DEF CON Forum Site Header Art


No announcement yet.

DEF CON Safe Mode Platform Discussion

  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by TunnelJumper
    Yeah I'm surprised that not many people are recommending IRC. It shouldn't take a super beefy server to run and it works.
    IRC has problems on mobile. Several attempts have been made to address these problems for mobile users, but I don't think they have all been resolved.
    * IRC prefers to work when client have IP addresses which don't change.
    * Ping disconnect is an issue for mobile users when service is temporarily lost while traveling
    * Because IRC tends to expect the network always be on, networking can drain power pretty fast compared to little or not network, except for occasional push notifications to request fresh of data since last time
    * Compare that to other chat services where network can mostly be off, such as when the screen is off, in power save, and then a push notification comes in, and can issue an app alert with or without sound/vibrate, so user can turn on screen and activate app and network to see full messages just delivered.
    * Encryption and privacy issues
    * When disconnected, missing content that was posted while you were away
    * Channels with a thousand users watching one presentation could become really hard to follow conversations. (Some clients try to highlight statements mentioned which include your username)

    Some attempts have been made to work around these, but not as well as the built-in for many services which work on mobile apps and desktops.

    Some people suggest: "Just run a terminal in mobile, ssh to a box, run screen or tmux or ??? and run an irc client there. When disconnected, reconnect and see what was missed. Breaks notifications in mobile when new content arrives, and mobile devices do not lend themselves over to having terminals work to read/type, and requires a remote box where you can run screen, tmux, etc.

    Consider "Signal" : Lower power use when in group chat. Your source IP can change all it wants. Messages "sent" by not yet delivered can wait until you are back online. End to end encryption built-in. Difficult? The most common/default use risks leaking a phone number as a personally identifiable piece of information.

    More younger people (14-28) have no laptop or desktop computer. Many only use mobile device like smartphone and sometimes a tablet or something like a "surface pro" sans a keyboard. Many don't even have a POTS phone number.

    Whatever solution is adopted will probably need to work as well on mobile as on laptops/desktops.
    Last edited by number6; May 9, 2020, 17:21.
    6: "Who is Number1?"
    2: "You are number6"
    6: "I am not a number!..."


    • JRWR
      JRWR commented
      Editing a comment
      It all stems back to the sheer amount of people. Most platforms are going to buckle under the load

    • TunnelJumper
      TunnelJumper commented
      Editing a comment
      You're right these are problems. However using Signal might not be the best solution either. Don't get me wrong I love Signal but its far more mobile oriented then it is desktop oriented. It has a desktop client but said client requires that you install it on a smartphone first. This is an issue for the more paranoid in the hacker community who have sworn off smartphones all together. Also like JRWR said Signal might not be equipped to handle an entire con of people. A possible way to get around both our issues would be to go the Mojave Phonebooth way and have it so people can enter the IRC through Signal or SMS. That way desktop and laptop people can just tune in to the IRC and mobile people can use Signal or SMS.

  • #17
    On a pure scale factor, Mumble will win, I've personally seen 3k users in a single channel all talking at the same time (EVE Online is a strange place for sure) without hassle. But its text chat is pretty garbage. IRC would be a good text chat, easy to run, well known moderation tools.


    • #18
      As for large amounts of people connecting, and having a more traditional feel for talks and such as well as music performances, such as for DJ's, I'll throw in my two cents about AltspaceVR. It has options for both VR and Desktop, and has a system built specifically to allow for large amounts of people to view one presentation/performance.

      This is a fairly recent article talking about it a little. "AltspaceVR said previously that with FrontRow it could theoretically handle as many as 40,000 people in a single event."

      They also have good moderation tools, as well as a simple way for anyone in the audience to ask a question of the presenter (using a "raise hand" button, similar to real life).
      Last edited by TheMicroDot; May 9, 2020, 23:57. Reason: Changed to a different article, that had more/better information.


      • #19
        I started a decision matrix on the top post.

        What am I missing? Please suggest the data for me to keep filling it in.
        PGP key: valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A


        • TunnelJumper
          TunnelJumper commented
          Editing a comment
          No section for IRC? It might as well go on there so we can look at the pros and cons even if we end up not going with it.

          Edit: Additionally I haven't been able to find anything about self hosting a Discord instance despite what the decision matrix says. Am I wrong?
          Edit 2: Would adding a section for whether or not the project is open source be useful at all? I know that at the end of the day this is primarily a business decision but I feel like it might matter to the more paranoid among us (myself included).
          Last edited by TunnelJumper; May 10, 2020, 04:33.

        • TunnelJumper
          TunnelJumper commented
          Editing a comment
          Ok here’s what I’m getting from the info we have so far:

          Max users: Possibly more then 3k according to @JRWR.
          Self host: Yes
          Censored: No
          Mobile: Yes
          Available in China (Just assuming that's what this means cuz I’m not really sure): Self Hosted so in theory yes.

          Self host: Yes
          Censored: No
          Mobile: Yes but it has problems as outlined by @number9
          Available in China: Depends on who’s hosting it but in theory yes.

          Self host: Yes
          Censored: No
          Mobile: Yes
          Notes: Other communications can be bridged into Riot such as IRC, Slack, and Discord.
          Last edited by TunnelJumper; May 10, 2020, 05:43.

      • #20
        There's two things good at streaming for cheap, for lots of users - YouTube and Twitch. They are free.
        Both are blocked in China though, but work through most VPNs.

        Most people with OBS should be able to live-cast their talks to Twitch quite easily.

        Youtube's mobile live streaming is okay, but definitely quite annoying with the ads.

        Discord + Twitch seems to be a pretty decent setup.

        AltSpaceVR does not look like it has a regular 2D mode on the phone, seems to be a VR only experience, a small % of gamers have it.

        Facebook live streaming is not something I have seen being that popular in the last 2 years, and nobody wants to create an account to be on it.

        I run an IRC app on the phone, but it pretty much pales in comparison to Discord. Discord and Slack are mobile friendly, but I like Discord better here, because Discord is way better integrated with Twitch and people on one are usually on the other.
        Last edited by guilt; May 10, 2020, 02:29.


        • savagejen
          savagejen commented
          Editing a comment
          Twitch is free to use, but if you set it up properly you can make money off your stream. You need affiliate, partner, or event status to do this.

      • #21
        You will probably need a combination of things.

        My experience is that Zoom and Discord and Youtube make a good combination.

        To add to your table:
        Zoom can have about 1000 users all at once but you should pipe it into youtube/facebook/twitch for the presentations.
        Youtube can handle pretty much anything you throw at it - Coachella had millions of views over a weekend.
        Apparently Ariande Grande concert was streamed over Facebook Live and it hit over 500k viewers
        Drake set the Twitch record with over 1 million views.
        Btw, you don't have to pick just one network. And it may make sense to have multiple for redundancy purposes

        Altspace is cute and I think you should definitely use it but not for the main presentations. You can pipe video into rooms and I am building a room for DCG11613 now but it is slow going. I want to have it ready for Defcon tho so my members can watch together. It would be nice to have an official DC room but I'd keep it as a nice to have.

        Discord is a lot easier to manage than Slack and it has some interesting features. Discord can also be accessed from IRC. Discord also doesn't have a message limit - if you use the free version of slack then you'll reach the message limit in hours.

        OBS is pretty cool and you'll probably want something like it to make banners and such. Branding. But that needs to be managed centrally - you don't want your speakers having to bother with OBS and things when they are already nervous about presenting remotely.

        One thing you want is a way for the audience to interact with the speaker and Discord is good for that. Ensure you have a QA channel. Zoom tried hard with their QA feature but it doesn't work. Best I have seen is the MC asking the questions on behalf of everyone.


        • #22
          Twitter also has video streaming, thanks to bringing periscope into their offerings; I have seen it handle hundreds of thousands of viewers, though that was with the coordination of their engineers. For the "broadcast" elements of the con, it makes sense to simulcast on multiple platforms for added reach / differing tastes. Imagine each track being on Twitch, Youtube, Facebook, and Twitter all at the same time; that said, copyright music needs to be avoided on those platforms and then there's that minor issue of them potentially taking offense to the content in general.

          One thing that I haven't seen mentioned is to "self-host" the video streams as it were. Push the master high bitrate signal to a CDN with cloud transcoding; I know that Akamai and AWS offer this. Couple that with a CDN backed page with a videojs player pointing at the video streams and it should handle the load just fine.
          Last edited by EvilMoFo; May 10, 2020, 07:51. Reason: a forum that doesn't use forum code .... this is why we can't have nice things


          • #23
            A/V For Talks:
            I don't think there's a realistic solution that doesn't include some combination of Youtube/Twitch/Facebook. These are pretty much the platforms that people will expect, and if you do anything else, you're heavily suppressing accessibility. For better or worse - people are lazy.

            One thing to consider - pre-recording talks and premiering them during the con rather than requiring live presentation. This has major upsides
            • Totally subverts the many, many, many technical issues that come with live-streaming.
              • Far less coordination required between the CON and presenters. They submit a video, the video gets published. The End.
              • No technical issues stemming from "my streaming software doesn't work with that other platform you're using"
              • Gets around region locking issues. xyz video service not available in xyz country? Publish the video for download via torrent or wherever at the time it premiers. Everyone gets it.
            • Screening for quality and giving people multiple takes is a huge plus.
            • Everyone gets to use their own preferred recording software
            • Allows for possibility of anonymous publications (submitter can go by pseudonym and mask their voice)
            • Allows the authors/presenters to engage with the community DURING the talk.
              • Fielding questions (or collecting questions to be fielded afterwards)
              • allow for pop-up discussion groups on particular topics to happen organically ("hey this talk seems to have created a ton of buzz, but we're moving on to the next talk, everyone who wants to keep going join this server/channel)
            • Gets around time-zone issues with a distributed event like this
            • Can even choose to live-stream the initial premier (to give people "The Platform") and then immediately archive the talk for playback.
            • It doesn't have the same buzz as a live stream.
            • Mitigations
              • You could get around this by scheduling releases and running streams before publication of the individual videos.
              • Treat it like a hacker talk show - You can have emcees.
              • Can have the presenters call in for their time slot to field questions after the presentation wraps
                • Emcees select questions from the the hoard
                • Discussion groups are set up for the authors to engage after their time slot expires

            Chat / Audience Interaction
            For attendee interaction, having separate moderated rooms for general discussion and Q&A on a per-track basis would be best.
            • IRC is cute, but it's troublesome in the modern age of ease-of-use.
            • Discord is a good idea, but it does require software/app download.
            • Slack has message limit issues and it quite clunky to moderate in my experience.
            • Twitter is a nightmare.... but people might actually prefer to submit questions / discussion via tweets. (Discord and Slack bots can ingest these)
            You're not going to find a "best" solution in this realm - if there was one we'd all be using it. Just pick one and go with it.

            My preference is Discord because it has easy Direct messaging, abilities for people to screen share / audio chat built in, rooms, moderation, and multiple servers can be made to organize things better (Main track server, village servers, etc). People can quickly and easy spin up new servers and rooms for side discussions and info sharing, hacking, etc. The Darknet Project uses it for their event and event planning, and it has worked extraordinarily well.

            Edit: As I understand, Riot is basically the FOSS version of discord that can be hosted internally, this is heavily preferred if easy-of-use is as good as it claims to be and the management can handle the load. Although as i understand it there's no VOIP, so that sucks.

            Other major concerns

            One of the biggest issues I can see is setting agreements with those companies not to tear down streams / content if they dislike what's being discussed. That's a huge no-bueno, and there will probably be people raising concerns over potential privacy and censorship issues (i.e. am I free to discuss an epic 0-day i found in google's infrastructure... live on Youtube).

            I don't see any way of ensuring this without discussions directly with the companies. You're (we're?) DEFCON, I imagine every platform is going to want to have a piece of the "First Canceled DEFCON" hyped up revenue stream. But there has to be a non-censorship agreement.
            Last edited by gourry inverse; May 10, 2020, 14:31.


            • TunnelJumper
              TunnelJumper commented
              Editing a comment
              Another good thing about pre-recorded talks would be that it gets past the China blocks that affects all the streaming services that we have listed in the decision matrix. Simply upload all the talks to the media server and boom, crisis averted.

          • #24
            I work for a larger managed security company, and for large online events with thousands of viewers, we use the ON24 platform. They have the capability to scale very large, have an interactive platform that works on desktop and mobile, and have been able to repel attacks fairly well so far for us. We know we are a target whenever we give online presentations, so we were very careful about the platform we chose to do so. I've hosted several events there, and the system has been not only very easy to work with, but very reliable. I don't know much about what the costs are for ON24, but they can most certainly handle the volume, and are at least in our case, accustomed to handling information security discussions online. One platform at least to consider.

            It may also be a good idea to look at multiple platforms. A platform like Twitch may be good for presentations that aren't very interactive, but is not as good for something like a workshop that is intended to be more interactive.

            Platforms that can integrate with an SSO/SAML for authentication may make it easier for the con to charge an attendance fee (virtual badge) and allow con attendees to easily authenticate to any paid events.

            Executive summary:
            • Video streaming to thousands: Yes
            • Moderated chat during presentations: Yes
            • Ask presenter questions in a queue: Yes
            • Platform to show presenter video as well as slides without using OBS/video production equipment: Yes
            • Recording of streams for download, playback, or CDN distribution afterwards: Yes
            • Mobile support: Yes
            • Desktop support: Yes
            • Self host: No
            • Privacy: TBD
            • Cost: Paid - TBD
            • SSO/SAML: Yes
            One great thing about ON24 is that the event can be setup to only allow feedback from attendees by the integrated Q&A system. That allows the questions to be moderated, and you don't have an endless stream of people unmuting themselves and interrupting the speaker, or flooding the chat stream with spam.


            • #25
              Firstly, if supporting China is required, we really need to poll China for input. If we're trying to exclude them then, I'm done, especially right now.

              The next person who suggests "a beefy server" for running an IRC hive needs to hush up, grown ups are talking.

              Any "servers" have to be either hardware virtualized or running in an MLE, this is still DefCon FFS. head->desk

              What if talks were pre-recorded and posted to the media servers and then only the Q&A would be scheduled. This could allow the Con to be spread over a week to ten days, distributing the load across a longer time and allowing folks to consume more of the content.

              There should be no earthly reason Hacker Jeopardy should not go on, because I have needs and I can get my own damn beer.

              Vendors should be getting their merch ready for online vending on the regular schedule and consideration should be made for vending directly via some kind of merch mall.

              We need multiple solutions, not just one. For example, DJ's are the best folks to talk to about live stream hosting for.

              Don't Facebook, Amazon AND Twitter have RED in their books where this community is concerned?? Don't they actually owe us??

              If not, can I please make them pay anyway? I am so bored.

              My skills are known here. Contact me if you need me.
              That's my story and I'm sticking to it.


              • #26
                I was doing some reading and came across a potential solution, but I am not too sure about the privacy concerns (WebRTC related)

                Basically, making use of peer-to-peer streaming, or "peer-casting" as they call it

                There seems to be a Torrent-based P2P-streaming platform that is worth a look, but I am no expert



                • #27
                  I'm looking to fill in the blanks, and have changed the "Cost" column to a "Guest Access? column. Basically can attendees use the service as a guest without needing an account .For example Twitch allows anyone to stream, same for YouTube. I'm not sure about FaceBook.

                  My current thinking is to use Twitch for the streamed content, but to disable chat. All the chat would happen on whatever platform Twitch is connected to like Discord, Zoom, etc.

                  Yes ndex the China column is if the service can be accessed natively in China. We know YouTube, FaceBook, Twitch are not, but we are looking into streaming platforms in China that we could connect to for talks and then publish a schedule here that China users can access.
                  PGP key: valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A


                  • savagejen
                    savagejen commented
                    Editing a comment
                    I would recommend allowing twitch chat. Custom chat emotes are one of the major reasons people subscribe to a twitch channel, which is a source of revenue for that channel. Since yall are not affiliates yet, if you plan to use twitch, you really need to reach out and ask about partner or event status. Alternatively, you could easily meet the affiliate requirements in a month if you tried.

                • #28
                  I hadn't heard of Riot until now. It looks like it ticks so many boxes. It even has voice and video chat. I think dc253 might start using it instead of discord.

                  The possibility of integrating another app like youtube or twitch right into a channel is really interesting.


                  • 3mul0r
                    3mul0r commented
                    Editing a comment
                    Full disclosure I haven't seen any evidence of a twitch integration already existing. Throwing that into my comment along with youtube was just wishful thinking of the possibilities on my part.

                • #29
                  I agree with @supersat. If the talks are pre-recorded, the quality will be way better. There won't be the issues you can have in a live talk:

                  * Internet connection problems
                  * People disturbing the speaker at his home
                  * Noise outside
                  * Mic problems

                  A detailed tutorial with guidelines could be provided for speakers on how to pre-record their talk, such as this one.

                  Also, this will give speakers more time to work on what they say, and submit their pre-recorded talk when they're satisfied about it. Speakers could then answer questions by being available for a live Q&A.
                  Last edited by zokuniok; May 11, 2020, 10:28.


                  • Dark Tangent
                    Dark Tangent commented
                    Editing a comment
                    I did a web speech with no feedback once and will never do it again. I was talking to a web cam with no video or audio of the audience. It was miserable. I must have looked like a robot.

                • #30
                  From ON24 terms and conditions - important sections noted.

                  b) An Agreement may specify a certain number of Attendees that are included at no additional charge for a particular Service (the “Included Attendees”). In such a case, should Client run a Service that is attended by more Attendees than the Included Attendees, additional fees may be payable in accordance with such Agreement. Notwithstanding the foregoing, use of the Services shall be subject to the applicable Attendee Limit.

                  The “Attendee Limit” shall be 2,500 concurrent Attendees for a Live Experience, and 1,000 concurrent Attendees otherwise.

                  “Live Experience” means the usage by Client of a Webinar, Virtual Environment or other applicable Service at a specified time and date for a specified duration of time. If the total number of Attendees connected to or attempting to connect to a Service exceeds the Attendee Limit (even if the Included Attendees for such Service is larger than the Attendee Limit), then ON24 shall have the right to deny connections in excess of the Attendee Limit. On each occasion that Client would like to have more Attendees than the Attendee Limit for a Service, Client shall submit a large event request ticket via their Platform Account at least 10 business days in advance of the Service.

                  If Client timely submits such a ticket, then ON24 will use commercially reasonable efforts to try to accommodate a reasonable Attendee Limit increase, and if ON24 does so, it may be during a non-peak usage period.

                  To the extent available, (i) additional Attendees over the Included Attendees amount are to be purchased in blocks of 500 for Virtual Environments and 1,000 for Webinars and (ii) additional Attendees over 10,000 will be priced by quote.