The Legend of the Murder Hobos

Spoiler alert: The real prize is friendship.

At R00tz Asylum, an official DEF CON event for kids, Facebook’s security team was running a CTF. The scene matched most rooms at DEF CON: intense staring at screens, poking at punny challenges, and no one really talking to each other. We chatted up our neighbors, Sodapop and p0wnyb0y about the con, the badge, and the contest. We realized the organizers encouraged teams, but no one else was talking. Pooling our resources, a 7 and 9 year old shot to the top of the leaderboard and took home the prize: 2 Chromebooks, and a con-friendship.

A chat at Toxic BBQ in 2018 lead to another team-up. Tinribs and I were Vegas locals looking to change up our DEF CON experience.  We took on the inaugural Dungeons@DEFCON with our 12 year old kids. Styled as the Murder Hobos, we won the Psychoholics-lead, D&D themed, CTF-style classic crypto challenge through cooperation, luck, and shenanigans, and we came away with the win and a black badge for our team of four. As far as we can tell, the kids are the youngest black badge holders in history. Grifter commented to The Dark Tangent during closing ceremonies, “What I like about a couple of kids winning a black badge is how much it’s going to cost Jeff. For life, baby!”

But we had a problem: only 4 of the 6 Hobos had a black badge, and so the next chase began. The very next year, family obligations took me away from DEF CON, so the Murder Hobos stormed Dungeons@DEFCON again but fell to the inimitable Fellowship of the Token Ring. Post-Covid, another run at D@D (with FOTTR contributing puzzles and CrookedFingers our Dungeon Master) ended with a second place finish. FOTTR decided to host their own contest, and Spy v Spy was born. With a thrilling finish, CamelCase bested the Murder Hobos by unlocking the dead drop minutes before P0wnyb0y arrived. Victory was elusive, but we couldn’t give up.

At DEF CON 33, I was trying to play it cool and relax. When we absorbed ourselves in a contest, we’d look up on Sunday afternoon at closing wondering where the weekend had gone. I was thinking I should take it easy. But it was not to be so. Spy v Spy had returned, and it had a compelling hook: souvenir slabbed playing cards when you completed incremental challenges. Sodapop and P0wnyb0y registered right away, and we were at the top of the leader board the most of the con. We cracked crypto, fabricated loaded dice with other teams, and chased dead drops for two days.

When the final round started, we made the cut, but didn’t know what we were up against. It was rumored one team had 12 people! So we unwrapped the challenge code book and got cracking. Sat at the disused Warlock Gamez booth, we were right in the walkway and kept getting interlocutors asking what we we’re working on (some of whom, we found out later, were actual spies from other teams), and they got a gruff reply. It was serious. Tinribs and Sodapop cracked numbers stations, P0wnyb0y decoded RTTY, and we found the spy. The final answer was phoned in over Discord while I walked back from the other end of the conference.

As I approached, I saw a confluence of people around the contest table. Tinribs was walking towards me shaking his head.

“Too late, we were a minute too late.”

Crestfallen.

“Just kidding. We got it.”

Elation. Joy. I screamed several expletives at him.

Around table was an excited mix of teams and organizers asking about clues and solves, tips and congratulations. Fox from the Whiskey Pirates may have teared up a bit, but so did we.

These contests and conferences are largely excuses. To get us off screens and in front of each other. Make friends and build community. Share skills that are weird and unique and unavailable in any concentration. Sometimes through competition, but also cooperation and conversation. With the win in hand, there was one final question.

The news came the next day: be at the main stage at 3pm. Victory, finally, after a 6-year chase, the Hobos all had black badges. After a whirlwind weekend, we were back on the main stage. None of the kids are children anymore. But we’re already planning our next escapade rather than retirement. FOTTR wants us to make our own contest. And I really want to share how we got here again. And maybe hang out with other puzzlers outside of one weekend per summer.

Cheers,

DuncanYoudaho

Magnetic Bottle Openers

In the tradition of doing something snazzy for the DEF CON Toxic BBQ, I created a bottle opener that would both mount magnetically as well as catch bottle caps with the same force. 

Amazon had a selection of sturdy bottle openers by Starr X, and a particularly helpful blog post by K & J Magnetics helped me pick out the featured magnet.  I'm relying on the interesting grain of the Indian Rosewood to give the piece character as I didn't have the tools to do a fancy profile, and my router bits are incredibly lacking, so I just went with dog-eared corners and a chamfered edge.  The burning visible on the below pre-finishing shot (accompanied by my favorite Wasatch brew) was due to the bit I used.

The magnet was epoxied in place after I cleared out a spot for it.  In order to prevent the opener from sliding on slick surfaces, I added slightly inset tiny rubber feet.  This also set the opener off from the fridge by just enough that you can get your fingers behind it to pry it off with ease. Lots of sanding from 100 to 600 grit made a great smooth base for some stain and spar urethane.  After three days of curing time, I plopped it on the post at the Toxic BBQ and had a pile of at least 50 caps by the time the night was through.  A great first run!

2014 Board Game Buying Guide

I've been playing games with people at the office, and it has shown me that you can get a game in with even a short lunch and new players.  I decided to put together a quick list of game recommendations based on venue and number of players.  Links to Amazon are provided, but most of these titles can be purchased from your Friendly Local Game Store.

Lunch

Bring co-workers together, let off some steam, and renew rivalries between departments with this selection of quick and easy games selected to allow you to teach and play in under 30 minutes.

• Love Letter is a card game of bluffing and card counting with just 16 cards.  It handles 2-4 players, but it is best with 4.  Also, it comes in a number of different re-themes, so you can get a non-threatening version to appeal more to co-workers.
• Tsuro of the Seas handles 2-8 players.  This "last man standing" tile game has compelling artwork, fast rounds, and dead simple rules.  A whole game seldom lasts more than 15 minutes so people can jump in with little fear of going over their lunch time.  There are simpler versions and expansions, so you can get as much depth as you want in the time allotted.
• Hey That's My Fish plays well for between 2 and 4 players.  You should be able to explain rules while setting it up.  All about area control, the gradually shrinking board is apt to cause panic even in the normally stone-faced players from Finance.

Date Night

Games that play best with or are designed for just two people can test the limits of your affection or bring you closer together (no warranty either way).  Though these games will work at work, teaching might take longer so an hour lunch is preferred for newer players.

• Hive is one of the few abstract games on this list (like chess or checkers).  It presents the elegance of chess without a board, and the pieces have heft and make a wonderful clacking sound like Majong tiles.
• Jaipur is a colorful trading game whose tokens and cards make a visually impressive setup.  The 2 of 3 mechanics means it is natural to play round after round.  This game used to be rare, but it has benefited from a recent reprint.
• Star Wars X-Wing Miniatures Game maxes out the nerd factor.  This is as close as you can get to a war game, so check with your significant other before taking the leap.  Games run about 45 minutes, and it plays in a space the size of your dining room table.  Best of all, there are endless expansions to add iconic and obscure characters to your fleet of ships.

Family/Friends Game Night

Have more than two?  Hate Monopoly as much as I do?  This mix of competitive and cooperative games are sure to show you what the modern board gaming renaissance is all about.

• Forbidden Desert is a cooperative game where you play against the game to avoid thirst, storms and the heat to get out of the desert alive.  The mechanics and components are top notch, and it plays in under an hour.
• In King of Tokyo, players take the role of giant monsters vying for control of Tokyo.  A fast paced dice game, the randomness and ridiculousness of it all is a hit.
• Card game The Builders: Middle Ages is a great worker placement game: hire and set workers to build a town.  The rules are simple, but the gameplay is complex.  This definitely benefits from replayability and the tin means it is sturdy enough to go anywhere.
• Love Scrabble but have that one friend that outstrips you every single game?  Try Qwirkle for scrabble like crosswords without the burden of words.  It is more puzzle than game, depending on how cut-throat you get.
• Ticket To Ride: Europe is rummy with a board, and this edition of the game is fantastic.  I learned more geography from this game than I did in grade school, and the artwork is fantastic.  Expansions are available and cover alternate maps and expanded ticket options.  It even has an App version you can pass-and-play if you don't want the fancy box.

Clark County, Nevada Elder Abuse Resources

I was concerned for the safety of a family member who is older not long after their spouse passed away.  Below are some things I learned about Elder Abuse, the resources available to help those in need (individuals or family), and things to do when investigating elder abuse.

Before going nuclear on someone new in your relative's life, first do the single most important thing: talk to your older relative.  Often, misunderstandings or matters of privacy can be sorted out without resorting to law enforcement, state assistance or subterfuge.  The matter of trust between you and your relative is the single most important factor in maintaining their long-term health and well-being.  If you lose their trust, you lose almost all ability to help them.

Local Police Resources

Police seem to only be able to make 'welfare checks' for elderly people that outsiders suspect are being abused. They can only visit the premises when the person is home. The Las Vegas Metropolitan Police Department Operator and Dispatch informed me that there are dedicated Elder Abuse detectives. Unfortunately, they only operate M-F, 7-4. As the crisis was after this time, we couldn't get a welfare check immediately. The numbers for these departments are below:

• Metro Operator: 702-455-8697
• Metro Dispatch 702-828-3307
• Elder Abuse Detectives: 702-828-3111 (Hours are 7-4, no voice mail)

State Resources

Though I I have not taken advantage of these resources, there may have been help available through the Aging and Disabilities Services connected through the county. Comparable services may exist locally in your neighborhood.  Perhaps there are some interventions that would be helpful going forward?

• http://www.shouselaw.com/nevada/elderabuse.html
• http://www.health.nv.gov/HCQC/SB129ElderAbuseTrainingforWebsites.pdf
• In Nevada, crimes committed against elderly command double the sentence.

Social Engineering

When trying to find out more about people that have entered a loved one's life unexpectedly, unexpected phone calls from unknown people are a great source of more information.  Generally, act as if the person is at home but not available.  The person on the other end of the line may divulge information that gives you clues about the intruder.  Effective phrases are below:

• "Yeah, he's here but he's busy.  He asks what you need."
• "Hold on, let me get her...She's here but can't pick up right now."
• "Who is this again?  I didn't get that down last time."
• "His phone is dead.  What number can he reach you at?"
• "What was it again that you're meeting for?"

While the person is out, check the circumstances of the house, but try not to disturb things too much.  Look for signs of drug abuse, behavior you know your relative would frown upon such as smoking and drinking in the house. If you know their location, ensure firearms are secure, and check the status of belongings, heirlooms and money caches.  Document and narrate your search by video.

If you must get the police involved, minimize the impact on your relative.  See if they will come around when you try to have a person escorted off the property.  Ensure your relative is not involved in any illegal activity before involving the police, and, most importantly, get the consent of your relative before escalating.  You must maintain their trust, and asymmetric reactions to otherwise benign or diffusable situations can ruin that bond and expose a vulnerable relative to harm from both the intruder and the police.

Test Early, Test Often

Of late, I have been enamored of testing techniques that come earlier and earlier in the development cycle. It can be called static analysis, design auditing, prospective testing, shift -left or the like, but the research is in: testing before you get something bears fruit in most organizations.  Here I present a few examples from my own experience.

At the start of a sprint, we leave Sprint Planning with the requirements.  The next interaction with developers is when we review their Developer Design Overview document that spells out the development approach and helps QA scope their testing effort.  This developer had chosen to put an error message into a file usually reserved for configuration.  QA saw the DDO and raised concerns immediately.  Why was a message being added to this file when they were usually reserved for the language DB?  With this one question, before QA saw the code, we changed the trajectory of development.  The fix was in before we got our first build, and the story closed with the Sprint instead of carrying over with the do-over.

An even earlier example came when we looked to implement secure communications between two servers.  While I couldn't code my own implementation, I was able to provide recommendations at design-time by staying educated and confirming my understanding with developers who had dealt with crypto.  By starting early, we were on surer footing when troubleshooting and confirming the implementation was sound.

As the examples above illustrate, QA often saves time for developers by defending standards and consistent implementation early in the cycle, but that is not the only savings that comes from shifting left.  Often, test environment issues can also be aided by an early understanding of requirements.  In one case, as story had carried over from a previous sprint which meant we were already behind.  The roadblock was a production issue pulling the developer away from the story.  Instead of sitting on our laurels, QA worked with the configuration manager to make sure our test environments were ship shape before the code was completed.  When the developer's changes passed build verification, we were off and running almost instantly.  Not only did our preparation help us get to the work of testing faster, but it also helped us close more stories as environments were made ready before they could become an obstacle. Not only was I able to test early, but it lead to me testing more and in greater depth.

Most modern test engineers have their own war stories from early testing.  For every story where requirements changed and early notes became meaningless, there are ten stories where early questions lead to greater clarity, fewer bugs, and more time for digging in.  I consider projects that foster this early access for QA to be among the most fruitful and least volatile.