Announcement

Collapse
No announcement yet.

How would you make Defcon 21 better?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • TheCotMan
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by dc0de View Post
    That is an awesome suggestion...
    You and other people have liked this idea, so a [forum=704]new forum for Presentation Discussions for Defcon 21[/forum] has been created.

    Let's see how it works.

    If anyone has suggestions on how to make it work better this time, please reply to the thread of purpose in the forum linked above.

    Thanks for the reminder!
    -Cot

    Leave a comment:


  • dc0de
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by Chris View Post
    It hasn't been something that has happened a lot in the past, but I think that could be on us. I think this is a good idea and will discuss the viability of having a "Presentation Discussion" sub-forum created. We'll have to get the word out through the main DEF CON site if we do it so that people know there is a place they can discuss the talks. Let us look into it and see if this isn't something we can do.

    Thanks for the suggestion.
    That is an awesome suggestion...

    Leave a comment:


  • stits
    replied
    Re: How would you make Defcon 21 better?

    Kive and I talked about this post-con and came up with a fews thing along with Network Jesus:
    • For the contest, for variety of reasons, I think each tier should be no more that ten hours long and all of them held for only one day. So instead of a progression the teams would choose a tier and only be presented with that series of TE tech to defeat and document.
    • A village going forward is a must to encourage pubic participation, education and for presentations IMHO. I've emailed Pyr0 and we should be fine on space.
    • On the presentations I'd like to see them be fifteen minute lightning talks or PechaKucha-ish for intros along with a hands on (do one, watch one and teach one) format. I'm pretty sure we have more than enough materiel for this already.
    • We'd like to see past teams come back and present on subjects like Adhesives, Envelopes and Evidence Pouches, Seals, Crimps, Wraps, Electronic Seals, Inks, Stamps, and Sealants (chemistry).
    • I think Datagram, Scorch, JK and the rest of MFP leading the charge would be amazing.
      I'd also reach out the teams from years past (Swift, Void Avoid, No Clue,Covert Penetration, Hacktar, Rapid Wombats, WTF Team 3) and invite them to mix.



    Originally posted by Dark Tangent View Post
    I am curious on peoples opinions about having a Tamper Evident village next year?

    We have so many tags, bags, and tapes and the contest has been around now for three years I want to try something new. The idea is to have a village, like lock picking, where people can play. Of course it will not be as large or as popular as LPV but it will hopefully inspire a wider audience to get involved. I am hoping then that I can work with another group do the TE Contest (MFP perhaps?)

    Leave a comment:


  • renderman
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by HighWiz View Post
    Renderman, I have to disagree with both you and Deviant here. One of the *best* things about DefCon, is that there is so much to do. I'm not knocking either of you, but I think it's kind of selfish to proceed with the idea that because you didn't "get to see your friends" or "get to see everything" that there should be less stuff (to see/do).
    No hard feelings taken, discussion is the point of posting ideas.

    Part of my opinion comes from a place of 'do alot, half assed' vs 'do less, but full assed'. I just dont want to see things get away from the orginizers where, for the sake of filling space, we are lowering the bar.

    As Deviant mentioned, it's the watercooler/keg/e on the couch moments that I love and want to find ways to facilitate that for others. My proposed schedual layout was an idea, I'd love to hear if you have any as well as anyone else.

    One of my favorite things that DefCon does is this: If you have an idea and are willing to put in the work, by and large DT/DEFCON will let you try it. They'll even create an Unofficial forum for you. So, (personally) I'd really hate to see any "limiting" at DefCon, 'cuz it runs the risk of some people with some really cool idea's being left out in the cold.
    Dont think I said that specifically, if I did, my intent was not as such. I want people with cool ideas. I dont want them displaced by people who do not contribute. My opinion is not one of exclusion, but of changing our appeal to not be as wide. If that makes any sense (things in my head are'nt always that easy to articulate).

    It's interesting that you said, and then went ahead and made your bio for DefCon 20 like this:

    If you truly want it to remain a "hacker convention" and not a "security convention", why not start with yourself and your own bio (when you present)?

    From your paper: that was written of course by, Brad Haines (RenderMan), CISSP.

    As I said, I'm not trying to ridicule you here. But if we want something to be different, we need to start with ourselves before others.

    I think that was a copy/paste from a more professional speaking gig. Late night submission. But point taken.

    As an side, using my legal name was an odd nessecity. When I started consulting, all my expertise, experience and 'street cred' were wrapped up under the name 'RenderMan'. Two seperate identities for all intents and purposes. It's been interesting to try and provide links between them that the brain inside is one and the same.

    As you pointed out in DC 101 a few times, having a nick is nessecary or else one will be assigned to you. I think most people at con would not be able to tell you my real name without having to look it up and just know me as Render. Render is my name and it's used every day as such offline as well. Ask Deviant some day about the fun situation that caused at my wedding.

    I'd like to thank you for your response. The fact we can have dialog about ideas that I love about this community.

    Leave a comment:


  • Dark Tangent
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by renakuzar View Post
    Actually, if there is room in that review board, this would be a way that I could actually contribute. I'd be glad to help out.

    Walt
    We are starting to build the CFP review team. If you, or anyone else here, would like to be a part of that please email me a brief bio of your skills, or what types of submissions you feel comfortable reviewing. For example if you are not a hardware hacker you might not review many hardware related submissions and I want a good balance of reviewers skill.

    Leave a comment:


  • Deviant Ollam
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by HighWiz View Post
    your bio for DefCon 20
    i've always been a fan of this bio for myself, above all others that i've ever seen in a con program.

    Leave a comment:


  • Deviant Ollam
    replied
    Re: How would you make Defcon 21 better?

    totally respectful of HighWiz, who has more con knowledge and experience than i could hope to (and he's way sexier, but that counts for less in planning discussions) but i appreciate this difference of opinion and cling steadfast to my belief that there are too many talks.

    for me, it's an "energy" thing. having so many talks spreads the group out so much that there are fewer "watercooler" moments later on (maybe we would call them "keg" moments or "sitting on a couch rolling on E moments") where someone speaks up and says "awe, man... i saw [such and such talk] and it was fucking amazing!"

    a moment like that makes the con better, in my view, if a few other people hanging out in that same circle of folk chime in and say "oh yeah, i saw that, too! it was [insert agreement or disagreement here]"

    there's also two more points that aren't socially-focused, but rather they are knowledge-focused...

    1. if someone is at the con to learn, this above all else, then five tracks will almost certainly make them feel like they are missing out. i'm not saying that's a fair opinion for a con-goer to have... but it does open people up to creating disappointment for themselves.

    2. talk quality. this is a whole other thread unto itself. and i'll never call people out or name names, but from what feedback i get from most other friends at DEFCON, there is a strong feeling of "the talks are just so-so a lot of the time" or "yeah, it was kinda alright, but we walked out" *

    * SUPER IMPORTANT CAVEAT - i am too busy to attend many talks. almost all of my evidence is hearsay, and i recognize that fact. still, it is undeniable that if there were fewer talk slots then by definition the CFP process would filter out even more chaff from the wheat and leave people with the cream of the crop (wishing i could mix in one more analogy)

    this would also make the CFP process a lot harder, but of course we can go round and round on that one, too. i've volunteered to help and would welcome the opportunity, eventhough i doubt the process will ever take the form that i would idealize in my own head (people having to submit full slides with their CFP, possibly even submitting some kind of evidence of their ability as public speakers)


    So, for a variety of reasons, i remain committed in my belief that 4 tracks would be more than enough. My reasons are multiple and manifold.

    Now when are you and your sweetie-pie going to come down into the city for a drink with us one of these days, brother?

    Leave a comment:


  • HighWiz
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by renderman View Post

    <snip>

    Related to the above is that there is way too much going on at any given time. Never thought I'd say that about Defcon but I experienced it this year. I barely saw any of my friends because with so much going on, the chances of being at the same event were limited. Throw offiste events like the Ninja party and it gets worse. Again, in the essay:

    - Talks 10am-5pm
    - Villages run to 7pm
    - 'Official' parties start 8ish.

    Basically the idea is that you reduce the distractions to allow people time to eat, shower, change, meet up and have an hour of social time because there is nothing major happening. It's a calm before the storm that helps facilitate being social, as well as the 3-2-1 rule.

    <snip>
    Renderman, I have to disagree with both you and Deviant here. One of the *best* things about DefCon, is that there is so much to do. I'm not knocking either of you, but I think it's kind of selfish to proceed with the idea that because you didn't "get to see your friends" or "get to see everything" that there should be less stuff (to see/do).

    Why start trying to "limit" things? What if someone said "Hey, let's get rid of all the villages, they distract from the talks". How bout "Let's get rid of all the parties and keep the hacking things open later".

    Maybe my Libertarian side is bleeding through here, but if we start "limiting" different aspects of DefCon don't we run the risk of limiting people that attend the event?

    One of my favorite things that DefCon does is this: If you have an idea and are willing to put in the work, by and large DT/DEFCON will let you try it. They'll even create an Unofficial forum for you. So, (personally) I'd really hate to see any "limiting" at DefCon, 'cuz it runs the risk of some people with some really cool idea's being left out in the cold.

    If someone feels that there is "too much to do", instead of trying to control everyone else by putting "limits" on what is done (and when). Maybe that person just needs to prioritize better for themselves.

    As I said, I'm not *trying* to take shots at you here, and I think everyone appreciates the fact that you took the time and energy to create that document and post your thoughts. However, I do have a response to something else you said in your document.

    Culture:
    When did Defcon go from a hacker convention to a security convention?
    It's interesting that you said, and then went ahead and made your bio for DefCon 20 like this:

    Brad Haines (RenderMan) CISSP, is a Whitehat by trade, Blackhat by fashion. A very visible and well known member of the wardriving and hacker community, he does whatever he can to learn how things work, how to make them better and to teach people the same. A firm believer in the hacker ethic of openness, sharing, and collaboration. Never afraid to try something new, he can usually be found taking unnecessary risks for the sake of the experience.
    Twitter: @ihackedwhat
    If you truly want it to remain a "hacker convention" and not a "security convention", why not start with yourself and your own bio (when you present)?

    From your paper:
    Look at the DC7 speaker list and there are is only a tiny number of speakers using real names, the rest are all nicknames and hardly any company affiliations mentioned.
    that was written of course by, Brad Haines (RenderMan), CISSP.

    As I said, I'm not trying to ridicule you here. But if we want something to be different, we need to start with ourselves before others.

    Leave a comment:


  • renakuzar
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by Dark Tangent View Post
    Does that mean you volunteer for the review board next year? Just 300-400 or so submissions to review! We would love to have you.
    Actually, if there is room in that review board, this would be a way that I could actually contribute. I'd be glad to help out.

    Walt

    Leave a comment:


  • DJ Jackalope
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by Dark Tangent View Post
    I am curious on peoples opinions about having a Tamper Evident village next year?
    Yes, please. We could chain Datagram and MMCA's team (is Datagram on it, i can't remember) to a table and make them show us voodoo.

    But actually, it would be absolutely awesome to have some stuff to play with because a lot of it is hard to get in small quantities and/or still attached to things that we don't want to have evidence of tampering of.

    Tamper Evident attached to Lockpick Village would be off the hook.

    Leave a comment:


  • wrøng!
    replied
    Re: How would you make Defcon 21 better?

    And what? Everyone gets X amount of time to try? How would you manage it?

    Leave a comment:


  • astcell
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by Dark Tangent View Post
    I am curious on peoples opinions about having a Tamper Evident village next year?

    We have so many tags, bags, and tapes and the contest has been around now for three years I want to try something new. The idea is to have a village, like lock picking, where people can play. Of course it will not be as large or as popular as LPV but it will hopefully inspire a wider audience to get involved. I am hoping then that I can work with another group do the TE Contest (MFP perhaps?)
    Get tamper evident materials which mark the contents of the container, such as the ink bombs banks use to mark money from a robbery. Then put a black badge in the container and it is only valid if it remains uninked.

    Leave a comment:


  • renderman
    replied
    Re: How would you make Defcon 21 better?

    I usually unplug from the forum for a bit after con, but this time, I started a new job and never really plugged back in. New Year came and went and I'm making time to step away from work and get back into things I actually like doing.

    So last year I published an essay that I had sent to DT about making DC20 better. It sparked some discussion and in subsiquent conversations was well accepted by staff and orginizers. I know this because no one punched me at DC20 because of it.

    If you want to refresh your memory, it is here: http://www.renderlab.net/rants/Defcon-suggestions.pdf

    Some things were addressed, some still remain. Here's some of the updated status of things in my mind:

    <RANT>

    The CFP process still rocks (thanks Nikita!). Though still amused at the Kaminsky thing.

    The lines moved so much faster and anyone who complains should compare to the last year at the AP. If you were there waiting, well you're a shnook and should have been sleeping in or doing to DC shoot or something else. DT has assured that badges will not run out in future and I trust that. Show up later and still get a badge.

    Somone mentioned that if you can't present something in 50 minutes, you really have something huge or you should really go back to working on your talk. I tend to see the opposite problem. 50 is 45 minutes of step by step or 'filler' on stuff we already know or could be digested and the last 5 minutes is the cool stuff. It's a pet peeve of mine and alot of the corporate types tend to do those talks because they play well at other sec cons, but the audience here is different and they should acknowledge that. An example is Charlie Miller's Apple battery hack a couple years back. Great work, but did'nt need 50 minutes IMHO. It's an astute audience and in most cases, un-needed dressing around the meat of the hack. My talk was a great deal of background and process, but for something like the air traffic control system, nessecary, particularly since it did'nt end with 'reported to vendor, patched last week'.

    As for the quality, I reserve some judgement since I attended few talks this year and as a speaker, I admit some bias. I mention in my essay some pet peeves and things I've noticed. I echo Deviant's points that Defcon is the high point of sec cons and can/should bring in the best bang they can. That said, excluding good ideas because of inexperienced speakers is'nt in line with this community. Some people can't beta test talks or get experience on the circut due to finances or geographical isolation. Thier one and only con speaking change may be Defcon. That said, the bar for the content should be set a bit higher if the speaker is an unknown quantity. I'd rather goto a newb talk by an entertaining speaker rather than an regular talk by someone who cannot form a complete sentance. That said, if the content is elite, I'd be willing to put up with more

    I was on the speaker selection commitee for HOPE this past year and learned alot of the difficulties the selection people have. That said, due dilligence in vetting the speakers previous speaking experience goes a ling way to keeping the audience happy. I remember at another con that was great content, but the speakers inexperience really took away from the talk and made it almost painful to be there. Now that same speaker has improved greatly since then, but it would have to be a stellar topic with lots behind it to want them to speak as they first did.

    One issue that irked me slightly was the overlap of Andrei's ADS-B talk at Blackhat and my own. Since BH is before Defcon, his talk got much of the attention, which is not unexpected and actually quite welcome since we both had the same goal of getting info out. The problem was the overlapping of topics caught me by surprise. If He was presenting at BH and likely submitted to Defcon, why were both accepted? Often the same speaker presents at both. I would have expected selection to favor the continuation of the momentum at BH and have Andrei speak at DC, rather than myself on the same topic. No idea if the BH and DC selection people even see one anothers submissions or if there is any coordination.

    I totally agree with Deviant and others that the number of talks is too high. Between 5 tracks, villages, skytalks, it's impossible to see everything. Fewer tracks, bigger rooms, tighter vetting of speakers to get the best we can.


    Related to the above is that there is way too much going on at any given time. Never thought I'd say that about Defcon but I experienced it this year. I barely saw any of my friends because with so much going on, the chances of being at the same event were limited. Throw offiste events like the Ninja party and it gets worse. Again, in the essay:

    - Talks 10am-5pm
    - Villages run to 7pm
    - 'Official' parties start 8ish.

    Basically the idea is that you reduce the distractions to allow people time to eat, shower, change, meet up and have an hour of social time because there is nothing major happening. It's a calm before the storm that helps facilitate being social, as well as the 3-2-1 rule.

    Getting select speakers to do their talk a second time during this period may also be an option. If there's an encore presentation, those that could'nt get in first time around are not totally screwed.

    Related to that was the chill out room. I found it very loud in there and not condusive to sitting around and hanging out, particularly the stand up cocktail tables that ended up as defacto trash collectors. More couches please. I like what they were playing, but there was not much chill in the room.

    Defcon Kids: Keep doing what you are doing, I saw no issues there. Though I'm not a fan of the 'kids' badge unless it is specifically restriced access after X o'clock and therefore reduced value to the wearer.

    Keynotes: Adam Savage was cool, Same with Gen. Alexander, but frankly do we need them? It's not like we are hurting to put butts in seats that we need to bring in celebs. Do we need to have non-community celebs show up? The logistics and headaches they cause in terms of lines and security may not always be worth it (The goons and other security walking around and the fact you were afraid to even scratch yourself during the Generals talk says something).

    I did'nt note any advertising that was over the top (not looking as hard this year) so whomever was keeping an eye on that, good job.

    Reading through all these posts shows there's some good ideas out there. Keep them going with them.

    A few random things:

    The suggestion of a Badge integration of Name/Area code fill in area; I like this.

    Grey Frequency and I dress up because I remember one couple from DC 7-9ish who went all out in thier costumes back in the day and appreciated the effort and want to continue that. I invite others to dress up more (formal or halloween) in the evenings. It's a great deal of fun and makes for a great project through the year to plan. Any suggestions on how to get more people to 'dress up'

    To anyone that thinks Goons are big ol' meanies, a few words. Think about the community we are in and our traits. We tend towards anti-authoritarian. Goons are a nessecary authority. If they are yelling and being imposing, it's because alot of people won't recognize thier authority unless it's reinforced with a primal sense of maybe getting your ass kicked. I know many of the goons. They keep us safe and intercede before cops, hotel security gets involved and take thier duties seroiusly. If them yelling to get the point accross bothers you, either A) Realize they are nessecary and stop being a dick that is causing them to yell. B) Show up a week early, help setup, walk 20 miles or more in 8 hours around the hotel each day without drinking heavily, being able to participate in events you want to or seeing talks you want to see and dealing with people who are being dicks. If you do either A) or B) and the goon continues to be a big meany, you then have a right to complain.

    I'm sure I'll have more, but for now, that's it.

    </RANT>

    Leave a comment:


  • Deviant Ollam
    replied
    Re: How would you make Defcon 21 better?

    Originally posted by Dark Tangent View Post
    I am curious on peoples opinions about having a Tamper Evident village next year
    we've long-thought that this content deserves its own showcase at DEFCON. i recall that last year the room we were in for the Lockpick Village had a smaller room on the other side of an airwall and this small room was relatively unused. If that became the Tamper Village it would be able to possibly have one doorway open as a connector between us and them.

    There's a lot of natural cross-over between picking and seal tampering. Hell, we even run these two topics as semi-connected trainings at Black Hat now, as you know. I think there'd be a lot of synergy and cross-pollination if the two Villages were linked. (but still having their own entrance/exit doors into the main hallway, of course)

    This would also allow us to help with staffing, since DataGram and Scorche and Cowboy hang with us in the Lockpick Village so often and we could have them (as well as some others from our staff who have ties to this knowledge) float between at times to cover crowd management.

    Leave a comment:


  • Ziptie
    replied
    Re: How would you make Defcon 21 better?

    I was on one of the ad-hoc fail teams the first year and would take advantage of being able to wander in and talk with any of the guys from the other teams.

    Cheers

    Leave a comment:

Working...
X