Hacker News new | past | comments | ask | show | jobs | submit login
Running a Wall of Sheep in the Wild (blog.rootshell.be)
47 points by wolframio 6 months ago | hide | past | web | favorite | 45 comments



> Even if the biggest part of our attendees are men, we like to welcome women and encourage them to join security conferences. That’s why the goal of the network team is to not hurt them by fighting against p0rn on the WoS!

Maybe I’m a minority, but as a cis man I’d find a big public wall of porn in a conference disgusting. I’m definitely not against porn, but there’s a time and place for everything.


The casual sexism in those statements popped out to me, too. I found the post overall interesting (although in some ways it felt like an advertisement), but those comments in particular were jarring and took me out of what I was reading.

A 'wall of porn' is unprofessional and unacceptable at just about any conference other than a porn conference. The goal of the network team should be control of the network, including the WoS. If they weren't able to do that, I probably wouldn't find much value in attending. All that is irrespective of whatever gonads I possess.

On the other hand, it doesn't take much empathy to understand why a woman might be put off by these statements that imply she is so delicate that the visage of porn 'hurts' her in some way. Nor would I be surprised if she were to find their actual sexism offputting and decided not to attend.


> other than a porn conference

I can take that tangent…

Even at a porn conference[1, SFW], it looks like a "wall of porn" would still be unacceptable. (Also from searching "XBIZ show" on Google images — NSFW.)

Many of the attendees are payment processors or dating websites, others are LGBT, and anyway everyone is "at work". From the pictures, something like 20-40% of attendees are women (not counting models, but also not counting the male models).

[1] http://www.xbizshow.com/


Agree on this. It was… weird to see someone making a correlation between "not enjoying porn on display during a security conference" and the gender of the person. It's good that they're filtering it, it's bad that they need to, it's sad that they consider it a gender issue.


It does intuitively seem like one gender would be far more likely to raise issue with it, and I'm pretty sure most would agree with this perception outside of trying to intentionally frame issues in gender neutral ways, which isn't necessary to conclude the content may not be appropriate regardless.


It's both a professionalism issue and a gender issue.

The reason it's a gender issue is because our culture often treats women as purely sex objects rather than having their own merits as people, so the introduction of porn into a professional context isn't just a professionalism issue; it also invokes that template in a detrimental way.

Probably something related to stereotype threat in here as well: https://en.wikipedia.org/wiki/Stereotype_threat


I can't say I was offended by reading this, but the implication that public porn displays are a "womans issue" was weird to me.

You solve such things to create a welcoming environment, not because woman you think don't like to see boobies.


I can't agree more. That's just plain sexism to take action on a thought that women don't like to see boobies.

To think that women (or men for that matter) can't understand that the WoS display is just that - a WoS display? That's just insulting condescension.


Yeah, it's interesting. I wonder if it has something to do with sexual harassment training? I've definitely been "taught" that having pinups can be grounds for sexual harassment claims when working for a large grocery chain. At my current job, there's no training but it's understood that if you're making anybody uncomfortable at work, you're probably doing it wrong. I like that thinking better, but it relies on some empathy or at least shared values (maybe harder internationally?).


Grocery stores have to employ who they can get - they can't offer tech wages nor interesting projects. Either you're stacking cans at 45 cases per hour, or you're scanning and bagging 3 items a minute, or cleaning toilets and pushing carts. So mandatory training has to be clear to even the lowest elements of our society.


While plenty of men would find it offensive and plenty of women would find it funny, if they kept the porn you can be 100% certain it would be singled out as an example of how this industry doesn't make women feel welcome. Saying it's sexist to acknowledge this is concern trolling.


Suggesting that the key issue is how not filtering would be perceived, beyond the circle of the conference attendees, itself seems to be flirting with concern trolling.


I am not sure what to think about this. What does porn have to do with gender? I suppose some women like porn, as well as some men do. Regardless, why would you display porn at an event that does not have any direct connection to it?


As I understand it, they want to have a display of what the internet looks like without filtering to demonstrate the value of filtering, but also pre-filter it of any content that you would need to filter.


I think you missed the point - the point is to show what can be intercepted when you use insecure WiFi and protocols.


As the actual developer of the tool that was used, porn filtering was something that was added later on, after the porn became a problem. The issue is that trying to filter such things is often a losing game, as most conference NOC staff don't want to put in proxies for a variety of reasons.

The solution I ended up with was to use Yahoo's trained machine-learning algorithm to attempt to detect, score, and ignore images on an unbounded scan (generally from 0-100). In most cases the threshold was set to 70, however was something folks could independently sat if they ever wanted to open the front-end on their own machines. There was also a mechanism to blacklist images from the screen if one happened to pass through. I've run it at BSidesLV, BSidesChicago, Thotcon, CircleCityCon, BSidesDetroit over the years and I can tell you, monitoring and trying to block porn from hitting the board was generally what I ended up doing while running this.


> but as a cis man I’d find a big public wall of porn in a conference disgusting.

Sure, but would you initiate a hostile work environment claim or try to get someone fired using Twitter because of it?


> would you initiate a hostile work environment claim

I most definitely would. And if that didn’t work, I might post to Twitter about it.


Absolutely. I wouldn't want to work with someone that wouldn't. I might not raise hell over a one off inappropriate comment. But it if it becomes a regular thing. At a previous company I went to the owner and flat out said that a particular employee was sexually harrassing people. He knew it already and it was creating a toxic environment. I outright said that if someone files a lawsuit and it makes it into the local newspapers, this company is done. I left shortly after, within a year a large percentage of the other employees did also.


>Maybe I’m a minority, but as a cis man I’d find a big public wall of porn in a conference disgusting. I’m definitely not against porn, but there’s a time and place for everything.

So which one is it?


What are some strategies for dealing with this sort of toxic reply? I also feel pornography has its place (alone or with 1 other consenting adult), and parent's refrain is sung far too often by other men.


>or with 1 other consenting adult

Why would the number of consenting adults have any impact?


Pointing out "I am not against X, but ..." is toxic now? There are many instances where this is pointed out instantly, so I do it here too. Just write the second part, without the "but" to stop contradicting yourself.


Saying porn isn't appropriate in some environments isn't the same as "being against porn" (=being generally opposed to it), so there is no contradiction.


Your reply is the toxic one, and you're missing GP's point.


Yeah I get that you believe my reply is toxic. You are wrong there btw.

It wasn't about the point in the first place, rather the "I am not against X, but <statement which contradicts X>" formulation.


You believe phones should only show pornography and no other apps should exist. Thank you for revealing your true character.


I am astonished how you even came to that nonsense.


I'm not sure why they're still doing the WoS. The goal to raise security awareness among attendees seems to have been achieved or obviated. Now it just seems like a game where people try to put funny, pornographic, or commercial images up. Expenses are up, benefits are down, where's the end point? I even think a case could be made that they're encouraging the display of porn by turning it into this sort of cat-and-mouse game.


Honestly the Open-NSFW filter did a really good job of catching the overwhelming majority of the issues. Also until LetsEncrypt became commonplace, Dofler was still discovering tons of applications that forwent even basic encryption. It was quite terrifying.

This year was the last year I ran Dofler through its normal con-circuit, mostly due to the amount of encryption thats happening, I'd have to pivot away to completely different types of metadata that would be computationally expensive to pull, or would require a LOT of coding time, or would require dependence on commercial tools. it was simply time to lay it to rest.


[flagged]


Personal attacks are a bannable offense on HN. Please post civilly and substantively, or not at all.

https://news.ycombinator.com/newsguidelines.html


we added a “skin colour filter“.

What colour skin?


Most writeups/HowTos for this problem cover all human skin colours with reasonable degrees of success (given how niave th algorithm is).

The article specifically mentions Hulk and Smurf porn easily defeating the filter.


Depending how they sample it perhaps half-toning would defeat it too?


flesh-tone filtering algorithms sucked.


Hahaha good point. I didn't even think about that. Jesus.


To save you time, because they don't mention it until they show you the logs later:

The main tech here - that reassembles images from HTTP - is 'driftnet'.

Apt get or yum install it or pacman etc on any Linux distro.


Actually, it Dofler uses driftnet, ettercap, dsniff, tshark, ngrep, and PVS and wired them together into a web front-end. Driftnet was the component that made porn filtering very hard, as driftnet gives you no indication of WHERE the image came from, just that it found something.


"skin colour filter"?

I still remember the day I found a colouring-in puzzle in a book with one of the colours labeled "flesh" and asking my Dad which crayon to use. None of them were the colour of my skin. Eye-opening day.

I suppose the good news is that I could use my porno selfies (if I had any) to DOS the display.


Before Yahoo's Open-NSFW data was released, skin tone analysis and assessing if the image contained a majority of color palettes that are generally considered to correlate to flesh tones. You'd be surprised to know that many of these libraries are still commonly used (look at nude.js for example). The downside is that they are false positive heavy, and fairly easy to circumvent.


What did not having a crayon in a particular colour teach you?

Your best options for standard crayon sets are probably pale-skinned and sunburnt (bright pink) or somewhere around chocolate brown.

Most sets have pink, white, black, brown, and yellow so most people should be able to do a close average tone to their facial colour?


This was a colouring-in by numbers book so they had a particular one in mind.


I don't get it, you had a colouring by numbers book with your own picture in? Sorry, I'm missing something, ELI5?


Well, because "flesh" is not skin in the first place.


I assume the book was written/printed in the UK where "flesh" and sent out to us colonials. This was the 60s. "flesh toned" is pretty ordinary term for "skin tone" even in the US I believe.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: