Cryptoparty 2014 - Hi my name is Ed - 2014/09/20

0 views
Skip to first unread message

shawn wilson

unread,
Jun 8, 2014, 7:27:44 PM6/8/14
to bla...@hacdc.org
tldr:
Speaking/links/software spreadsheet:
https://docs.google.com/spreadsheet/ccc?key=0AlbW1qRSpLFMdEM5MzV4YTBhQ0g0ZXdveUVuXzR3ckE&usp=sharing
Meetup event: http://www.meetup.com/hac-dc/events/187948232/

For those who don't follow the list, the back story on the subtitle
(besides me thinking it's ironic) is:
https://groups.google.com/a/hacdc.org/forum/#!topic/Blabber/-N8UxXMvfxU

First, we need speakers!!! In order to have an event like the last two
years, people need to volunteer to present on what they know. Here's
last year's doc (for reference)
https://docs.google.com/spreadsheet/ccc?key=0AlbW1qRSpLFMdHVlN3ZDMmNQTVlUZVJDZTA4UHZSY2c&usp=sharing
and here's this year's doc (for you to sign up and update
software/links on [1]):
https://docs.google.com/spreadsheet/ccc?key=0AlbW1qRSpLFMdEM5MzV4YTBhQ0g0ZXdveUVuXzR3ckE&usp=sharing

If you work at a news agency or activist group where you feel you're
handling communication and individuals' privacy correctly maybe you or
your CTO would like to talk about it?
If you enjoy crypto and would like to talk about your experience, sign up.
If you think that crypto is hard and have ideas on how to improve it
(I know you do) maybe you should give a talk. [2]
If you have a friends, colleges, college professors, etc who is kinda
local who you think would add content to our discussion, get them to
sign up to give a talk.

On the other hand, if you'd like to become more familiar with the most
cryptographically secure ways to store and transmit data including how
to setup encrypted (or signed) email, FDE [3], best password hashes to
use and how hashing works, common mistakes when creating
passwords/making more secure passwords, etc - please come.

Here's the meetup event: http://www.meetup.com/hac-dc/events/187948232/
The event can still be pretty flexible (there's more going on at the
church the week before, but I think we could work around that). I
think I'll wait a few days to see if anyone shows any event conflicts
(within the same sphere of computer/internet/security) but this should
be it.

[1] We can debate on the usefulness of an unmaintained TrueCrypt, but
it probably should stay in that list for now.
[2] https://researchspace.auckland.ac.nz/bitstream/handle/2292/2310/02whole.pdf?sequence=2
and later https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
[3] FDE - full disk encryption (will probably be mentioned later in this thread)

Derek LaHousse

unread,
Jun 8, 2014, 7:55:39 PM6/8/14
to Bla...@hacdc.org
And: A key-signing party?

Though, I guess I've been reading recently on Planet Debian that a
key-signing party isn't a great way to introduce to PGP/GPG.
https://johnsu01.livejournal.com/298568.html?nojs=1
He says: Amateurs suck at checking ID, and why shouldn't we sign the
Doctor's key that says he's the Doctor, anyway. I mean, that's what I
call him.
Another guy explains a situation where these Amateur checks failed:
http://gwolf.org/blog/gwolf

Plus, as last time showed, most people who were just learning what
OpenGPG is weren't ready to generate a key, weren't capable of
evaluating who to sign, and probably ended up not using it anyway.

Derek

shawn wilson

unread,
Jun 8, 2014, 8:06:05 PM6/8/14
to Bla...@hacdc.org
On Sun, Jun 8, 2014 at 7:55 PM, Derek LaHousse <dlah...@mtu.edu> wrote:
> And: A key-signing party?
>

The key signing thing has never been that big. So, though I'll revise
the meetup to mention it, I think discussing a better method of doing
this on the list might be more helpful (for everyone - not just this
event - this is where the tech breaks down).

The best method I've heard is having your name, email, and fingerprint
(and possibly a pictorial representation of your face) on a business
card. Then you can introduce yourself to people and hand them your
business card. They can get home, grab your key, check the fingerprint
against the card and assign a level of trust to it on their own time -
not while trying to meet other people.

> Plus, as last time showed, most people who were just learning what
> OpenGPG is weren't ready to generate a key, weren't capable of
> evaluating who to sign, and probably ended up not using it anyway.
>

So this is why I'd like some discussion about making crypto more
usable. This requires a technical audience to listen and think and
novice users to yell about problems - there are both classes of user
at this event so I think a discussion like this might spawn some ideas
and effect change.

shawn wilson

unread,
Aug 12, 2014, 3:35:16 AM8/12/14
to bla...@hacdc.org
I know some more of y'all have things you want to talk about and are
free for this date... come on, help the community - this is coming up
in like 6 weeks and though I'm sure some will step in and teach, I'd
really like to have it as big as the one that we had the first year
(two tracks of speakers and some people from TOR and the like). At
least get the word out to people you know that might be doing cool
things.

Thanks

Derek LaHousse

unread,
Aug 12, 2014, 11:17:58 AM8/12/14
to HacDC Public Discussion
Hey that reminds me... I've been looking at an openPGP v2 smartcard.
People interested in a cryptoparty might be interested in hardware
tokens.

http://shop.kernelconcepts.de/product_info.php?products_id=42
http://www.g10code.de/p-card.html

Anyone interested in a group buy?
> --
> --
> Like what we do? Support HacDC by becoming a member. Learn more here: http://hacdc.org/membership/
> --
> You received this message because you are subscribed to the HacDC "Blabber" group.
> To post to this group, send email to Bla...@hacdc.org
> To unsubscribe from this group, send email to
> Blabber+u...@hacdc.org
> For more options, visit this group at
> http://groups.google.com/a/hacdc.org/group/Blabber
>
> To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+u...@hacdc.org.

Ben Mendis

unread,
Aug 12, 2014, 11:31:22 AM8/12/14
to HacDC Public Discussion
I actually did a group buy of that card a couple years ago and I might still have an extra one available from that order. Of course if more people are interested then we could definitely do another order.

I would highly recommend these cards, but they do require having a smartcard reader. If you aren't lucky enough to have one built-in to your computer you can buy an external USB reader. You may also find one that fits a cardbus or 54mm ExpressCard slot, if you have one of those.

It's also worth mentioning that KC can be a bit slow at shipping, so if you want to order cards and have them arrive before the Cryptoparty you should place the order soon. 

The Doctor

unread,
Aug 13, 2014, 12:28:49 AM8/13/14
to Bla...@hacdc.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/12/2014 08:31 AM, Ben Mendis wrote:

> I would highly recommend these cards, but they do require having a
> smartcard reader. If you aren't lucky enough to have one built-in
> to your computer you can buy an external USB reader. You may also
> find one that fits a cardbus or 54mm ExpressCard slot, if you have
> one of those.

I've been using the variant of that card that you can punch the
contacts and circuitry out from so it looks like a SIM card along with
the Gemalto USB Shell Token v2
(http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=119)
at work for about a year, and it's slick as buttered teflon. The
whole package is indistinguishable from the USB2 flash drives from
Micro Center in form factor and almost in appearance. Works just
ducky with GnuPG v2 but it's problematic with the newer versions of
Enigmail.

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"Never tell me the odds!"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT6ul9AAoJED1np1pUQ8Rk4ogP/0Gx0dUAk2AxWKrWwecV2bz3
vUOIE0vZrb1XX1+fCm+gvSzaKMfMpY6aTJV27aNCN6oKr5SlGljVS/WwfnJDTcax
q5ffS2kisdDvudnLwoqxjEALuBrPGv6bc0otV2Dot6mjpDrC+RxFmw04rB+CEPvU
J/CBn1VP8crLslof29RZG1WWljOOHkSJqGDNuSzqjq2dThMkTVNasCN2eUTVUFgy
0dzP/ANwcRtNG27hJWARGaSP9/yIsmLeK/nHyE2cgGupYiJumJRcETE3g1iRJvq3
YAeuX4m8krgnzDqOfgBs3bYv1D/nJJPDU/E8NuF/uHqdw2GrhxS6FOZJBn0vtAtr
8ajcEkz2CCNOfYcMGZtyLdkReVULNw9dD7huZtGTZVpuPJu7SutEsGqnW+qg9aK+
4sS5GaUUKZXaUSG+2jqfXv627Vfbixl6MsuZevc66A0/CBvQWo6C6D+SE9nkbQm9
QqG+aMLq2SMl6bpYWpfY4zmy5L1wsrAkCntZxBf64AEL1J8f9P5cnghHMUZdYbLy
UutzizL5IvrqMJhgK+QciG4a2erhEzw6kFwFup7mLTR5RKgr7ekLZG8oJsBdpgTk
7u5q1miy068801wMB7BxXHVkHVNNCWh3T6ilVJdXg1WMdLMtW5pePpSicesUQDEa
T/azL/repk1s8EkrLF2I
=kRYV
-----END PGP SIGNATURE-----

Derek LaHousse

unread,
Aug 14, 2014, 9:56:05 AM8/14/14
to HacDC Public Discussion
http://en.wikipedia.org/wiki/ISO/IEC_7810
ID-1 = SIM card
ID-000 = miniSIM

When you call the little chip a SIM card, you are wrong. It's fine
when phones because everyone knows what you mean, but when we're
specifically discussing the difference in card sizes, you have to be
right.

This post brought to you by a person with sand in the equipment.


Anyway, it looks like no one's interested in getting more of the
cards, regardless of their size.

shawn wilson

unread,
Aug 14, 2014, 10:05:18 AM8/14/14
to Bla...@hacdc.org
Well, Ben said what he did about possibly getting more because he told
me he had more from the first bulk order he did a while back that
people hadn't paid for/collected and I had told him I was interested
(and this conversation was a while ago). So when he posted the reply
to you about selling you one, I messaged him saying he never got me
mine from that order that he told me extras came from :)

That said, IDK how much interest there is.... OTOH, do any of these
companies have technical sales people in this geographical area? Might
be worth a 20~30 talk... and that'd get some merch at the cryptoparty.

Ben Mendis

unread,
Aug 14, 2014, 10:43:34 AM8/14/14
to HacDC Public Discussion
Yea, I have only one extra V2 normal card (no SIM-like punch-out).

It sounds like at least Shawn and Derek both want a card. I also have a coworker that is interested in one.

As it's getting harder and harder to find laptops with the option of a built-in smartcard reader, I'd also be interested in getting one of the cards with a SIM-like punch-out and a USB token for it.

I propose we do a group purchase for 10 V2 cards with the SIM-like punch-out and at least a few of the USB tokens with the SIM-like reader that The Doctor suggested. We can probably sell a few at the cryptoparty, the rest I can hawk at security conferences (I just sold two cards up at HOPE). 


Ben Mendis

unread,
Aug 14, 2014, 10:58:12 AM8/14/14
to HacDC Public Discussion
I just got one more order (for card + token) so that's already five cards and at least three tokens accounted for. Let me know if you're interested in the USB token part too so I know how many of those to order. 

Derek LaHousse

unread,
Aug 14, 2014, 10:59:29 AM8/14/14
to HacDC Public Discussion
MiniSIM reader:
https://www.scbsolutions.com/express/product_info.php?products_id=118
?
Collapsible ID-1 reader with USB interface:
- https://www.scbsolutions.com/express/product_info.php?cPath=1&products_id=134
- https://www.scbsolutions.com/express/product_info.php?cPath=1&products_id=119
Collapsible ID-1 reader with microUSB/OTG interface:
https://www.scbsolutions.com/express/product_info.php?cPath=1&products_id=160

I can't tell a difference between the folding USB readers, but the SCR
is marginally smaller. It's $18.59 on Amazon Prime-eligible.

I need 3 cards and 2 readers. If you want to buy the stack of cards,
that's fine with me.

On Thu, Aug 14, 2014 at 10:43 AM, Ben Mendis <dragon...@gmail.com> wrote:

Ben Mendis

unread,
Aug 14, 2014, 11:07:33 AM8/14/14
to HacDC Public Discussion
So that's 8 cards accounted for, and did you want me to order two of the Gemalto readers for you, or are you going to get one these other readers?

FYI: According to Xe.com with the current exchange rate the cards come out to $20/ea and the Gemalto readers are $24/ea. So you're looking at $44 for the total package. 

Travis Brown

unread,
Aug 14, 2014, 11:23:01 AM8/14/14
to Bla...@hacdc.org

The Doctor

unread,
Aug 14, 2014, 2:15:27 PM8/14/14
to Bla...@hacdc.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/14/2014 06:56 AM, Derek LaHousse wrote:

> When you call the little chip a SIM card, you are wrong. It's
> fine

I didn't call it one, I said it looks like one. As in, it strongly
resembles one.

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

WWPMD? (What Would Paul Muad'dib Do?)

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT7Py7AAoJED1np1pUQ8Rk/pIP/18UOozweNJP6zcwJ/xS6Nh8
TexyUdyq56EbaTutsASiI3UONV8jolEguMq4JDtfvBwO2vsLEQ6dCZTrKCLrrrEG
eAKs2Jb69eQ6J0qZe5o6/no/CbvBvB9uROa+SYioaCeN0tga6U6GhOjdW3zJZ4sC
IZQD+/aogmWfTA9t55fBM8SXV/VkNLxw80S5p8TxS7fZ5pslx6kqZaRgwxMFexQI
8uz/KWyFtdjcrhyAJvH+g7gGPCARp8bGUYJ/y0GqDOiDXLxdmaALIhzsGHgpmEpD
4eCaPljjd5otdReet41UbUW8MF1ieKi8zzKAywNgBKnIO259/KnHdLyS63ed7CB/
OVVjh3o/TN+U8EevsZN4cbuuTaWm/sjaxhNSeiJDqtIsPY737wb8mOtKY3ov0wt+
CRL98alT7TAUkIJDnOlkNTzOICdMTyKSv7kYM6S15hpDakZyD4k9QEoL9J4qSYW7
s+xj2aLGkKy1vZoI+1osR/LEpFYn1N82+sL5vKOPHEDEIH5PJU3aKl6yZn+j2VlQ
PO+stjUfGvDEg4a13ixVkDJB2fjFnUmcRzucvUESj8pixyZ7Lf4LWa4TNw2SZnPb
No1ba1ssZYVBTZvbP8zKlu7S/Wm9k4rbRZatyvmz2Ho4JMp7PCjGuuH/Ljz5ds9C
Ej2+DQf7zvLiv6ptWj+2
=zshY
-----END PGP SIGNATURE-----

shawn wilson

unread,
Aug 14, 2014, 4:27:02 PM8/14/14
to Bla...@hacdc.org
Ben - I'll take 3 cards.

Any of the readers special in some way that I can't get them off of
Amazon myself (or are we looking after the .05% without Prime?)

Also, if someone wants to contact some local security businesses about
maybe designing a Cryptoparty logo (with their name there but somehow
not totally intrusive), that might work out for some cool advertising
for them and a cool logo and 1/2 priced card for us.... Just an idea
(I'm too busy to go after this)

Ben P

unread,
Aug 14, 2014, 11:18:44 PM8/14/14
to Bla...@hacdc.org
Hi Ben,
I'll take 3 cards, 3 tokens and 2 readers
Ben



> For more options, visit this group at
> http://groups.google.com/a/hacdc.org/group/Blabber
>
> To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+unsub...@hacdc.org.


--
--
Like what we do? Support HacDC by becoming a member. Learn more here: http://hacdc.org/membership/
--
You received this message because you are subscribed to the HacDC "Blabber" group.
To post to this group, send email to Bla...@hacdc.org
To unsubscribe from this group, send email to

For more options, visit this group at
http://groups.google.com/a/hacdc.org/group/Blabber

To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+unsub...@hacdc.org.


Ben Mendis

unread,
Aug 15, 2014, 10:45:37 AM8/15/14
to HacDC Public Discussion
Hi Ben P,

I was using tokens/readers interchangibly before to refer to the Gemalto USB reader. Do you mean that you want 3 SmartCards and 3 Gemalto readers?

Cards are $20/ea
Gemalto readers are $24/ea


Thanks,
Ben



For more options, visit this group at
http://groups.google.com/a/hacdc.org/group/Blabber

To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+u...@hacdc.org.

Bobby Baum

unread,
Aug 16, 2014, 3:47:03 AM8/16/14
to Bla...@hacdc.org
Possible speaker: Matt Green - see the summer 2014 issue of JHU
Engineering (engineering.jhu.edu/magazine/2014/05/guru-cyber-cryptography/)
Bobby

shawn wilson

unread,
Aug 16, 2014, 5:17:08 AM8/16/14
to Bla...@hacdc.org

Possible speaker? How? Ie, you had a conversation with him?

Alberto Gaitán

unread,
Aug 16, 2014, 11:05:04 AM8/16/14
to Bla...@hacdc.org
All we would have to do is ask. I do that kind of thing all the time and as long as you keep it semi-pro (e.g., 1 PoC with excellent communications skills, etc...), you'd be surprised at how willing authors are to participate.





On 8/16/14, 5:17 AM, shawn wilson wrote:
>
> Possible speaker? How? Ie, you had a conversation with him?
>
> On Aug 16, 2014 3:47 AM, "Bobby Baum" <gip...@gmail.com <mailto:gip...@gmail.com>> wrote:
>
>     Possible speaker: Matt Green - see the summer 2014 issue of JHU

>
>     On 8/15/14, Ben Mendis <dragon...@gmail.com <mailto:dragon...@gmail.com>> wrote:
>     > Hi Ben P,
>     >
>     > I was using tokens/readers interchangibly before to refer to the Gemalto
>     > USB reader. Do you mean that you want 3 SmartCards and 3 Gemalto readers?
>     >
>     > Cards are $20/ea
>     > Gemalto readers are $24/ea
>     >
>     > http://shop.kernelconcepts.de/product_info.php?products_id=42{6}23
>     > http://shop.kernelconcepts.de/product_info.php?products_id=119{1}26
>     >
>     > Thanks,
>     > Ben
>     >
>     >
>     > On Thu, Aug 14, 2014 at 11:15 PM, 'Ben P' via Blabber <Bla...@hacdc.org <mailto:Bla...@hacdc.org>>

>     > wrote:
>     >
>     >> Hi Ben,
>     >> I'll take 3 cards, 3 tokens and 2 readers
>     >> Ben
>     >>
>     >>
>     >>   On Thursday, August 14, 2014 4:27 PM, shawn wilson <ag4v...@gmail.com <mailto:ag4v...@gmail.com>>

>     >> wrote:
>     >>
>     >>
>     >> Ben - I'll take 3 cards.
>     >>
>     >> Any of the readers special in some way that I can't get them off of
>     >> Amazon myself (or are we looking after the .05% without Prime?)
>     >>
>     >> Also, if someone wants to contact some local security businesses about
>     >> maybe designing a Cryptoparty logo (with their name there but somehow
>     >> not totally intrusive), that might work out for some cool advertising
>     >> for them and a cool logo and 1/2 priced card for us.... Just an idea
>     >> (I'm too busy to go after this)
>     >>
>     >> On Thu, Aug 14, 2014 at 2:15 PM, The Doctor <dr...@virtadpt.net <mailto:dr...@virtadpt.net>> wrote:

On 08/14/2014 06:56 AM, Derek LaHousse wrote:

>     >> >> When you call the little chip a SIM card, you are wrong.  It's
>     >> >> fine

I didn't call it one, I said it looks like one.  As in, it strongly
resembles one.

>     >> >

>     >> > --
>     >> > --
>     >> > Like what we do? Support HacDC by becoming a member. Learn more here:
>     >> http://hacdc.org/membership/
>     >> > --
>     >> > You received this message because you are subscribed to the HacDC
>     >> "Blabber" group.
>     >> > To post to this group, send email to Bla...@hacdc.org <mailto:Bla...@hacdc.org>

>     >> > To unsubscribe from this group, send email to

>     >> > For more options, visit this group at
>     >> > http://groups.google.com/a/hacdc.org/group/Blabber
>     >> >
>     >> > To unsubscribe from this group and stop receiving emails from it, send

>     >>
>     >>
>     >> --
>     >> --
>     >> Like what we do? Support HacDC by becoming a member. Learn more here:
>     >> http://hacdc.org/membership/
>     >> --
>     >> You received this message because you are subscribed to the HacDC
>     >> "Blabber" group.
>     >> To post to this group, send email to Bla...@hacdc.org <mailto:Bla...@hacdc.org>

>     >> To unsubscribe from this group, send email to

>     >> For more options, visit this group at
>     >> http://groups.google.com/a/hacdc.org/group/Blabber
>     >>
>     >> To unsubscribe from this group and stop receiving emails from it, send an

>     >>
>     >>
>     >>    --
>     >> --
>     >> Like what we do? Support HacDC by becoming a member. Learn more here:
>     >> http://hacdc.org/membership/
>     >> --
>     >> You received this message because you are subscribed to the HacDC
>     >> "Blabber" group.
>     >> To post to this group, send email to Bla...@hacdc.org <mailto:Bla...@hacdc.org>

>     >> To unsubscribe from this group, send email to

>     >> For more options, visit this group at
>     >> http://groups.google.com/a/hacdc.org/group/Blabber
>     >>
>     >> To unsubscribe from this group and stop receiving emails from it, send an

>     >>
>     >
>     > --
>     > --
>     > Like what we do? Support HacDC by becoming a member. Learn more here:
>     > http://hacdc.org/membership/
>     > --
>     > You received this message because you are subscribed to the HacDC "Blabber"
>     > group.
>     > To post to this group, send email to Bla...@hacdc.org <mailto:Bla...@hacdc.org>

>     > To unsubscribe from this group, send email to

>     > For more options, visit this group at
>     > http://groups.google.com/a/hacdc.org/group/Blabber
>     >
>     > To unsubscribe from this group and stop receiving emails from it, send an

>     >
>
>     --
>     --
>     Like what we do? Support HacDC by becoming a member. Learn more here: http://hacdc.org/membership/
>     --
>     You received this message because you are subscribed to the HacDC "Blabber" group.
>     To post to this group, send email to Bla...@hacdc.org <mailto:Bla...@hacdc.org>

>     To unsubscribe from this group, send email to

>     For more options, visit this group at
>     http://groups.google.com/a/hacdc.org/group/Blabber
>
>     To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+u...@hacdc.org <mailto:Blabber%2Bunsu...@hacdc.org>.

>
> --
> --
> Like what we do? Support HacDC by becoming a member. Learn more here: http://hacdc.org/membership/
> --
> You received this message because you are subscribed to the HacDC "Blabber" group.
> To post to this group, send email to Bla...@hacdc.org
> To unsubscribe from this group, send email to
> Blabber+u...@hacdc.org
> For more options, visit this group at
> http://groups.google.com/a/hacdc.org/group/Blabber
> To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+u...@hacdc.org <mailto:Blabber+u...@hacdc.org>.


Enrique Cobas

unread,
Aug 16, 2014, 6:36:30 PM8/16/14
to Bla...@hacdc.org, bla...@hacdc.org
I've had a positive response from people at Tor Project some time ago. I'll remind them and hope some of them will stop by. They also pointed me toward the Open Technology Fund and the Open Internet Tools Project, so I've just emailed them as well. We'll see what they say. I updated the speaker list with the "pending" potential speakers. I also emailed Brian Krebs because why not. I don't know any of these people personally. Brian Green was a good idea. I hope he comes. If many of these people agree to come by maybe we should advertise this event at local CS departments like U. Maryland's, etc.

shawn wilson

unread,
Aug 16, 2014, 8:12:13 PM8/16/14
to Bla...@hacdc.org

As well as advertise at colleges, if anyone knows any academics that deal with crypto, privacy, identity, internet behavior, electronic law, etc - I think these are all valid cryptoparty topics and would make awesome talks from researchers.

P's - we really need some legal expertise at these events - don't need to speak just pipe up when conversation ventures into legal stuff.

P'ps - I'd really love one on identity

--
--
Like what we do? Support HacDC by becoming a member. Learn more here: http://hacdc.org/membership/
--
You received this message because you are subscribed to the HacDC "Blabber" group.
To post to this group, send email to Bla...@hacdc.org
To unsubscribe from this group, send email to
Blabber+u...@hacdc.org
For more options, visit this group at
http://groups.google.com/a/hacdc.org/group/Blabber

To unsubscribe from this group and stop receiving emails from it, send an email to Blabber+u...@hacdc.org.

shawn wilson

unread,
Aug 18, 2014, 4:40:47 AM8/18/14
to Bla...@hacdc.org

OK, I'm pretty sure I know who did put the 'tbd' lines there, but... I don't really like the idea of giving people talk titles. I don't think anyone should remove something someone else puts on these docs (that isn't offensive) without some conversation. So, I think the point of these 'tbd's is to say "I've contacted these people to talk" - while I'm meh on the idea of preventing duplicate people contacting the same potential speaker, I think the better way to do this would be to create a notes field where you can say 'I've contacted this person with this idea - bug the hell out of them or don't duplicate my effort'. And then everything else is left blank until potential speaker says 'I'm talking about this' (if they didn't just fill out their spot, you can do it for them).

Cool?

If so, make it so....

shawn wilson

unread,
Aug 18, 2014, 7:00:57 PM8/18/14
to Bla...@hacdc.org
Let me be more definitive - unless someone (the author or anyone else)
defends having unconfirmed authors with tbd lines, I'm removing them
tomorrow morning (not editing - removing).

Alberto Gaitán

unread,
Aug 18, 2014, 7:29:13 PM8/18/14
to Bla...@hacdc.org
Perhaps just move them to an aspirational, unconfirmed sheet?

shawn wilson

unread,
Aug 18, 2014, 7:50:11 PM8/18/14
to Bla...@hacdc.org
Good idea - this prevents me from needing to remove or alter data
(just move it).

So, actual speakers are on the first sheet/tab titled "Speakers" and
these TBD (they have supposedly been emailed and hopefully there's a
dialogue happening) goes in the "Potential Speakers" sheet/tab. Done.

shawn wilson

unread,
Aug 19, 2014, 6:53:32 AM8/19/14
to Bla...@hacdc.org
Those who have signed up to talk - can you send me an email so that I
can confirm with you a week before to see what the lineup looks like?
And if new speakers could do the same, I'd appreciate it.

I know Ben, Xavier, and Zak. I don't know Nick and Kaytee.
If this doesn't happen, not a big deal, it'd just be nice to know
"Everyone who said they were speaking is going to come" or "I'm less
three talks" or "This person said they were showing up later", etc.


A few other points of business:

1. Someone emailed me that they were from Cali and wouldn't be in DC
the weekend of the Cryptoparty but would be willing to do a talk via
video chat. This shouldn't be a technical issue, but do we want to
take them up on it (it would be a 1400~1600 EST time frame).

2. I am most likely able to get two decent quality projectors and
cameras (and probably more if we feel there will be more than two
tracks and/or we want to project/record classes). Do we want this
event to be recorded?
3. If we don't have an issue with recording (unlike HOPE, I think
we'll stay away from recording the audience :) ) I'll need someone who
can handle video editing (I don't do this). I'll want the videos
online the week after, so don't commit if you're swamped the 21-29th.

4. Someone needs to handle acquiring screens (iirc, we have one but
not two). This shouldn't be an issue for capturing the slides on a
video - we can take the capture direct from the slide deck I think.
But, viewing off a wall isn't very nice.

5. The software (and probably raw video) will be hosted on a server
(along with checksums for all data) that will be in the same room as
the event. I'm planning on allowing ftp, sftp and rsync. I will not
provide http(s) access. I will have open wireless and a wired switch
for this server but if you want wired access, you might want to bring
an ethernet cable (I'll tweet a reminder about this after it's
finalized). Does anyone have any other protocols you think might
useful for someone who doesn't have ftp/sftp/rsync (again - not doing
http). Also, this will not be a HacDC server and I will be the only
one with the keys to it so if you follow best practice (check the
hash) and get bad stuff on your computer, you know who to come after
:)

shawn wilson

unread,
Aug 19, 2014, 9:29:01 AM8/19/14
to Bla...@hacdc.org
#4 is handled as long as I can find the screen that was at the space
from last year. Does anyone know where HacDC's projector screen is off
hand? Can someone confirm it's handy?

(The other screen came from anonymous unless the person wants to
publicly raise its hand :) )

Travis Brown

unread,
Aug 19, 2014, 11:45:41 AM8/19/14
to Bla...@hacdc.org
Off hand, I believe it is behind the arcade cabinet.

-----Original Message-----
From: bla...@hacdc.org [mailto:bla...@hacdc.org] On Behalf Of shawn wilson
Sent: Tuesday, August 19, 2014 9:29 AM
To: bla...@hacdc.org
Subject: Re: [HacDC:Blabber] Re: Cryptoparty 2014 - Hi my name is Ed - 2014/09/20

shawn wilson

unread,
Aug 19, 2014, 11:57:41 AM8/19/14
to Bla...@hacdc.org
Good stuff

and then...
/me vents some steam over still housing that cabinet at the space
(don't send this thread ot by replying to my insanity over that mess
of a situation)

The Doctor

unread,
Aug 19, 2014, 6:26:16 PM8/19/14
to Bla...@hacdc.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/16/2014 05:12 PM, shawn wilson wrote:

> P's - we really need some legal expertise at these events - don't
> need to speak just pipe up when conversation ventures into legal
> stuff.

Ask the EFF. They have some staff within DC these days.

> P'ps - I'd really love one on identity

Ask @aestetix on Twitter, tell him I suggested that you ask.

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"COOPER, YOU REMIND ME TODAY OF A SMALL MEXICAN CHIHUAHUA." --Gordon Cole

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT888BAAoJED1np1pUQ8RkzE0P/2vs6YQvfeIzDEtYT3s6YT0t
8TIkVIaKdSMu4629t+BQvgoLbngC51505dFKtdufYoxZo5qr7x7/L/6JzDEfCVRg
xAJkRIo/2XqoJYCGwwpndLsXGyWkdhW7PVgnWinxZ31TkGYAeyZTwmv0ZSQfC9yO
L7JphZZzSgpXD11nl1XWrlS9QR1gFe9XhEBzv6PNy1DhSvqSW/zf7O8cZIg16JIJ
8ETCpZfoQ7Ff8VyHlRSbIzQrx81L3iT+esU5UrySYaXwjKghmoFXEfKfacACC5LQ
9HDvMZjyPTPv6sDHlYPaGov0cVfrblX37JW84qt4FVi/tbavCc7qV1JVyawtnHBH
JAgP6AEcNl6gemdyZSsTb12liAbUsBqqSqBrnR9wgaP9tonkMZPhovUSSke+MgEO
I0MG2sYMwVFsokatO3Qfc98qLaZd1s/qh8qt7gFszZSKuO3MyBkRb1m2ChWvCOuk
bJU7jRpcosCqfSlRKv4bi0SMBjpltaKvATwGrXk8i5l+mmuu9k/iPwCeKeqhletY
kvMEjR9SXZz7HAvVFKJI45dLYp6Ou8ZyglCKo6MMbX4CKXkKWMi0s2vKfVOuC3gj
NAkpPoQ/qdpHvsMA235UoO9p3zwpsCXlfI1p32UA0Yc8588vxNuI040gLnEvATfZ
1ioUSHmhEoMvYnP+8AY0
=q16B
-----END PGP SIGNATURE-----

shawn wilson

unread,
Aug 20, 2014, 8:57:01 PM8/20/14
to Bla...@hacdc.org
So, Ben has said that lots of the speakers I'm bringing in are kinda
advanced (and yes, I've got more unconfirmed fairly advanced talks -
blue team fed, pkcs dude, etc). I plan to have two tracks but this
isn't going to help much if I don't have 'beginner' talks to fill the
other one. I need y'all to step and talk/teach or this conference will
bring me much joy but not the 'normal' person off the street - keep an
eye on the spreadsheet if you want to know what some of the
unconfirmed people are starting to look like - also, iirc Zak's talk
isn't exactly 'beginner' either (you have been warned).

Enrique Cobas

unread,
Aug 21, 2014, 12:34:49 AM8/21/14
to Bla...@hacdc.org
Well that's not so unexpected. Any chance of staggering the two tracks? For example, the beginner cryptoparty could start at 2 and the more advanced talks at 3 or 4. Because the people speaking at the beginner-level talks might be the ones interested in listening to the advanced talks.

shawn wilson

unread,
Aug 21, 2014, 5:04:44 AM8/21/14
to Bla...@hacdc.org
I'm pretty sure I can organize speakers so that they hear talks they
want to hear. Further, I'll have the raw video on site for anyone who
wants it basically immediately (I'm not ripping the sdcard out of the
camera after each talk unless someone asks but I can). Also, there
will be a talk on RC3/FIDO (think OAuth and OpenID alternative) a
little after 1400 which should be our only remote talk but I can't
move that anywhere. Other than that, it can kinda be played by ear
(unless people have other engagements).

So all of this will work itself out. And I've got enough really
technical people that teaching classes on stuff *will not* be an issue
(Windows might be a bit of an issue though - if anyone is good with
doing this stuff on Windows, you're going to be needed). What I don't
have are beginner talks.

Talk ideas:
Encryption theory high level (symmetric/asymmetric, block/stream ciphers) [1]
What tools the EFF has to offer to help you stay secure (just run
through their tools/plugins/etc and how they help you)
Securing Windows (firewall, application, SSL'd services, proper
administration) [2]
Heartbleed [3]
OSINT [4]
Policy (net neutrality, the SOPA/PIPA bill and what's next, etc) [5]
Proper IPSec configuration (this might be more advanced - and I know
just who to contact on this but don't let that hold you back)

... anything else y'all want to hear about?

1. Ben talked on this last year but I'd prefer people only do one talk
as it's time consuming to put together a talk and I don't want half
assed.
2. This can be multiple talks, but all of the talks covering OS are Linux.
3. This might be more advanced, but it's still in the news and no one
has stepped forward to cover this? Come on - it's a gimme.
4. I've kinda got this, but the talk will probably be out of our scale
of use and there's just so much to cover here.
5. I know some of y'all work at political places - this should happen
*just* because we're in DC damnit.

shawn wilson

unread,
Aug 21, 2014, 1:51:37 PM8/21/14
to Bla...@hacdc.org
If you have submitted a talk, we'd like to put your bio in the blog
post/press release about the con. If you'd like one, please send it my
way.

Also, I haven't heard anything about more beginner talks... just saying.

George Walker

unread,
Aug 21, 2014, 3:57:09 PM8/21/14
to Bla...@hacdc.org

Shawn said: 
"Does anyone have any other protocols you think might useful for someone who doesn't have ftp/sftp/rsync (again - not doing http)."

Why are you interested in any protocol at all except the one that absolutely everyone already knows how to use?

Ben Mendis

unread,
Aug 21, 2014, 4:11:04 PM8/21/14
to HacDC Public Discussion
On Thu, Aug 21, 2014 at 3:57 PM, George Walker <georgew...@gmail.com> wrote:

Shawn said: 
"Does anyone have any other protocols you think might useful for someone who doesn't have ftp/sftp/rsync (again - not doing http)."

Why are you interested in any protocol at all except the one that absolutely everyone already knows how to use?


One of the LAN parties I regularly attend uses DC++ for distributing files (game patches, mostly).

There's also SMB/CIFS (Samba). Probably the easiest option for Windows users if you are dead set against HTTP(S).

But I agree with George here, why not use the one protocol whose universal interoperability is guaranteed? 

shawn wilson

unread,
Aug 21, 2014, 4:13:52 PM8/21/14
to Bla...@hacdc.org
Frankly - web browsers suck :)

So, if I do https, you're going to add a cert to your browser for one
time use and you don't strictly know if you're talking to me the first
time unless I post the cert string somewhere (which will have to be
done anyway, it's just more painful with web browsers).

Ok, so maybe I just do http and figure people will check hashes and
keys? Great, except, you're in a browser where someone can mitm the
session and inject js and other goodies.

If I'm running a tightly secured server (which I am and will), you
should totally go after me if you get owned transferring files from it
and check the hashes. If you don't know how to do this, someone can
show you. If you just want the data without any effort, I'm sure
someone will copy the data to a thumb drive for you (but this has
security issues, so I'm not going to offer this).

On Thu, Aug 21, 2014 at 3:57 PM, George Walker <georgew...@gmail.com> wrote:
>

Ben Mendis

unread,
Aug 21, 2014, 4:21:32 PM8/21/14
to HacDC Public Discussion
How is any of this different from ftp/sftp/scp/rsync? You can MITM those too, if you're not diligent about checking key fingerprints. FTP is even worse, it doesn't even pretend to offer any kind of security.

shawn wilson

unread,
Aug 21, 2014, 4:46:59 PM8/21/14
to Bla...@hacdc.org
You're not in a *browser* so someone can't setup squid to inject js
for you to run. The protocol is no more or less secure but you have to
execute things outside the browser.

Ben Mendis

unread,
Aug 21, 2014, 4:53:41 PM8/21/14
to HacDC Public Discussion
The most common way to access FTP sites it through the browser as your FTP client. Problem not solved.

shawn wilson

unread,
Aug 21, 2014, 4:56:28 PM8/21/14
to Bla...@hacdc.org
Fine, nix ftp

shawn wilson

unread,
Aug 21, 2014, 4:59:04 PM8/21/14
to Bla...@hacdc.org
So, I'll trade ftp for https with a self signed cert.

The ssh cert and the x509 cert will be on a peace of paper above the
server.... though I'm going to have fun with a raspi and see how long
before someone catches it :)

shawn wilson

unread,
Aug 21, 2014, 4:59:46 PM8/21/14
to Bla...@hacdc.org
And by fun - i don't mean anything bad, just another server with
identical content but the wrong key.

shawn wilson

unread,
Aug 21, 2014, 5:29:37 PM8/21/14
to Bla...@hacdc.org
So, we should be able to get a cert your browser will trust for this,
so I'll have an https download portal for all of this stuff (I'll have
an excuse to write a tiny web app with Starman too - yay)

Ben Mendis

unread,
Aug 21, 2014, 5:43:44 PM8/21/14
to HacDC Public Discussion
On Thu, Aug 21, 2014 at 5:29 PM, shawn wilson <ag4v...@gmail.com> wrote:
So, we should be able to get a cert your browser will trust for this,
so I'll have an https download portal for all of this stuff (I'll have
an excuse to write a tiny web app with Starman too - yay)

That's great, but it brings up a good point. We should setup the network with some common examples of expired certs or other weirdness to train people on how to recognize when something fishy is happening, why it's a problem, and what to do about it.

It'll be good practice for setting up a CTF network. 
 

shawn wilson

unread,
Aug 21, 2014, 5:54:22 PM8/21/14
to Bla...@hacdc.org
Agreed. As long as the cryptoparty drives itself from here until the
event date (or basically drives itself) I can do some with that idea.

Gary Sparkes

unread,
Aug 22, 2014, 9:13:19 AM8/22/14
to Bla...@hacdc.org
..... People do this????? And not the "http FTP" most people see? I've had nothing bout trouble trying that. I use a dedicated FTP client to actually download anything so it works. and that's on Unix/Linux/Win/VMS/etc
Gary G. Sparkes Jr.
KB3HAG

Ben Mendis

unread,
Aug 22, 2014, 10:00:57 AM8/22/14
to HacDC Public Discussion
Based on logs I've seen, browsers are the most common FTP client. Sad but true. 

Sadder still is that FTP hasn't been completely deprecated at this point. As far as I can tell, it has absolutely no advantages over HTTP, and a lot of disadvantages.

shawn wilson

unread,
Aug 22, 2014, 10:07:00 AM8/22/14
to Bla...@hacdc.org
I don't think browsers will go off and run scripts that are offered
via ftp sessions?????

I think they will load up index.htm(l) files depending on how your
server is configured, so this is almost moot.

I'm fine with ftp as long it is *strictly* for anonymous downloads and
files are offered with checksums and/or sigs.

The Doctor

unread,
Aug 22, 2014, 5:22:04 PM8/22/14
to Bla...@hacdc.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/21/2014 01:13 PM, shawn wilson wrote:
> Frankly - web browsers suck :)

And they're almost ubiquitous. Go with what you know everybody has.

> Ok, so maybe I just do http and figure people will check hashes
> and

Show them how to do it, it's a good hands-on.

> keys? Great, except, you're in a browser where someone can mitm
> the session and inject js and other goodies.

Show people how to check, then.

> show you. If you just want the data without any effort, I'm sure
> someone will copy the data to a thumb drive for you (but this has
> security issues, so I'm not going to offer this).

So, how do you propose to distribute data if no distribution method is
suitable?

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"I'm not the Eater of Souls, I'm just his administrative assistant."

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT97R3AAoJED1np1pUQ8RkyzYQAIcViKxHrCdDbeXwA+H6+Ee7
vGg8IC8ZNNRMjtU7tH88nw5jF4nyBaNkMTFT6jTZ0/V1NjfIK5Rt0G0uzJzsBOj+
XE4S+gyJlbhqOMzOD9IZ/7sEW1xgO2NluTvmvKaGcUOeBA+fg0hGHewlZ7xP7F63
hpXn2p1HNXHKIB/hoOm/bLi6GsYSOs3PJnoEzUF8DO+j/ilmhf8epe2mIqCz5dE9
eOStSKly2ufwOoUOzRT0klehb5o4PY151qA3e9cxsGL5OSzlelt9Yk7qY34iJ4Wi
zWvkGGYdu6VArVyYZgfTqu6jf96culJD7hErFp4JCkBD/ONXaK7z08Rdi9dPYxZ+
iTH+PvgbtHL+Altas1i6o4/2yB9pjlqLRJgfHZQ9wkRQkGfdWGvz7/BnHgUVjnd1
HOnOOdwaAXPgtVugVUqLV9sf3UgTcT0/V9UHG0liidxnWt8i+U1yhoQzvlaljjnU
pKLbVd9GTuzfAImpCEvZtKCg9BLCU2bh4sgOap/CLi7LgoZPJ7WqSpVihPKcKFMh
F2PK0pDl9W9TJzC4toMeT5mbbIFbrxU8ymyV8wq9ROZA6NtRjmGgNrbnUWLhe+/B
WJ92uym0VNe+HO9lJHFoREtPB3ofSmA+JTJ4SKqA0dpTC3z0kpENeHkM4IJXJqaR
0AAvq+uhmg62UpRpawbq
=6xuf
-----END PGP SIGNATURE-----

The Doctor

unread,
Aug 22, 2014, 5:23:15 PM8/22/14
to Bla...@hacdc.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/21/2014 01:58 PM, shawn wilson wrote:

> The ssh cert and the x509 cert will be on a peace of paper above
> the server.... though I'm going to have fun with a raspi and see
> how long before someone catches it :)

/me whispers "Set up a Wifi Pineapple... what could possibly go wrong?
>:-)"

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"I'm not the Eater of Souls, I'm just his administrative assistant."

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT97S+AAoJED1np1pUQ8RktpcP/jRRZOlRRRzXFGvpYqUMaqLL
IITmR46zPEEbS0kSwGQYxGtKtz7SX7pFxiHmvdZnB9CqXuumlbNMbntL7jkh9RVl
g7qb5AwNcoeZig5wrQ25OhkEksJ/GhN+I7gVvoDJ8P4HxmakXyPUuQ4g2SXbTycN
jbkagO6r9f8bE4LqAykQU9Kaaoycs81jEFiVmhIjeUJMDODU4nLJ42RjrDMRiLlF
Iv1MmvIOjbRKdhxO4R1xFG7fhB56IBeuNnHYMSBsEcv0NWQyGZo7sxuiVjMZTiWX
8nDy7Wfp2v3D3DNHUqYgkyEO9/HOrXNKSUOAPfR5fQm1O7xWPYiLO3g0xo3JOh+t
kVQooYE+Ei851LD8q9rsjAVlIREv/XDPqkoWscScpq1j3X4VWeYT02z56SoAFWk/
x9d5sTWgHJvdRPF9pfxNqTjJZ6GnA2EYhr65J0xiezJ4InJMSqVKvXwV+fX7SUDz
bWdWicVVbCf8YJ93OHu1Bt8F1Z2k2OtbPfKh8+Zit4o93jzdLivssfmM9EK2Ca7a
L0/6NKcYwVs0/DPWgx+j2QN/av/4JA8dWQ4oA0y5DTA4pXeJiftJfpTSUnEHE1j2
3bzPIbxpgLwa0QTiWcdAOE5AcUx4CU4zMG0WSDtCbBGD1EF08+qNaQggCZ1OD8Yu
V08f3NfdsY/JHXmqKera
=PgwR
-----END PGP SIGNATURE-----

shawn wilson

unread,
Aug 22, 2014, 5:41:34 PM8/22/14
to Bla...@hacdc.org
On Fri, Aug 22, 2014 at 5:23 PM, The Doctor <dr...@virtadpt.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 08/21/2014 01:58 PM, shawn wilson wrote:
>
>> The ssh cert and the x509 cert will be on a peace of paper above
>> the server.... though I'm going to have fun with a raspi and see
>> how long before someone catches it :)
>
> /me whispers "Set up a Wifi Pineapple... what could possibly go wrong?
> >:-)"
>

Unpatched even... yeah

And per the earlier comments about just using https - fine. The world
sucks, and y'all have beaten me up enough that I'll do this :(

Ben Mendis

unread,
Aug 22, 2014, 6:17:10 PM8/22/14
to Bla...@hacdc.org

My point is that fighting against HTTP/S is a losing fight. Instead we should focus on making it suck less.

Derek LaHousse

unread,
Aug 23, 2014, 12:44:53 PM8/23/14
to HacDC Public Discussion
Actually, showing people how to get your certificate and trust it is a
GOOD objective lesson that should tie into the "web of trust" talks.

shawn wilson

unread,
Aug 23, 2014, 1:39:34 PM8/23/14
to Bla...@hacdc.org
I'm not sure if wot and identity is an advanced topic or not though -
it's kinda 'in the weeds' for most people i think...?

Alex Smith (K4RNT)

unread,
Aug 23, 2014, 5:29:50 PM8/23/14
to Bla...@hacdc.org
You guys aren't wearing your tinfoil hats tight enough, there's still some insanity spilling out...

" 'With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and warning... The first time any man's freedom is trodden on, we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG episode "The Drumhead"
- Alex Smith
- Huntsville, Alabama metropolitan area USA


Enrique Cobas

unread,
Aug 24, 2014, 11:50:28 PM8/24/14
to Bla...@hacdc.org
I think we should make a schedule. We're lining up a lot of talks (7 hours + now). We can't tell potential speakers that the event starts at 2pm when their slot might not be until 5 or 7pm. I suggest talks in order of increasing technical nature, so for example: Web safety, web user identity, bitcoin, Tor, secure online communication apps, WiFi security, email encryption, VoIP encryption, DNSSEC, RC3/FIDO... ? We should also decide if we're having more than one concurrent talk/session.

David Edwards

unread,
Aug 24, 2014, 11:56:55 PM8/24/14
to HacDC Public Discussion
On Sun, Aug 24, 2014 at 11:50 PM, Enrique Cobas <enriqu...@gmail.com> wrote:
I think we should make a schedule. We're lining up a lot of talks (7 hours + now). We can't tell potential speakers that the event starts at 2pm when their slot might not be until 5 or 7pm.

Could you expand a bit on what you mean there? Trying to keep your schedule a secret from your speakers (especially since your speakers have an interest in the subject matter and may want to attend other talks) seems a wonderful way of making sure there are lots of open slots in your schedule.

Enrique Cobas

unread,
Aug 25, 2014, 12:01:28 AM8/25/14
to Bla...@hacdc.org, ha...@dpe.lusars.net
I'll rephrase: We should assign time-slots and inform our speakers of their slot, rather than having everyone come at 2pm and then wait for hours.

Alberto Gaitán

unread,
Aug 25, 2014, 8:59:09 AM8/25/14
to Bla...@hacdc.org
On 8/25/14, 12:01 AM, Enrique Cobas wrote:
> I'll rephrase: We should assign time-slots and inform our speakers of
> their slot, rather than having everyone come at 2pm and then wait for hours.
>

I completely agree with this approach. Not doing so will potentially sow
bad seeds for us in the community.


shawn wilson

unread,
Aug 25, 2014, 9:23:50 AM8/25/14
to Bla...@hacdc.org, ha...@dpe.lusars.net
I intend for talk times to be as open ended as the audience wants. I'm
going to send out an email/tweets to speakers letting them know to let
me know if they have time constraints/speaking time preferences. Here
are the timing issues:
* There is one video conference talk (and another probable one) that
obviously have a set time.
* There is also splitting the talks into their tracks (something I'll
do on the spreadsheet in a bit) which will affect the schedule.
* I'd also like an order of more to less abstract (in the advanced)
and more to less general (tools and setups) in the basic track.
* If I get more talks (I'm pretty sure I will - I'm only looking to
cover one more topic - Windows) they might slide before or after talks
that we currently have too.
* Speaker preference trumps all else. If a speaker wants to talk at a
certain time that someone else hasn't requested, I'll try to make that
happen. If a speaker thinks that information in a prior talk will help
their talk, we'll try to make that happen as well.

If there's room and there's a speaker lots of people are interested in
hearing (and we don't have other hard constraints), I'd like to allow
that to continue until a logical end. Iie, if someone is scheduled for
a 30 minute talk and there is an hour of q/a or discussion that seems
to be good for the audience, I want that to happen (obviously, if
they're only engaging a few people, that can be taken elsewhere)

Thoughts?

Alberto Gaitán

unread,
Aug 25, 2014, 9:28:34 AM8/25/14
to Bla...@hacdc.org
On 8/25/14, 9:23 AM, shawn wilson wrote:
> I intend for talk times to be as open ended as the audience wants. I'm
> going to send out an email/tweets to speakers letting them know to let
> me know if they have time constraints/speaking time preferences. Here
> are the timing issues:
> * There is one video conference talk (and another probable one) that
> obviously have a set time.
> <snipped>
> Thoughts?

If the plan is still to go until midnight, I'd recommend also nailing
down a slot to order/setup/eat pizza/drinks or whatever.


shawn wilson

unread,
Aug 25, 2014, 9:34:13 AM8/25/14
to Bla...@hacdc.org
Agreed. And I'll ask here first - are there any businesses who wish to
sponsor food.


Also, this brings up a thought which some have commented on - our only
source of info for how many will show up is meetup. I know this is
incomplete as only a few of our speakers have even RSVP'd here. Does
anyone have a more inclusive way to get attendance figures?

Would the board (or anyone else) disagree with naming a business who
sponsors food somehow in our PR?

The Doctor

unread,
Aug 25, 2014, 4:53:26 PM8/25/14
to Bla...@hacdc.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/24/2014 08:50 PM, Enrique Cobas wrote:
> I think we should make a schedule. We're lining up a lot of talks
> (7

I agree. A little organization goes a long way.

> security, email encryption, VoIP encryption, DNSSEC, RC3/FIDO... ?
> We should also decide if we're having more than one concurrent
> talk/session.

Last time, multiple talks running concurrently worked pretty well.

- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"What do you think this is, real life?" --Ford Fairlane

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT+6JCAAoJED1np1pUQ8Rk2h0P/j+oL0n12uoUvEd4X5ozrgdZ
/mU1AbpTfSyF/T67ZDPMPLO142iT5NE2xofVA1mF0csLtBR3UFihLwdHdiaEJGzK
LyxMBubMGByKux44zlmkHNCblJwCQzvfThRxgp0m5FZuyklb+mGHljaCdr/vpz5P
zoM2aRnqHj0tlOqw1RqpxdK1oxjTANNQ71aQmqK7a3HZyZdIH8mAVWFCZ9Yn3byA
l2pIkQQ0y+NXHo+zmXq6Uoa8TVRdC1lhjo7RUK5tFEsS4oxsotLkC3Y8w85a5XbJ
CmE8L93AhoR5/Jyb3Wp20NHltxjt7kRlOAXMSOxoCR8+MFHohoDMr4Tj3+PwGmS9
UsKvqzySZaGFi5CJDetaCjkF2OyfNSlhXC9fQKWw99aidugH6R9u4AcNWW7jBe4/
F6aS2WkuDDSVcleC/BdBgc/+jA+6+eGMTJAiNueLkVzartghWiXuSl6cmCvPiTIF
QWCTmfTredg8ZcvW3AdagcxxuMRErecXIe5BpWm7qjqh+AfZ7a3/J5NYvL3xbwPG
WhcFQfjVSmyN32PjRwvwYCqwk2G5/HIm614sHl4/8ZN6GfFMSUFv6jcnAkpAeI/t
XgVAINxfvoQGhl6qLjKSfvd/UDojwmkojiO0RmuO3jL4XSgCuaAgfAVcQSOKVAWv
R29BrVgW08ifbZqfpRBF
=L/hF
-----END PGP SIGNATURE-----

Alberto Gaitán

unread,
Aug 25, 2014, 6:14:19 PM8/25/14
to Bla...@hacdc.org
On 8/25/14, 4:53 PM, The Doctor wrote:
> Last time, multiple talks running concurrently worked pretty well.

I wasn't there for the last one. But, the time before that one, I don't
remember concurrent talks working especially well except when folks
formed breakout groups to workshop some topics.

Ben Mendis

unread,
Aug 25, 2014, 6:21:58 PM8/25/14
to HacDC Public Discussion
Last year we did an unconference-style thing, where we setup roughly four areas and each hour or so someone could volunteer to give a presentation on a given topic in each area.
It worked out reasonably well, though most of the time we did have about 50-75% of the attendees crowded around one of the four areas.

This year, I believe the plan is to have two concurrent tracks: beginner and advanced. Shawn has lined up some very interesting talks that are deep on the tech side and not appropriate for beginners. But I'm hoping that we'll have more beginners than veterans show up so I'm trying to line up speakers who can give introductions to various topics or speak on soft topics like the social, legal, and policy issues of using encryption.

I expect that toward the end of the night people will naturally break off into work groups to talk about different topics or work on projects, but at least at the beginning I'd like to have some good introductory topics to expose people to the basic tools, terminology, and set the right tone.




Reply all
Reply to author
Forward
0 new messages