Announcement

Collapse
No announcement yet.

How would you make DEF CON 23 better than DEF CON 22?

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Re: How would you make DEF CON 23 better than DEF CON 22?

    +1 on disappointment with the Nerfified HJ. If someone wants equality, add a Brock Beef Thief to complement Vanna Vinyl. I'll avert my eyes as needed.

    DC101 was definitely too small - I horse traded going to BH this year in exchange for the company sending two noobs to DEF CON. They learned a ton, but they missed out on that track. Kudos to the person who decided to run that on DC TV instead of track 1 though. All the additional space at the new location should make that easy to fix.

    I love the idea of the DIY badge. I'd be happy to volunteer my time and soldering skills on Thursday to help people build their badges. I agree it should be through-hole parts. The point of the DIY badge (in my mind at least) is to get people to learn a new skill, and through hole components are a whole lot more forgiving and easier to learn on. Last year, we had a non-electronic badge made out of a PCB. Something similar for next year wouldn't be a bad starting point for a DIY badge. It might also be an opportunity to sneak an ATmega328 onto one (no offense to our friends at Parallax, but it seems weird to ignore Arduinos).

    I didn't know until closing ceremonies that there were scheduled talks in some of the villages - it would be great to get that added to the official schedule next time.

    For the vendor area, I'd like to see more electronic kits and gadgets. Not the garden variety stuff, mind you - we as a community produce all kinds of unusual stuff and it would be awesome to see some of it for sale. For example, speakers sometimes produce a small run of boards related to their talks (like the BishopFox board that caused a mini-stampede last year), and a lot of us make cool projects that others might find interesting. It doesn't make sense for any one of us to try to get a vendor table to sell one cool item, but if we could get a table set up for sales of community-sourced items (some or even all profits could go to the EFF to "pay" for this service), I bet we could collectively stock it with all kinds of neat crap.

    I hope that qualifies as constructive.

    Comment


    • #32
      Re: How would you make DEF CON 23 better than DEF CON 22?

      I spent pretty much the whole con in the Packet Hacking Village and it was GREAT! Bring it back, and make the room larger. The talks there were packed, to DoS the room; the talks part of the room should be twice as large.

      There is an immense appetite for n00b education at Defcon. I was working the simplest activity, where people steal plaintext passwords off the wire, and there were thick mobs of people waiting to do it. I saw other commenters who wanted more Defcon 101 n00b training, and I think there is a real need there. Even people who are very smart in their specialty may be helpless at other simple things.

      Comment


      • #33
        Re: How would you make DEF CON 23 better than DEF CON 22?

        Originally posted by Th1rstyf3Et View Post
        First Defcon, I came independently with hopes of being able to justify work paying for next years once I got back. Unfortunately, I don't think I can really do that because every talk I've seen or heard of has been either at the bottom (hardware, firmware, packet sniffing) or at the top (social engineering). I was really hoping to learn a lot about application layer security and other things like that.

        Just my 2c
        Hrm, one of the things I've learned (the hard way - that's how I usually learn things) is that some years the best way for me to learn things is to avoid the talks like the plague.

        In terms of appsec, my recommendation for this year would have been to dive into the Darknet contests (you still can: dcdark.net.) A couple of levels down they have quite a nice workshop on appsec, complete with a website for you to complete challenges on. For me at least I learn better by doing then by listening, so those 'contests' are the ticket for me. In general you can replace the word 'contest' with 'course' in Defcon, as there's always someone willing to fullfill the role of mentor if you're open to being taught.

        my 2 cents, for what they're worth.

        Tynius

        Comment


        • #34
          Re: How would you make DEF CON 23 better than DEF CON 22?

          Originally posted by pH_Boston View Post
          I am very surprised no one has brought up the photography issue yet...

          Once upon a time there was a very strict no photography policy - or at least make it very clear that you have the permission of those in the frame. Apparently this policy was lifted on the more recent end (possibly DC20?)

          It seemed that at DC20 and DC21 most people were still respecting this policy - probably due to the fact that they had been attending for some years.
          Hrm - oddly I had a different experience here. In point of fact I attended with my 5 yr old daughter and my wife is a 6' woman who opted to have a 2 foot tall Mohawk done on Sunday, so arguably we were one of the more obvious target groups for pictures. I have to say I was VERY impressed with the few people who took pictures without prior consent, and of the 3 cases where it happened, 2 of them occurred outside of the Con, and the culprits were likely not from our type in those cases. The remaining case, another con goer pulled the picture taker aside and give them the lecture "Lots of people are sensitive about having their pictures taken. Hackers don't like it because of feelings about anonymity, feds don't like to risk having their covers blown. Either group is likely to step on your camera for you."

          Not saying you didn't have the opposite experience, just pointing out that two people can go to the same place and have different experiences.

          Tynius

          Comment


          • #35
            Re: How would you make DEF CON 23 better than DEF CON 22?

            Overall I had a great experience at this defcon, but I do have some suggestions for improvement. Without particular order, and often duplicative to what others have already said:

            Badges:
            Linecon (i.e., badge line) felt ridiculous this year. I arrived at 7 and it was still a three hour long line. Although it's a good way to meet new people, this is less than ideal.
            • Have multiple lines (Linecon 22a, Linecon 22b?) in physically separate areas?
            • Turn the line into a n-headed queue? Maybe the goons keeping the line in check could simultaneously conduct the cash-badge process with people at points in the line. (Although this would nerf those who showed up early to be first/early.)
            • I had exact change in hand the moment I walked up to the counter, and yet it still took almost a minute for me to get my stuff. Having all the pieces ready to go would help. Having a money counter instead of the manual counting would also help.
            • Decouple the "payment" from the "obtain badge" process entirely? I could see having some sort of "payment token" (like a ticket with a unique barcode) that could be purchased throughout the several days ahead of time. This process could also be used to allow for anonymous "pre-registration" using defcoin -- or, ok, more likely other cryptocurrencies (bitcoin, etc.). Yes, this system could be abused potentially, but collateralization could help mitigate this ("we'll give you the extra $100 back when you turn in your token"), and, to parrot DT, maybe people who are smart enough to hack the token system (literally or via SE) already deserve to be here anyway. (I do not condone stealing from defcon and happily throw my money at it every chance I get.)


            Photos:
            • There seemed to be no enforcement of the "no photos" policy outside of CTF and Skytalks. I know, it isn't official, but this is defcon, and even during the other 361 days of the year, taking pictures of random people is at best rude and at worst creepy and offputting. I turned around multiple times to find cameras directly in my face, or saw people taking pictures of others, usually without their knowledge. This is, in a word, shit. Having signs up telling people to take permission first would help. Maybe we could be given stickers to adhere to our badges to "opt in" to photos, and/or to enable other humans and goons to watch for this rule of respect being violated and call people out.
            • On that note, I also saw goons taking pictures of people in line. This is disappointing and probably doesn't help educate newcomers who don't know not to document defcon.
            • Addressing the "please don't take pictures by default" policy during the opening ceremonies might help. It might also help to remind people that if they're experiencing the con through the 3.5 inches in front of their faces (obvious joke is obvious), they're probably not really experiencing it.
            • Maybe next year's badge needs to have high-powered IR dazzlers to just fuck up cameras via exploiting their (usual) IR sensitivity. (Or maybe I'll end up wearing one on something I build myself.)


            Hacker Jeopardy:
            • The new nerfed version sucks. I expect to see Vanna strip, because otherwise "Don't Fuck It Up" means nothing. If I shout out a wrong answer in the crowd, I expect to be heckled for it. If I heckle the stage, I expect to be heckled back for it. This is Hacker Jeopardy, not Fisher Price.
            • I heard a rumor that this was over a minority of people who felt that HJ was sexist. Seeing a woman strip down to the same level of dress as the Rio's cocktail waitresses is not sexism. Seeing a woman do this while abusing the men on stage for their wrong answers is also not sexism.
            • Sure, let's equalize it. Get some Chippendales up on stage too or something. I don't care. The correct solution is "make it better," not "make it worse."
            • For what it's worth, I talked privately to Winn, GMark, and Vanna herself, and they all agreed that the new format is lacking. Vanna seemed unsure what the point of her being there even was.
            • I didn't show up for day two of it.


            Villages:
            • The crypto/privacy village was great, but needs way more room. It also needs a real sign. At one point, there were two talks going on simultaneously in the same room, and it was impossible to listen to either one. There was also standing room only at many times. Having more hands-on activities would be appreciated as well (although that's probably an out of scope request for here).
            • Tangentially, having a defcon keyserver would be a nice addition and tip of the hat.
            • Villages in general need WAY more space; I'd like to see a shift towards emphasizing them more, too. Nearly every time I tried to utilize any of them, it was far overcrowded, understaffed, and resource-lacking. I also got more out of most of the village interactions and talks than I did most of the "large" talks.


            Talks:
            • I'd appreciate some more 101-level talks on a wide range of simple stuff. I know about some things, and about others not at all. Given that our knowledge base has widened considerably over the past 20+ years, being well-versed in many broad and deep areas of compsec is considerably harder than it was in the past. Looking deep into defcon's past, I can see that at one point in time, even things now considered basic were talked about. It would be nice to see that happen again.
            • The lines were awful for most things that I wanted to go to. (For instance, I was given the advice to stand in line for Skytalks a couple hours before I wanted to get in, essentially voluntarily missing villages, talks, contests, food, etc., just so that I could see something.) The lines wrapping through the main transit areas also made navigation really hard. I don't have a good physical solution to present for this yet.
            • Because I am lazy and don't like flipping through a paper program over and over, it would be a neat addition to have digital signage near each track showing the current and upcoming talk.


            Contests:
            • Baffling. Daunting. Unclear how to get involved in many of them or participate, often because the room was constantly packed with people who already seemed to be in the middle of everything. That's probably my own fault at least partially, maybe entirely. Just having some more obvious clues as to what things are and how to get involved in them ahead of time would be helpful.


            DCTV:
            • The lack of seeing any screens really killed it for me. I'd like to see screens in the future, because half the time I couldn't follow the speakers otherwise.


            Media Duplication:
            • DT asked for more ideas to massively duplicate data than having warehouses full of hard drive duplicators. Maybe add an internal BitTorrent swarm? This seems so obvious that it's probably an awful idea.

            Comment


            • #36
              Re: How would you make DEF CON 23 better than DEF CON 22?

              My opinions:
              1. Parties - I liked the smaller, themed parties
              2. Contest area was chaotic, pre-signup is good, I had trouble finding some of the contests
              2a. It appeared there were very few people doing contests (compared to the number of people going to talks etc)
              3. Now that space has been addressed, I hope to see much larger villiages next year
              4. Chillout room was good
              5. Hackers Against Humanity was pretty cool, and I hope the deck will be updated for next year

              Thoughts on previous posts:

              Photos - I dislike having my picture taken randomly, especially at parties, though I am unlikely to say no if someone asks. I would be ok with making all of Defcon a no recording area, though I do not think many other people share this position. As a compromise, maybe the Skytalks policy on recording could be expanded to some of the parties. Maybe EFF could sell masks of some sort, though that may fall afoul of hotel policy.

              HJ - It is not my kind of fun, so I do not go to Hacker Jeopardy. I beleive I am in the extreme minority here, and hope the fun continues as before (not neutered, as I hear it was this year) for everyone else. Maybe post a provocative sign on the door to warn the unwary?

              Overall it was again a great experience and I will be back.

              ETA: The audio on DCTV was often broken up; it sounded like a line input getting too much volume. I am sure a little volume compression and tweaking would fix it.
              Last edited by dash10; August 12, 2014, 23:17.

              Comment


              • #37
                Re: How would you make DEF CON 23 better than DEF CON 22?

                The Hardware Hacking and Tamper Evident villages were crammed into a small room behind the contest area where there was barely any room to get around. There were signs for just about every other activity except for these two villages, it was a bit of a challenge to find this room.

                Crowding - lines for badges are insane as were the lines to get into any of the talks. Most of the talks I was hoping to attend filled up pretty quickly. Just way too many people for the area, there were a few times where turning the corner near the smoking area was at a complete standstill due to just too many people. Honestly, if I'm going to stand in line for hours, I'm going to Disneyland where at least there's a chance of the animatronics coming to life and going on a murderous "kill all humans" death spree.

                Talk quality - what talks I was able to get into, a lot of them were nothing new. One talk that I had hopes for was basically a discussion of a 2 year old Metasploit technique.

                Hacker Jeopardy - very disappointed that the decision was made to make the game more "acceptable", which goes into my last point:

                I think the Con has become a victim of its own success. The format is stale, and as with Hacker Jeopardy above it's lost it's edge to me. This may be because hacking is becoming more mainstream, thus necessitating more cons like B-sides (ironically, they're quickly arriving at the same problem). I've been going to Defcon since it was still at the Alexis, and it gets less and less memorable for the information shared.

                Comment


                • #38
                  Re: How would you make DEF CON 23 better than DEF CON 22?

                  No sense in whining without offering solutions. I'll do my best.

                  - "What's in the Box?" was awesome but oh so crowded. I think this issue should be fixed next year.

                  - Hacker Jeopardy had the same issue as last year with another venue next door competing for volume. While we will have more space next year, please keep loud venues separated.

                  - Wow was Hacker Jeopardy ever politically correct this year. Did those who were offended at female skin ever notice the hotel has a male strip review?

                  - I see some whining about cameras and photography and that except for Skytalks and CTF everything else was covered. I guess no one saw the video on facebook of a walk-through of CTF? Yep, some guy turned on his camera phone, walked through CTF, and posted it on his site. The bad part about this is the fact that it was COVERT. Cameras and photography have been allowed for some time now. But ettiquette says if a person wants a pic deleted, you delete it. And being sneaky with the camera is the absolute worst. Fake a phone call while taking pictures with your iPhone? Hide behind a curtain and shoot subjects from your hunting blind? I saw MANY people with cameras/camera phones holding the camera over their head and scanning the entire crowd in a hallway. No, those are not right. And how such a person gets treated would be based on who gets offended at photos the worst. Any volunteers?

                  I feel I can speak out on this as I am one of the Photo Goons. Yup, Defcon WANTS me to take pictures. That's what I am there for. And 95% of the time everyone loves their picture and wants a copy for facebook, work, or Mom. In fact this year at the end of Defcon one lady asked for me to take her picture, then told me she has shunned all pictures for ten years, but she trusted me. The other 5%? Sometimes people do not want to be seen standing next to someone, or maybe they possess tech they do not want in a picture, like the Dell employee using a Toshiba laptop. Deletions upon request are never a problem. Some tables had NO PICS signs. Sometimes folks look at me and slowly shake their head no. That's fine.

                  Then there is a VERY small amount of people who think I am stealing their soul, drooling over their girlfriend, or going to sell their children into slavery. They seem to ewant photography outlawed. Above my pay grade.

                  Updated Photo Policy? I'm not one to be able to set policy but we all have ideas. Mine:
                  Subjects in any images reserve the right to demand the images be deleted.
                  There will be no covert or clandestine photography.
                  -feel free to add-

                  Comment


                  • #39
                    Re: How would you make DEF CON 23 better than DEF CON 22?

                    You all have been providing really good examples of the kinds of things they help improve DEF CON:
                    1) Issue found
                    2) What could be done to address it

                    I think this year, the level of density in quality information per post is better than last year. :-)

                    Originally posted by astcell View Post
                    -feel free to add-
                    [About photo policy]
                    I've mentioned this on the forums in that specific thread and elsewhere:
                    Any discussion of policy must first contend with:
                    * What can you (legally) enforce?
                    * What are you willing to do to enforce it?

                    If we are unwilling or unable to enforce a policy, it is fundamentally stupid to have it, especially at DEF CON where people will challenge and call a bluff. Laws for the sake of laws do not mesh well with many hacker personalities.
                    "You want me obey because you say so? And there is no penalty if I don't?"

                    "Laws are rules, rules are guidelines, guidelines are suggestion, suggestions are commentary, and comments can be ignored." (Slippery Slope)

                    So, there is that other thread started by hinge: https://forum.defcon.org/showthread.php?t=13751

                    If anyone would like to contribute to the on-going discussion on photo policies at future DEF CON (should we have them, what should they be if we have them, etc.) then please check out https://forum.defcon.org/showthread.php?t=13751 and contribute your thoughts and ideas. (it has been moved into this forum so new users should be able to reply to it, right-away, too.)
                    Last edited by TheCotMan; August 13, 2014, 14:33.

                    Comment


                    • #40
                      Re: How would you make DEF CON 23 better than DEF CON 22?

                      Perhaps not so much a suggestion here as a query that COULD lead to a suggestion:

                      P&T is a GREAT venue for larger talks. Great sightlines, wonderful sound amplification in general. Also the seats are hella comfy. Only possible complaint could be the smallish size of the projection screen. Are we going to have access to a theater like it for next year?

                      Comment


                      • #41
                        Re: How would you make DEF CON 23 better than DEF CON 22?

                        Originally posted by #grind View Post
                        Badges:
                        • Have multiple lines (Linecon 22a, Linecon 22b?) in physically separate areas?
                        • Turn the line into a n-headed queue? Maybe the goons keeping the line in check could simultaneously conduct the cash-badge process with people at points in the line. (Although this would nerf those who showed up early to be first/early.)
                        • I had exact change in hand the moment I walked up to the counter, and yet it still took almost a minute for me to get my stuff. Having all the pieces ready to go would help. Having a money counter instead of the manual counting would also help.
                        • Decouple the "payment" from the "obtain badge" process entirely? I could see having some sort of "payment token" (like a ticket with a unique barcode) that could be purchased throughout the several days ahead of time. This process could also be used to allow for anonymous "pre-registration" using defcoin -- or, ok, more likely other cryptocurrencies (bitcoin, etc.). Yes, this system could be abused potentially, but collateralization could help mitigate this ("we'll give you the extra $100 back when you turn in your token"), and, to parrot DT, maybe people who are smart enough to hack the token system (literally or via SE) already deserve to be here anyway. (I do not condone stealing from defcon and happily throw my money at it every chance I get.)
                        I volunteered a few years ago for a rather large LAN Party in Italy and I helped handle ingress to it. In four we managed to process over 700 people in four hours (roughly three a minute). We subdivided the steps that were needed to complete registration between us and we managed to do a decent job. As said a number of times, people should have exact change with them, and that would speed things up. Also, prepackaging of all the DEF CON goody bag swag should be an obvious thing to do.

                        Decoupling payment and goody bag must be done. After you pay, you get a ticket stub that you take to another area where you exchange it for a badge and goody bag. That other area should have tables so that people can attach lanyards and put away the stuff they don't need to have in their hands, and not clog up lines or the payment area with people idling and trying to fish around their back packs. Such a room can be repurposed after the majority of the crowds have been processed. Also, having a poster with photos or a listing of everything that should be in the goody bags to make sure you received everything and spares in that room would be good.

                        Originally posted by SweetGrrl View Post
                        The lack of kits for DIY was really disappointing as was the small space for HHV.
                        I was actually very surprised to find zero RasPi, BeagleBone & Arduino boards in the vendor area (Especially since the RasPi B+ was released roughly a month before). Sure there was some Parallax stuff, but the choice was limited. There were a lot of lock picking tool sets, but I think there were too many vendors selling them. I'm half considering pestering a local company to me (Valuetronics) which sells refurbished electronic test equipment about attending DEF CON in the vendor area next year.

                        Originally posted by SweetGrrl View Post
                        Another issue is the lack of vegetarian options in the chillout cafe. Because there was nothing to eat, my boyfriend and I missed part of the Con finding appropriate food (aka Whole Foods run).
                        Generally speaking, there's a ban on outside food and drink from the hotel (based on my knowledge). Food wise it would depend on the catering organized by the con and the hotel for such rooms.

                        As for myself, this was my first DEF CON and the only major complaint that I can say is regarding room sizes and also seating arrangements for people in wheelchairs. I couldn't sit near the front since I would be blocking the space between seating sections, and the only options were to sit in the back, or on the sides of the rooms. Given that the new venue should be bigger, we can probably organize seating a bit better also (though I'm looking into this myself).

                        Comment


                        • #42
                          Re: How would you make DEF CON 23 better than DEF CON 22?

                          Originally posted by admford View Post
                          [chop]
                          I was actually very surprised to find zero RasPi, BeagleBone & Arduino boards in the vendor area (Especially since the RasPi B+ was released roughly a month before). Sure there was some Parallax stuff, but the choice was limited. There were a lot of lock picking tool sets, but I think there were too many vendors selling them. I'm half considering pestering a local company to me (Valuetronics) which sells refurbished electronic test equipment about attending DEF CON in the vendor area next year.
                          [chop]
                          For this, I have started a new thread, and copied the relevant portion of text, asking people for suggestions of things they would like to see in the vendor room, sold by vendors:

                          https://forum.defcon.org/showthread....897#post131897

                          HTH, and thanks for the suggestions.
                          -Cot

                          Comment


                          • #43
                            Re: How would you make DEF CON 23 better than DEF CON 22?

                            1. Badge line-up: already covered, enforce exact change, pre-pack all items, get more / faster people selling badges, it should not take longer than 10-15 seconds per badge.

                            2. Overcrowded: get bigger rooms especially DC101. Come up with a way to improve traffic flow, at least inbound on the right / outbound on the left or similar.

                            3. DCTV: Improve reliability, audio & video quality & camera work. Come up with some way of showing the slides, maybe PIP or split screen.

                            4. Closed captioning: At least get the entire CC window on the screen FFS. Improve the quality of the CC by asking speakers to speak more slowly and with less jargon and fewer acronyms. Help them position the mic properly. Ladar Levinson's presentation on DarkMail was excellent, most of the others not so much for someone with hearing disabilities.

                            5. Timing: Ask speakers to test their presentation (maybe present it to a video camera for their own review) to make sure it fits into the allotted time without rushing. Many speakers spoke way too quickly and ran out of time anyway. Again, Mr. Levinson's presentation was excellent, maybe suggest that prospective speakers watch it as a benchmark.

                            6. Duplication: Great idea, poor execution and awkward to travel with 4x4TB HDDs. Make and sell the Blu-Ray as previously suggested. Or, for $220 maybe you could just include the $1 Blu-Ray instead of or in addition to the music.

                            7. Photos/videos: Either they are OK or they are not OK, but they can't be not OK but OK. I saw goons taking photos or videos, goons standing by while various people (including what looked like media with full size / professional appearing gear) did video.

                            8. The clownfest waiting to get in Sunday morning 0830-0900 was disgraceful. If there is a legitimate reason to deny people entry prior to 0900 then set up proper lines as is done for anything else that requires a lineup. Crowdsourcing of crowd control is like explaining recursion with recursion - amusing but ineffective.

                            9. Can we get rid of the e-cigarettes? I realize they are supposed to be not as harmful as tobacco but there is a very putrid smell to the smoke, especially when some clown exhausts it in clouds of 1 m^3 in a crowded line or hall.

                            10. Goons: We need them and respect their work but maybe some of them need a break from gooning, or at least some time off during the con. The Don Rickles style is offensive and not particularly effective.

                            Looking forward to next year.
                            Last edited by Snapshot; August 13, 2014, 16:18.

                            Comment


                            • #44
                              Re: How would you make DEF CON 23 better than DEF CON 22?

                              I'm surprised we don't have cigar/cigarette girls walking around in a mini skirt and heels selling phone chargers, USB keys, vaping stuff, SD cards, disposable phones, snack foods, etc.

                              Comment


                              • #45
                                Re: How would you make DEF CON 23 better than DEF CON 22?

                                We stood and watched the heavy-set female goon who was checking for badges on Thursday acting like a total bitch to just about everyone she encountered. I don't think she noticed that people were watching from the lines and laughing at just how ridiculous she sounded. Totally fucking disrespectful. One guy was a vendor and she said "Where's your badge" and before the guy could get one word in she got in his face and repeated "Where's your badge.. where's your badge.. WHERE'S YOUR BADGE!" She totally prevented him from saying what he had to say- and my friend and I both looked at each other and said "what a bitch" at the same time. I think she needs to find something else to do besides making the first impression for many attendees a bad one. I understand you have a job to do, but you don't have to be a cunt about it- especially when people were actually pretty orderly and were properly displaying their badge. Fuck that pissed me off more that it probably should have.

                                I was also not impressed when some goons were yelling "make a hole" "MAKE A FUCKING HOLE!!!!!" when someone was walking some equipment through a crowd that really had nowhere to go. Fuck I wanted to throatpunch a red shirt when they were screaming "MAKE A FUCKING HOLE" in my face as I'm already nuts to butts with in the black shirt log jam.


                                Chill the fuck out goons.

                                Comment

                                Working...
                                X