Burning Man Kicks Off Outside Lands Hackathon


Last weekend as part of the build up to the Outside Lands music festival in San Francisco’s Golden Gate Park, they threw a Hackathon at Weebly’s playful office in the Financial District. The idea was to make something that would enhance the experience of artists and fans at Outside Lands. I love this idea – a festival that can improve, based on ideas and input from its patrons. Call it Radical Community Reliance.

From Fest300:

This past weekend at the third annual Outside Hacks Hackathon, over 200 developers, designers, and technologists of all kinds gathered at the San Francisco headquarters web hosting company Weebly for the mission of “building something that enhances the experience for artists and/or fans at Outside Lands .”

For the uninitiated, a hackathon is an intense competition where teams of coders attempt to build an app, feature, or program in a limited amount of time (usually between 24 and 48 hours). Outside Hacks allotted its participants a total of 24 hours. One of the organizers of the hackathon Travis Laurendine says “Hackathons are like dance marathons, it’s like a sleepover party, except no one is sleeping.”

At the end of the long and hyper-intense 24 hours – which left many of the coders exhausted – the judges chose the app Dave Sent Me as the Grand Prize Winner. That includes a $5,000 cash prize, an Outside Lands VIP experience, and perhaps most importantly the integration of their app technology into the Outside Lands app.

Dave Sent Me is described as a “personalized Outside Lands schedule recommender.”

travis laurendine

Outside Hacks Organizer and “Entre-pee-neur” Travis Laurendine

New Orleans Burner Travis Laurendine is one of the geniuses behind AirPnP.

According to Fest300, Burning Man was involved in Outside Hacks too, kicking off the event with an address by social alchemist Bear Kittay.

…the symbiotic relationship between technology was a running theme for the weekend and its presence was as noticeable as the sound of hundreds of fingers hitting keyboards and the smell of pizza fueling the coders.

In the opening remarks, artist and social alchemist for Burning Man Bear Kittay addressed the hackers by saying, “We’ve got to remember that the intersection here between entertainment and technology is a really relevant space. It’s been separated for a really long time, but it’s not often we get together with all these brilliant engineering minds to solve some big problems right at the precipice of music and technology. Think about what a really disruptive tool you could create can be, that could really help to transform the way music and technology worlds come together.”

Travis Laurendine from the InMotion Hosting review site, has witnessed the hackathon significantly grow since its inception in 2013, points out that, “Art is often enabled by technology. A lot of art is dependent on technology. Technology has led us to new art forms. A lot of these people who have the mind for art also have minds for tech, and vice versa. That’s why so many incredible developers are also musicians, because they have the mind for it.”

The incredibly diverse and youthful participants in the hackathon were all united by their passion for music and their drive to make music a better experience for listeners and artists alike. Greg Cerveny, a founder of music startup Groove and one-man team, created his app Dance Commander to facilitate dance parties at the festival by people holding up their phones open on his app displaying a dancing stick figure, thus inviting other festival goers to join in on the dance party. Cerveny says his goal was to give “someone a more awesome time or a really awesome experience because they engaged in a dance social circle.”

[Source: Fest300]

Burning Man has been involved with a hackathon before, a “Burner Hack” conference being held at [freespace] in 2013. It’s not clear if anything was produced from this to help Burners. The event was linked with hacking again this year, with news that at least 200 people pushed to the front of the ticket queue by “routing around” the Ticketfly/Burning Man custom system. In a recent Medium story “Burners Don’t Hack Uber, People Do”, they described a smartphone app called “Burner” that is being used to hack Uber to get free credits.

The intersection of music and technology is a really relevant space. So is Burning Man in that space? Are we really at the precipice – what does that even mean?

Outside Lands is coming up in a couple of weeks. The lineup includes Elton John and Billy Idol.

outside lands 2015-date

Did We Just Get Cyber Attacked? [Updates]

The last few days have been pretty hectic in the financial world. You may have heard some of this on mainstream media.

Zero Hedge asked “Is This What The First World Cyber War Looks Like?”

Alarmist? I don’t think so. Nothing like this has ever happened before.

Here is my interpretation of what just happened:

July 5:

Greece voted “NO” to their bail-out, meaning they will most likely leave the European Union and issue their own national currency. Other countries may follow suit, “falling like dominoes” due to their banks’ exposure to Greek debt.

A major hacker group “Hacking Team” themselves got hacked. More than 500 GB of emails, financial and other data was leaked to the Internet. They revealed that the company had sold hacking tools to the FBI, DEA, and Department of Defense; as well as to the governments of Mexico, Australia, Russia, Saudi Arabia, Iraq, the UAE, Spain, and many others.

July 7:

The Intercept published documents about the Hacking Team corporation that was selling its secrets to 3rd world despots, as well as G20 countries and alphabet agencies. They revealed Zero-Day Exploits in Windows and Flash, which could be a major vulnerability across the entire Internet.

The zero-day vulnerability affects all major web browsers, including Microsoft’s Internet Explorer, Google’s Chrome, Mozilla’s Firefox as well as Apple’s Safari.

[Source: Hacker News]

Such exploits need to be exploited immediately, before the companies who created them (either accidentally, or deliberately) can scramble to fix them.

The Chinese stock market tanked and trading was suspended. It has dropped more than 30% from its high a month ago. China implemented trading controls, freezing out $2.6 trillion of shares – about 40% of the country’s market capitalization.

Chinese equities have lost more than $3.5 trillion of value in less than a month as traders liquidated leveraged bets at an unprecedented pace. Foreign investors extended a record three-day exodus on Wednesday…On the Shanghai exchange, 365 companies suspended trading, equivalent to 33 percent of all listings. A further 992 were halted in Shenzhen, or 56 percent of the total.

[Source: Bloomberg]

China has been following the “Wall Street 1929 Crash” playbook with this one:


Time magazine publishes a story How Real Is The Threat Of a Cyber Attack, warning that a “black swan” cyber attack could really destabilize the world economy over the next, ummm, year – and the government has been consistently surprised by cyber attacks recently. This blames the Chinese as the most sophisticated group of cyber hackers.

Just before midnight, Anonymous tweets “I wonder if tomorrow will be bad for Wall Street”

July 8:

8:22am Bloomberg, CNet, TIME, and many others pick up the story: Attack on Power Grid Could Cost $1 Trillion

The New York Stock Exchange (NYSE) was shut down for 5 hours due to a “glitch”, only opening in time for the last hour of trading.

Amazing how they can diagnose that so quickly. Especially given that by definition, “hacking” is intruding into internal technical systems.

A trader on the floor described the situation as unprecedented:

In my time in the capital markets or working on the floor of the New York Stock Exchange, I have never seen a complete halt of the markets due to technology problems.  Even 9/11 cannot be considered a halt because the markets never opened that day.  This is extraordinary.
There was no clue, or early indication that this would happen. The music just simply stopped playing.  There is no panic on the part of the trading community and right now we are just ensuring that we are prepared when the market re-opens… Most of the volume in this market (and most markets, for that matter) happens in the first half hour and last half hour, so the NYSE is scrambling to get us back on line for a close of the market.

[Source: Yahoo Finance]

The Wall Street Journal web site was taken down by hackers.

Zero Hedge, one of the world’s most popular financial commentary sites, was shut down. Their servers are located in Zug, Switzerland.

United airlines was shut down worldwide, affecting nearly 5000 flights.

The computer problem in the airline’s reservation system caused the FAA to impose what is known as a ground stop at 8:26 a.m. ET, meaning United flights were not allowed to take off. It lifted the stop for feeder airlines that fly under the name United Express about 15 minutes later, but it took until just before 9:47 a.m. for the ground stop to be lifted for United flights.

The computer problem had forced United to hand write tickets for passengers at multiple airports. But Record said the lack of a reservation system meant that the airline was not able to check to confirm that passengers were not on a no-fly list or that everyone on the flight was supposed to be there.

“Because of the safeguards and the backups built into the reservation system, once that goes down, everything has to stop,” Record said.

[Source: CNN]

Power was shut down in Washington DC, affecting 2500 people in the home town of Homeland’s Carrie Mathieson.

Earlier today, Anonymous tweeted this:

Was this just a one off, or has it been brewing for a while? How do we know “Anonymous” is really behind this, and not a state actor?

Going back a little earlier in the year, we can see the build up to this “First Cyber War” being seeded in the media. In particular, software pioneer, cyber-security expert, and hacker of entire countries John McAfee has been sounding the alarm.

A couple of months ago, seemingly out of the blue he started writing a column about hacking – his stories are excellent and he’s quite a character, follow him on Facebook. His most recent columns seem to have been “priming the pump” for today’s events. Prescience? Inside track? Or just a series of lucky guesses?

The first big event of the year was the infamous Sony hack – which led to racist emails between senior Sony Execs circulating.

Then we had the “next level” Sony hack – the one blamed on North Korea, timed to come out at the same time as a comedy film about assassinating the leader of North Korea.

June 4

McAfee wrote about the most damaging hack in history: Adult Friend Finder, 15 million records. There were senators and governors and their staffers in the list, using their own names and official email addresses. There were also church leaders and celebrities.

June 8

McAfee’s next column Four Million Ways To Lose Your Secrets is about how the Office of Personnel Management got hacked, the intruders stole 4 million detailed records. This includes comprehensive and highly sensitive information that is collected as part of the application for Top Secret and other security clearances. This was blamed on the Chinese government.

June 25

McAfee said the OPM hack was smokescreen for a much bigger problem: 24 major hacks in the last 30 days. None of these appear to be linked to Anonymous.

From Silicon Angle:

The Office of Personnel Management (OPM) hack has acted as a smokescreen to mask a far broader problem that has occurred in the past 30 days. Here’s the full story in headlines (those in italics are included for completeness only and are not counted in the 24 hacks.):

April 7th 2015 – Russians Hack White House Computers and Even Access President Obama’s Schedule – New York Post

May 22nd 2015 – Adult Friend Finder hack exposes millions of sex seekers – SiliconANGLE #GetMcAfee’d

May 26th 2015 – 104,000 records taken from IRS Website – CNN

May 29th 2015 – IRS Blames Russia For $50 Million Hack  – Engadget

May 27th 2015 – Kentucky GOP Website Hacked – GovTech

June 1st 2015 – 1.25 Million records from Japan’s Pension System Hacked – Japan Times

June 4th 2015 – U.S. agency handling security clearances hacked – SiliconANGLE

June 5th 2015 – Records of 4 million Federal Employees Exposed in OPM Hack – NPR

June 15th 2015 – US Officials Now Say 14 Million Records Taken In OPM Hack – NPR

June 23rd 2015 – OPM Hack 4 Times Larger Than Reported – 18 Million Records Now Reported Taken – CNN

June 23rd 2015 – John McAfee predicts OPM number will reach 30 Million – SiliconANGLE

June 4th 2015 – Russia Hacks German Parliament – Business Insider

June 8th 2015 – US Army’s Website Hacked By Unknown Intruders – NBC News

June 8th 2015 – 70% Of U, S. Businesses Hacked In Past Year – Property Casualty 360

June 10th 2015 – Arizona Vehicle For Hire Licensing Agency Hacked.  Computers Still Down. – Arizona Central

June 10th 2015- Kaspersky Labs Security Company Hacked – CNET

June 10th 2015 – Apple iCloud Hacked.  Millions of Passwords Targeted – IBTimes

June 11th 2015 – Indiana Health Software IT Firm Hacked – Modern Health Care

June 12th 2015 – New Data Reveals 96% of UK Corporations Have Been Hacked – Information Age

June 13th 2015 – TV Giant Canal+ Has Been Hacked – Torrent Freak

June 15th 2015 – Newly Disclosed Hack of Homeland Security Exposes Records of 390,000 Employees, Contractors And Job Applicants – Newser

June 16th 2015 – North Dakota Workers Comp Insurer Hacked – Business Insurance

June 16th – LastPass Revealed That The Master Passwords For Its 7 Million Users May Have Been Compromised In Hack –Forbes

June 16th 2015 – Computers In House of Congress Hacked: – Breitbart

June 16th – University of Baltimore Website Hacked – WBAL-TV

June 17th 2015- Canadian Government Computers Go Dark After Cyber Attack – BBC

June 20th 2015 – Microsoft Website Dedicated to online Privacy Gets Hacked – ArsTechnica

June 22nd 2015 – Polish Airline Hack Attack Leaves 1,400 Passengers Stranded – CNBC

June 22nd 2015 – U.S. National Archives Says It’s Data Was Hacked – NextGOV

June 22nd 2015 – The NSA Hacked Into Popular Antivirus Software To Track Users And Infiltrate Networks – TechTimes

June 22nd 2015 – Script.CC. Hacked, Large Number of Bitcoin Stolen – NewsBTC

June 23rd 2015 – Britain’s National Health Services Hacked – Mirror

What can we make of the above headlines?

MCAFEED-194x194The first thing that I noticed was the complete absence of the type of hacks that appeared in the news in the previous year.  Nothing similar to the Target Corporation, Nordstrom Inc. and long string of other retail hacks; no mention of credit cards; no mention of individual financial loss.  All the mentioned hacks had to do with Political and Government personnel, or with gaining access to the deeper layers of individual lives – going way beyond mere financial data which is in constant flux.

The data taken focused on the more permanent aspects people’s lives.  For example, medical data was targeted in nearly 20 percent of the hacks (Japan’s Pension System, Indiana Healthcare Software, North Dakota Workers Comp, Britain’s National Health System).  The OPM hack, by far the most devastating, focused on the intensely personal data collected during the process of vetting people for secret security clearances.  This data included everything required to determine a person’s fundamental character.

Given the above, we can predict the following with a high degree of accuracy:

  1. More hacks of medical data within multiple states (and countries) will soon be reported.
  2. Reported hacks within the U.S. Government will spread to a number of other Government agencies.
  3. As currently known hacks unfold, they will significantly worsen.

People may be astonished by the increasing frequency of the number of hacks

[Source: Silicon Angle]


July 8

In a story this morning in IB Times, which doesn’t mention today’s attacks, McAfee said the leaks portends a grim future of global cyber war. One which we are already in.

Nothing to see here, sheeple, move along. As long as CNN tells you everything’s fine, it’s fine.

Burners have always been preparing for a post-apocalyptic, post-economic civilization – that time might be coming sooner than we think.

I don’t want to give a spoiler alert for the end of the new season of Orange is the New Black, but for anyone who’s seen it, I’m kind of imagining that…if the system shut down, and no bank accounts were working, that would probably seem fine for a moment. Eventually, reality would set in.

Wonder what is going to happen tomorrow: will the markets just shrug and move on? Will The Powers That Be continue to deny vehemently that it was a hacker attack, without even investigating?

anonymous fire satan-Fawkes

anonymous ferguson

[Update 7/9/15 5:41pm]

In today’s news, the OPM hack has now been increased to 22.1 million people’s records stolen, 1 in 15 Americans.

Officials have concluded that the larger breach, which targeted background investigation records kept by OPM, included Social Security numbers, information on family members and other contacts, as well as health and criminal records. The data haul also included an estimated 1.1 million fingerprint records.

In total, hackers are thought to have netted records on 19.7 million people who applied for background check investigations with the federal government, and another 1.8 million people including spouses who did not apply for a background check but whose information was included in the forms. Anyone who applied for a background check from 2000 on is likely to have had their information compromised…

Among the forms used in federal background checks is the Standard Form 86, an 127-page document that delves into intimate questions about prior brushes with the law, drug use, psychiatric health, and info on friends and family members. It requires the applicant to put his or her Social Security number on nearly every page of the document.

China was named as “the leading suspect” in the breach last month by Director of National Intelligence James Clapper…Officials did confirm on the call that both attacks were the work of “the same actor” who gained access to the OPM system probably starting in May or June of 2014 with a contractor’s stolen username and password. 

 [Source: NBC]

It sure seems like a lot of hacker related stuff was launched yesterday. In the Washington Post, DARPA announced a “Cyber Grand Challenge”, noting that we’re losing the cybersecurity war.

Image: DARPA/Facebook

DARPA initially started  with more than 100 teams when it began the program a year ago, but the field was quickly whittled down. On Wednesday, it announced the seven finalists chosen to compete in the competition next year. They are an eclectic band of cyberwarriors, ranging from academics representing major university computer science programs  to well-known hackers and defense industry heavyweights.

[Source: Washington Post]

[Update 7/9/15 7:24pm]

The White House and the FBI might be saying “no cyber attack”, but John McAfee thinks it was. I’m more inclined to go with the billionaire domain expert on this one, rather than the hasty diagnosis by political mouthpieces.

At around the same time that the NYSE went down, the Wall Street Journal’s website went offline, as did that of popular financial blog Zero Hedge. United Airlines also experienced a “network connectivity issue” which impacted almost 5,000 flights worldwide.

Given the criticality of technology to United Airlines, let’s assume for a moment it has a daily reliability rate of 99.9%, meaning it has a system failure once every 1,000 days – which equates to once every three years. Now, let’s assume the NYSE and the Wall Street Journal also have a daily reliability rate of 99.9%.

If these events were truly random and independent, then the frequency of all three of these events happening on the same day is once in a billion days (or if you prefer to count in years, almost 2.8 million years).

Coincidental failure is possible, sure, but it does seem highly unlikely. If you add Zero Hedge to the mix, then the probability of all four events happening on the same day rapidly approaches zero.

If we throw in the near simultaneity of the NYSE and the Wall Street Journal issues (happening within minutes of each other), then it is more likely that your car, using quantum probability effects, would leak out of your garage and show up instantly in my driveway an ocean away.

It is certainly possible, but no one in their right mind would bet on it.

[Source: IB Times]

The Financial Times commented on the attacks, and was rather dismissive of the official denials. They call for a new Agency to manage cyber defense, or just take it out of the hands of the USAF and give it to Homeland Security. That way, the same TSA goons groping you at the airport, can be looking up all your personal records in the Cyber databases too.

On paper, there is no shortage of resources; earlier this year, for example, President Barack Obama earmarked $14bn for the cyber fight. But the key problem now is not so much a lack of cash — but co-ordination: as fear spreads, a bewildering alphabet soup of different agencies and task forces is leaping into cyber battle, often with little collaboration. The institution that is supposed to be in charge of security threats is the Department of Homeland Security. But its skills are viewed with scepticism by military officials. The Pentagon has its own cyber warriors, as do America’s intelligence agencies.

The White House has tried to force these bodies to work together. Separately, civilian agencies such as Nuclear Regulatory Commission started holding discreet meetings with each other last autumn on cyber issues too. But collaboration across sectors is patchy. “The level of readiness in different agencies varies enormously,” admits a senior Washington figure at the centre of these efforts. Add in private sector bodies and the picture is even worse: not only is the Pentagon wary of sharing data with, say, the Chamber of Commerce, but companies are often terrified of revealing attacks to each other.

Is there a solution? One sensible response might be to create a new agency to provide a central focus for the cyber fight. There is precedent for that; most Washington regulators emerged in response to a new threat. The Securities and Exchange Commission, for example, was created after the 1929 stock market crash; the Food and Drug Administration appeared after scandals over dangerous medicines. A second option might be to relaunch the DHS to focus on the cyber fight. It could, for example, be named the Department of Cyber and Homeland Security.

[Source: FT]

7 hackers from L0pht raised the alarm about this to Congress in 1998, saying that any one of them could take down the entire Internet in about 30 minutes. [Source: Washington Post]

[Update 7/9/15 10:45pm]

A detailed post-mortem at Zero Hedge.

So, to summarize, the NYSE has a disaster recovery center which… they choose not to use because it is an inconvenience to clients who would rather be unable to trade!

Maybe there was a different angle altogether: with China crashing and halting 70% of the market, the US had just one response:

The Chinese stock market surged again today, after the government threatened short sellers with arrest. This may merely be a “dead cat bounce”, a reflexive response from the market when technical indicators show it as massively oversold.

It raises the prospect that the motivation of the hackers may not have been to destroy, but in fact to profit from wild swings in the stock market. The use of derivative instruments like Put and Call options can create massive profits from swings of only a few percentage points. Certainly, Anonymous would have been in a position to take out such trading positions before making their threat – and, it looks like, executing their plan.

[Update 7/11/15 2:04pm]

Financial Times: US Agency Head Resigns Over Cyber Attack


Lie, Cheat, and Steal Your Way To Burning Man

Image: Simon Davison/Flickr (Creative Commons)

Image: Simon Davison/Flickr (Creative Commons)

“Usually people are hacking to steal things…these people were hacking just to get a chance to spend $400 to get a ticket”

89.3 KPCC radio did an interview with Brian Doherty, author of This Is Burning Man, about the ticket scandal. Listen here.

The media blitz has continued, with MixMag, NY Daily News, Las Vegas Sun, the Bold Italic, NBC Bay Area, the SF Chronicle, the San Jose Mercury News, and hundreds more.

It’s amazing how this narrative is so quickly being spun by BMOrg’s PR machine to “Silicon Valley techies hacked Burning Man and stole tickets from everyone else”, and away from “the ticketing system was not First In First Out and all you had to do to buy tickets was go through Ticketfly’s web site and ignore the queue”. Once again, the Burners get the blame – just for exercising Radical Self Reliance. And BMOrg, rather than accepting responsibility for the unique system they’ve designed and the problems it caused for tens of thousands of their most loyal customers, gets to play the innocent victim.

Despite the story going global, BMOrg haven’t even looked at the report from Ticketfly yet. From SFGate:

While Burning Man organizers confirmed they had been hacked — and that the suspected parties would be stripped of their tickets — they said they needed to see the report from Ticketfly to get into the details. Whether actual hackers posted their exploits on social media was unclear.

“We may have more information later, but Ticketfly is taking the lead on figuring out what happened,” Burning Man spokesman Jim Graham said Monday. “We don’t want to say anything that is incorrect.”

BMOrg confirmed they had been hacked? Not Ticketfly? Hmmm….

I was in at 12:00:56 and didn’t get tickets. Some were there at 12:00:02 and didn’t get them. Others logged in at 12:10 and later and bought tickets. THAT is the biggest problem, and is nothing to do with hackers.

Let’s take a condensed look at the ticket problems, as reported by Burners:

  1. People wrote scripts to connect to the link at exactly 12:00:00
  2. People looked at the source code of BMOrg’s web page and found what the URL would be for the link to the waiting room; entering this URL in their browser meant they didn’t have to wait until the button turned green to get in the queue
  3. Bots were for sale for $750 that automatically bought tickets from Ticketfly
  4. People logged in after the “Pause” and got straight through
  5. People logged directly into Ticketfly, chose Burning Man, and entered their code
  6. People on mobile devices on Verizon got straight through

[if you’re aware of any others, please share]

According to BMOrg, echoed through the world’s media:

200 Burners used sophisticated software hacking techniques to place themselves at the front of the queue

The comments to the WIRED article (and at Burners.Me) have been quite dismissive of the use of the word “hacking” in this story.

None of the numbered examples I listed require any hacking, or any code to be written, although #1 and #2 do require some very basic technical knowledge. So do all these methods get a pass, and there was another hack that we don’t know about? Or is BMOrg trumping up #2 as the scapegoat for all their ticket woes – before they’ve even received the report from Ticketfly? Is this whole story they’re telling simply based on speculation on Reddit“We found these 200 people in the queue before 12:00:00, they must all be hackers”.

Even if there were more techniques used to circumvent the system, including hacking directly into the servers involved…it does not change the appalling delay between the last ticket being sold, and the 60,000 unlucky Burners in the queue being notified that they were only waiting to make a donation. For that one, they can’t blame hackers.

Meanwhile, tickets are now being offered for $1 million each on Stubhub. No word how many Mistresses of Merriment come with a million dollar ticket…