My question is - what is the appropriate response to something like this happening? We want to help the person who had their computer stolen have a positive experience, but we also don't want to create adverse incentives.
Once your laptop is stolen it's more of an issue of all your stuff being stolen as well (that is on the laptop) as opposed to just a piece of hardware. How are you supposed to do your thing if your laptop which is setup just for you has been stolen and you are at a hackathon?
(As a side note when I travel I travel with a cloned hard drive (encrypted) that can be used to boot another laptop.) Hard drive is always on carry on luggage as well. Cloning tool that I use is "super duper" (that's the name)).
Something like a little talk about HDD encryption, kensington locks, hidden softwares calling home, webcam taking pictures every 10 seconds and destroyed after a while unless asked to, etc.
Please no. Don't contribute to this cover-your-ass culture of information clutter by disclaiming the obvious with braindead notices that nobody is expected to read. It's common sense to maintain responsibility for your stuff to the extent you'd like to avoid having it mucked with through malice or ignorance.
When you have 1000 students in a hackathon, then yeah it's a good idea to point out the difference.
There's a world of difference between: "Don't leave your equipment unattended, boys and girls" and "heads-up: we've had stuff go missing in the past."
Never been to one of these so could you elaborate as to how a laptop was left (and for how long) so that it was stolen? (I'm curious about the details).
As an example is this like being at an airport terminal with your laptop, turning around for a second, and turning back to see your laptop missing?
Or more like leaving the laptop and going to the bathroom?
Or leaving the laptop for a minute while you go two tables over to chat with someone?
Do you know the exact circumstances?
That's why it's so sad when situations like those happen - it undermines the trust within the community. On Airport, or at the coffee place I wouldn't expect my laptop to be there if I left for an hour. On a hackathons I left my laptop for hours at a time. The only problem was that with the amount of MB Airs laying around, unless you had some stickers, it might take more than a moment to find yours :)
That could be as simple as something that would allow someone to easily lock the device to the desk and include providing the lock cable (depending on the cost).
Because from what you are saying it is not practical for a participant (and almost expected) that the laptop will be left unattended.
Edit: Defacto assumption of security or safety by virtue of the type of attendees and the venue.
Laptops modded specifically as honeypots. They could be modified to maximize battery life, and pass muster as an ordinary laptop under casual observation. However, their real purpose is to sit there in extremely low power mode, waiting for someone to move them, at which point, they fire up their radio and gps, and signal cameras and security personnel on-site to start watching.
Are onboard accelerometers good enough to do dead reckoning positioning of the device within the building, provided they have good data to work from?
Sort of. Dead reckoning with accelerometers is only as good as the error correction. Accelerometers tend to gain error factor very quickly without using a form of sensor fusion such as a partnership with a magnetometer to cross reference things like yaw with.
"indoor gps" is a point of intense interest right now it seems like for in-shop marketing and other (evil) things.
Leave the detective work to the cops, Bruce.
Anyhow, how would that be different than someone walking out of a building with any other piece of a school's or a hackerspace's equipment? What are they going to tell a judge: "It was an unattended laptop. I had to steal it!"
The idea being kicked around to take a collection from attendees is okay in theory but I'm not convinced having to file a police report is a sufficient barrier to future attendees claiming lost laptops in the hopes of getting $1000 from random strangers. Also you'd have to be really careful to make sure it was well understood the collection is totally optional, and not set it up in such a way that people who didn't want to participate for whatever reason weren't made to look like asses in public. Put in that situation I'd have no problem dropping $1 or $20 into a collection hat, but expecting everyone (especially students) to have such disposable income isn't fair.
It's great to track your hardware, it can event take screenshot of the screen and pictures with the camera.
something like this written as a hardware/bios/whatever malware is more interesting
This motivates anyone who has suspicions or inside information to come forward. If it's a theft by a student, it's quite possible that someone besides the thief knows what happened, but doesn't want to appear 'uncool' by expressing their disgust. A monetary reward may overcome this, and potentially makes them into a hero rather than a coward.
I would not offer any sort of amnesty or no-questions-asked policy. If you end up finding the thief, prosecute them. If someone claims to have 'found' the laptop in the the bushes, seems very interested in the reward, and you are suspicious, turn the matter over to the police and let them decide if the story holds up.
Specifically, I don't think you should offer warnings to others to take greater steps to protect their property. This has the appearance of blaming the victim, and potentially helps the thief (and potential friends) justify their actions to themselves as something the victim deserved for their negligence. Making it known the crime occurred is sufficient warning. It's in each individual's interest to protect their personal property, but not in the group's interest to create a 'fend for yourself' attitude.
Many of the comments here mention a certain level of trust in the [hacker] community...sorry but not every single developer is a saint who would never consider stealing someone's laptop. The larger the group the more people you'll have willing to steal if the opportunity arises.
Best bet is to think about it as being a completely public place at that point. Would you leave your laptop unattended at the corner of a busy street?
Hopefully the laptop ends up being misplaced or reported to lost&found and the organizers just don't know about it yet.
It is not so great that the possibility of the difficulty described by the original poster had not been thought of in advance, and that a clue and a policy is now needed after the fact.
Standard cautions to participants as a matter of policy are appropriate for all public events and occasions.
This is because no project or event can afford to suggest or create a culture that implies that the project is able to assume that participating individuals will be made whole from failing to attend to their valuable assets, whether they be computers, mobile phones, wallets, coats, hats or their bodies; further it is appropriate to warn all participants that civil authorities may be called upon to intervene or participate when inappropriate activity is discovered or reported.
A project or event code-of-conduct is appropriate, and having a policy guiding organizers and empowering all volunteers and participants to act against against miscreants with inappropriate behaviors is also a community-building and safety-building experience, in addition to the event's particular mission.
More generally, as a community-empowering project and event, an important measure, towards community-building, safety, and inclusiveness includes noticing populations that are desired and not always well-recognized, and dedicating your event toward providing a harassment-free conference experience (since property-stealing is a harassment) for all individuals, regardless of gender, sexual orientation, gender identity, disability, physical appearance, body size, race, or religion. This invites all participants to act individually when inappropriate behavior occurs.
This is a typical class of policy and notice that universities resort to, in anticipation of an occasion when a member of its population of students, staff, or professors is discovered to be acting beyond social, legal or ethical norms.
Source: Glenn Fleishman http://www.macworld.com/article/1163387/can_filevault_2_and_...
A school or community hackathon is a much more ambiguous situation. Get a police report, and see if you have event insurance or something to cover it.
I never leave stuff unattended in public, but things like hackerspaces, YC's office, etc. feel different. I do screenlock always, but I can't say I'd never leave a machine unattended in a semi-public environment.
Sorry that you have to deal with this Pulak :(
I don't know what to say about the stolen gear itself. People should take responsibility for protecting their own stuff, but that's a real challenge over a weekend non-stop sort of event, especially of that size. People need to eat, sleep, etc. I guess it's a lesson learned to have clear disclaimers of responsibility for future ones, and I'm not sure what to say about replacing that participant's computer. Not a fun situation, and it's hard to find fault on anyone (except the thief, of course).
If this theft happened to an experienced pro, then their data is encrypted and backed up, so all they've lost is hardware, and that's probably covered by insurance.
If the theft happened to a student, then maybe they're not the most experienced engineer. They might not have backups, and their data might not have been encrypted. They might not be ensured. The hardware cost is still - comparatively - cheap. But they might have to rewrite their thesis from scratch. Or risk having their personal data exposed to the public.
But at this point, the only help that financial aid can give, is restoration of the physical loss - i.e. a new laptop. In most cases, that wouldn't compare to the loss. But it might help, a little.
Definitely add a new section to the promo materials / introduction talk to remind people to watch their stuff, and that you're not responsible.
It's the person's fault for leaving their stuff unattended (everybody should know not to do that in a university building, even during special event). But you might chip in and help/replace it, as long as its just this once.
