Skip navigation

Category Archives: Uncategorized

Right off the hop, let’s get this out of the way:  Yes, this is an homage to (or shameless theft of) the speech Colossus makes at the conclusion of the film Deadpool.  Still, there is some poignancy to how I was feeling when this thought occurred and that’s why I wanted to share it here.

This DEF CON was significant for me.  I’ve been attending the con for nearly 20 years now, but this one really seemed to impact me emotionally.  The reason:  it has become apparent that, as a whole, the conference is too large to “see it all” even if someone really, really dedicates themselves to that cause.  I realize that DEF CON has been growing by leaps and bounds.  And long-time veterans can take their pick of the year when it “wasn’t the same anymore” from a list that includes:

  • Outgrowing and leaving the Alexis Park
  • Stretching on the calendar into Thursday
  • Choosing venues that span across multiple hotels
  • Being back on the Strip in a grown-up venue where they don’t take kindly to shenanigans

…and, yes, all of these milestones did indeed change the nature of the con.  But, for me, something truly felt different this year with regard to how many activity areas there were, in the form of Villages, challenges, etc.  While it perhaps hasn’t truly been possible to see all of DEF CON in a single trip for a while now, I feel like this year was the first time that I truly heard a whole lot of voices from folk who weren’t mere observers but true interactive people, seeking to go hands-on with people and ideas and concepts that interested them.  When even those individuals were saying, “man, it’s like it’s not even possible to participate fully in DEF CON anymore,” and that is what made me a little sad.  Because it’s true.

Then I was fortunate to have a bite to eat on Sunday with my wife and one of our friends, Elissa Shevinsky.

As we dined at The Palm (Bruce and Wozzi’s place where head chef Kiko Ojeda does a really fine job creating everything save for the crab and romaine salad) and sipped cocktails, Elissa was quite chipper.  “I had a really successful time this weekend,” she pointed out.  “I had five top priority things to see and do, and I checked each item off that list.”

In that moment (as ridiculous as it may sound, such a vague platitude this is) her words really hit me.  For years, my philosophy at DEF CON has pretty much been “do absolutely everything… and then some.”  I would stop by every Village, try my hand at numerous contests, get to every party for either a brief appearance or stay to close the room down, and on top of all of this I was running multiple contests, events, and often giving talk presentations in Villages and/or on the main stages.  For me, any time I went up to my room at DEF CON, the Fear Of Missing Out™ would kick in almost immediately and I would steel myself with another whisky and dash back to the elevators, eager to get downstairs again and on to the con floor.

I can’t do that anymore.  None of us can.  DEF CON is simply “too big” now, we admit to ourselves.

But Elissa’s theory works, even for those of us who have a list as long as our leg of stuff we would like to do and see.  The solution?  Prioritize your list… do this well before DEF CON starts.  It’s OK to have a nearly-endless agenda of things you’d like to do at the con, but at this point DEF CON is so massive that your satisfaction should come from successfully achieving your top four or five moments.

Maybe your moments are seeing three talk presentations that looked really interesting to you, spending time in a Village, and then participating in a particular contest.

Maybe your moments are going to a specific party, getting into the SkyTalks room, witnessing Drunk Hacker History, and having two very special dinners with friends you don’t usually get to see anymore.

Maybe your moments are five Goon duty shifts where you feel you’ve made a positive impact on other con-goers’ days.

Whatever your four or five moments are, let that become the standard by which you judge whether your DEF CON was a “success” or not.  None of us can do it all anymore.  It’s ok to still try.  (Just stick with the 3-2-1 rule at all times!)  But don’t let yourself feel down about all that you “missed” because you ran out of time.

If you achieve the four or five moments that you predetermined as your top priorities before you went to Vegas, then that DEF CON can go in the Win column for you.

Well, that’s another year in the books.  I thank absolutely everyone for a terrific and successful DEFCON Shoot!  The staff and RSO volunteers were indispensable and all credit goes to them as well as everybody who so marvelously brought amazing firearms and content to the range for everyone to share.  The cannon made a triumphant return, Joe’s full-auto collection had numerous specimens on site, and plenty of folk got to try a multi-shot rotary drum 40mm grenade launcher!

The theme this year (on badges, decoration elements, etc) was “resistance fighters who fought fascists” and we thought that was quite timely.

So, as always, everybody seemed to have a very good time and it was marvelous to see friends, listen to talks, and watch people compete in challenges like the dueling tree and crypto puzzle (folk are still working on that to see who can win this amazing 80% lower!)

One of the most hilarious moments of the Shoot was when Puking Monkey pulled a “Yo, dawg, I heard you liked cannons… so I shot a cannon out of my cannon!” for everybody.  😀

But one of my favorite parts of this year’s DEFCON Shoot came toward the end of the day.  To tell the story properly, however, we’ll have to reflect upon the conditions at the shoot site when we first arrived.  Many areas of public land which are used for recreational shooting are, as a lot of gun folk will know, subject to awful and unnecessary abuse.  My friend Karl documented as much on InRange TV and plenty of other news reports and anecdotal evidence shows just how thoughtless some firearms folk can be when no one’s looking.

The Indian Springs location (where we shot last year as well as this year) is sadly no exception.  Some bad apples have a long history of going out there and shooting at ridiculously inappropriate targets that make a mess and leave debris everywhere.  This was immediately visible as we arrived and were setting up…

We noticed assorted debris like target backer boards and old metal school lockers.  At least those are either bio-degradable or relatively self-contained and box-shaped items.  Plenty of things were not suited to being targets at all, however.  Mattresses and more, for example…

It’s a shame when folk take old appliances out to the desert because they shatter in so many ways when shot or blown up…

But perhaps the most horrendous offenders are consumer electronics, like TVs.  These not only shatter into loads of bits that will never biodegrade, but they also contain plenty of other materials that are harmful to the environment and require special hazardous disposal protocols for e-Waste when being thrown away properly.

I was very inspired by my attendees and volunteers at the DEFCON Shoot.  Almost right from the start, it was possible to see everyone there taking the time to at the very least police up much of the waste into more organized piles.  (This was as much to aid in the parking of cars as it was simply good practice… and no one had to be asked to do this.  The group of hackers just took it upon themselves without direction.)

In the middle of the day, I looked at the large group of folk (many of whom came from less free states or totally un-free countries) enjoying this public land and getting to shoot guns that they would never otherwise be able to handle… then I looked at the fold of bills in my pocket from individuals who arrived without pre-registering and instead opted to pay cash on-site.

Then I started googling.

There are a number of waste haulage firms in the Las Vegas metropolitan area.  But none of them said they would service a job so far outside of the city, up in a nowheresville like Indian Springs.  Eventually, on the verge of giving up, I asked one fellow very directly, “Look, you said that this job’s distance wouldn’t make it financially feasible… but I fear you may be underestimating this group’s willingness to incentivize you.  Exactly what kind of additional compensation would make this job viable to you?  Tell me a number.”

My jaw dropped when, after some brief consideration and a pause, the owner said it would cost possibly “as much as an additional $150” to come that distance.  I hired him and his crew immediately.

And, sure enough, after the conclusion of the DEFCON Shoot, Dennis and his team lead James and a crew of workers arrived on site and began to police up as much debris and junk as their vehicle could hold.  I told them that I was prepared to pay extra disposal fees for any TVs they could gather and that we’d cover the costs of a full 15 cubic yard truckload.

As the clean up haulers were working, a car from the town arrived and wanted to see what was going on.  (Both years that we’ve come around, locals have showed up during the Shoot itself to say hello and see what we’re about and they seem to generally like us and come to regard the “hacker bunch” as “those people who treat the place well and don’t make a mess” so that makes me very happy.)

But this was a cut above… I hope everyone can be very happy to learn that the locals who arrived offered thanks over and over again for the work being done in the area.  They commented on how much better it looks… and they remarked that they’d never seen anyone go to the effort of cleaning it up before.

Thank you all who came, who shared, who taught, who learned, and who made all this possible.  I’ll see you next summer.  For now, enjoy the rest of DEF CON!

Hey, everybody.  This is just a quick post about something that any one of you can build in order to make a fun and engaging lockpicking contest suitable for running at a bar or other meetup where there’s drinks on the menu.

Some of you have seen the deep and detailed build I did when creating the “Booze Box” which has appeared at hacker cons and been a source of fun and a challenge to those who want a chance to win free drinks.  But, let’s be fair, that was a huge undertaking.  No one else is likely to build something like that.

Here’s a super easy way to make a small, portable version of such a contest!

 

1. Buy a bottle of Booker’s Bourbon.  It comes in a nice wooden display box.

2. Drill a small hole (3/8″ diameter, i’d recommend) in the top of the box, approximately 1/2″ from the lip, as indicated in this image.

 

3. If you wish, you can sand the outsides of said box in order to remove the Booker’s logo and marketing silkscreening.  Then, if you want to, feel free to stain the box in whatever color you desire.

 

4. Either modify the original plexiglass front piece or laser cut your own new replacement piece (so that it is free of any marketing logos, etc) to a size of 12″ x 3⅝”

 

5. Now you have a box that can contain either a pint glass, a wine bottle, or a whisky bottle, etc.  And the application of a padlock can “secure” that resource until someone liberates it by picking the lock.  If they succeed, they either win the right to fill their glass for free or they can claim the bottle inside, etc. The game lends itself to very fast resets and reloads, and of course can be adapted to whatever degrees of difficulty you wish by simply changing out the padlock.     

Good luck and have fun!

“You can’t write endless laws and expect to prevent every crime.  All it does is reduce liberty without actually stopping criminals.”

“We live in a free society.  Everyday we have opportunities and chances that others can only dream of… and the price we pay is the occasional tragedy.  I and many others accept that price, when the alternative is a nanny state like England or Singapore.”

“Personal responsibility and rugged individualism are the pillars of who we are.  We cannot expect anyone but ourselves to watch out for us or lord over us.”

 

All of these quotes are more-or-less verbatim, and they come from many conversations I’ve had over the years with fellow hackers, friends, and family.  The conversation is sometimes about guns, sometimes about drugs, sometimes about freedom of speech or thought.  I’ve probably advanced something of the above thoughts in various contexts as often as I have heard them from others.

 

The Hackers on Planet Earth conference, from its very beginning, has been a magical place where the line between organizers and attendees has always been blurry.  Sometimes this grey area has stemmed from the way that attendees and bystanders so often pitch in to raise banners, stand up activities, and fix technical glitches.  Other times the “leaderless” nature of HOPE has manifested as a blind eye turned to shenanigans and pranks that would bring quick reprimand at other events.  I have experienced more interesting conversations and made stronger and longer bonds with others at HOPE than perhaps any other event over the years, all-told.

 

This recent weekend in New York City, however, we all experienced the downside of what can happen at a semi-anarchistic event where almost anything goes and where it often feels that there’s no one at the wheel.

 

I expect that almost all of you have by now read the assorted coverage of how the HOPE conference was descended upon by a small but willful cadre of instigators / alt-right / fascist boys whose mission was to infiltrate the event and cause disruption by harassing attendees and attempting to intimidate and stalk some of the speakers.  If you haven’t seen the details there, Unicorn Riot were among the first to report directly from the scene of the event.   That piece is mostly accurate, and additional coverage from Motherboard took a more measured tone but conveyed no less concern over the failings of the organizers, the staff, and the community as a whole at HOPE. There was also a later article up on The Parallax by Seth Rosenblatt.

 

You can take time to read the news if you haven’t yet already.  (Or, if you’re a patron of the terrific Violet Blue you can check a recent Patreon entry in her Cybersecurity News feature for the bullet.)  But what I’m writing here will not be about the incidents of disruption at HOPE this year as much as it will be about what I would have hoped to have seen in response.

 

Love all, Hack all

 

The HOPE conference has adopted a Code of Conduct that, while not the most comprehensive and explicit that I’ve ever seen, is remarkably in-line with their community values and conveys both support for the airing of diverse opinions while also expressing (with near-ironclad language) what is ostensibly a strong commitment to preserving diverse voices and guarding the dignity and safety of individuals in attendance… especially people who may be marginalized or more easily preyed upon or pushed out of mainstream positions of acceptance.

The HOPE CoC urges everyone to “step beyond prejudices, societal norms, and other perspectives that lead to disrespect for people and groups” and expresses explicit support for people of all ethnicities, gender identities, etc.  The CoC states that HOPE does not want “any [attendee] to feel marginalized or intimidated” and calls out a number of specific behaviors that will be considered a violation of the event’s rules, including “stalking, following, harassing photography or recording, disruption of talks or other events, inappropriate physical contact, or unwelcome sexual attention.”

It may be difficult for some to look at a document such as this and square it with the fact that a posse of MAGA-hat-wearing alt-right shitbags could have wandered around the Hotel Pennsylvania with what appeared to be total impunity, at liberty to harass or intimidate conference-goers.  But a closer look at the history of HOPE and the east coast hacker scene (particularly in New York) can shed light on this topic, I believe.

 

The Power Was Inside You All Along

 

To truly know and understand the east coast hacking scene, it is possible that you need to have experienced hacker events in New York, Philadelphia, or Pittsburgh in earlier years.  Better still would be a history of attending the parties or crashing at the spaces and homes of various hacker collectives in the mid-Atlantic region.  I can recall gatherings on the rooftop of the Hacker Halfway House in Brooklyn or PumpCon or even down in DC… occasions when most of the best things happened without explicit authorization because folk simply seized the moment and made coolness happen.  Whether by slipping a maintenance man at a hotel $20 on the side in order to unofficially have a meeting room or by “happening upon” a source of electricity nearby a pool to set up a DJ’s table… many of us were simply accustomed to asking forgiveness instead of permission.

A lot of this mentality still percolates through the hacker scene in NYC.  A classic example of this at HOPE could be seen with regard to the “signage on the floor” near the info booth.  For those unaware, there were some raised eyebrows early-on in the conference regarding a message that was written on the floor using masking tape.

While it encouraged attendees to read published information before asking questions with obvious answers, the brusque delivery of such a message had some folk taken aback.  And one can admit, while the sentiment is something with which most hackers would agree (learning on your own is better than immediately asking for help before you’ve even tried) the manner in which this was being expressed was somewhat uncharitable.

When this was pointed out to the con, their response was a distinct non-response.  What unfolded was very characteristic of HOPE… they didn’t immediately move to address the concern, but at the same time they didn’t stand in the way of others who eventually chose to edit the sign themselves.   When @ystvns & @dbateyko knelt down and rearranged the tape letters to spell out something different and more constructive, they weren’t stopped by security or reprimanded by event staff.  Quite the contrary, the official HOPE twitter account sung the praises of folk who took it upon themselves to remake their environment in a way that better suited them and their needs.

This is part of what makes HOPE special.  They show true support for the hacker ethos of “if this thing isn’t working for me they way I want, I should find out how to change this thing!”  And that’s great… with regard to modifying technical systems, options for cheap food, or how to play your music at a party.  Where this kind of thinking no longer really works at large events has to do with security of the group.  For context, there are many hackers (particularly at HOPE) with deep roots in both the punk and Burning Man communities… such folk are familiar with places where groups self-police from top-to-bottom.

The punk shows of my native Philadelphia in the 80s and 90s serve as an example here.  I can recall being in the basement of the Unitarian Church or the TLA on South Street… when white pride skinheads would show up and try to crash the concert, seldom did the crowd wait for event security to deal with them.  Fists and elbows were thrown in the circle pit until the fascists understood that they weren’t welcome and had to get the hell out.  Scans of some very old photos of mine illustrate this point…


a lead singer admonishes fascists and encourages the crowd to stand up and protect one another.

 


circle pit immediately in the aftermath of a fight.  assholes were forcefully ejected from the venue.

 


group unity and principles of relying on one another to be safe and be strong are reinforced by the band

 


another anti-fascist / anti-racist band reminds everyone that we have to look out for and protect one another

 

 

But the past is the past.  Try that today and what do you think would happen?  I guarantee you it would result in two things:

  1. Both the racists as well as the regular attendees would be ejected and wind up next to one another on the same curb outside
  2. Instead of just taking a punch and going home, the interlopers would call police who will respond and, quite likely, side with the proud boys

 

Burning Man, too, has a strong philosophy of self-reliance and self-policing.  Burners in the hacker world might take a similar view of how to handle intruders.  They value immediate participation and principles such as civic responsibility and communal effort would likely have some folk thinking that the ideal of “if you see a problem, step up and try to fix the problem!” would apply even to security threats, not just faulty art installations or people who need more water.  Indeed, the head of HOPE’s security detail (a venerable member of the Burning Man crowd) expressed such a notion to some of the speakers and attendees who were inquiring why event security wasn’t implementing the Code of Conduct more directly and immediately.   Here, we see Roadie responding to two women who stated that they observed harassment and that reports the community made to staff were not acted upon.  When one event speaker, Gus Andrews, acknowledged aloud that, “There is a need for somebody, hopefully someone with the spoons to handle it, to take point on the Code of Conduct,” Roadie shot back later that day with an exasperated-sounding, “OH MY GAWD! That person should be YOU. Why defer and hope ‘someone’ will do it? If you have better ideas don’t you think you should share them and help the process get better?”

Permit me to assert that, while this is a fine viewpoint to have during the rest of the year, when people are all at their desks and have the time and the spoons to put in such efforts, it is a rather unhelpful comment during the actual event.  Attendees who came to NYC expected to spend their energy, time, and resources participating in the con, not fixing the con or protecting others who needed to stay safe.  I, frankly, do have the energy and willingness to work on this matter (which is why I’m planning to engage with the organizers and staff if they will have my input) but that doesn’t mean I feel great about missing out on more than half of the event because I spent time escorting LGBTQ folk around the con floor or walking speakers to and from their hotel rooms when they were being stalked and harassed.

During the event itself, the organizers and the security team could have done much more to become directly involved in the safety of the participants and speakers instead of waiting for the attendees to make the first move and report problems, urge action, etc.  The HOPE official twitter account announced on Saturday afternoon, “Anyone who’s a nazi, preaching hatred/racism or harassing someone will be booted from @hopeconf.  But you have to let our security team know!”   Again, this illustrates the wildly differing views that the organizers had compared with the expectations of attendees when it came to security proactively engaging with the alt right crowd who crashed the party.

Ask yourself, would you expect this kind of public statement from a major league baseball team if a loud, angry drunk was running amok in the upper deck of their stadium during a game or from a rock concert venue if someone was setting of fireworks in the aisles during songs?  Yes, attendees should report problems to event staff… but the event itself should also have a significant enough presence on site and they should be in direct communication enough with their HQ and Dispatch so that their staff can step in before things get bad enough for attendees to have to complain en masse.

Which leads directly to the next point…

 

Why Speak Up When There’s No One Listening?

 

The other side of the equation of the “attendees need to step up and take responsibility and report problems to the conference so that staff can handle them” argument (which, as mentioned above, isn’t quite the best position to take in the first place) is the (one would think obvious) need for said staff to appear receptive and helpful in the eyes of the attendees.  Yet – as we saw from multiple statements by many of the people at HOPE – a lot of the blue-shirted staff members at the conference reacted to reports of problems by the alt right trolls either by (a) informing people that they had told the “wrong” staff members and directed them elsewhere or (b) by actively shutting down reports of problems with pushback that ranged from “that doesn’t fit the definition of harassment” to “did you do anything to provoke them?”  This, in my view, was the biggest issue where HOPE did not meet the expected standard to which the community was rightfully holding them.

By now (especially if you’ve read any of the above-linked articles or twitter threads from people who were in attendance) you are aware that many individuals described interactions with HOPE staff members that left them shocked over what was seen as gross insensitivity toward victims attempting to report problems or what was interpreted as distinct camaraderie between certain staff members and the very instigators from the alt right who were causing trouble.

I’m not here to complain about the fact that HOPE security forced one German kid to return a MAGA hat which he snatched off of the head of one of the alt right trolls.  Physical actions, unwanted physical contact, and theft of personal property are all bright-line, clear-cut transgressions of any reasonable Code of Conduct and event rules.  I agree that HOPE did the right thing in returning the stolen property.  If this makes you stop reading, feel free.  Please see the cashier in the ticket booth at the top of this page for a full refund of your internet dollars that you spent to browse my blog.

What I and others most certainly are pretty justified in being shocked and appalled about, however, is the fact that many reports have surfaced of HOPE staff members speaking with dismissiveness or outright disdain to the attendees… and HOPE staff members being visibly chummy (or even laughing over drinks off-site) with the individuals who arrived intent on causing problems.  That is not OK.

Any event of this scale should have staff who are trained in even a cursory manner about how to interact with attendees (particularly attendees who appear to be in a crisis situation or who are attempting to solve a problem that’s troubling them) with respect.  Staff should be trained how to see things through a lens of professional detachment and how to avoid the perception of taking sides or being biased.

I have personally listened to the audio recording made by Unicorn Riot reporters while they attempted to describe problems taking place upstairs to staff, only to be hushed and dismissed… and part-way through that conversation Koosh arrives, very loudly hollers at everyone, and proceeds to assert that any iconography (including Nazi apparel) is fine at HOPE, according to him.  This as well as other accounts from different attendees who had similar conversations are going to be hard for HOPE to manage, given this tweet… because I do not think that Koosh or other staff members are personally to blame for such interactions.  They were under tremendous stress and were not equipped with a playbook and guidance from leadership before this event kicked off.

I personally watched Bernie S – a staff member who is older, is a cis het white guy, and is over 6’ tall – aggressively talking down to a near-tears trans woman who was all of 5’4” and weighed maybe 115 lbs soaking wet with rocks in her pockets.  I kept stepping back since I wasn’t directly in that conversation and I was trying to be polite and maintain a respectful distance, but his increasing volume levels resulted in my repeatedly overhearing what was being said.  Bernie is a long-time friend of mine.  He is a terrific hacker and event runner.  But he should definitely not have been put into a position where he was interacting with victims.

Currently I am not aware of any single HOPE staff member (including individuals on the Code of Conduct team) who had any professional training in Incident Management, Crisis Intervention, or Victim Assistance.  Diverse groups – everyone from NOVA to the DOJ – has training programs that are available, often online, for this kind of education.

While most staff members appeared to simply be un-equipped with the right tools to do emotional triaging and take statements in a neutral and supportive manner… there were a minority of HOPE staff (particularly on the security team) who appeared to be outright antagonistic to attendees with concerns.  I have already mentioned above the widely-disseminated photos of HOPE security staff sharing laughs and beers at Hooters with a group of the disruptors.  It doesn’t matter if these people are legitimately your friends in real life… at the con, when you are event staff, you are obliged to adopt a neutral and unbiased posture if you wish to convey to attendees that you have their safety and well-being at heart.

This is to say nothing of the ongoing conversation that was taking place all weekend via IRC / SMS-IRC which was full of HOPE staff members and their associates blatantly speaking ill of the event attendees and speakers.  A small sampling of such chatter includes…

<recoXXXXXX> Who else is in the room with the traitor giving the talk?  [the “traitor” being Chelsea Manning… the invited keynote speaker who reported large men who tried to corner her and who followed her back to her room, only to be told by event security that they would not kick out the individuals who were known to be causing havoc at the conference]

<ch0lXXXXXX> I think I will some wear nationalist t-shirts at defcon this year.

<ch0lXXXXXX> I should have kept my swastika tat.

<licuXXXXXX> maybe some trump challenge coins would be good for the lulz

<lameXXXXXX> Its all the fucking trannies causing shit woth their fucked up hormone levels and frahkle psychiatric state

<recoXXXXXX> Please force add (XXX) XXX-9274 chelseas-dick

<mathXXXXXX> Wow look at all you mofos not helping clean up hope

<recoXXXXXX> Get the coc crew to help

<recoXXXXXX> Since it’s their con according to them

NOTE – I’m redacting the names here because I cannot personally verify a primary source on that IRC chat log dump.  But more than one person who allegedly was participating in (or was force-added to) the chat has acknowledged it took place.  I will let internal HOPE investigations make their own determination of veracity there.

Disrespect for speakers, attendees, or fellow staff members makes an event look disorganized and chaotic.  Again, to be totally clear… I think that everybody has the absolute, unquestioned right to hold whatever views and beliefs they wish in their own head and in their own heart.  My criticism here is not about that.  However, an event most assuredly is not out-of-line if they opt to instruct their staff (especially their security team) that when they are working and representing the conference, they are obliged to maintain a respectful and neutral attitude and decorum.  I mean, can’t you keep hatred and bullshit like this in check for just one bloody weekend?  Anything less than this, the attendee base as a whole begins to question whether the event has everyone’s best interests at heart.

 

The Right to Be Anonymous

 

HOPE may be one of the last remaining events with what used to be the universal photo policy at all hacker gatherings.  Explicitly stated in the program and reinforced verbally by staff if someone is breaking this rule, the HOPE conference values the privacy and anonymity of their attendees to such a degree that the working rule is “do not take crowd shots, and do not film or photograph individuals if they do not consent to being filmed.”  That is solid doctrine, in my view.  It’s harder and harder to enforce (both in terms of how covert many cameras are nowadays and also due to changing societal norms surrounding the use of camera phones, social media, etc) but HOPE has held to this policy for ages and I salute them for it.

However, on at least one occasion of which I’m directly aware (and I have anecdotal but unconfirmed accounts of others) some of the alt right infiltrators either reported attendees filming them to security (in an attempt to have the regular attendees disciplined / thrown out) or they outright threatened other attendees in regard to being filmed.

I personally witnessed HOPE conference staff engaging in team debates about how to handle such matters.  (Again, the staff members involved can hopefully confirm that I was not trying to eavesdrop and that I repeatedly backed off as I waited to speak with them.  It was clear that they were engaged in heavy discussion and it wasn’t my place to be a part of that conversation… but for as much as I stepped away, voices kept raising and I inadvertently overheard parts of what was being said.)  I recall one distinct conversation between CoC team mebers as they seemed to agonize over the language of the photo policy when one of the MAGA-hat wearing provocateurs reported another event attendee (a speaker, in fact) for “filming him without consent.”

I stood by, dumbfounded, as they tried to dissect the situation and figure out whether this filming was a violation of HOPE’s event rules (they appeared to decide that it was) and then determine what remediation action was going to be necessary.  Again, hindsight is 20/20 and I’m going to try to word my thoughts in a supportive way that doesn’t come across as Monday-morning quarterbacking… but any event policy that prohibits photos should be naturally understood to not prohibit documentation of specific abuses or problems if the person doing the filming explicitly demonstrates that they are doing so in order to report an issue.

Group / crowd photos or harassing photos when someone says “don’t film me” which then get posted to Facebook or Twitter are naturally something that I support HOPE in working to prevent.

Covert photos of harassment or fights or other evidence of incidents which someone then privately shares with organizers or with authorities at the hotel in an effort to stop a problem are not at all something that I think should be prohibited.

 

You Can’t Define Good Faith… But You Know It When You See It

 

The above-described problem illustrates exactly what was so insidious about the alt right infiltrators and agents provocateur at the HOPE conference this summer.  Dedicated and well-prepared trolls have a specific plan for their actions.  They know exactly where the line is and they take great care to not cross it.  Instigators like the MAGA hat crowd whom we saw at HOPE had a playbook and they kept to it like well-rehearsed professionals.  They successfully weaponized the conference rules to their own advantage while catching the rest of the attendees with their guard down.

And here is where we see just how important it is for event staff to have the freedom to use their best judgement in edge cases.  Let’s say you’re walking down 7th Avenue near the Hotel Penn one night and a stranger approaches you.  They aren’t doing anything that is outright illegal, but your spider sense tingles.  You are pretty sure that they’re up to no good and that you are maybe being set up for a mugging or for a street scam or something else undesirable.  Everyone should pretty much understand that you are under no obligation to keep interacting with them and that no one would blame you if you want to get away from them.  So you cross the street or you quicken your stride… and perhaps are met with some string of objections from over your shoulder as they protest that they “weren’t doing anything wrong!” and so on and so on.  But, let’s be honest, you knew that they were up to no good and you took the proper steps to protect yourself.

Conference events have this same right.  An attendee who is disrupting talk sessions (but not going so far as to make actual threats) or following women down hallways (but never actually getting close enough to touch them) or getting directly in someone’s face (but not actually pushing them) knows exactly what they’re doing.  They are playing “within the rules” but finding ways to still make others feel threatened, unwelcome, or unable to participate in the conference.

This is nothing more than a grown-up version of the immature little kids’ nonsense of “I’m not touching you!” in the backseat of a car.  Yes, technically the person is “following the rules” but (and here’s the key thing) they’re not acting in good faith.

In such a hypothetical family road trip scenario, what happens next?  Does anyone honestly know of such a situation wherein the parent in the front seat would ever adjust their rearview mirror, look at what was happening, and then simply proclaim, “Well, Chris, they’re right… Sam honestly is not touching you!  So there’s nothing anybody can do about it.  Sorry!”

Of course that’s not what would happen!  The parent would whip their head around, scowl at the misbehaving child, and sternly say, “Knock it off, Sam!”  Why?  Because the parent can easily see what presumably the HOPE conference leadership was unable to discern for an entire weekend:  that it’s possible to “follow the rules” while acting in bad faith.

Let me be very clear: Bad faith attendees have no place at an event.  They are not there to learn.  They are not there to participate.  They are not there to better the experience of others.  While it may be true that such individuals are “following the rules” it is completely reasonable for event staff to take a proactive stance and confront them.  How would such a possible interaction be handled?  Allow me to quote from an actual example script that I offered to someone during the weekend of HOPE.  (This tactic was not employed, but it’s an example of exactly what I would have said to these instigators had they been at one of my events.)

 

Security: “Pardon me.  Can we speak with you for a minute?”

Troublemaker: “Yeah, what’s up?”

Security: “So, we noticed you wearing a lot of Trump symbolism and being very loud and full of bluster around a number of people here.”

Troublemaker: “Yeah, I’m very passionate about my political views.”

Security: “Well, we’ve been getting some complaints about that, and folk are alleging that you’re intentionally just trying to cause trouble and sow discord.”

Troublemaker: “What damn snowflakes said that?!  I’m not doing that!  I’m just here to attend the event.”

Security: “Oh, ok… So you’re not trying to start fights or anything like that?”

Troublemaker: “No way, man, not at all!”

Security: “Wow, that’s a relief.  You had a lot of people worried and asking for you to be removed.  I’m very glad to hear that you’re not here to cause problems or harass anybody.  So then let me tell you how this is going to go…  There are specific individuals at this event who have been targets of harassment campaigns.  They have no desire to speak to you.  I’m going to make sure you understand who they are, because you are going to not approach them or speak to them in any way.”

Troublemaker: “Uhhh…”

Security: “To be clear, you said you’re here just to enjoy the event and not cause a problem, right?  People who do not want to speak to you are not obliged to speak to you.  And if you keep trying to speak to them, we consider that to be harassing behavior and you will be asked to leave.  Similarly, if any other attendee at any time decides they don’t want to talk to you and tells you ‘don’t talk to me’ you are not to speak to them.  Or else you will be asked to leave.  So, if you are truly here with no intention of causing any trouble or getting anyone’s face and pressuring them speak to you when they don’t want to, you’ve got nothing to worry about.  But if any of these individuals reports to us that you’ve spoken to them or sends us photos of you coming anywhere near them, then we’ll know you can’t follow simple rules.  You just told me you weren’t here to cause a problem. If you can follow the rules, I will believe you.  If you cannot follow these very simple rules, then I will not believe you.  And you will be asked to leave.  Now, if you think this is going to be too hard for you, I am happy to go get you a refund right now if you think this event is not for you.  So, are you going to show me that you can be a grown-up, not cause trouble, refrain from speaking to people who have said they don’t want to speak to you, and not approach anyone who doesn’t want you around them?  The choice is entirely up to you.”

 

You may criticize me and say that this would be putting the MAGA-hat wearing alt-right group into a “no-win” scenario.  To say this is to miss the point entirely.  These infiltrators put all of the attendees and the conference as a whole into a no-win scenario.  Calling them out on their bullshit and giving them the choice of…

  1. behaving as expected (shocking everyone in the process)
  2. getting the fuck out

… is the only appropriate course of action, in my view.

No amount of “that’s not fair” being screamed from the backseat of a car should change a parent’s mind when they’re dedicated to disciplining an unruly child.  And no amount of butthurt from some proud boys on /r/theDonald should make a conference waver in their dedication to ensuring that their event runs smoothly and their attendees feel safe and able to enjoy themselves for the reason that they all came to town.

Matthew Garrett put it best on Sunday after much of the shenanigans by troublemakers at HOPE. “Conferences are under no obligation to represent the community as it is,” he wrote.  “Conference organisers get to choose to represent the community they want to see.  If your conference attendees are repugnant, you bear responsibility for that.”

 

 

Specific Suggestions and Actionable Advice

 

This massive brain dump was something that I felt compelled to do, but if we are serious about improving things for the future, perhaps it’d be best if I were to distill my thoughts down to some specific suggestions:

 

  1. Security staff are mostly seen controlling the outer perimeter of HOPE. At the base of the escalators or at elevator landing on the 18th floor you can reliably encounter staff shirts and security engaging with folk, checking badges.  However, there were many talk tracks where security or even staff presence seemed virtually non-existent, save for an A/V person or two.  Likewise, out on the main con floor on the Mezz level… security tends to gather at their dispatch desk, but was only infrequently seen walking around and getting a pulse of how the event was flowing.  That is a posture for being reactive, not proactive.  Please considering bringing on additional staff whose positions would entail being seated in talk tracks up by the stages, looking out at the crowd, and reporting regularly to Dispatch on the state of things in the rooms (not just security things… but even stuff as mundane as “A/V badly needs a replacement power strip” or “the water coolers are all empty in here.”)

 

  1. HOPE should acknowledge (indeed, anyone running an event should acknowledge) that organizers and staff have an absolute right to confront someone who is perceived to be a jerk or causing problems. Furthermore, HOPE could acknowledge that they absolutely have the power to take proactive steps and head problems off at the pass.  I wrote as much during the event, suggesting that organizers should step in and give everyone present (regardless of their politics or beliefs) the immediate choice to remove hateful iconography or leave.  HOPE did not agree with my assertion, replying to attendees’ concerns with the curt (and inaccurate) statement, “We can’t ban MAGA hats. It’s absurd to think we can.”  This twitter thread shows much of the debate seen on all sides of the issue.

 

  1. Please do not take criticism of your event as though it is a personal insult leveled at you directly. I genuinely fear that my decades-long friendship with individuals such as BernieS may be irreparably damaged after this past HOPE event.  I witnessed Bernie replying to many attendees and speakers with a level of ire and contempt that would normally be reserved for persons who had called someone’s mother unkind names.  I witnessed other staff members treat attendee concerns as though they were playground squabbles, offering Judge Judy-esque “don’t bother me with this nonsense” kind of replies.  It felt like some of the senior staff were taking these criticisms of the event personally.

 

  1. I believe many of these problems would be ameliorated if there were individuals on staff who had been afforded the benefit of professional training in crisis management and/or victim advocacy. While this doesn’t have to be something that every single staff member takes the time to do, department heads at the very least would be well-served by it.  And, most of all, at any given time of the day or night there should be at least one trained person on shift in the role of the official attendee ombudsman who is there to interface with people who are having major problems, to do emotional triaging, and to advise security or event management on what the next best steps to take would be.

 

  1. Part of such foresight and preparation involves tabletop planning. Think not just about the expected scenarios but about the worst-case scenarios.  We have witnessed time and time again how the HOPE security staff excel at being positioned and prepped for exactly the kind of awful, unexpected events that take place occasionally when you combine unathletic hackers, plenty of recreational substances, and a hotel that was seemingly constructed before the notion of OSHA or general principles of safety were ever invented.  Indeed, this year when one attendee had an awful accident on a Segway, his life was quite possibly saved thanks to the quick effort (and, equally important, the training and planning) on the part of HOPE security staff.  Tawnie and others worked to maintain an open airway, stop bleeding, and coordinate with emergency responders.  Unfortunately, it seems that the CoC crew was put into a very hard position given their newly-created status and what (I’m so sorry to say) appears to have been an over-abundance of optimism.  This is clearly seen, I believe, in this tweet exchange, wherein a con staff member asserted that part of the difficulty this year stemmed from the fact that the HOPE conference “had no idea that any of this would happen.”  I have a hard time wrapping my head around that.  HOPE has always been a political event.  They have always courted and danced with controversy.  And this year, amid what is arguably the most tumultuous political climate that many of us can recall in our lives, they invited one of America’s most controversial figures to be a keynote speaker.  Forgive me if this sounds abrupt, but the event simply cannot claim that they had no way of knowing that some people may have had a problem with this.  I am trying so very hard to speak in a supportive way about the event staff, especially the Code of Conduct team, given what they were put through.  I hope that my feelings for all the staff were conveyed properly when I stepped out briefly and returned with armloads of gifts in the form of chocolates, fruit, crackers, protein bars, hand lotion, lip balm, Aleve, and NERF guns in the hope of helping them manage stress in the face of everything.  My support for the staff remains, but I feel that it’s disingenuous for the conference to say “how could we have known?” when all this was said and done.

 

  1. More than anything else, I would like to see the HOPE Conference empower their staff to make their own best judgement calls in situations where the organizers are not present or not reachable or whenever exigent circumstances arise. As I mentioned here, I had a remarkable conversation with Doug, one of the HOPE staff members who was running A/V during talk sessions.  He explained that as news started to surface that alt right trolls were attempting to disrupt talks by taking over the Q&A sessions, one of the concerns on the part of some members of the A/V team who were running sound was that they were “worried it might happen in a talk track where [they] were working.”

 

I asked what he meant by this.  I inquired if he wouldn’t have simply cut such a person’s microphone if they started to spew vitriolic hate speech.

 

“But how could I know if I’m allowed to just cut their mic?” he asked me in reply.  “Do I have that kind of authority?  Would HOPE come down on me for stifling free speech?”

 

I responded to him simply, “If not you… who?”

 

So, yes, it felt to me that there was very little in the way of empowerment from the organizers regarding how to handle these situations.  No instructions were given and no preparation of the staff appeared to have taken place in advance of what just about anyone could have predicted was going to be one of the most controversial HOPE events yet.

 

I asked Doug, “What if someone at the Q&A mic just started using the n-word or shouting ‘Kike!  Faggots!  Spicks!  Fuck you all, goddamn commies!!’ or encouraging people to smash things?”  I said, “Would you have put a stop to that?”  He said yes, he would have.

 

So, hopefully, perhaps we could agree that it was indeed his place and within his power to regulate the room when that’s needed.  When asked how he could know where the “line” was, I simply said… “You’re a decent person.  Trust your gut and listen to your heart.”

 

If someone is acting in bad faith and not making an honest attempt at dialog, then they don’t deserve the whole room as their audience.

 

I’ll conclude with another hat tip and head nod to the venerable Burning Man element in the hacker community.  Without individuals who know how to pull together grand, life-changing things on a shoestring budget and very little sleep, many of the cons we all love to attend would simply not happen.  But there will continue to be a tug-of-war between the Burners and the more “mainstream” citizens in hacker land.  This manifests at many events.  A dear friend and key figure at a number of cons is Scotland Symons… and she and I have had more than one discussion in the past about another magical and biennial hacker event: ToorCamp.  Being a Burning Man veteran, Scotland is always keen to see ToorCamp operate using constrained resources that encourage attendees to do more with less and plan ahead so they can see to their own needs for a week at the very edge of our nation’s boundaries.  She and I might debate the merits of trash collection services on the campground, however there’s one element of ToorCamp where self-reliance is never the order of business: attendee safety.

Anyone who attends can reliably expect to be in a safe environment, free from harassment or abuse.  That is not up for debate or discussion and efforts to ensure this are never farmed out to anyone except the event staff.  And with everyone secure in the knowledge that their basic safety is taken care of, the attendees at ToorCamp are free to cast aside their concerns, their inhibitions, and often their clothes as they teach and learn and talk and create amazing technology and art.

When you agree to stay on someone else’s turf, certain things are “amenities” or simply “nice to have” while other core needs are understood to be guaranteed and functional.  Let’s say a rock band who had been on hiatus for a long time decided to get back together and travel to a luxury cabin in the mountains for some secluded time that would afford them the opportunity to write new music and lay down new tracks.  They’d have little grounds to complain if there was no delivery food service or decent phone reception.  But if they found that the power was out or they were asked to fix the plumbing in order to cook or take a shower, then they might start to object pretty loudly.  “We’re paying you to be here!  How can you not have basic utilities functioning?” they would ask.  The cabin management wouldn’t really have reasonable grounds to respond, “Well, think of how empowering it is for you to discover all the ways that you can manage for yourself under these conditions!”  While such a test of will and skill may indeed be rewarding to some individuals, that wasn’t the goal of the band’s time away.  They wanted to collaborate on art, making new music, and they hadn’t planned on wasting much of their precious time doing maintenance labor.

At HOPE this year, I missed out on many magic moments.  I didn’t get to attend a number of talks I’d been super excited to see.  I didn’t get to say hi to many of the friends I encounter so rarely these days.  I didn’t get nearly enough sleep.  This is because I – and many others with me – spent so much of my time chasing down problems, intervening in tense situations, escorting speakers to their hotel rooms, and looking after my staff of volunteers.

I very much hope that next time around in 2020, the event staff and security will be positioned for a more proactive approach to potential issues and all of us who attend HOPE will once again get to dedicate all of our time to participating in the wonderful magic that exists there without having to look over our shoulders for troublemakers looming in hallways with undeserved confidence they won’t be kicked out the moment they rear their heads.

I am still considering being back in NYC for another HOPE.  How about you?

 

Post Script – For those of you who I’ll be seeing two weeks from now as opposed to two years from now, it looks like DT and his whole crew at DEF CON are totally spun up on this issue and ready to confront any alt right interlopers, head-on.

Months ago, when Tarah and I were visiting Mike and Liz Poor over in Port Townsend, we visited an antique shop.  I typically pick through old cookware looking for cast iron to re-season or have a look at old pocketknives while my wife seeks out stemware that matches our pattern, because having extra goblets and cordial glasses always comes in handy.  However, I never would have expected to make the discovery which I did that afternoon.  Way down in the basement, amid other unloved items, was an old US Postal Service mailbox.  I do not mean a blue collection box.  I mean a segment of what were once a series of many individual boxes all along the wall in a town’s Post Office.

It was marked as $80 and the woman working there stated that she “though it had keys” but this turned out to simply be a huge jar of unmarked and well-worn keys that were mostly worthless.  It would take me forever to decipher which keys serviced what doors… and even then there were bound to be doors that couldn’t open.  The box itself had been subject to years of use and at some point became the victim of a very unfortunate paint job.  Still… I knew I had to have it and almost instantly had an idea for a project.  After negotiating down to $60 we managed to get this heavy beast up the stairs and out to my truck.  And there you see it, sitting in our basement… where it remained for a time.

Very fortunately, the unit had no back (after all,the rear side of a box like this would normally face into a back room at the Post Office so that staff could slip mail into each cubby hole for the recipients) and I was able to reach through and manually trigger the spring-loaded door releases.  So I could open each flap and inspect the inside.  The mailboxes would at one time have been equipped with Federal Equipment Company “Grecian Style” combination locks (the embossed “star” pattern on each metal door features alphabet letters arranged around in a circle which were used for dialing the combination) but those locks had been retro-fitted at some point with keyed locks.  I removed one cylinder for closer inspection.

I took off the door, as well, while I was at it.

I set most of the parts aside at first, because I wanted to focus on the lock.  The idea I had in my head involved re-pinning and rebuilding these locks for a contest.  Now, while contest locks don’t necessarily need working keys, I knew I’d need fresh keys if I wanted to use this box in day-to-day life (and also having blanks around would make disassembly easier)

These lock cylinders feature a small downward-protruding cam (which is affixed mid-cylinder as opposed to out at the tail) to engage the door release.  They also feature a rather unique keyway.  It looked almost exactly like a classic Yale 8 keyway… but something didn’t seem right.  I grabbed a Yale blank and it fit… but only if I inserted the key in from the tail side!  Yes… just as I suspected, these locks used what was once a famous key: the “Reverse Yale”

There are threads on some lockpicking forums about this key, and how the blanks are ostensibly very restricted.  According to Knowledgeable Internet Persons™ it’s a Super DoublePlus Bad Crime to possess such keys and it is not easy to source blanks.  I wasn’t going to let a little thing like alleged Federal regulations stop me, though.  😉

With some very appreciated help from fellow TOOOL member and noted antique lock restorer Nite0wl, we started looking through key references.

I measured a series of assorted conventional Yale keys I had in my shop and tried to determine exactly what keys might work.  While US companies like Ilco may defer to our regulations, foreign suppliers like JMA and Jet have no such compunction.

I found two likely candidates and ordered them, then created a keying chart to achieve the results I had in mind.  I checked my LAB pinning kit and noticed some of the trays were a little low on quantity… so I also ordered some replacement pins.  A few days later, I was ready to take the next steps.

As I had awaited the key blanks and pins, I took a shot at picking some of the locks on the mailbox.  While a number of them would open, many were really janky due to age.  And the Yale keyway is close enough to paracentric that it’s not a trivial task to pick.  I didn’t find the idea of manipulating sixteen of these locks in a row appealing.  Thankfully… those who have been in our classes before know that we advocate rear-side shimming with the use of thin slips of metal and a blank to ease disassembly.

So things were looking up!  These locks, old and corroded though they may be, were opening pretty easily for me.  One curious note I had pertained to the numerical codes stamped on to the rear of each lock.

At first I wondered if these could be direct bitting codes, but as you can see… that’s not the case.  Oh well, no worries… I was not planning to keep the original pins and bitting of all the locks.  Everything was going to be rebuilt 100% fresh.  And speaking of fresh, these locks needed some extra care and attention before I could consider them useful again…

This corrosion and tarnish simply would not do.  So it was time to break out the WD-40!  Now, as many folk will tell you, WD-40 is not an ideal lubricant to use on locks that are in service.  However, if you have old and corroded locks… WD-40 is not a bad product for cleaning and breaking free old, tarnished parts.  One of the most interesting ideas I ever heard was someone who advocated putting all their old restoration project parts in a bucket, pouring WD-40 in there, sealing the lid, and then keeping the bucket in their trunk as they drove around for weeks.  But I didn’t want to wait weeks.  It was time for an ultrasonic bath…

After merely 30 minutes in WD-40 under heavy cavitation, this is how the plugs and housings came out!

Not bad, right?  I laid out all the parts and was very happy with how things were shaping up…

… I thought that the very front face of each plug could use a little more shine, however.  Being the most exposed part of the locks over the years, they were subject to the most handling, fingerprints, etc.  I grabbed a rag and some Brasso and shined up those front faces!

That sure spruced things up.  I also, however, left some of the Brasso residue packed into the keyways and I wanted to flush that out of there.  I tried blasting some air and wiping the parts off, but honestly, I had the ultrasonic bath right next to me and it was still full of WD-40 so I said why not give things another round

Everything came out fresh and clean.  But, as we have said many times, WD-40 is not an ideal lock lubricant.  So after wiping everything dry, I gave a good treatment of graphite to the inside of the lock housings and across the plugs.

Now it was time to try to do something about the very unfortunate heavy coating of mauve paint that had been applied to those metal doors.  It was really caked on and had been there for decades.  So I wasn’t sure what it would take to get it off there.  I started out by trying odorless mineral spirits…

When the OMS didn’t work (even in a heated ultrasonic bath) I asked the staff at Home Depot for suggestions.  They sold me a small tub of a thick gel stripper compound, and said to let it sit for a while on the part.  I tried that…

And that didn’t make any difference.  So I returned the gel and then started to throw everything I could at the painted metal…

I left little portions of the metal doors coated in spots of product and waited a while.

While a few spots resulted in some tiny flakes if I really rubbed and scrubbed hard, nothing seemed like a truly functional solution.  These metal doors feature all kind of crenelations and stippling all over their surfaces.  I couldn’t dig in with hours of effort on all 16 doors just to hopefully get the paint off.  But then, a breakthrough…

One spot on one of the frames started to show some good signs of flaking after I let things sit a bit longer.  I checked my notes, and it turns out this was a spot treated with Jasco Paint Stripper and Epoxy Remover.  So, the most caustic and formidable product I had was likely a big enough gun to fire at this problem!

If you have a project like this at home, I cannot stress enough just how dangerous this substance is.  It’s not going to eat away at your flesh like xenomorph blood… but it will not escape your notice if you get any on yourself.  Rinse it off quickly, lest you start to feel a burning sensation that won’t abate until you flush the area with water.

Wanting to maximize the effect of things, I prepared another hot bath and had some success with one test piece…

… then I started running the parts through it in 3 to 5 minute rounds each…

… basically I was taking doors off the front of the box and dropping them into the Jasco bath, and with each new door going in on one side of the tub, I’d pull one out of the queue from the other end.  It was like an assembly line.

I was of course disassembling all the other components from the doors as I removed them…

As I pulled the doors out of the Jasco solution and let them sit, the impact of the heated agitation was immediately obvious…

With the paint finally worked loose, I was able to use a wire brush to scrub it all away.  The deep grooves, the stippling, all of it came clean and revealed the wonderful original brass beneath.

I was thrilled to have finally stripped the metal clean of all that old paint.  But, of course, I didn’t want to leave the doors in this condition.  I wasn’t going to let caustic chemicals remain in the grooves and hinge crevices, etc.  So I put them back into another WD-40 bath to soak out all the remaining Jasco while I turned my attention to the next phase of the project.

It wasn’t just the gorgeous old brass doors that had been painted over.  The wood cabinet itself was a dull khaki color and had some government codes stamped on it.

As neat at that is, I was planning to use this as a display piece in our home and at an upcoming event.  So I knew this would have to be sanded down.  I love restoring old furniture, so this was well within my wheelhouse.

The belt sander and my sanding pad made short work of things.  Given all the small, curved surfaces I’ve restored in the past… it was beyond wonderful to simply have nice, flat boards to work with!

The only spots where paint was a little recalcitrant were the dado joints, since surfaces didn’t match up perfectly smoothly.  But a little extra effort got them into line.

Finally the entire wood was bare on all sides and even on the small slats in the middle.

I had started with 60 grit and then 100 grit paper, then I did a pass with 220 to prep the surface for staining.  I took a short break from this effort by getting all the brass doors out of the ultrasonic bath to pat them off and let them drain, then I applied the first coat of stain and brought the box inside to dry for the night.

That evening, I set about the task of re-pinning all of the lock cylinders.  I had cleaned, polished, and lubricated them all so it was really a treat to see how smoothly they started to function as I pinned them up.  I had all of my proper, working keys for the task on hand (the JMA blanks were a perfect fit, and the keys were originated on a Blitz 1200, if you’re curious) and a detailed pining sheet allowed me to progress through the task easily, as I listened to podcasts.

Because I didn’t want to mix up the locks once I had meticulously prepared them, I added my own numerical stamp codes to the rear sides of their housings.

Happy with the day’s work, I went to bed.  The next morning I awoke eager to keep at it, and that afternoon I was back downstairs and hauling the big box outside again for more stain.

With a second coat of stain applied, I had time to then begin re-assembling the individual brass doors.  I cleaned all the panes of glass (I was amazed that they had all survived and were intact when I purchased this piece) and I took care to not crack any of them now.

I reassembled the spring latch rods and fitted locks into their mounts.  The doors all worked like a charm.  🙂

Sixteen doors… all reassembled… all locks re-pinned… all lubricated… all brass clean and polished… it felt amazing, I won’t lie.

I went back outside and the second coat of stain had sufficiently dried enough to begin applying varathane satin clearcoat.  Things really started to look wonderful at that point.

I also took a look in my assorted oak board pile and found a piece suitable to become the back cover.  Some measurements and a quick run with the Skill saw had a decent board ready for stain and coating.  After letting things sit in the driveway for a time while I did other work, I hauled them all back inside and applied another coat of polyurethane.

Much later that night, just before going to bed around 2:30, I went all the way back downstairs to apply one more coat across everything and let it dry all through the night.  The next morning was going to be the start of assembly day.  🙂

My goal was always to have this piece feature a finished (and enclosed) back.  Both for display purposes but also so that it could function as a contest at upcoming events.  (You’ll see how… read on!)  I pulled an old Abloy Protec cam lock from a previous project box and took some measurements.  I then grabbed a 5/8″ Forstner bit and marked the two very close points on the wood where I would drill for a Double-D prep for the cam lock.

It was a perfect fit for the cam lock body… but I still opted to install a metal reinforcing plate anyway.  Because if something’s worth doing, it’s worth doing right.  (Or, worth over-doing, as some folk say when watching me work. 😉 )

The same care and attention was taken when mounting the hinges and hanging the back panel door.  Precision, careful attention to detail, and pilot holes ensured the wood wouldn’t split and everything would fit perfectly.

Now, the back panel was only going to be 1/2″ thick (I didn’t have any oak sheets in 3/4″ or 1″ at the time) and the brass screws that came with the hinges would have poked through (always an utterly frustrating thing to happen when you didn’t anticipate that!) so thankfully I saw that coming and took the time to trim down the screws which would drive into the back door.

With everything looking alright, it was time to hang the rear door.

A small metal reinforcing L-plate on the inside was sufficient to engage the Abloy cam with a nice, snug fit when the door is fully closed.

It was now — finally — time to re-install all the brass doors.  This was a moment I had really been waiting for, since I wanted very badly to see things all back in their proper place!

I can’t really say how satisfying it was to have this all back together and to see all the keys work as they should, front and back.

And there you have it!

Now, dear friends, our story could have simply ended there.  A fun and satisfying restoration project… yes, all well and good.  But you may recall that I told you at the outset how I had specifically envisioned a plan for this box back when I spotted it in the antique shop.

Let me first haul the completed unit all the way back up the stairs and place it by my bar so I can tell you the rest…

You see, from the outset, I thought that this would likely make an ideal bottle rack.

But my wife (even back when I first discussed the idea, as we were riding the ferry back from Port Townsend) knew better.  While this is a very cool idea for a wine and whisky storage solution, it is not nearly as practical as our wall-mounted rack for the former and my bar shelves for the latter.  The post box, quite frankly, doesn’t display enough of the bottles to allow easy selection.  The little windows merely show just enough to tantalize but not quite enough to actually inform someone.

But what if the aim was not to give someone the whole picture?  What if we want to tantalize and entice someone else with the hope of securing a bottle for themselves?

Ladies and Gentlemen, I give you the next lockpicking contest I will have at an upcoming hacker conference:  The Booze Box

Remember when I said I planned out the pinning and bitting chart with care?  I had a purpose in mind.  My plan is to stock this box with an array of 16 different bottles of wine and whisky — with simple, economical delights at the top and progressing to rare red varietals and single malts as one gets further down — and set it out for aspiring lockpickers and drinkers to see what they can open!

If you look through the little window and see a bottle is still present inside… you know no one has yet claimed it.  Try to pick the lock… if you get the door open, the bottle is yours!

I hope this all works out.  And even during the rest of the year when I’m not displaying this as a contest at hacker events, it will live in our home as a conversation piece and one more in a long line of restored furniture which I enjoy.

So there you have it!  I hope that you found this story to be a fun read.  May it inspire you to tackle projects of your own.

Go create something wonderful.

 

My wife owns a small blue ceramic bowl.  I was never the biggest fan of it, since it doesn’t quite coordinate with anything in our kitchen (everything on the counters in there is stainless steel or Kitchenaid’s empire red) but she really treasures it due to the history this piece has.  So it finds its way here and there in our home, offering a resting spot for little odds and ends.  At least, it did… until it cracked.

Now, Tarah and I are pretty vehement about getting rid of things.  For every new item we have ever acquired since we became a couple, I’m going to guess that we have shed at least ten other things.  But every once in a while, you just can’t let something go… even if it’s in need of repair.  We value mending as a skill and like to get more use of items when possible, but this has historically been relegated to repair of garments, electronics, or furniture.  Sewing, soldering, and either wood refinishing or welding are all solidly within our wheelhouse as far as skills go.  But neither of us had extensive experience with pottery repair.

Instead of trying to do a subtle and covert glue job on the handful of ceramic fragments from the broken bowl before us, Tarah asked me if I had heard of the Japanese process of Kintsugi.  I admitted I had not… but when I read about it, it pleased me.  From the article linked just there…

 

The practice [of Kintsugi] is related to the Japanese philosophy of wabi-sabi, which calls for seeing beauty in the flawed or imperfect.  The repair method was also born from the Japanese feeling of mottainai, which expresses regret when something is wasted, as well as mushin, the acceptance of change.

 

All of this is right up my alley, so when Tarah suggested we research methods for attempting this, I was instantly on board.  I checked with some folk among our local maker and hacker scene, but none of them had any insights to offer.  After some googling, however, it became apparent that some people have attempted a kludge-y method of this technique that simply involves mixing gold pigment into modern ceramic bonding glue.  We were game to try!

 

I purchased two simple supplies from Amazon… a tube of 3M ceramic adhesive and a jar of Jacquard gold pigment powder.  When they arrived, we simply re-created the steps that others had described in the occasional internet forum post:

 

1. Mix a dollop of the ceramic adhesive with a portion of the gold pigment.  How much?  Eh, the internet is non-specific.  We just sort of mixed in gold until there was a nice sheen and solid color but the adhesive did not appear to be turning into paste or otherwise losing its viscosity.

2. Load the gold adhesive gel into a baggie.  We just used our mixing toothpicks to spoon the gel into a zip-loc bag which was inverted.

3. Snip the end of the bag just a little bit on the corner.  Anyone who’s done cake decorating can see what’s coming next.

4. Squeeze the baggie to pipe the gold adhesive onto the seam of the pottery you’re attempting to repair.  You want good, even coverage so that when you press the pieces together they “splurp” just a little bit outside of the seam.  (That’s a scientific term, of course)


5. Press together the pieces you wish to repair, and use rubber bands to hold them in place.  NOTE – it is immensely easier to apply the rubber bands with a second person participating in the process with you.  I frankly can assure you that there would have been a lot more swearing and crumbling during failed attempts if I was trying this solo.

6. So there you go!  After about 4 to 6 hours the adhesive will be somewhat robust.  In my experience, it won’t totally set until at least 12, however… so let it stay there overnight.  Proceed cautiously, one crack at a time, and in the end you will hopefully be satisfied and happy with your DIY Kintsugi repair!  🙂

Ganbatte!

This tumultuous year, 2017, is drawing to a close.  Many of us have weathered the holiday season and have sat through the attendant family dinner table discussions that happen over Thanksgiving, Hanukkah, Christmas, and so on.  However, I’m told by many friends that this year something was different.  Yes, there was still the occasional deluded ranting from someone’s racist aunt or uncle who wants to share whatever MAGA-inspired hafefulness they read from FreedomEagle88 on Facebook.  “Yeah, Daryl, sure… Of course there will be another border wall going up very soon, and this time Canada will pay for it,” was possibly the type of conversation someone was forced to silently head-nod along with, as they watched their relative yammer on and ask people to change the channel to Fox News.

But, for many families, people saw something new in the holiday dinner conversations this year.

For perhaps the first time in as long as I can remember, a rising tide has been swelling and the waves have crashed over the rabble of reactionary and misogynistic voices of the past, drowning them out.  I’m talking about #MeToo.  I’m talking about Codes of Conduct at conferences.  I’m talking about the fact that for the first time in as long as I can remember… mainstream, everyday voices are loudly and clearly expressing support for victims and shedding a light of inquisition on the accused.

This sea change which has impacted the dinner table, the hometown newspaper, and even the corridors of power and influence is also notable among the hacker community.

We have seen abusers in the hacker community outed and accusations aired publicly instead of kept quiet.  Conferences which had previously been resistant to adopting Codes of Conduct are now leading the charge and engaging with the community to solidify policy language and better-educate the public about their commitment to keeping attendees safe.  These are important and changes and those in the hacker community who have driven these positive steps deserve thanks and appreciation.

 

But 2017 apparently isn’t going to go out quietly, it would seem.

Some of you have already seen the reports coming out of this year’s Chaos Communication Congress event, but for those who have not… here’s a quick rundown to get you up to speed:

  1. The CCC events are magical happenings of discovery, free association, hacking, and community building.  For many in the community, this is the “big” one that they look forward to attending every year.
  2. The CCC events also have, unfortunately, been one of the cornerstones for abusive behavior… a place where perhaps most-infamously Jake Appelbaum harassed and abused others for years without being stopped.
  3. The organizers of CCC have been resolute in their resistance to adopting a Code of Conduct despite the fact that it is long overdue, especially for an event with such a checkered past.  They have what they refer to as an “anti-harassment policy” but it is pretty toothless given that, as has always been the problem for events without a clear-cut and fully-featured CoC, there are no enforcement mechanisms or policies that speak to how they will keep attendees safe.
  4. In keeping with the CCC’s historical policy of “mediating chats [between] opponents” as opposed to taking action to expel abusers, we see yet another example of a badly mishandled report of abuse this year…
  5. Someone reported to CCC back in August that a documented, verified abuser was possibly considering attending the event this winter.  Ultimately, the CCC organizers ignored this information (and all of the police reports and other evidence) and have allowed the attacker to attend.  And they informed the victim on the eve of the event, after they had spent time and money traveling to Germany.
  6. Even now with public pressure mounting and more and more “are you kidding me?!” comments and “I will never attend CCC if they do not address this!” statements being aired by notable figures in the hacker community, the Chaos Communication Congress has taken the official position of, “We don’t want to get involved, we aren’t going to eject this accused person, and the decision is final.

 

To say that this is tone-deaf and ultimately self-defeating barely covers it.  I am deeply saddened that as a community we have to keep having this battle when people come forward with well-founded accusations against someone in our midst.  However, I understand why this happens.  I know… because I’ve seen it firsthand for myself.

 

Let me take you on a journey to Poland, back in 2013.

For a number of years, my associates and I were a mainstay at an event called CONFidence, run by the ProIdea crew.  We appeared as speakers, we ran hands-on workshops and lockpicking tables, and ultimately we created an immersive, live-action game that took participants on a frenzied journey through hacking and shooting challenges.

While my team and I were present in 2013 to run this contest, an incident occurred on the eve of the conference, after the speaker/organizer dinner at a local restaurant.  Accusations were leveled against Fernando Gont by Georgia Weidman (both of whom were invited to speak at CONFidence that year*) after an encounter in a hotel room.  I want to be as clear as possible about my beliefs regarding how events unfolded that year:  I do not think the accusation was responded to properly.  I do not like that the victim was not shown adequate support.  And I feel personal regret for any role I played in the matter.

Yes, I include myself in the landscape of errors which took place in Krakow that summer.  As a notable figure within the hacker community (and because of the fact that I was an American and thus more personally known to the other American speakers at the event) the organizers as well as the victim both turned to me for support at the time.  And, being totally untrained and ignorant of how to best approach the situation, I was only able to offer unhelpful blank stares and what amounted to little more than a hug and “can I get you anything?” statements.

I offered the same statements we’ve all heard so many times before:

  1. “I wasn’t there when anything happened” (my team and I were not staying at the conference hotel, but rather in another part of the city) and
  2. “I had heard that the local authorities were handling the matter, so wasn’t that the right course of action?”

 

Looking back on it, I regret that my ignorance of how matters like these unfold made me a very imperfect ally and an unhelpful friend at the time.  Of course, now we know better.  As a society (and as a community) we now know that victims shouldn’t be put in a position where they are compelled to make difficult decisions and be responsible for how incidents are investigated during a time when they are hurt and feeling vulnerable.  (This is best seen in the myriad ways that event organizers will ask a victim “what do you want us to do?” or “what do you think the proper response should be?” etc, etc.)

I also allowed myself to be pulled into a Twitter debate over the “merits” of the conflicting accounts and I spoke unkindly to the parties involved.  I allowed my own desire to not be a part of a divisive situation to undermine my ability to act in support of others.  (This is often seen in the “this sounds like a problem between the two of you… leave me out of this” type of statements that organizers as well as other community members will make when they want to see a distressing incident simply “go away.”)

The event put up a blog post afterwards, wherein they offered many of the same sanitized statements that we have heard in one form or another regarding previous incidents elsewhere.  “We verified that both hotel security and the local police were responding to the situation,” the organizers remarked. They asserted that they were “providing all possible support to both of the parties involved in this matter.”  They went on to state, “We handled all logistical arrangements to ensure that they would not be obligated to have any further contact with each other, we continued to serve as a liaison between them and the Polish authorities, and we have offered to do whatever is necessary in order to help them resolve this matter.”

 

It is a response written in corporate-speak, and one which makes it sound like the matter is resolved… at least to corporate ears.  But the response that spring in Poland utterly failed to provide support to the victim and failed to address the incident in the same way that the Chaos Communication Congress is failing to handle things right now.

Passing the buck to local police authorities and then taking the position of “we’ve done all we can, now please leave us out of it” has been recognized time and time again as an inadequate response, and one which usually continues to harm the victim while letting the accused party off virtually scot-free.  Now, I get it… I really do.  I was there** when the organizers*** took this position.  Looking back, I see how easy it was for everyone to fall into the trap of “the police should handle this” as they throw up their hands.  However, passing serious accusations along to local authorities should be the start of the response process, not the end of it.  No one is suggesting that conferences have the same powers of investigation and response as law enforcement, but they still have a duty to consider evidence and take any steps possible to protect their attendees.

The actions of the Chaos Communication Congress have been very lacking in this regard.  Their response to this incident has been to…

  1. Ask the victim to provide evidence of their attacker’s actions
  2. Privately consider the evidence without asking for further input or help from experts
  3. Position the victim before a panel who seems to have been openly contemptuous of her claims and who directly dismissed the evidence being turned over to them
  4. Ultimately land on the “we don’t know what to do, so please leave us out of this” position… and tell both the victim and the accuser that they may attend.  Which, of course, continues to punish the victim while absolving their attacker of any responsibility or consequences.

 

The victim is not the only one harmed by this response.  The community as a whole is hurt.  And this will continue to be the case, with more people put at risk and bad actors not forced out of the scene, as long as we allow corporate-style thinking and passing the buck to take place when reports of wrongdoing surface.

I wish to truly apologize for any part I played all those years ago in an event’s failure to adequately respond to an accusation.

The organizers of the Chaos Communication Congress should apologize for the the way that they are failing the community now.

 

 

So, How Should Events Respond to Incidents?

There is no shortage of people expressing everything from chagrin to outrage over the manner in which the organizers of CCC are handling this situation.  (I am not familiar with anyone, actually, who has yet come out in defense of their decision in this matter.  Please forward me any news of that if you’ve seen such comments.)

However, amid this tidal wave of criticism being directed at the Chaos Communication Congress for doing basically everything wrong, it may be beneficial to take a moment to explore what conferences should do if they wish to get things right.  What training, plans, and policies should an event adopt if they are seeking to build a meaningful, useful toolkit which will help them address incidents that come up?  What ground work should organizers lay as a foundation in order to keep their attendees safe?

I am not an expert in this field, but I have run several conferences and events of varying size and can speak to the bare minimum preparation that organizers should undertake.  These are just considered the minimum best practices.  Speaking with subject matter experts and seeking outside advice and counsel from other sources is recommended.

 

Emergency Contacts

Every event organizer should research and prepare a list of contact information, at minimum, for their venue security, local police, nearest emergency room, local crisis centers or counselors, and have some means of summoning and directing transportation options for others.

Specifically, do you know the head of security for your selected hotel or meeting space?  Do you know their actual name or do you just have an office extension or email address?  Do you know if they work a regular shift?  What happens if the hour is late and they’re not on duty?  Do they have subordinate staff who will respond right away?  If your conference is particularly large, consider reaching out to your local police precinct before your event.  Ask them about the best means of reporting an incident quietly and through proper channels… lest you be left with no other option than to simply dial 911 and be routed through a variety of switchboards only to ultimately have two patrol officers with no specific crisis training appear in a marked cruiser with their lights flashing.  Do you know directions to the closest hospital with an Emergency Room?  Have you researched local facilities that specialize in counseling people who are facing mental health crises or sexual trauma?  Are their staff available at all hours or is an alternate contact line necessary during the night?  Lastly, consider provisioning something like a Lyft account on certain staff members’ phones with payment cards already configured so that your event can summon hassle-free transportation as needed to or from the venue, to local emergency care, etc.

Prepare all of this information in advance of your event and share it with your staff members as part of their orientation.

 

Instruct All Staff on How to Process Reported Incidents

You will not likely have the opportunity to train all of your staff on every detail of handling incidents (especially if your staff consists partially of volunteers) but at a minimum they should be instructed to…

  • reassure victims that they are being heard and supported
  • offer victims a safe and private location to discuss what happened
  • not “push” victims into divulging more information than they are comfortable sharing or taking actions they do not want to
  • ask victims “is there someone you want here with you?” and assist them in fetching this other trusted party
  • take notes and establish a written record of incidents as soon as possible when they are reported (if the victim is comfortable with it, written notes can be taken during the reporting process itself)
  • if everyone is presently physically safe, involve law enforcement or security only at a victim’s request
  • offer to inconspicuously escort (or immediately find a suitable escort) the victim to the next most appropriate location to which they want to proceed.  (NOTE – even very small events should be able to provision at least one person for such duty to ensure the safety of attendees as necessary.  If “escorting someone for the next 20 to 30 minutes” is a burden upon your event met with concerns of “but then who will run the T-Shirt sales?” or “I was able to take this report from you but I have to remain here to monitor the radios” then your event did not plan for adequate staff.)

 

Do Not Ask Victims for Advice on How To Proceed

Do not burden victims further with emotional or logistical work.   A great deal can be said about this but it should be thought of as framing all interactions with the victim as, “We are preparing to follow-up by doing such-and-such, are you OK with that?” as opposed to, “Do you want us to do such-and-such in order to address this?” or, even worse, “What do you think should happen next?”

Imagine if someone were to visit an Emergency Room.  They walk in from the vestibule with a deep laceration on their arm and approach the triage nurse.  They say, “Oh my gosh!  I’m bleeding pretty badly here!”  The ER staff will immediately assess the situation and then spring into action, using all of the tools and training (which they had already prepared in advance) to best attend to this person’s needs as efficiently and professionally as possible.  What the ER will staff not do is have a few nurses, orderlies, and maybe a doctor stand there in a semi-circle and ask in a desultory tone, “So what do you think should be done about this?”

“I’m bleeding here!” the patient might respond again… can you please help?  Stop the bleeding!” is all they can muster.  “Well,” one of the nurses says, “did you do anything in particular to cause this wound?  You aren’t one of those people who juggles knives, are you?”  A doctor perhaps reaches into a drawer and comes over, holding gauze and some suture thread.  “I can press some gauze and quick clot down on it right away if you want this stopped quickly.  Or, i can stitch you up.  That might take a little longer, but could be more effective.  What do you think you’d prefer us to try first?”

Can you imagine this taking place in an Emergency Room?  Of course not.  Because, we all recognize that during a moment of crisis, an individual who has suffered a trauma like this should not be burdened with making their own decisions in that instant.  They are most likely not in the best position or headspace to judge exactly what actions should be taken and this is precisely why they have turned to other people — people whose role is to have more training and preparation — to execute on addressing the issue.  Now, good bedside manner dictates that the hospital staff would be wise to keep the patient informed as to what is taking place (“in a situation like this, we really need to get some disinfectant on the wound.  It is likely to sting, but only for a second.  I’m going to swab it with this alcohol pad now… ready?”) but at no time should the patient be burdened with deciding what is going to happen next.  The only decision that rests with the victim in that moment should be whether they are consenting to the care being provided.

Perhaps an example of a near-perfect response to a hypothetical reported incident at an event would be the following:

OK, I am understanding that you have had a specific individual following you around during the whole event, sitting near you during talk track sessions, and ignoring your desires for them to leave you alone.

In accordance with our policies, we’re going to have them come speak with us in a private meeting room and we’ll be informing them that it’s been reported that they are breaking the rules of our event by harassing someone else in attendance.  We aren’t going to mention you by name, nor will we confirm your identity if they ask.

We are going to make it clear that this behavior is not acceptable and that it has to stop.  If they continue to follow you around or wind up next to you at parties, please let us know immediately.

Are you OK with us following-up on this?  Where would you like us to escort you right now?  Do you have a safe place you can go and any trusted friends whom we can have escort you there or meet you there?  What is the best medium through which we can get in touch with you later?

We are so sorry that this has happened to you at our event.  This is not what we stand for or want to see from our community.

 

Have Specialized Staff who Act On Reported Incidents

While any staff member (or even a monitored email inbox or phone line) can process incoming incident reports, it should be the duty of specific, designated staff members to respond to them.  Have a specific point person (or persons) who are responsible for enforcing your event’s Code of Conduct.  Ideally, such persons would have at least a modicum of crisis intervention training or counseling training.

Incoming reports of any harassment or incident should be passed along to these specific staff members (if the situation permits, such specialized staff may be brought in during the initial time of report-taking when a victim has come forward) for handling in accordance with your event’s policies.  The dedicated staff member should do their best to conduct an investigation and then determine what ramifications, up to and including possible expulsion, are merited.

 

Investigation of Accusations

Ask the victim if there they are aware of any witnesses to what took place.  Do not burden them with heaps of additional logistical work in tracking down such people if possible.  If the individual reporting the incident knows roughly who the other witnesses may be, make the effort to seek them out through channels available to you.

It is also appropriate to speak to the accused party.  It is recommended that this be done in a place of privacy and safety much like the one afforded to the reporting party when they made their initial statements.  (Care should be taken, of course, to not have these two parties cross paths when escorting them in or out of such a space.  The accused party may not be entitled to immediately know the identity of the reporting party right away.  This is not essential to your investigation.)  When speaking to the accused, ask about their own version of events and if they have their own witnesses who may offer a different account.

Most of all, an event should do their best to seek out impartial 3rd party witnesses (but in doing so organizers should do their best to not broadcast the nature of the incident too widely or share private details of what transpired or what has been reported.  One might simply seek, say, a group who was dining at an adjacent table and state to them, “We had a report of a small disturbance earlier, were you eating here at this booth 20 minutes ago?  May we ask if you witnessed anything out of the ordinary?”)

Regarding the “no one else witnessed it” problem… this is perhaps the biggest hurdle over which many event organizers stumble, and stumble badly.  An incident may have taken place in a private space, or off-site, or perhaps even long before your conference was scheduled to take place.  If there are no other witnesses to corroborate any party’s account of what transpired, let these two rules guide you:

  1. Any additional evidence, even if it is imperfect, may be considered
  2. No one says you have to get things 100% right immediately, but err on the side of protecting people

 

Understand that you, as a private event, are not held to the same standards of evidence as police investigators or the court system.  You do not have to reach any specific standard regarding “reasonable doubt” or “admissibility” and the like.  Even if the evidence available to you would not be sufficient to have a judge grant an order of protection or for a prosecutor to bring criminal charges against a perpetrator… you, as the organizer of a private event, absolutely have the right to follow through with whatever ramifications (up to and including expulsion) that you feel would best serve the safety of the victim and the community.

 

On Ramifications and Expulsion

Part of the responsibilities you are choosing to shoulder by organizing a public event is the duty to enforce your Code of Conduct, and this may mean taking action against individuals who act badly.  Before you open your doors and before any incident has ever been brought to your attention, your organization should have:

  • A written policy on how warnings are given to alleged perpetrators who transgress your Code of Conduct
  • A practice of centrally-recording and documenting warnings so that it is known if someone has already been spoken to
  • A written policy concerning how many warnings an individual may be afforded before being asked to leave (to ensure consistent enforcement)
  • A policy that also takes into account patterns of behavior, off-site actions, and other factors which may not have been part of official, reported on-site incidents but which speak to whether an attendee is committed to behaving well or behaving badly
  • Acknowledgement that a single serious or deliberate offense can move someone past the phase of being issued “warnings” and potentially result in immediate expulsion
  • A written policy that explains how attendees who have been expelled may be reimbursed or may appeal this ruling, if they disagree with the nature of the enforcement

If people are gathering together at an event which you are organizing, you have a responsibility to them and to the community.  Prepare for incidents before they ever happen and instruct your staff on how to treat everyone with respect and kindness so that victims are supported and ramifications for rule-breaking are enforced fairly and consistently.

Much in the same way that we as a community have stood up and said “if you can’t follow a Code of Conduct, you don’t belong at an event” we should also acknowledge that if people can’t commit to planning for the safety of attendees at their event adequately, they shouldn’t be running one.

 

 

 

 

 

* At the time, the names of the parties involved were made public on Twitter and through a series of blog posts, but they are being repeated here only after asking Georgia if this would be ok to do while retelling this account.

** Full Disclosure: I believe I may have actually been among the first individuals to see the event’s statement of response to this incident.  As a native English speaker, I was shown a preliminary draft of the text and wound up providing grammar and wording corrections to the organizers.  At the time, I had stated that I was considering blogging about the whole matter myself, but I never did.  It feels pretty shitty, I have to admit, that the only “official” statement out there regarding what happened is written in this sanitized language.

*** Additional Full Disclosure: While I don’t typically disclose internal business matters, I must acknowledge that the last time my team and I worked with ProIdea, a number of invoices were left unfulfilled and we are still owed money from the event organizers.  It’s been years and therefore sadly it is money we don’t honestly ever expect to collect, but I simply want to be up front about this so that no one attempts to levee accusations of “Deviant is looking back on this with a new viewpoint simply because that event didn’t pay their bills.”  That is not the case.  I am looking back on this incident with fresh eyes and new views because my own understanding of these kinds of incidents has grown thanks to the efforts of so many in the community who have spent time educating others about victimization, harassment, and the abusers who have hidden among our ranks for far too long.

This post is a direct follow-up to my previous blog entry, wherein I discussed parallels between the hacker community (of which I am a part) and the sex work community (where I have many friends).  I offered the notion that both worlds consist mainly of people who are often misunderstood (and thus feared) by “mainstream” society… and this leads to everything from bad journalism to bad legislation.

While that previous entry was inspired by something that was said by the erudite firebrand Maggie McNeill, this post is inspired by commentary by the illustrious Mistress Matisse.  Matisse and some of her other colleagues were discussing a topic that had gained a surprising bit of momentary traction in the press: whether laws prohibiting sex work could be found to be unconstitutional.  “Given the inherent privacy and self-determination rights (specifically, sexual freedoms) codified by the Supreme Court in Lawrence v. Texas and other related landmark decisions, wouldn’t the right to engage in paid sexual acts extend to the full spectrum of sex work?” was the argument being made by scholars and lawyers.  “Even now,” people were commenting, “we allow actors to work in the adult film industry.  We allow in-person exotic performances, even ones involving lascivious bodily contact… isn’t the argument all just a matter of degree?”

Matisse and others (Maggie weighed in on the topic as well, of course, on Twitter and elsewhere) spoke enthusiastically in support of such level-headed interpretations of the law, and many in the trade talked aloud of how decriminalization has been a long-term goal of the sex work industry for ages now.  This, naturally, sparked pointed criticism of some of the media reporting… specifically, where pundits were speaking out in favor of “legalizing” sex work.

I won’t allow us to get bogged down in debating whether the following words are the best choices to represent the concepts being approached, but for quite some time now, when speaking about marginalized or underground economies, two similar-sounding terms have been earmarked as a means of discussing two very distinct and divergent concepts or proposals…

Decriminalization – Often thought of as “getting the police and the government out of the picture” with the aim to reduce harm, “decriminalization” is imagined by most as a system where criminal penalties are removed from specific statutes and people are free to conduct themselves as they wish… in this case, the buying or selling of sexual services could be conducted openly, without fear of prosecution and jail time.

Legalization – This is often contrasted with the above by calling it “getting the police out of the picture, but inviting government in.”  Consider what has happened to the cannabis trade in places like Colorado and my current home state of Washington.  Legalization has indeed removed most penalties previously associated with marijuana, but now this industry, its workers, and even its customers are faced with a litany of new rules and regulations to be followed.  Failure to adhere to them can still result in hefty fines or even jail time.

Many articles, especially on blogs and sites focused on the sex work industry, have discussed these two differing terms at length.

The general public often will either (a) not care all that much about the distinction being made in this entire argument or (b) will — for a variety of pearl-clutchy reasons — come down on the side of “legalization” as the best solution when a previously-underground market is being brought into the light.

I am not without sympathy for the viewpoints expressed by such citizens.  If we get past much of the useless “think of the children!” hysteria, we can uncover a variety of valid concerns.  People are curious how society can serve the very valid interest of protecting workers and customers in a field that has historically relied on secrecy and clandestine behavior.  “With all this being brought into the light,” people will ask in genuine desire to help others, “don’t we want to be extra certain that everything is on the up-and-up now?”  Similarly, another valid discussion point (which applies equally well to both the drug trade and the world of sex work) focuses on the fact that when relegated to the underground, clients and providers would take extra steps to validate one another for reasons of safety.  Without the police or the formal system of law to shield them from harm, those who transact with one another would use additional caution if they wanted to avoid bad consequences.  If a trade such as this is decriminalized, the pressure to know and verify details about the other party will diminish.  Lowering the barrier to interaction can make sellers or buyers less inclined to develop close relationships based on routine and ongoing commerce… potentially leading to fraud or unsafe product/services/etc.  I will not state that these arguments are wholly without merit.

However, I will push back against the notion that heaps of new government regulations and pages of new bills from lawmakers are the only appropriate answer to such concerns.

My previous post drew parallels between sex workers and a community to which I am tied: hackers.  This post will draw a different connecting thread, comparing sex work to another trade where I have experience and deep connections: locksmithing.

Hear me out.

Locksmiths have a wide range of knowledge that can be used for good or for ill.  They possess and carry tools which concern others.  “We don’t want just anybody claiming to be a locksmith!” some people may shout.  “There must be regulation of this industry!”  Anyone familiar with (or who has actually started) small businesses will know that over-regulation is a manifold problem, and it manifests itself possibly nowhere more powerfully than in the realm of occupational licensing.

We don’t have to look far to see the litany of jobs that require a stamp of approval from the state, and which are hampered by demands of compliance with scores of bureaucratic red tape.  Beauticians, food vendors, electricians, plumbers, even performance artists… you needn’t look far to find examples of over-regulation many fields.  Would it surprise you, then, to learn that locksmithing is markedly not subject to licensing and other such business red tape in many jurisdictions?  Oh, don’t get me wrong, plenty of cities require locksmiths to be certified, licensed, bonded, etc… but this is not the norm everywhere.

How, then, do customers know they are dealing with a reputable person?  How are the streets not utterly filled with unscrupulous individuals who are trading as locksmiths without the knowledge and intention to do right by others?  Well, these are actually problems that exist.  But the solution is not primarily found at the hands of government.  Instead, the industry has for over half a century now taken up the task of regulating themselves.

The Associated Locksmiths of America (ALOA) has existed since 1955, and does a very admirable job of safeguarding the public by establishing recognized, mutually-agreed, and well-researched policies that its members must follow.  Numerous other skilled trades have similar professional societies.  While many in the locksmithing industry do support some forms of protectionism and are in favor of government licenses, most are perfectly happy to run their own enterprise and maintain their ALOA number by means of professional education, adherence to industry best practices, and keeping their customers satisfied.

If you are in need of the services of a locksmith, it’s not difficult to ensure you’re hiring someone reputable.  You needn’t look in their shop for a frilly-edged piece of paper printed out at town hall.  Simply ask them their name and business designation, then verify their information on the ALOA web site.

I am curious if such a solution could be applied just as easily to the world of sex work, once the time of decriminalization finally arrives.

I feel that such a system could overcome many hurdles that result in debates reaching an impasse when decrim vs legalize is on the table for discussion.  Take, for example, the “health and safety” concerns voiced by so many.  “We must have a system of regulation and licensing,” say many in the pro-legalization camp, “otherwise what is to stop the spread of sexually transmitted infection and other attendant risks that come with multiple sexual partners?”  Ask people actually in the field of sex work, however, and you will hear them routinely speak out against mandatory medical obligations and record-sharing with the government.

A professional trade organization might be able to address this, no?

If a sex worker complies with a series of best practices — as defined by the industry itself, not a list of regulations concocted on the desk of a government functionary far-removed from this world — then they could conceivably be issued a stamp of approval (and associated member number) in that professional society.  Potential customers researching amorous encounters could look for this seal of approval much in the same way that persons locked out of their home would for years check for the ALOA insignia in the yellow pages.  Customer complaints and concerns would be managed by the industry itself… with the aim of increasing everyone’s safety in order to ensure satisfaction and repeat business.  (Insert your own “Better Blowjob Bureau” joke here if you wish)

And those who might opt to not pursue membership and accreditation in such a professional society?  They wouldn’t have to face penalties and fines, in my view… they would only have to bear any market consequences that might come with possible loss of customers or business reputation.  And that’s entirely their choice.

I am not saying that this is the right solution.  I am sure there are plenty of variables in this equation of which I’m unaware.  I plan to ask many people I know who are sex workers about this topic and I hope to learn more.

Regardless of whether or not this would be accepted by all parties, I hope we can keep this conversation going.  I would hope that we all might remain open to the notion that society doesn’t have to immediately involve city hall every time a previously-outlawed commodity becomes available for sale to the general public.

That applies to pot as much as to pleasure.

This is a post to all of my family in the hacker community.  But it is not about hackers nor is it about hacking.

Rather, this post is inspired by the illustrious and erudite Maggie McNeill, who on Friday the 13th made her customary statement regarding allies & the need to speak out for those whose voices deserve amplification.  She describes this day, whenever it falls on the calendar, as “the day I ask people who aren’t themselves sex workers to stand up for us.”

You may find it remarkable that someone in the industry would make such a statement.  Perhaps you are even surprised that this woman would publicly identify as a courtesan, as opposed to “shamefully” keeping this part of her life cloaked in mystery and secrecy.  Allow me to (hopefully) open a few minds.  The hacker community should not feel significant surprise were I to reveal to you that — shocker — an often-misunderstood subculture existing “outside” of many of society’s norms is frequently the subject of unnecessary and undeserved scorn and criticism.

 

“A hacker convention?!?” the old fellow gasped, ostensibly to his elderly wife but also loud enough so that everyone else in the elevator could hear him. “What’s next?  Will this hotel hold an ax-murderer convention soon??”  This is a story related by Thorn, an old friend of mine who attended the earliest ShmooCon conferences with us.  In the elevator of the Wardman Park Marriott in Washington, DC, he was answering a little old couple’s query as to why so many individuals with unconventional attire and particularly strident-colored hair were present in one of our the most posh and upstanding hotels within our nation’s capital.  Upon his frank and uncompromising answer, “we’re all here for the hacker convention,” the two looked appalled.  Their comment, delivered perhaps somewhat in jest but clearly rooted in skepticism and fear, made it clear that they had been fed a steady diet of fear and contempt by the mass media when it came to hackers.  Naturally, one would presume that they had never (knowingly) befriended or even spoken to one.

I do not know what transpired after that, but presumably the old couple made haste to their room and possibly searched for diversion (or even alternate accommodation) elsewhere in the city… which is a shame, given that they would have had the perfect opportunity to speak with and even start to understand some real, non-scary hackers if they had just sat in the hotel bar and met others from the conference.

 

Sex workers face many of the same stigmas that hackers do.  In addition to being misunderstood by the general public so often that they may choose to not even self-identify publicly unless they are in “safe” environments and surrounded by their own kind, the mainstream portrayal of such groups of people is riddled with the most ostentatious and over-blown stereotypes.  Don’t believe me?  Point your internet tube at just a few google image searches.

If we search for the word “hacker” what are we going to see for the results?

That’s right.  Black hoodies and balaclavas everywhere.  The stock image sites are among the worst offenders, as always.  But that’s what editors (and, by extension, their readership) sees in their mind when they hear the word “hacker.”  By and large, we are seen as scary, malicious, and out to cause mayhem.

Let’s try a google image search for “prostitute” now (forgive the use of a vulgar and deprecated term… but you’ll see where I’m going with this in a moment.)

Is it much of a surprise to anyone that the trope of the “at-risk street walker” is far-and-away the most returned image?  (Again, most notably, by the stock image photo sites.)

I put it to you that the “prostitutes” in these photos are no more representative of the sex work population than the “hackers” in the earlier images are of our own community.  For a taste of balance and a bit more realism, what happens if we were to put our thumb on the scale and tilt Google’s results more in the realm of actual human beings?

For instance, how about a search for “hacker space”…

In addition to showing some cool project workbenches, this search query actually shows what real hackers look like.  That is to say, they are just typical people (although often with above-average intelligence, which many times manifests itself as a lack of desire to play by the rules or be bound into systems that are artificially limiting or oppressive.)

Instead of a loaded term like “prostitute” or “hooker” let’s look at the google image results for “sex worker”…

And now yet again, we see a much more realistic representation of this population.  While we still sometimes see the “red light district” style of imagery, many of these results are much more human in their representation.  These aren’t caricatures or two-dimensional abstracts… these are real, genuine people.  They are concerned with the happiness and safety of others, as well as of themselves.

 

And that is where the real parallel in this narrative lives, my friends.

How many hackers bemoan the news when a legislator (who has no literacy in technology) proposes legislation to weaken encryption or allow censorship on the internet?  How many times do we pull our hair out while discussing the latest scare tactics used by police or Congress as they demonize our community and push for tighter regulation and stiffer penalties?  The CFAA, the DMCA, the Wassenaar controls… all of these were written by outsiders who feared our community but don’t know the first thing about our community.

Sex workers face the exact same uphill battle.

How many of you have heard about new technologies (or even new groups of cyber-experts in our own industry) designed to fight the “growing scourge of human trafficking” or something similar?  There are no shortage of politicians lining up to get in front of news cameras as they decry a vaguely-defined problem, offer no hard evidence, and then propose silver-bullet solutions that will deeply impact an entire community without ever actually speaking to that community.

 

Hackers and sex workers are equally and simultaneously victims of respectability politics on the part of our legislators.  It’s a tired but reliable formula that delivers votes at the ballot box and tax dollars to law enforcement efforts…

  1. Choose a marginalized group of “outsiders” who already have a stigma in the minds of the general public (see our google searches earlier)
  2. Whip up public panic using sensationalist headlines and pearl-clutching testimony by well-dressed politicos
  3. Exclaim loudly that “if only people cared enough about the future we’re building for our children” things could be different
  4. Propose new laws.  NOTE – new legislation will always tighten a noose, it is never acceptable to reduce government power or regulation
  5. Decry and shout-down any detractors as criminals and a “bad influence”
  6. If detractors are well-read, highly-published academics who are part of the very group being targeted by new laws, smear them as no better than their worst hardened criminal peers with no redeeming qualities.  If they still do not remain silent, target them for arrest or harassment within the corridors of any “legitimate” vocation they may have
  7. Pass new laws that make the broader public nod their heads in silent (and mildly disinterested) assent
  8. No matter what the new laws were ostensibly supposed to accomplish… crack down on the young, on the poor, and on minorities… like always
  9. Trot out the occasional “major victory” by law enforcement.  The actual community of experts will decry among themselves how such “victories” accomplish nothing (and often are smoke-and-mirror cases with no merit or factual basis at all) but the general public will remark in a vague sort of way “oh yeah, i saw something on the evening news about that major bust the cops did a few months back” when the topic comes up at Thanksgiving.

 

The next time someone tells you that they have “heard about a new project to help curb human trafficking” I would like you to imagine that, instead, they have just told you about a “new government encryption key escrow that will help us fight terrorism.”  Our response should always be to ask the following questions…

  1. How many actual experts in the industry have you consulted with when developing this new framework or policy (yes, that means talking to actual, real, live hackers or sex workers!)
  2. What did these experts say?  (Seek out broad community opinion, as opposed to cherry-picked, press-ready statements by individual lapdogs.  What are their Twitter or Facebook groups saying and posting and re-tweeting?  What does an account like @EFF or @DEFCON or @mattblaze… or @SWOPUSA or @belledejour_uk or @whoresofyore have to say about it?)
  3. What specific, measurable result is such a proposal allegedly trying to achieve?  If it can be proven that this result will not be attained or if is later demonstrated that new laws or policies are not achieving the goal, will the proponents rescind their support?  If not, why not?

 

Respectability politics is what undermines the safety and indeed even the legitimacy of marginalized groups.  Mitch McConnell may be comfortable wearing little nerd glasses and likes to portray himself as a policy wonk, but he would never speak in the Senate quoting facts from “known hackers.”  Kamala Harris wants to be seen as a voice for women in leadership, but she would never deign to sully her pearl necklace and pants suit by appearing in a photograph next to a “known sex worker” offering up testimony about harm reduction.

And every one of us who plays into the mainstream narrative when the topic turns to “underground” communities gives these people their power.  Scoffing at the new hire at your firm who “dresses like a goth” even though your network has never been safer or running more smoothly… or telling friends and relatives that you loved your recent trip to Amsterdam “but assuredly we didn’t hang out in the red light district” to keep up appearances at the dinner table… all of these and so many other little stabs are harmful in myriad ways.  And often they are some of the worst examples of punching down that you can do.

 

Instead of that, I invite you all to extend a hand to those whom you do not understand.  If you’re going to swing a punch, aim up and rattle those in the corridors of power who want your fear and your applause when they grandstand and moralize.  Most of all, offer plenty of social and political cover to your peers and your friends… if they tell you that they attended a “hacker con” over the weekend, don’t shush them in front of the boss or try to characterize it as an “information security conference” instead.  Ask how they found this event; ask what they learned.  If a relative tells you they are friends with a sex worker (or, hell, even if they discuss having hired a sex worker) do not look away awkwardly or change the subject… ask them about their new friend.  Ask how they met; ask what they’re like.  Beneath all the hyperbole and stereotyping, people are all people… genuine, human people.

 

“Well our company would never hire a hacker,” says a clueless tech executive… unaware that they likely already have.  Think of that ignorant statement the next time you hear someone say, “well, I would never sleep with a hooker.”  Heh, chances are — if they have a typical, healthy sex life — they already have at some point and just didn’t know it.

Of course if people want to parse words they will explain that what they really are trying to signal is that they’ve “never paid for sex” and therefore they are morally superior.  Spoiler alert: everybody pays for sex.  Sometimes folk simply choose to know exactly how much they’re paying, and opt to do so up front.

You think no employee your SOC has ever developed exploit code or utilized a rootkit when testing the security of your network to make you safer? Heh, whatever helps you sleep at night.

I am friends with many sex workers, just as I am friends with many hackers.  Many have broken laws.  Virtually none of them would ever wish harm upon others.  All of them want to simply live their lives.  Help them.  Help by listening, by sticking up for them, hell… by hiring them!

Most of all, the next time someone has a very unhealthy and wrong-headed notion of what is means to be a hacker or to be a sex worker, push back against that.  Ride the elevator a few extra floors, don’t change the dinner table subject to the NFL right away… politely but firmly, ask if the speaker actually personally knows any of these individuals about whom they have formed such opinions.

If they don’t, encourage them to change that.  And if you yourself don’t, let changing that be your first step.

A twitter discussion the other day sprang up when I started asking folk about wallets.  Specifically, I didn’t like how every wallet I’ve ever owned has stacked ALL of my cards and other personal effects on top of one another.  My current wallet — which contains a credit card, a Costco card, a transit card, my license, my safe technician ID, my medical insurance card, and some other small effects — had become uncomfortable and it was time for a change.

I took out my little aprox-o-meters and actually measured it.  It comes to just over 28mm (over 1″) in thickness.  That’s a lot of displacement for one ass cheek.

Hence the discussion online, wherein I asked, “why isn’t there a wallet out there which will arrange card slots in a 2×2 formation when it’s open, so that ultimately when you close it and have it in your pocket, it’s considerably thinner!?

I wanted to find a wallet something like this, which I quickly photoshopped to make my point…

 

Well, lo and behold, the good lord internet doth provide.  A number of people suggested some offerings (and once I started my amazon searches, other similar products began appearing as suggested results, as well.)  I ordered basically all of them, with an eye to checking them out, seeing what I liked, and returning all the others.

Here are the results…

 

The Big Skinny Leather Hipster Wallet

Despite having the word “hipster” in the name, I gave this one a shot.  I like that the card configuration is just as I was expecting.  It also features a divided back pouch (the bill area) so that I can continue to organize multiple currencies like I usually do.  (I’m OCONUS so often and it really helps to keep my USD separated from whatever local currency I’m carrying.)  In addition to the four visible pockets (which are just four pockets… no extra slots or organizing dividers there) there is a little more room beneath the “right” side card pockets which I can use for photos or other items slightly larger than a credit card.

This wallet is 4.5mm thick when empty.

 

The SlimFold Softshell Wallet

This one isn’t leather, but I was willing to check it out.  It also has a rather unique “long” layout of the cards in a 4×1 pattern when the wallet is open. That can help accommodate some larger pieces of paper like airline and train boarding passes.  Ultimately, while I did think the material was cool (and awesomely breathable!) this wallet shot itself in the foot VERY badly by including thick, solid, clear plastic inside of its construction.  Not just for the “viewing window” but throughout the ENTIRE back of the wallet.  I suppose this was to give it some kind of structure and rigidity… but you know what ELSE does that for a wallet?  All of the stuff you put into it.  I can’t imagine someone honestly thought, “hey, without a big hunk of plastic running through this whole thing, the entire wallet might just crumple up and blow away like dried leaves!” The double-slot organizers were nice, but ultimately because of the ridiculously unnecessary plastic in the back, the wallet was effectively no thinner than the Big Skinny.

This wallet is 4.49mm thick when empty.

 

The Slim Original by Allet

This wallet also has construction using modern synthetic fabrics, but it has a leather exterior.  By using two materials, you’d think it would have the best of both worlds… but somehow this model manages to be thicker than the ones preceding.  I do like the construction very much, but its features were a little bit lacking to me.  The internal pockets felt very “slippery” and I could imagine losing cards or photos easily when flipping this open.  No pocket has a viewing window… not a deal breaking feature for me (I don’t keep my license visible anyway.  I use the viewing style windows for a photo of Tarah and I) but it might matter to some folk.  This wallet does have the divided bill area (part of what makes it thicker up top) but it lacks the large “extra” pocket in the main area that the Big Skinny has.  For all those reasons, it comes up a little short for me.

This wallet was, surprisingly, 7.32mm thick when empty.

 

The Marhsal Large Hipster Bifold Credit Card ID Men’s Wallet

Phew.  The only thing larger than this monster’s name is the thickness of the wallet itself.  I am not entirely sure why I added this one to my order beyond the fact that Amazon Prime has free returns on basically anything under the sun.  This wallet is a beast.  I shouldn’t really bag on it too much, honestly.  If you really like displaying many cards in a way that they are all individually visible, then the Marhsal maybe for you.  It has all of the other features I wanted, like a divided bill area and an extra “more versatile” pocket on the right side when it’s open.  The construction is nice enough (frankly, the leather and construction quality on ALL of the wallets here were rather nice… but the Big Skinny and the Allet really were a cut above) and it featured a built-in viewing pocket for a photo.  Still, at just a blond hair shy of 13½mm, this wasn’t what I was seeking.

This wallet was 13.48mm thick when empty.

 

In the end, I opted to try out the Big Skinny.  I took all my cards, IDs, cash, and utilities (I have a small custom insert that houses a spare key, a tiny USB drive, some locks tools, a Husky Head, and more) and put them in.  Everything found its place.  Even the tiny pocket floss packets and small set of Forever Stamps which are always with me could tuck in.  Some cut but unfolded padlock shims were added.  The photo of Tarah and I on our first real date was affixed on the inside with adhesive (no pocket needed).

After all that, the Big Skinny wallet was only 12.52mm thick.

That’s a reduction to under half of my original wallet’s size.  Hell, this wallet while fully loaded is even thinner than at least one of the others I was considering while that one was emtpy.  I still have one candidate on the way from amazon, as it turns out.  The Ultra Slim Original Wallet is due to arrive tomorrow, but I think I will likely just send it back.  The Big Skinny appears at first glance to be a real winner.

While I still can’t quite stomach owning a product with the word “hipster” in the name, the results appear to be satisfying enough that I’ll learn to live with it.  But I’m not going to start eating avocado toast.