black badge protocol

**TheCotMan** · August 9, 2007, 12:14

Re: black badge protocol

Originally posted by bigezy

Surrendering the badge for a specially made badge that shows the attendee as a black badge holder would solve a lot of the problem.

A sticker, tag or additional token of some sort, which is recognized to mean, "Holder Won Black Badge at Previous Defcon," which is provided when the black badge is surrendered? As an additional token, or simple modification to existing badges, the person turning in a black badge could still have some evidence claiming they previously earned a black badge, and having it work as an additional token or sticker would let the recipient choose to display it or not.
This seems to provide answers to many of the complaints people have.

The privacy of the badge holders identity will need to be addressed. Perhaps a challenge token (a torn in half dollar bill or the like) could serve as a unique identifier for the black badge holder.

This could be a way to preserve anonymity, so long as the people submitting their black badges agree that whoever submits the challenge token gets the badge at the end of the con, actually agree to this. The reason I mention this, is that theft of such a token would be similar to theft of the black badge associated with the token.

To solve the problem that TW faces right now, perhaps people could provide an email address (even one made just for con at yahoo, hotmail or gmail) so an email could be sent to the submitted email address if/when someone doesn't pick up their badge.

How does that sound?

Sounds like you have been thinking about this. :-)

Let's see if people have more ideas to submit...

**rabbi** · August 9, 2007, 12:16

Re: black badge protocol

Um, here's a thought. Why not show up with your black badge, ask for a Human badge to be reserved for you, take a claim ticket for it, and then show up at the end of the con with your black badge and claim ticket so you can pick up your human badge that's been sitting in reserve?

The incentive to "get lots of friends in with your black badge" goes away as the con is now over, the claim ticket will prevent someone walking off with an ass-ton of kingpin's cool badges, and the anonymity issue is resolved.

(The remaining problems are that you don't get to actually hack on your new badge while you're there, but as I pointed out, with 7000 of them going around, they can be had. Then there's the problem of Goons, etc., not being able to recognize the ever-increasing number of black badges, but that's a fundamental problem with the Black Badge protocol, and somewhat off-topic for this, since Black Badge holders, afaik, aren't *required* to turn in their badges except to get "this year's" human badge. So that's a side discussion.)

... where am I wrong?

**TheCotMan** · August 9, 2007, 12:24

Re: black badge protocol

Originally posted by rabbi

Um, here's a thought. Why not show up with your black badge, ask for a Human badge to be reserved for you, take a claim ticket for it, and then show up at the end of the con with your black badge and claim ticket so you can pick up your human badge that's been sitting in reserve?

Code:

// Pseudo-code, assuming threaded process with shared global passed as arg:
int hackReg(bool &humanBadgesStillAvailable) {
 while (humanBadgesStillAvailable) {
  Person intA shows up with a Black badge;
  Person intA has Human badge reserved, and gets claim ticket;
  Person intA leaves, hands black Badge to Person ++intA;
 }
 return humanBadgesStillAvailable;
}

Now tons of free Human badges can be "reserved" for the end of Defcon so be sold on ebay, and a DoS to people buying human badges exists.

Even if a black badge is required with a token, then the same hand-off and sharing of the black badge with the claim tickets can be completed.

Can this DoS also be prevented? (I'm asking, not being sarcastic here.)

The incentive to "get lots of friends in with your black badge" goes away as the con is now over, the claim ticket will prevent someone walking off with an ass-ton of kingpin's cool badges, and the anonymity issue is resolved.

(The remaining problems are that you don't get to actually hack on your new badge while you're there, but as I pointed out, with 7000 of them going around, they can be had. Then there's the problem of Goons, etc., not being able to recognize the ever-increasing number of black badges, but that's a fundamental problem with the Black Badge protocol, and somewhat off-topic for this, since Black Badge holders, afaik, aren't *required* to turn in their badges except to get "this year's" human badge. So that's a side discussion.)

Yes, these problems still exist. While we are trying to resolve the problems at hand, creating new problems isn't so bad, assuming solutions to the new problems can also be found. Comparison of resulting solutions would require soltuions to new problems for fair comparison.

... where am I wrong?

Depends on definition of wrong, and if solutions can be found to the newly created problems. :-)

**shrdlu** · August 10, 2007, 09:24

Re: black badge protocol

Originally posted by TheCotMan

Yes, these problems still exist. While we are trying to resolve the problems at hand, creating new problems isn't so bad, assuming solutions to the new problems can also be found. Comparison of resulting solutions would require soltuions to new problems for fair comparison.

Lordy, all this sturm und drang. Look, guys, here it is:

1. As has been mentioned earlier, there's already enough complexity as it is. Getting in free is just fine, if you want to have the black badge held hostage. I don't think you need to walk around with it. If your ego is so delicate that you just HAVE to have everyone know that you won a black badge, please remember that there's three of them for this year's Hacker Jeopardy (although I understand that one got handed back).

2. Quit complaining. Enough. I have a black badge. I wanted the cool badge. It was Thursday, and they weren't sure how they were going to handle it yet, so I just bought it. It was one of two options (the other was taking the chance that they'd run out), and I took the one that looked best to me.

3. Quit complaining. I have a badge from Defcon {mumble} that doesn't even have a year, but is black. How are the hired help (including hotel security) supposed to keep all this straight?

4. Quit complaining. Really. TW et al did a great job, and deserve your thanks. In fact, I had a great time, it was nice to see people, and I'll be back next year.

**ßobÇat** · August 10, 2007, 19:39

Re: black badge protocol

I'll give you my black badge for a current one, but the black badge goes straight into a padded Express Mail envelope I fill out and into a USPS mailbox?

Dunno how that works out for furriners.

**TheCotMan** · August 10, 2007, 21:12

Re: black badge protocol

Originally posted by shrdlu

Lordy, all this sturm und drang. Look, guys, here it is:

1. As has been mentioned earlier, there's already enough complexity as it is. Getting in free is just fine, if you want to have the black badge held hostage. I don't think you need to walk around with it. If your ego is so delicate that you just HAVE to have everyone know that you won a black badge, please remember that there's three of them for this year's Hacker Jeopardy (although I understand that one got handed back).

I have no problem with the present solution, but that is because I don't have a black badge. However, instead of reading everyone's complaints, I felt it was much better to expect people to provide their own ideas for solutions, and if a really good solution is found, then TW has someone else doing work for him. (Secret to good organization: delegate, delegate, delegate.)

Constructive criticism > complaining.

If people provide a solution that has more problems, or new problems, then the people with complaints can really see how difficult it can be to solve these problems, and perhaps have more respect for TW and the present solution.

Let people provide constructive criticism, and see if they can help solve the problem-- which can help everyone. :-)

2. Quit complaining. Enough. I have a black badge. I wanted the cool badge. It was Thursday, and they weren't sure how they were going to handle it yet, so I just bought it. It was one of two options (the other was taking the chance that they'd run out), and I took the one that looked best to me.

This is a valid option. If people want to eat their cake and have it too, then they can pay for the 2nd cake after they ate the first one.

3. Quit complaining. I have a badge from Defcon {mumble} that doesn't even have a year, but is black. How are the hired help (including hotel security) supposed to keep all this straight?

Right. This it one of the problems I outlined above. What makes this worse, is that each year, we add a new badge that would need to be memorized by the guards and an increase in risk to "hacking" the system through counterfeiting old black badges.

4. Quit complaining. Really. TW et al did a great job, and deserve your thanks. In fact, I had a great time, it was nice to see people, and I'll be back next year.

Yes, he did a great job, and provided a solution to a problem that was brought up last year when people complained about not being able to get last year's badge when they arrived with a black badge.

Let's put a burden of solving this problem on the people that have the complaints. They are the ones that want to see a solution the most. Perhaps one of the many solutions they provide will catch TW's eye, and be adopted. Let us use the advantage of distributed computing at the user-level, and see where it leads. :-)

**ßobÇat** · August 10, 2007, 21:14

Re: black badge protocol

Having finished reading the whole thread...

Kingpin can design cheaper badges. Green mostly unpopulated boards, double layer, vias, no SMT, just a few interesting empty circuits, perhaps with sockets, a breadboard area, and painted on goon, human, speaker, press, in the appropriate colors. Well, have the thing do something by default, I've a got a few ideas, but I'm sure Joe has more.

If you want to hack your badge, you need hw+sw skillz, not just soldering on a pin header and downloading something. Perhaps a vendor will be available to sell 555's and other retro dips. We'll be doing full color video, might have to sacrifice a cellphone...

How does this solve the black badge issue? Well, there's a new purple l337 badge, which is traded for a black badge that goes straight into the mail per my previous comment.

Now, you can hack your current badge. Registration can paint a 25 cent empty blank board on the fly with the proper species/color. Scraping off text and repainting is very hard, so we avoid that privilege escalation. Having the l337 badge announces your past uberity, and turning your badge into an iPhone - well, I can dream.

Did I miss anything?

**billygoto** · August 11, 2007, 04:44

Re: black badge protocol

Originally posted by bigezy

I am a realist. If I want to drink I have money. As far as getting laid, I am middle aged fat and ugly, no black piece of plastic is going to help me overcome any of those handicaps.

Come now... There's always the black AmEx.

**ck3k** · August 12, 2007, 00:36

Re: black badge protocol

I want to sum up my thoughts on this topic :

If you want to walk around with a black badge....you get no human badge (TS)

If you want to get a Human badge...you must surrender your black badge to TW

I really see no issue, thanks TW for clearing up how you took names for the badges, honestly I would be more then happy to just use an email address, they are a dime a dozen, and make it very easy to insure you get your badge back.

If there is some stupid little sticker or special lanyard for those who have black badges, (and have surrendered them for human badges) that is a cool little bonus.....but this raises the issue of...is that sticker going to mean you have a black badge, if your original is lost? I see some holes in this plan as well.

I would like to thank TW, as I walked away with both a DC15 human badge and my DC13 black badge.

p.s.
ACTF should really be worth a black badge...it embraces everything that is Defcon.

**TheCotMan** · August 14, 2007, 23:04

Re: black badge protocol

Discussion copied and continued here.

black badge protocol

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment