black badge protocol

Re: black badge protocol

Discussion copied and continued here.

Re: black badge protocol

I want to sum up my thoughts on this topic :

If you want to walk around with a black badge....you get no human badge (TS)

If you want to get a Human badge...you must surrender your black badge to TW

I really see no issue, thanks TW for clearing up how you took names for the badges, honestly I would be more then happy to just use an email address, they are a dime a dozen, and make it very easy to insure you get your badge back.

If there is some stupid little sticker or special lanyard for those who have black badges, (and have surrendered them for human badges) that is a cool little bonus.....but this raises the issue of...is that sticker going to mean you have a black badge, if your original is lost? I see some holes in this plan as well.

I would like to thank TW, as I walked away with both a DC15 human badge and my DC13 black badge.

p.s.
ACTF should really be worth a black badge...it embraces everything that is Defcon.

Re: black badge protocol

Come now... There's always the black AmEx.

Re: black badge protocol

Having finished reading the whole thread...

Kingpin can design cheaper badges. Green mostly unpopulated boards, double layer, vias, no SMT, just a few interesting empty circuits, perhaps with sockets, a breadboard area, and painted on goon, human, speaker, press, in the appropriate colors. Well, have the thing do something by default, I've a got a few ideas, but I'm sure Joe has more.

If you want to hack your badge, you need hw+sw skillz, not just soldering on a pin header and downloading something. Perhaps a vendor will be available to sell 555's and other retro dips. We'll be doing full color video, might have to sacrifice a cellphone...

How does this solve the black badge issue? Well, there's a new purple l337 badge, which is traded for a black badge that goes straight into the mail per my previous comment.

Now, you can hack your current badge. Registration can paint a 25 cent empty blank board on the fly with the proper species/color. Scraping off text and repainting is very hard, so we avoid that privilege escalation. Having the l337 badge announces your past uberity, and turning your badge into an iPhone - well, I can dream.

Did I miss anything?

Re: black badge protocol

I have no problem with the present solution, but that is because I don't have a black badge. However, instead of reading everyone's complaints, I felt it was much better to expect people to provide their own ideas for solutions, and if a really good solution is found, then TW has someone else doing work for him. (Secret to good organization: delegate, delegate, delegate.)

Constructive criticism > complaining.

If people provide a solution that has more problems, or new problems, then the people with complaints can really see how difficult it can be to solve these problems, and perhaps have more respect for TW and the present solution.

Let people provide constructive criticism, and see if they can help solve the problem-- which can help everyone. :-)

This is a valid option. If people want to eat their cake and have it too, then they can pay for the 2nd cake after they ate the first one.

Right. This it one of the problems I outlined above. What makes this worse, is that each year, we add a new badge that would need to be memorized by the guards and an increase in risk to "hacking" the system through counterfeiting old black badges.

Yes, he did a great job, and provided a solution to a problem that was brought up last year when people complained about not being able to get last year's badge when they arrived with a black badge.

Let's put a burden of solving this problem on the people that have the complaints. They are the ones that want to see a solution the most. Perhaps one of the many solutions they provide will catch TW's eye, and be adopted. Let us use the advantage of distributed computing at the user-level, and see where it leads. :-)

Re: black badge protocol

I'll give you my black badge for a current one, but the black badge goes straight into a padded Express Mail envelope I fill out and into a USPS mailbox?

Dunno how that works out for furriners.

Re: black badge protocol

Lordy, all this sturm und drang. Look, guys, here it is:

1. As has been mentioned earlier, there's already enough complexity as it is. Getting in free is just fine, if you want to have the black badge held hostage. I don't think you need to walk around with it. If your ego is so delicate that you just HAVE to have everyone know that you won a black badge, please remember that there's three of them for this year's Hacker Jeopardy (although I understand that one got handed back).

2. Quit complaining. Enough. I have a black badge. I wanted the cool badge. It was Thursday, and they weren't sure how they were going to handle it yet, so I just bought it. It was one of two options (the other was taking the chance that they'd run out), and I took the one that looked best to me.

3. Quit complaining. I have a badge from Defcon {mumble} that doesn't even have a year, but is black. How are the hired help (including hotel security) supposed to keep all this straight?

4. Quit complaining. Really. TW et al did a great job, and deserve your thanks. In fact, I had a great time, it was nice to see people, and I'll be back next year.

Re: black badge protocol


Now tons of free Human badges can be "reserved" for the end of Defcon so be sold on ebay, and a DoS to people buying human badges exists.

Even if a black badge is required with a token, then the same hand-off and sharing of the black badge with the claim tickets can be completed.

Can this DoS also be prevented? (I'm asking, not being sarcastic here.)

Yes, these problems still exist. While we are trying to resolve the problems at hand, creating new problems isn't so bad, assuming solutions to the new problems can also be found. Comparison of resulting solutions would require soltuions to new problems for fair comparison.

Depends on definition of wrong, and if solutions can be found to the newly created problems. :-)

Re: black badge protocol

Um, here's a thought. Why not show up with your black badge, ask for a Human badge to be reserved for you, take a claim ticket for it, and then show up at the end of the con with your black badge and claim ticket so you can pick up your human badge that's been sitting in reserve?

The incentive to "get lots of friends in with your black badge" goes away as the con is now over, the claim ticket will prevent someone walking off with an ass-ton of kingpin's cool badges, and the anonymity issue is resolved.

(The remaining problems are that you don't get to actually hack on your new badge while you're there, but as I pointed out, with 7000 of them going around, they can be had. Then there's the problem of Goons, etc., not being able to recognize the ever-increasing number of black badges, but that's a fundamental problem with the Black Badge protocol, and somewhat off-topic for this, since Black Badge holders, afaik, aren't *required* to turn in their badges except to get "this year's" human badge. So that's a side discussion.)

... where am I wrong?

Re: black badge protocol

A sticker, tag or additional token of some sort, which is recognized to mean, "Holder Won Black Badge at Previous Defcon," which is provided when the black badge is surrendered? As an additional token, or simple modification to existing badges, the person turning in a black badge could still have some evidence claiming they previously earned a black badge, and having it work as an additional token or sticker would let the recipient choose to display it or not.
This seems to provide answers to many of the complaints people have.

This could be a way to preserve anonymity, so long as the people submitting their black badges agree that whoever submits the challenge token gets the badge at the end of the con, actually agree to this. The reason I mention this, is that theft of such a token would be similar to theft of the black badge associated with the token.

To solve the problem that TW faces right now, perhaps people could provide an email address (even one made just for con at yahoo, hotmail or gmail) so an email could be sent to the submitted email address if/when someone doesn't pick up their badge.

Sounds like you have been thinking about this. :-)

Let's see if people have more ideas to submit...

Re: black badge protocol

A first thought. I am still leary of a list of real names that indicate these people have black badges. Overall the idea of surrendering the badge seems to provide TW with the best way to ensure that only those that earned it get in for free.

Surrendering the badge for a specially made badge that shows the attendee as a black badge holder would solve a lot of the problem. Through the process created this year, TW should have an idea about how many of these badges would need to be made up. (Adding for the previous years winners)

The privacy of the badge holders identity will need to be addressed. Perhaps a challenge token (a torn in half dollar bill or the like) could serve as a unique identifier for the black badge holder.


How does that sound?

Re: black badge protocol

That might be an option for people that elect to have their badge defaced each year, but we'd need a really interesting punch-- especially for the Defcon X badges, and such a punch for the Defcon 9 badges might produce a leaky badge. (if done in the wrong place. ;-)

If used, we might have a new batch of people complaining next year about their badges being ruined. Any other suggestions?

Re: black badge protocol

What about having some kind of a punch that makes a mark on the badge? When the bb holders pick up a human badge for that year, the bb gets permanently marked in some way (which would not detract from the overall beauty of the badge) so that they can't DoS the reg line.

At the reefer rumble I attended one year, as you were given each sample they cut a corner of your badge in a specific manner.
er i mean.. s/reefer rumble/young republican; s/sample/live puppy for eating/;

Not that I'm suggesting that we cut off corners of black badges.

Re: black badge protocol

Let me pull out the history book on this....

Some Black Badge Holders: "*Complaint* I have a black badge, and every year, I get in for free, but I don't get to take home a free badge for the latest convention I attended."

TW and people at Defcon try to find a solution to let people take home their original black badge and take home a badge for the new conference they just attended, but does not lead to re-use of the same black badge, over-and-over to "hack" the reg desk for tons of free badges.

Now we have a new complaint: "*Complaint* I have a black badge, but don't get to have it and my free badge at the same time."

Right. Ok then. Perhaps placing a burden to provide suggestions on those complaining might help.

Problems outlined:
1) People with black badges want to be able to have their black badge and a new badge for free.

a) I see no way for this to happen, such that a person can have both, at the same time, during defcon, and not leave a huge gaping hole for hacking the reg system.

b) A person could be given a choice: free entrance and possession of their black badge during con at the cost of not getting a new badge, but this complicates things for the people that "guard" entrance to the con-space by limiting access to only those with defcon badges. Memorizing the look of the present year's badge plus over 10 black badges from previous years creates problems-- especially as more years pass, and more black badges come into being.

c) Badges could be reserved until the end of the con so black badge holders can claim them at the end: again this is a risk for hacking the reg system to get lots of free badges, *and* creates problems with knowing how many to reserve.

I am sure there are even more problems with this that I have not considered, but that is because I don't work reg. Instead of just complaining about the problem, see if you can find a solution to all of the problems outlined above, and then offer constructive criticism to provide a solution that everyone an enjoy.

The way I see it, when people don't provide constructive criticism to help suggest solutions to problems that work to solve the known problems, they really don't want to see a solution so much as they want to complain.

So far, the solution used by TW this year seems to be the only one that solves *most* of the problems. I don't see a way to solve all of the problems, but I have not thought about this very much.

At USENIX or other conferences, they sometimes have stickers people can place on badges, or inserts to include on their badge to specify speaker, vendor, X-Year-Veteran and more. However, stickers and inserts can also be hacked if the black badge is not surrendered during the con.

Anyone have suggestions to solve all of the above problems that they want to provide? the stage is open, the mic is on, and the spotlight is ready.

Re: black badge protocol

I'm in the same boat. I was on hour 28 of being awake when I wrote the first post, but I still stand by it :)

I'm the first to admit I have no idea how the financials work for DC. But what I said was that the the time all 6800 or whatever badges have been sold, are the numbers not in the black? I can only assume that when the projected number of people show up, the con is running at LEAST at break even point, if not at a profit. Or are you trying to say that insurance costs are based on the number of badges printed, and not the number of people who show up? Same with security? Does that mean that these costs suddenly went up when the cardboard/paper badges were sent to the printer?

Hey, I said I was salty, not in bitch mode. I planned on being there on time, even got there 2 days early. But I didn't plan on sitting in the emergency room all day Thursday waiting to talk to the dr.

Never said it should be a charity. I suggested that surplus profit from any extra badges be donated to EFF or whatever. Seriously, had there been an extra 100 badges this year, do you think there would have been a problem selling them off?


Kudos to the entire staff. This con ran very smoothly from what I saw. Personally I'm not a fan of the riv nor some of the directions DC as a whole seems to be heading, but administratively it was definitely well done this year. The guys I dealt with this year (agent x, noid) did a great job.