Last weekend I went to a hacker convention in Washington DC. I am not a hacker.
When I first met Matt he described his job as: “computer ninja.” He does everything from hacking wireless systems to physically breaking into buildings, and he does it legally, for money! He goes to hacker conventions a few times a year, often I’ll tag along because even though I only understand about a quarter of what they’re talking about, the people are interesting and the more theoretical talks are fascinating. Last year when he went to Shmoocon I went along for the ride, but didn’t got to the convention. The hotel is in a super safe part of DC and there’s a ton to do in the city by myself. Last year I meant to walk down to Dupont Circle and be all touristy, but mostly ended up hanging out at the zoo. I love zoos.
The talks last year sounded interesting enough that I wished I’d been able to attend some of them, and this year, Matt ended up giving one of the talks, so hacker or not, going to Shmoocon was a must. Shmoo tickets are generally a little pricey, not to mention close to impossible to get, to justify buying one for someone who won’t really understand what’s going on (aka: me). Fortunately Matt had already purchased his ticket when he found out he was speaking, so when he got his comp for speaking, we had an extra.
I talk about being a technical idiot, but the truth is I generally understand enough to at least keep my head above water. I’m not a hacker, but I am a weirdo, so I fit in pretty well. The keynote was given by an academic named Matt Blaze (not to be confused with my husband, Matt Neely), talking about what a horrible idea wire tapping is. Specificly, he pointed out that the ethical issues were completely irrelevant because the technical problems were so horrendous that something horrible is (and has) bound to happen. The talk pointed out several specific issues that I’d never considered, all of which go along with my usual conception of a disjointed, bullheaded government. I think that’s not a reflection on any particular administration, it’s just bureaucracy. He’s a good speaker and it was an encouraging way to start the day.
That evening Matt (my Matt), as part of Security Justice (a local security podcast) was part of a joint podcast with several other security podcasters. It was interesting to watch the process but I think it could have gone better. There were about fifty spectators or so, and we were repeatedly told, at the beginning, to keep silent, or we’d ruin the podcast. So we watched in silence (more or less) to recording that we unfortunately couldn’t hear. There were no speakers set up, or anyway way for us to have a decent idea what was going on. Although the podcasters were all speaking into microphones for the recording, we could hear only their normal, un-amplified voices. Often or not, that wasn’t enough. They gave out prizes throughout, and while I suppose that was cool for the people who got prizes, it sort of distracted from the actual podcast. Lastly, I think since they were recording in front of an audience, it would have been nice if they’d had some way for the audience to participate in the discussion (what little we could hear of it), beyond clowning for prizes. It was still interesting, and I think the actual podcast should be decent, I just thought there was a lot of room for improvement.
Matt gave his talk at ten the next morning. He ROCKED. I’m honestly not just saying that because he’s my husband, his talk was great, even though I’ve heard most of it in bits and pieces before.
The talk was on using radio equipment to break into a client site. He talked about hearing guard information and tapping into headsets to hear valuable information. I think this is pretty cool: he’s using what most people consider antiquated equipment. Radios are popular among computer geeks because they’re geeks, not because most of them actually consider them useful. He also had some awesome stories of times he’d actually used these techniques, which made it that much better. Because radios are pretty much ignored however, Matt presented a fairly new direction of attack. Considering the packed room and positive feedback he’s getting, I think I’m not the only one who was impressed.
After Matt’s talk I went to a martial arts demo in the hallway. It’s stretching parameters to make this fit in a hacker convention, but I think it qualifies simply by being “cool.” I found the demo interesting, not half because 70 percent of the attendants had some kind of experience with martial arts already. It was entertaining to listen to the conversations after of: “no, you should do it this way,” and “why did you do this? doesn’t this work better?” I myself have done several years of martial arts, but am by no means an expert, so I mostly kept my mouth shut (a rarity I assure you) and watched the show.
I avoided what seemed to be the super technical hacking talks. I could care less about new hacking tools, and I wouldn’t understand the more defensive geared talks. Instead I went to a talk on “Hacking the Genome.” The speaker was good, I enjoyed the first half of the talk immensely. I liked the idea of comparing gene biology to cryptography, a juxtaposition that ought to be obvious I suppose, but I’d never considered it. About halfway through the talk got to be a bit too technical for me, but I had enough to think about to keep myself entertained.
There was a great talk given by lawyer Tyler Pitchford on the laws surrounding the 4th amendment (he also talked briefly about the 5th amendment). This was right up my alley: my iphone has the constitution app installed, and before that I carried around a pocket constitution. I get very annoyed when people talk about their “constitutional right” to do things that aren’t actually in the constitution, so I keep it handy so I can make them look stupid (because I’m that kind of person).
This talk was all about when and what police can search on your computer. He used case studies to show different examples. The one I remember best is: the police are searching for a robber in your neighborhood and ask for permission to search your apartment. You give it, and while they’re searching they notice a file on your screen called: “My illegal hacking files.” The open the file, discover that it’s only porn, but on searching the rest of your computer, find several scary illegal hacker files on other parts of your computer. As I understood it, anything in the initial file would be admissible in court because it was in “plain sight” while the files found under further searching would not, because they were not covered in the scope of permission you granted them. Lots of stuff like that, a discussion on whether passwords are protected by the fifth amendment, and a heavy concentration on border laws.
The last talk of the day, and my favorite (aside from Matt) wasn’t hacker related at all. It was “Storming the Ivy Tower,” by Sandy Clark (or “Mouse”). This talk was all about how hackers can use their skills (both technical and social engineering) to get into school (undergrad or grad). The only criticism I have is that I think Mouse may have misjudged her audience– I may be mistaken but I don’t think there were many high schoolers in the audience, and she spent about twenty minutes talking about how to get into college from high school. I still found it interesting since I’ll have kids someday, and, since academia moves at a glacial pace (I should know) I doubt much will have changed in twenty years in terms of admissions. Nobody else seemed to be bored by it, so I don’t think it’s a big deal.
The rest of the talk was probably more relevant to Matt than me. It was all about how to convert real life experience to academic credit, how to change hacker, convention style talks and papers (like Matt gives) into peer reviewed academic papers, how to find the right program, etc. It was geared specifically at people looking into computer science degrees, but much of it could easily have applied to other areas. She included her own academic history which was interesting and encouraging.
Aside from all the talks, Shmoocon is mainly an excuse for hackers to get together and go wild in their geeky, low alcohol tolerance, ways. Matt actually wore a kilt (from Utilikilt in Seattle) the whole weekend, which made it easy for people to pick him out. And yes, he was wearing it “regimental style.”
Shmoocon is fun and relaxing, even for me, not knowing much about hacking. I did skip the second day of talks, not understanding any of the titles I guessed I wouldn’t understand the content either, so I got my National Zoo fix. I even managed to make it back in time for closing remarks, which included lots of “Shmooballs” thrown at the speakers, prizes (I snagged a book, the Manga Guide to Statistics???) and general silliness. It was a good weekend.