Hacker News new | more | comments | ask | show | jobs | submit login
32C3 – Chaos Communication Congress – Streams Online (ccc.de)
414 points by axx on Dec 27, 2015 | hide | past | web | favorite | 69 comments



I'm always mindblowned by the sheer number of networking equipment deployed and maintained during the conference. They now have[0] 5000 WiFi clients connected, downloading with 2.70 Gbps and uploading with 8.93 Gbps. It's like, once a year, a big part of the internet traffic is routed through Hamburg.

[0]: http://dashboard.congress.ccc.de/


Someone in HN who can share some information about how to setup WiFi for high-demand? In any place I go (e.g. airports, restaurants) the WiFi is terrible.


The PyCon people have historically done a number of detailed blogs on running high capacity/utilization wireless networks.

http://www.tummy.com/articles/pycon2010-network/

http://serverfault.com/questions/72767/why-is-internet-acces...


Thanks. You've got to love the cluelessness of such a worthwhile Q&A being marked "not constructive" by the stack exchange moderators.


Stack Exchange : the site that marks anything it is really good at as not constructive.

Let me in as soon as anyone of you smart guys has an mvp of a stack exchange (or just stackoverflow.com-) replacement.


While I don't agree with all their decisions I think it safe to say that the only reason stack exchange has really good answers to overly moderate in the first place is because they don't allow subjective discussions. If they did, the knowledgeable people would quickly leave since their answers couldn't and wouldn't be correctly valued by those with less knowledge.


I strongly believe that there is a niche for a q/a site with less focus on bureaucratic management of counter-productive rules.

I mean, whoever does this might have to hire their own dang-like supermod but I refuse to accept that what we see today is the only option.

Some ideas:

* don't make bureaucratic powers a reward

* when the map and the terrain doesn't match the terrain is usually correct. When the time after time you find that the most useful questions are closed as not constructive then maybe the rules for "not constructive" needs to change.

* from other forums: encourage newcomers to use nicks that don't identify them at least until they get a feel for it


I am strongly inclined to think this is the particular moderator culture with a strong sense of egoism and position rather than pursuit of constructive moderation; while maybe 95% of similar questions should be closed as "not constructive" this clearly is a useful and constructive question (the exact place where a moderator should be using good personal discretion!).

This kind of thing definitely turns me off stack-exchange sites -- especially I find that the sites aside from stack-overflow (which has a larger and perhaps more responsive user-base) are prone to terrible over-moderation and as well as very selective moderation.


I work for an ISP and have done wifi for events with over 10,000 attendants. We have done this exclusively with Ubiquiti equipment. I have not used any of the high-end gear that claims to be designed for this (Aerohive/Ruckus/etc...). The bottom line is, ultimately, the wifi standard is not designed for this type of deployment -- the standards do not support the features that would be needed to get the best performance in this environment. That being said, like with most things, it can often be made to work with a reasonable level of service.

There are two bands that are available for use -- 2.4ghz and 5.8ghz. Most newer devices support 5.8ghz -- there is more overall bandwidth available on the 5.8ghz band, but we have had good success deploying only 2.4ghz for public events. Deploying 802.11ac in the 5ghz band with beam steering is something that we may investigate as more clients begin to support this band.

Two of the main issues is contention for air time (bandwidth) and channel usage. Wifi is half duplex, and only one device within a cell can talk at the same time on the same channel. If the access point(AP) is talking, clients(cell phone/laptop/etc...) must listen. If a client is talking, the AP and all other clients must listen. A protocol is implemented for this, CSMA/CA [1]. Think about this for a second -- when someone is transmitting data, nobody else can receive data. This is important (will explain later).

While(in the US) there are 11 available channels in the 2.4ghz band, there are only 3 usable channels. The others overlap and will cause interference if used in the same area. 1/6/11 are the non-overlapping channels. There is a limited amount of bandwidth available in any given area on any given channel. 2.4ghz tops out at about 130mb/s over-the-air (figure about 60% usable bandwidth as a best-case scenario) so about 80mb/s. That's with a single client, clean spectrum, and a single access point. If the signal is weak or if there is interference, this number will be reduced.

Antennas and access points need to be placed and configured (transmit power) in such a manner that you control the number of devices that are within range of them such that their client densities don't get too high (you don't want 1000 people connecting to one access point, wifi's implentation of CSMA/CA breaks down with these densities) but also the targeted clients have a good signal. One thing you must consider that many people don't is, that while you can control the area and transmit power of your access point, you cannot control the client device talking to it. You must take this into consideration also. That client 150ft away on the fringe of this cell is transmitting with full power, likely interfering with another access point 250ft away that can't even hear this AP's signal.

A single low signal client can turn your 80mb/s access point into a 2mb/s access point. An access point talking to a client with a weak signal will 'downshift' and talk at a slower speed -- say 12mb/s instead of 54mb/s -- this makes it easier for the client to receive the data being transmitted without errors. But, this slower speed means more time must be spent transmitting the data, and this is time that the AP can't talk to other clients, and other clients can't talk to the AP. In this manner, a single weak signal device streaming Youtube at 2mb/s can reduce your overall bandwidth on an access point to 10mb/s or even worse. I aim for about 30 devices per access point, with a maximum distance of about 100ft in outdoor environments and 50ft indoors. In practice, this maintains a generally usable speed of about 5mb/s (you'll want to deploy bandwidth management systems to enforce this). Your overall usage will depend heavily on the type of event, but generally we see about 10% of attendants using wifi -- so based on the rule above, about one access point per 300 people.

If the layout of your event is such that this is difficult or impossible (such as a large auditorium/stadium) you can co-locate multiple access points on non-overlapping channels and handle about 1000 clients in a general area. But care must be taken to control the signal propagation if you want to support more clients in other areas as you will be using all 3 available channels thus any other nearby access points(within range) will be cutting into your available bandwidth.

This is complicated by the reluctance of most wifi devices (phones are the worst because you generally can't configure this setting on the client) to let go of a weak signal and grab a stronger one. A wifi device will generally hold on to a signal long after it has become unusable. Many of the bigger manufacturers have ways to mitigate it. With Ubiquiti, you MUST configure the "minrssi" [2] feature and it is buried in a config file on the access point controller. Most consumer grade access points do not support this feature at all.

As I get more into trying to explain this I'm realizing all of the nuances and gotchas that can really make this difficult for someone without experience to engineer and implement. I'm not sure I can effectively convey them in an HN reply but hopefully I've helped steer you in at least the right direction. Sadly, most tech companies that would be contracted to do this type of work are just as ill equipped to design and implement this.

[1]: https://en.wikipedia.org/wiki/Carrier_sense_multiple_access_...

[2]: https://help.ubnt.com/hc/en-us/articles/205146050-OD-UniFi-H...


An ironic twist to this is, that those 'low-signal' clients that get 'downshifted' are often victims of noise. And much noise is periodic or intermittent (think sparking from a microwave tube or a faulty car ignition). Packets in the air are essentially getting hit by random darts. When the AP 'downshifts' to a lower rate, it makes the packets bigger targets for the darts. So the AP slows down some more. Often in a matter of a second it shifts all the way down to the bottom rate. And now has a harder time getting through.

It would be helpful if APs could distinguish between 'low signal' and 'high error rate', and respond differently. It should actually speed up when the periodic error rate is high, to make the packets smaller targets in the air. Or make them shorter. Or even try to time transmissions to the fit between the occurrences of noise.


This is absolutely correct. I don't know the inner workings of the modulation scheme selection but suspect that the downshift is solely based on the ratio of received to unreceived acks from the client -- without knowing the reason for the non-receipt. As far as I know, the wifi standard does not contain any provision for the client device to report its received signal level to the AP. The signal levels you typically see in the AP are the levels that the AP is hearing the client at.

Some access points allow you to lock the modulation at a certain rate -- if you know for a fact all of the clients will be able to receive the signal at the required level for that modulation scheme, you can increase your overall effective capacity. Unfortunately this is not usually the case. We almost never get to control the client devices and positions, and without that control, received signal levels can't be effectively predicted.


With this type of stupidity, along with the string of failures when it comes to Wifi security (WEP, WPS, the clusterfuck that is Probe Request frames, etc.), shouldn't we stop listening to the IEEE and get someone who understands hardware AND networks AND cryptography AND software to start writing the next generation of standards?


IEEE has gotten a bunch of things wrong, but they have gotten a bunch of things right as well. How many other vendor-agnostic technologies are there that work as well as Wifi? For the most part my wifi-enabled device will work with any device made by any manufacturer, from the high end ones down to the cheapest junk. That level of compatibility is rare in a standard in which participation is entirely voluntary.

I think the IEEE struck a balance between simplicity and ease of implementation and features. I don't think the goal was ever to design a standard that could handle thousands of endpoints on commodity hardware.

For what it is, wifi works great. It falls apart when you try to make it do what it wasn't designed to do. There have been missteps along the way, but overall I think the good outweighs the bad.

Lets not throw the baby out with the bathwater.


I dunno; between USB, HDMI, Bluetooth, CAN-bus, DisplayPort, PCI Express, SATA, GSM/CDMA/HSPA/LTE, etc. etc. (none of which are IEEE organized) I don't think Wifi is that unique. In particular the various cellular network technologies face many of the same challenges as Wifi and have not had major security fails (crypto implementation errors) like Wifi has had several times.


You've brought up some great examples of successful standards. Each of them in their current implementation work well for the task they were designed to do.

Many of them have not been without their failures. GSM had several long-standing security issues, some of which went on uncorrected after disclosure [1]. WEP was designed in the 90s and I believe there are a large number of security/encryption methods designed in the 90s that have since been proven flawed, either in design or implementation (RC4/MD5/SHA1 to name a few) Bluetooth has gone a completely different direction than it's original design and is also not without its failures. But the main difference is, each of the standards you listed was designed for a specific task, and works well in doing what it was designed to do. When you leave that area of designed function, they start to break down.

In relation to the wireless technologies(GSM/HSPA/CDMA/LTE, et al...), their design goal was indeed massive systems with 1000's of clients. They employ various technologies that would generally be cost-prohibitive or otherwise impractical (such as GPS synchronization) in the commodity consumer market. I haven't seen the price tag for an LTE tower site, but I bet it is several orders of magnitude larger than a $120 consumer router. Wifi was never designed to do this.

I agree that wifi is not unique in its success, nor is it unique in its failures. This extends to most entities in general. All have their failures and successes, including IEEE.

On a side note, I have never been that concerned with wifi encryption. The vast majority of wifi access is access to the internet. If you are not securing your data before it leaves your control, the short hop over to the access point is the least of your problems.

[1]: https://en.wikipedia.org/wiki/GSM#GSM_Security


This is honestly fascinating. You should write an article about this.


CCC uses aruba wireless, at the end of the conf the have a talk where they discuss the network/power setup.


Aruba, Aerohive, and Ruckus all have great products. I haven't personally had the opportunity or necessity to use them but have always heard good things.

We haven't deployed them mostly due to cost, but also because we have had great results with Ubiquiti.


You get what you pay for - a public place using a consumer grade WAP is going to have a Bad Time.


But is that the only reason? I imagine there are issues related with configuration, sharing the same medium, distances, small interruptions when you move from one connection point to another.


I've been downvoted, probably for not giving enough information.

A lot of the time the WAPs only have 16-32mb of RAM and some kind of hardcoded limit to the number of DHCP leases they can give out (if they don't just exhaust the range instead)

Your local Starbucks probably has half decent Cisco gear, but the independent coffee shop around the corner bought the cheapest WAP in the last Black Friday sale. The firmware hasn't really been touched since 2008 and is running a buggy version of dnsmasq, miniupnpd and an out-of-tree Ralink driver on top of kernel 2.6.

If you think I'm lying, have a look at the firmware of any non-802.11AC DLink or Netgear router. Both companies are getting better but they're at the mercy of the SoC manufacturer (Broadcom, Ralink etc).

802.11AC routers seem to be getting better, mainly due to the bandwidth requirements finally getting beyond 200-400mHz MIPS chipsets. Although [1] might be taking it a little too far.

[1]: http://www.dlink.com.au/home-solutions/taipan-ac3200-ultra-w...


It's a lot for wifi, but not that much of the internet. Less than 1 NIC ;)


5k wifi users doesn't really sound like "a big part of the internet" to me, or even necessarily a "big part of Hamburg."


There is a congress saying: USE MORE BANDWIDTH!!

:)


Literally. They once has a 100 Gbit upstream, but it wasn't maxed out, so now there isn't. It's "only" 40 Gbit now I think?


Are their servers overwhelmed already though? Hall 2 conference seems to be freezing now. The CCC is probably a good place to be experimenting with streaming over Webtorrent or something like that.


I'm sitting in Hall 2 - WiFi is working like a dream. :)

Edit: Their online infrastructure is probably seperate though.


voip calls work fine too, sometimes a brief drop


The servers are always a little bit under stress at the ccc.

PS: Reporting live from hall 2. good talk so far ;)


Yes, I switched to the SD stream, it's good enough.


They did a presentation about Red Star OS [1] using Red Star OS. Brilliant.

EDIT: http://streaming.media.ccc.de/32c3/hall6

[1] https://en.wikipedia.org/wiki/Red_Star_OS



Yes, thanks. I wasn't sure if I should link to the hall presentation since it seems like the link won't point to this presentation for very long.


I would have been more impression if RedStar didn't run in VirtualBox :)


As a side node, you can join the discussion on IRC (hackint):

#32c3-hall-1

#32c3-hall-2

#32c3-hall-G

#32c3-hall-6

#32c3-everywhere

- http://32c3-wiki.top/congress/2015/wiki/Congress_Everywhere

- https://hackint.eu/



http://ccc.de/en/updates/2015/fatuma

Fatuma Musa Afrah gave the keynote speech at the annual hacker conference, the 32nd Chaos Communication Congress in Hamburg/Germany.

She is from Somalia and lives currently in Berlin/Germany as a refugee/newcomer.


Where can I find a list of the scheduled talks? I found this link but I get a 503 and the cached version is not navigable.

http://events.ccc.de/

EDIT: https://events.ccc.de/congress/2015/Fahrplan/

This link works


Simon Menner's "What does Big Brother see, while he is watching?" talk is a really interesting look at the Cold War. Does anyone know where the VODs will be available so others can watch it later?



https://www.youtube.com/watch?v=8x_yL12dJjI "Bill Scannell: Inside Field Station Berlin Teufelsberg" is along the same lines from last year, and a very interesting insight into daily life at the NSA/DIA during those times.


"Use a desktop player! Browsers and video doesn't go together well, even in 2015 and especially when it's live. So for your best viewing experience please use a desktop player like VLC or mplayer."

Am I the only one to be bothered by this comment.


What you're missing:

- multiple audio tracks for different languages - support of captions - support of multi-resolution/bitrate streams (like DASH) - support for "multi-view" or however you want to call it: the viewer chooses wether to see speaker, slides or both - ....


Why are you bothered by it. It's true. HTML5 live streaming is only reasonably done by Apple and only works in Safari. I wouldn't push flash video streaming if I were them either.

Which leaves streaming over http (not using the browser) or rtmp


Firefox's built-in mp4 player is working for me well, for both live streams and recordings (the "re-live" section of streaming, which has all the talks that happened before folks in America woke up). So, they're at:

http://streaming.media.ccc.de/32c3/relive/

BTW, there's also a flash player for the "re-live" stuff, which isn't working for me on Linux at all; if you're having trouble with it, try the mp4s. (Just as well; I get to shove the flash-enabled browser profile back in its box.)


For me Firefox seems to be doing some weird thing with the live video where you'll watch it and it will get stuck due to congestion or whatever, and then refreshing the page appears to restart the video from the beginning until the point where it broke. Very odd.


Firefox works fine, vlc does not. Not bothered though.


Fair enough. I've been trying to do live streaming in an automated fashion and always failed. Mostly it's apples way or the flash way. Everything else is absurdly hard to maintain.


I have no problem streaming with Chrome Mobile iOS... Works really well.


MPEG DASH works as well as Apple HLS, and does not require flash on modern browsers (it does require some javascript AFAIK). It works on desktop Safari but not iOS.


It actually works pretty well, about 70% consume our WebM Streams and the remaining 30% consume the MP4/HLS stream, either with Apple-Hardware or ffplay/vlc/mplayer.


It's more a warning that, if it doesn't work for you, you should try a desktop-player before crying on twitter :P


Yeah I don't really get this...seems to work well enough in Chrome. What am I missing?


With mplayer and vlc you can manually adjust the cache size.

8mb worked quite well the last years


Is there a place where recordings get saved once they're finished or will I have to wait until the end of the conference? My internet connection is too unstable to watch them live.


Automatic stream dumps are here: https://streaming.media.ccc.de/32c3/relive/ -- note that they're completely automatic, no editing has been done. They include the 15 minutes before and after the talk in case it starts early or takes a bit longer.

The video operation centre will put finished releases up at https://media.ccc.de/b/congress/2015 once they've finished processing. Those include translated audio (all talks will be available in English and German), subtitles, intros and some audio processing.


Thanks! Downloading three talks that I really want to hear right now. I'm perfectly fine with watching them unedited.





45% Insecure WiFi traffic? at a Hacker Conference? :)


Why? I long made a point of only running "insecure" network layers at home. I sincerely believe in the stupid network, and that any security belongs above the transport.

Using the term for wireless networks at home really drives the point home that you're supposed to get your personal connection and buy your own access point, so that IP addresses finally can represent identity. That is not a coincidence.


I was with you until "so that IP addresses finally can represent identity".

You don't mean actual (personal/account) identity, do you? IP addresses represent a location for delivery and they definitely identify a network interface, but that's the extent of goals for IP addressing. Courts have supported this view and I think that's a good thing. Sorry if I read too much into what you said. EDIT: spelling.


Keep in mind though, that once your Layer 2 is hijacked, a lot of attacks are possible before upper layer security kicks in - things like browser redirection and exploitation are very common these days


Please take note of this folks. Simply trusting "transport security" isn't enough. Please do not seriously run an open access point because you think it's just as safe as the OP.


I agree. Highly assured systems of the past and recent academia built security on untrusted networks, storage, etc. Standards like Wifi are too broken to trust anyway. Best to depend on something at a higher level.

Note: WiFi security is useful for filtering out the riff raff for availability & performance reasons. :)


I'll wager there are more than a few honey pots


The list of presentations is looong. Any recommendations?


Audio is fixed now.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: