What I remember from Rubi-Con IV -dead addict disclaimer: some of this may be bullshit, details, facts, and opinions may be misstated. It's possible I was drinking during a small portion of the conference. On Friday, as the conference was starting, Karen, who was with the hotel spoke to the gathered attendees. She expressed how happy and thrilled she was to be hosting us. I was confused, and wondered how sincere she was. You could tell she was nervous, and didn't know what she was getting herself into. You could tell that she was in the hospitality business, and by profession tried to please her guests. If I recall correctly she verbalized that she hoped that we would come back again - I doubted she would have this sentiment after the con had ended. She had absolutely no idea what she was in for. She had no clue. Her nervousness was utterly justified. I was hoping she would address at the end, and was looking forward to her reaction to the entire event after it had ended. While Karen didn't actually speak to the crowd at the end, I think her actions spoke louder than words. It was at the closing ceremonies that we fully understood her feelings regarding re-inviting us. The scavenger hunt results were displayed and talked about, including "morphine," "a manhole cover", "wallpaper" (didn't have to be from the hotel, but it turned out to be). A few moments earlier RGLV took the mike and was joking about when the bombs were going to go off ("the timer is set to ten minutes"). RGLIV was interrupted by someone and he quickly announced "The police are at the door, please leave right now, five at a time, with your hands in plain view." The crowd went wild with laughter, completely and utterly amused. "No, seriously, the police are right outside of the door, please leave right now, in groups of five, with your hands in the air." A side door opened from the outside, with a policeman there, standing with a police dog, ready to sniff the attendees as they left. I couldn't have imagined a more glorious and drama filled ending to the event. It was absolutely marvelous. Except of course for someone I knew standing in the room that was carrying drugs on his body. He was too hung-over/drunk to remember where the drugs were, but knew he was carrying some. He ended up escaping the room by merely avoiding the door that the dog was at, his drugs intact. The crowd went silent, utterly quiet. Relatively quickly, the room started to vacate. People talked among themselves in hushed voices, and started to file out. It turned out, probably to the relief of a great many people, that they didn't force people to walk past the drug dog; they could walk past another cop instead. Interestingly enough, the hotel itself never just asked us to leave. As far as I didn't know, they never barred any attendee from presence hotel grounds; they never kicked anyone out of the hotel. My understanding is that the staff expressed that it was more than okay with them if they expulsed troublemakers. They didn't expect the hotel to just deal and continue to invite those that vandalized the hotel. It was probably true that people who vandalized the hotel were smart enough not to let the staff supervise their crimes. I'm aware of at least one person being asked to leave, someone who had rented a room. The kid was very underage, allegedly 16, but certainly looking like he was 12 years old. With very little experience with alcohol the kid was drinking as much as he could as fast as he could muster. Saturday, the night he was kicked out of his room; I expressed to him that that drinking wine after drinking beer and had alcohol was a particularly poor idea, and that he would most likely get sick. He looked at me as if I was trying to bullshit him, trying to con him or something. He looked to a number of people in the room, trying to get confirmation on my wild claim, generally meeting with blank look. I'm certain much of the feigned ignorance was people trying to fuck with him and let him get sick, but there were a couple of hesitant confirmations on my allegations that wine and other booze don't mix well. Apparently although the hotel kicked him out for the night, they told him he could come back the next day. The next day I saw him drinking again. I heard several people express regret for the hotel's decision to re-invite him, as underage over drinkers tend not to be great intellectual contributors to hacker gatherings. I'm curious as to why his parents allowed him to come, particularly after they saw him drunk/hung-over to come back - in my judgment irresponsible. The hotel had the authority (as far as I can determine) and the blessing of the staff, they had the power to kick out anyone they wanted. They could ask people smoking in the hallways and drinking in the hallways to leave, they could ask people making too much noise to leave, they could have kicked out the entire convention if they wanted to (and they did threaten to). Instead of doing this, they called the police, the police interrupted the final ceremonies (it was a stroke of luck and chance that they didn't overhear the list of scavenger items that had been liberated from various parts of the city, and the staff member about to award a prize for such liberations). I haven't actually read the hotel contract, and I'm not a lawyer. My understanding is that the convention was responsible for the areas of the hotel that they had rented. A few hours into Friday (or was it Thursday) the hotel attempted to present Jim with an updated contract that they wanted him to sign. He apparently wasn't drunk enough to sign it yet (not that a contract signed while drunk would have been necessarily binding), and declined to. The hotel early on attempted to describe the damaged to the hotel, and apparently expected Rubi-Con to pay for this. A few missing light bulbs was their first complaint, I think I laughed out loud when I heard this - if this was the extent of their concerns then everything was going along quite mildly. At least China was still on the internet. They obviously didn't clue in to what they were getting themselves into. I had a discussion with an employee on Sunday regarding the various damages. By Sunday they apparently were somewhat significant. Someone had cut off a handset from a payphone, some bathrooms were flooded (this was quite uncool), the elevators had been hax0red (cardkey access to the fourth room was apparently bypassed, creating a number of other adverse effects), the aforementioned light bulbs were missing, a couple of other minor incidents had occurred (including some silliness on the roof). While it would be quite of work to undo this various damage, I pointed out how Marriott would be footing the bill, and they would still get their paychecks, perhaps work some overtime. It felt as if she felt true loyalty to the company, to the hotel. She explained to me that she was a stockholder in the company. Personally, I don't think that if we burnt down the entire hotel we would have impacted Marriott's bottom line. Furthermore, if Marriott thought that they could make another cent profit per share they would shut down the hotel she worked and fire her without a second thought. Perhaps I'm wrong, perhaps Marriott is that difficult to find exception in publicly traded corporations that still has loyalty to its employees - I doubt it. To be fair, the staff was very nice for the most part, and definitely had been trained for customer service. The service at the bar, while very friendly and nice, was about as slow as a 300 baud modem with line noise. The prices at the bar were quite obscene, with a sapphire-tonic costing $6.00 and a Samual Adams running $4.50. The staff was genuinely puzzled as to why a group of obviously highly intelligent people would cause so much destruction. The hacker mentality (outside the destructive nature of the crowd) was a completely foreign and incomprehensible idea to the bulk of them, I think. Personally, I think Rubi-Con should get reimbursed the price of the hotel, and shouldn't pay for any damaged outside the area they rented. Contracts ar e written for a purpose, and if a multinational publicly traded company can' t have their staff of lawyers draft a boiler-plate contract that will protect their assets appropriately, I can't see why Rubi-Con should have to compensate Marriott for the damages caused by guests of Marriott. Furthermore, by calling the police, it would appear to me that Marriott were breaking their contract for the space as they had agreed upon, for no good reason. The people that were kicked out by the police in the speaking room were not actively causing any damage to the hotel, and would have left on their own in an hour or two anyways. By Sunday everyone was hung over and run-down where they didn't really have the energy left to cause any serious damage. I'm still not certain what the legal basis of the having the Detroit PD present was - I wasn't informed of any laws that we were breaking. Someone I met a party earlier who seemed credible in his assurance that he had xyz criminal involvements ("I can get you shipments of such and such from xyz in a phone calls notice" - "wow, I didn't hear you) related to me that he knew at least 3 Detroit Cops that were 'employed' by friend of his. That is to state, I'm not certain the police had a legal justification for their actions, nor expected to need one. Note to self: ensure that a good lawyer is present at next Rubi-Con. Here is my non-lawyer worthless opinion of what Rubi-Con should do. Upon receiving the bullshit invoice that Marriott tries scam Rubi-Con into paying, send them a demand for a refund for the conference (as they apparently canceled the contract). Upon a second demand for some stupid amount of cash have a lawyer send a nasty-gram asking for their money back. I caught more speeches at Rubi-Con than I catch at an average Defcon and was quite impressed many of them (and left the ones that I wasn't getting anything out of). Mikko (a Fin from F-Secure) was quite impressive in his talk regarding the state of security on mobile devices (largely phones, but also PDAs). He discussed several released exploits for them (and clarified that while the press characterized them as viruses, they weren't actually viruses). He discussed theoretical viruses for mobile devices in the future, and was quite compelling in his arguments. Most alarming is the theoretical propagation rates for mobile viruses. In the future instead of platform specific attacks (exploiting specific phone firmware), malware (Trojans as found today, and viruses) will be targeted to the mobile platform operating system, which will not be hardware specific. Another talk which interested me much more than I expected it would was Bill Cheswick's research results of internet mapping. For years now he has been using traceroute to map the internet's growth and reconfigurations. It was a strictly research project when I saw a presentation of his years ago at Defcon, he was working for ATT Bell labs (later Lucent). Years ago he discussed his methodologies, which are quite similar to methods being used today, but didn't discuss the implications of his data sets. During this presentation he started talking about conclusions or inferences and meaning one could gather from the data he was mapping. He has started his own company and offering his services to companies to optimize their often poorly constructed intranets. He talked about some military and intelligence uses of his datasets (this potential usefulness is one reason why he doesn't offer his data to everyone, but one must ask permission for it). I think his years of speaking on the topic has also improved his speaking skills, he knows how to interact with a crowd better than he did years ago. One of the highlights of the conference was seeing Richard Theime, one of only a couple of people that I knew at the conference (excluding the organizers and some people local to my area). I was in the middle of a very rewarding conversation with William from nostarch press when I saw Richard. My attention to everything faded away and immediately I embraced him in a large bear hug, generally uncharacteristic of me, but it's Richard. It's pretty much true that everyone loves Richard; he is such a dynamic and intelligent hacker type, even if he is old enough to be our parents. It would probably be fair to say he is the spiritual minister for us hacking heathens, indeed he married DT, and when I was planning on getting married he was the only one I considered for the ceremony. Unfortunately Rubi-con scheduled him for 10AM on Saturday. I had deluded myself into thinking I could party until 6am and still get up in the morning to see his speech. Needless to say I missed his speech. I had the privilege to spend a reasonable amount of time at Rick Forno's table near the bar. He has been studying military and infrastructure security for some time now. He has advised various portions of our government regarding approaches to securing our nations infrastructure weaknesses and attempting to focus on intelligent risk management processes. For the most part he expressed utter disgust for what he correctly called the "nerf-security" that the government seems to be embracing now. It appears as if its security, but in reality is not. Classic examples of this are the presence of our national guard at the airport and other airport measures that aren't actually increasing security but increasing the image of security. These aren't security measures, but rather security appearance management measures. I have had similar experiences in the corporate arena that I'm unable to discuss, and wish him luck in his uphill battle smacking common sense into our government and military security strategies. His presentation had been moved from a speech to the keynote of the conference. Dark Tangent essentially bailed at the last moment, as the latest in the keynotes unable to make it. I heard plans for the organizers to get onstage and essentially fuck around and joke and just talk shit instead of presenting anything actually resembling a keynote. I volunteered to try to pull together a last minute keynote that I was relatively sure would be better than seeing some people just fucking around onstage. Luckily they convinced Forno, who gave a much better keynote that I would have, to change his speech from a presentation to a keynote address. He discussed our government's current efforts at securing the infrastructure, and how beurocracy prohibited efficiency. He showed an org chart that looked like utter chaos. I have pity for Tom Ridge, and hope his efforts amount to more than PR manipulations or attempts to assure the public without actually commanding the actual steps needed to improve security. I sincerely doubt Ridge's effectiveness, as most 'security' steps that I've seen publicized don't in my opinion actually increase security. I also had the pleasure of spending time with Joshua and Peter, from CryptoMail.org. The low-down I received on the product was that their vision was to have an open source alternative to Hushmail. While I have been very supportive (and indeed an active advocate/evangelist) for Hushmail, I was even more enthusiastic of an open source project that attempted to achieve the same goals as Hushmail. I look forward to using and installing CryptoMail myself. I think it was Friday night, at Admin-X's party that I got the low down on the architecture of Hushmail and was able to quiz him about implementation details. It's always a good idea to get technical understandings while drinking continually. I made it a point to catch his speech at 4PM the next day, going so far as to enter it in my Kyocera. It was a half-hour into his presentation the next day that I realized that I was missing it. I stepped in near the end of the presentation, getting there in time for the Q&A session. I asked a couple of questions, hopeful that it was material that wasn't covered in the main part of his session - it appeared as if it wasn't. Question: does the mail server support secure server-to-server communications (essentially creating a network of crypto-mail servers), answer: certainly not yet. I look forward to following the progress of this project, perhaps even overcoming my inertia and actively assisting. I had seen Jason Scott around at Defcon before, and even recall an encounter he had with the CDC that he related, but never had a chance to talk to him. Textfiles.com is an important project, and Jason has a sense of history and is actually doing something about it in his quest to document the computer underground. I applaud both his efforts and his general attitude/personality. The scene needs more people like him. Because of his efforts collecting text files from old BBS's, message networks, old group files, et cetera, his knowledge of the history of the scene is encyclopedic in nature. Upon feedback from one of the Con organizers, I changed my speech from leaking evidence of unethical corporate or governmental behavior safely to advice regarding the manipulation of the media. While my name had been published in the program, I didn't appear on any schedule. So the turn-out for my speech was low, and I noted that the audio had been not turned on to record (perhaps a moot point anyways given that one of the machines used for audio recording had ended up being stolen). The lack of permanent record (audio recording) caused more details to enter my speech than would have been normally (and than are on the written version of my speech). I got positive feedback regarding it, and questions during and after the presentation. I'll probably mail it to anyone that specifically asks me for it, but won't generally distribute it on the net at this point. I met a few other highly technical people whose skills I was in awe of. Because they weren't speakers and perhaps were 'active', I'll neglect mentioning their handles - if they wished to advertise their skills, they would do so. The One Who Feared Cameras must be mentioned, if not by name, then by his ability to hack with skill and technique at 100 words per minute. Most of my partying was spent in Admin-X's room. He had two adjoining rooms, continually intelligent/mature (well, for hackers) company, a goodly supply of booze, and generally a friendly atmosphere. There were other parties that were actively louder and drew more attention to them. Despite the large amount of rambunctious hackers and ravenous consumption of booze, the rooms silenced when occasion caused them to (answering the phone, answering the door, etc), and there weren't any active assholes there (with the possible excuse of the redhead I'll mention later, who was undoubtedly drunk). I went to a couple of other parties, but none that I wanted to spend any real time at. I had been invited to what I found out to be the 12 year old's room, and spent about ten minutes there. Upon realizing that the room was the kid's I attempted to leave as quickly as I could do so without being utterly rude. Luckily he wanted to go downstairs and wanted everyone out of his room after we had been there a few minutes. When I went into his room he explained that there was only smoking in the bathroom. I heard later that when his party expanded it ended up having like 15 people in the bathroom and like three in the main room. Upon entering the room I was asked to kick-down cash for booze. As I already had a beer in my hand and wasn't about to hand someone obviously underage money for his next booze run, I declined and offered to leave. I explained him that I was the entertainment (juggling fool that I am). He seemed to accept this and didn't have the assertiveness to actually deny me entrance or access to his booze. Upon leaving, less than twenty minutes later, I made sure that I filled my trench coat with booze - the less for him, the better. I distributed this liberally to the staff and organizers who didn't have a chance to chase down booze themselves. It was at this gathering that I advised him against drinking wine. Actually attempting to ensure he stopped drinking would have involved a physical confrontation that I had absolutely no interest in. He related a story of being duct taped to a pole on the roof. I had heard people planning to duct tape someone, and expressed sympathy. Instead of being upset about the whole matter, he seemed elated and proud to be picked. I found this to be even more pathetic and sad. I heard that he ended up handcuffed to a chair the next day for a long amount of time. His enthusiasm for being victimized undoubtedly helped ensure that he would be fucked with. Hotel Security, as it were, really had no chance in attempting to control the attendees. There were enough people that had scanners with the hotel's security frequency that we knew their every move. Apparently everyone with access to their radio frequency was smart enough not to transmit on it and thereby clue them into our access to their communications. This probably further contributed to the fact that no one got caught in the act of anything. By design, I didn't actually witness any acts of destruction, it is undeniable that there was significant damage caused (by the guests of Marriott). I was told that we were 'blacklisted from all Marriott hotels forever'. I inquired politely with a wicked grin if such a blacklist was in a database. Affirmative was the answer. My evil grin widened for no particular reason. The ultimate hack, in my humble opinion, is to get a refund from the hotel, then return to the Marriott Courtyard that is across the street from the Marriott we stayed in. There was some scene bullshit going on. This group vs. that group essentially amounted to dickwaving. There wasn't any actual escalation of this beyond words and some amusing hacks. Rubi-Con.org had its homepage replaced by a flash movie (that is unfortunately gone as of the writing of this) that required more time, effort, and thought than the original Rubi-Con web pages. One of the organizers was present in the room as the hack actually occurred, and can probably be heard (with myself) as one of the people shouting in the background at the end of the shockwave movie. It' s all about the content, as far as I'm concerned, regarding web hacks, and this had content, good, laugh-your-ass-off content. I was looking forward to seeing the hack for the first time (I heard it numerous times as it was being demo'd for those in the room) when I got back from the con - leaving a nugget of the flavor of the Con for later to savor. Unfortunately the hack was removed and replaced by other content. I'm sure I'll have the opportunity to view it in the future. The closest thing to violence I saw occur at the con (having missed the handcuffing and duct-taping of the drunken 12 year old) was a red-headed guy attempting to forcefully take my uber-flashlight (Surefire Dominator) from me. I had let him use the flashlight a few seconds earlier on the one condition he didn't shine it in anyone's eyes. Mere seconds after having it in his hands he was shining the sleeping eyes of a Rubi-Con organizer. I demanded my flashlight back, and he gave it back, and then attempted to take it from me. Whatever, it wasn't going to happen, and didn't happen. When I told him that it was only fair that I reciprocated and shined the flashlight in his eyes, he immediately turned around and left the room. Needless to say he was quite drunk, later in the con flipping me off real friendly like. I don't know why he didn't just get shined at the moment instead of anticipating the shining and 'fearing' me or whatever. Later in the Con I fulfilled my promise and shined him, no hard feelings. Apparently the network access was an on-and-off again affair. The network was undoubtedly more solid and faster than the network at Defcon 4. There were WAP access points around the hotel, but the bandwidth to the outside wasn't necessarily stable. In addition to general stupid technical difficulties, there was the inevitable electronic sabotage occurring. I remember Brian DeLine taking over the mic from the DJ that was spinning and making the declaration "Whoever keeps changing their IP to that of the gateway better stop NOW! We will start taking down subnets until we determine who the person is, and you don't want us to figure out who you are." I didn't hear of this occurring after that forceful announcement. I didn't really care much, and wasn't that concerned. I wasn't at the Con to fuck around and hack machines, gather warez, or surf the net. Furthermore, I would be damned if I was going to plug my machine into one of the more hostile networks I would be likely to encounter. I can live without the internet for a few days. I did spend a reasonable amount of time in the network room, as there was often a live DJ spinning there and it was the only place you were 'allowed' to smoke at. I guess with the moniker 'dead addict' it was inevitable I would be offered a wide selection of drugs, and indeed I was. I wasn't interesting in modifying my state of mind beyond booze and known substances that I knew would interact in a con environment and turned everyone down, with the exception of whip-its (nitrous). I took a balloon (or two, I think it was one) and enjoyed it thoroughly. Apparently one of the attendee's had just 'discovered' this drug and had made three trips to the "25 Hour Porn Store" to get more and more cases of it. I'm all for having a balloon or two, but that man killed more brain cells than I would have been comfortable killing. I guess they call it "hippy crack" for a reason. I hope that young hacker has the good sense to stop buying whip-its and leave some brain cells left for what skills he may have come to the convention with. I also tried what was called a 'wall faint', not quite a drug, but certainly an altered state of consciousness. It was the first time I tried it and probably my last, as being six feet plus tall is a large distance to fall from. Induced hyperventilation with my head below my heart followed by quickly standing up, putting my arms across my chest and having someone push on my chest. What was only a second or two sounded like an indeterminately long amount of time. It was a lot of fun, but I ended up with a nasty scrape on my elbow from the fall. As a rule it's the younger attendee's of a Con that cause real damage and destruction. Much of the damage that older attendees have a part in involve conning someone younger into doing something stupid. Most of the older people understand that they can get away with destruction, but instead attempt to build and create rather than destroy (which is quite easy). The younger ones have power, but not necessarily the discipline and risk analysis skills and judgment to use their power constructively. I think that most attendees who were involved in interesting projects and outputting useful data, and generally contributing to the community. Still, if only five percent of the attendees were destructive (which was correctly the hotel's assessment of the situation), a great amount of damage could be (and was) done. Rubi-Con, as well as other hacker Con's I've attended reminded me of Hakim Bey's idea of a TAZ (http://www.hermetic.com/bey/taz3.html#labelTAZ) - a temporary autonomous zone. A short time and place where there is a semblance of anarchy, where rules are somewhat dissolved and where 'reality is what you can get away with'. It's relatively easy to measure such a motley crew by the damage they do or are capable of. The positive change and creation that such a group has the potential of is beyond my imagination. I know and witnessed many connections being made, much important information being imparted, new data needed to help form people's 'big pictures' being communicated, personal networks of contacts dynamically expanding.