Good points...

I already composed an executive report and summary with citations to comments for all DEF CON department heads.

You work at con, so you can also look to escalate this feedback directly to DCIB (DEF CON Information Booth) organizers, to see if they can use the feedback.

Watch-out! They might try to poach you away from your present department! :-D

Know who else we need to ask? Those who ran the INFORMATION BOOTHS!

What questions were redundant and common?
What questions were asked that you felt were unnecessary?
What confused attendees the most?

I am sure if you get with the info booth staff they can assist in what info needs to get out more.

As for ME, can we have the program made in larger type maybe? I swear the font cannot get any smaller.

Thanks to everyone for your feedback. Popular or not, feedback as constructive criticism is great, as it provides evidence of issues observed and suggestions on ways to fix which may not have been considered, or which may prompt other ideas to a better solution to the problem than we we have used before. Your effort to improve DEF CON with your ideas and observations really does help.

I've used all of these ideas and included them in a report that will go to DEF CON department heads later today.

You can still contribute ideas, and suggestions to address issues, but as we get further into the planning of DEF CON 26, the chances your ideas or suggestions can be included in planning for DEF CON 26 decreases.

Thanks Everyone!
-Cot

I would appreciate this for any instance of stuff "for girls." Or why stuff gotta be "gendered" by color at all? Just make some stuff in all different colors, we will each find a color we like and buy the thing in that color, ok?

how about just NOT PINK swag for women next year.... seriously.... purple, red, blue, green, yellow, hell..... I'd take TAN..... please just not the "PINK" we're not Susan G Komen.... MAKE IT STOP.

OK, this was my first con (and tyrip to Vegas) and part of a 10 day birthday present in Vegas, including first class flights from the UK.

I have followed the con for years from the UK and was super stoked to be eventually going to defcon!!!. I stayed at Ceasars in the Julius tower, which wasnt far from escalators to the con....awsome...

I have to say, what a dissapintment it was...I agree with the above comments 22k+ people was way too much....

I registered for the defcon shoot run be deviant (kinda hero of mine), the guy who offered me and another guy a lift didnt show so I missed out on that...really pissed...ended up shooting at the gun club on the strip...

I started queuing at 5am on Thurs for my Badge...

Pros
- Speed to go through registration approx 1.5 hours
- SWAG Goons (in my case a girl) were super helpful with getting right sizes
- SWAG was good quality..loved the poloshirts I bought..price wasnt an issue and sterling to dollar conversion wasn't to bad when I exchanged my money

Cons
- SWAG area closed early on Thursday...maybe they ran out of stock
- Nothing much was available for the rest of Thursday so I sent my time at the pool, after the pool closed I came through doors from the pool and walked into the car hacking village, where they seemed to be setting up....to be met with a tirade from a goon who demanded to know how I had got in. (At that stage I didnt realise they hd cordoned off the corridor ends)..it made things worse when I told him through the door (meaning pool door)...more tirade and being called a smart ass...all the time the goon never got off his chair...(so if you are securing some where..make sure you know where the entraces and exit are)...no apology from him just told to get out...even after explaining I came up from the pool and the pools were closing so expect more people...after that my experience of goons was great..very helpful....
- AV in Ceasars was also very flaky...
- Registration badge sucked...
- Badges sold out in no time at all...by .the time I had got to car hackingvillage the next day badges had gone..same for all the other electronic badges..seems these guys were under prepared...I now see some of these badges on ebay going for $200-$300.....
- vendor area was like Janury sales when the door just opened.....someone above described it as a moshpit...quite apt...
- Didnt get to do any hardware hacking/car hacking the demand for the stations were well over subscribed same for the IoT village, could just watch
- Lots of over priced basic lock pic sets on offer
- No many vendors
- Spent more time in line than actually doing...

Seems to me con is very commercial....not surprising really with 22k+ captive audience...

Big thanks to Darren and Shannon from Hak5 for spending some time chatting with me,I know you were in great demand!!

If it wasnt for the company of the guys I knew from having worked with them from the UK I would have changed my flights and gone home...

I must confess..... I dont think I will be coming back....

I've seen this discussed. There are two major issues brought up with this concept:
1) This kind of breaks a past historical cultural theme to not promote elitism. In order for something like this to work, a limited number have to be produced which are well under the max occupancy for any rooms that would use it, which creates scarcity, and increases value. Then once there is greater value what criteria are used to distribute these? If done by free market, then only the "rich" will have them. If done with "while supplies last" online then those really good with scripting and "curl" or other tools gain an advantage at a disadvantage to the newbies. If done by lottery, then it might be like FCC bandwidth lotteries where the winner immediately sells to the highest bidder. All of these issues (and more) stem from the requirement of limited quantity.
2) Technical implementation: assuming this is for all villages and talks, and the smallest village has max occupancy for 30 audience members plus speaker and camera crew. This then becomes the limiting factor. If you set a max of 30 of these badges, then 30 people can deny access to this village to everyone else. Another technical issue is that of abuse in duplication. If the badge has a unique ID, which somehow could be tracked per room, what is to stop someone from duplicating that unique ID, and handing it our for each friend that wants to be in a different room? Is there going to be some sort of cross-device synchronization of data to ensure only one unique ID can be used at a time? Can the system of communications for ID restrictions be enforced if the media used for inter-device communication and synchronization if DOS-ed? What happens when you ID is stolen? Going to move to an electronic device that has a time-based rolling ID like some smart-cards?

The cultural and technical issues are both large in scope especially when considering the crowd at DEF CON. The culture changes over time, and maybe elitism will take over as the new culture. Maybe a trend of taking power away from those that have it and giving it to those without will cause special interests to take over the culture? Maybe some other culture will take over like one based entirely on capitalism or an Oligarchy?

Suggestions and feedback on these technical and cultural issues are welcome.

Outside of this, DEF CON *kind-of* has this. Goon badges allow for access kind of like this, but it is something earned through work and volunteering. There are still elements of the older cultural goon system of a meritocracy. However, just because you have a goon badge does not make you part of a team; you can still be an outsider/imposter with a goon badge. Even as a Goon, DEF CON is what you make of it. :-)

As DEF CON grows, crowd management is becoming increasingly difficult. It sounds like registration went quickly, but villages still had long lines for talks, etc. It might be interesting to explore some sort of Disney-like "FastPass" system, where you can reserve guaranteed entry to a future event/talk, but you can only have one active reservation at a time. Perhaps some villages could try it out? It would likely require (scannable?) serial numbers on the official DEF CON badges to avoid people gaming the system.

Good:
Goon saturation
Information booths
quick adaption to foot traffic (adding lines)
Skytalk room was good size
Workshop sign up was easy
Workshop that showed how to compromise AND how to fix (red and blue)
Blackhat Defcon badge pickup

Bad:
Signage
No DCTV to Flamingo, the literal sister hotel to Caesars (yet could to Bally's)
Online streaming didn't work
A/V for Hacker Jeopardy and other events. Caesars dropped the ball.

Pros:
* Thursday badge line was one of the most efficient I have ever experienced
* Workshop registration (pre-con) was handled in one of the most fair ways possible. I may not have gotten into all the workshops I would have wanted to, but it was fair, and everyone knew what workshops they were going to be able to go to prior to the con
* Hotel rooms in the Palace tower being able to take an elevator to the conference was nice. Knowing how to use the elevators rather than escalators also helped
* Information booths around the con with knowledgeable goons
* The arcade machines continue to be a nice touch

Cons:
* The one workshop I was in was only half full. It was on Thursday and in the morning, so I can't comment on other workshops, but it would have been nice to let others that may not have made the reg, or the wait list in if they wanted to
* The official Swag line was rather long. I can't complain too much, I met some interesting people. As efficient as the badge line was, the Swag line was that inefficient
* I only attended SkyTalks on one day, but they had to clear the room between talks due to demand. I really do like SkyTalks, and would love to see them get some more space. I don't know what would have to be given up though...so...
* The AV system in the main track (Track 2) had some issues that were not resolved during the talks I sat through. At least one speaker had no slides (though he manages quite well without them) during the whole talk

Pros:

-Hallway traffic control was a very evident lessons learned from the Bally’s hallway last year. Good job!

-The many information booths were awesome

-Goons were super nice and patient even when you could see they were tired as hell

-Hacker Tracker was rad (I know you can only do so much with the information you are given with updating it)

-Having food at Chillout as an option to the $ Caesar’s restaurants - it wasn’t really great, but still sort of edible. (Still of course, bring as much of your own food and snackage in as possible to avoid this option, but I’m glad it’s there!)

-Hallway bars - few and far between, but super glad to see them!

-Palace tower only for DC was awesome!
-keep doing hotel DC key art

-Grifter offering open party spaces for parties before con

-Fun bands and DJs in Track 1 (And holy cow it sounded good!!!)

-Temperature was good

-Elevators went a lot smoother than I thought they would be

-Zebbler and his crew has AMAZEBALLS art! Please keep them coming back!

-“i loved opening up more exits and back stair exits.” Agree with deviant here!

-Skytalks is great

-I liked the badges. They were super fun. I know they were super easy to copy and had no security (which made them pretty terrible from a security standpoint), but I loved having something that was lightweight, not easily breakable, and something that BENDS when you wear it. (As you can see, I’m not quite an electronic badge fan for all those reasons.)



Cons:

-If you are handicapped (or have a giant handcart full of stuff), how are you supposed to get through the Appian Way? Yes, there are 2 little elevators: however, you have to have hotel security operate them for you. My experience helping and talking to a 1st time DC attendee waiting for like 15+ minutes before she gave up to get someone to operate the elevator, proved that this is kind of not really a compliant way to go. (I know this is on the hotel, not DC.)

-I missed seeing all my friends somehow in the madness

-Tables and some more seating in Chillout (I’m sure that seating didn’t happen in the Soma stage area due to fire code...but if it wasn’t fire code, can we get please some chairs and stuff in there next year?)

-Is there any other way to do SWAG--- what if there were 2 SWAG booths? (at least for the beginning of con, then go to 1 later on on saturday afternoon or something)

-I know that it’s Caesar's and to expect huge prices--- but the food at chillout was hugely unaffordable. $4 for an apple was rough. (I know you're all squinting at me saying chillout food was a plus now!)

-Missed pool parties

-Giving up part of Vendor for packet hacking

-DCTV just flaking out because of overheating. I ended up in my room hoping to see closing ceremonies and did not get to see them. (Sad Lope)


I'm sure I'll think of some more before the deadline, but that's what I have so far!

I'll throw in my 2 cents as well:

My first con was 19, @ the Rio. The line for the badges that year was terrible. This year I went down Thursday at 8:45am, and had a badge by 9:02am. You have Linecon nailed, in that respect! Obviously the tracks are going to have lines as people filter in/out, that's life with shuffling hundreds of people in and out. Track 1/101 was a little odd to have it dump into the chillout lounge. Overall well done on the crowd control.


I bribed^H^H^H^H^H^H tipped the front desk this year to put me in a room in Palace tower, so I could utilize the elevators directly to the convention center. Something I absolutely recommend, as it made getting to the con so much easier. I'm not sure what the agreement was with the defcon room block, but seems that not everyone was afforded this "extra".

Maps could have been better. I didn't discover the back escalators until the 2nd day, mostly due to my using the elevators since that's what I knew. As a result, I didn't see the pool level at all right away.

Biohacking village was insane with the line. I wanted to check out Social engineering village as well, but missed it due to the insane line leading into a tiny room.

I'll add to the chorus that the AV sucked. I usually utilize a fair bit of DCTV, since waking up early every day, and being fully productive to hit the tracks aren't exactly compatible with a vacation in Vegas. I think channels 83 and 84 in Caesars showed nothing but the weather the entire time I tried to tune in. Others were constantly rebooting and were sporadic in viewing.

The other half of that was noted in the tracks. Projectors in/out. Hacker Jeopardy on Saturday night was cut short due to the AV failures. Even the closing ceremonies suffered, which obviously you could see yourself.

I missed the pool party. Was one of the items I really enjoyed last year, even having attended some of the penthouse parties last year (whiskey pirates and the 803 party)

Overall this year felt kind of bland. Perhaps I went in with high expectations considering this was the 25th, and it didn't quite live up to what I was expecting. Throwing the badge issues in added to the level of "meh" for this year, evening knowing the explanation behind it.

Additionally, much of the shenanigans that previous year events had were missing. I think the highlights this year were googly eyes and "This is not a camera" stickers everywhere. Obviously this isn't something that is controlled, but it's still disappointing. DEFCON, to me in part was about overtaking a hotel, watching the culture change, and seeing the surprised expressions on the few "normies" that made their way in. This year we were a minority in Caesars, and you could see the culture clash as we were pushed back into the convention center.


Bejing? Ambitious, but count me out of that one. We already have an arrest that made news for DC25. Over there you'll just get disappeared. I know we're probably not the intended audience for this, since not many hackers are going to make the journey. It will come from within. I'm going to guess no "Unofficial DEFCON Shoot" over there, however.

-darkwind

So here goes:
I have been through the Riv and queuing around the pool outside to the gridlock of the Rio to the horrible elevator access at Ballys for the top floor villages and I thought Caesars was the best yet. I guess I was lucky that I didnt get caught in any of the crowds described above but I scouted the place out Thurs and was able to move around with relative ease. My actual biggest gripe was people walking 4 across slowly ambling along when I was in a hurry to get to a talk! I think the concern about signage is valid though. I knew where things were in general but trying to scope out other places could prove tricky and you ended up stopping in the middle of hallways to check the maps which causes blockages.

Badge reg was awesome, I woke up hungover as fuck on Thursday and struggled to get out of bed but I simply walked straight into an empty(!) room around midday and got the badge. I liked the idea of the badges through history but something a little more exciting than the first would have probably gone down better. And to those bitching about the lack of e-badge, this was an off year, you werent getting one even if 1o57 was doing it and you pay for the con, not the badge.

What the hell happened to swag? First thing I noticed was the increase to the cost for anything above XL. Was this a contributing factor to the stock levels initially purchased as everything above that size was sold out by mid Friday? Dont think I have seen this before so I can only conclude there just wasnt the higher stock levels to begin with. Oh and bring back cuff links, mine have busted and I need replacements!

Vendor are was another poor showing. I really dont think we need 4 vendors selling just lockpicks, 5 if you count Toools booth in the LP village. Was this in lieu of HackerStickers? As someone else mentioned their presence was missed. This meant there was one alt for t-shirts to official swag (and the only place I could get one my size). I know its usually crowded but putting No Starch where you did meant it created a huge bottle neck in that corner. Not sure Hak5 needs ALL that space either, 4 lines for their products and just production line that stuff. Oh, and does anyone actually buy those Gunnar glasses? They have been coming back a while but is there a market for them at con? (This isnt a gripe, truly want to know).

I reckon Packet Hacking, SE, Recon (which I heard was awesome) villages are probably never going to have enough space but I will add myself to the list of pushing for it. Does the lockpick really need all that space (along with a selling booth?)

I thought that talks were really good this year, SHA-1 collisions stood out for explaining something technical very well, thumbs down to the EDNS OPT talk, didnt need 25 mins of the history of DNS RFC's.

AV, yes there were problems but not entirely sure it warrants the vitriol going on. Track 3 had that persistent sync problem which I really think should have been addressed much quicker (it actually looks like it took until closing ceremonies until it was figured out). The TV streams had their problems but I got to see the majority of what I wanted on there. Does the AV soc have a TV (or 4) watching the streams coming through? If not, it might pick up on problems quicker. I think someone mentioned putting the streams into chillout or something, could maybe broadcast sound via radio so people could tune in to listen and not disturb others who want to talk, etc but then if they are online now you could just do that. Is the streaming server inside the con network? If you are on con wifi are you hitting something local or something hosted external?

Why was the exit to 101 track through chill out, kind of killed the point of the room!?

Food in con area. How the hell to they get away with pricing small bottles of water or soda so high. They are just gouging when you can go downstairs and get more for less price (and even then its higher than normal). This really does smack of Harrahs being dicks, they would probably make more reducing the price but selling more volume. Whilst this is beyond the control of con organisers it would be good to pass on.

Lack of IOActive/Pool party. This is a tricky one as the cost, etc involved would seem prohibitive but I wanted to highlight how important these were to me in my early con days. If you werent 'cool' enough to get into the big parties at least there was somewhere you could go, feel a part of the festivities and get to meet people and usually listen to Dual Core! No idea on logistics but for first time con goers these would be good to try and slot in somewhere.

Lastly is the overall con feel. This was 25, supposed to be a big thing but it sort of felt people were just going through the motions. There was no real 'buzz', nothing over-the-top crazy that made you go 'wow, thats what a 25 yr celebration is about'. Maybe things are too big for that now, maybe everyone is getting old, I dont know, just lacked a bit of spark. That isnt to say I didnt have a great time though.

Oh and how come no one got The Who to come play closing, I mean they were right there, not doing anything, couple of free beers and I reckon they would have done it :)

Or maybe Cee-Lo Green

Or maybe not.

Thanks to everyone for your ideas so far! Complaining about what sucks, describing why and what can be done to fix them is really good!

This is a note:

I am expecting to finish the post-con summary and report for DEF CON Department heads by the end of next weekend.

If all goes well, any and all comments included in this thread will be included with other resources I use in describing what worked, what didn't, what should be changed and what should stay the same, and all of these will be included in the report to help with planning for next year.

So the deadline:
To have the best chance at getting your thoughts and ideas on what sucked, and what worked in DEF CON 25, and have those ideas help to plan DEF CON 26, get your thoughts posted by August 15, 2017 at noon, pacific time.

Planning for DEF CON 26 in some departments already started before DEF CON ended. For the rest, planning will likely start this coming week, or the week of the 14th.

Keep your thoughts and ideas coming!

-Cot

The big achievement for dc25 in my mind:

There was a lot good about this def con. The badge line in spite of record turn out was well managed and probably as good as it has been since the first E-badges. That's worth a special shout out.

Also want to shout out the speakers... and the CFP review panel. I gave one of my better presentations ever ( probably ) and I still felt like I was the worst speaker at def con by far. The quality of talks was above any prior year. I was thoroughly impressed.

The big let down for dc25 is two fold:

1. the badge was shit. we get it, lost bailed, no time to do a real e-badge etc. but you still charged for the badge like it was an e-badge. that's not cool. and the badge hacking room was almost insult to injury. if not for the non def con badges that room would have been best served providing a place for doing macaroni art on your rubber ( or plastic ) placard. i am not the only one who felt that way. And that's why I mention it. Not to sound like I was wronged. And I don't wish to sound petty, obviously the con matters more than any stupid badge. But... I heard a lot of that. And it resonated. And that means it's an issue. And to be frank I can't say I don't agree.

2. the size of the conference has finally gone well over any survivable amount of people. caesars sucked. the beers were 12 bucks at the poorly laid out and poorly ran bars. the hallways were beyond over crowded. vendor area was 4 stores and a mosh pit. and the talks weren't available on the in room feeds for most of the conference... leaving folks who did want to attend a talk to contend with what felt like a line for the last life boats on the titanic. this murdered what little remained of the old defcon culture. if not for dc949 being willing to attempt to keep the defcon spirit alive and a wealth of friends ... i'd have just left the con entirely and went elsewhere.

def con... is too big.

it could be cut to half of it's size this year, and STILL be too big.

you simply cannot have 22k+ attendees and still call it def con. because... it's not.

I know deviant disagrees. And I'd gladly debate the matter. But, I think there's a size where community fails. And Def Con no longer has the openness I recall. It simply doesn't. Especially in a hotel whose size forces folks to separate into their cliques. It's fun to spend time with friends in private suites etc. But it's also fun to hang out in the 'con bar' area. This def con didn't have that area. And that didn't afford an opportunity for veterans and newbies alike to hang out and form that unique bond that only def con can produce.

So... if I were DT. I'd start with an apology for the badges, and charging full price for em. Too late to do much else. I'd then promise to leave caesars. I'd cut the con down into manageable levels. And let people know that next year there will be a defcon badge lottery. If you want to avoid the lottery... enter the cfp. run an event. etc. but no more free badges for blackhat. no more 22k+ people. You enter the lottery and you get a barcode for a badge. You turn that bar code in at badge reg. Done. It's not perfect. But it's SIGNIFICANTLY better than what is currently going down.

Otherwise, I fear that Def Con is finally beginning the slide into failure.


Just my opinion. I think that Def Con goons, volunteers, attendees even were amazing. As they are every year. Especially under the huge glut of people that's been the hallmark of dc25. But... in that ocean of people, it's hard to feel like anything other than cattle. And that was never what def con was.

Figure some folks will still take that commentary badly. I'm fine with that. I stand behind what I said.