Hacker Conventions Ranked By Bandwidth-Per-Visitor

An Anonymous Coward writes "Ever wondered how much bandwidth you will get at a hacker con? This web page tells you how much. It shows the total bandwidth and bandwidth for each visitor for all the recent hacker cons." It looks like Defcon attendees get the short end of the stick, while those at metarheinmain chaosdays are practically swimming in bandwidth. There are a lot of other cons (a few examples listed here) which I'd like to see added to this list.

How much does it matter anyhow?

[Arainach]

You'd have to be pretty crazy and/or desperate to risk using the provided bandwidth at DefCon (or any hacker con) for that matter. Regardless of how much faith you may have in the people running the network, you're surrounded on all sides by people who would like nothing more than to steal your information. While at DefCon, stay away from the ATMs and if at all possible stay away from the network entirely.

Re:How much does it matter anyhow?

[maxume]

Are you one of these bad-ass uber hackers?

Re:How much does it matter anyhow?

While at DefCon, stay away from the ATMs and if at all possible stay away from the network entirely.

I've heard the can hack those ATMs to steal your information if you even look at them!

Re:How much does it matter anyhow?

[lysergic.acid]

yes, because we all know that 99% of all internet traffic is used for the transmission of e-mail passwords, credit card info, social security numbers, and other sensitive personal info. after all, no one would possibly want to read the news, or check their favorite blog or web comic, or play some online games while at DefCon.

and i'm sure no one at DefCon has ever heard of SSL.

Re:How much does it matter anyhow?

[Eil]

I can't tell if this is a troll or not, but I'll bite either way...

You'd have to be pretty crazy and/or desperate to risk using the provided bandwidth at DefCon (or any hacker con) for that matter.

I don't think you understand much about hackers or hacker conventions. The conventions tend to have the best network management and security possible, period. That's what these people do all day long. For most of them, it's their job to make things secure so of course they're going to put more effort into it, especially with their friends hanging around.

Regardless of how much faith you may have in the people running the network, you're surrounded on all sides by people who would like nothing more than to steal your information.

Sheesh, let me guess, you check under your bed for hackers at night before you go to sleep?

First off, it's universally accepted at all hacker cons that you don't attack the infrastructure put in place by either the con or the hotel. Doing so will just ruin it everyone. It's the kind of thing that will get a person banned from both permanently.

Second, hackers do not want your information. They mainly care about exploring and exposing weaknesses that will allow less scrupulous elements of society to steal your data. (Namely, fraudsters and most federal governments.)

While at DefCon, stay away from the ATMs and if at all possible stay away from the network entirely.

The advice to stay away from free-standing ATMs is always applicable, but I have no sympathy for someone who sends sensitive information over an insecure channel no matter which network they're on.

Re:How much does it matter anyhow?

[SCHecklerX]

The worst that happens is stability problems, assuming you use a VPN with strong crypto and authentication. You *do* do that, when on a hostile network, don't you? If not, welcome to the wall of sheep, or injection of goatse into all of your web pages, etc.

The stability problems have gone away in recent years with Aruba and others using the con as a proving ground for their wireless security tools on the live network.

Re:How much does it matter anyhow?

[flosofl]

You'd have to be pretty crazy and/or desperate to risk using the provided bandwidth at DefCon (or any hacker con) for that matter. Regardless of how much faith you may have in the people running the network, you're surrounded on all sides by people who would like nothing more than to steal your information. While at DefCon, stay away from the ATMs and if at all possible stay away from the network entirely.

Dude, what? I was there and as long as you use OpenVPN back to your home box and proxy everything through your cable modem you're going to be OK. Or create a SOCKS proxy using a ssh tunnel back to your home connection.

Yeah, stay away from the ATMs because you will get raped by the fees. Or are you trying to say that someone will put a magstripe and PIN harvester on the machines. As if. Not only was security seriously stepped up compared to the last two years, the casinos have cameras that do nothing but monitor the ATMs precisely to stop this (I chatted up one of the security suits this year).

Breath easy and just be aware of what kind of traffic is leaving and entering your system.

Did you even go this year? If you did, I bet you were the one cowering in the corner removing the batteries from all your devices "just in case".

Re:How much does it matter anyhow?

[FormOfActionBanana]

I guess you didn't read the Kaminsky presentation.

Re:How much does it matter anyhow?

[leuk_he]

He is one of the spooks who want to keep their data safe instead of hacking...

Re:How much does it matter anyhow?

[lordofwhee]

How many passwords that flow over the intertubes do you think are encrypted? Very few actually are.

Plus, there's all sorts of fun attacks that require you to just be connected to a network to perform (TCP injection being my personal favorite. Instead of google, they get blaster.).

Re:How much does it matter anyhow?

[jrockway]

Modifying existing ATMs is only one way to get magstripes/PINs. You could also build a box that looks like an ATM, add a card reader + keypad + clever software, and deploy it on a nearby street corner. You could even make it dispense money, if you were so inclined.

Re:How much does it matter anyhow?

[Lobster+Quadrille]

I was there and as long as you use OpenVPN back to your home box and proxy everything through your cable modem you're going to be OK.

Yeah, I know. I was the one pretending to be your home box.

Yes, the danger of Defcon's network is probably exaggerated, but the fact is, of all the people in the world, the ones that know how to break SSL, MITM your VPN, etc. are concentrated in one hotel on one weekend. It's not smart to overexpose yourself in any case, but extra caution isn't stupid.

Re:How much does it matter anyhow?

You'd have to be pretty crazy and/or desperate to risk using the provided bandwidth at DefCon (or any hacker con) for that matter.

I don't think you understand much about hackers or hacker conventions. The conventions tend to have the best network management and security possible, period. That's what these people do all day long. For most of them, it's their job to make things secure so of course they're going to put more effort into it, especially with their friends hanging around.

Gee, I guess it's safe to use the WiFi and ATMs at Defcon. Wait a sec... nice social engineering!

I don't get it.

[SoapBox17]

Color me stupid, but I don't understand why anyone would care how much bandwidth per atendee is available at a hacker convention. You don't got to *do* hacking, you go to learn about hacking from people in the same building (thus requiring little to no B/W). And from what I have heard about Defcon you are best to not bring any of your own devices at all, lest you end up hacked yourself and on the wall of shame.

Re:I don't get it.

[wik]

Put another way, the bisection bandwidth between participants at a decent conference should be high. The bandwidth external to the conference really shouldn't matter.

There are much better ways to get an internet connection which don't involve spending hundreds of dollars to get into a hotel.

Re:I don't get it.

Color me stupid, but I don't understand why anyone would care how much bandwidth per atendee is available at a hacker convention. You don't got to *do* hacking, you go to learn about hacking from people in the same building (thus requiring little to no B/W). And from what I have heard about Defcon you are best to not bring any of your own devices at all, lest you end up hacked yourself and on the wall of shame.

So? You haven't stumbled on some great insight here the rest of us don't see. It's just a fun little metric. Quit yer bitching.

Re:I don't get it.

You don't got to *do* hacking, you go to learn about hacking from people in the same building (thus requiring little to no B/W).

I don't really know about American hacker conferences, as I've never been to one, but from what I've heard about American hacker culture, it seems that you're projecting its integration into commerce onto the rest of the world.

Visit a European hacker conference, you'll see that there's a lot of hacking going on at the conference. Also, the ideology of free flow of information is considered very important, which includes lots of Internet for everyone. This probably is why conferences are planned in a way that there'll be gigabit Internet uplinks (or at least tens of megabits at camps).

Re:I don't get it.

[I+confirm+I'm+not+a]

Pah! It's still cheaper than AT&T! *And* you get a hotel thrown in!

Re:I don't get it.

[flirzan]

You don't got to *do* hacking, you go to learn about hacking from people in the same building (thus requiring little to no B/W).

You have clearly never been to defcon, and/or miss the point of the con altogether. Sure, there are great speakers giving talks about important and relevant topics. Some of them are even useful...

But the larger part of con the for a lot of the attendees is to get together with like-minded individuals and...wait for it...hack.

Here are some examples of the hacking that went on at this year's defcon. The Lost@con Mystersy Challenge results aren't there, and as a participant I can tell you that it required breaking crypto, circumventing physical security measures, debugging code, hardware hacking skills, and trick-or-treating, among other things. I don't know what your definition of "hacking" is, but it should probably include a few of those.

This also doesn't mention some of the cool things going on in the lock-picking village, the hardware hacking village, the wi-fi village, etc...

And from what I have heard about Defcon you are best to not bring any of your own devices at all, lest you end up hacked yourself and on the wall of shame.

Most people I know wipe and reimage their machines after spending any time at all on the defcon network. They call it the most hostile network environment on the planet for good reasons. That being said, the Wall of Sheep has absolutely nothing to do with being "hacked", it simply displays usernames and (partial) passwords for people who are too stupid or lazy to use encrypted protocols. If you show up at a hacker convention and can't be bothered to use TLS or SSL for your email, you deserve to be shamed.

Re:I don't get it.

[lysergic.acid]

if you really are there to learn, then being on the wall of sheep shouldn't be a deterrent from bringing your own device. being hacked is a learning experience in itself.

and wouldn't you rather be hacked at a convention which promotes education and security awareness rather than in the real world where you're likely to be hacked by a script kiddie who's motivated by malice and won't be so kind as to let you know that your security has been compromised?

if you do find your system hacked into and can't figure out how it happened, i'm sure you could find plenty of people around you who could help you find the security hole and patch it up. i mean, it's all in good fun most of the time. it's not like someone at DefCon will hack into your laptop and then purposely delete all of your important documents or infect you with a virus.

Re:I don't get it.

[techno-vampire]

. If you show up at a hacker convention and can't be bothered to use TLS or SSL for your email, you deserve to be shamed.

Either that, or use ssh to log into your home box and read your email that way.

Re:I don't get it.

[foalkn]

nope, it's talking about the bandwidth to the internet aka uplink, not the internal connectivity.

Location

[Vertana]

Location plays a major part in how much bandwidth is going to be available. Beyond being just dependent on the ISP based on location and what companies are available there, you also have to look at which building it is being held in. DEFCON may have gotten the short end of the stick because the owners of the building they used would only allow so much. Not that a lot is needed (at least in comparison to how many participants are there)... nobody exactly goes to DEFCON to torrent an HD movie.

Re:Location

[PerlDudeXL]

the "metarheinmain chaosdays" takes place at a major technical university.
I guess they will be able to use the existing network/wifi and outbound connectivity
that the university has already (via DFN).
and they probably do not need to pay for the bandwidth used.

If you were at Defcon...

Would you use the provided internet connection? Seriously?

Re:If you were at Defcon...

[Darkness404]

There has to be at least one press member there that decides to go check his e-mail...

Re:If you were at Defcon...

[byolinux]

Why not? Run an SSH session with a strong key to a private box and shell from there, to your mail, etc.

but what about...

[liquidf]

...BiMonSciFiCon?!? of all the cons, that is obviously the most important

Re:but what about...

...BiMonSciFiCon?!? of all the cons, that is obviously the most important

Be there and be square!

SIGGRAPH

[morrison]

It'd be interesting to see the bandwidth statistics for the annual ACM SIGGRAPH computer graphics conference. With tens of thousands of visitors and thousands of full-conference attendees (a huge portion of which are on their laptops all week), I've yet to see a SIGGRAPH conference that didn't bring a convention center's networking to its knees (as well as most surrounding hotel networks). Of course, the per-person bandwidth is relatively low with so many users, but it would be interesting to see the statistics throughout the week regardless.

Especially for such a massive conference that is accustomed to the sustained high-tech audio/video load and with organizers that try to anticipate the high-usage (and have a corresponding budget to prepare), I suspect that there are considerably more bits transferred during SIGGRAPH than most any other conference through sheer size alone.

You must be new here ;)

It's a number to obsess about, like GHz and Megapixels. It's also completely meaningless.

I call BS.

I'm sorry, 13gbit/s at 24c3? I find that rather hard to believe.

Re:First Post!

[spazdor]

I was too slow! Goddamn this lousy con wifi access!

Nice Chart

[SupplyMission]

Anybody know what software they used to produce that chart?

The combination of spreadsheet data right alongside the bar graph looks really handy. I wouldn't mind having that ability for some upcoming reports and presentations.

Re:Nice Chart

You can do that with Google Docs.

Although it's much more responsive in Chrome.

Re:Nice Chart

[slyborg]

Um, kind of looks like Excel. You could definitely do it in Excel.

Re:Nice Chart

[orangesquid]

I'm slightly impressed by the automatically-scaled logarithmic plot. Any and every dumb chart-producing app can auto-scale a linear scale correctly, but, check it yourself, int(e(n*(l(9000)/10))) [n=0..10] is correct (at least at first glance to someone who's more interested in his tomato soup at the moment).

And, as people above have stated, it's not the bandwidth to the 'net that I'd want at an *{info,secur,...}*con, it's the inter-attendee (and attendee-presenter) bandwidth.

Re:Nice Chart

Apple Numbers 1.0.2

You can check this yourself by downloading the PDF version and looking at its properties/headers.

Re:First Post!

[daniel23]

time to finally move to the rhein-main area

hmmmmm

well it could be , because the 2 conformance are in different countries . lol , if you r going to compare , make if fair

Duh!

[itwasgreektome]

Ummm, it's a hacker convention- Why would they purchase their own bandwidth when there's wireless in the office above?

Re:Duh!

[Tubal-Cain]

So you are suggesting that a crowd of several hundred people (the kind that propably make Comcast's list of excessive downloaders) share a measly ~1.5Mbps?

Re:Duh!

[itwasgreektome]

Lol- I'm not saying they are happy with that 1.5Mbps, nor am I saying it's enough- I'm just saying, they're hackers- and it's free.

think they forgot one con

[NynexNinja]

Sounds like they forgot about the oldest running hacker conference, Pumpcon, held every year in Philly since about 1987... I guess it's too underground (less than 200 people show up every year) -- although the who's who of the hacker world has probably been there at some point, no doubt.

A thing about german conventions

[foalkn]

We dont pay for our bandwidth... We get it for free and even the largest german internet provider asks us if they could peer with us.

Hacker Conventions Ranked By Poontang-Per-Visitor

[slyborg]

Here I thought "bandwidth" was an euphemism for something worth ranking, and it's just a list of how many bits went in and out....

Ãoehm, depends on what you are doing

[Casandro]

Well the high bandwidth conferences usually stream all their talks as high-quality video into the net.

I have no idea why bandwidth is seen as such a scarse resource in your country. The congresses usually get their bandwidth for free. I mean it's just a few gigabits for a few days, ISPs donate that to balance their peering agreements.

Result of image of hackers

[Casandro]

Well the problem probably lies in the image of hackers. I mean in germany, the CCC made a good name by talking publicaly about sensitive political issues and showing the dangers. Also by showing that certain "ohh we are so secure"-systems are completely insecure after all, etc. And of course the occational "fun, but everybody likes it" project like Blinkenlights.

What you guys in the US need is some kind of hacker association like the CCC. I mean 2600 is already quite nice, but it's commercial and therefore cannot do certain things like publishing all their issues on the web. And it's just a magazine, no institution.

The european congresses often get their bandwidth for free or almoust for free.

ToorCon bandwidth stats

[darkuncle]

I've been running the network at ToorCon for the past several years (configs here), and the first year (before I was really helping out at all) we hung the entire con off a Ricochet 56Kbps wireless modem. :) We've had point-to-point wifi links and gigabit drops from hotels, but the last several years at the San Diego Convention Center, we've been using primarily donated EVDO cards as uplinks - mainly because SDCC wants $10,000 per diem for wired network access, with a stipulation of no NAT (making it useless for a conference LAN). This year we'll be running multiple EVDO uplinks load-balanced with OpenBSD; the goal is to have the speed of a wired uplink with the flexibility of cellular access.

If you happen to be at the con, stop by the NOC and say hi.

Re:ToorCon bandwidth stats

Your configs dont say anything about the bandwidth, would you please mail the info to the email addresse mentioned on the website

CCC's network information can be found here

[kupojsin]

https://events.ccc.de/camp/2007/Fahrplan/attachments/1348-Camp07-NetworkStats.pdf (the line had at least 300MBit for 1800 attendees ) Hope Number Six had a 45mb uplink, but only 10mb was used due to a bad cable connection and roughly 3000 attendees straight from network operator from the convention) someone can contact dragorn on nycwireless.net or watch the closing ceremonies of the last hope for the specs this year

Obvious Formula

[itwasgreektome]

The amount of available bandwidth per visitor at any given hacker convention should be calculable as follows: ABPVAAGHC= [The amount of available free wireless networks in the area]* [The average bandwidth of those networks]/[The number of attendees at that convention] They're hackers...why would they have their own service?

Precision

It says "1.024 kbits/person" for an event (gpn7) that had 100 Mbit/s and 100 visitors. Last time I checked, 1 Mbit = 1000 Kbit. It's just that - 1000, not 1024. And they can't even use "." right.