Rob LemosFor nearly two decades, the DEFCON hacking conference has brought together people with an interest in investigating technology and cracking security. In recent years, however, DEFCON has suffered significant growing pains. Getting between sessions meant pushing through crowds reminiscent of major crossroads in Tokyo. Entering an almost-completed session to get a jump on the next was not allowed, so people lined up in the hallways, further clogging the byways. And, the smaller sessions — such as the lockpicking village — failed to offer a sanctuary from the crowds and were routinely packed as well. While attendees were always destined to miss the majority of the happenings at the conference, DEFCON increasingly seems to be more about moving from location to location, and less about all of the learning in between.

Take, for example, this year’s popular talk by Moxie Marlinspike on the problems with the current secure-sockets-layer infrastructure. The red-shirted Goons — their official title — kept the line orderly, but it still took 25 minutes to get into the presentation’s venue, the Penn and Teller Theater, which seats 1,500. Between talks, the central hub and hallways were packed.

While attendance isn’t clear, the conference’s stock of 10,000 badges sold out early on Friday, according to DEFCON officials. The replacement badges, made of laminated paper, were readily evident, suggesting attendance numbers significantly higher than, and at least double, the 6,000 people that attended in 2003.

Founder Jeff Moss has tried various tactics over the years to mitigate the problems, but with little effect on the sheer number of people and the growth in attendance. Last year, the same problems existed, but the crowds and the bottlenecks at the Riveria could easily be blamed on the inability of the hotel’s layout to absorb the attendees.

The shift to the Rio Casino and Hotel solved many of the bottlenecks in the hallways, but underscored that the ultimate problem is not with the venue, but with the success of the show. This year, the hotel handled the crowds fairly well, but there were still problems: Watching back-to-back sessions at different venues was nearly impossible, and the size of the show meant that networking with others happened away from the Rio.

The future of an overtaxed DEFCON may reflect the failure of another show: Comdex, a Las Vegas conference that symbolized the era of the personal computer. While DEFCON has avoided many of the issues that plagued that show, they both have been troubled by their own success.

In the late 90s, massive growth hit Comdex. Originally, a meetup between vendors and manufacturers started in 1979, Comdex grew quickly as the dot-com boom took off. While the conference was considered a must-attend event for computer technology companies, the inflated prices for floor space and hotel rooms left executives disliking the necessary pilgrimage to technology’s Mecca.

In 2000, IBM canceled it’s booth at the show, others followed in a steady decline for the conference. In 2004, the conference took a hiatus, which became permanent. Today, more specialized conferences have taken the place of Comdex: the Consumer Electronics Show (CES), for example, has become the place to announce new consumer products.

DEFCON does not seem to have the organizational problems of Comdex, but success can cause its own issues. Like Comdex, DEFCON may have grown too big to serve hackers and tinkerers like it once did. Instead, for the attendees, the regional hacker conferences — such as CanSecWest, ToorCon, and ShmooCon, with attendance of high hundreds and low thousands — are a much better way to exchange information.

Will DEFCON go the way of Comdex? Not likely, and in any event, not immediately. Comdex’s fall came a few years after the burst of the dot-com bubble. The security industry and the hacker scene that fuels it is undergoing a boom, even amidst an economic downturn.

Yet, for all its promise, rethinking DEFCON may be necessary.

Categories: SMB Security, Vulnerabilities

Comments (4)

  1. Anonymouse
    2

    not many of the attendees has any business being there.

    maybe it’s time to return to our root(s).

  2. Agent X
    3

    I wouldn’t say we aren’t troubled by our own success, I say we have scaling issues. For roughly the last 6 years it’s required careful planning to see two talks back to back. I think this is more of reality about physics then something Defcon staff can manipulated.

    We do have scaling issues, and at this point Defcon has become very very big. I think Defcon is beyond the functional scale of single person to fully absorb in a 3-4 day period.

    These scaling issues are directly related to physics of having a giant hive of humanity doing many different things en mass BTW.

    Finally if you thought this eyar was Crazy ™ wait till next year! Defcon XX!

  3. Erik C
    4

    Look guys, lets admit it….defcon is no longer a “hacking” conference. It is a Maker, electronic freedom, privacy advocacy and also…sometimes….hacking conference. 

    I did a count of the talks classify theming based on abstract AND content to see how many had anything remotely to do with the theme of “Stealthly breaking into computer systems and networks”? The tally shows 27% of the talks at defcon have anything to do with hacking. To be honest that was higher than I was expecting but still pretty low. Compare this to REcon, cansecwest, etc. who fall in the 50%-90% relavence range.

    Defcon has grown into Comicon. Only a fraction of Comicon attendees actively collect comics, the rest are just fanbois. At defcon (with rare exception) the rule is: If you’ve got a mohawk, dyed hair or a black tshirt with a slogan showing your amazing wit (“Got root?”) then you’ve never had the skills to devise new attacks against software, hardware or operating systems.

    Defcon peaked for me in 2003 when my team won the CTF competition, now that contest too is just corporate BS. More than have the teams are “secretly” sponsored by DoD Cyber divisions from all the major contractors.

    Defcon is dead and useless as a hacker convention, the overcrowding problem is just the obvious indicator of this.

    Farewell defcon…you were awesome back in the day!

    -Erik-

Comments are closed.