Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Re: Welcome to DEF CON 21! How would you make SeriousDEF CON 22 even better?

And you ARE right, fancy that. :-P


Pro Tip:
Corkage fee sucks.
Drink Tickets are a pretty bad ass deal.

If you want to have a free bar, all you have to do is arrange it ahead of time with the bartender. They charge a flat rate per ticket/token. If you have more questions I suggest working with Grifter to start, between Charel and Him they can get you into the best solution for your $.

Re: Welcome to DEF CON 21! How would you make SeriousDEF CON 22 even better?

I'm sure Nikita will give a more definitive answer...but it's not going to happen without paying.

You can absolutely throw a party with an open bar. You just have to pay a corkage fee. Most people that have thrown the bigger parties have decided the corkage fee is too much and have either chosen to go off site (Ninjas) or have cash bars (303).

I wasn't able to go to the documentary so I can't speak to that.
I was at the forum meet and Nikita was handing drink tickets out to pretty much everyone she saw and said to ask her if you needed more. That's not exactly open bar. DT pre-paid for those tickets so that we didn't have to.

That is my understanding of things anyway. Like I said, Nikita has better info on it than I do and will correct me if I misspoke or misrepresented anything...but I believe that I am right.

Re: Welcome to DEF CON 21! How would you make SeriousDEF CON 22 even better?

Re: booze

Open bars don't have to be funded by defcon, right now NO ONE can have an open bar without getting in trouble (in the con area).

I went to both the documentary and the forum meet and I didn't see any free booze. Do people know about it? Do they have to know someone to get to it? Is it in the program? Was there a sign anywhere?

What we want is the freedom to run parties the way we want to, and for parties I'm involved in planning that means free booze.

Kallahar

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Done. Planning on it :-)
Some good suggestions were to list the talk abstracts under Day, and I'm going to do that for dc22.

It was a new thing they tried this year. Next year it will be in the program and better coordinated.

CTF still got their props at closing, so did everyone else, Pyr0 read results of contests. CTF got their black badge, and all the black badge stuff was on main stage.

Done. Already planning on it :-) Also planning on having icons on there again that list demo/tool/exploit.

Also, it was brought up that Pre-req's might be useful for people so that you can determine if a talk is above or below your level, so we're going to do that too. That will give people a better judge if the content is too Noob for them, or over their heads so much they will be lost.


hmmmm, QR Codes...funny you mention it. We have some super sekrit plans to help people get info that will be useful to them while they are on the go. Just look for them next year in the program :-)

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?


Hmmmm, I hear what you're saying, I respect your opinion, but I have no f-n clue how to assist or "fix it". I'm sorry your fun was dampened, that sucks. I feel where you are coming from, and in your shoes I might've done the same thing.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Crash and compile is usually pretty adult. Team distraction is usually scantily clad and there is a bare breast or two during the competition .This year someone suggested that I button up my lab coat when I got there (i was wearing a corset and bra and was planning on going down to pasties) because there were kids in there and I ended up wearing said lab coat all contest.

Scavenger hunt can also get a little adult.

Just to be clear

I never said I didn't want kids at DEFCON. I was speaking of one particular place that was censored because of the children in the room and that bothered me. I am not comfortable parading around in my underwear or whipping my tits out in front of a little kid . call me a prude but that's not really how I roll and that is not a situation that I nor the contestants nor the rest of team distraction should have been put in to start with. This is the 4th DEFCON that i have been to and this is the first one where I had to be conscious of my behaviour and dress because of children by putting me in that situation I am forced to make that decision.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

I went to the Pentesters Toolkit and the Intro to Web Application Hacking. Honestly I didn't have high hopes for the Web App one as I figured that it was going to be really intro. I was kind of excited about the Pentesters Toolkit, but after around 20 minutes when he started to talk about the benefits of a water bottle and staying hydrated I had to leave.
Once again I wasn't sure whether I should say anything or not. I knew that they were 101 talks, and I shouldn't have attended them. I've been going to Defcon off and on for almost 15 years, although I do remember a DC101 that was awesome. I think it was DC15 or DC16 where the lawyer gave a presentation of all the reasons we would go to jail at the con. It was hilarious and informative.
I'll probably avoid the DC101 stuff next year. Also I forgot to mention, I think it was awesome that that contest area was open on Thursday. I don't remember that being the case in prior years.

As for the vendors, I understand, and I think that you guys did a great job. Just passing some feedback. As I said it wasn't a huge deal, it just meant that I drank slightly more than what I had planned on.

Yeah, hence my apprehension on making a comment. I kind of disagree with a full 101 track throughout the whole con. To me at least, I think there is a certain level of person that goes to Defcon. I believe Defcon to be a higher class, or a more intelligent audience. I think that you should have some skill / drive before showing up. Seomeone who is going to Defcon that plans on learning something should already have the drive to do the preliminary research before the con. They don't need to be an expert, but know a little bit of the basics. I think people that go to Defcon with the assumption that they are going to absorb ninja hacking skills through osmosis are canon fodder in the industry. To me we are still a community of RTFM and then ask questions. If you haven't first put forth the effort to try and do it yourself, then you're a waste of my time. But if you tried something and it didn't work, then I would be more than willing to give guidence and help. Show me the initiative and I will help with the rest.

I apologize, re-reading this post I feel as I come across as a giant ass. But I am too tired / lazy to try and fix it.

@ tecknicaltom
I know what you're saying about the tables in the contest area. Although, last year we had a crap ton of tables in the contest area, and most of the time they were fairly emtpy, or at least when I was there doing Project2. I think we have gone from one extreme to the other.

@TheCotMan
You bring up excellent points. I haven't had enough time to think about them, but I think a general weighting system would be key. Also you may have to arrange the talks into building blocks.
If we take wireless cracking for example:
You would have to ask yourself what your level of knowledge is.
1. Do you know what wireless networking is?
2. Do you know what WEP, WPA, WPA2, EAP/TLS, PEAP are?
3. Do you know airmon, airodump, aircrack, or aireplay?
4. Do you know what WPS is?
5. Do you know what JTR or Hashcat are?
In this example, if you don't know what 1 and 2 are then you would have a beginner talk around wireless technology and the different types of security.
If you know 1 and 2 but you haven't dealt with 3, 4, 5 then you would be an intermediate, and you would learn about different cracking methods.
Advanced would probably be getting better at injecting traffic. Wireless antenna's, tracking, and finding weird frequencies. Maybe even cracking open Wireshark and looking at dumps to pull out information, or plowing through bluetooth, RFID, or NFC.

I think with going with the weighting system those talks would be more based on teaching. I think this is how the Village talks go now. But I also think you would have another classification, and that would be zero day or releasing of code. Those I don't think would be classified the same as a track around teaching something. So you would have at least two main classifications, how to and theory / cracks.
Hackajar gave an awesome talk a few years ago on the ineffectiveness of passwords. While he had hard numbers it wasn't really a how to, and it wasn't really a release of code. It was more theory (proven theory) than anything. Bitweasil the next year gave a talk on Hashcat and how it works and how to use it with EC2 to speed up password cracking. Bitweasil's talk was more of an intermediate talk that gave some how to examples.

I think the first step would be to identify the different types of talks and classify them. If they are going to be more oriented on how to do something, then you could then apply skill levels to help delineate the types of people that will attend them.

One last point, if you are offended because you are a noob then you have some other issues to over come. This year I learned how to hand solder SMD's. I had only done SMD's with a hot plate in the past, but this year I learned how to do it with a soldering iron. I was a complete noob at it and it took me a couple of hours to get the hang of it. But after I figured out how to do it, and I became semi-proficient with the size of components that we were using I was able to start to show others how to do it, and also fix mistakes that people were making. My buddy this year is a skilled developer, but he had never picked a lock before. I don't think he would be offended by being called a noob at lock picking, but he probably would be offended if I called him a noob at programming. We all start somewhere and that somewhere is noob. If you don't want to be called a noob then hone your skills and develop the knowledge to elevate yourself, rather than bitching about it.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

If someone takes offense at being called a n00b if they are one they better toughen up. What next, feds not being able to go to events labeled as hacker events? The original names kept it fun. I have my DC8 program somewhere.

I recall reading the program and seeing in some events I was a newb and in some I was l33t. What if you have a MSCE who has never touched Linux? There you go, vastly different skill levels in one. Personally I try to always learn new stuff so the newb label does not offend me. It simply tells me that I have miles to go, and that's a good thing. To be boring we can have 100/300/500 level names like in college classes. or use monikers suck as Domo/Shipley/Marlinspike. If they let us. Then again we have more associations there wanted and unwanted.

And even if labeling becomes easy, how do you indeed know where the demand will be? Will the room be a sellout or a ghost town? We do not always see the winning talk before hand. if we could do that I'd invent the next Furby.

Regardless, even calendar entry styles would be a help. Make an open calendar online and put a QR code in the program so we can save it to our phones. That way you can even adjust for last minute talk or room changes.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

More potential improvements:

* as mentioned by several others, finding info on a talk in the booklet was a bit of a pain with the way it was organized. Organization of speaker/talk info by day might make it easier

* I didn't realize there was a separate closing ceremonies for contests until afterwards, even though I participated in contests. Was this a last minute thing, or was it omitted from the program for some other reason?

* speaking of contests and closing ceremonies, I think the contest results are a very important part of closing ceremonies, so they should not be cut/shortened in an effort to shorten closing ceremonies. The people who do awesome in the contests (especially ctf) should get their congrats in front of everybody. If the shortening of closing ceremonies is of that much importance, aren't there other things that can be reduced?

* it might make more sense to put the talk schedule (matrix view) in the center fold of the program rather than the map. Most people refer to the schedule far more frequently than the map, so it should be the most easily accessible thing in there.

* The contest area could use more open tables for contest participants. IIRC, there were a lot more last year than this year. This year, there were only 4 or 5 tables, which were obviously almost always full

* The back center of the contest area had a big booth (made up of four rectangular tables) that appeared to be staffed by some company or group using almost none of the space. Having huge areas underutilized right beside the space where you can't get any open table space just adds insult to injury. I understand that defcon is crazy hectic for all volunteers, but some kind of "use it or lose it" policy with that space and tables would have been nice

* speaker monitors on the contest area stage- the contest I was in took place on the contest area stage and the people running the contest kept trying to address us via the microphone and speaker setup, but there were no monitor speakers and so nobody on stage could understand anything they were saying

A noticable improvement over past years though was the larger space for Hacker Jeopardy. It worked out awesome and big props to whomever made that happen.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Problems with this kind of classification have been mentioned before, but here is a summary:
* There were audience members and speakers that didn't like being called "newbies"
* What do you do when there is going to be a popular newbie talk, or "uber-leet-super-fly-technique" talk which is popular, and there is need for a larger room? Tracks are assigned labels to rooms, which vary in size. Room assignments are often decided based on popularity of talk. Revert to estimates of difficulty or skill per room, and the advantage of assigning big rooms to popular talks is diminished.
* How do you decide what is "newbie" or "k-rad-ultra-leet-advanced-persistent-talk"? What is "newbie" to one person could easily be advanced to another, and an evaluation of disciplines with an increasing level of diversity means it is possible for someone to be very skilled in one area but lacking knowledge in another.
* Who decides level of skill required? Speakers may consider their content an intro talk to a topic, but their idea of target audience may be electrical engineers, or software engineers... Scope and estimation would play a big part in evaluating the complexity of a talk.

For those of you that share astcell's view on tracks based on skill, please help out with suggestions on how to address some of the above known issues. The above is not a complete list, but it is a start.

Call them "101" instead of "newbie" ?
Have only 1 "101" track and don't estimate skills required for other talks?
what are your* ideas? ("your" in the general sense, not just asking ASTCell, but any of you that would like to see talks in tracks by skill/complexity)

Thanks!
-Cot

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

I miss the way talks were broken into different haxxor levels like: n00b, I Can Code, and L33t. You know, beginner, intermediate, advanced. The program seemed a jumble. I know it gets bigger every year and the font gets smaller, but having the calendar order of talks side by side was convenient. Now I just rely on someone on the forums to put it into google calendar then I copy it from them.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

If you're not at an "intro level"... If you're the type of person who goes to most of the main track talks throughout the weekend, and understands what's being said. Then you're not the target auidence for 101. If you're looking for more advanced topics, go to the main track talks. 101 is for n00bs and it's not something I see changing. That being said, if you have specifics that you liked to share, I'd love to hear them.

Ideally speaking, 101 would be it's own track. Not a "Thursday thing", but a track that runs concurrently with the other talks/tracks. Then Thursday could be used for other things and it wouldn't just be "n00b day".

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

On these two. Just out of curiosity which 101 talks did you go to? As a speaker on both the main panel and one of the talks I am interested in the feedback. It's a tough line to figure out how to walk and I'd like to make sure that we do better with this next year if it isn't hitting the mark where it's supposed to. (On a side note, from what you said about helping out with the Darknet I am not sure that you were really the target audience of the 101 talks but either way the feedback will help us improve).

As for the vendor area. We had a LOT of new vendors this year. It is tough for us to really help new vendors gauge how much stock to bring. It's expensive for them to ship stuff. The Rio charges them to store it and what they don't sell they have to pay to ship back so new vendors really do tend to err on the side of caution.

We are always clear with them on the number of attendees we expect to be there each year but if it's a "new" product for the vendor area we really have no way to know what the reaction will be. I've picked some vendors that I was sure would be big hits and were total duds and I've picked some that I was concerned about that sold out immediately. It's not an exact science but we do try to get vendors in that will be popular and sell lots of stuff. If they are selling out quickly it sounds like we are doing a good job of that but need to figure out a way to better prepare them for demand. I'm honestly open to any suggestions on how to do that better.

Thanks for the feedback.

Roamer

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

I apologize in advance for the long post. I am just long winded, so deal with it.

This year was one of the best Defcon's that I have ever attended. Thank you everyone for all of your hard work.
I feel that this year was the perfect balance of learning, socializing and partying. Normally I tend to go heavy on one area or another.

The Closed Captioning for the talks was an awesome idea. I think this was hugely beneficial. Also for the closing ceremonies would it be possible to use one of the 3 large screens at the back of the room as a live video feed? I ended up sitting in the back and my blind ass couldn't see anything up front, but there were these 3 giant screens which one of them *cough* center would have been perfect for a live video feed.

I am bummed that I think that I missed the Forum Meet. It was originally supposed to be in Amazon F (if I remember right) but the ball pit was in Amazon E. I was in there when the Goon Band was in there, and I stayed until the fire alarm, but it did not really appear to be a forum meet. I guess I should have come back a bit later. The ball pit was freaking awesome, a real stroke of brilliance.

While I thought that the pub crawl would be a great idea, I have to agree that it didn't pan out all that well. Most of the rooms were sub 5 people, with the same music and light shows. Once again there were a couple of popular parties that most people gravitated towards. One small suggestion would be having a chill out area at night. Sometimes it is nice to take a break from the thumping and have a conversation without clogging up the hall.

The HHV was awesome this year. Even though it was semi packed I thought it was pretty close to spot on. Although they need more POWER. There was a severe lack of power in the HHV.
Also in the Chill Out room, it would be nice if the floor outlets were left open. And what I mean by open is that you don't have to pull out your screw driver to turn the screw. Not a big deal just something that I noticed.

I agree with Deviant on the water and trash stuff.

Also Pyr0 mentioned that DCDark.net should be a Black Badge event. While I have not said anything to Smitty about this, I kind of disagree with it. The DCDark.net is an AWESOME contest, that I think needs to grow. But it isn't really a competition, and I would be concerned that giving it a Black Badge would turn it into a competition. I spent 3.5 hours soldering my badge, and then I spent another 3 hours teaching others how to solder. I then spent several more hours showing people how they communicate and what the codes mean. I taught a handful of people how to pick locks so that they could work on the Rook. I then showed a handful of guys how to crack WEP (we failed, but that was because it was already owned before we got there). While I don't really want to admit to this, I probably wouldn't have spent so much time helping others if this was a competition. I would have probably spent my time solving more of the puzzles that I decided I could do at home after the con. This is just my meager opinion though.
I strongly believe that the Darknet needs to grow and get more people involved. Smitty if you read this, you and your group are freaking super heroes.

There was a comment earlier on having the Skytalks in the program with the other talks. I second this, and would love to see the TEV, HHV, LPV, and SEV talks in there as well. Or at least add them on the website in one spot. I spent a couple of hours planning out what talks to go to and had to look in a half dozen different locations and then compile my list, which I did not adhere to, at all.

I think the Chill Out room food needs to be stocked better. There were several times that I went in there and they were out of almost all food (I don't consider salad food).

Jenga was an awesome idea.

I really don't know if I should complain about this or not, but I will at least say something. I went to a couple of the DC101 talks, just because I thought that one or two of them might have been cool or informative. I will say that I was really disappointed with the ones that I attended. They were at such a beginner level that I actually left (never done that before). I know they were 101 talks, but I thought there would be slightly more info. Could have just been the talks that I went to though.

While the vendor area was really big this year, and had a lot of cool stuff in it. I am a little bummed because a ton of crap sold out the first day or the first half day. So what ever money I had ear marked for cool new shiny objects, just went to alcohol instead.

For the whole kid thing, I understand where Nikita is coming from, and I agree. But I have to side with Kallahar. While Nikita you may be a good parent and understand the risks, and take care of your kid, there are others out there who may not. My concern would be if I were to moon Flea, and a kid was standing there, that could open me up to jail time / law suits / a bunch of crap that I wouldn't want to deal with. I'm not saying kids shouldn't go to Defcon, I think that they should. I am just voicing a concern that a parent that isn't as alturistic as Nikita could put me in a world of hurt because a kid happened to be standing there when I did something dumb / entertaining. It literally would just take one ignorant parent that could ruin a lot of things for a lot of people.
I don't have any ideas to prevent this, other than to keep my ass in my pants. But I think it is something that needs to be brought up and looked at.

In theory that is all I have to say. Most likely I will be back with more though.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

If under 21, then this may have been omitted for that reason. If 21 or older, and religious reservations, that may have been handled OOB. It is also possible it may have happened off-stage. Last, we all make mistakes. Make sure the speaker notifies the speaker-track goons that this is their first time speaking at DEF CON, or remind them of this the next time they speak and let them know they didn't get the shot the first time around.

Hope this helps,
-Cot