
In-person DEF CON 28 cancelled - tptacek
https://forum.defcon.org/node/232005
======
tptacek
(For those unfamiliar: there's a tired annual joke about DEF CON being
cancelled, the scene's equivalent of trying to sell the freshmen elevator
passes, so expect lots of jokes about how the conference hasn't been
cancelled. It has, predictably, been in fact cancelled this year.)

Along with Black Hat (the "professional" version of Defcon) and B-Sides Las
Vegas, this is "security summer camp", the weeks at the end of July and
beginning of August. None of these events are likely to occur on-site this
year.

 _Later_

And, on cue, in-person Black Hat is cancelled as well:

[https://twitter.com/BlackHatEvents/status/125883283428810752...](https://twitter.com/BlackHatEvents/status/1258832834288107521)

Black Hat is still going to happen virtually (we just finished selecting
talks).

~~~
some_furry
Tired: "DEFCON is cancelled"

Wired: "'DEFCON is cancelled' jokes are cancelled"

I look forward to the virtual talks from both events. Some incredible talent
in both pools.

~~~
vsareto
DEFCON: The waffle house of security conferences

~~~
boredgamer2
> DEFCON: The waffle house of security conferences

I'm afraid I haven't been to enough waffle houses to understand if this is a
good thing or bad thing?

~~~
some_furry
They're referring to the Waffle House Index.

[https://en.wikipedia.org/wiki/Waffle_House_Index](https://en.wikipedia.org/wiki/Waffle_House_Index)

~~~
jsjohnst
To bad the Wikipedia entry is completely wrong on when he coined the term. If
it was in response to the July 2011 tornados in Joplin, then how come I have a
video of him giving the WFI anecdote in November 2009 at RHOK#0 (Random Hacks
of Kindness hack day).

------
Endlessly
Given they have picked a few platforms, but are leaving a lot of choices up to
the individual organizers, presenters, etc — aside from having:

— burner hardware, — one-time network connections, — one-time user accounts, —
one-time identifiers, — read-only OS builds, — physically disabling sensors, —
(insert suggestions)

What else might be options for securely accessing the event?

~~~
some_furry
> What else might be options for securely accessing the event?

I generally recommend ensuring that your security posture for DEFCON is the
same baseline security posture you should have at all times, and for all
websites, and then adjusting your habits accordingly months in advance... and
then just chilling out because you've adopted a more secure normal (and DEFCON
isn't particularly risky compared to everyday life).

Pantomiming paranoid-level security during hacker summer camp is silly. This
is true for both in-person events and this year's virtual event.

If you're worried about getting hacked at DEFCON, don't wait until DEFCON to
become secure, and don't become lax after DEFCON is over.

~~~
rhinoceraptor
If you _were_ a blackhat, burning a 0-day at DEFCON would be a huge waste. You
probably wouldn't get anything interesting, and chances are someone would
catch it.

~~~
p1necone
It would be _fun_ though

~~~
jjoonathan
And even more importantly, it might prove somebody wrong about something.

------
kitotik
This will be fascinating to attend/watch not just to see the impacts of doing
it all virtual, but the fact that it’s free is going to attract a monstrous
(virtual) crowd.

~~~
tekstar
Last time I went in person, you couldn't get into the best talks unless you
picked one or two and camped for the day, because all the halls were
overflowing with people. I think it was the last year they held it at the Rio.

~~~
dan000892
That’s been a constant DEF CON theme at least since the Rivera days but had
(IMO) improved incrementally with the move to multiple larger venues and was
expected to be all but resolved with the move to the new Caesars Forum

(New venue is/will be (?) absolutely enormous; featuring the largest “pillar-
less” ballrooms in the world it promised the ability to accommodate not only
all talks and villages in a single venue again but everyone in a single
keynote talk. Looking forward to witnessing that next year.)

edit: It's occurred to me that it could conceivably be more difficult to get
into talks at this year's virtual event than it would have been in-person.
Perhaps they'll implement a virtual waiting room so we can get our LINECON
fix.

~~~
mike_d
> but had (IMO) improved incrementally with the move to multiple larger venues

I feel like it is getting worse, and can't wait for Caesars. With the multiple
venues and hallway congestion most the people in my company were able to get
to 2-3 talks a day max.

Counterfeit DEF CON badges (and a sanctioned competition for them) have really
added to capacity issues since about 2016. I know of one vendor that sold over
1,500 last year.

~~~
dan000892
I'm sure I'm devoting more time to villages, workshops, and non-DEF CON talks
than I used to (after all the official talks end up on YT a couple months
after the event). It did seem to me--CP elevator choke point notwithstanding--
that separating talks from the rest of the con by a 20+ minute walk did
shorten LINECON but I'll concede there's a small chance that I'm becoming more
patient or (more likely) that my experience was not representative.

Regardless, I am very intrigued by your experience with counterfeit badges.
I'm familiar with the counterfeit badge contest and many jokes were made about
last year's "urinal cakes on a lanyard" but this is the first I've heard
suggesting there was effectively mass production of counterfeit badges. Can
you tell us more?

~~~
nerfhammer
there's a backup laminated paper badge for when the electronic badge runs out
of stock, maybe it's that

~~~
dan000892
While lame, that certainly seems much more feasible than mass-producing 1500
copies of an electronic badge (or even a mock thereof) in the span of a couple
days but it also renders mention of the sanctioned (actual) badge
counterfeiting competition (which to my knowledge involves paying competitors)
irrelevant.

Given that #badgelife folks have difficulty manufacturing hundreds of badges
they themselves designed and there's been no real scrutiny of attendee badges
as would surely result if it were found that 5%+ of attendees had
counterfeits, I have to call bullshit.

If reasonable evidence is presented to the contrary, I will eat my hat by
donating the $300 I won't be spending for this year's DEF CON admission to the
EFF.

------
Grollicus
At least no weird room searches by Caesars this year

~~~
kstrauser
Our room in Planet Hollywood got searched last year.

~~~
imglorp
WTAF?

Given the attendees, I'm surprised some didn't seriously mess with anybody
entering their rooms. At the very least, one would expect all the goons
getting doxxed, their phones pwned, and the whole shaming posted somewhere.

~~~
tptacek
It's not about the event; it's a thing Las Vegas hotels are doing now in
response to the Mandalay shooting.

~~~
kstrauser
Is that for attendees to all conferences, or are we special here?

~~~
tptacek
I think if you just randomly visited Mandalay or Caesar's on vacation, you'd
have the same likelihood of having your room looked in on. Every room has a
notice to that effect now.

~~~
kstrauser
That's interesting. I'd assumed it was mainly for us.

------
Endlessly
Reviewing the post, it is unclear what if anything this update by DEFCON means
to those who had not intended to attend, but might since it is now appears for
this year a real-time remote access event only is being held.

What does this mean?

------
sneak
It's incredibly disappointing to see DEF CON, a conference where you can still
show up and pay for entry in cash, adopt a centralized, hosted, unencrypted
system (Discord) that requires both:

1\. that you enter into an abusive legal agreement wherein you agree to give
up your civil rights

and

2\. that you dox yourself to get an account (you have to give either a non-VPN
IP, or a non-VoIP phone number)

My Discord account got banned from being created from Tor and using a burner
number and linking my own friends to my own website in DM (because they spy on
all the unencrypted messages, natch).

This means I won't be able to participate in DEF CON this year. :(

~~~
mike_d
I would like to point out that you are posting this very comment on a
centralized, hosted, unencrypted system.

But in all seriousness, the DEF CON Forums are generally full of helpful
knowledgeable people who can help guide you in creating a non-attrib Discord
account if you are having problems.

~~~
unethical_ban
I would like to point out that one can assume different identities on the web,
and that I am fine giving my personal email and address to my bank, but
perhaps not to a hacker conference. Why? Because it's my choice.

------
Pirate-of-SV
This was going to be my first DEF CON to attend in-person. See you next year!

~~~
glaslong
Next year is cancelled as well.

~~~
miguelmota
Next year is not cancelled.

> The good news is DEF CON will survive, and DEF CON 29 is planned for August
> 5-8 2021, you can reserve your rooms now.

~~~
alanpca
It's a common defcon joke. It's been "cancelled" for years.

------
centizen
Think I'm going to elect to use a burner machine to tune in to this one.

------
CalRobert
We fucked it up :-(

~~~
abstrct
Underrated comment :)

------
saagarjha
Also potentially relevant:
[https://twitter.com/oooverflow/status/1258847818434801664](https://twitter.com/oooverflow/status/1258847818434801664)

------
yumraj
I really want to attend, especially since it's virtual and free.

But given some of the comments, I'm not really if I should and how, especially
since I'll be dialing from home.

I can use VPN, but not sure how the streaming would be on it. Also, what all
precautions I should take.

I'm sure many would love a how to guide..

~~~
tree3
Huh? Why do you have to take precautions to view a live stream?

~~~
yumraj
Read some of the comments. Perhaps I'm over thinking.

I guess it depends on where the livestream is hosted. Is it YouTube or some
other site?

------
raghavtoshniwal
So... a virus took down the entire conference? How on brand.

------
steveeq1
How is this different than just going on youtube and irc?

~~~
dharmab
Part of DEFCON includes interactive activities such as labs and competitions.

------
unixhero
Soooo quicker publishing to YouTube then?

------
dotBen
Even if it's virtual, the wifi will still not be safe...

