Announcement

Collapse
No announcement yet.

How would you make DEF CON 23 better than DEF CON 22?

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How would you make DEF CON 23 better than DEF CON 22?

    Hello!

    It is that time of year again. DEF CON 22 (at the time of this post) has started. Yesterday, unofficial events started like the DEF CON Shoot and Hacker War Games, and many more events and contests begin today, including DC101 -- an intro to DEF CON.

    Here is your chance to make DEF CON 23 better than DEF CON 22.

    Constructive criticism is welcome. Condemnation without suggestions on how to resolve a problem is just flaming; please be constructive with your complaints.

    Did you observe something at DEF CON that made your time less enjoyable? How would you improve that?

    Did you find something you really enjoyed at DEF CON and want to see it return, or expanded?

    If you were the Dark Tangent, what would youdo to make DEF CON 23 better than DEF CON 22?

    This is your chance to speak up, and let everyone in the community know about your ideas, and discuss solutions to any troubles you have seen.

    Thanks!
    -Cot

    P.S. To encourage comments from attendees, I've altered the promotion restrictions for this forum (DEF CON 22 and Beyond) to allow newly created accounts permission to post to this forum immediately. The other forums (except maybe /dev/random) will appear to be "locked" until the automated user-promotion system runs new accounts through the time-based promotion process described here: https://forum.defcon.org/showthread.php?t=7322 . We have a forced lurking period to encourage users to become familiar with the forum rules, and find existing threads to answer questions, or related to their concern. I'll revert back to the promotion process a few weeks after con, or sooner if this open-access is abused.

    [It is okay to duplicate other people's suggestions -- I won't condemn you for repeating a request earlier in the thread ; I'll sort out duplicate later, and the count of duplicate requests for the same thing may help add weight to the request. Also, this allows people to post ideas without suffering the cost of reading the whole thread. I'd prefer it if people did read the whole thread, as it may give them more ideas, but there is no requirement. It is better the have duplicated ideas than not get more ideas]
    Last edited by TheCotMan; August 11, 2014, 14:03.

  • #2
    Re: How would you make DEF CON 23 better than DEF CON 22?

    First Defcon, I came independently with hopes of being able to justify work paying for next years once I got back. Unfortunately, I don't think I can really do that because every talk I've seen or heard of has been either at the bottom (hardware, firmware, packet sniffing) or at the top (social engineering). I was really hoping to learn a lot about application layer security and other things like that.

    Just my 2c

    Comment


    • #3
      Re: How would you make DEF CON 23 better than DEF CON 22?

      I think the layout sucked this year. It was hard to get to a few areas, and the "you are here" signs werent facing the right way or were printed to only face one way and were set up wrong; more than once I'd found myself walking to the wrong end (completely sober).

      -Theres still 60000 Defcon20 badges left over yet this D22 run was done in 60 days and more people werent expected this year or something? I know very few people gave a shit about the "card" badges last year, but I'd seen more paper badges than electronic badges at D22 than any other con, and people very upset they couldnt do the badge contest. Sure "get there early" but no matter how early anyone is, theres only n badges.
      -Hardware Hacker village too fucking small. There wasnt any room to move around in that trailer-home sized area. Grateful for the number of soldering stations, but a lot of people I'd seen were sitting at a station & not soldering anything. All seats were full most of the day.
      -Dont have Hacker Jeopardy next to the movie night area. I gave up trying to hear the film and left. Needs a barrier between that kinda fun and filmgeeks.
      -ICS was great but they had to keep the doors closed due to noise from the main hallway, and if you didnt see their 11" sign taped on the wall, you missed it.
      They had a lot of interest (including mine) and probably need a bigger room next year, or at least a quieter area.
      -Contest room had to become a hallway of sorts, people had to go through there to get to some areas.
      -Lockpick Village ... was there a lot of thefts of locks and missing picks in recent years, to make volunteers stop bringing things? Last 2 years was dismal. D19 had too much stuff (it was great). I'd have brought a few dozen pounds of lock stuff if I was expecting empty tables.
      -Swag: The vendors had better swag than DEFCON official swag this year. I usually drop a few bills but all I got were bottle openers this year.

      This sounds like a bitch list, but these are the only complaints I can come up with, and the title of this thread is kinda asking for one.

      -There needs to be some kinda lost & found (is there one?). I dropped my vaping unit when someone bumped into me (OK, it was a mosh pit) and I couldnt find that damned thing anywhere (Silver iTazte). Later dropped iPhone charger, cable. Same thing. POOF black hole in the floor.

      I know thats one MORE person having to volunteer but damnit, I'll do it next year. I promise.

      EDIT: If I didnt list a possible solution, its because I dont know or not confident in my solution. I really am not bitching. I swear.
      Last edited by F4R4D4Y; August 10, 2014, 13:33.

      Comment


      • #4
        Re: How would you make DEF CON 23 better than DEF CON 22?

        Originally posted by Th1rstyf3Et View Post
        ... I was really hoping to learn a lot about application layer security and other things like that.
        Much of DEF CON has been about failures in security with some ideas sometimes later suggested on how to address them. Some of the idea are too simple, or would expose new problems. However, most presentations had discussed problems with specific applications. I'm not sure DEF CON has historically been the ideal place to learn to create more secure application in many languages. (KISS -- Keep it Simple Stupid -- Complexity is a huge source of security issues, Don't Trust User Input -- always check, Selection of functions to use in C/C++ or compiled languages to avoid things like exceeding buffer size...)

        What area of application security were you interested in seeing covered? Specific network services? Specific applications? Development of specific applications? Which ones?

        Thanks for any more details you can provide!



        Originally posted by F4R4D4Y View Post
        [chop]
        This sounds like a bitch list, but these are the only complaints I can come up with, and the title of this thread is kinda asking for one.
        [chop]
        No, you did very well! Thanks! Constructive criticism is NOT bitching. Constructive criticism is the kind of feedback that has the best chance at addressing problems. Complaints without suggestion immediatley pushes people to becoming defensive and non-receptive to new ideas, but including new ideas engages people with a contest: "here is how I would make it better, can you come up with a better idea?"

        Thanks to both of you!

        If you have other ideas, or know of others that want to make suggestions on how to make defcon better, please point them to this as a way to voice their suggestions on how to improve DEF CON.

        Thanks!
        -Cot


        More:

        URL1=https://twitter.com/ExplodingLemur/s...90612174950402
        Originally posted by URL1
        Folks at #Defcon: wearing a shit-ton of cologne or perfume is just as offensive as not showering.
        Last edited by TheCotMan; August 10, 2014, 15:50.

        Comment


        • #5
          Re: How would you make DEF CON 23 better than DEF CON 22?

          Badge purchase could be easily sped up by a magnitude. As it was, it seemed to take 2-3 minutes per person to make the purchase. Four modifications:

          1) Request that people have exact change. Near the front split out into a separate line for people who ignore this. Naturally, this line will be slower, but the others will all move much faster. Counting change for people seemed to take about a minute for some reason (kinda too long, but that's about what I saw)

          2) Have *all* of the things needed to hand to people (badge, batteries, glasses, program, stickers) already in bags. A good other minute or so was spent with the people shuffling around trying to count of batteries and get the stacks of papers put together. Additionally, few people have something to put the stack of stuff in and a bad would make it so that can take it and move out of the way

          3) Have a very clear area/direction for people to move to after their purchase. Arrows on the floor, etc? People dealing with their badges, changes and paperwork made getting the next person to move up in the line slower than it should have been.

          4) Have two people on each sales line, one for taking the money and another for giving them the bag. It takes about 10 seconds to count $220 and under that to then hand them a bag.

          Net improvement here could easily move from 2-3 minutes to 10-20 seconds per transaction. If the line was 3 hours, suddenly it would be ~20 minutes long.

          This can definitely work. SXSW scales to ~28,000 people and makes the lines move significantly swifter (although they could improve as well, and are often slow due to credit cards, printing photos on badges, etc... all stuff we can skip)

          Comment


          • #6
            Re: How would you make DEF CON 23 better than DEF CON 22?

            Ab interesting idea I found proposed on twitter:

            URL1=https://twitter.com/0x7eff/status/498647285447016448
            Originally posted by URL1
            jeff bryner ‏@0x7eff Sun, Aug 10, 2014
            Next year #defcon should start with a day for folks to assemble their own badge #noBadgeLine
            This is an interetsing idea, but would almost certainly require support from the HHV, assuming they were interested:
            * Give some people a bag of parts to assemble their own badge, and flash firmware

            Then there are questions on price delta. I don't think they should be a price delta, but I do think they could be given media with more information about the badge as a "bonus" to help them with that process, and more information about the badge than others that do not assemble their badge.

            There are other issues with this idea. If there is media provided, what media? Who would trust a USB-device handed to them at DEF CON, even if it was with the long history DVD/CD media without autorun-exploits? CD/DVD are not as common on notebooks/laptops as they were,and some have moved to use tablets.

            Then there are issues with "missing parts" and "assembling the bags" which both incur a fee in HR to complete and maintain.

            Even with issues to resolve, this could be a good kit to encourage people to DIY and learn by doing. Other incentives might also be possible for people that take this route.

            If anyone else likes this idea, please consider how you might implement it, and suggest ways to make it run smoothly, and predict the % of badges to be made as DIY and what level of DIY should be expected? (Only soldering components? How many? What about flashing firmware? What about the bottleneck effect in the HHV with limited resources? How would you encourage members in the HHV to support this idea, and encourage other people to volunteer and bring resources to help with this process?

            If you agree with the twitter user, show your support with this idea by suggesting ways to solve problems, and explore problems you expect might be possible, and how you would resolve them.

            Thanks for the suggestion 0x7eff! I will tweet you a link to this post.

            -Cot

            Comment


            • #7
              Re: How would you make DEF CON 23 better than DEF CON 22?

              Other ideas from the same user as quoted above:

              URL1=https://twitter.com/0x7eff/status/498644930768957441
              Originally posted by URL1
              jeff bryner ‏@0x7eff
              Next year #defcon should have a track for 'slides with NO BULLET POINTS'
              URL2=https://twitter.com/0x7eff/status/498641144054812674
              Originally posted by URL2
              jeff bryner ‏@0x7eff
              Next year #defcon should have a 'track 20' exclusively for 20min talks #adhd
              URL3=https://twitter.com/0x7eff/status/498640124851552256
              Originally posted by URL3
              jeff bryner ‏@0x7eff
              Next year #defcon should have a 'demo or GTFO' track


              From another user, retweeted by the above user:

              URL4=https://twitter.com/Secbuff/status/498646472032649216
              Originally posted by URL4
              Autodidact @Secbuff
              Badge vending machines everywhere. #defcon ]#WishfulThinking

              Comment


              • #8
                Re: How would you make DEF CON 23 better than DEF CON 22?

                Hardware Hacking Village seemed to need more space. I was there quite a bit, and every station space was full every time I was there. Specifically, I was there every day, at least four times a day, at a variety of times.

                I had to share a soldering iron and share a chair with someone to get a kit completed (sort of like hot bunking, gotta tell ya). I soldered left-handed with the soldering iron's line draping across the other guy's work. I never got another slot - I had another project on me that needed repair, and it's going to come back home with me.

                Maybe partnering with Sparkfun, or putting out a wider call for volunteers and material, could amp up the number of stations and the ability to stock components? This is just about my favorite place to be at DC, and it's always seemed really cramped. I feel that the volunteers staffing did exceptionally well. They were helpful, knowledgeable, and irreverent. I observed so much good stuff happening at all levels! I've volunteered at HHV in the past, and look forward to doing it again in the future.

                The DC101 track seemed to be really really popular. I never got in, even showing up early. Maybe not Comic Con early, but a half hour really should have done the trick. Not sure what to do about that - the room seemed to be a lot smaller than the others?

                Comment


                • #9
                  Re: How would you make DEF CON 23 better than DEF CON 22?

                  What area of application security were you interested in seeing covered?
                  There's nothing specific, that's just what I'm interested in and can probably benefit from in my day to day. The most interesting talks are the ones you wouldn't have thought about :P

                  Something I wouldve liked to see is a challenge for pwning websites especially in the age where more and more sites are becoming client side heavy.

                  Comment


                  • #10
                    Re: How would you make DEF CON 23 better than DEF CON 22?

                    so to be clear, I was thinking the alt-badge would be a day dedicated to those who were willing to pay *moar* to have say, a table with 10-20 folks at it and a mentor that would talk you through building a badge from the parts-up and validate it at the end.

                    So lets say maybe you show up on thursday 8am, with a guaranteed spot for $300 cash and get a seat at a table with parts and a 'paint by numbers' guide.

                    Comment


                    • #11
                      Re: How would you make DEF CON 23 better than DEF CON 22?

                      Originally posted by 0x7eff View Post
                      so to be clear, I was thinking the alt-badge would be a day dedicated to those who were willing to pay *moar* to have say, a table with 10-20 folks at it and a mentor that would talk you through building a badge from the parts-up and validate it at the end.

                      So lets say maybe you show up on thursday 8am, with a guaranteed spot for $300 cash and get a seat at a table with parts and a 'paint by numbers' guide.
                      That could be even better. Thanks for clarifying!

                      Welcome to the forums,
                      -Cot

                      Comment


                      • #12
                        Re: How would you make DEF CON 23 better than DEF CON 22?

                        https://twitter.com/0x7eff/status/498674138886582272
                        In summary, what I would look for having presented 3 times is: 'fix it, do it, defend it, show it'


                        Comment


                        • #13
                          Re: How would you make DEF CON 23 better than DEF CON 22?

                          I think that the DIY badges would have to be entirely through hole as SMD soldering of LEDs and fine pitch chips may require the use of hot air tools and might not be beginner frendly. (SMD LEDs can melt)

                          Pre-soldered SMD and DIY through hole components could also be good option.

                          Comment


                          • #14
                            Re: How would you make DEF CON 23 better than DEF CON 22?

                            I would really like to see Def Con 101 happen later on Thursday (or multiple times, maybe at 10 and 2).

                            Comment


                            • #15
                              Re: How would you make DEF CON 23 better than DEF CON 22?

                              * Badges
                              - On obtaining: A nearby kiosk to obtain a badge after hotel check in. Go straight from obtaining room keys to the badge kiosk. Or, have hotel staff sell the badges directly when checking in (may be easier to just run a kiosk post check in for a few reasons). It sounds like this may be addressed based on DT's "badge kiosks everywhere" comment during closing.
                              - I ditched the giant early line and went in the evening to pick up a badge. When I arrived, I received the a boards with none of the components. How about announcing badge numbers prior to con? For those that care to participate in badge hacking, they can make the choice to stand in linecon. For those that don't, they can pick it up earlier. If I'd have known they'd run out on day 1, I would have stuck it out.

                              * DC TV - I'd say this is the most surprising disappointment of all of con (and has been for most since it's debut). Every year there are different issues with it.
                              - No projector screens were ever shown on camera, making references to slide decks, videos or demos useless. Instead, the camera operator would focus on the presenter leaving much of the content out. It's almost as if this was by design. A fixed camera on the presentation screen (or tapping into that feed directly) and a picture in picture for a shot of the speaker would bring it up to par.
                              - As a result of above, you could really only get the max value out of watching some panels, since there were typically no projectors used.
                              - Streams crapping out leaving the viewers with the XBMC launch screen.
                              - DC TV not internet accessible - not as big of a complaint for me, as I stay at the hotel, but other cons do stream using livestream/ustream/etc.

                              * I had some other capacity comments, but those seem like they'll be addressed with the new venue.

                              Hopefully this helps.

                              Comment

                              Working...
                              X