Comments on: Surviving a hacker conference

By: Myrcurial

Myrcurial — Mon, 12 Jan 2009 20:32:19 +0000

@anonymous – sorry you didn’t have a better time. Low Cost cons generally run entirely on volunteers – you get what you pay for. FWIW, the HOPE security staff were no worse than the average. As for getting connected with people, remember that most geeks/nerds/hackers fall *deeply* to one end of the sociability (autism/aspergers) scale. Mostly, you’ve just got to be really open to all kinds of experiences. If you happen to be at any other con and see me, feel free to say hi, I’m pretty good with the social skillz.

@broken_thought – wow, you’ve missed the point completely haven’t you? What’s the difference between a locksmith and a burgular? Ethics and intent, the knowlege base is pretty much the same. Do you have a sure fire test for ethics and intent? If so, I know people who will pay billions of dollars for it, not to mention the incredible utility that your test would have for law enforcement. Please send me your bank account information so that I can wire you payment in advance of you providing the test to me. KTHX-BYE.

As for what I do?

Trust is very expensive at cons. It’s also EXTREMELY expensive at hotels and in airports. Trust as little as possible. Take only what you need. Revise your packing list after each trip – if you used it only once or could’ve borrowed it, leave it out for the next trip. The only real exception is “things I can trade for other cool things” – eg: H-a-D t-shirts — of which I still would love one btw.

VPNs are good – especially ones that do not rely on DNS to be correctly functioning.

Turning off bluetooth is also good.

Having a computer with a use-once-and-discard image on it is also a good plan — I’ve used my eeePC for this.

Putting down the computer and talking to someone in the hallway is probably better for you anyways. Consider leaving the computer at home.

Most of all – go. Run. You know you want to.

By: Pedro Fortuny

Pedro Fortuny — Wed, 31 Dec 2008 16:19:41 +0000

I guess you should not use your network card unless you really really trust the firmware. And do you trust it? Mmmmhhh…

Do you really **need** network access during the conference at the conference hall?

By: beakmyn

beakmyn — Sun, 28 Dec 2008 10:24:26 +0000

Go with an open mind. Most people aren’t there to be malicious. Although some are. If you absolutely have to send that email, don’t. But if you’re a freek and have to then use the secured Con network not the hotel. Even it’s not 100% secure but it’s safer. Last year’s ShmooCon network was quite good and required a certificate based authentication. Even then set up a VPN connection or some other type of encrypted tunnel. Me? I have a VPN set up at home that tunnels all my traffic through it, including DNS.

As for securing your personal items the normal things apply. Granted I don’t think you’ll run into a snatch and grab but if you leave something lyiing around unattended chances are it could walk off. Or if you left it near me or some other folks it’ll still be there but it might have some extra stuff on it.

Having outside interests helps at a Con, while we all go wanting to learn about the same things we don’t neccesarily want to talk about it 24/7. Read any good books? Know how to play cards? (Mao?).

And get your immune system up to par. I made the mistake last year and caught the 24hr DC bug that was going around. Put me out for 18hrs straight. Trust me it’s worse then a hangover.

By: Eliot Phillips

Eliot Phillips — Sat, 27 Dec 2008 12:41:55 +0000

@matt

It was a very silly situation: they were only restricting bandwidth for port 80. Which made browsing obnoxious. Everything would screech to a halt after 30 seconds if you started to download something.

The solution was tunnel the traffic over another port.

By: ssn

ssn — Sat, 27 Dec 2008 00:08:14 +0000

The c3 was always a very nice place to talk to people and learn stuff. That’s the reason to go there. The talks can be streamed from anywhere.

By: crobicha

crobicha — Fri, 26 Dec 2008 17:57:35 +0000

To the anonymous poster who attended The Last Hope alone:

I was in the same boat as you, all of my friends bailed on me at the last minute so rather than miss the conference I chose to go alone and I had the complete opposite experience as you. I found that the majority of people were friendly and would talk to you about just about anything. True there were a few people that were rude or had a know-it-all attitude but most people would open up if you were willing to do the same. Actually, though I had never been to NYC before, after a few hours on the first day I felt so at home that I completely forgot that I was by myself. The staff was firm but helpful, they had to deal with fire codes and lots of hacker-types who aren’t always the most obedient people to the rules. Overall I had a great time, met a lot of cool people and can’t wait to attend The Next Hope in 2010.

By: j-striker

j-striker — Fri, 26 Dec 2008 17:53:52 +0000

I think the point of wiping your phone is you won’t lose the data if it’s physically stolen. Presumably you have backup somewhere you can restore after the con.

By: hacker

hacker — Fri, 26 Dec 2008 16:52:44 +0000

MY one suggestion would be to NOT drink too much the first night… made a terrible mistake of that last notacon.

By: Andrew

Andrew — Fri, 26 Dec 2008 15:17:00 +0000

Instead of wiping your iphone, etc…
why not just turn it off?
If your phone is -dumb- and stays on if you turn it off (you know what i mean) pull the battery.
wait until you leave the convention to turn it on, and live like normal. Tell your loved ones they’ll just HAVE to wait to talk to you for a few hours.

What do you guys say to a complete noobie going to one of these things, to perhaps learn about the ways of hacking? Would there be informative presentations that the noobie would potentially understand and learn from?
[talking about myself]

By: Jonas

Jonas — Fri, 26 Dec 2008 12:28:36 +0000

broken_thought:
you want to take this kind of precautions on _any_ public network. it does not matter if it is the coffee shop, university or hacker con network

By: O Mattos

O Mattos — Fri, 26 Dec 2008 09:02:35 +0000

matt: many bandwidth caps only count certain kinds of traffic – for example one I saw only counts IP traffic addressed outside the building, therefore by sshing into another machine in the building and then from there sshing outside the building, you could bypass the cap.

Also, most places don’t apply their bandwidth cap to their own DNS server – some server software can be used to relay quite large quantities of data fast, but it has the downside the DNS server may crash.

By: Matt

Matt — Fri, 26 Dec 2008 08:17:14 +0000

How is it possible to bypass bandwidth restrictions with SSH tunnelling? Does the summary mean bypassing traffic shaping rules, or bandwidth caps? I can’t see how tunnelling bypasses caps.

By: broken_thought

broken_thought — Fri, 26 Dec 2008 07:34:57 +0000

Shouldn’t a hacker conference be the most secure anyway? Shouldn’t they actually take measures to keep the malicious hackers out of and away from these sorts of conferences?!

I mean, I can understand that some people just suck and like to use their genius and/or skills for evil because it’s generally more fun but still…

I just really think that there should be more “ethical” hacker conferences and if there are lots of ethical hacker conferences then they should get more publicity

By: Anonymous

Anonymous — Fri, 26 Dec 2008 07:19:50 +0000

I think the best tip I can offer to someone going to a hacker conference is this: Bring a friend. I had never been to a hacker conference before when The Last Hope started coming near, and I wanted to go. Trouble was, none of my friends who were into that sort of thing were in town, and even if they were I doubt any of them would have dropped ~$80 for the event. I then made the mistake of going by myself. I figured I could meet people there to have discussions with, since everyone had more-or-less similar interests. Basically everyone there was one of two types of people. Either they were willing to talk but were somewhat shy and awkward, or they were complete assholes who were very unfriendly and gruff if you tried to talk to them. Additionally, the event staff were complete dicks. I remember one guy wouldn’t let people into an area near the “main stage” even though there was plenty of space and when people didn’t realize and would think they could walk over there to stand, he’d go “WHAT THE HELL DO YOU THINK YOU’RE DOING?!!”. A lot of people were angry at this guy and making comments about him. This wasn’t the only guy either, a lot of the event staff were definitely enjoying feeling “superior” at the expense of the convention-goers as they power tripped their way around the Hotel Pennsylvania.

As far as HOPE goes, I think it’s over-hyped. If it was cheaper it wouldn’t be so bad, but as it is it’s just such a high price to pay for spending the day with nerds who can’t function socially IRL.