DEF CON Safe Mode Platform Discussion

Whatever we pick will need to support thousands in a "room" watching video at a time.

When you start talking about thousands or more users, you will never be able to use any of the free or commercial meeting platforms. Zoom, GoToMeeting, WebEx, Skype, etc. cannot handle the volume. The biggest issue is the outbound bandwidth. Even with multicasting, nobody (except maybe Akamai and Google) have that kind of bandwidth. If a turn server is needed (almost certainly the case), then you'll need big computation resources (i.e., Google). With small groups, turn takes up almost no resources. But with thousands of users? Bandwidth and CPU become concerns.

The best bet it to use a split stream for the presentation. E.g., Zoom, Jitsi, or whatever the user wants for presenting and have it feed into a YouTube live stream. (Think cable modem or DSL -- low bandwidth up, high bandwidth down. Low bandwidth needs for the presenter to get to the distributing service, and high bandwidth for all of the people viewing from the distribution service.) This approach also deters someone from DDoS'ing the presenter since they don't know the presenter's direct IP address.

The spit stream approach handles your first requirement: thousands of people all watching the presentation/DJ at the same time.

Your second requirement is more difficult -- getting feedback to the presenter. Discord, Slack, etc. are text based and can handle thousands of users. I like this option more than Reddit or Google Chat or YouTube comments since they refresh in real-time.

Discord can also handle audio interactions. However, unless every attendee tests their audio first and clearly enunciates, this will result in a really bad experience. I suggest limiting audio responses until all of the other bugs are worked out. Maybe have the main presentation with thousands of users, then have smaller breakout Q&A sessions with direct audio/video (GotoMeeting, Jitsi, WebEx, etc.) Or use something like a "waiting lobby" (WebEx, Skype, etc.), where people are not accepted into the room for asking questions until it is their turn to ask questions. This keeps the bandwidth limited to the people in the room, while everyone else watches the breakout session on a YouTube live stream.

Your final requirement -- having the group interact as a group -- is much more challenging. (Presenting is 1xM complexity. Q&A is NxM, where N << M. And group chat is MxM.) Big Blue Button might work, but its interface is designed for a classroom environment. (And you'd need someone with bandwidth.) Discord might work if you have small groups of about 25 each. (But I don't know how discord will perform with hundreds of groups of 25 each.)

Or you can just use pretzel.rocks on your platform of choice

Twitch seems to not muck with live streams, but will sometimes mute portions of VODs from those live streams.

As far as I can tell, right now, no one really knows how to deal with streaming DJ sets. Even the big players (e.g., Beatport) are getting their streams flagged on Twitch and YouTube.

Thanks for the link, savagejen. It looks like they also have downloadable tracks (useful for DJs to load into their players) on a related project at https://www.ninety9lives.com/ . Asking the DJs to stick to royalty-free/permissive-licensed tracks might be a non-starter, though!

supersat: Thanks for the tip about Twitch. That's good to know that they're not currently hitting the live streams at least, and I hope that doesn't change.

I don't know how many people it can support, but there's https://vemos.org/

I agree. With VR platforms, consider accessibility issues as well: both physical and hardware-access related.

Don't get me wrong -- I like Zoom's capabilities. But the current security issues and political policies make it a no-go. For example:

- Companies and organizations that have outright banned employees from using Zoom: Google, SpaceX, Smart Communications (Philippines), the entire government of Taiwan, NASA, German Foreign Ministry, US Senate, Australian Defense Force, New Your City's Department of Education. (This isn't the entire list.) See: https://www.techrepublic.com/article...nasa-and-more/

- The Pentagon has banned hosting meetings, but employees can still participate. However, other US Gov groups have outright banned Zoom on any system that can directly, indirectly, or tangentially connect to anything in the US Gov. (E.g., if you can do your gov work from home then you can't have Zoom installed on any computer at your home.) There are per-use exceptions, but who knows how many impacted people can get the exceptions (probably not worth the effort to ask). https://www.military.com/daily-news/...-military.html

And these are just the ones that have been made public. Plenty more organizations have banned Zoom -- in part, whole, or even for non-work uses -- and have not been reported in the media.

Keep in mind, Zoom has reportedly already fixed many of the security and privacy concerns. However, fixing the bug is not the same as removing the policies and changing business restrictions. Unless the policies are changed and the restrictions are lifted, Zoom is not viable for many of the attendees.

As an aside: GotoMeeting, WebEx, Skype, and other platforms have had their own share of security and privacy issues. But only Zoom has the widespread "do not use" restriction. (I'd love to see a Defcon talk on Zoom hacking while all of the attendees use Zoom.)

Just to clarify - especially to @badlock's comment below.

You don't need Zoom to watch the talks. You just need it to present. Presenters can also present using the web version. To watch, you would just need to access the stream on youtube or twitch. (Or both, maybe)

Also, the serious concerns with Zoom are to do with it not have true E2EE as per whisper protocol - I think that if you are broadcasting something to the Internet, you are pretty secure from someone downloading your encrypted stream and keys in order to decrypt your stream.

https://www.bigscreenvr.com/
Bigscreen might also be a good option for shared experiences. It has cross platform support and also has a 2d desktop version.

If each of the villages had their own discord servers it would probably keep things pretty reasonable. I also kinda doubt that we would see the same level of participation as defcon proper, but I suppose it could go either way.

It would be interesting to see an official defcon discord server and see how many join.

I think it's a really good point that DefCon isn't "normal" or what these companies tend to expect from their users. We really should be cautious of using stuff like Discord. It’s just a disaster waiting to happen IMO. It doesn’t help that their business model doesn’t make a whole lot of sense. They claim to be privacy friendly but reading their privacy policy seems to indicate that they’re still scraping user data. They claim not to be selling user data or using targeted advertising but I see no other way for them to be making the money to support 56 million people every month. I’m reminded of a scene in the IT Crowd where Jen claims to be on the phone with someone but Moss points out that her phone isn’t even plugged in. In other words: I don’t trust em for shit.

>I also remember they had an IRC server to ask questions during the talks with webchat.

Yeah I'm surprised that not many people are recommending IRC. It shouldn't take a super beefy server to run and it works.

They use hackint for irc and it's up all year long. If yall asked nicely, maybe they would agree to let you use the infrastructure for defcon this year. idk you would have to ask.