Announcement

Collapse
No announcement yet.

DEF CON 23 is OVER. What did you like or hate and how have DC 24 be better?

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #76
    Hell, so many other places at DEF CON could choose to implement their own variation of "Winner" benefits. Parties that are normally closed might say "winner badges can come in"... Villages that are really slammed full can say "oh, you're a contest or event winner? well, as soon as one person gets up, you can have the next chair"

    Hell, i would even create an event just called the "Winner Winner Chicken Dinner" at some place with tons of wings, fingers, etc... anyone with a Winner badge could have a free meal.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #77
      Originally posted by Deviant Ollam View Post
      As an organizer of tons and tons of contests over the years, I will mention that a particular point of frustration for me has been the ongoing decline of prizes offered by DEF CON. Contest organizers (at least all of the ones that i see) put a ton of themselves into their events, for free. They then staff the event for free, give up time to run it, etc etc etc. It's really a kind of disappointing situation that the winners of DEF CON contests aren't given anything beyond whatever the organizers can beg, borrow, or steal. Honestly, this is a big part of why I've reduced the number of contests that I run over the past few years... i really feel as though DEF CON doesn't support the contests and events folk as much as they used to.
      As you know, I do not run contests, but have a question for you:

      As the number of contests have increased, do you estimate that dilution of "prizes" has been a side-effect of there being more contests now than there once were?

      My memory is fuzzy on this, but back at DEF CON 5, if they even handed out black badges, it was probably just for CTF. (At DC5, I had to leave on Sunday before? closing ceremonies, so I did not see any?/all? of it.) Over the years, as more and more contests were added, there was a mini-explosion in how many contests received black badges. A perception "back then" was the ease of getting Black Badges diluted the perception of value in claiming to have earned a black badge. The only contests I remember back then were SpotTheFed , CTF, and maybe Scavenger Hunt and possible a game show like Hacker Jeopardy. (This is no disrespect to people that earned them. This is a comment on observed discussion from attendees.) People from "yesteryear" claimed it was easier to get Black Badges at future DEF CON. People from today claim it was easier to get a Black Badge at earlier DEF CON. Maybe they are both right? Maybe there was a time when black badges were offered to a higher percent of contests...

      So the allocation of black badges and perception of availability is really a matter of perspective. If we go back far enough, some will claim a reduction in the number of black badges to contests is a return to roots, while people that started DEF CON in the middle of the greatest percent of contests receiving them would claim the allocation is shrinking and smaller.

      This is no excuse on behaviour, only comment on perception, and how people will complain about change either way.

      The Vendors wind up being hit up for prizes dozens of times throughout the weekend, but instead back in the day it used to be Black Badges for all winners. I know that this point has been hammered to death and therefore I don't expect to open up that same topic again... DEF CON wants to cut down substantially on the black badges, that's their call. But in the past couple years there was talk of a "Silver Badge" or something equivalent that meant "free DEF CON admission next year" and this was a great idea.
      I remember a hypothetical discussion last year. Did Jeff mention anything about this on stage at Closing ceremonies? I was a bad member of the audience, and was talking to a few people near the doors during the closing ceremonies, so I was not paying attention to the whole thing.

      As far as I am aware, that didn't happen at all this year.
      Now I would like to watch the closing ceremonies, because I thought something like this was mentioned... not a different badge, but for some contests, notice they would be able to get a free human badge next year. Wasn't this an award for the movie contest? Were there others?

      Also, the few events that ARE still Black Badge events are not announced in advance. Keeping everyone in the dark about this -- from contestants to organizers to goons -- just makes no sense at all to me and I'd love an explanation as to why this policy was adopted.
      This was discussed in public. The theory discussed in public on the forums was this:
      "If 'we' announce which contests were black badge, and which were not, then contests with black badge awards will have a 'feast' of players while other contests will 'starve.'"
      (I do not work contests, events and do not set policies.)

      There was a time, when people running contests were told, "keep this quiet, but your contest is a black badge contest," and then they would 'accidentally' announce this and capitalize on the popularity. (It is hard to fathom intent, so this is in quotes to show claims of 'accident' being on-purpose by some even though many that released this information about their contests claimed 'did not know' while others suspect otherwise.) This kind of sharing with people running contests, which was leaked to attendees, changed contest participation.

      Additionally, offering it ~2 or more years in a row for things like Scavenger Hunt caused people to assume it would be offered again, leading to disappointment the first year they did not have it as a black badge event after having had it more than once, before.

      Overall, these kinds of things have lead to a great deal of unhappiness. I think some of the changes have been a reaction to past comments and complaints.

      I have no answers on how selection of black badge events takes place, but I do have OBSERVATIONAL information from years of observing:
      1) The first time a contest happens it will almost certainly NEVER be a black badge event. There may have been exceptions, but long ago. "They" want to see how a contest works out before committing an offering of a black badge for it. Additionally, when a contest changes hands to new management, it is also unlikely (in modern DEF CON) to be a black badge event until the powers that be see how well it works out with the new managers. (The Official CTF has always been an exception to this.)
      2) The "Official CTF" is almost certainly going to always be a Black Badge event.
      3) Is a contest "popular" ? This is not a requirement, as I've seen black badges go to contests with small numbers of players. In one case, I think a "Hardware Hacking" contest (Maybe run by Neural, back when we were at the AP) had only 3 or 4 "teams" (players) competing with their entries. A crowd of ~10-15 attendees not entered into the contest did the judging to decide based on applause. However, I have not seen this kind of thing happen in a VERY long time.
      4) Does the contest demonstrate one or more "Hacker" skills? This is important. I can't describe the level of frustration people exhibited when a rumor started being passed around that "Guitar Hero 2" game at DEF CON was going to be a Black Badge event. (It was not, and was announced that it never would be.)
      5) Weakly, other than "The Official CTF" the latest trend had been that any Black Badge contest one year has no guarantee of being black badge the following year, probably because they learned about dashing expectations when going more than one year in a row with Scavenger Hunt then stopping. I would estimate the chances of being a Black Badge event more than one year in a row as lower than a popular contest that demonstrates hacker skills, which did not have a black badge award last year. (Except for the official CTF.)

      AGAIN, I SET ZERO POLICY WITH ANYTHING AT DEF CON. The above are estimates based on OBSERVATIONS and do not describe any policy or plan for next year.

      As a person in the middle of contests, perhaps you can add to the above observations and see if you can describe a rough set of rules that you see govern the allocation of black badges.

      Mostly, though, I'd appreciate it if DEF CON would give free admission the following year to the winners of official contests. The "cost" of this kind of prize is a drop in the bucket for DEF CON but it makes a whole world of difference to the attendees and the contest organizers.
      Thanks! I'll pass this on. :-)
      Last edited by TheCotMan; August 31, 2015, 15:20.

      Comment


      • #78
        Originally posted by badlock View Post
        - I get that people like to dick with the cellphone network to show it is not secure. But don't fuck with calls during a family emergency. Perhaps there should be a contest for people to track down and take down fake/MitM cell sites. (You find it, you keep it. Maybe sponsored by the FCC?) Why should the attackers have all of the fun?
        +1 for this idea.

        Comment


        • #79
          The recent conversation touches on (and in one place, Sand mentions it directly) something that's been bugging me about DC for at least the past decade: It's becoming more and more of a "who-you-know" event.

          * At the highest elevation, we have an inaccessible/widely-scattered/unannounced information that is largely only obtainable, or only easily obtainable, if you keep your ear to the in-the-know social groups: contests, prizes, locations, events, parties, etc. etc. etc. Rather than one centralized repository for all things going on at DC, we have myriad locations with minimal/zero info overlap, and learning about what's going on, and when (since some things start months before the actual con) becomes little more than a scavenger hunt. Sand's suggestion that someone reign all this in and consolidate/centralize it is a good one.

          * Down a bit, we have all the "you're-not-cool-enough-to-be-here" events: we're supposed to be a welcoming, inclusive community, but lately it's become increasingly obvious that a whole lot of what goes on outside of talks and contests is little more than ego-stroking various groups within the community. Private parties are fine, but as Sand again points out, having most of the suites closed just means that whoever managed to write up a convincing justification for having a casino suite got a sweet room for practically nothing. Hacking? Sure, if you want to look at it that way. Looked at another way, it's just abusing the con and its facilities. "Don't shit where you eat" is good advice, whether it's work or what's supposed to be the equivalent of a "safe space" (to use popular SJW-speak) for our ilk.

          * At the bottom, it's all about access: we wait in line to get our hotel rooms. We wait in line to get badges. We wait in line to attend talks. We wait in line to buy swag. We wait in line to participate in contests. We wait in line for the damned elevators and bathrooms. It creates a culture of "haves" and "have-nots". This isn't the AP any more, where it's fun and even honorable to social engineer one's way to the front of the line or into a party. Now it's just tedious and uncomfortable. I won't pretend to have a solution to the line problem overall, but there are things that could be done to alleviate it somewhat:
          * Bigger venue: yes, this would cost more money. Yes, it'll get passed on. If it means the difference between enjoying the con or avoiding the con, it's worth it.
          * Different location: I'm not suggesting Salt Lake City, but there are plenty of places in the US where one can get coffee and/or booze at 3am. Hackers aren't the only special snowflakes who keep odd hours. DC started because Jeff had never been to Vegas. I'm sure there must be someplace else he hasn't been yet.
          * Have one central contest registration/information point. All badges/information/accoutrements necessary for all contests would be distributed there. Better yet, have all contest registration occur online prior to DC. (See next point) It'd be great if attendees knew, for example, WHAT contests would be at DC at all, let alone when sign-ups for them begin and end (e.g., the SE Village contests. Unless you are a social-engineer.org podcast listener, or friends with the folks who run it and the village, you likely didn't realize that sign-ups began and ended several months before DC. Which is fine if you're all wet for SE, but if you're trying to increase interest in an area, you want to reach out to those who aren't already all up on your jock.)
          * Distribute badges at hotel check-in for official conference hotel(s). Those NOT staying in the official hotel(s) can then pick up their badges on-site in a ridiculously shorter and more enjoyable badge line. If contest registration is done a priori, contest stuff (including badges) can be picked up at registration, too. They're already equipped to handle cash.
          * Have multiple merch locations: Gone are the days when the swag was a shirt or two and stickers and possibly a shot glass. You've stepped up the swag machine, so step up its distribution, too. Better yet, go back to whatever partnership you had with Jinx and/or ThinkGeek or some similar site and allow purchase of swag before and after the con.
          * Vendor room should be for vendors. Not self-promoting companies whose products amount to a sticker or two.
          * Contest room should be for contests. Not self-promoting companies whose products amount to "shiny, but don't touch". Not vendors. They belong in the vendor room.
          * If there's so much demand for space for self-promotion, create a space just for it. BH manages it. Perhaps it's time DC realizes it's matured and admits that it needs a similar room.
          * Talk lines: nothing will ever make these go away, but FFS, have Priest pick a policy (room-emptying or no room-emptying between talks) and stick to it, year after year, and for every talk within a year. Announcing things like there's no in-and-out privilege for talks would help, too (had to take an emergency call during DC101 and got up to take it in the hall rather than talk in the room. My wife got serious stink-eye from the goon working the door while I was gone and wouldn't let him fill the seat. Didn't stop the goon from socializing loudly with people at the door, making it hard to hear the speakers).

          And, while this is entirely venue-driven, having more than one ingress/egress point -- and enforcing which is which -- would help with crowd flow. Also venue-driven, but having adequate spacing between talk rooms would at least minimize the clusterfuckery that seems to arise. The line signs mentioned earlier would also help, as would keeping the lines to a maximum headcount. Also, the possibility of an overflow room for each talk, with the video/audio projected in that room would go a fair way towards handling the larger talks. And it's pretty obvious these days in the run-up to con which talks are going to be the bigger ones.

          All in all, I miss the AP. But not because of the fast-and-loose attitude that was prevalent. I miss it because there was truly a sense of community in those days. The private stuff was private, and was a minor part of the experience. The "you've gotta know someone to find out" stuff was also a minor part of the experience. But DC has grown up, and it needs to admit that to itself and start behaving more like a professional con. I honestly think what we're seeing over the past decade are the struggles inherent in insisting DC is still the party-with-talks it used to be when all the signs point to it being too big, too popular, too industry-attention-grabbing, too media-attention-grabbing to remain such (I'd love to see Srini and his Unamerican sticker table again, but it'd be pretty out of place at today's DC, which is one dead canary in a coal mine for me).

          Comment


          • #80
            To me, different location is a non-starter. I wouldn't be going to DC in another city. It would just not be the same.

            I think if you have the privilege to throw a party AT the con hotel in one of the suites reserved by the con, you should be inclusive to the con attendees. All elevator issues aside, the fact that the parties at the hotel were SELLING access and all that jazz really turned me off. On the flip side, the inclusive ioactive party was amazing and one of the best ever.

            Speaking of the ioactive party, can we make sure that future pool parties have security staff manning the bathrooms? I had to almost physically yank guys out of the ladies' restroom who were apparently too good to wait in line for the men's. That was not cool.

            Comment


            • #81
              Originally posted by Tectus View Post
              * Down a bit, we have all the "you're-not-cool-enough-to-be-here" events: we're supposed to be a welcoming, inclusive community, but lately it's become increasingly obvious that a whole lot of what goes on outside of talks and contests is little more than ego-stroking various groups within the community. Private parties are fine, but as Sand again points out, having most of the suites closed just means that whoever managed to write up a convincing justification for having a casino suite got a sweet room for practically nothing. Hacking? Sure, if you want to look at it that way. Looked at another way, it's just abusing the con and its facilities. "Don't shit where you eat" is good advice, whether it's work or what's supposed to be the equivalent of a "safe space" (to use popular SJW-speak) for our ilk.
              I don't think the problem is people lying about the purpose of the suite. Most of the private suites I see are from DCwhatever groups and have high-profile goons are members. Obviously they have their private suite because of their Goon connections. I don't know what to think here. Obviously DT and the Goons are putting on these parties, so I guess they can do whatever they want. They just have to realize that it is a dick move.


              Originally posted by Tectus View Post
              * Vendor room should be for vendors. Not self-promoting companies whose products amount to a sticker or two.
              <snip>
              * If there's so much demand for space for self-promotion, create a space just for it. BH manages it. Perhaps it's time DC realizes it's matured and admits that it needs a similar room.
              This is the second time that someone has mentioned having a separate GiantGlobalCompany space. Please no. Just no. There is just no reason to pander to these companies. I give cons like BSidesLV a pass on having some of these vendors because the con is free and I assume that having these vendors helps pay for the con. DEF CON is not free and I believe they say they lose money on vendor tables. People are already complaining about lack of space, there is no reason to waste it on unwanted vendors.

              Much like the private parties, I suspect what no one wants to talk about is that goon favors are behind a lot of the bad vendors. For example, UAT has had a table for at least the last few years. They are selling a very specific product that doesn’t apply to most people (4 year degrees in Arizona) and their table is almost always completely empty. So why are they a vendor year after year? Well, they provide volunteers to BlackHat and 1o57 used to (or maybe still does) teach there. Obviously they have some high level connections.

              Since goons are behind the party and vendor issue, I don't see these issues as likely to change unless DT steps up and stops it. He might fully support these things though, so who knows.

              The music goons put out a survey every year asking people what type of music they would like to hear next year. Why not do the same for vendors and parties? List all of the previous year’s vendors and parties and a checkbox on if you’d like to see them again. Drop the bottom 25% regardless of who they are friends with.

              Comment


              • #82


                Hey Cots, file this picture in your report. Maybe it's time to start taking the talk of counter-DEF CON conferences more serious.
                Last edited by Sand; September 1, 2015, 11:17.

                Comment


                • #83
                  Originally posted by Sand View Post


                  Maybe it is time to start taking these ideas of counter-DEF CON conferences more serious.
                  Oh my god! That's me in that picture! The pudgy guy in cargo shorts and a dark t-shirt!

                  Comment


                  • #84
                    I'm the bald guy standing next to the asian.

                    Comment


                    • #85
























                      More line photos for Cot's file.

                      I don't mind hanging out in my room all day, to avoid the shit shows, and just meet up with people/meet new people on non-peak hours and off the beaten path. That's typically what we've done in the past. Just give me something to do, like better contests.. Plan the weekend knowing a lot of people are doing roomcon/barcon, and that's OK. Maybe even encourage roomcon/barcon to ease conference congestion. Think about how you can make that a little better. Other than twitter, my only awareness of how packed the rooms are, is when people are coming back saying "OMFG.. THE PEOPLE.. OMFG.." Maybe run everything 24 hours but just smaller versions of it. I felt pretty trapped in my room during peak hours. I can't imagine that extreme peak hour chaos downstairs is fun for anyone.

                      I wish my friends and I got along well enough so that we would get all of our rooms right next to each other, and even open the adjoining doors to take roomcon to the next levels. That would never work out well because we are all too old and hate each other too much by now. But I do admire how Queercon got a couple blocks of rooms. I would happily sign up to be in the party/"this is Las Vegas so fucking don't judge me with your twitter friends" room block. Room blocks of trouble makers, that aren't socially inept, plays loud music with the door open, let's have a drink, kind of room block. Whatever the opposite of DEF CON Kids is, room block. I'll tell you this right now, 303 needs their own fucking troublemaker room block, and I'll sign up for the other troublemaker room block thank you. Some live feeds of ALL the DJ playing live that I can listen to in my room sounds like a reasonable request too. That way I have a little sense of what areas are going hard, so that I can decide if want to fight crowds to get to it.

                      There are a number of restaurants at bally's and paris that were tucked away in corners, that were HUGE, they had outside seating, could easily fit hundreds of people. They had beautiful full size bars, and excellent service, and were very cheap for Las Vegas standards. They were shockingly empty even during peak conference hours. If I was running @_DEFCON_'s twitter account, Friday morning at 8:30/9 am I would start sending tweets out like "Hey we are at this restaurant tucked away in the corner of bally's nursing our hangovers with some bloody marys." then at like 11 am Friday morning send out another tweet "Hey, were kicking it at the 303 troublemakers room block.. It's sucks right now, but you have to give it to 303 for trying.." or "Hey it's 1am, we are hanging out at suite # at DEF CON suites." Start dropping hints to all of the DEF CON cluebees the areas that are nice and fun, so they fill out other areas of the conference, instead of them chaotically running around in a sea of people all day looking for something cool to do. Try using twitter other than to promote infosec con hype to the likes of Wired, Gawker, and Vice readers. I saw a total of 2 photos of DT at DEF CON this year on all of twitter. Is he sick? Is his health failing? It's not like I need to see DT at DEF CON but I'm starting to feel snubbed here..

                      I also have the reasonable expectation that registration for any event is a painful process and respect DEF CON for having that down to about 2 hours? We will take turns waiting in line Thursday morning each year, and one person grabs badges for everyone. I have yet to wait in line for a DEF CON badge so I'm not even mad. But honestly, any line beyond badge registration is too much. You also need like 40 flat screens on self standing mounts, and a few projectors, all simultaneously playing the movie hackers, and by the time you got your badge, you will have all watched the movie hackers together and like two of the latest episodes of Mr. Robot. I guess you could also force people to watch shorts from the DEF CON film festival but people may start breaking things at that point. Anyway, when it's finally my turn to wait in line, you'll know it's me. I'll be the guy with the boom box sitting down on the rolly office chair from my room.

                      OK so DEF CON doesn't want to have people pre-order, take orders, whatever so you can't blame DEF CON for when things run out like Darknet badges. Here's the problem, DEF CON never even mentioned Darknet except for two times on their twitter, Friday night. No one could have expected or planned for Darknet to be as successful as it was, but even still, there is no visibility into what to even expect may be of interest to you, competition wise, so there is no chance of you pre-ordering something ahead of time, like a reasonable human being.

                      https://www.defcon.org/html/defcon-2...3contestsignup
                      https://www.defcon.org/html/defcon-2...tml#ftccontest
                      https://www.defcon.org/html/defcon-2...l#c&ereturning

                      ^^^ This is the only promotion you did for any of the DC contests... Also, how do you expect someone to find anything on https://www.defcon.org/html/defcon-23/dc-23-news.html? I've seen better webpages on angelfire.

                      Pre-Registration for DC Workshops seemed to have worked out well?

                      I'm also trying to figure out why the hell I am wasting my time on a forum, where I am the only active poster this month, for the entire forum :/ It's my desperate cry for attention from all of the smart conference people I guess.. LOOK AT ME! There is a much more relevant and positive feedback thread about people's DEF CON experiences from the young & beautiful people of Reddit: https://www.reddit.com/r/Defcon/comm...s_do_you_even/

                      These pictures of BSIDESAFRICA are nuts..
                      Last edited by Sand; September 2, 2015, 14:37.

                      Comment


                      • #86
                        FYI, extra Bally's rooms, including the Jubilee room block, are now up on the reservation site.

                        Comment


                        • #87
                          Originally posted by mr_glitch View Post
                          Is there any kind of talk-by-talk feedback in existence or being planned? Seems potentially useful for both tracks and villages.
                          Several years ago, I pre-populated a new forum with threads, one per talk, as a re-creation of an older idea that never took off "Note Exchange" for people to comment on talks. It never took off. We had maybe 5 comments about the talks in replies to all threads for that year.

                          What about a dedicated Twitter account or a hashtag for updates, changes, and announcements? The main Twitter was very active, but that meant that announcements got lost.
                          We have a few. We have the @_defcon_ twitter account, and another is the @dcib account; how much they are used to relay announcements is up to them.
                          Would a schedule app be unreasonable?
                          As far as I know, there is no official DEF CON app yet. We have 2 volunteers that have both made their own applications to help with the changing DEF CON schedules. One was the "HackerTracker" which is an app that contains schedules while another is a collection of files in many formats https://forum.defcon.org/forum/defco...ats-ebook-html that people can load into their own apps and then download updates to the source files as they change. Neither of these are official DEF CON apps as far as I know.

                          Comment


                          • #88
                            Thanks again everyone for all your posts, ideas and thoughts on DEF CON 23. I've finished reviewing all of the ideas here and tweets on twitter with #defcon hashtag that show up with a search from August 5 to August 10. I've used all of these, summarized ideas and issues into single-concept items with indexed values per citation as counts for each item.

                            I just need to make one more pass to fix typos and make sure things are organized in something close to a per-department grouping and send it on to department heads. I'm expecting to get to that after work, later this evening.
                            Thanks!
                            -Cot

                            Comment


                            • #89
                              Originally posted by TheCotMan View Post
                              As far as I know, there is no official DEF CON app yet. We have 2 volunteers that have both made their own applications to help with the changing DEF CON schedules. One was the "HackerTracker" which is an app that contains schedules while another is a collection of files in many formats https://forum.defcon.org/forum/defco...ats-ebook-html that people can load into their own apps and then download updates to the source files as they change. Neither of these are official DEF CON apps as far as I know.
                              Thank you for this info. I'll certainly look for these next year.

                              Comment


                              • #90
                                Yeah well maybe DT will actually attend his own shitty conference next year.

                                Comment

                                Working...
                                X