WHYcast transcript episode 24

From WHY2025 wiki
Jump to navigation Jump to search

Disclaimer

This is the full transcript generated using AI tools and some human oversight. It may contain errors. Please review and correct obvious mistakes before publishing.

Transcript 24

[Nancy]: Hi and welcome to the WHYcast episode 24—which is 42 backwards. I’m Nancy.

[Ad]: I’m Ad. And we are the hosts of the only podcast about a hacker camp in the universe. This volunteer-run event will take place this year in the Netherlands, approximately 42 kilometers north of Amsterdam, from August 8 to 12, 2025.

[Nancy]: So, Ad, what are we talking about today?

[Ad]: Well, we have news, we have where to hack, we have a cool interview, we have the vacancy of the week, and we have a listener question. But first, the news—because not that long ago we ran a little contest to guess when we’d hit the halfway point. Then we had to scramble to make a social media post about two-thirds of the tickets being sold, and now there are fewer than 1,000 available.

[Unknown]: Wow.

[Nancy]: My goodness—that’s crazy, right? We’re in the three digits…tickets left, that is, not sold. No, yeah, we are getting close. Very interesting. Yeah, yeah. And there was a huge bump at the end of February because the ticket prices went up a little bit—and we could definitely see when people got their payday and quickly bought tickets, which is cool.

[Ad]: So it’s also maybe interesting to mention that I spoke to some people who might have a bit of a hard time paying the full price, and we have solutions for that.

[Nancy]: If you’re listening and you are in cybersecurity making the big bucks, please consider buying a generous NERD ticket—you pay a little extra. If your boss is paying for you, consider a corporate ticket, which is a bit more expensive (it’s 512, because we love numbers) but free of charge to you as an attendee. By doing that, you help out other nerds who are lower on funds—like a single mother with a kid who also really wants to come but doesn’t have the means. So if you have extra money, please pay more. If you’re a bit short on money, please reach out to Friends at friends@why2025.org. There are people there who will help you. We really don’t want anyone to miss out because of money. If you truly want to come and need help, please do reach out. Even though the ticket price went up, if you can pay it, please do so—so we can make it affordable for everybody. I really want to mention that once again.

[Ad]: Lovely to include everyone.

[Unknown]: Yes. [Unknown]: Yeah.

[Nancy]: Less than a thousand tickets left—and it’s only March.

[Ad]: It’s wild. It’s wild.

[Unknown]: Yes.

[Nancy]: I hope we sell out by my birthday.

[Unknown]: Oh, there’s a dot on the horizon.

[Ad]: We’ll see what happens.

[Unknown]: Yeah.

[Nancy]: Well, maybe we have to find out before that—before our crazy, cool, nice, awesome event is happening—where we can hack.

[Nancy]: Each week we share where you can find like-minded people to hack with. So, where can we hack?

[Ad]: At the end of the month—like every year on the last Saturday of March—it’s International Open Hackerspaces Day. A lot of hackerspaces in the Netherlands open their doors, and in the rest of Europe as well. Some have a full weekend plan, some only on Saturday, and a couple open on Sunday because that’s their regular opening day. Please get in touch with your local hackerspace to see what they have planned—and do visit. It’s not scary; it’s fun.

[Nancy]: Especially that weekend—29th and 30th, I think—we will also post on our social channels which hackerspaces WHY visitors belong to. That way, we can make some noise for the hackerspaces as well.

[Unknown]: I have very close contacts with Team:Info.

[Nancy]: Um, so let’s make that happen. Let’s make some extra noise around hackerspaces all over Europe—I think that’s the breeding ground for new hackers and friendly faces.

[Ad]: And you’ve discovered how friendly hackerspaces are. Even if you’re in a different country—like Valencia—you go there and say, “Hi, I want to visit.” It’s great fun.

[Nancy]: If you’re in Valencia, go there. I have contacts now, but you can contact them yourself or just drop by.

[Unknown]: Yeah.

[Ad]: For Dutch hackerspaces, visit hackerspaces.nl. It gives a nice overview of the spaces here. There are other initiatives where hackerspaces gather and share their information.

[Nancy]: Awesome. I think some hackerspaces also run cybersecurity games—like capture the flag.

[Ad]: Oh, capture the flag—yes, that’s a perfect segue to our next segment. You had an interview with Thijs.

[Nancy]: Absolutely. You already delivered a lot of blog posts, Thijs, to Team:Info to prepare for the teaser CTF that’s coming our way before the Open Hackerspaces event. It starts on March 21st.

[Ad]: Yeah. It’s just a weekend of CTF fun. It’s a great way to learn what a CTF actually is and how it works.

[Unknown]: And it’ll all be online, just as a warm-up. The actual event CTF is in person—under a big tent on the field—and it’s also fun.

[Nancy]: But I think Thijs can tell you a lot more about this.

[Unknown]: Uh, yeah.

[Ad]: So you had an interview—and then we’ll share the links again in the show notes down below.

[Nancy]: Today with me is Thijs. Hey Thijs, can you please tell us who you are and what you do for WHY?

[Thijs]: I’m Thijs, the team lead of the CTF team. We organize capture the flag. What is capture the flag? Well, you capture flags by solving challenges we create. There are different categories—network, web, reverse engineering, forensics, hardware, and so on. You go to our scoreboard, click on a challenge, solve it to get a flag, submit the flag, and earn points. That’s what you do for the full event. You try to score well and play together with others, onsite in our CTF tent under the big tent on the field. We focus both on experienced players and beginners—if you’ve never played a CTF, join our tent. We’ll get you up to speed and help you. We’ve done this before at MCH, SHA, OHM—we’ve been running CTFs for over a decade.

[Nancy]: It sounds like a big puzzle game. Can you describe one of your puzzles—say at MCH?

[Thijs]: Sure. We had lock-picking challenges: multiple locks in an enclosure, and you had to pick the lock to retrieve the flag. Another onsite challenge was sniffing something out of the air—you get hardware and an antenna, build something to read RFID or encrypted RFID text. We scale difficulty: first challenges are easier, then harder. You learn along the way—that’s one reason people play CTF. We create creative challenges we think are fun to learn, but it can also be a network dump exploration or a forensic challenge.

[Nancy]: How did you get into this? What was your first experience?

[Thijs]: Over 15 years ago, I started on an individual basis. Then some CTF teams formed in the Netherlands—Einbasen asked me to join around 2010 or 2011. We played together for a couple of years—2012 and 2013 were huge for us. We reached finals in Russia and Korea and even won some big CTFs. CTFing full-time takes a lot of time, so in recent years I’ve laid low, though I still play occasionally with another team, Spotless, and at some onsite CTFs with others.

[Nancy]: Was that also the gateway to become a CTF maker? That’s a different ball game—puzzle solving versus puzzle creating.

[Thijs]: One of our first big organized CTFs was at OHM 2013. After playing many CTFs, we thought, “Maybe we should build one ourselves.” We discovered how fun it is to create, but it’s a lot of work. We set the bar high: everything must work perfectly, be tested, and be clear. No broken challenges—everything needs to be solvable at least once. It’s almost like building an escape room on steroids.

[Nancy]: Where do you get inspiration from? Other CTFs, escape rooms, everyday objects?

[Thijs]: Basically anything. I’m a puzzle maker—I build escape rooms, thrift-shop for ideas, and I see a puzzle in almost everything. I learn from escape rooms how people interact with puzzles. You have to design to withstand cheating and breaking—people will cheat, and they’ll break things if given a chance. We design with that in mind.

[Nancy]: What’s the most elegant cheat you’ve encountered?

[Thijs]: For onsite puzzles, some players walk around early to glance at upcoming puzzles, then look up background info—sneaky but acceptable if done subtly. A blatant cheat was someone jamming a knife into the lockpick enclosure and twisting it apart to get the flag. That breaks the puzzle and is far out of bounds. Don’t do that.

[Nancy]: Are there any other reasons people should come to the event—especially to the CTF tent?

[Thijs]: The whole event is fun, and our CTF gives people a chance to play without any experience—so they can see if they like it. In the past, most people who start with us are hooked. We have to kick them out at the end of the day because they want to keep playing. They line up before we open the tent in the morning to continue, and that enthusiasm is what makes it fun for us.

[Nancy]: You’re also providing a teaser CTF up front. Tell us about that.

[Thijs]: We have a short teaser CTF round with only a handful of challenges from March 21st to 23rd. Some challenges are suitable for beginners, and there’s a flyer-generator challenge so you can generate your own WHY flyers—and hack the flyer-generator itself if you like. We’ll share the results on the podcast—somebody will win, and we’ll announce the winners in the next episode.

[Nancy]: Anything else about the teaser round?

[Thijs]: On site, we’ll run a Secret Token Challenge—a field game similar to an escape room, done before at MCH and fun even for children.

[Nancy]: That’s great for the family zone—at least 200 attendees under 16 will be there, so it’s awesome you have gateway puzzles for them.

[Thijs]: Thanks. I’ll come back on the podcast to talk more about the Secret Token Challenge.

[Nancy]: Thanks so much for your time and all the energy you’re putting into building an amazing experience for WHY visitors.

[Thijs]: Thank you. I’m the face of the CTF team, but there’s a whole team behind me working hard. Shout out to the team—you’re awesome. We’re five people in total.

[Ad]: If you want to participate in the CTF, go to ctf.why2025.org. We’ll also link the YouTube video where Thijs talks about escape rooms. He’d like to come back with the winners, if they’re not too shy—stay tuned for part two after the teaser CTF.

[Ad]: Now let’s talk about the vacancy of the week: Team Lead Parking—pom, pom, pom. This one’s predictable if you’ve followed us. If you’re sick of hearing about this role and you’re Dutch (so permits are easier), pick up the YITZI, join the orga meet next Wednesday, and say, “I’ll be Team Lead Parking.” Konmei will hook you up with everything you need.

[Nancy]: By the way, the next online orga meet is Wednesday, March 12th, probably in the new YITZI server—hopefully our own WHY2025 server, instead of borrowing from our favorite hackerspaces.

[Ad]: And if you want to check out the field, on April 5th we have the field day—more on that later. That ties into our listener question: will there be shuttle passes? Yes—there’s a shuttle service from Alkmaar station to the terrain, with steady trips on Friday (day one) and Tuesday (last day), plus on-demand runs during the day and into the evening. Volunteers will drive the shuttle—if you have a driver’s license, volunteer for an Angel shift.

[Nancy]: Angel shifts are a cool way to meet new people—help them get from the station to the terrain, and you’ll make connections.

[Ad]: It beats walking. If you try to walk from the station to the terrain, you’ll hit some tricky spots with narrow cycle paths.

[Nancy]: We also got a question from Pink, whom I met at FOSDEM, about what’s going on with the event badge. From what I’ve heard, there’s a big badge team, and there definitely will be a badge. When they’re further along with the design, I’ll ask them to come on the show.

[Nancy]: If you have any questions about WHY, let us know—maybe you want to know about sponsor packages or CFP because we need more CFPs. Send your questions to whycast@why2025.org or leave a comment. We’ll see you next time!

[Ad]: If you enjoyed this episode or think we missed something, leave a comment on YouTube, click like, share, and subscribe on all our socials. We have a fan—shout out!

[Unknown]: Yes—thank you.

[Nancy]: And with that, we’re done for episode 24. Almost half a year in—amazing. We’ll see all of you next Friday, because that’s another WHYday. 24

Retrieved from "https://wiki.why2025.org/index.php?title=WHYcast_transcript_episode_24&oldid=9630"