Re: How would you make DEF CON 23 better than DEF CON 22?

I would really like to see Def Con 101 happen later on Thursday (or multiple times, maybe at 10 and 2).

Re: How would you make DEF CON 23 better than DEF CON 22?

I think that the DIY badges would have to be entirely through hole as SMD soldering of LEDs and fine pitch chips may require the use of hot air tools and might not be beginner frendly. (SMD LEDs can melt)

Pre-soldered SMD and DIY through hole components could also be good option.

Re: How would you make DEF CON 23 better than DEF CON 22?

https://twitter.com/0x7eff/status/498674138886582272
In summary, what I would look for having presented 3 times is: 'fix it, do it, defend it, show it'

Re: How would you make DEF CON 23 better than DEF CON 22?

That could be even better. Thanks for clarifying!

Welcome to the forums,
-Cot

Re: How would you make DEF CON 23 better than DEF CON 22?

so to be clear, I was thinking the alt-badge would be a day dedicated to those who were willing to pay *moar* to have say, a table with 10-20 folks at it and a mentor that would talk you through building a badge from the parts-up and validate it at the end.

So lets say maybe you show up on thursday 8am, with a guaranteed spot for $300 cash and get a seat at a table with parts and a 'paint by numbers' guide.

Re: How would you make DEF CON 23 better than DEF CON 22?

There's nothing specific, that's just what I'm interested in and can probably benefit from in my day to day. The most interesting talks are the ones you wouldn't have thought about :P

Something I wouldve liked to see is a challenge for pwning websites especially in the age where more and more sites are becoming client side heavy.

Re: How would you make DEF CON 23 better than DEF CON 22?

Hardware Hacking Village seemed to need more space. I was there quite a bit, and every station space was full every time I was there. Specifically, I was there every day, at least four times a day, at a variety of times.

I had to share a soldering iron and share a chair with someone to get a kit completed (sort of like hot bunking, gotta tell ya). I soldered left-handed with the soldering iron's line draping across the other guy's work. I never got another slot - I had another project on me that needed repair, and it's going to come back home with me.

Maybe partnering with Sparkfun, or putting out a wider call for volunteers and material, could amp up the number of stations and the ability to stock components? This is just about my favorite place to be at DC, and it's always seemed really cramped. I feel that the volunteers staffing did exceptionally well. They were helpful, knowledgeable, and irreverent. I observed so much good stuff happening at all levels! I've volunteered at HHV in the past, and look forward to doing it again in the future.

The DC101 track seemed to be really really popular. I never got in, even showing up early. Maybe not Comic Con early, but a half hour really should have done the trick. Not sure what to do about that - the room seemed to be a lot smaller than the others?

Re: How would you make DEF CON 23 better than DEF CON 22?

Other ideas from the same user as quoted above:

URL1=https://twitter.com/0x7eff/status/498644930768957441
URL2=https://twitter.com/0x7eff/status/498641144054812674
URL3=https://twitter.com/0x7eff/status/498640124851552256


From another user, retweeted by the above user:

URL4=https://twitter.com/Secbuff/status/498646472032649216

Re: How would you make DEF CON 23 better than DEF CON 22?

Ab interesting idea I found proposed on twitter:

URL1=https://twitter.com/0x7eff/status/498647285447016448
This is an interetsing idea, but would almost certainly require support from the HHV, assuming they were interested:
* Give some people a bag of parts to assemble their own badge, and flash firmware

Then there are questions on price delta. I don't think they should be a price delta, but I do think they could be given media with more information about the badge as a "bonus" to help them with that process, and more information about the badge than others that do not assemble their badge.

There are other issues with this idea. If there is media provided, what media? Who would trust a USB-device handed to them at DEF CON, even if it was with the long history DVD/CD media without autorun-exploits? CD/DVD are not as common on notebooks/laptops as they were,and some have moved to use tablets.

Then there are issues with "missing parts" and "assembling the bags" which both incur a fee in HR to complete and maintain.

Even with issues to resolve, this could be a good kit to encourage people to DIY and learn by doing. Other incentives might also be possible for people that take this route.

If anyone else likes this idea, please consider how you might implement it, and suggest ways to make it run smoothly, and predict the % of badges to be made as DIY and what level of DIY should be expected? (Only soldering components? How many? What about flashing firmware? What about the bottleneck effect in the HHV with limited resources? How would you encourage members in the HHV to support this idea, and encourage other people to volunteer and bring resources to help with this process?

If you agree with the twitter user, show your support with this idea by suggesting ways to solve problems, and explore problems you expect might be possible, and how you would resolve them.

Thanks for the suggestion 0x7eff! I will tweet you a link to this post.

-Cot

Re: How would you make DEF CON 23 better than DEF CON 22?

Badge purchase could be easily sped up by a magnitude. As it was, it seemed to take 2-3 minutes per person to make the purchase. Four modifications:

1) Request that people have exact change. Near the front split out into a separate line for people who ignore this. Naturally, this line will be slower, but the others will all move much faster. Counting change for people seemed to take about a minute for some reason (kinda too long, but that's about what I saw)

2) Have *all* of the things needed to hand to people (badge, batteries, glasses, program, stickers) already in bags. A good other minute or so was spent with the people shuffling around trying to count of batteries and get the stacks of papers put together. Additionally, few people have something to put the stack of stuff in and a bad would make it so that can take it and move out of the way

3) Have a very clear area/direction for people to move to after their purchase. Arrows on the floor, etc? People dealing with their badges, changes and paperwork made getting the next person to move up in the line slower than it should have been.

4) Have two people on each sales line, one for taking the money and another for giving them the bag. It takes about 10 seconds to count $220 and under that to then hand them a bag.

Net improvement here could easily move from 2-3 minutes to 10-20 seconds per transaction. If the line was 3 hours, suddenly it would be ~20 minutes long.

This can definitely work. SXSW scales to ~28,000 people and makes the lines move significantly swifter (although they could improve as well, and are often slow due to credit cards, printing photos on badges, etc... all stuff we can skip)

Re: How would you make DEF CON 23 better than DEF CON 22?

Much of DEF CON has been about failures in security with some ideas sometimes later suggested on how to address them. Some of the idea are too simple, or would expose new problems. However, most presentations had discussed problems with specific applications. I'm not sure DEF CON has historically been the ideal place to learn to create more secure application in many languages. (KISS -- Keep it Simple Stupid -- Complexity is a huge source of security issues, Don't Trust User Input -- always check, Selection of functions to use in C/C++ or compiled languages to avoid things like exceeding buffer size...)

What area of application security were you interested in seeing covered? Specific network services? Specific applications? Development of specific applications? Which ones?

Thanks for any more details you can provide!



No, you did very well! Thanks! Constructive criticism is NOT bitching. Constructive criticism is the kind of feedback that has the best chance at addressing problems. Complaints without suggestion immediatley pushes people to becoming defensive and non-receptive to new ideas, but including new ideas engages people with a contest: "here is how I would make it better, can you come up with a better idea?"

Thanks to both of you!

If you have other ideas, or know of others that want to make suggestions on how to make defcon better, please point them to this as a way to voice their suggestions on how to improve DEF CON.

Thanks!
-Cot


More:

URL1=https://twitter.com/ExplodingLemur/s...90612174950402

Re: How would you make DEF CON 23 better than DEF CON 22?

I think the layout sucked this year. It was hard to get to a few areas, and the "you are here" signs werent facing the right way or were printed to only face one way and were set up wrong; more than once I'd found myself walking to the wrong end (completely sober).

-Theres still 60000 Defcon20 badges left over yet this D22 run was done in 60 days and more people werent expected this year or something? I know very few people gave a shit about the "card" badges last year, but I'd seen more paper badges than electronic badges at D22 than any other con, and people very upset they couldnt do the badge contest. Sure "get there early" but no matter how early anyone is, theres only n badges.
-Hardware Hacker village too fucking small. There wasnt any room to move around in that trailer-home sized area. Grateful for the number of soldering stations, but a lot of people I'd seen were sitting at a station & not soldering anything. All seats were full most of the day.
-Dont have Hacker Jeopardy next to the movie night area. I gave up trying to hear the film and left. Needs a barrier between that kinda fun and filmgeeks.
-ICS was great but they had to keep the doors closed due to noise from the main hallway, and if you didnt see their 11" sign taped on the wall, you missed it.
They had a lot of interest (including mine) and probably need a bigger room next year, or at least a quieter area.
-Contest room had to become a hallway of sorts, people had to go through there to get to some areas.
-Lockpick Village ... was there a lot of thefts of locks and missing picks in recent years, to make volunteers stop bringing things? Last 2 years was dismal. D19 had too much stuff (it was great). I'd have brought a few dozen pounds of lock stuff if I was expecting empty tables.
-Swag: The vendors had better swag than DEFCON official swag this year. I usually drop a few bills but all I got were bottle openers this year.

This sounds like a bitch list, but these are the only complaints I can come up with, and the title of this thread is kinda asking for one.

-There needs to be some kinda lost & found (is there one?). I dropped my vaping unit when someone bumped into me (OK, it was a mosh pit) and I couldnt find that damned thing anywhere (Silver iTazte). Later dropped iPhone charger, cable. Same thing. POOF black hole in the floor.

I know thats one MORE person having to volunteer but damnit, I'll do it next year. I promise.

EDIT: If I didnt list a possible solution, its because I dont know or not confident in my solution. I really am not bitching. I swear.

Re: How would you make DEF CON 23 better than DEF CON 22?

First Defcon, I came independently with hopes of being able to justify work paying for next years once I got back. Unfortunately, I don't think I can really do that because every talk I've seen or heard of has been either at the bottom (hardware, firmware, packet sniffing) or at the top (social engineering). I was really hoping to learn a lot about application layer security and other things like that.

Just my 2c