare having a good conversation. Great!

Cot, a clarification: There is a way speakers can check in a pick up badges without revealing their real identity, but if they want to get paid money I need to cut them a check. This policy started when someone impersonated a speaker and got in - we had no way of authenticating a speaker we had never met before.

About the overall conversation about how the con has changed over the years, I think about this topic a lot. I am sure it is a natural evolution of the .com growth, money entering our community, and people moving from hacking being a hobby to hacking being a career. The size of DEF CON has changed the nature as well, and I try to create smaller areas and more opportunities for people to make social contact outside of the speaking rooms. The AP was great for social. The Riv was great for adding capacity to the content side of the con. I hope with the Rio to get back some of that social opportunism.

More later, just wanted to add this to the current stream of conversation.

Re: Defcon 20 Suggestion Essay

Thanks for that. About 2 years ago, I was visiting the room at the Riv where people picked up their speaker badges. The person with the list required real name and government issued photo ID from people that wanted to pick up speaker badges. They were asked if there was any other way to pick up a speaker badge, but they said no. Nikita happened to be passing by, and she was able to verify the person was who they claimed to be without the speaker providing a real name and government issued photo ID. This requirement for ID before Nikita arrived was a surprising thing to witness.

(This speaker was not picking up any check, just a badge.)

Was this just a case of a, "training opportunity," for the person handing out speaker badges, or was this requirement identified as a problem and changed after that year?

(It would be great to read that this was just a case of the person handing out speaker badges not knowing of another option for would-be speakers to retain anonymity when picking up their badge(s).)

I've edited my post to use strike-out over the text with the incorrect information, and a comment about the edit.

Thanks!

Re: Defcon 20 Suggestion Essay

We all get busy. it happens. I wasnt going to let this issue go anyhow.

We've definatly identified some of the reasons for a percieved decline. The trick now is what to do about it. I've made my suggestions but I want to hear others. I'd also like to hear if any of the department heads have any comments.

Re: Defcon 20 Suggestion Essay

Neither, It's always been the policy that Real name with photo ID OR a pre determined pass phrase or code that must match the what's in the speaker registration database. So to answer you truthfully, it's the speaker not paying attention to the emails I send out that list this rule out plainly. I send it out several times each year.

If they want money but don't want to give their real name, the cheques may be made out to CASH, another person, company, or charity. All of which needs to be made perfectly clear before the con.

I make it clear that you can call yourself happy boo boo kitty fud for all I care, but your identity needs to be verifiable and I am more than happy to make any number of considerations to this. Also, the speaker check in administrator has the authority to challenge a speaker if they don't want to show ID, and if they feel verified it's up to their discretion.

Also, a frequent problem is speakers trying to pick up badges for other speakers and co-speakers. You won't believe how much that request or attempt happens.


Also to add, I've gotten angry emails from both sides of the fence. You have my name online! & You have my handle online! More often than not, the speaker wants both their name and handle represented equally since most are trying very hard to make a career for themselves. Just what I've noticed.

Re: Defcon 20 Suggestion Essay

Damn you renderman. This is like getting homework. Blah. Actually, good stuff, I too love to see the ideas flowing.

DC Kids

Arg. Arg. Did I say arg?

I feel the same way about DC Kids as I do having my kid at our local dc501 events. Double edged sword. My oldest (11) is very interested in tech/hack/cool; it would be good for him, and he has been at meetings/events when it feels appropriate. I worry that his presence causes some self-censorship in the group, and that’s counterproductive in a “hacker” environment. Fortunately he was at a secret Mossad training camp last summer and I didn’t have to make the decision about taking him to DC19…even now I would love for him to experience “DC Kids” but I’m concerned about how it would change my con experience, let alone the larger impacts on others.

Sorry there’s no real suggestion there, but I do want to point out that for parents “in the know”, it’s not an easy decision. I see a lot of value in both positions.

Culture:

I think when the majority of attendees realized they needed a job.

I think there’s room for both. I ignore the corporate schlock and get on with going to talks by drunk robot chicks and such. And DT’s movie nights, those are phun. Some asshat shilling in the hall handing out cards? Do your best Depp/Wonka impression: take the card, toss is away and say “you’re really weird”. If more people did that there would be less shilling.

Me too. While there were suits about, I think I still saw plenty of passionate punks at 19. Keep ‘em coming. I’m focusing on the “built something cool” part now. The question is hacker or maker con? Or both? I think some would claim the shift to “maker” is a change from DC’s roots. As a hardware/embedded systems/hands on kind of guy, I welcome this shift…but is it really a shift?

Shift or addition?

My con background: first was 3. Hit 5 and 7. Actually 7 was my son’s first con, ShortGrrl was preggers at that one. Family and work situation kept me away a few years. I came back, and hope that it’s “back in full force”. I don’t ever want to miss again. Even though I’ve heard that dc20 is canceled. Bummer.

So while I’m not an uber hard core everyone knows me kind of guy, I’ve seen a lot of changes at defcon. And I’ve seen everything that people have complained about: it’s too big, it’s too corporate, it’s different.

I don’t know how much I agree with those complaints: I think many of these things have been additions to, rather than shifts from, the “core values” of the con. I think many of the talks I appreciate now wouldn’t have happened at 5 – it would be like “yeah, that’s cool but what does it have to do with hacking?”

Speakers/Talks

ShortGrrl has mentioned doing some serious research on the topic: “The Dark Tangent: Toaster or Timelord?”

Attracting new speakers is a challenge. If you cast a wider net in the call for papers (where else does that happen other than the web site and forums?) you end up with more corporate asshats. I think the concept of a theme for the talks is done to try and attract new speakers. Maybe it works, maybe it doesn’t.

I prefer to see the speaking schedule stay full; it’s part of the addition instead of shift theme. More speakers is more possibilities for the varying attendees to pick a path that suits them, though I do agree with Render that the later talks pose a big “party or talk” issue, but I do like having more choices than I could possibly ever attend.

It appeared to me that this was attempted, and has been done in the past. I think the reality of last minute changes and the challenges of scheduling anything like this makes it not always work out that way. I would be happier to see “official” tracked talk groups.


Advertising:

Blah. Was Grand Prix racing purer “back in the day” or is the sport better because there’s more money available, albeit tied to expectations. It’s inevitable I think. As long as it’s not tied to restrictions on how the con and/or contest goes down, I’m ok with it. It’s the real world, stuff costs money. Now if BigCorp comes in and says “we’re sponsoring this contest, but you guys can’t say “what the fuck” so much”, I’d have an issue with that. Of course that’s a path for someone to hack BigCorp’s desire to sponsor – find their people and compliment them on the fine fucking job they’re doing. Asshat.

In Conclusion:

Overall I think the success of DC is that all these things have been added without really losing the “core values”. I think that how we feel about the con is a more a reflection of us than the con itself. To me 17 was like going way back, probably because it’d been so long since I had attended. 18 was a little blah, and I could’ve easily commented on how it changed….but 19 rocked on, and I felt more “there” than I had in a long time.

My suggestions?

The unofficial/semi official/goofball events are CRITICAL. The shoot, the ToxicBBQ, all that jazz, is where you make the connections so you can figure out who are the “birds of a feather”, and then plan talk attendance, village time, and parties with new friends.

Promote the forum meet more. Oh, and I think any attempt to MOVE the forum meet at 20 will be met with an Occupy force the likes even anon can’t imagine…

Goofy contest idea, and probably doesn’t add much here, but I just thought of it so I will include: On stage “Jack On” contest. Competitors have access to a big pile o’ parts, first one to build a functioning computer and put a post on a forum page wins. Even though it may be so hard for the likes of us to come up with surplus mobos and drives. Hmm, that comes back to the beard contest – I think keeping something happening on stage in that area makes more people likely to interact.

And, personally, I’d be happier with more Motoko. And more belt-feds.

Re: Defcon 20 Suggestion Essay

Then maybe a conversation took place before I arrived to witness this, where the person asking for the badge told the person with the badges they did not have the pre-shared secret.

When I arrived to observe this, the person trying to get the badge was being told they have to provide government ID to get their badge, and did not mention any other path towards establishing identity.

That is good to know. Does the other procedure for anonymous pickup of badges allow one person with all of these pre-shared secrets to pick up badges for other people?

Re: Defcon 20 Suggestion Essay

One question to the group: I hear the complaint that DEF CON is too corporate once in a while, and I want to understand it better. DEF CON does not take corporate sponsorship, and never has. Other hacker cons, just pick one, do, yet they are not called out as being too corporate. Shmoocon comes to mind as a great community driven convention, but with such sponsorship. (http://www.shmoocon.org/sponsors)

If corporate sponsorship does not make a con too corporate, then what does?

Something that I will change for DC 20 is to make sure the contests who needs sponsorship follow the rules on displaying company logos. I don't want to walk through the contest area and feel like I am at RSA.

Re: Defcon 20 Suggestion Essay

I think renderman summed it up perfectly:

and

Like I said before, me personally I just ignore the "gawkers" or have fun with them when possible. And some aren't so bad...but, I'm fighting self censorship here because I don't want to be that guy (probably too late)...I think, from render's comments and other attendees I've talked about this with, there is a perception of two distinct types of people at defcon: the real core hacker peeps, and people who are there just because their employer pays for it.

Of course plenty of the "real core" are there with corp expense accounts, or claim the whole thing as a biz expense, or whatever hey-this-is-the-real-world thing they can do, but people who consider themselves the real core will do what they can to be there, employer status (or even employment status) be damned. The corporate backed guy who isn't part of the "real core" is only there on an expenses paid vacation. If "the man" hadn't paid for it, they wouldn't be there. They don't compete in contests, they don't read the web site, they don't hit the forums. They don't "live it". They are spectators, and I think some in the "real core" don't like that.

I grew up in a small southern city -- city that is, not town, big enough to be big enough. Only one really good dance club though, of course it was a gay club. Back in the day it rocked, best party in town. Then it became cool for the rednecks to take their dates to see the drag shows, just to show how open minded they were. Some thought the club suffered because the "real core" felt like they were being invaded. It wasn't a question of gay vs. straight, all sorts of folks had always attended the club. It was the feeling that the club was filled with spectators (of a lifestyle) instead of those of who lived the lifestyle. Of course the business reality was that the club was super successful because attendence went up, and it lives on to this day...but no longer as a "gay" club. Business success, but they shifted away from the core that got them there.

Other than render's suggestion, I can't think of anything to change this.

And frankly I don't know if it needs to be changed, but I can see how others feel this way. I'm looping a bit here but the presence of spectators doesn't bother me too much. And I still believe that the "real core" hackers believe that this is a meritocracy, and that you can't judge who the "real core" are by their t-shirts or their ties.

Re: Defcon 20 Suggestion Essay

The issue of "corporate" is not one of top down sponsorship (thats out there for everyone to see and understand) but what the attendees and speakers bring to the place (bottom up). As I noted in my essay, corporate logo's in the corners of slides, press releases about talks, general reasons for being there, etc are what bug me most. It's not the orginizers doing it, it's what attendees are doing and bringing into the room.

It's a situation of appeal and accomedation. How much have we gone down the road towards to appeal to the expense account crowd and accomatade what they are used to? If you give them a platform, they will use it. I'm thinking we need to change direction and maybe make it a little less appealing for them, or find ways to level the field. i.e. state in the CFP requirements for bio's, no employer name dropping. Not an outright ban, but a discouragement of using the 'company' slide template.

Firmwarez hit this one really well. the trick now is to figure out how to integrate them and get them participating or make it unapealing for them and they dont come at all.

A reduction in the talk schedual and more focus on villages, meetups, non-talk events would help I think. Also pushing the community angle (i.e. forums meetup) means that people would be encouraged to interact and participate to do things, rather than standing on the sidelines.

Re: Defcon 20 Suggestion Essay

I'm a DC17-18-19 veteran (noob) and heavily involved in my local hackerspace. Maximum respect to all who help create such an amazing community and event.

I'd like to see a bit more focus on hacks versus talks, and think the exploding hackerspace community can be tapped to provide more hacker content versus "corporate" content. Ironically the Facebook security stuff at DC18 was highly interesting to me, so you can't judge a book by its cover, but I've also heard the maxim "you don't go to Defcon for the talks" repeated a few times. And I think the villages and cozier events like B-Sides are amazing compared to standing in line for tracks.

At our hackerspace, we've observed that classrom style presentations go over like a lead balloon compared to a workbench or "gather round the table" style. Same content, different seating, more hands-on, changes the vibe entirely. I even toyed around with the idea of doing away with chairs. It's amazing to see a young eager hacker (or wisened graybeard) take control of the laptop and add their perspective, but it only happens when they don't feel like an audience.

So huge talks are good, but I think the real hacker bits happen in the sub-20-people atmosphere, especially when there's something hands-on and not just talk. And hackerspaces are full of half-baked cool stuff that isn't ready for the stage but is interesting enough to pique hacker interest. Last year's hackerspace panel was great, and a few of us agreed that a hackerspace village would be awesome if there was room. Hackerspaces.org has a quite thorough list of spaces and active mailing list if you want to make that happen.

+1 to the free/cheap BlackHat issue, if you want to see the hacker circus you should at least pay admission ;)

Finally, a bit of philosophizing can go a long way; people might've been disappointed with metal badges until they heard the backstory from Lost, and people might be disappointed with the quality of talks unless they hear that the focus is on providing a more intimate environment. I wouldn't be so brash as to jump in with a post like this without you saying you want to foster smaller stuff, DT, so thanks for communicating your vision for this awesome event.

Re: Defcon 20 Suggestion Essay

No, because check in time is a good way to see the speakers face to face, get them oriented with speaker control, get them any need to know information and make sure they all know everything they need to about how to get to the green room and who to meet and when. Be here 45 minutes before your talk, oh and can you fill in a talk for so and so they got pulled...etc.

Re: Defcon 20 Suggestions

I think the nut of what's bothering people is that Defcon used to be a small gathering of the "us" discussing things "them" out there didn't know. Now there's so many "us" that there's really not a "them" ...at least not worth enough respect for the knowledge gap to makes a difference.

As to ideas for the next Defcon, how about:

Iranian CTF: Each team tries to keep their drone flying and crash their enemies'. No physical combat allowed.

Re: Defcon 20 Suggestion Essay

This thread has been closed and copied to the [forum=615]Defcon 20 planning[/forum] forum.

You can find this thread has moved to this location (link)