Building the Hacker Tracker
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | ||
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39675 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
SystemprogrammierungSoftwareentwicklerHackerTechnische InformatikSystemtechnikVersionsverwaltungStochastische AbhängigkeitOpen SourceMultiplikationsoperatorComputersicherheitEin-AusgabeSoftwareentwicklerFamilie <Mathematik>Humanoider RoboterStrömungsrichtungEDV-BeratungBestimmtheitsmaßDämpfungKomponententestRechter WinkelInformationsspeicherungMomentenproblemKartesische Koordinatensinc-FunktionMetropolitan area networkApp <Programm>Physikalischer EffektTermersetzungssystem
03:21
HackerVersionsverwaltungRückkopplungApp <Programm>Ein-AusgabeCASE <Informatik>Rechter WinkelInformationsspeicherungHyperbelverfahrenRandverteilungBitJSONXML
04:18
PunktMereologieEin-AusgabeInformationVersionsverwaltungApp <Programm>Kartesische KoordinatenRechter WinkelMapping <Computergraphik>Humanoider RoboterEreignishorizontHackerWhiteboardJSON
05:25
PunktSchedulingPunktWeb SiteSchedulingMereologieDateiformatEreignishorizontGrundsätze ordnungsmäßiger DatenverarbeitungGeradeElektronische PublikationProzess <Informatik>JSONXML
06:26
Offene MengeApp <Programm>PunktProdukt <Mathematik>Exogene VariableProgrammfehlerTwitter <Softwareplattform>VersionsverwaltungHidden-Markov-ModellRootkitValiditätElektronische PublikationEin-AusgabeBitRechter WinkelParserHumanoider RoboterQuellcodeHackerInformationsspeicherungSchedulingSystemzusammenbruchZeichenketteSoftwareentwicklerGeradeComputeranimation
08:43
Prozess <Informatik>NormalvektorMultiplikationsoperatorProgrammfehlerSoftwareentwickler
09:11
SystemplattformApp <Programm>VersionsverwaltungEin-AusgabeProzess <Informatik>DifferenteMobiles InternetMaßerweiterungProgrammfehlerFehlermeldungKartesische KoordinatenTouchscreenBildgebendes VerfahrenTermMathematikGeradeFokalpunktGüte der AnpassungFreewareHumanoider RoboterMultiplikationsoperatorSchedulingInformationHackerNetzbetriebssystemDienst <Informatik>Rechter Winkel
13:19
KommunikationsdesignHackerEin-AusgabeBitApp <Programm>BenutzeroberflächeTwitter <Softwareplattform>MinimumMenütechnikElement <Gruppentheorie>EreignishorizontDifferente
14:34
CodierungApp <Programm>DifferentePunktInterface <Schaltung>Easter egg <Programm>MereologieVersionsverwaltungMultiplikationsoperatorEreignishorizontSchnittmengePasswortGrenzschichtablösungGüte der AnpassungRückkopplungEin-Ausgabe
15:37
RückkopplungGoogolGüte der AnpassungEin-AusgabeVerkehrsinformationMultiplikationsoperatorRückkopplungProgrammfehlerBitrateTwitter <Softwareplattform>App <Programm>MereologieE-MailSchedulingLesezeichen <Internet>XML
16:50
Überlagerung <Mathematik>E-MailInformationHackerE-MailHackerCybersexEinsInformationMereologieLesezeichen <Internet>GeradeMinimumComputeranimation
17:43
App <Programm>Ein-AusgabeRückkopplungBitFlächeninhaltHumanoider RoboterEreignishorizontSoftwareentwicklerResultanteVersionsverwaltungProgrammfehlerSystemzusammenbruchEntwurfsmusterHilfesystemRechter WinkelComputeranimation
18:59
SoftwareentwicklerInternetworkingTwitter <Softwareplattform>Web-SeiteEin-Ausgabe
19:58
Rechter WinkelCodeKartesische KoordinatenTwitter <Softwareplattform>
20:26
App <Programm>InformationsspeicherungVersionsverwaltungAutomatische HandlungsplanungSicherungskopieKontrollstruktur
21:10
SchedulingSchedulingRechter WinkelKartesische KoordinatenDifferenteEreignishorizontSoftwareentwicklerMultiplikationsoperatorTwitter <Softwareplattform>ComputersicherheitApp <Programm>Front-End <Software>InformationGerade ZahlStereometrieDatenverwaltungHilfesystemQuellcodeAutomatische HandlungsplanungRückkopplungSicherungskopieMAPTouchscreenEntwurfsmusterEin-AusgabeHackerHydrostatikFormation <Mathematik>Humanoider RoboterInhalt <Mathematik>Open SourceMaßerweiterungProzess <Informatik>EinfügungsdämpfungGoogol
Transkript: English(automatisch erzeugt)
00:00
right so right off the bat I just wanna say that I'm disappointed that my like talks on security unit testing just don't get this many people, right? That's probably more important so we're just gonna switch it up and that's what we're gonna talk about instead. Okay now alright alright we'll talk about the hacker tracker um so right off
00:20
the bat I'm Seth Law I'm an application security consultant I've done development in the past uh I actually started my career at iOmega anybody here remember the zip drive? Yeah? Okay I was not responsible for the click of death that was not me blame the hardware engineers right if you lost data that was not my fault that dates me I've been around for a long time I've been coming to DefCon since DefCon 8 or something like that
00:45
um but now I just do application security work I'm an independent consultant so that's me I do the iOS version um I'm gonna turn it over to Whitney really quick. I'm short how does this work um hi everyone I'm Whitney Champion short stack um I've been
01:01
doing the Android version of hacker tracker since 2012 um so um I'm a systems engineer out of South Carolina Android is a hobby for me that's why this guy's here now um but yeah thank you guys for coming. Hey guys uh I'm Chris uh also known as advice dog um I met
01:24
Whitney at DefCon 24 and started talking to her about uh hacker tracker cause I liked using it but I was like I I feel like it could be better right um and it was open source so I was really excited I'm like oh I can totally commit to this you know I can change things um and I started talking to her and she was totally cool with me changing things so I joined the team started working things and I took over Def uh the
01:45
Android version for uh hacker tracker it for 25 and 26 so the current version yeah uh but done a ton of rewrites pretty much it's a whenever I'm bored I guess I just look at hacker tracker I'm like how could it be better um so any performance you enjoy I spent way
02:02
too much time on it. That that is a running theme as we spend too much time on it I've got my family here they know like the last couple of weeks especially every spare moment of my time has been alright can I get this in so I can get it into the app store so we can actually get it into the iOS version um so the first thing we're gonna talk about is where it came from I joined the hacker tracker team or the iOS version
02:24
was uh started in about 2014 I think it was something like that right so it was a couple years after Whitney did the first one so we'll let her talk about what she came up with and then we'll move on to you know when iOS came and you know how we've done things. So what happened was. What had happened was um so I wasn't able to go to
02:46
Defcon in 2012 um I've been coming since 2009 I was really bummed that I couldn't be there that year so I wanted to give back in some way I still wanted to contribute um I was pregnant and couldn't leave so I spent probably two months pretty much pouring my
03:00
heart into the what was the first version of Android which is what you see here which is don't knock the awesome Photoshop skills I know it's just mind blowing but that if if you came the first uh first version was like 2012 2013 that is what it looked like and it's just beautiful um so that was the first four years and as Seth said he joined a couple
03:24
years later and did the iOS version. The iOS version you'll notice that that you know that all the other margins are off and things like that we had a lot to learn about actually how to put this together um again you know awesome Photoshop skills as you can see nowadays we've got actual designers that work with this a little bit uh we'll get
03:42
into that um a bit later but you know the first iOS version I think the version that made it through the app store that most of the attendees downloaded actually crashed for the first two days of the conference right it was not necessarily in my case it's a successful effort I remember being pretty disappointed that I couldn't push through the version that I wanted people to have um and that's traditionally that's what happens
04:04
to us is we we have these ideas Chris pushes something we talk about it we put it into the app and then whether or not it actually makes it out to you is another story um that being said we've had a lot of great feedback so we'll step into some of that here in a here in a minute um now it's official right this is this makes us happy uh Defcon
04:24
actually brought us on board when was that uh 20 yeah so it was what 2015 26 yeah 2016 I think it was was the first year that Hacker Tracker was the official app of Defcon um and now uh actually Chris and I this year are members of the info booth team uh so
04:42
we are related to the guys that you're seeing sitting around in the booths telling you about maps and other things we're working with them closely uh Melo's helped us out uh immensely to actually get events and get them into the application um but we are the official application for Defcon obviously that's why we're here that's why they
05:01
promoted at each of those info booths it's so that you have this information at the palm of your hands I mean part of the reason that I wanted to do it initially was the fact that I I had the booklet and it just wasn't tenable I had my phone with me as well and I got involved because I wanted to be able to track all these different events and actually do something I saw that Whitney had the Android version and thought yeah we can do that on
05:24
iOS as well pain points now there are a lot of pain points um first off is scheduling you want to talk about this yeah so scheduling for the first like three what well actually until this year when so Seth will uh get into his part of this after I
05:43
talk about how difficult hand jamming thousands of lines of JSON was for the first several years um it was mind numbing the other part was all the villages all the um like contests all the events all the talks everything was in a different format so there was no like easy way to go scrape every website there was no easy way to get all the
06:04
data it was very much a manual process so I don't know how many hundreds of hours we spent staring at these files but my god I'm glad that those days are over um especially this year there's what like 28 villages something like that and every single one has a different format so hopefully that will ease up um going forward so yeah if you've
06:34
changed at 2 am you just haven't experienced joy right that's it's really easy to do and
06:40
really easy to mess up and then the application crashes or if you're dealing with the iOS you know JSON parser and happen to have an errant you know uh new line character inside of a string you want to know what happens to iOS yeah it crashes right so there's all of these pain points that we have dealt with with the schedule uh now the the next one is you know don't trust the hackers um the
07:04
first well I mean as soon as I got involved we started advertising out on Twitter hey guess what we've got this app that we built for Def Con how many people do you think actually downloaded the app that first year guesses five there's some trusting people there's more trusting people out there than that but our our biggest response on Twitter was
07:23
exactly this no no no there's no way I'm downloading that right you know you guys are shady it doesn't matter that the source code was all out there they were like who are you nerds putting out this app especially for the Android version because you know that that's just kind of a free for all but they're like there's rootkits don't do it there's they're going to take your data they're going to steal your pictures don't
07:43
install any of it so and so the answer is yes we have all your data right just let's just get that out of the way we'll move on so we're supposed to say that sorry sorry okay the other thing is bug fixes at all hours um how many people here are actually like IOS developers that push things into the app store we got a couple of you I
08:06
feel your pain um how easy is it to actually push bug fixes into the app store quickly easy no it's very difficult right and we'll get into this in a little bit but you know this was realistically our lives over especially the month before Def Con right is the bug
08:26
fixes and when it actually has to happen see I had the luxury of being able to blast anything to production at three o'clock in the morning after six shots and who knows what's going to happen so that was that was the toss up between Android and Apple for us yeah Seth had a little more validation on his end I did and it's it's about
08:45
finding time I mean obviously we we've got normal jobs right I guess kind of normal jobs normal jobs um and so actually finding the time to put this together it's not necessarily something that you know just happens in one afternoon as much as we would like to think we're great developers there's always bugs there's always things that uh
09:04
this doesn't happen in the afternoon no it just doesn't happen afternoon it happens at three AM when you push directly to master that's when it happens after the kids goes yeah alright waiting on redacted anybody seen like the the mobile operating system
09:20
in the iOS version yes why why do you think that is ok this is the app review process ok we get random people that are looking at the application and I've marked the app as explicit but you want to know what uh alright so so it's ok for in the app for us to say
09:41
damn and hell and shit and everything else but you know what I can't say jailbreak just I can't say that that's not ok um so last year especially this became a huge issue I've had I I've had I just got rejected you know three days ago again on the latest version that I want you guys to have in your hand for iOS and it's because it says hack and it says
10:06
uh you know there's other things that are in there that whoever it is that's in the app review process that's looking at the application actually thinks is hey you're promoting hacking there's like the whole Apple terms of service and like we're doing our best is realistically what it is and we're coming up with ways to actually get around this so the
10:23
redacted in there that you're seeing is because we yeah we've just learned that if we do that if we take out the term watch OS or we take out the term Mac OS that they accept it but if we don't and it happens to be in somebody's talk then they won't right so I feel really bad for the the speakers whose whose title of their talk is
10:42
jailbreaking Mac OS or something like that because it's you know uh redacteding redacted OS right sorry that's all that's all I can do I'm we're doing our best ok so last year we did it we did a big overhaul um and even this year you'll notice it's a lot different than those images that we put up there first um I'll let Chris talk to the Android version first
11:04
uh sure so Defcon 25 was the first version that I came onto it so I did a ton of different changes and all that stuff so pretty much from the ground up I rebuilt the app probably multiple times over the year just because I got a lot of free time um but like a lot of
11:23
the focus is just trying to figure out exactly how we can make a like a hacker conference good in terms of schedule because we don't really know there's like guidelines I guess out there of like what we could do and what we can't do but we're trying to figure out exactly what kind of information you need and like what you want and everything like that so we're
11:41
also trying to do a lot of stuff just like everything from the ground up rebuild it and make it impressive you know from like and like I've rebuilt it multiple times also for Defcon 26 um like for example for last year uh hacker tracker on Android was about 19 megabytes this year it's about 4.2 uh it is insanely small it should be the fastest
12:04
smallest app on your phone hopefully uh and that's pretty much what I've been doing is just trying to make the best app for you guys you know because I found if I hate it then you're probably gonna hate it you know if it bugs me it might bug you but it'll probably bug you eventually. Yeah so the whole idea is that we want it to bug you right like I even just
12:24
saw a bug pop up on my phone on the reminders for iOS that's yeah um but last year we did a pretty extensive overhaul of iOS as well um we've got the animations that are in there if you've seen like the little jitter as it starts up that's us stealing I mean that's us just animating the initial screen that you're on right there's it's not sending
12:44
data anywhere right um but along those lines we've upgraded right we don't we don't support iOS 9 anymore like I may try and push a version out there especially for those of you that have burner phones that have decided that that we're all going to hack you because you're here um yeah so uh we may support that in the in the future uh I'll do some
13:05
downgrades to make sure that we can actually support some of those older versions of iOS uh but that is kind of a forward looking thing when I tried to compile it initially I got a whole bunch of error messages for iOS 9 and so I scrapped it right there's only so much time in the day um the other thing that we did last year was the UI redesign we
13:23
actually engaged with a graphic designer um Chris Mays who may be here in the room somewhere Chris are you here? Alright I don't see him Chris uh actually uh worked for a graphic design company last year and their graphic designer was willing to chip in um and help us actually do some of the UI design so a lot of the elements that make it look a
13:43
little bit more polished came from her uh that was Megan she's listed in the iOS app um and it it has made things more streamlined it's made it easier to actually use and navigate uh the one thing that we did away with this year was the uh tab bar down at the bottom for iOS we moved to the menu so that we're trying to get more of a unified
14:03
look and feel uh the other thing is we do support multiple conferences has anybody here used hacker tracker at a different conference? No? Oh we had a couple ok yeah they're nowhere near as big as Defcon, Defcon is definitely our primary conference uh but we support uh ShmooCon, TourCon, we did HackWest, we did a couple B-side events during the
14:26
year so if you would like to use hacker tracker at other conferences just hit us up on Twitter it's not difficult we've structured the app so we can load different conferences there and make it easier to use and and a community resource the whole idea is the codes
14:41
out there it can be reused these other conferences could compile it but we've got the ability to actually switch and use it within the same interface ok? Alright so high points. So I think one of the most fun parts over the last few years um that we've had is hiding easter eggs in the app so um several people have come to me to hide things
15:02
for different contests um specifically the DC darknet challenge that's been one of my favorites because we've done that probably three maybe three years now um we one year I hid a password in the app and a bunch of you came to me to get the most ridiculously dumb unicorn sticker and I don't know why any of you took the time to come find it because it's horrible but there it is um Seth uh went to the trouble of making stickers
15:25
and hiding things in the iOS version as well so it's it's been a lot of fun to like engage everybody and just try to do whatever we can to get other contests and events of all involved this has been especially interesting um we've gotten good attendee feedback we've
15:45
gotten bad attendee feedback and we've gotten weird attendee feedback but the good attendee feedback has been by and large the best um especially since Chris joined and put in a lot of work um I don't have nearly as much time anymore to to contribute so he's done a huge uh it's been a huge effort on his part um to make it as awesome
16:05
as possible for you guys on his end and so is Seth so the reviews that you guys have given us are just amazing and especially like the ideas you've come back with like feature requests bug fixes bug reports like all that stuff has been amazing so just like keep sending that because it helps us and it helps us make it better
16:24
yeah just one thing okay if you if you review us four stars and say some schedule items are wrong just hit us on twitter please don't don't ruin our rating we're trying you know hit us up on twitter we'll fix it immediately that rate it and eventually because I all the negative feedback
16:43
I get an email I read it I get depressed it's not great think about my feelings don't make Chris cry don't make Chris cry this is probably my favorite email I've gotten so far um there's been a lot of worse ones but this is definitely the best my email's been hacked
17:03
when I reply to certain people that tells me it came back unreadable with crazy text covering up my info but bottom line the last part is the best if it does will it report the hacker to the police no it will not I never heard back from this guy I also did not respond
17:33
so I mean I thought about but he says I've been having issues with cyber stalking so I I decided to avoid that one so like we were saying last year
17:50
Chris took over the android version Chris Mays has helped me out immensely on the iOS version he's like a full-time iOS developer he's on the he's in the app if you if you see his name
18:02
you know click on him give him kudos as well because he's been a huge help and actually debugging and making sure that the app runs expectedly it doesn't crash you know a lot of good just kind of overall design patterns and things like that have come from his brain um and I was hoping he was here so we could you know recognize him a little bit but
18:21
that's fine but otherwise right just getting feedback from you has been the best thing right if you use the app and there's something that bugs you like Chris said let us know tell us about it if you haven't downloaded the app go download the app and use it make sure and update the events because it is being updated every yeah pull pull to pull down to update
18:41
because that'll actually get you the latest results and the latest events that are going on and what's going on right now but let us know if those are wrong but also let us know if there's something in the app that is an issue especially if the app crashes so we've got a whole bunch of lessons learned right first of all haters are gonna hate
19:03
yeah so some of you are mean just saying the first couple years the first four years at least from my end was soloing this which means like a lot of late nights staring at this and then I would get on the reviews page and I'm like holy shit you people can be evil
19:23
we already know this because we're on twitter we've seen the worst of the internet but um I think it definitely garnered some thick skin over the years um so yeah the three of us have poured a lot into this and we've realized you can't please everybody so the best we can do is just try to make it as good as we can for all of you guys but I will say it has been
19:44
highly entertaining reading some of the stuff that we've gotten over the last what six years yeah i don't know what you got on your end oh all the ios developers they're totally trustworthy and nice people um the other thing we've learned is that like taking feedback right obviously twitter
20:04
is a great way to do this um you can hit us up that's why our handles are there in the applications but aside from that if you hit us up on github that's where we're actually tracking the code and you put in a you know pull request or you put in an issue we will track it in there and close it out so you know that that we've looked at it and we've
20:24
done something with it right yep um we do have to wait you have to wait i have to wait i have to wait like i said there's a version that's out there that's hopefully going to be released soon um i get denied on expedite requests um i i'm waiting on jail breaks whatever right
20:43
you know the other thing that i was thinking is that we could push it to like cydia the you know the jail break store um is anybody here using a jailbroken device even as a burner so i i mean if there's enough of you that are doing it then i'll look into it and we'll push it that direction because it'd be a lot easier for me to be to push in
21:03
there for sarik than it is to actually push into the app store i just am not sure if apple's going to be too happy about that you never know backup plans you have to have backup plans right i think we've kind of learned that we don't have a solid backup plan yet
21:22
so we've we've tried various different ways of scheduling and this actually ties into what you've built over the last i don't know how long you've been working on the on your event manager so we've tried pulling from the info booth we've tried static json so
21:40
we've kind of tried to combine the two of those and have some like main dashboard for loading all the events in because it's just gotten so big and so many villages and so many pieces of this that we've we've got to streamline it somewhere yeah guesses on how many events we have in the hacker in hacker tracker this year all of them i wish but i
22:05
don't think we have gotten there how much how many did you say okay keep going up keep going up keep going up close just under 1000 we're probably around 800 right now that you can actually do and that's between parties events and all of the different talks contests and yeah especially
22:25
the villages i mean we're at 25 plus villages this year and each village is basically its own conference right some of those villages the like the content that is there is bigger than the other conferences that we've been talking about so you know we're trying to give you ways
22:41
to actually filter things and actually you know do searches that's where you're going to have to become familiar with to actually get that data pack right okay so going forward first of all we we want it to be more streamlined the whole process from the feedback to you to actually us getting the features out the ios android parodied make sure that they look somewhat similar
23:02
so the experience on both is the same now that is difficult based on the design patterns from android or from google versus the design patterns from apple but there's a lot of different apps that do this we're gonna we're kind of creating our own look and feel and we will be you know maintaining that parity to some extent right um the scheduling application like whitney said
23:27
we built a back end to hacker tracker and if you can find it insert an event kudos to you right um that's yeah that would be a challenge but most likely you won't be able to figure out where it's at so it's fine um it's fine don't worry about it i know i did that was stupid
23:48
um i have been here for too long that's yeah yeah so the scheduling application is going to make this a lot easier we are coordinating like i said with the info booth next year we're probably going to take over info.defcon.org right and so we're hoping that we'll be able
24:03
to bring that into parity with what the app looks like it just depends on the time if you are interested and have development skills and want to jump in and help us out let us know i we're always looking for more people to help i mean how many hours did you spend inputting yeah if anybody likes data entry
24:24
join us join us we need a mindless factotum who's out there you can't leave until we find one come on more conferences like i said before if you're attending a conference and they don't have a scheduling application let us know we'd be happy to add that data to hacker tracker to the
24:43
back end and actually push that out so it becomes more useful realistically we want this as the go-to for not just defcon but for the community for the wider security community or a development community for that matter i mean how many people have used an app did you use the black hat app this year how awesome was that yes that was great yeah
25:04
no okay all right well that's all i'll say on that feedback is always welcome did you want to say something i don't know um so as always yeah like seth said feedback is always welcome um hit us up on github hit us up on twitter if
25:23
contribute do so it's all open source it's all out there um the three of us are responsive pretty much all the time if you want to contribute please do we would love to have you and we would love the help yeah yeah okay it's open source but please don't be too critical
25:45
we're on a time crunch things are messy we'll fix it up later next year next will be better any questions i i think we only have a couple of minutes before the defcon 101 panel is coming in here yeah whenever you pull yeah whenever on ios whenever you pull on android there is a
26:06
there's a full should be seven days could be 15 minutes i don't know uh it's mainly about how android hands work manager i kind of specify seven days but it'll kind of hopefully if you're on wi-fi it's like oh i'll do it now or whatever you know so you can also do it manually
26:21
so we're we're throwing in updates like this whole week it's been pretty much hourly that we've been adding events so just yeah just swipe down just like when you go to that first event screen just swipe down let it refresh because there's other stuff that's being added and those those dates change and we're getting told that we need to leave the stage so we got 10 more questions before we'll leave no no i wait wait no no i need the mindless factotum
26:44
first all right well uh thank you for using the application follow us on twitter leave us feedback and i hope it's useful that was the whole reason that we built it is we wanted something so it works for us but if it doesn't work for you it's not you know it's not as cool so um yeah so download it download us download it and let us know what you think
27:05
okay like comment and subscribe