|Alice in Hackerland by Tess Schrodiner|
Winning artwork for DEFCON 22
Redefining The Experience
I began my seventh DEFCON looking for a way to give back.
There's only one other con I hold in as high esteem, and that's my hometown science fiction convention, RadCon (this year was my 18th RadCon). Over the years, I've been to dozens of other cons, some regularly (like PAX Prime and Norwescon), but if I miss them, no big deal. DEFCON is a pillar of my year, drilled 100ft into the earth and rising up to the clouds, and it would take one hell of a real-life tragedy to keep me from it.
And like RadCon, I can no longer just attend. I've been a panelist at RadCon for the last two years, and I'm driven to figure out how to participate in DEFCON. Not only because of how much I've gotten from it, and how much I continue to get from it, but for the selfish fact that there are diminishing returns in terms of what I can learn as a non-participant audience.
The few talks I attended were unremarkable. Since I no longer work in IT, I avoid highly technical talks, which are no longer useful to my career. I know enough security theory to write fiction; readers don't want to hear the tech details anyway. If a story is set in a far-future, 2014 tech won't matter, and if I need something current, like safe-cracking for Through a Shattered Tumbler, I can look it up online.
As a curious person, I often enjoy hearing about new exploits, but even those have started to blend together. The message is always the same: All things are pwned or pwnable. This is a very worthy message, but for me, it's ancient news. It's not as likely to give me a dopamine "ah-ha!" or "holy shit!" feeling anymore. After "holy shit did you know you can stop someone's pacemaker?" and "holy shit all of Boston's transit is owned!" and "holy shit the Russian cybermob, the nets are all gonna DIE!" ... You can only get excited about the sky falling for so long before even that becomes normal. The sky is falling, and it's already fallen, and Situation Normal All Fucked Up (SNAFU).
|This screenshot circulated on Twitter|
of a hacking tool itself being the vector for mass pwnage.
Amusing, but totally unsurprising.
I don't mean to make DEFCON sound unexciting. I had an amazing time this year, as always. But as a neophile, I crave new experiences. Moreover, I'm writing for neophiles who also crave new experiences, and you don't want to read a recap that's a recap of last year's recap. So this isn't a regular post describing the talks or hallway shenanigans.
Mostly, this year was about seeking my place, teaching others, and enjoying the synthesis that comes from mingling knowledge. i.e. making friends and having conversations. This is the true value of any con, because we can learn the rest online. We can watch all the talks on YouTube. What we can't do is talk and wave our hands about and toast to a point that everyone agrees on.
This year, mingling came easy thanks to my autism diagnosis and anxiety medication. This was my second DEFCON since my DX. Last year, my SSRI prescription was brand new and I was still adjusting. I noticed the improvement then, and all the more this year. The power of technology has made social anxiety a distant memory, and I have better coping mechanisms and a higher sense self-acceptance since I know that there is a medical basis for my quirks.
However, the meds don't fix everything. The distracting and painful sensation of anxiety is quelled, but it doesn't fix my awkwardness, the times I'm not sure what to do or what is appropriate. I'm still combatting 38 years of overcompensating, learned behaviors I used to avoid anxiety. The extra serotonin doesn't cure my autism or sensory processing disorders. Sometimes the background noise is too loud and I can't tell what people are saying. Sometimes I'm not sure how to engage in conversation with people I want to talk to, or leave conversations with people I'm no longer interested in.
Sometimes I lock up and don't know what to say, so I stay silent when I should be talking. Or the opposite, a more recent coping mechanism where open my mouth anyway, and let words pour out without any filters. Which works until it doesn't, and I say the wrong thing.
The meds really help in all these cases, because when I do make mistakes or face uncertainty, I'm not assaulted with waves of anxiety that pull me under onto the hamster wheel of self-assault. I'm much more resilient and can keep rolling.
|Why Spot the Fed|
when you can bring the Feds to you?
This has all improved my experience at DEFCON a hundredfold. It's a much more social event than it has been in years past.
* - Attempted pun
When I arrived at the Rio on Wednesday, I felt pretty wobbly and low, and I wondered what right I had to be at DEFCON at all. I'd submitted a talk to CFP, which summarized my several years of research on unethical persuasion and group mind control (which all culminated in my book Recovering Agency: Lifting the Veil of Mormon Mind Control). The talk got rejected, partly because it was non-computery and partly because the religious criticism it contained was potentially too controversial. I would be attending as a non-participant once again. And in absence of a tech career, with less hands-on computing in my hobby life, with my interests shifting more to psychology, neuroscience, and writing, I really wondered why I belonged at DEFCON at all. Impostor Syndrome had set in pretty hard.
|Image appears to be from a conference someplace.|
Because of splines (see my post on Spline Theory), I don't always realize how much I know. I'm carrying quite a bit around in this brain, but I forget this until I'm reminded of the specific topic. So when I'm around people who know more about, say computer technology, like at a hacker con where I still can't hack any Gibsons (and never will), my self-worth plummets. I really want to contribute, but couldn't see how I'd ever know anything worth disseminating in this particular venue, a venue that has become so very important to me.
(Which is all very ironic, since next week I'll be giving a 3 minute pep talk to others about how "everyone has something to contribute to DEFCON," to give people confidence to submit their own talks. More on this in a second.)
In this context, I got into the registration line Thursday morning, and met a DEFCON newb, a 23 year old who wanted to get into a pentesting career and didn't know where to start. For then next half hour+, I rambled at length about what to see at DEFCON, where to go to get more information on pentesting, how to legally practice pentesting at home, who to talk to to find an infosec job, and an outline of the plan I'd follow I were starting up a pentesting career. (Because I've obviously thought this through.)
Other newbies overheard, and joined the conversation, and I got to chatter on about security theory and the state of infosec and tell anecdotes from past DEFCONs.
It became clear I did belong after all. And I did have something to contribute, even if I still didn't know exactly how.
Over the course of the weekend, I spoke intelligently about all kinds of topics that I normally keep wrapped up in spline-packages that I only open when the topic is brought up: physics, autism, psychology, science fiction, politics, privacy, libertarianism, biohacking, transhumanism, culture, social engineering, current events, shenanigans at past DEFCONs, computer history, hacker and crypto history, Masons, and some other topics I no longer remember because eventually I got drunk and it's difficult to remember 4am conversations anyway.
So I'm in a strange spot. I'm not a super-expert in any one field, but I have something to say in all fields. I belong at DEFCON, but I am still seeking some way I can give back. I continue my quest to find a topic for next year's talk. The whole con I brainstormed ideas for projects I could turn into CFP next year.
Bonus: Here are two whacky ideas that I will never implement because I don't have time:
- Win the beard contest by building a Minecraft processor, writing a program to draw an 8-bit beard design, and print it. Wear the printed paper beard to contest. Score.
- Once a week, document in a blog an attempted recipe from the Anarchist Cookbook, just like Julie did from the Joy of Cooking as depicted in the movie Julie and Julia. After completing all recipes in the book, write a DEFCON talk. Score.
The program lured me into a meeting to plan a possible Biohacking Village for DEFCON 23.
DEFCON villages are rooms dedicated to providing hands-on learning of the basics of various subjects. In the Lockpicking Village, there are lockpick sets and locks and helpful teachers around so you can learn to crack physical security. The Tamper-Evident Village provides sealed envelopes and solvents to open and reseal them without revealing they've been open. The Hardware Hacking Village provides solder and circuit boards and people who will teach you schematics and soldering skills. Each village also provides regular talks and demos at entry level so everyone can learn.
The Biohacking Village would do the same. One definition of "hacking" is using technology for something other than its intended purpose. So one could view biohacking as leveraging biology for something other than its intended purpose. And we'd show people how to do that at DEFCON.
We had about 10-15 people in attendance from many different backgrounds. As we talked, we discovered we would have no shortage of content, in the fields of, but not limited to: Nootropics and pharmaceuticals, bioethics, bioinformatics, genetics & DNA splicing, psychology & neuroscience, hacker health & nutrition, transhumanism, biochem and nanotech, and biometric security. Several of the discussions were way over my head. We had people there in classic computer technology fields, and others in biotech careers I'd never even heard of. We were all very excited to help establish this village.
We kicked around ideas for hands-on activities, talks, and advanced equipment for onsite demos. We had enough content ideas to start our own con, but as we discussed, we want it at DEFCON for the same reason the other villages exist: To give all DEFCON attendees a chance to go outside their regular sphere and learn something new. Moreover, cross-pollination between these two fields can help guide biohacking culture with our 40 years of cumulative hacking ethics.
In many ways biohacking grew out of hacker culture. Biohacking is in the same stage computer hacking was in the 1970s with the Homebrew Computer Club. Back then, IBM and major universities steered computer technology down a fixed path. Their rigid organizational cultures wouldn't allow them to envision how interesting and useful computers could be to ordinary citizens.
|Thomas Watson, 1943.|
This was the dominant culture driving computer tech until the 1970s.
But the Homebrewers destroyed these artificial limitations and created the home computing industry. With the first home computer, the Altair 8800, hacking communities formed to find uses for them. Wozniak and Jobs used this environment to develop the Apple, the first home computer which could be operated by an ordinary human being.
|I can't get enough of this computer history shit.|
|Yep, the very first Apple computer|
with a custom wooden case mod.
Ever since then, most disruptive computer technologies (or popularized disruptive uses of previously developed technologies) have come out of people's garages. Microsoft, ISPs, Netscape, Amazon, ad nauseam.
As Richard Thieme claimed at DEFCON 17, the future of biotech will follow the same course. Biohacker spaces are popping up everywhere, including here in Seattle at HiveBio. The ethics and implications are both exciting and scary. This infant hacking field needs to learn from all the mistakes and successes of the computer scene's four decades. Especially since the stakes are now much higher.
If you're interested in getting involved in creating this potential village, you can join the discussion list.
If you're interested in getting involved in creating this potential village, you can join the discussion list.
This will likely be my "thing" next year. I plan to contribute, if it gets the go-ahead, and I may do that in lieu of, or in addition to, writing a new talk. Up till now, my related bio-interests have focused on autism and psychology. But I've always wanted to learn biochemistry so that when people talk about it, I'm not completely lost. The vendor area had a copy of the Manga Guide to Biochemistry so I snatched it right up and am now reading it. Lots of "ah-ha!" moments, which is what I crave in my life.
Along those lines, I'd like to get more involved with my local DEFCON group, DC206.
I did see a couple of talks of note this year.
One was the controversial Diversity Panel which I tweeted a great deal about. It was so controversial, in fact, that it deserves a whole separate post. It's a good catalyst for discussing the larger diversity and accessibility issues at DEFCON. These problems have existed all along, and the time has finally come to talk about them.
The Defcoin talk was very interesting and useful. I'm a hands-on learner, and need to grok a thing down to its bones before I'm comfortable with it. I sometimes can't just "trust the magic." Cryptocurrency is one of those subjects. It's a newfangled thing and I wanted to understand it better. This talk did a great job. Better still, we all received a paper wallet containing a key for 100 Defcoin and links to the blockchain.
|I hope you type in the key so I can lulz at you.|
- defcoin.assmeow.org - Search the blockchain for lulz and profit!
- defcoin.org/wallet - Get the wallets for to keep the monies.
- reddit.com/r/defcoin - Talk about yer monies.
- defcoinstats.com - Numbers about monies made of numbers.
The makers of defcoin hope people will use the coins to learn more about cryptocurrencies and to test vulnerabilities and try out new ideas. Apparently there were also clues to the badge puzzle in the blockchain, so that was awesome. I'll probably look for them while I'm there if I can figure out how to work this thing.
I feel like I have a much better grasp on cryptocurrency now. I got the wallet and have cashed in my 100 coins. I may even do something with them. Not sure what yet.
I don't know much about the DEFCON badge this year, other than that it lights up, has a USB port, and the light patterns change when you touch various combinations of the metalic letters "DEFCON". A friend of mine hacked his to spell his name in binary.
I didn't even touch the badge puzzle, but it looks like Lost put in some low-hanging fruit (like ROT-13) so I could have gotten through at least a stage if I'd tried. Oh well, my con was packed enough. The full solution is here.
|Do what this badge says and|
Do No Obey!
Also, this statement is false.
One of the most exciting things that happened to me this year is that I finally got hold of two l33t badges: The Queercon Badge and the Telephreak pager. I snagged them both within the same hour.
|Hi! Hello! Wave!|
For those wondering how to snag l33t loot, it's all about the luck. That's how we got the FailBlog party badge and the Facebook party badge, both from, uh... DEFCON17 I think.
In this case, I was between talks in the con space, and happened to glance at Twitter in time to see @queercon had posted a location and a password 8 minutes prior. I rushed to the location, no one was there, I waited around wondering what to do, when I saw them. They were talking to a small group of people about the party, and I walked up and blurted out the password really loudly, which was pretty stupid, because no one else there knew the password. (Did I mention I have Asperger's?) So they had to hand out QC badges to everyone there and change the password all because of me. Ha.
Nevertheless, it is the single most cool badge I have ever owned. There is an array of 70 white LEDs, with 5 colored LEDs on either side. A series of animated images and words flash past on the array. I've been unable to read the words, because they always flashed past while I was wearing it (when it's upside down to me), nor do I understand why and when it displays what. Even back home from the con, I'm seeing the little stick man doing animations I hadn't seen at the con. And the colored lights do something now and then.
I did learn at the Queercon pool party that it syncs with other badges, and increments the number on the side lights. Two stick figures wave at one another during the sync. It's also supposed to increment something for each Queercon event you attend, tho it didn't seem to be working at the party I attended. And people with black badges increment it in a more special way. That's all I know. I'm waiting for the full writeup. It's a beautiful and sophisticated badge and I will treasure it and bring it to future DEFCONs. Plus it looks like a floppy disk.
Update: Queercon has just now published the badge writeup, so I'll read that soon! And the Readme on what it does (more or less)!
Immediately after getting the Queercon badge, I glanced at Twitter (as addicts do), and saw @telephreak tweet a different location for access to their party. So I booked it over to the Whopper Bar. At this point, I'd speed-walked the entire length of the Rio.
As with Queercon, I wasn't sure what to expect. I didn't see anyone there. I wasn't sure if I should start asking people. And of course, at DEFCON, you're always on alert for a prank. So I didn't want to make a big show of anything. (See above with the FailBlog party badge. Yes, it was a prank.)
But after standing there for awhile, the Telephreak guy showed up, and OMG I GOT A TELEPHREAK PAGER AND YES I'M WRITING IN ALL CAPS BECAUSE 7 DEFCONS AND NOW I CAN GO TO THE TELEPHREAK PARTIES.
|A working pager. |
And a SIM card. Not sure what it's for.
(I'm scared to put it in my phone.)
I am clearly very happy about this.
My favorite kind of con party is the type where there's just enough alcohol to loosen up, and enough quiet space and intelligent people to sustain hours and hours of conversation. Telephreak/2600.net threw an amazing super awesome party that inspired me to stay up till 3am Sunday night of the Con when I had a flight the next morning. They held it in a posh suite. They gave talks. There was a smoking room upstairs where we could converse for hours. Basically the most perfect party. I will sing its praises and raise my glass. Plus they earned $1260 for EFF. Plus the pager is old school 90s tech nostalgia with an anachronistic USB charger.
So, the secret to getting l33t party invites and badges is to follow the right people on Twitter and pay close attention.
Outside of that, and the EFF party on Thursday night, I spent most of my late-night party hours at "Bar Con." There's this casino bar in the hallway at the Rio between the con area and the rooms. There's plenty of space to spill out into, and the point is you hang there from midnight until the sun comes up. It's quiet enough to converse, and you can snag people as they walk past. I hope there's a similar space at the new location. (SPOILER: DEFCON is moving next year.) I've met so many new people at Bar Con.
In random trivia: Our room number had the following characteristics: palindrome, binary, and prime. A few people tried to guess it in Twitter, and for the one who guessed 10001, you win! But then, I like you lots anyway. *wink* (Yes, I'm flirting in a blog post.)
The last bit of news is DEFCON Unlocked. It was born on Twitter a couple of months ago in the midst of a discussion about helping women, minorities, and others, feel comfortable submitting a DEFCON talk. We realized that many DEFCON attendees don't have confidence, or for various reasons, may feel like they aren't "cool" enough or have nothing to contribute. DEFCON Unlocked will address this through two webinars, organized by Tarah Wheeler Van Vlack. The first is next week, and will consist of a series of short peptalks by people you might have heard of, as well as some advice on what to start working on right now so you'll be ready to write a talk in the spring. We will also open the floor for questions.
Then in the spring, when open calls for CFPs begin, we'll run another webinar on what to expect and how to write the actual talk.
So take a little advice from this big mean Dalek:
|I know I plan to!|
Whatever you're working on, and whatever I end up working on, I hope to see you next year!