Slashdot Mirror

jonerik writes "Ain't It Cool News has an article on one of the more fascinating fan film projects ever conceived: A shot-for-shot remake of "Raiders of the Lost Ark" filmed in Biloxi, Mississippi between 1982 and 1988 by Eric Zala, Jayson Lamb and Chris Strompolis. What's particularly amazing is that the trio began filming the project when they were twelve and finished six years later when they were eighteen. Now, fifteen years after the project was completed, word of the film's existence has gotten out and audiences who have seen it have reportedly been stunned by the trio's ingenuity, with none other than "RotLA" director Steven Spielberg giving Zala, Lamb, and Strompolis a big thumbs-up. The complete film isn't available online, but a trailer that gives a bit of the feel of the finished project can be viewed. The Austin Chronicle also has a story on the project."

A semi-anonymous reader writes with this account: "Kyley and I drove up to Austin for the Linux top gun hacker challenge event. We weren't sure what to expect, but looked forward to seeing a theatre with wireless internet, meeting security geeks, and learning new tricks at this hackfest. In the end, most people left early and unhappy, but I'm still glad we went." Read on for more on what was worthwhile about this event, and what left some of the audience disappointed.

We heard about this from a slashdot article ("Computer Attack and Defense As Spectator Sport").

Tough Audience The event was held at the Alamo Drafthouse, a movie house with tables and a wireless network. The theatre was packed, and there was a waiting line going out the door. I talked to an admin who had driven in from Brownsville (South Texas) for this event, so obviously there was a lot of interest, although we didnt know what to expect. Many attendees, maybe 10%, had computers with them.

The event was supposed to start at 7 p.m., but because of technical difficulties, it didnt start until 9 p.m. In the outer lobby were vendors selling metal bras and edgy political/sex books. Very Austinesque.

The Event Itself When the Top Gun event itself started, it went like this: there are a few registered teams; each team is given the 'target' box, and has ten minutes to secure it. After that, everyone in the room has thirty minutes to try to hack into the box. A few services had to be enabled -- http, https, ssh, smtp, and ftp. The defenders start with 100 points, and points are deducted if any of the services seemed unavailable, or if judges determined the box was compromised. DoS attacks are not allowed.

Already the idea sounded weak. On the big screen, they were running a homebrew GUI app that showed the score, time, IP addresses, and the services on the target. The services were being polled by a monitoring machine, and the response time was displayed. If the response time increased, i.e. the service was laggy, then points were automatically deducted from the defender's score. Laggy web server performance? That's a strange definition of 'hacked', but it is (or should have been) easy to monitor, which is probably why they did it.

Part of the draw to this event was that they were going to use "video animation" to "show how network attacks happen." I didn't have my hopes up for this, but I was still disapointed. They used their (Linux-based) homebrew GUI, which looked like it just used some libraries from etherape to draw lines from ips to the services on the target they attach to. That was it for the visualizations. The list of services was supposed to turn from green to red when they went slow, but for most of the night they stayed red and displayed just zeros, no readings. Their software appeared very buggy, hardly ever working, and windows in the background showed them fixing it as they went.

The commentary was sparse and uninformative. "Yes, that line shows connections to http, and it is taking a beating!" There was no discussion of exploits, security, concepts, attacks, what is currently happening, etc. After the attack session ended, the defenders were brought up for a brief Q&A, which reminded me of a post-fight boxing interview. "Uh, yeah, we felt good, we had a plan. A lot of things happened, and we applied patches."

Before, during, and after the attack session, no one knew what was happening. It seems that despite hours of trying by different teams, the target box was NEVER compromised. During the second Q&A session I stood up and asked, "Was the box hacked in any way whatsoever?" The reply? "Probably." But no one knew. If it had been hacked, I believe the person doing it would have said something, or at least bragged on the irc channel for the contest.

The entire operation seemed very amateurish. Technical difficulties occured during the event, giving one team a higher score becuase the monitoring software wasnt working to remove points. Most attendees left early, and a highlight of the evening was when someone posted ascii porn to the irc channel.

On the upside, the DJ had a good stream of music, there were more women than you'd expect, and some in small metal bras. And it was a gathering of a lot of smart geeks, a great opp to meet people.

Room for improvement. The longest topic of conversation in the audience was how to fix this mess. We came up with some ideas:

Visuals

They should have used proven, off-the-shelf network visualization and monitoring tools for the event. We were _dying_ for some snort output, to see what exploits were being attempted. A tool like Demarc would have been perfect to show the events as they happened. Or at least snortsnarf or acid. The screen should have rotated between different monitoring tools to give an idea of what was happening.

Contest Format

The format of the event was flawed. The truth is most hackers take advantage of easy targets. Defending a box is not that hard. Simply applying the latest patches and configuring a basic iptables firewall about does it. After those steps are taken by the defending team, only truely leet hax0rs with 0day exploits are going to get root in thirty minutes.

A better format would be this: Bring an unpatched or lightly patched Linux server for everyone to attack. As soon as someone gets in, stop the show. The hacker gets a prize, and has to explain/show what they did. Then that vulnerability is patched, and the contest starts up again.

All in all, the event was a let down. Austin is a cool town, and lots of smart geeks came out. There is obviously interest in an event like this, but the execution didn't result in any entertainment or learning. If this is a PR event to generate publicity for the sponsors, I think it failed, because if this is an example of their organizational and technical skills, I would not hire them myself. But then, they're probably better at security than they are at public events.

Slashdot welcomes reader-submitted features; thanks to marc for this one.

zanbar writes "There was a Slashdot story in March about the Alamo Drafthouse in Austin -- using WiFi in a theater. On Jan 11th, an event at the Alamo will combine video with wireless. LinuxTopGun.org gives details about a series of computer network attack competitions going on tour through North America. They bring in a Linux/Apache web server, a bunch of teams bring in their laptops and attack it over a wireless network. Teams take turns onstage defending the server and then answering audience Q&A about their strategies. MCs interview competitors and explain network attacks to the audience. DJs mix and VJs flip live video with network visualization software -- animations like in the movie 'Hackers.' Judges award points for how well competitors perform, both online and onstage, and the top teams win prizes... It's like watching computer attacks as a live sport. There is also some discussion taking place in #ltg on efnet."

vern@austin802.11.com writes: "Imagine being able to IRC someone to pass the popcorn! The Austin Wireless Group has helped establish what may well be the country's first Wireless Enabled Theatre. The Alamo Draft House movie theater in Austin, Texas now has 802.11b wireless broadband Internet access that covers all screens in their complex. This "retrofit" theater had every other row replaced with tables and offers dinner and drinks with the show. So, you can park your laptop, order a burger/beer, then email in a movie review all w/o disturbing your fellow patrons. Cool! :)"