Hacker News new | past | comments | ask | show | jobs | submit login
DEF CON and Stack Overflow: What Our Traffic Says About Cybersecurity (stackoverflow.blog)
147 points by susam on Aug 10, 2019 | hide | past | favorite | 32 comments

> DEF CON 27, arguably the world’s best known hacker convention.

I would say that the CCC hacker conventions (esp the CCC congress always in December) are somewhat more famous (but that probably depends on cultural background), of a similar size, and "better" (depending on what aspects you want to compare it). But it's not really a competition anyway.

Related to that, there is the CCC camp 2019 (https://events.ccc.de/camp/2019/) (in Berlin) starting very soon. Probably there will be live streams. And btw, a while ago, you could buy a combi-ticket for both DEFCON and CCC camp, including the flight ticket, for either 1337$ or 1337€.

If you have never been to such an event, I can really recommend to go to it. Actually I can only speak for the CCC and the Dutch events; I heard that the community and mood is much more friendly and open on CCC-like events, compared to DEFCON, and also the focus is much more widespread, e.g. it's also kind of an art event, similar to Burning Man.

That trends shown in the traffic graphics are really interesting. It seems JavaScript are less interesting to hackers, and Python is more. What hackers are using today is often what the remaining technical world will use tomorrow. In a similar way, I observed that around 10 years ago, Apple hardware became very dominant on such hacker events (I feel like maybe 80% of the computers (of course I don't have exact numbers on that)). But in the recent years, that totally vanished. It's very clearly the minority now. Apple does not produce the preferred hardware for hackers anymore.

Disagree with your assessment that CCC is more well known than DEFCON. Maybe in Europe that's the case? DEFCON has 2x the attendees. This would be tough to fully figure out who's right, but just doesn't seem to be the case, imo.

Also, there's a lot more going on at DEFCON than just hacking. There's art, music, gatherings of all types, etc.

Not to compare CCC and DEFCON, but there are quite a few "non-hacking" things going on at CCC. I was there last year and was surprised to see such a diverse background of attendees—ranging from humanities, arts, to hardcore hackers. In my personal experience I've never seen this kind of a diversity within one event.

Overall it was an amazing experience. Although, a little knowledge of German would have been helpful :)

Hm, maybe in USA DEFCON is more well known. I was aware while writing this that this is probably debatable (but I was disagreeing with the assessment that DEFCON is clearly the best known, as said in the article). (Also, I'm clearly seeing now that it is indeed very debatable, as the votes for this comment go up and down all the time.)

W.r.t. attendees, I am not sure. CCC has multiple events per year, and is also a club with many members. The biggest of their events it the CCC congress (https://en.wikipedia.org/wiki/Chaos_Communication_Congress) which has attendees in a similar order, maybe slightly less, but that is only one of multiple events.

I have heard from people attending both events (DEFCON and CCC) that CCC is much more diverse in topics and what's happening at the events.

> I have heard from people attending both events (DEFCON and CCC) that CCC is much more diverse in topics and what's happening at the events.

Yeah, I think the CCC events, at least recently, got very far into the mainstream and politics and strayed quite a bit from their roots, adding more and more that seemed intent of encouraging newcomers vs being interesting for those that have been involved longer. That's a valid direction, of course, but it feels less like a hacker convention and more like a general mainstream somewhat-tech-related convention, like re:publica with a few tech talks thrown in and set in december.

I was at the last CCC congress, and actually this was also debated there (i.e. what topics the CCC should cover, and how/whether that has changed). Actually some people said that it has become too diverse now. Some also claimed that it has become too political, but if you look back to the roots, it actually was always political. In any case, I think you cannot say that technical topics became too short. It just became bigger, and there is more of everything.

For me personally, the technical parts just fell off. Where defcon has the really interesting stuff, CCC has talks how you can send SMS with an RPI, an USB dongle and ready made software that are okay for a beginner's tutorial but that I find lacking for this kind of event. I've watched maybe a hand full of talks from the last CCC, but I always find myself running out of time instead of talks when I look at defcon (they've massively increased the amount of talks with the different villages lately), and the quality is much higher.

Back in the days, politics came into play where technology meets the real world and politics are involved, now it felt more like a party's youth organization's online-convention. But I gather that's what the majority of CCC members want, and it's fine by me, there's obviously a demand for that kind of event, they are quickly outgrowing their locations, it's just no longer anything I really care for.

I know both of these names, although I am always amazed every year how the media swarms DEFCON and there always seems to be a steady stream of news stories and articles about computer security and various hacking things for a week or two or so every year during and after DEFCON.

Every now and again the CCC is mentioned in a news story, but it seems like the US media loves to talk about the big hacker gathering in Vegas.

I live in Europe and I'd never even heard of CCC.

(Probably goes without saying, but I'm well aware of DEFCON and have been for 20 years, I know a handful of people who've been even).

CCC covers more society and political topics as well, beyond the topics mentioned above which CCC also had plenty of last time I went.

Regarding attendees, I am not sure - haven't been Defcon in a few years (mostly as it started being not so well organized), but went to CCC and that was gigantic in scale.

I would have loved to go to camp again this time but they only distributed tickets through hacker spaces, none of which I am affiliated with. Sad.

Yes, me too. It's getting too famous, and too much people want to go, and the space they rented just did not allow for more people. Not sure how to resolve this. They should maybe get some bigger space, but maybe that it not so simple. There are some smaller events (also organized by CCC) which can maybe be an alternative. Maybe the next Dutch camp (next after https://sha2017.org/) does not have this problem (I hope).

Honestly I think people should go to the one in Beijing if they have the means to, they held the first one in China this year and it was f'ing amazing. It was held in a old oil storage tanker and had a evening session with live djs and performances. Best event I've ever been to hands down. And the Chinese hacker community is a force to be reckoned with

At least for the CCC, the main focus is always privacy concerns, politics, freedom, etc. (besides the technical topics). Wikipedia and Wikileaks are often represented there. China is often given as one of the bad examples with respect to freedom, e.g. think about the Great Firewall of China. So I wonder, how does a hacker event fit into this? Wouldn't you be afraid to discuss such topics there? Or do you avoid such topics there, and focus more on just technical topics?

Having been to the "beta" and 1.0, there was some light guidance on discussing territories / GFW, but nothing terrible. I would not try discussing anything about the CCP though (and you might find it hard to find anyone who wants to!)

IMO it is a bit of a weird event because many things are imported. Villages almost all come from the USA (and speakers to some extent) and have their travel and lodging completely covered. It is probably a good way to foster local talent, hence why Baidu pays so much $$$ for it.

Could you post a link to the event?



I wish they had more photos of the thing. And don't confuse it with defcon China Beta which was in 2018. They really sunk a lot of money into this event apparently, hopefully next year will be as good

It's not just space, infrastructure costs/complexity increase exponentially with more visitors.

I'm curious what the dominant hardware at these events is now.

I don't really observed some dominant hardware anymore. From the software side, Linux of course is very much dominant now. Otherwise you see a bit MacOSX, and also OpenBSD, FreeBSD, or more exotic things. Windows is rare, and people even feel ashamed to show that they use Windows. But that was more extreme earlier, and slowly becomes more accepted. Maybe more now with Windows Subsystem for Linux.

Not at all. Running Windows is a sign that you're willing to run a substandard OS with no good toolchains and low/no privacy. And none of the Linux attacks that rely on hardware/firmware stuff works on Windows system for Linux.

I can load up instances of Linux catered to specific ideas (Tails, Buscador, RadioInstigator, etc) and they will just work.

Now we also know how to handle windows, especially when we break into machines and networks with Windows clients and/or AD. Most orgs don't understand even how windows runs, so they get it wrong unsurprisingly.

Speaking about the CCC, I'd say the MacBook remains in the top-2, but the Thinkpads are clearly prominent.

Thinkpad T or X series

I'm betting many flavors of Linux running on many flavors of laptop.

> but that probably depends on cultural background

yes, pretty sure this breaks down by culture/geography

Shame they didn’t include traffic to security.stackexchange.com . I would have thought that would show a more noticeable change. Also would be interesting to see what tags there show the biggest increases

I would like to see that traffic series from Las Vegas starting in July when the Microsoft Ready & Inspire happens just to compare...

Like the author I too am shocked at how few people were using VPNs.

I think there's a bit of mystique about how dangerous the Defcon network is, and it doesn't really reflect the current reality.

To quote the defcon27 FAQ https://www.defcon.org/html/defcon-27/dc-27-faq.html

"Why yes, DEF CON is FULLY network-enabled. Now that we've perfected the art of a stable hacker con network, we're ascending to a higher level - we're providing you a network that you feel SAFE in using! Since DEF CON 18 we're WPA2 encrypted over-the-air, with a direct trunk out to the Internet. No peer-to-peer, no sniffing, just straight to the net (and internal servers). We'll provide login credentials at Registration. We know the 3G airwaves will be saturated so we're putting our own cred on the line to give you a net that even we would put our own mobile phones on."

They do also provide a free-for-all network, but no-one has to use that...

I think the author is making a big ASSumption here. Why is it that an IP that geolocates to Las Vegas isn't using a VPN? Would you say the same about San Francisco or LA? Of course not. There are VPN end points in Las Vegas.

I'm writing this from Defcon, over a VPN, to an endpoint in Las Vegas. All the benefits of a VPN without a huge latency penalty.

>I think the author is making a big ASSumption here. Why is it that an IP that geolocates to Las Vegas isn't using a VPN?

Good point. I'm typing this while at DEFCON and my VPN provider (Private Internet Access) defaulted to the Las Vegas endpoint.

That's a bold strategy cotton...I think I would have waited till after DEF CON to run this article haha.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact