I think the best tip I can offer to someone going to a hacker conference is this: Bring a friend. I had never been to a hacker conference before when The Last Hope started coming near, and I wanted to go. Trouble was, none of my friends who were into that sort of thing were in town, and even if they were I doubt any of them would have dropped ~$80 for the event. I then made the mistake of going by myself. I figured I could meet people there to have discussions with, since everyone had more-or-less similar interests. Basically everyone there was one of two types of people. Either they were willing to talk but were somewhat shy and awkward, or they were complete assholes who were very unfriendly and gruff if you tried to talk to them. Additionally, the event staff were complete dicks. I remember one guy wouldn’t let people into an area near the “main stage” even though there was plenty of space and when people didn’t realize and would think they could walk over there to stand, he’d go “WHAT THE HELL DO YOU THINK YOU’RE DOING?!!”. A lot of people were angry at this guy and making comments about him. This wasn’t the only guy either, a lot of the event staff were definitely enjoying feeling “superior” at the expense of the convention-goers as they power tripped their way around the Hotel Pennsylvania.

As far as HOPE goes, I think it’s over-hyped. If it was cheaper it wouldn’t be so bad, but as it is it’s just such a high price to pay for spending the day with nerds who can’t function socially IRL.

Posted at 11:19 pm on Dec 25th, 2008 by Anonymous

Shouldn’t a hacker conference be the most secure anyway? Shouldn’t they actually take measures to keep the malicious hackers out of and away from these sorts of conferences?!

I mean, I can understand that some people just suck and like to use their genius and/or skills for evil because it’s generally more fun but still…

I just really think that there should be more “ethical” hacker conferences and if there are lots of ethical hacker conferences then they should get more publicity

Posted at 11:34 pm on Dec 25th, 2008 by broken_thought

How is it possible to bypass bandwidth restrictions with SSH tunnelling? Does the summary mean bypassing traffic shaping rules, or bandwidth caps? I can’t see how tunnelling bypasses caps.

Posted at 12:17 am on Dec 26th, 2008 by Matt

matt: many bandwidth caps only count certain kinds of traffic – for example one I saw only counts IP traffic addressed outside the building, therefore by sshing into another machine in the building and then from there sshing outside the building, you could bypass the cap.

Also, most places don’t apply their bandwidth cap to their own DNS server – some server software can be used to relay quite large quantities of data fast, but it has the downside the DNS server may crash.

Posted at 1:02 am on Dec 26th, 2008 by O Mattos

broken_thought:
you want to take this kind of precautions on _any_ public network. it does not matter if it is the coffee shop, university or hacker con network

Posted at 4:28 am on Dec 26th, 2008 by Jonas

Instead of wiping your iphone, etc…
why not just turn it off?
If your phone is -dumb- and stays on if you turn it off (you know what i mean) pull the battery.
wait until you leave the convention to turn it on, and live like normal. Tell your loved ones they’ll just HAVE to wait to talk to you for a few hours.

What do you guys say to a complete noobie going to one of these things, to perhaps learn about the ways of hacking? Would there be informative presentations that the noobie would potentially understand and learn from?
[talking about myself]

Posted at 7:17 am on Dec 26th, 2008 by Andrew

MY one suggestion would be to NOT drink too much the first night… made a terrible mistake of that last notacon.

Posted at 8:52 am on Dec 26th, 2008 by hacker

I think the point of wiping your phone is you won’t lose the data if it’s physically stolen. Presumably you have backup somewhere you can restore after the con.

Posted at 9:53 am on Dec 26th, 2008 by j-striker

To the anonymous poster who attended The Last Hope alone:

I was in the same boat as you, all of my friends bailed on me at the last minute so rather than miss the conference I chose to go alone and I had the complete opposite experience as you. I found that the majority of people were friendly and would talk to you about just about anything. True there were a few people that were rude or had a know-it-all attitude but most people would open up if you were willing to do the same. Actually, though I had never been to NYC before, after a few hours on the first day I felt so at home that I completely forgot that I was by myself. The staff was firm but helpful, they had to deal with fire codes and lots of hacker-types who aren’t always the most obedient people to the rules. Overall I had a great time, met a lot of cool people and can’t wait to attend The Next Hope in 2010.

Posted at 9:57 am on Dec 26th, 2008 by crobicha

The c3 was always a very nice place to talk to people and learn stuff. That’s the reason to go there. The talks can be streamed from anywhere.

Posted at 4:08 pm on Dec 26th, 2008 by ssn

@matt

It was a very silly situation: they were only restricting bandwidth for port 80. Which made browsing obnoxious. Everything would screech to a halt after 30 seconds if you started to download something.

The solution was tunnel the traffic over another port.

Posted at 4:41 am on Dec 27th, 2008 by Eliot Phillips

Go with an open mind. Most people aren’t there to be malicious. Although some are. If you absolutely have to send that email, don’t. But if you’re a freek and have to then use the secured Con network not the hotel. Even it’s not 100% secure but it’s safer. Last year’s ShmooCon network was quite good and required a certificate based authentication. Even then set up a VPN connection or some other type of encrypted tunnel. Me? I have a VPN set up at home that tunnels all my traffic through it, including DNS.

As for securing your personal items the normal things apply. Granted I don’t think you’ll run into a snatch and grab but if you leave something lyiing around unattended chances are it could walk off. Or if you left it near me or some other folks it’ll still be there but it might have some extra stuff on it.

Having outside interests helps at a Con, while we all go wanting to learn about the same things we don’t neccesarily want to talk about it 24/7. Read any good books? Know how to play cards? (Mao?).

And get your immune system up to par. I made the mistake last year and caught the 24hr DC bug that was going around. Put me out for 18hrs straight. Trust me it’s worse then a hangover.

Posted at 2:24 am on Dec 28th, 2008 by beakmyn

I guess you should not use your network card unless you really really trust the firmware. And do you trust it? Mmmmhhh…

Do you really **need** network access during the conference at the conference hall?

Posted at 8:19 am on Dec 31st, 2008 by Pedro Fortuny

@anonymous – sorry you didn’t have a better time. Low Cost cons generally run entirely on volunteers – you get what you pay for. FWIW, the HOPE security staff were no worse than the average. As for getting connected with people, remember that most geeks/nerds/hackers fall *deeply* to one end of the sociability (autism/aspergers) scale. Mostly, you’ve just got to be really open to all kinds of experiences. If you happen to be at any other con and see me, feel free to say hi, I’m pretty good with the social skillz.

@broken_thought – wow, you’ve missed the point completely haven’t you? What’s the difference between a locksmith and a burgular? Ethics and intent, the knowlege base is pretty much the same. Do you have a sure fire test for ethics and intent? If so, I know people who will pay billions of dollars for it, not to mention the incredible utility that your test would have for law enforcement. Please send me your bank account information so that I can wire you payment in advance of you providing the test to me. KTHX-BYE.

As for what I do?

Trust is very expensive at cons. It’s also EXTREMELY expensive at hotels and in airports. Trust as little as possible. Take only what you need. Revise your packing list after each trip – if you used it only once or could’ve borrowed it, leave it out for the next trip. The only real exception is “things I can trade for other cool things” – eg: H-a-D t-shirts — of which I still would love one btw.

VPNs are good – especially ones that do not rely on DNS to be correctly functioning.

Turning off bluetooth is also good.

Having a computer with a use-once-and-discard image on it is also a good plan — I’ve used my eeePC for this.

Putting down the computer and talking to someone in the hallway is probably better for you anyways. Consider leaving the computer at home.

Most of all – go. Run. You know you want to.

Posted at 12:32 pm on Jan 12th, 2009 by Myrcurial