antiTree | posts and projects
posted on May 23, 2012

BSidesROC is over. There’s no reason to really give you a blow by blow but I think it might be entertaining to see some of the feedback we received from attendees. Both years that we’ve done BSidesROC we’ve sent out a survey email right after the event with a very quick survey that gave us some feedback on what people thought about the event. I really do take it seriously but also some of the responses were very interesting.

The responses we received were overwhelmingly positive which is good. But I’m not going to make a post about “Why BSidesROC 2012 Was a success!” I think it’s more entertaining to you, and more useful for next year, if we talk about what sucked.

Here are a summary of some of, what I regard as, more interesting survey responses.


 Closeness to death:

Why are you here?


The badges this year were fake handcuffs. Last year they were dog tags. There was a lot of thought put into coming up with something different for badges. We didn’t want to do the uber-techno-arduinobased-microwave-generating-death-ray badge like Defcon and other cons do (mostly because we can’t!). And we didn’t want to spend any money because let’s face it, we dont’ have any. So our constraints were to find a badge that we think is cool, that will be ready to go by the con, and that won’t kill our budget if we buy $150 of them. The backstory on this idea was that sometime when we were driving back from BSidesDE, the van full of hackers decided that handcuffs were a good idea. The thought being you can learn how to shim or pick out of handcuffs so not only were they the badge, but a useful training tool. But we learned, they suck.

For your entertainment, here are some of the responses about how badges weren’t the greatest:

 If you’re going to give out handcuffs, you have to give out handcuffs.  Having a cheap version of something is worse than not having it at all imho.

Maybe get badges like AIDE has or Lascon had?

Drop the cheezy handcuffs

I could say that we’ll improve our badges for next year but I can’t promise that. 🙂 **We enjoy wasting time brainstorming weird badge ideas so expect something weird and possibly stupid next year. **

Tracks and Seating: Failures

This was interesting because there were some last minute changes that caused some issues. We had 2 tracks this year that were originally meant to be “Presentation” and “Workshop.” Kizz Myanthia was kind enough to offer to do a workshop that went along with his presentation and it was going to last for 4 hours. It was going to be cool – attend his talk, and then do a hands on workshop into how to use Metasploit and the such. Kizz unfortunately got his workshop pulled because he was transitioning between jobs. His previous employer told him that he was not allowed to do his workshop because he was using the Pro version of their company’s tool. If you can figure out who I’m talking about, let me just say that this was because of the Sales/legal/corporate dictator department and not that of the cool people that are part of the pentesting portion of the company. If I’ve just confused you, don’t worry about it.

So that left us with a big 4 hour block that we needed to fill. Which we didn’t. 🙂 We had some ideas but I admit: FAIL.

Also added to the fail was the screens. They weren’t big enough to reasonably read. We figured this out way too late to make a change. Lesson learned.

Things We Won’t Change:

There are a few things that make a BSides different than a normal conference and we’ll continue to follow those tenants. Here are a few examples of responses that we just won’t change and why:

A better venue. More comfortable and better seating would be preferable. Maybe RIT would sponsor the event in the Golisano auditorium.

This is really good feedback but I want to point out why we won’t be doing this. First of all, we love RIT and I’m an RIT grad, but in my opinion it’s important to develop a community not based on colleges and universities. There’s a lot of reasons for this that is not going to fit into this post. Second, we don’t want a conference that looks like a conference. (Read my other post about “con” vs “conference.”) That being said, yeah the chairs did suck. We’ll see what we can do. 🙂

More vendor tables setup

We love our sponsors and we love people that support the hacker community. The problem with this is that other conferences have made vendor tables the focus of the con. We’re sensitive to having vendor tables and probably won’t have any in the future. This is a “Security B-Sides” thing and one of the reasons that we like the BSides framework. If you love sitting through vendor presentations, don’t give a crap about practical technical content, and want to pretend to be a “hacker,” then you should check out Hackerfest. This is the reason that BSidesROC exists.

Random responses:

Here are some random questions and their responses to the survey:

Q. What do you think we could have done better?

A. Mark’s mom

A. this is 2012, where was the IPv6?

A. More restrooms…


Q. What did you like the best?

A. Flying fucking sharks


Q. Name as many BSidesROC sponsors as you can without looking

A. Baby jesus

A. Oh no…I didn’t know there was a quiz!