An Honest Review of DEF CON 31

Last weekend, I had a great time in Las Vegas at DEF CON 31 meeting up with some of my teammates from IrisSec, meeting new people, giving out stickers, hacking, learning all sorts of new things, and dining at fancy restaurants with my partner. However, this is not to say that DEF CON 31 was perfect. In fact, DEF CON 31 was a mess, and this is not an unpopular opinion. Let me explain.

Increased Ticket Prices

The price of a DEF CON ticket this year rose from $360 to $440 – an $80 increase. For most people who attended the con, this was honestly no big deal. We were already blowing hundreds on lodging, food, entertainment, shopping, and partying while in Las Vegas, and working in a lucrative profession affords such indulgences. It’s not so much that attendees were upset at a price increase so much as attendees were upset that we paid an increased price for…

Paper Badges

The logistics of DEF CON this year were a mess. Shortly after doors opened, the regular badges sold out and people got paper badges. In DEF CON’s history, this is rare. This year, there was unfortunately a logistical issue regarding the shipment of the badges from the manufacturer to the convention. While shipping delays are understandable, this was no doubt a logistical screw-up; for such a large event, the badges should have been sorted out months in advance and arrived on location weeks in advance.

Neither the normal nor the paper badges were electronic this year. There was no hardware badge hacking challenge. The badges supported paper “shards” instead of SAOs. The normal badge was hard, thick plastic, while the paper badge was flimsy plastic. Some people got the hard plastic sockets for shards to go with their paper badges, even though they didn’t fit as they only fit the non-paper badges. A default shard with a UUID came with each badge, although due to logistical and organizational messes, many either got no shard or multiple shards. The UUID was used to participate in a /r/place-like event, which was frankly uninspiring.

It was one big mess.

An Unusable Network

I’m surprised that the network connectivity was so bad at DEF CON considering the types of people who presumably run it. In some villages, I suspect the WAPs were misconfigured as legitimate connections were unable to even acquire an association with a WAP. In other villages, you could acquire an association but then had to deal with <10 kbps network speeds. It was so bad that many people ended up just hotspotting. In a class we tried to take, we were straight up told that there was no network service, even though it was required to perform the activity of the class.

At a convention of dozens of thousands of hackers with the busiest airwaves in the world, apparently nobody thought it would be a good idea to offer the tables a wired connection. CTFs, workshops, classes, and more were completely undoable due to the lack of a stable network connection in order to connect to required resources.

A Convention Center Too Small

Many of the rooms were fully packed with people and it was difficult to even walk around in them. At the physical security village, where many people congregated due to activities other villages failing due to the network issues, it was so cramped that it was hard to even walk from one table to another. For whatever reason, they were given a smaller room than last year.

There were lines outside of many villages because they were in such small rooms that they couldn’t support everyone at once, so they had to limit the number of people in the room at once. In fact, it was nearly impossible to get into the Red Team Village; they ended up passing out “coins” to people in the line and then let people with certain coins in at different times. This is a good idea, but the fact of the matter is that they shouldn’t have had to do that in the first place.

DEF CON, Scale Up

DEF CON as a convention has outgrown its convention centers. DEF CON still operates as if it’s a small convention, but it’s not. The general consensus amongst the attendees is that DEF CON needs to start organizing itself like it’s a large convention, because it is a large convention. Cramming popular villages into small rooms is unacceptable. Tripping up over something as preventable as shipping issues and network infrastructure issues is amateurish.

DEF CON, it’s time to scale up. This is one of the most significant conventions in the hacker culture, and it’s amazing meeting people and breaking things. In order to continue accomplishing its mission with an increasingly growing culture, it’s time to organize itself like the large event that it is.

Happy hacking.