[First posted into a virtual-conrunner Discord, re: Balticon 56] Balticon's virtual/hybrid component overall ran fairly smoothly. About five on-site rooms were "streamed" into Zoom webinars, left nailed up all day including the half-hour changeovers in the 60/90 schedule. Because nobody shared high-res material into those sessions, the recordings all came out in crappy 360p resolution, but I guess we get what we get. There were two fully virtual tracks, and anyone onsite who wanted to watch those had to make their own arrangements [as the east-coast community around Boskone / Balticon / etc seems to agree that dedicated "stream-IN" rooms with a projector and audio system are a loss, very underutilized]. We had *just* enough host coverage to make it all happen, and very fortunately most were already experienced. A rudimentary checklist emerged, I set up a self-training sandbox and encouraged people to get in there and go at it especially if they felt rusty on webinar startups, and helped coach a couple of people through the process if they asked. The importance of that hands-on soup-to-nuts opportunity for trainees cannot be understated. We had the luxury of a spare Zoom license with webinar, allowing people to even self-train during con run if they wanted to brush up on something. I came up with a stupid mnemonic: "Truly, We So Rock" to indicate top-of-the-hour workflow operations: _T_ranscript, _W_ebinar (start), _S_hare (bumper), and _R_ecord (from the share control strip). Bumper then comes down, panelists start. (Or, "truly we suck rocks", depending on how you were feeling at the time.) Zoom is forcing a kind of half-ass "2FA" scheme on everyone. Most of the host logins were unhampered, but some collaborators from overseas were faced at least once with a "enter the code we sent to your email" challenge, even in their dedicated *clients* [never mind the zoom.us website]. So someone had to be on top of the collection of zoomN@balticon.org email and grab the responses out of there to pass back via Discord within ten minutes. When this started happening around NEFFA I opened a fairly angry and sharply-worded ticket with Zoom complaining about this and asking that they leave us alone in this regard, and basically it was never resolved before that event was over. So at this point, be prepared to monitor email to "runtime" zoom-host addresses and respond appropriately, because Zoom thinks it's actually protecting us [if only against ourselves]. For the most part, it's a one-shot thing if it happens at all, very nondeterministic, subject to Zoom's nebulous idea of what a "suspicious login" is. We actually had one zoom-bombing incident. Someone doing a reading in a con-suite breakout had posted a direct Zoom link on Twitter or something, and within minutes some bot [or human agency with nothing better to do] had picked it up and did its damndest to make all hell break loose. Connections were rapidly coming in from random proxies, mostly originating from Malaysia but one or two from the Netherlands, using offensive names and not only arriving into meetings with pornographic video already going, *knew to move to the right breakout room* to be maximally offensive there via renaming, racist junk in the chat, and transmitted video image. It was very directed, and happened fast enough that it seemed unlikely that a human using the normal Zoom UI could have accomplished it. The people doing the readings were from overseas, and apparently at least one of them has some dedicated enemies that follow their twitter or the like. These enemies have clearly lined up some kind of semi-bot-driven capability and arranged to send it through free proxies to hide its origin [even from Zoom admins]. The host at the time was trying to monitor the breakout and the main space at the same time, quickly got outpaced by the rapid activity, and started hollering "MAYDAY MAYDAY" into the Discord; fortunately I was present at the time and could help dive in and start looking around. The reader realized her mistake and took the post with the link down, but it was too late, and since the "consuite" was a long-term recurring meeting, the only fix was to generate a new meeting with the same breakout-room structure and update the con website(s). [I shoulda had a backup in place ready to go, really, but in past events where I had a full set of backups I hadn't needed them to date, so ...] Thereafter, we were okay, and the person who leaked the reading was appropriately mortified that she'd caused that level of problem. I think enough word got around what had happened that the con attendance as a whole was careful to *not* leak links into public. I have one or two ideas on how to better protect join-links at the website level, but bottom line, the attendees *do* ultimately have to know some means to access smeetings and social spaces. **--** Another thing I've been experimenting with recently is logging webhooks out of Zoom. This gets set up at the "marketplace", where you have to first set yourself up as a "developer", and then you can build "apps" from either canned commercial components or your own API implementation. One is called "webhook-only", which is a one-directional flow from Zoom to some receiver URL you've set up elsewhere. The webhook subscribes to a specific set of events under an overall account, and as stuff starts happening within the account, notifications start being sent via HTTPS POSTs to your receiver. They consist of some HTTP headers and then a JSON blob as the body, which we then get to tear apart for whatever info we need. The blobs are sent without trailing newlines, which is somewhat annoying if you're using scripts to read the data, but I worked around that and eventually had a lovely little event-logger running in a shell window. In realtime I could see all session startups and joins, hosts logging in and out, recording sets as they finished processing, etc. This gave a much more concise and save-able view than trying to wade through dashboard screens on the fly. I could even stream that running window into a Discord VC channel for the rest of the staff to view. https://cdn.discordapp.com/attachments/965456881105657896/981533227594444830/logx.jpg Sometimes the "email" fields get filled in, sometimes they don't. This seems rather capricious, dependent somewhat on if a viewer is logged into their personal Zoom or not logged in at all, but that's not the only factor. What doesn't get sent in webhooks, unfortunately, is IP addresses of where people are coming from. As a token gesture I set the replacement consuite meeting to deny entry from Malaysia and NL, with the full realization that the bombers could "come from" anywhere else, and to see the full gamut of where that particular attack had come from, I had to wade the dashboard for that meeting and look up what regions the client IPs were in by hand. **--** The fully-virtual Kaffeklatsches [all of two, thankfully] were handled by signups into registration-required separate Zoom meetings, but discussion of who would manage that and how never really happened so it fell to me to kick approvals and make Zoom send the join-link emails out. We're still looking for a better, non-klunky way to do limited signups for stuff and still have that aspect of events be accessible [e.g. you can't force everybody into Discord with a voice-chat capable client, etc etc]. Enough of the on-site tech crew was on Discord with notifications set properly, so if complaints rolled in about any of the live streams, hailing '@tech' could generally get someone's attention soon enough to physically go to the source and get the problem resolved. Much less frustrating than our feeling at D3 of utter powerlessness from the virtual side, where a stream could be total garbage and stay that way for hours. There was a bit less online "dead-dog" socializing as with the fully virtual events, which is not too surprising as those onsite were helping strike and load trucks. _H* 220601