Re: How would you make DEF CON 23 better than DEF CON 22?


https://forum.defcon.org/showthread.php?t=14028

Poll created. Is open for 3-4 weeks.

Feel free to criticize it or the ideas provided, or add your own, and encourage people to reply with agreement to your ideas.

Re: Interest in Drone Village @ DEFCON 23?

Feel free to start a new thread with this as a topic. (Something like "RFC: Drone Village for DEF CON 23?" -- something that describes the purpose and what you are looking to produce) and include in it a description of some of the ideas you want to see in such a village, and cover. Describe things you might want to include to fill a full 3 or 4 days. If unable to come up with content for 3-4 days, encourage other people to make more suggestions. Generate interest in this as an idea for a village, see if people will join you. If there was a village location that would change purposes daily (requiring nightly-tear-down, and setup by each group) would you be able to make that work? (No, I do not know of any such thing as happening for DC23; it is more of a "what if?")

The next part is a bit more difficult. Getting approval to run a village is mostly based on: idea, content, relevance, and interest. Beyond this, the politics of who runs it, or is responsible for it can influence the village priority. People that have been involved for a long time, know more people, and can be more convincing with pushing an idea, and any reputation they have for follow-through can help ensure it happens, while people with history of being flaky works against them. Unknown people have a more difficult time, unless they have some kind of reference and history of running similar things, which is recognized by those that would give approval.

Last, when there is a roll-out of "RFI" (Request for Information) from Contests, Events (and probably) Villages, be ready to fill out the online form with your ideas and apply for running a village. Being early, and having a complete description that shows effort and work of thought in how it would work, works to your advantage.

Hope this helps,
-Cot

Interest in Drone Village @ DEFCON 23?

There is a crew of us that is interested in putting together a Drone Village at the next DEF CON. Given the larger venue, this should be more feasible next year. Some in this cabal have access to some neat drone resources.

The village might really be a bit of a meta-village, utilizing skills from both the hardware hacking village and the wireless village. We've thrown around some crazy ideas that would probably be of interest to the larger community, ranging from the lighter side like Drone obstacle courses, to the hardcore side like drone firmware hacking, jamming, drone SAMs, etc.

I'm throwing this out here on this thread as we wait for the official DEFCON 23 forums to come up to formally propose the idea.

Re: How would you make DEF CON 23 better than DEF CON 22?

1. The badge price already jumped 22% $180 to $220 from DC21 to DC22.

2. For whatever reason no improvements were made to the provision of proper (i.e. always show the slides) DCTV coverage.

3. So no I don't think another price increase is justified to improve the DCTV coverage to include the most important aspect.

4. DC22 was more crowded and harder to move around / get in than DC21, and whatever the arrangements next year I suspect DC23 will be worse.

5. So for those of us that really want to see + hear a presentation proper DCTV or "hotel streaming" coverage will be even more important.

6. Speakers should be given guidelines regarding slide format, font size etc. that will be suitable for the live and DCTV audience. If they are unable or unwilling to arrange their slides accordingly that is on them.

7. I am not sure what HR means but if it Human Resource then surely somebody can be contracted to provide proper camera and audio work at least for the main tracks.

8. Obviously if there are no slides, or if it a panel discussion, then we would not expect DCTV to include the non-existent slides. However in these cases there may be other A/V challenges including multiple speakers, demos, audience interaction, etc. that may need some effort.

Re: How would you make DEF CON 23 better than DEF CON 22?

complaints with suggestions

hardware village
I went to the hardware hacking village during the day thrs and asked how late they would be open. Multiple people told me 9pm that worked behind the desk there. So I left to eat and went back but the only way in seemed to be through contests which was closed and they were not letting people in.

Plus as others have said the room was about 10x too small for how many people wanted to use it. Personally I don't care about the CTF room where most people walk in look around, and walk back out. A larger hardware village seems way more useful to me.

fix: There should be separate entrances to different rooms if they have different closing times. And a much larger hardware village

goons
While I'm trying to get into the hardware hacking village I went to the back info booth where a goon seemed to not know how late the hardware village was open, how late contests was open, nor how to get into the hardware village at that time. Basically told me "go to contests they should let you in". So I went back there and the goon at the door was less helpful, though he was having to deal with 5-10 people all trying to get into contests so I can't blame him too much.

fix: goons have radios, use them. I dont expect you to know everything, but if you're at the info booth you should have a way to find me an answer to my questions even if it takes a few minutes.

badges not working
Badge complaint that isnt about the lines: I arranged for a friend to pick me up a badge, and by the time I got back from the shoot and tested it it didn't turn on. I tested that I was getting 4.5v to the badge out of the battery holder but that is about all I was willing to test at the time, so i strolled down to the badge pick up for an exchange. I was told that they have badges but they lack the battery holder. I said great i'll go de-solder the battery holder on mine, swap the badges and resolder it. A few minutes later I came back and they handed me a unpopulated badge, ize like..... that's not what you explained to me before.

I realize these are hired help (i'm guessing) but still annoying. So I found a friend who had some extra badges, one of his two was DOA also.

fix: better QA of the badges that are produced, are they powered up after manufacturing and just damaged in shipment or what happened?

missing content CD
For the second year in a row I've not received the content cd (only the soundtrack cd). I was able to get it this year at the badge pickup booth, but still I shouldn't have to do that. Plus last year I think they ran out (could be wrong here, but if they did why were there more soundtrack CDs than content CDs?)

fix: put eveything together in a bag, better training to the people who hand out badges.

dctv
When I checked it a few times during the conference it looked like 6-10fps, and I had to crank the audio on the TV 100% to have a chance of hearing it. Plus was it NTSC? I cant remember now if the in-room system supported HDTV distribution (it was a HD set of course)

If it is just NTSC I'm not sure showing the slides are going to help since it will be impossible to read most of it. Its more work but if you have the slides on the cd (or downloaded them) you can follow along. Of course the presenters dont use the same version of slides, and they dont say what slide they're on so that doesn't really work.

fix: more resources to dctv, especially being in a different location next year it may require a lot of work.
IP streams would help but a multicast would be necessary.

hallway traffic
I am usually rushed between talks, maybe I leave one early because I want to check out the vendor area before the next talk, and if I get stuck behind people strolling 2mph it gets annoying. The worst though is a group of people standing in a circle in the middle of the hallway talking, or people stopping to check their phone.

If you're not stuck in traffic, you are the traffic.

fix: have the goons ask people to move to the wall if they need to get their bearings or check their phone.

Re: How would you make DEF CON 23 better than DEF CON 22?

A complaint we have seen in the past was award ceremonies were too long. Speeding things up was a solution to address the issue of awards ceremony taking too long, and running well over the scheduled time. Is there a balance between these spaces? What is it?
* Publishing a schedule for awards with start and finish time that is accurate
* Specify time allocated to winners to spend on stage, where they can decide what they want to do with that time(?)
* Project a "timer" with count-down, and support from the audience to yell at the people, "get off the stage!" when timer arrives at zero?
* How to avoid abuse where one or more groups believes they are entitled to more time on stage than others, which can lead to others also looking for more time?
* Complaints from audience about award process taking too long.

How would you balance these? Suggestions welcome!

I'm not a Contest/Event goon. I have no "vote" in deciding which contests should get a black badge. What I provide here is from years of observation, not "secret society knowledge" or "fight club."

As for UBER/Black Badges, those are not granted to contests first time around, and there is never a guarantee for black badges to be awards to the same contest year after year (except the original CTF, which has been an exception, even when changing hands.) I recognize value in having a tangible black badge as bragging rights, and an physical award recognized cross-DEF-CON for hard work, but the amount of time required to participate in a contest isn't really a primary concern by example; if it was, then the Scavenger Hunt would be a black-badge contest every year. From observing black badge contest selections in the past, the policy and estimation for which contests were selected as UBER badge events has been "random" or "changed with time". Looking at the recent history of selection, it seems that the contests more likely selected are:
* Not first-year contests and *mostly* not after a contest changes hands for the first year (there are exceptions)
* Popular, with many people participating, perhaps also drawing spectators to also watch and learn (there have been exceptions)
* Complex, difficult, requiring special skills, especially if these are demonstrated to the masses as part of the contest (learning opportunity)
* Demonstrates core "Hacker" skills (not by discipline of study, but by method of solution regardless of discipline -- network analysis is not more "hacker" than OpenCTF, the kinds of "hacker solutions" required to win is more of what I am writing about -- "Guitar Hero" (or whatever it was called) back at the Riviera was unlikely to be a Black Badge event, based on past selections.)) (not many exceptions here)
* Time to compete (this might play a part, but it is certainly not the most important component in deciding, by historical review.) (many exceptions to this: time is not primary)
* As the Department Head for Contests/Events changes when it changes hands, I would expect some changes in selections to follow the uniqueness of new leaders in the change of leadership and goons that support the new leadership.
* Things I won't discuss because they were discussed in private with goons
* Things that I do not know

Between "random" and "changes to criteria for selection" I would bet on "changes to criteria" and would guess a "why" would be to encourage different components of con, and not have things become stale, with the same contests getting black badges every year, discouraging participation in new contests, and people from starting new contests.

Again, NONE of the above is a description of how contests ARE selected, but a list of things based on OBSERVATION in PAST contests at DEF CON that were black badge contests. This is based on conclusions from heuristics, which are necessarily flawed. I am not a Contest/Event goon. I don't set policy for them; not my job. Selection next year may use different criteria, or not use any or all of the above observed items.

How would you choose to award black badges to contests? What would be the most important criteria for selecting a contest as a "black badge contest"? What would be second most important, and beyond, down to least important? How would you defend your criteria? (Reasons to support ideas, and goals you are trying to meet for DEF CON as a conference.)

TIA,
-Cot

Re: How would you make DEF CON 23 better than DEF CON 22?

I would love to see LMG Security's Network Forensics Puzzle Contest (NFPC) winners eligible for Uber badges. Our team actually thought we were in line for some black badges, and we were crushed when we learned otherwise. The DC22 NFPC was quite difficult, and I would think that ~50 hours of work would fall into the Uber category. Heck, LMG deserves quite a bit of credit for the challenge they put on this year. Next year, I'm sure they'll go all out again.

On a related note, I would love to see more time allocated to the contest awards section. Our team was rushed onto and subsequently off the stage. My foot barely hit the first step up to the platform as our team was gonged off the stage. For other contests, those involved with the contest itself were gonged before they could speak. The section was more than rushed. Overall, I would really like to see everyone who put in so much time and love into the contests have a moment to shine. Well, hell, at least have time to say a few curse words on stage or smile for a photo together.

Re: How would you make DEF CON 23 better than DEF CON 22?

Historically, I would not roll out the following DEF CON Forums until they were mentioned on the main website, with official dates.

This year, we have an announcement of venue and dates through twitter from the official DEF CON twitter feed. Broadcast of official information has been factored through many services.

Should we roll out forums for DEF CON 23 earlier than waiting for the main website?

New thread and poll: https://forum.defcon.org/showthread.php?t=14027

Feel free to discuss roll-out of forums in that thread.

Re: How would you make DEF CON 23 better than DEF CON 22?

There was a similar suggestion last year. I do not know why it was not used. It is possible the suggestion appeared too late, which would be my fault for not reporting it within 1 month of end of DC20. Please allow me to play the role of "Devil's Advocate" and support a position that I do not necessarily agree with.

What if there is no HR to support recording video and changing the subject of recording? Maybe the recording of subject to record for *hotel streaming* is setup at begin of con, and then not changed. (The person you see on the video platform is almost certainly responsible for TSoK recordings on DVD, and not responsible (by agreement) for hotel streaming.) If these assumptions are true, "always record slide screen" will likely "work" a majority of time, but will fail for most games in speaker tracks, and any panel discussion of Q&A, or cases where there are no slides, just a free-form presentation.

Would you (and others) accept a cost of "always record slide screen" even when there are no slides some of the time?

Alternate: If the above is true, but there is a desire to "switch to speaker" when no slides, but switch back when there are slides, and there is no HR to support, would you all prefer to see prices for DEF CON badges go up to support more volunteers?

I am not part of these departments, and do not know if the above is part of any decisions on what to record, but offer this as some reasons why it may not have switched this year.

Comments? Anyone prefer what we have instead of seeing it change?

Thanks!

[I'll get a summary of threads together this year before the end of the month. Anything added to this thread after that can be included in an addendum to the first report, later.]

From a post below, is another point:
Some slides may use fonts too small to be read on "TV" but work on data-projector or computer CRT/LCD.

Re: How would you make DEF CON 23 better than DEF CON 22?

this may be way off base, and i'm working from secondhand knowledge, but i heard someone speaking about the talks streamed to the TVs or whatnot saying something to the effect of "i wish i could have seen the slides"

ok. let me be as plain as i can on this point.

NO ONE FUCKING CARES ABOUT SEEING THE SPEAKER IF THEY CAN'T ALSO SEE THE SLIDES.

the slides are THE MOST IMPORTANT THING while someone is talking. if you can do a picture-in-picture deal, fine. as long as the slides are always the main screen and never pushed to the smaller sub-picture.

since most laptops still push 4:3 aspect ratio for presentations and most slides are in 4:3 but most modern TVs and display screens are 16:9, many folk nowadays do a capture that fills the left 75% of the screen with the presentation slides and the remaining right edge is divided between speaker view and something else (often a static image of the con logo, talk name, etc)... this is fine, too.

as long as the slides are on-screen in as large format as possible absolutely 100% of the time you are doing it right. We were at HOPE recently where they still use Ted and his crew to do recordings, even though this is a con that has outgrown what he and his people can effectively manage. and Ted has an artistic vision that involves single-screen view with cameras that alternate between the slides, the speaker, etc etc etc. I goddamn hate it. No matter how well the camera crew and D.P. are following along with the talk and no matter how quickly they try to react when screens and topics change, there are ALWAYS moments where they linger too long on something that is not the goddamn slides and then once they shift the camera back to the slides the critical detail has passed.

Show the slides. 100% of the time. No exceptions.

That is the formula for a good con talk broadcast/stream/recording/etc. If you can get the speaker in there, too, good for you. You get a cookie. But that's always a bonus. Something extra to strive for, after you become perfect at doing your original job.

And what's your original job?

Showing the fucking slides while streaming the audio.

ok, rant over.

Re: How would you make DEF CON 23 better than DEF CON 22?

Not the best idea at this con. If you're going to use DEF CON wifi, then it's only with a good VPN.

Re: How would you make DEF CON 23 better than DEF CON 22?

I wonder if DT's "would you like some registration with that?" comment implies that the hotels will be offering badges on check-in. Sure, it creates a paper trail, but not one DEFCON owns. If law enforcement wants to go on a fishing expedition, they can already subpoena a list of everyone registered at the hotel with the DEFCON group rate. And badges still wouldn't be tied to an identity, so there's no way to know whether you were buying one for yourself or a friend.

Re: How would you make DEF CON 23 better than DEF CON 22?

I second this suggestion. It was agonizing waiting for the ham exams to be graded; if the talks were available to stream, it would have been much more pleasant wait.

AFAICT they're already available over the network -- this is how DCTV picks them up. If bandwidth is a concern they could always be multicast.

It might also be nice to make a stream available of the live captioning text. I'm imagining feeding the text of each talk to a separate IRC channel so you can virtually attend all talks simultaneously. :)

Re: How would you make DEF CON 23 better than DEF CON 22?

Given how spread out everything will be, what about live-streaming the talks via the DEF CON wifi? With your smartphone/earbuds, you could hear the talk and see the content... Sort of like a silent disco, but for presentations. This would allow folks to be in the other conference area at a contest/village/chillout/whatever while still being able to see the talks they want. Might even cut down on back and forth foot traffic.

Re: How would you make DEF CON 23 better than DEF CON 22?



*** FUCKING THIS ^^^^^ ****

Why TWO sales lines? why not FOUR or EIGHT? Simple math here... ~20k registrants @ $220/head = $4.4MILLION. I *assume* 65-70% of the admission fees go to the event (either to swag, venue, or whatever), but 30% of 4.4m still leaves 1.3m to hire some professionals to do registration (i.e. people that know what the fuck is up, and how to get people through as efficiently as possible) and you'd probably STILL have enough left over to buy gear for the network, etc...