Re: How would you make DEF CON 23 better than DEF CON 22?

Biggest issue with DC22 was the lines, the entrance line, the talks line, hell even a drinks line -- I spent more time waiting in lines then doing things, i feel. Space out the venue a bit more, and definitely have multiple registration areas as to avoid such a clusterfuck.

Re: How would you make DEF CON 23 better than DEF CON 22?

Thanks to everyone that has provided suggestions, feedback, and ideas to this thread and others on how to make DEF CON 23 better than DEF CON 22. I've aggregated and generated a summary of all ideas above here, and submitted an addendum to the previous report to DEF CON Department Heads.

If you have ideas not included above this point, you are welcome to add them here so long as this thread is open, but the chances for your ideas to be included for DEF CON 23 are low; Goons are busy planning, and have been for months. As more and more decisions are made, options to make changes are lost.

Following the start of DEF CON 23, someone will start a similar thread in the "Post DEF CON 23," forum , and you can contribute your ideas there, to make DEF CON 24 better than DEF CON 23.

Thanks everyone!
-Cot

Re: How would you make DEF CON 23 better than DEF CON 22?

Content from the DEF CON 22 program:

From this description, it looks like there was a plan to have a meeting to begin discussion about *planning* for a future village at DC23 or later, not for a Bio-Hacking village at DC22.

I know one person expressed interest in running a village, and they were also likely behind this meeting for planning, but events beyond their control kept them away from DEF CON 22 this year, and I think they were unable to show up. (I do not want to give names or details; it is up to them to decide on releasing any of this information. If they do, I am happy to confirm they are the person I am typing about; their first DEF CON was when DEF CON was still in "single-digit" values.) Without an alternate to begin planning and discussion, it was like the planning for the Sober Meetup which Nikita explained was a non-event because organizer was a no-show. This lead to a separate planning thread for a future Sober Meetup: https://forum.defcon.org/showthread.php?t=14007

Something similar could happen for a future Bio-Hacking Village. You and others willing and able to contribute can assume that the person planning it will be at DC23, but begin discussion on things you would like to see in such a village, and also include spaces where you would be willing to volunteer with content, presentations, discussions, or other ideas. If the person looking to plan this return to plan this for DC23, then they have a thread of discussion from people interested and ideas to reference. If they decide not to do it, anyone looking to do it has a resource to refer to for what could be included, and people interested in supporting it. There is no guarantee forum-discussed ideas will be included by planners, but nothing happens if nothing is done. Why not start a thread about it, and link to that thread from this thread? You could start off with a premise of, "if I was in charge of DEF CON, here is what I would do for a Bio-hacking village." Maybe the person responsible for starting this as a possible future village will return to the forums and use this virtual meeting place instead of the physical meeting that was supposed to happen at DC22, but did not.

Because of the way politics works with volunteers in any space, including DEF CON, there is a mentality of "ownership" or "control" of any new service. Anyone attempting to assert authority to run a thing without a "proper" hand-off from the people that ran (or were supposed to run) the last one can lead to drama and hurt feelings. To help you with this, in any new discussion on this, to avoid drama, be clear that you are not looking to "steal" it, but if you would like to run something like this, explain your interest in running it if plans for it at DC23 might be at risk for causing it to be cancelled. This allows people that might be planning to run it to know you are not looking to take it from them, but if they are looking for a hand-off, or won't be able to make it to DC23, that you are willing to accept it. Last, because of the way DEF CON works, reputation means a lot. People well-established with a good history of being reliable in other parts of DEF CON, or vouched for by well-established people as being reliable have a better chance of becoming new leaders of a new contest, event, social gathering, or village.

Yes, I understand the quandary; if you have no reputation or experience, how do you get experience without being given a chance? Many people do this by helping with other contests, events, social gatherings or villages. This experience gives them contacts within DEF CON (goons, leaders, etc.) as resources to help them resolve problems, and possible volunteers to help them run a new thing.

I have zero control over approving any new contests, events, social gatherings, or villages. The above is advice based on observations at DEF CON, and seeing what seems to work, and what does not, and what leads to problems.

HTH, and good luck,
-Cot

Re: How would you make DEF CON 23 better than DEF CON 22?

Whatever happened to the Bio-Hacking Village? I saw the meet up listed in the schedule but no one was there and I never heard more about it. The URL listed in the handout never worked for me either. Is there still interest?

Re: How would you make DEF CON 23 better than DEF CON 22?


I am sure most people reading this already know, but for anyone who might be new and stumbling on to this post I wanted to reply to the above comment. There is a place at Def Con specifically set up to help anyone interested learn about Packets and Packet Hacking.

The Wall of Sheep at DC22 presented the Packet Hacking Village. It had classes explaining in detail the tools and techniques a newbie needed to start playing with packets. The Village has the Wall of Sheep area that allows people to connect their machines into a Defcon/WOS provided span port to make it easier to obtain packets and it has volunteers who can often offer a little individual help with Hacking Packets.

There is also a section that has machines set-up and also space for those who bring their own to participate in an educational based game called Packet Detective. This game gives attendees the opportunity to test their packet hacking skills in a non competitive way and receive help from other more knowledgeable and experienced people in Hacking Packets. Once logged on, questions are presented that has the answers available by Hacking the packet that is also presented with the question. It is a fun and non threatening way to learn about packets.

The village also has more competitive packet contests like last years Black Badge contest Capture the packet. This knowledge and many other events and speaker workshops are presented in a fun non threating party like atmosphere so everyone from the most experienced Defcon attendee to the person showing up for the first time can feel included and excepted.

Re: How would you make DEF CON 23 better than DEF CON 22?

---------------------------------------------------------------------
DefCon 101

High Level Overview
New village called Workshops 101. Entry level hands on for various areas to build a common foundation for everything that goes on at DefCon.

Detailed Overview
An estimated 20% of the 2014 attendees were at DefCon for the first time. Some may have a background in tools/techniques but I would guess that most people do not have practical experience in the areas needed to get the most out of the conference. This may deter people from even joining a challenge if they do not even know where to start.
A room dedicated to exposing people to these foundational skills will get more people interested in the contests, get more out of the presentations, become better hackers, and improve the overall security of the world.
Below are sub areas of interest where people can go to learn more about the area that they are interested in learning. A volunteer to lead people through lab exercises will give people the hands on experience to jump start their quest for knowledge.

Start Here:
Guide people through downloading/installing certificate for secured WiFi access.
Get basic tools installed such as:
WireShark http://www.wireshark.org
Xplico http://www.xplico.orgXplico
Ettercap-NG http://ettercap.sourceforge.net
WinDump http://www.winpcap.org/windump
ngrep http://ngrep.sourceforge.net
Network Miner http://www.netresec.com/?page=NetworkMinerNetworkMiner
Cain & Abel http://www.oxid.it/cain.html
Note: Need to find a way to make this available to tablet/Chromebook users as well

Capture & Understand packets
Capture/decode: DNS, HTTP, HTTPS, FTP, Telnet, SSH
Reconstruct packets/files
Search for clear text data/passwords
Decode packed files (ROT13, Base64, etc)
Base64 Decode: http://www.base64decode.org/
Base32 Decode: http://online-calculators.appspot.com/base32/
MD5 Cracker: http://www.md5cracker.org/
Apply encryption key in Wireshark to decrypt strings
Hidden in plain site-Steganography http://www.silenteye.org/

SDR
HackRF, Ettus B200; GNU Radio
Build your own antenna
PSK31, fldigi, etc

Translations
https://play.google.com/store/apps/d...ranslate&hl=en

More Hardware
Microcontrollers (Propeller SPIN, Arduino, etc)
Attaching through UART, JTAG, etc

Contest prep/Overview
Hidden clues (colors, letters, numbers, etc), programming robots, cooling beverages, encryption types

Summary
This is just a quick overview that needs refinement; test/lab cases developed, additional HW for those that did not bring their own, donated HW from vendors, etc

Fun Stuff
Stump the Captain Drinking Game: Come match your knowledge of the Trek Universe against "Captain Karl" from the band Warp 11. "Rock Out with your Spock Out" and drink if you get the question wrong.
Face painting to mask identity for facial recognition software

Re: How would you make DEF CON 23 better than DEF CON 22?

Thanks for clarifying history on forum badges ASTCell!

So, now we have a deadline. Starting After October 31, 2014, I will begin building an addendum to a previous summary, including all newly added ideas. Once I've finished, I will submit this addendum to previous summary to goons to help with planning of DEF CON 23.

Say something soon, or risk your ideas not being considered until DEF CON 24. :-/

Re: How would you make DEF CON 23 better than DEF CON 22?

Fwiw, eons ago I mentioned to Blackwave I was going to use my old floppy disk A: labels and print out my avatar for defcon (I did and still have it). He took it a step further and recommended everyone do it, and on both sides for when the badges flipped over. Another person (cannot recall who, please forgive me) offered to do high quality printing and lamination of the badges for us, as the group was small. And that is how it began. The first badge I made was pasted onto the back of the DC badge for that year. I have worn the professionally made one every year since then.

Re: How would you make DEF CON 23 better than DEF CON 22?

As DEF CON has grown, the number of goons needed to keep it running has also grown. Specialization has been required, and as a result, specialization and focus on specific services into departments, and a hierarchical structure emerged as a way to manage decisions, and discussions through representatives for each area of focus. The "old days" when all goon knew all other goons, and any goon could do any thing to get things done has been gone for a long while. Having clear controls and responsibilities (for each department) helps to reduce drama. (When you have two or more people passionate about seeing the best for DEF CON, but disagree on how that, "best," can be achieved, you can end up with drama and sometimes damage relationships.)

A side-effect of this system of support, is that over time and growth, a few goons in one department may never interact with goons from another department. (I know about 1 or 2 suggestions to address this for goons and only goons, which may happen to help this for DEF CON 23.)

Beyond this, as there is growth, new people get recruited to become goons.

Combine both of these together and you have an explanation on how it could happen that old-school DEF CON people, and goons can ask, "who is that goon?"

There are ~15,000 or more people at DEF CON, so the odds that any one person can visually identify even 25% of the population and name them by handle or real-name in any one year is very, very low.)

The above it to try to help describe how "who is that goon?" can happen, even among long-time attendees or goon.

--

As ASTCell pointed out, there is a goon page.

As Eris pointed out, the images are often icons, avatars, or images selected as identifiers.

Many of these people use or have used handles and avatars as part of their online identity. How "we" recognize our online personalities has historically been by handles (on BBS) and later by images (when support for graphics on discussions became feasible and popular.) For the DEF CON forums, Blackwave (a previous admin) encouraged use of "Forum Badges" so people looking for the face that matches the online avatar could make an association. (I do not know if Blackwave started the "forum badge" idea, but IIRC, he supported a "HOWTO" on a web page for a while until it was taken over by a series of one or more other people.)

And that is a history to help bring us to where we are today.

--

A reason for what you ask is valid: security and validation of an authority being who they claim to be.

We can see this is like "web of trust" in gpg/pgp, and to a limited extent with an understanding of how it is broken, the CA system with SSL certs for web sites, with many proposed fixes to address failures in this trust model.

Fundamentally, the question becomes, "how do I know this person claiming to be a goon is really a goon?"

There is value in being able to ID a goon as a goon, visually, not someone posing as one. The "Goon Badges" and "Goon Shirts" are two important parts to this. Not all people wearing "red shirts" are goons. There exist red shirts that are not red shirts with goon art and text one them.

Obviously, there is a history of counterfeit badges, and one or more claims of counterfeit goon badges, with a claim of a person making it to a "goon only" space. (Obvious to people that have attended and read about past DEF CON.)

Being able to ID an authority as authentic is important. Images of people can help. However, this does run into conflict with a long-time, well-established culture from the early years of DEF CON, where privacy was and still is important.

Though you may not know it, you are asking goons to sacrifice some privacy in order to make visual validation possible -- kind of like expecting all goons to be on facebook, or similar social network.

I think goons that do not want to be included on the goon web page do not have to be included on it.

I'll include this in the next update to goons as a request for images of current goons for the purpose of validation. Best guess? If real images are decided as a thing to do or try, it will probably be voluntary. This is only a guess. I don't control anything at DEF CON, and am barely in control of what I type on the forums. ;-)

Thanks for these comments and suggestions. I'll pass them in an addendum to my first report.

Any other suggestions or comments from anyone?

Some time in November will be my last pass through this thread and other sources to provide an addendum to my first report to goons on observations, opinions and requests. That will be the last report until the end of DEF CON 23, when We ask how DEF CON 24 could be made better.

You are free to continue to report ideas after my next report, but there probably won't be enough time to make plans to support new ideas. (If you have worked in engineering, you know that change/feature requests near the end of a project break schedules for delivery of products. DEF CON is scheduled to happen on a specific date. As a result, last-minute feature requests may be to difficult to implement.)

Speak up soon, or risk your ideas not being considered for inclusion in DEF CON 23!

Re: How would you make DEF CON 23 better than DEF CON 22?

A page of ALL the goons with pictures and bios is not going to happen quickly if at all. This one is a nice start of many of the key players. I see some obvious absences too but that's not to say it wasn't by design. It's the best starting point I could think of, and may very well be the closest thing we have to a list.

Re: How would you make DEF CON 23 better than DEF CON 22?

while everything you state is valid, i will say that i'm impressed that page has been updated not too long ago. seems like there was a long period of time that it did not appear to change for years.

now we're seeing lots of the newer goons on that list and that's nice. glad to know that even some of the folk who haven't been around for ages are being included in the list and made to feel like their contribution is recognized.

Re: How would you make DEF CON 23 better than DEF CON 22?


A list that is out of date, incorrect, and often does not show faces or deliberately misleads people with icons instead of photos? Sure, I think she probably meant that one.......

Re: How would you make DEF CON 23 better than DEF CON 22?

You mean these goons?

https://www.defcon.org/html/links/dc-goons.html

Re: How would you make DEF CON 23 better than DEF CON 22?

i Recommend a Video or page dedicated to introducing Who the Goons Are... I heard some Old School Defcon people repeatedly saying "who is that Goon" beyond Wearing the Red Shirts.. (like what Squads and branches their is (to better help every one) it may not need Every Single Goon but at least help those who may have missed a year or 3 and want to confirm the people(public) look to as "authority"

the other large ringing thought for a while now:
i've been Excited for the year "23" because this is my kind of fun...

http://en.wikipedia.org/wiki/23_enigma

23 the number of coincidence/Magic/chaos/etc... its So much fun I was talking to Evan Of Obscura ( http://en.wikipedia.org/wiki/Oddities_(TV_series) )
I was speaking with her because Yes the Number 23 has been a long time focus for Odd things that it would be silly to ignore it as a theme to this next year.. Espically with this being anouther hotel change and the only real certainty is that We're on the Strip again and that should be Fun!..
(Evan LOVED the Awesome LoL of a hacker con being Called DEFCON and shocked she hadn't known about it considering her business)
But Aside from the Love she Expressed the comradery of research was the "magic" in our conversation..

Its no Accident We've Gotten This Far... I'm Just Saying We Need to keep Going..

I purpose we talk to more people and places that may not Eminently identify as part of our movements and we talk to them and we show them what we are about..


+Are We not the Force of Change we Seek to See in the world?


I noted We had an Extremely Huge Buffer Over Flow of the 101 Class... Then I was Helping with the Skytalks Room I Directed people to the 303 room because 101 was full..

I think if we opt for tagging events and classes with a 101 tag and maybe say its a talk that you may want to bring your kids with to throw a kid ok icon/ tag in on things could instantly answer repeat questions to staff..
(icons sets for what type of directions Talks are.. from just covering the topics to being a pre warning *INFOHAZARDS* image key)

I feel with the Map we should at least label what main talks and what time to expect them should be featured with the maps..

maybe we should just implore an info Squad to pair with the red shirts.. I know going to a red shirt is set to help on anything but i feel we're old and large enough we should bee looking at sub branches..
(i recommend Info helpers Wear a neon green/yellow.. )

>>If WE are going to still be upset about public space photography set rules should be set up on that as well... I was unaware their was positions in photography for defcon officially.. not only do i have interest in this but i would advise they be in a color shirt/vest system as well..


the Original side thought i really wanted to bring up is i hope our theme this year is WEIRD! I personally will at least have some postcards for OBSCURA come DC23 but really i hope we can just get them involved maybe as guests..


oh and i feel like we can incorporate more art all over.. I volunteer helping any way i can.

Cheers!!

Re: How would you make DEF CON 23 better than DEF CON 22?

I watched HJ on youtube just this week. I was completely confused regarding what the heck VV (both of them?) was doing on stage at all. The role seems to have been changed to "fancy dressed bartender" and it appeared to only crowd up and create chaos on the stage. The "referee" persons was greatly annoying, I do not know if that was his role, but when his fake vomiting noises over come even GMark's microphone amped voice something has gone terribly wrong. Either VV is a stripper that flogs people when they get things wrong, or you have men and women in quiet, understated, non-attention provoking outfits who merely hand out booze. With the big electronic board, do we really need a letter turner anymore? As to punishing those who answer incorrectly, I saw the "referee" doing more of that than Bad Kitty and VV anyway, so again, why were they even there?

I believe all problems with contest this year can be put down to "holy crap the room for them was so small, what the hell?" And the traffic points need to be cleared up. Like, a lot. A LOT. Hopefully this will change next year. I believe there is that one giant room in the new Bally's convention space that looks like it could easily hold both contest and vendor which is often a very good combination. Many contests send contestants into vendor anyway, they should be easily accessible to each other. Maybe a sound wall might be needed but that could also be managed with clever placement perhaps. Finally, yes, signage would be quite nice. Maybe not fancy DEF CON signage with full graphics, merely some black on white text posterboarded posters above each.

THanks for extending the comment thread, CotMan.