Open roseregina opened 5 years ago
blackswanburst
commented
5 years ago Collaborative challenges? IE, break some flags up into say 3 pieces, and then give different pieces to different teams, as they solve challenges. If they "collaborate" by talking and sharing pieces, they solve the challenge, but competitive teams will miss the chance.
Te-k
commented
5 years ago The more I think about it, the more I see CTF as coming from very tech-bro communities that would not fit really into IFF (personal view here, open to debate). I definitely think that the competition aspect will discourage many people, especially people with less privileges or less technical skills.
So maybe we should organize it more as a hackathon over the week, with clear goals and some type or cohort or mentoring aspect which help connect people and empower people with lack of self-confidence. Thought about that ?
blackswanburst
commented
5 years ago +1, agree
I just don't know how to solve this, and am looking for someone to lead the way on the format of delivery.
I still think we'll need puzzles/challenges/trainings/learnings (whatever you want to call them), prizes and feelgoods, and ways of delivering them (websites? Zines? slide decks?). So I choose to focus on doing these things, and will follow the wisdom of the group on how this is delivered, branded, pitched.
I guess I also expect not to be there, because of my travel restrictions, so my method of helping is more 'git commit'.
joncamfield
commented
5 years ago I'm torn here -- I strongly support making sure this is welcoming and engaging to folks with different skill levels and backgrounds (and some of the themes already support or could be adapted to support not-just-technical skills). Also, the overall theme is already less CTF-y and more puzzle-based (unless @seamustuohy is dreaming up a scenario here where the themes all build together with flags along the way?).
Depending on IFF's buy-in here, we could also have a skills "fair" or similar deeply embedded in the launch of the CTF, with multiple people set up to train on different skills (before revealing the first challenges), with the promise of useful hints (easter eggs?) embedded in the trainings to try and remove any stigma from attending.
What I'm trying to say is that if "CTF" itself is off-putting, I do still think a lightly competitive (perhaps strongly encourage teams over individuals?) approach to encouraging super-useful skill building is deeply needed.
roseregina
commented
5 years ago The hope is that we will be able to weave together a story through the puzzles.
I wouldn't want to describe it as a hackathon, since that almost always means a bunch of people getting together to do some coding, which this definitely is not. I think that it also has a bit of a negative connotation in certain circles because of howe the structure kind of inherently pushes building poorly thought through tools.
There is also arguable value in calling it a CTF since getting people more comfortable with it could be a stepping stone for our target audience to start engaging with other CTFs and making use of them as resources.
blackswanburst
commented
5 years ago I'm mostly going to stay out of this discussion, and let wiser people than I debate and decide the result.
However, if you want to run far from the competitive "tech bro" of CTF, I wonder if you might do what we do when creating IR playbooks. You put everyone on the same team against an event or scenario.
So we could create a bunch of puzzles and challenges, but IFF wins as one team if they complete them all, regardless of who solves what. For example, everyone competes as IFF against some outside force or event. Like everyone against the hurricane, or everyone against surveillance capitalism, or even a crazy collective of people who each do their small part to expose a company who has a vicious abuseware tool.
For me, this is a very good discussion to have and valid points to be made, but also we need to progress if we want to build it.
So I humbly propose this can all be resolved in "the narrative of the event". If you feel strongly about that narrative being inclusive, then help write it! We'll co-create the puzzles or hurdles or mysteries, alongside the narrative that is most inclusive. We can and will adapt the "challenges" to fit the narrative. Shall we co-create?
blackswanburst
commented
5 years ago Typically stupid me, missed that @seamustuohy was already doing this: https://github.com/seamustuohy/CSS-CTF/blob/master/narratives/community_under_siege.md
joncamfield
commented
5 years ago However, if you want to run far from the competitive "tech bro" of CTF, I wonder if you might do what we do when creating IR playbooks. You put everyone on the same team against an event or scenario.
So, I just ran a tabletop scenario for part of the internet freedom community, and I strongly like and believe it's the right framing to have the all-against-the-scenario/redteam style, the internal competitiveness was a constant draw for me co-designers, and came up as something participants wanted more of as well.
seamustuohy
commented
5 years ago Haha, @blackswanburst It was entirely a riff off this conversation. I've always been better at works than words.
My rough draft narrative for one of the threads was looking to create a non-competitive style activity that can be won multiple ways, and allows the player to go as deep (or direct) as they wish. I would be excited for other proposed additions to this narrative or for other narratives to be proposed. I think the most valuable way forward would be to start to put down narrative threads with specific skills within them and to collaboratively craft (and discard) the ones that are not compelling or do not seem useful enough to gain ownership by some of the collaborators here.
seamustuohy
commented
5 years ago Oh shoot! I just re-read this thread and I LOVE the idea of a communal prize/win if all the challenges are completed.
I do want to give individual rewards to encourage individual skill development though. We have excellent individuals all over: just not enough of them. I wonder how we encourage this?
rorymbyrne
commented
5 years ago However, if you want to run far from the competitive "tech bro" of CTF, I wonder if you might do what we do when creating IR playbooks. You put everyone on the same team against an event or scenario.
So, I just ran a tabletop scenario for part of the internet freedom community, and I strongly like and believe it's the right framing to have the all-against-the-scenario/redteam style, the internal competitiveness was a constant draw for me co-designers, and came up as something participants wanted more of as well.
Yes and the TTX was awesome. I think there can definitely be scope to re-use at least parts of it for this.
Perhaps the one thing I might add to this conversation is that peoples time at IFF gets very hectic very quickly. Even if someone wanted to do a challenge each day we need to ensure that it is not overly time limited ("Hey at 13:30 we are doing XYZ for an hour"). Also I know that most of the people planning this get pulled in multiple different directions by donors, talks, dinners, presentations etc at the festival.
So maybe we wanna ensure that anything we do is scripted in such a way that people can pickup if they miss the main daily challenge window etc.
This question was raised by TeK over email, specifically raising "CTF has a competition side in it and may lead to people not being into competition avoiding it"
This is a good point. Could we make the competition optional? Are there ways we shift incentivesations away from winning and towards participating in ways that are more in line with our end goals?
Competitions
PROS
CONS
Ideas/ other questions
@seamustuohy please add to or edit this