Don't Throw the Booth Babe Out With The PAX Water - My Take on the Dickwolves Controversy

Trigger Warning: Dickwolves Ahead

A lot of people I know and follow on Twitter have talked about boycotting PAX over the dickwolves controversy.  Recaps abound all over the internet, but here's a timeline and a summary from my point of view:

PAX is a very large gaming con run by the guys who write the webcomic Penny Arcade.  Last year, they wrote a strip (see "dickwolves" link above) making fun of quests in MMORPGs.  Typically these quests go like this:  Save five slaves.  Leave the other fifteen to rot.  Move on to next quest while more slaves spawn in behind you.  The joke is that games don't make sense, and in fact encourage our fictional-selves to be jerks.

The controversy is over the use of rape in the joke.  The (male) slave declares that he is going to be raped to sleep every night by dickwolves, but not even this persuades the heartless hero, who has other quests to complete.

Most of the controversy arose months after I read this strip (and LOLed).  Gabe and Tycho issued a funny apology where, in spite of the humor, they make it clear they do not condone rape.  Later they pulled their dickwolves merchandise, but not the comic.  Again, that first link is the quickest way for you to get up to speed here.

Gabe and Tycho have actually received death threats over this, so yeah, it's a pretty big deal.

Nevertheless, I happily attended PAX Prime 2011.  The subject came up in Twitter several times over the year, and each time, I tried to describe in 140 characters or less why a boycott is the worst possible reaction (second to making death threats).  But Twitter is a poor place to make effective arguments about sensitive and complex topics such as these, hence a post.

I've been attending cons since 1995, and of them all, PAX is the most female-friendly.  I want to support that.  More, I want to continue to influence con culture by being a strong woman with strong opinions.  That's how culture improves.  Each of us makes our little waves in the best way we can, trying to persuade.  We don't take our toys and go home.  That doesn't persuade anyone.  As con culture improves, we need to continue to participate fully.  Now is not the time to abandon the community just because we're all now more aware of what has always gone on.

Fact: Geek culture is hostile towards women.  It always has been.  It won't always will be.  This past year there have been a lot of other controversies, which in my opinion, are far more worthy of outrage.  Like actual harassment at Apachecon against a speaker and board member.  After that a lot of women came out of the woodwork to tell their own stories, and I realized I have a few of my own that I could look at in a new light.  Instead of feeling shame, which was my original reaction, I realized I could feel empowered and set boundaries and push back.

If you're a woman who attends cons, you've probably already been harassed, whether you knew it or not.  Someone has touched you without consent, or oggled you when oggling wasn't invited, or catcalled you, or made an offensive remark about your gender.  It's happened to me plenty of times.  You just take it, as part of being a gamer who happens to be female.

But it shouldn't have to be something we "just take", which is why the Con Anti-Harassment Project was formed.  Their goal is to get every con to enforce a strict anti-harassment policy.  PAX does this, and has done it every year I've attended (since at least 2007).  This isn't exactly a standard policy, and some actively resist, which is why CAHP works so hard.

That said, in a culture like this, real rape happens at cons all over the world.  It doesn't take a web comic by the founders to create a culture wherein rape will happen.  What helps prevent it are things like awareness and strict policies against the steps leading up to rape... like harassment.  Which PAX has done.

But I'm getting ahead of myself.  The dickwolves joke was offensive for two reasons.  1. It's triggering.  2. Rape jokes encourage rape culture, and the dickwolves strip is one of those jokes.

For the first point, that's true.  The word "rape" and references to it are indeed triggering.  Let me get scientific for a moment: Victims of trauma often suffer from Post-Traumatic Stress Disorder (PTSD).  "Triggers" are words, sights, sounds, or smells that bring back the memory of the trauma or cause the trauma-survivor to feel afraid when they otherwise wouldn't have anything to fear.

I understand this and sympathize with people for whom rape is a trigger-word.  I have my own PTSD symptoms for childhood events that I don't even fully remember.  It's been a long journey for me to overcome some of those triggers so I can enjoy a full life.

I can't really argue with someone who boycotts PAX because they don't feel safe there.  You're not statistically any more likely to be hurt at PAX than anywhere else, but triggers are triggers, and you have to deal with it in your own way.  I have a panic response when anyone grabs my thigh (even safe people I love and trust), and will completely lose control if I feel cornered in an emotional situation, even by safe people I love and trust.  That doesn't mean either thing is actually unsafe, but I draw clear lines on both counts: Don't grab my legs, and don't corner me in emotional situations.

Likewise for anyone who avoids PAX for the same reason.  By all means, avoid PAX and I truly wish you the best of luck on your journey.

The use of trigger-words in popular culture is a trickier subject.  Should Penny Arcade have avoided the use of "rape" because it triggers some people?  I don't think so.  I have belonged to survivor and recovery communities where trigger-words were either banned or required trigger warnings.  Survivors join those communities to experience a safe environment, so those are the rules.

But in culture at large?  No.  We have to talk about these issues, in all kinds of ways -- in serious or funny or irreverent or solemn ways.  My horror novella, Make Willing the Prey, is full of potentially triggering material.  Is it any more redeemable because it's scary and serious?  Because I make it clear that Rape Is Bad?

Why is rape in fiction any "better" than rape in humor, if the humor continues to imply that rape is bad?  The joke didn't even make light of rape.  The rape content was there to exaggerate the slave's predicament, to make you sympathize with him, so you would question your own behavior in video games.

It's hard to see myself as any different from Tycho and Gabe, when my novella also capitalizes on the horror of rape.  But no one is talking about banning the topic of rape from novels and novellas - oh wait, people are.  It's hard for me to see the difference here.

Which leads me to point #2: Rape culture.

Yes, rape culture is a very real thing.  There are plenty of rape jokes which make light of rape, wherein the message is "rape is good, women are bad".  They are a lot like racist jokes, which dehumanize non-whites and make light of lynchings and other violence.  Both make violent acts seem justified.  If you want to see some examples of real rape jokes, here you go.  Warning: TRIGGERS and OMG I didn't even read very far because that is just how offensive they are.

(As a totally side tangent, Jezebel has a thought-provoking article on "Are Rape Jokes Ever Funny".)

The thing is, as women we can react to these things in a lot of ways.  I think the fact that Penny Arcade is now in Wikipedia as an example of a joke promoting Rape Culture is really bad for making the point.  It's a terrible example of how jokes promote rape culture.  It's become a straw man.  People who don't understand are not going to be enlightened by this example, and if fact will have their notions reinforced: that feminists are reactionary, overly-emotional whiners who complain over nothing.  In other words, it fails to be persuasive.  And isn't that what we want?  To persuade?

Here is a much better reaction to counter rape culture.  Duke Nukem Forever was just released, and it disgustingly promotes rape culture.  Thankfully the game also sucked in a lot of other ways, so almost no one played it.  But women are in a double-bind about complaining about this sort of content, because doing so promotes lots of negative stereotypes that undermine our argument.  It was solved brilliantly in this video:  Women React to Duke Nukem Forever

So I don't think the dickwolves joke promoted rape culture in any way.

That being said, even if it does somehow promote rape culture, the good that PAX does far outshines the bad.  Not to equivocate, but again, geek culture sucks for women.  It always has.  We don't live in the perfect utopia where all geeks are enlightened, socially conscious members of polite society.

I've always felt PAX has come the closest to that ideal vision.  Here are some examples:

1. PAX has an anti-harassment policy.  See above.  And there are Enforcers (security) everywhere to report to.  And I saw a number female Enforcers, if you are more comfortable reporting to one.

2. PAX has more panels on women's issues than I've ever seen at a con.  This year, I went to one called "Fat, Ugly, or Slutty: Exposing Harassment in Online Gaming", put on by the staff of FatUglyOrSlutty.com.  All the seats were filled, and now a very large ball room of gamers know more about this topic.  Many were undoubtedly persuaded that online harassment of women is bad.  On the way out, I overheard a girl explaining to her male friends how gender-based harassment is different from trash-talking an opponent.  She otherwise might not have gotten that opportunity.

3. PAX does not allow booth babes.  By booth babe here, we mean a scantily-clad woman hired specifically to market games when she doesn't know anything about games, designed to lure sex-starved male gamers into the booth.

PAX culture has not tolerated them even before the ban.  In fact, at my first PAX in 2007, I recall a mini-controversy over the only scantily-clad woman on the floor: A pirate in a corset.  Some people thought she was a hired booth babe, and there were negative murmurs, until she came onto the forums and chewed everyone out.  Yes, she was a real gamer girl, and yes she really liked to dress that way, and yes she actually played and loved the pirate game she was promoting.  That's what PAX gamers want.  Even the guys.

That year I spoke to several people that year who were upset at booth-babe-types passing out party invites.  I'm sure that party was well-attended by a few creeps who go for that, but prevailing attitudes were about how disgusting it was.  That sort of marketing doesn't fly at PAX.  It never has.  This year, almost all pamphleteer women I saw were wearing t-shirts.

4. PAX gives women a chance to speak out against scanty armor.  This year a game called Firefall was being hugely promoted with the most ridiculous scanty armor I've ever seen, because it's on a powered mech suit.  There is never any reason to expose your belly button in a mech suit!  The women's bathroom had a picture of one of these suits with the face cut out so we women could laugh at how stupid the character designers are and how clueless their marketing team is.

The idea of scanty armor is hilarious to many PAX attendees, and again, it's about culture.  If lots of people are mocking the sexist armor design, those in favor of jerking off to it at night just might overhear.  If the booth-babes trend shows any evidence, this kind of subtle influence is important to making the changes we want to see.

5. PAX culture provides a petri dish where all sorts of enlightened conversations happen.  In 2009, the big controversy was over EA's promotion of a game at Comic Con, wherein guys were encouraged to commit "acts of lust" against the booth babes, for which they'd win a prize that bordered on prostitution.  Lots of people were talking about it, and no one in a positive way.  I've had lots of these types of discussions at PAX.  Not so many at other cons.

PAX does not transform into a hostile environment just because of one web strip.  Let's compare it to, say Defcon, where something happened that I'm a little afraid to talk about in a public forum where everyone knows my name.  I've thought of emailing Defcon directly with a complaint, but haven't yet because that's how intimidating this is.

I didn't see this myself, but Roland did.  Guys were walking around the hallways with a sign reading "Shots for Tits".  This in and of itself is not too unexpected.  After all, we're talking Defcon here, which prides itself on irreverence and rebel behavior, where even the elevator computers are fair game.  I rolled my eyes at Roland... whatever.  It happens.  It's a con, and the guys want to see tits.  Lighten up.

But here's the scary part: Goons were participating.  Goons fill the role PAX Enforcers do.  They're security.  They're the ones you might normally go to for help.

One girl took the bait, and started to lift her shirt.  She was immediately surrounded by guys.  Completely.  Some of them were Goons.

I'm sexually liberated and all.  I've flashed at cons before, for a lot less than a shot.  But when con security participates in an activity like this, it makes me feel unsafe.  It institutionalizes the behavior, sanctions it.  When real authority asks you to show your tits, it stops being consensual. How are they supposed to take complaints of harassment or reports of rape seriously, if they're the ones holding the signs?

That's what I have to compare PAX to.  And that's why I'm going to keep on going to PAX.  Because geek culture is getting better.  Guys are starting to wise up.  And PAX is a shining example of what we want.

We've come this far.  Let's not throw it all out.

Update 1/3/2012: I've just learned of an organization called Men Can Stop Rape.  If you are still angry at Penny Arcade and PAX over the Dickwolves controversy, maybe spend some of that steam supporting a positive organization which takes positive actions to change rape culture, to remove ignorance from men who don't believe it exists, and to encourage good men to protect the women around them.  Send them some money, speak out in favor of them as often as you speak out against PAX, or even better, volunteer.  Yelling at people will not change their minds, so if you really want to prevent rape, do something positive.

Defcon 19 Badge Contest: In General

Of my four years of going to Defcon, I had the most fun this year at Defcon19.

Granted, my first year was pretty fun.  There were lots of antics going on, and I went to a lot of talks.  And Defcon17, we got an invite to the Facebook party at Studio54 where DualCore and YTCracker were playing.  And last year, Defcon18, was kind of a blur.

But none of those years had a badge hacking contest I could actually participate in.

When I heard the badge this year was going to be non-electronic, I scowled.  I waxed cynical.  I joked to people that they were going to print the badges on hot-pink cardstock.  It was hard to imagine any badge being as cool as this, this, or this.

As with every year, there were not enough badges.  Here's a quick summary of just how lucky I was to even get one.  I got in line at 2:50 on Thursday.  I stood in line for an hour and a half, the line stopped 14 people away from the front, waited 30 minutes, got told lots of conflicting information about badge availability and wait-times, waited longer, got to the front of the line, got told more metal badges on there way, but if I registered right then I'd get a badge of shame paper badge non-redeemable for a metal badge later, heard there were badges left at Caesar's Palace (where Blackhat was letting out), left the line, tried to call Roland so he could get me a badge there but my phone battery died, heard that all metal badges were gone for good, Roland arrived from Caesar's, got back in line for two hours, and 25 people away from the front of the line it stopped again, then heard the good news ripple up from the front: A small Fedex package had arrived with a small number of metal badges.

Color me ecstatic and incredibly lucky.  Here's a picture of my beautiful badge:

And not only is it stamped on antiqued oxidized titanium, printed on the last supply of .040"sheet-titanium left in the United States, but it is also part of a complex series of puzzles, a conspiracy if you will, that permeated the entire con.

Clues were hidden in the badge itself, in the lanyard (see the binary in the pic?), in the con program, in the T-shirt art, in the badge talk, on twitter, in the signs, in the hallway art.  There was even a hired actor, though I never saw him, who would play out scenes to give further clues.

It was a well-designed game.  Most of the clues were repeated in various places, so everyone had a chance to find them.  I also get the sense clues hidden behind incredibly complex encryption or puzzles could also be found through much more simple means.  For example, we heard that one person build some kind of gear machine that eeked the word "candy" from the crypto wheel, but most people got that answer by giving a password to a "Z" agent, and the agent just told them the word.  (Not that it was easy to find all the clues that gave you the password or told you about the Z agents, but that was certainly more accessible than whatever crazy math and hardware hacking was required to interrogate the crypto wheel.)

Starting Thursday night, Roland and I became obsessed with finding clues and cracking codes.  We stayed up until 2am Thursday night.  Every once in a while, one of us would ask the other, "Want to go out tonight, find a party?"... no.

I haven't had this much fun in this kind of way since I was a kid, back when I was the first in my class, every week, to crack the weekly brain-teaser.  Or when I'd obsess on a text adventure on my TI 99/4A, trying to solve puzzles for days at a time.  These days with whiz-bang video games, and busy schedules, it's hard to find the patience for recreational intellectual heavy-lifting, when we can simply google a solution or even a full walk-through on the internet.

This badge contest made me remember how much fun it can be to work something out.  It made me feel smart.  For the first time at Defcon, amongst some of the l33test people on earth, I actually felt l33t.

That's not to say we actually solved the puzzle, and we couldn't have gotten as far as we did without stealing other people's solutions talking to people.  But it wasn't designed for any one person to beat.  LosT designed it to make us all more social.  The clues required too broad a skillset and knowledge spectrum, mostly the sort of thing you can't simply google.  And the badges themselves were all different, requiring interaction to gather the data.

I must say, we started the contest being secretive, hoarding our knowledge.  There's a certain type of elation when you can gloat personally and sometimes publicly that you know something they don't know.  But it really would have been much more productive to share, I think.  And it would have made us just as happy.  Not only that, but if we were going for l33tness and geek status points, we probably would have gotten more if we'd shared from the get-go.  Especially given just how light-weight and inexperienced at puzzle-solving that we are (or were....)

We did much better at the early puzzles, and my personal strong-point was noticing clues.  I usually didn't have the foggiest what to do with the clues, even though I thought I did...  If I had pointed them out early, publicly, I would have earned higher hacker cred.  Since I didn't solve the puzzle, the fact that I noticed the 33 tattoo in the program on the first day, doesn't really matter since I still don't know what that damn 33 was for.  I know it was important because I saw this clue coming up again over time -- on an added sticker in the rotunda, written on a coin stuck on the wall, etc.  i.e. LosT was saying, "Hey you guys keep missing this clue!" ... I had it all along, and someone else could have done something with it.

Not that geek status is the end-goal.  It's just part of the fun.  Solving the pieces for their own sake was its own kind of elation.  But there are multiple ways to display l33tness, and sharing is one of them.

We are definitely planning to do this again next year, and when we do, we plan to collaborate this time.  I'm not exactly sure what form that will take.  This year, there was an IRC channel, but I wanted to keep my netbook off the Defcon network and didn't want to pay for (pwned) hotel wireless.  Next year I may consider bothering with it.

In fact, being without internet+netbook was a huge barrier.  My method of problem-solving relies on the gathering of as much information as quickly as possible, then eliminating distractions as quickly as possible.  Use of the internet on a larger screen with a keyboard is necessary for that.  My Android simply wasn't up to that task.  I would also like to develop a more systematic method for storing information and testing theories.

Here are a couple of pictures from my notebook, to illustrate some of my thought processes and the kinds of clues we were collecting:

A collaboration group did form, and even though we didn't participate with them, we happened to be present when they won.  That was was really cool.  On Sunday afternoon, we found the collaborators in the chill-out room and started hovering, listening to them, and trying to figure out how they'd solved this or that, and what they were currently working on.  Thirty minutes later, they got the email reply from LosT confirming they'd won.  I'm not sure the full solution, but they emailed the number 108 and some other info to eban at 1o57.org, but we had no idea how they found that or what the other info was.  Roland and I spent another hour or so trying to reverse engineer from there, and actually got a lot further along, but decided to quit out of sheer exhaustion.

So thanks very much to LosT boY for accomplishing the goals you listed in the badge talk: The badge contest was accessible to all, and you got some of us introverted nerds to interact for a change.

In my next post, I will detail some of the specifics and list the clues we found and puzzles we solved or at least worked on for a long time.  Some of the clues from this year were intended to carry over to next year, so if you plan to participate, pay attention!

See you next year!

Defcon 19 Badge Contest: In Specific

The grand post probably none of you have been waiting for.  My previous post is an overview of the badge contest.  This post gets into the very detailed list of clues and theories and musings.  It will only be interesting to participants of the contest, and even then, we only actually solved a couple of things.  So if you're looking for answers, it's likely that here you will only find more questions. :)

That being said, I stole got a few solutions from other people who were weak and capable of being social engineered willing to share their findings.
First, the badge.  Round, with a notch.  Different numbers on different human badges.  The notch seemed to be the same on every badge with the same number.  Inhuman badges were not round.  I do not know if they had notches.  I'm pretty sure inhuman badges all had the same number for the badge type, i.e. (C)ontest badges were always 60.

In the center of the badge was an Eye of Horus.  At the top of the badge was a keyhole.  I was pretty sure it matched a key symbol someplace which would reveal something in the eye or other parts of the cut-out.

The lanyard contains a series of binary, separated by colons (:), double colons (::), and Defcon logos (smiley-face and crossbones), which we dentoed with an "x".  There seemed to be two sets of binary numbers.  The second set was separated by periods (.) and had a few non-binary characters which spelled "1o57".  Obviously LosT's name.  One of the first things I did was make a .txt file with an array of these number, and when separating them by :'s, I noticed they were in 12-bit groups with the x placed in different spots.  We tried a number of different crunches on this data, i.e. looking for ASCII characters, translating into hex, etc.  Roland thought of trying to order them in order of where the x was, and we found there were two rows with the x in the 8 position and two in the 10.  The rest were unique.  This turned out to be a distraction.

We found out from chatting with someone the next day that the binary was a program: PDP-8, which is simply used to square numbers.  We took this as a clue that something needed to be squared.  But this was also a red herring.  In fact, the numbers were simply a data set used to hide another message, but not important in and of themselves: see steganography.

I learned on Saturday that these characters were used against another clue, which we had noticed in the program: ":: HACK UPON XYLEM ::"

I had searched for Xylem on the internet, and found it was a botany term, and spent a few minutes following some false leads there.  In reality, this clue worked like this:

HACKUPONXYLEM

1110110000x01: L

0x11010010100: A

0110x10010011: U

1111000x00100: N

11x1101101000: C

x101010010000: H

111x000100001: K

And so on.  It spells: LAUNCH KEY NOPMYX.  From previous clues, we knew there was one or more secret sites at http://www.defcon.org/1057/???  This was listed in the program.  We'd tried http://www.defcon.org/1057/1057, and just http://www.defcon.org/1057, and both of those gave us LosT mocking us, even in invisible black-on-black text, though I did write down everything from both pages (ha).  But NOPMYX (case sensitive) goes into the URL, and opened a page with all the clues required for the Z-Agent part of the puzzle.  More on that in a second.

Meanwhile, I researched Eye of Horus math.  Each part of the eye is a fraction, and I tried to apply that knowledge in all kinds of ways, but was only met with frustration.

There was some kind of Eye of Horus puzzle on the pages of the book, and we both beat that one to death but never figured it out.  Some of the eyes had red coloring in the inside (1/2), and some had red on the eyebrow (1/8).  Some had dots over the eye, one through five, and each of these was unrepeated.  These were only on even-page-numbers, but not every one.  They appeared next to Chinese (or Kanji) numbers 1-4.  Here are some examples:

LosT tweets on Sunday clearly indicated there was some way to decode that, possibly in the context of the One Time Pad (more in a bit), but we never did solve this.  Some of the theories we tried:

1. The positions of the eye matched the Chinese characters, either in decimal 1-4, or as a squaring function starting at 1 (1,2,4,8), starting at 2 (2,4,8,16), or starting at 1/2 (1/2, 1/4, 1/8, 1/16).  On pages with multiple eyes, we added the numbers, and tried various functions with the dots (multiplying, repeating that digit, etc.)  On the Speakers pages (pics in a moment), where the talk title started with a HUGE CAPITAL LETTER (yeah, I noticed that first thing), we tried various processes to find letter positions, but nothing helped.  The according to LosT's tweet, about decoding the numbers against the eyes, we tried all of the above also against the page number itself -- subtracting, adding, halfing, quartering, and so on.  We ran a lot of those against a number that later showed up on the "candy" website.  More later.

In a nutshell, we never figured out what the eye code was all about.  (Badge numbers didn't seem to correlate here either.)

Where to next.  Here are some clues from the program I tried to pay attention to:

 

Not sure what was up with the Rollieflex, an old-timy camera, but the number700005 seemed important, since they're part of 1057.  I also never figured out what was going on there on page 33 (the tattoo points there).  I did notice (before realizing it was page 33) that those tears in the film strip look a little like keyholes....  So I lined up the badge keyhole to all of them and nothing interesting fell out.  ARGH!  I also lined up the key to this:

And there, some cool things appeared through the gaps, like "another puzzle" and "used to unlock" which ought to have meant something, but what?  Coincidence?  Nothing else I aligned the badge with in the program gave me anything either.

Other clues pointed back again to that damn film strip, especially the the last "keyhole" on the bottom, but nothing loosened up there.

The most exciting of the above clues was the one thing we actually did that everyone else struggled with.  On Thursday, Roland and I both noticed it, and said, "That looks like shorthand!"  Both of us have parents who once knew shorthand.  But with them far away, we struck out to transcribe it ourselves.  It was really frustrating, because shorthand is designed to squish as much info in as small a space as possible.  This made it hard to look up in reference guides, because a lot of the strokes are almost identical, defined by things like length and direction the pen was going when the curve is made.  But after long hours with Gregg's Shorthand Dictionary, Roland found the very images which had been photoshopped into the program.  By Friday, we knew the shorthand spelled: The password is Little Sister.

Very exciting, but not a lot of good when we didn't know what the password went to.

From talking to a few people in the hall and talking to LosT, I'm pretty sure we were one of the first people to figure this one out.  A tweet the next day, giving this hint: If you can read the "kiss"- ask an older person or fans of the Mighty Boosh- I'm old greggg! indicated some people might have struggled with even knowing what shorthand is.

So we're pretty proud of that one.  Our best achievement unlocked in this game.

We googled "The password is little sister" and it was something of a Googlewhack.  There was only one link for this.  Easter egg, or clue for next year?  It didn't seem to contain anything useful, just a chapter from a Harry Potter fanfic, but given the title, I know it means something: Scatter My Ashes Where They Won't Be Found.  (The clue "found" was oft-repeated.)

We also found all the stuff on the CD.  Actually, it was on the website: http://www.defcon.org/1057/badge but the link was from the CD, so I shall refer to it thusly from here on.

On the CD were a large number of clues, which we mostly ignored because we kept forgetting about them.  They were in a .zip file, and I was mostly on my phone, so it was inconvenient to return to the MacBook and netbook and so on.

But there was a .pdf copy of the crypto-wheel for convenient reference.  This wheel was also printed on a massive decal in the main Rotunda of the con.  Truly awesome.  Here's a pic of the wheel for reference:

This wheel involved a number of puzzles, the easiest of which was the message encrypted in the numbers printed at the bottom of the large hall signs for the con.

As far as I could tell, the numbers were the same on every sign, which was sort of frustrating, given the incomplete feel of the message.  Here it is, letter for letter, with no typos.  I've used a slash (/) to indicate probable word separations:

WE/OENETRATE/YOU/RATE/YOUR/SECURITY/LEVELS/LOOK/WITHIN/YOURSELF/WHERE/THE/EYE/LACKS/MESSAGE/THERE/HOBOES/THUD/OF/HORROR

I believe the "O" should be a "P", so it would say "We penetrate you", however this was most likely not a mistake.  I have a theory on this which I will discuss later.  I focused a lot on looking for a message where the "eye lacks a message".  A number of other clues had a similar vibe.  This made me also focus again on page 33: Two of those "keyholes" aligned with words in the center of the eye of the badge, but the third one pointed at a blank spot.  But none of the other gaps revealed anything.

HOBOES THUD OF HORROR is an anagram for "Brotherhood of Horus".  Brotherhood has 11 characters, which matches a number that came up later (on the "Candy" page), but using it as an OTP key didn't work.

Ok, so the Z-Agents.  We didn't go through this process ourselves; we only found out about it afterward.  Above, the binary puzzle led to http://www.defcon.org/1057/NOPMYX.  That page instructs you to find the Z agents (a handful of people with "Z" badges) and include the passphrase from earlier (The password is little sister) on an Ace of Spades card.  They would give you a security question, which you would answer with "Every day is Halloween", and they would reply "Damn right", and they'd give you the next clue.  I'd love to include some of the specific text, but the Defcon website is down today.  (Did they get hacked? lulz.)

We didn't jump through those hoops, because we were told the next clue was "Candy".  Which led to http://www.defcon.org/1057/candy.  On this page there was a striking image of the Sheep of the Damned, which also appeared on the CD.  I still don't know what this image had anything to do with it (we briefly checked its metadata for anything interesting, too) but here is the text from the page:

You have found us.  Do not trust the SLEEPER AGENTS you may have discovered.  Send the phrase: The Jamie Dodger has been eaten to:

 28    14 19 28 39 4 31 28    18 11 36

You may be wishing I would speak to you, or illuminate where you may find the key.  It's in that place where I put that thing that time.

Wait for a return from the postman.

Jammie Dodger is probably another Easter Egg.  A Jammie Dodger was used as a self-destruct button on the TARDIS in a recent Doctor Who episode (which I have not yet seen), and was used less-interestingly in a number of other Doctor Who episodes.

We did a view source and noticed the extra spaces.  Those did not appear on the page itself.  That threw us off:  We knew we were looking for a One Time Pad (OTP), but weren't sure if it would have 11 characters or 13 (the spaces indicating to skip those characters or bring them over directly).  We spent lots of time looking for and finding strings of characters and numbers of these lengths, including doing lots of math and other funny business to various things, but to no avail.  We knew from a tweet that it had something to do with the program, specifically the speaker/talks pages with the giant letters, but didn't know which letters to take as the OTP, and spent a majority of our time trying to wring the secrets from the eyes at the bottom of pages.

Turns out the answer to that was much more simple.  By that time we were spying on talking to the group in the chill out room, and someone told us it's simply the first 11 large letters on the talk descriptions in the program.  No advanced maths required.

The contest had already been won by then, but we kept plugging away at it.  We found the numbers translated to E L O S T B O Y N E T.  Drop an @ and a . into the spaces hidden in the source, and we have an email address.  I emailed the passphrase, and exactly one hour later, received this reply:

We have verified that agents have compromised our communications channel.

You need to identify the compromised H, and replace with the Z.

We have verified that there is only one H value that has been compromised.

You may use the SUN/MOON to verify, you do remember how to calculate those, correct?

When you identify the compromised H, analyze and report.  The message stream will identify for you a name.

Report to the identity here:

_____________@%LosT 0x2E Organization

Within your message confirm the compromised H, as well as the sum of the moons and stars.

Sent via phone. Please excuse typos.

Now, by this time, we knew the final answer was 108 (obviously a Lost TV show Easter Egg) and something else emailed to eban@1o57.org.  We had heard they got 108 by adding 48 + 60, and they got those two things from the badge somehow.  Something to do with Log12, and the notches on the badges, and looking at the front and back of the badge (sun/moon hints) and I'm not that far along in math so ???  We were trying to reverse engineer the answer, and really wanted to know how they got to it.  But as we worked on it, it became apparent there was more than one way to get there.  We were on to something that had nothing to do with Log12, but couldn't quite make it work.  Partly because I hadn't gotten all the badge numbers and notch positions recorded.  This was Sunday evening by this time, so...

But we did notice that if we used the crypto-wheel, and took badge notches and lined them up, and then reversed the badge, and took both of those numbers that the notch pointed to, and added them, we got numbers that correlated with letters in ASCII.  We also tried subtracting the badge number, and also got letters.

Here's an example.  I have badge number 30, and the notch is in the "2 o'clock" position.  That points to 16 on the crypto-wheel.  If I flip the badge (sun/moon clues), it points to 99.  Add them, it's 115, which is "s" in ASCII.  If I subtract 30, I get 85, which is "U" in ASCII.  Any badge with a 5 o'clock or 7 o'clock notch will give the number 116 which is "t", and when we subtracted some of those numbers, those all gave nice neat ASCII letters, too.  It was very non-arbitrary, so we know it meant something, but that's as far as we got.  Now that my mind is fresh and I have a proper desktop computer, and all these details organized, I'm thinking of how easy it would be to go further, but things were much different Sunday at 6pm in the hall with a laptop. :)

I had another theory, related to the clue about the compromised H (human).  As near as I could tell, the only badge number without a notch was "3".  I remembered something from the day before (a clue I haven't talked about here yet):

(There were two goatse clues, the other was a QR taped to the rotunda crypto-wheel, but those were undoubtedly one of the many people messing with us).  On the same day, a footprint appeared in tape on the "24" position of the wheel in the rotunda, at 23 degrees.  I searched the area it pointed to a while, and found that someone was holding the clue I should have found: A coin with "33" printed on it, and a sketch of Anubis? 

All of the coin stuff aside (that is a WHOLE other story!), everything is pointing to that position on the wheel.  Not only that, but remember the message before, decrypted from the crypto-wheel, where the O should have been a P?  That was the "3rd" character in, and a "24" on the wheel.  If agent "3" was "compromised", they might have sent us the wrong character.

What we really should have done day one was pay for a print out of the wheel.  I suspected at some point we'd have to rotate this wheel, especially when the Z was a ?  What I really wanted to do was rotate the Z to the "24" position, and start trying to decode all kinds of things using this.  But without a paper copy and a pair of scissors, this was extremely difficult.  We had to manually count backwards five spaces any time we wanted to check something, which was a real pain.  So we didn't get very far down this track either, but I know it means something, and probably would have led us to the same answer those other guys got with the Log12 nonsense.

There were a number of other clues we never used.  Most we didn't even spend much time on, and a few of them I kept in the back of my mind.  Something kept niggling me.. that "where the eye lacks message".  On Sunday, the rotunda wheel got a few additions.  Most had been kicked off by foot-traffic by the time we got there (someone told us about it, and I saw the tape).  The Eye of Horus had a sicker of the "33" tattoo design from the program, and this:

It's just an "o" with some lines on the side, kind of like an eye.  The left eye "lacks message".  There were also a lot of tweets coming from @1o57 about suns and moons being the same thing (I will post all of those in a bit).  So I looked up more Egyptian mythology, and learned that Horus contains both the sun and the moon (because he is the sky).  He and Set got into a fight, and Horus lost is left eye, which is the moon, and that's why the moon is darker than the sun.  And here we have a left eye with nothing in it.  The downward point on the Eye of Horus on the crypto-wheel also points to that left eye in the Defcon logo.

This one drove me crazy, partly because Roland thought it didn't mean anything when I was so sure it did, and partly because it was important precisely because there was nothing there.  I was told when there was nothing there, that's where.. something would happen, but I didn't even have that part of the message ("Where the eye lacks message there..." and it cuts off).  There what?  I guess I'll never know.

The other rotunda had its own decal.  At the cardinal points there was a schematic-looking thing that I learned was to a logic gate.  At the inputs of each, there were Chinese characters.  Most were numbers, but a few were not.  Here's a picture of one:

And a close-up:

We never got very far on that, though I wanted to do some truth tables, and I noticed there were four sets of three-digit binary groups on the lanyard (010, 111, 011, 100).  LosT tweeted that we shouldn't worry about the logic functions but rather the mathematical functions these imply, but forget that! :)  Someone else mentioned this puzzle had something to do with narcissistic numbers.

P.S. One thing I learned through all this is that Wikipedia sucks at math articles.  They all assume you have mid-college-level math already, and don't do a good job of explaining how things work in a clear way to someone who stopped at pre-calc 20 years ago.

Before I do a raw data dump of all the other clues we noticed but didn't do anything with, here are all the Easter Eggs detected:

• 108 is a recurrring number from the awesome TV show Lost.
• Jammie Dodgers are used in a number of Doctor Who episodes, including as a self-destruct button.
• The numbers 1057 (Lost in l33tspeak) where everywhere, including in the Eyes of Horus on the pages.  (More on that in a sec.)
• Scatter My Ashes Where They Can't Be Found fanfic.  I wondered if this had anything to do with a tweet made about something Dan Kaminsky said, "Harry Potter, properly understood is a story about the epic consequences of losing one's password".  Or I could just be catching acquired schizophrenia from doing these damn puzzles. :)
• The time, 8:15 on the Day 2 Clue, and 23 degrees.. these are three of the numbers from Lost the TV show.  Some of those numbers also appear on the crypto-wheel (4 and 16).  The Lost number I never noticed is 42.  Interestingly, this is the inverse of "24" which is the position on the wheel I thought Z should be rotated to.  (There was a badge number 42, but nothing to call it out as special.)

When I did some Egyptian fraction math on the eyes in the program, I got a bunch of nifty but apparently-useless fractions.  I'll be including pics from my notebook, so you can look at them there, but the important thing to note: The numerators were 1, 5, and 7.  1057 again.  Accidental?  I doubt it.

Photos of things we found laying around in the Rotundra:

And the coins:

 

There are actually three coins above, but I photographed both sides.  On the coin with the arrows, they point to the edge, where some kind of code was drawn.  It looked something like Morse code, but with some /'s and a < and some dark blocks as well.  I scribbled these down in my notebook, but am not confident in my ability to capture it well.  I dismissed this info, because Lost was standing there, and he told us the coins were just the goons fucking with us.  I didn't recognize him as being Lost, and tried to argue with him, and it was all embarrassing and all that, but when I found the "Anubis" coin the next day, I knew that he was fucking with us more than the goons.

There were two black lines taped at positions "47 - U" and "4 - E".  I don't know when these appeared, but I noticed on Sunday.

 

We found the forum entries, and I puzzled over those looking for meaning.  Found the "stop" error.

There is a QR code in the video, but I ran into supafraud Saturday night, and asked him.  He assured me it contained no clues, just a website and video of him messing around to be funny.

From the talk, I took a few notes.  I focused mostly on LosT's quote from Amazing Grace: "I once was lost but now am found, was blind but now I see".  I was hoping to get to replace a 1057 or Lost with found or some equivalent, but that opportunity never appeared.

And all of @1o57's clueful tweets: (speaking of which, http://ten-five-seven.org/ was 404ed the whole weekend, and still today.)

HINT: Digital logic- consider the mathematical functions implied by the types of gates represented, not simply as taking boolean values

HINT: If you can read the "kiss"- ask an older person or fans of the Mighty Boosh- I'm old greggg!

HINT: there are LOTS of people creating FAKE clues. Like most of the red shirt goons :) If it's not elegant, it's not me ;)

HINT: there are Z badges floating around the conference.....

Hint : if you have passed a card to z and are stuck- you are now dealing with a OTP. And you have the key

Hint: The eyes on the bottom of the pages are used against the page numbers for decoding...

The otp info you are looking for is in the program

If I SPEAK about the TRACKS that BIG foot left, I might break the LETTEr of the law.

The moon can sometimes appear as bright as the sun, depending on how you look at it.

H3 agents are rogue.

The sun and moon are opposed..kind of

Ra stands in opposition to horus

Every badge has both a sun and a moon

The dial is a sequence. It has a name. So do the badges

The sun can be seen with the naked eye. So can the moon.

Sun is position. Directly. Moon is position , directly. Every h has a sun and a moon

I noticed some ogham written on the keys in the skull pic from the CD.  I heard this image was from some previous Mystery Challenge, and like I said, we kept forgetting to look at the stuff from the CD.

And... all the notes from my notebook.  This doesn't include any of the text files or Excel files or most of the things Roland worked on.

This marks the end of my data-dump.  Maybe it will come in handy next year, or help other people who were working on the contest. :)  I really look forward to working on the next one.  Thanks again, LosT!