
Ask HN: Running a hackathon and someone's laptop got stolen, what should we do? - pulakm
I&#x27;m one of the organizers of PennApps, which takes place in our university building. Someone left a laptop unattended, and it was stolen. This is unprecedented - we&#x27;ve never had any thefts in the previous 6 iterations of the hackathon. However, it&#x27;s a lot bigger this time around (1000+ students), and people are a bit more spread out. We have security measures in places and guards around the building, but there are definitely entrances to the building where people can get in when someone is leaving, without having access.<p>My question is - what is the appropriate response to something like this happening? We want to help the person who had their computer stolen have a positive experience, but we also don&#x27;t want to create adverse incentives.
======
georgemcbay
Unless I was specifically informed that it would be safe to leave my
belongings in any area, I would assume that it is not safe to do so, and if I
left my laptop unattended and it were stolen under these circumstances I'd be
pissed off, but I wouldn't expect the event organizers to take any
responsibility for it at all.

The idea being kicked around to take a collection from attendees is okay in
theory but I'm not convinced having to file a police report is a sufficient
barrier to future attendees claiming lost laptops in the hopes of getting
$1000 from random strangers. Also you'd have to be really careful to make sure
it was well understood the collection is totally optional, and not set it up
in such a way that people who didn't want to participate for whatever reason
weren't made to look like asses in public. Put in that situation I'd have no
problem dropping $1 or $20 into a collection hat, but expecting everyone
(especially students) to have such disposable income isn't fair.

~~~
ranman
you could build a venmo collection jar!

~~~
cel
hackathon idea there. pivot!

------
nkurz
I'd suggest a offering a significant reward for information leading to the
return of the laptop. This signifies that it's a matter that you take
seriously, without claiming responsibility for protecting others' property.
Choose an amount that is comparable to the street value of the laptop. Take up
a collection to pay it if ends up being paid.

This motivates anyone who has suspicions or inside information to come
forward. If it's a theft by a student, it's quite possible that someone
besides the thief knows what happened, but doesn't want to appear 'uncool' by
expressing their disgust. A monetary reward may overcome this, and potentially
makes them into a hero rather than a coward.

I would not offer any sort of amnesty or no-questions-asked policy. If you end
up finding the thief, prosecute them. If someone claims to have 'found' the
laptop in the the bushes, seems very interested in the reward, and you are
suspicious, turn the matter over to the police and let them decide if the
story holds up.

Specifically, I don't think you should offer warnings to others to take
greater steps to protect their property. This has the appearance of blaming
the victim, and potentially helps the thief (and potential friends) justify
their actions to themselves as something the victim deserved for their
negligence. Making it known the crime occurred is sufficient warning. It's in
each individual's interest to protect their personal property, but not in the
group's interest to create a 'fend for yourself' attitude.

~~~
chrischen
Reward sounds like a good idea. If you're planning to pay for the laptop
you'll be spending the money anyways. This way you might catch the thief as
well.

------
Pro_bity
Two choices IMO, 1) if you can afford it, replace the laptop. 2) If you can't
afford it, then take up a collection from the attendees. As for adverse
incentives, you should always presume that people are honest and good.
However, to cover yourself (and it is a good idea anyways), make them fill out
a police report. Keep a copy on file for yourself. This would give any would
be profiteer pause, as there are real consequences to filing a false police
report.

~~~
tonywebster
Taking up a collection is a good idea, gets everyone on their toes about
watching each other's backs, and puts the responsibility on the entire
community. If each participant threw in a buck or two, that's a new MacBook
Pro.

~~~
larrys
My personal feeling is that a collection is more appropriate with an emergent
problem "has no ride home and is stranded".

Once your laptop is stolen it's more of an issue of all your stuff being
stolen as well (that is on the laptop) as opposed to just a piece of hardware.
How are you supposed to do your thing if your laptop which is setup just for
you has been stolen and you are at a hackathon?

(As a side note when I travel I travel with a cloned hard drive (encrypted)
that can be used to boot another laptop.) Hard drive is always on carry on
luggage as well. Cloning tool that I use is "super duper" (that's the name)).

~~~
danielparks
Sure, there's a lot more pain than just the cost of replacing the laptop
itself.

That said, the laptop cost is a big expense for many people (especially
students), so it's helpful. Also it's a nice gesture. (“Look, the community
cares about you.”)

~~~
larrys
I think this is close to a "teach a man to fish" situation. If the community
really cares shouldn't they be proactive in some way to work to prevent this
from happening instead of reacting? And it seems that (from what others have
said) from the behavior of participants (someone who replied to a comment I
made) that this could easily happen many more times as the crowd increases in
size.

------
frostmatthew
As much as it sucks to have a laptop stolen if you're hosting an event with
1000+ people I think you need to adapt the policy of not being responsible for
lost or stolen items.

Many of the comments here mention a certain level of trust in the [hacker]
community...sorry but not every single developer is a saint who would never
consider stealing someone's laptop. The larger the group the more people
you'll have willing to steal if the opportunity arises.

~~~
andrew_gardener
Also don't forget that at an event that size outsiders could potentially get
in or maybe some staff/security did it.

Best bet is to think about it as being a completely public place at that
point. Would you leave your laptop unattended at the corner of a busy street?

Hopefully the laptop ends up being misplaced or reported to lost&found and the
organizers just don't know about it yet.

------
mindslight
Relying on perimeter security is a folly. Believe it or not, there's an
intersection of people who are are interested in both the hackathon _and_
opportunistically stealing laptops. As your event scales, the chance of having
these people increases while group-wide empathy decreases.

------
rdl
If it were a _company_ sponsored hackathon, I'd probably just pay for the
laptop. Probably wouldn't publicize the whole thing, and if it happened a
second time, would seriously re-evaluate security.

A school or community hackathon is a much more ambiguous situation. Get a
police report, and see if you have event insurance or something to cover it.

I never leave stuff unattended in public, but things like hackerspaces, YC's
office, etc. feel different. I do screenlock always, but I can't say I'd never
leave a machine unattended in a semi-public environment.

------
shawnreilly
I've never been to a PennApps Hackathon, but from what you describe (1000+
people), I'd imagine that it's pretty much impossible for event organizers to
prevent this. I think the key here is the 'left unattended' part of the
scenario. The solution would be to tell the teams not to leave the equipment
unattended. It's unfortunate, but a reality of life (even at a Hackathon with
a great community); There are bad people out there. I've been to quite a few
Hackathon / Startup Events (granted, much smaller), but I've never left my
equipment unattended. I consider it a part of Teamwork, Communication, and
Organization. If someone from the Team isn't there to watch the equipment,
then it comes with me or gets packed up and put away somewhere safe.

~~~
mindslight
> _The solution would be to tell the teams not to leave the equipment
> unattended_

Please no. Don't contribute to this cover-your-ass culture of information
clutter by disclaiming the obvious with braindead notices that nobody is
expected to read. It's common sense to maintain responsibility for your stuff
to the extent you'd like to avoid having it mucked with through malice or
ignorance.

~~~
radley
Most hackakthons are at the pro level, so it's industry peers and security for
this is never a concern.

When you have 1000 students in a hackathon, then yeah it's a good idea to
point out the difference.

~~~
heldtogether
Having something rammed down your neck like you're a 10 year old never really
helps. Being a victim helps people remember the basic things. Have a couple of
people walking around placing stickers on laptops that are unattended. When
the owner returns they'll see a sticker saying something along the lines of
"your laptop has been stolen", and they'll quickly feel foolish for dropping
their guard.

~~~
vacri
That sticker solution is much more '10 year old' than a general warning to
watch out for your own stuff. It gamifies the situation, rather than being
direct about it.

------
educating
The appropriate response is to as much as possible help them contact the
authorities and/or to keep a lookout for the laptop and the thief. But, you
also have a hackathon to run, so you cannot inconvenience others just because
someone was thoughless enough not to take their laptop with them when they
went to the bathroom without someone they trust watching it for them.

------
aroman
As someone currently attending PennApps, I'd be happy to chip in a few bucks
to support the person who had their laptop stolen.

Sorry that you have to deal with this Pulak :(

------
picsoung
First thing to install on any devise : Prey.
[http://preyproject.com](http://preyproject.com)

It's great to track your hardware, it can event take screenshot of the screen
and pictures with the camera.

~~~
ryan0x00
any professional cannot allow/afford/stomach the idea of even having their
device boot if stolen.

something like this written as a hardware/bios/whatever malware is more
interesting

~~~
seniorsassycat
Honey pot user or operating system? A major drawback to prey is that it only
works when the thief logs into the account.

------
tonywebster
If I was the participant with the stolen laptop, I'd first of all be really
bummed out over not having the opportunity to participate in the hackathon
because of stolen gear. I'd try to find them a computer they can use to hack
on, and hopefully they didn't lose any work.

I don't know what to say about the stolen gear itself. People should take
responsibility for protecting their own stuff, but that's a real challenge
over a weekend non-stop sort of event, especially of that size. People need to
eat, sleep, etc. I guess it's a lesson learned to have clear disclaimers of
responsibility for future ones, and I'm not sure what to say about replacing
that participant's computer. Not a fun situation, and it's hard to find fault
on anyone (except the thief, of course).

------
redtexture
On a community-basis, reporting widely and promptly about unfortunate events
via your typical channels is important and a strong community-safety-measure,
as well as an opportunity for safety-awareness and for participants and others
to make-whole and contribute toward the losses that one or more community- or
event-participants have had.

It is not so great that the possibility of the difficulty described by the
original poster had not been thought of in advance, and that a clue and a
policy is now needed after the fact.

Standard cautions to participants as a matter of policy are appropriate for
all public events and occasions.

This is because no project or event can afford to suggest or create a culture
that implies that the project is able to assume that participating individuals
will be made whole from failing to attend to their valuable assets, whether
they be computers, mobile phones, wallets, coats, hats or their bodies;
further it is appropriate to warn all participants that civil authorities may
be called upon to intervene or participate when inappropriate activity is
discovered or reported.

A project or event code-of-conduct is appropriate, and having a policy guiding
organizers and empowering all volunteers and participants to act against
against miscreants with inappropriate behaviors is also a community-building
and safety-building experience, in addition to the event's particular mission.

More generally, as a community-empowering project and event, an important
measure, towards community-building, safety, and inclusiveness includes
noticing populations that are desired and not always well-recognized, and
dedicating your event toward providing a harassment-free conference experience
(since property-stealing is a harassment) for all individuals, regardless of
gender, sexual orientation, gender identity, disability, physical appearance,
body size, race, or religion. This invites all participants to act
individually when inappropriate behavior occurs.

This is a typical class of policy and notice that universities resort to, in
anticipation of an occasion when a member of its population of students,
staff, or professors is discovered to be acting beyond social, legal or
ethical norms.

~~~
mindslight
... or you could focus your effort on _productive_ things instead of
dedicating an ever-growing amount of resources coming up with copy to appease
feel-good busybodies. _The map is not the territory_ , and overemphasizing the
map's importance is a great way to kill any organization's spirit. As
organizations scale, it's inevitable that they will eventually fall victim to
red-tape-promoting leeches, but that doesn't mean you should seek to actively
court them.

------
stcredzero
What should we as a community do about this? _Honeypot Laptops._

Laptops modded specifically as honeypots. They could be modified to maximize
battery life, and pass muster as an ordinary laptop under casual observation.
However, their real purpose is to sit there in extremely low power mode,
waiting for someone to move them, at which point, they fire up their radio and
gps, and signal cameras and security personnel on-site to start watching.

Are onboard accelerometers good enough to do dead reckoning positioning of the
device within the building, provided they have good data to work from?

~~~
diminoten
That's arguably entrapment, and not your job.

Leave the detective work to the cops, Bruce.

~~~
stcredzero
I had heard that the police in Washington state in the 90's used to leave sets
of rims in the back of pickup trucks parked on the side of the road as a means
of honey-trapping thieves. I also heard the cops referred to it as a time-
saving measure. "Entrapment?" That's stealing, plain and simple!

Anyhow, how would that be different than someone walking out of a building
with any other piece of a school's or a hackerspace's equipment? What are they
going to tell a judge: "It was an unattended laptop. I _had_ to steal it!"

~~~
diminoten
The key word in your first sentence was "the police".

~~~
stcredzero
An unattended laptop in such an environment is not an inducement to steal. All
that's happening is that a particular piece of equipment is secured a bit more
than usual.

------
shire
Was it a Mac? I'm sure MacBooks have the ability to be tracked if the owner
allowed it. I have a MacBook pro and the guest account allows a thief to login
and I can track them through the guest account.

~~~
danielparks
I didn't realize that Find My Mac works with the guest user under FileVault 2
(full disk encryption built into OS X — the guest user boots into a
unencrypted partition that only runs Safari).

Source: Glenn Fleishman
[http://www.macworld.com/article/1163387/can_filevault_2_and_...](http://www.macworld.com/article/1163387/can_filevault_2_and_find_my_mac_foil_thieves_.html)

------
manarth
Unfortunately, some of the side-effects of experience are distrust and
paranoia. These are very effective experiences in software development.

If this theft happened to an experienced pro, then their data is encrypted and
backed up, so all they've lost is hardware, and that's probably covered by
insurance.

If the theft happened to a student, then maybe they're not the most
experienced engineer. They might not have backups, and their data might not
have been encrypted. They might not be ensured. The hardware cost is still -
comparatively - cheap. But they might have to rewrite their thesis from
scratch. Or risk having their personal data exposed to the public.

But at this point, the only help that financial aid can give, is restoration
of the physical loss - i.e. a new laptop. In most cases, that wouldn't compare
to the loss. But it might help, a little.

------
larrys
"Someone left a laptop unattended, and it was stolen."

Never been to one of these so could you elaborate as to how a laptop was left
(and for how long) so that it was stolen? (I'm curious about the details).

As an example is this like being at an airport terminal with your laptop,
turning around for a second, and turning back to see your laptop missing?

Or more like leaving the laptop and going to the bathroom?

Or leaving the laptop for a minute while you go two tables over to chat with
someone?

Do you know the exact circumstances?

~~~
kolinko
On hackathons it's quite common. You leave a laptop on your workplace, go for
lunch, or for a walk, or whatever. Usually there are only other hackers there,
few bystanders, so the environment is quite secure.

That's why it's so sad when situations like those happen - it undermines the
trust within the community. On Airport, or at the coffee place I wouldn't
expect my laptop to be there if I left for an hour. On a hackathons I left my
laptop for hours at a time. The only problem was that with the amount of MB
Airs laying around, unless you had some stickers, it might take more than a
moment to find yours :)

~~~
ams6110
This attitude that "hackers" are all virtuous is a bit naive. I've known
talented hackers who were not above taking advantage of another's misplaced
trust. Would you leave $1000 in cash unattended on a table at a hackathon? Why
would you leave your laptop?

------
dylanhassinger
Tough call.

Definitely add a new section to the promo materials / introduction talk to
remind people to watch their stuff, and that you're not responsible.

It's the person's fault for leaving their stuff unattended (everybody should
know not to do that in a university building, even during special event). But
you might chip in and help/replace it, as long as its just this once.

------
ddebernardy
Cameras...

~~~
ChuckMcM
I agree, Storage isn't that much of an issue these days and six web cams
around the place feeding into portable USB drives is pretty simple to set up
with a RasPi these days. Then you have the chance of adding a face to the
police report as well.

~~~
gugol
WTF? There are systems for doing that task specifically, why would you want to
build one from scratch?

~~~
ChuckMcM
Well assuming the Hackathon is on a razor thin budget (which I grant you it
may not be) might be able to support adding some equipment which can be tasked
to other things when not hackathoning and can be installed/removed in a
variety of venues. The WebCam/Pi/Disk system is about $100 (less if you use
the Pi's camera module).

You absolutely could go out and buy a video surveillance system of course.

------
xdocommer
Collect $2 each from the 1000 participating students... and buy the guy a new
laptop. I am sure they would not mind ... and for those who do there will be
others who will put in some cash.

------
zrgiu_
What kind of computer was it ? What OS ?

