Announcement

Collapse
No announcement yet.

Cisco Open-Sources H.264 Codec, Pushes WebRTC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    More insightful than either of the announcements (Mozilla's and Cisco's) is this analysis by Monty Montgomery, the one behind Ogg, Vorbis, Xiph, etc.:
    http://xiphmont.livejournal.com/61927.html
    For those who don't know, he's the one driving Daala development in Mozilla. Basically, in the post he says that this is a capitulation on the part of Mozilla, but that it is a strategic concession with the longer-term strategy of making Daala the standard in a later spec, using the same strategies they used to get Opus into the official spec (i.e. by being substantially better than everything else). Cisco has already announced that they're contributing code to the Daala project now. So while it sucks that this the end of this round, some solace can be taken in knowing this is a temporary, stop-gap measure.

    I really recommend reading the full post though, he makes some very interesting observations.

    Comment


    • #32
      Originally posted by tga.d View Post
      More insightful than either of the announcements (Mozilla's and Cisco's) is this analysis by Monty Montgomery, the one behind Ogg, Vorbis, Xiph, etc.:
      http://xiphmont.livejournal.com/61927.html
      For those who don't know, he's the one driving Daala development in Mozilla. Basically, in the post he says that this is a capitulation on the part of Mozilla, but that it is a strategic concession with the longer-term strategy of making Daala the standard in a later spec, using the same strategies they used to get Opus into the official spec (i.e. by being substantially better than everything else). Cisco has already announced that they're contributing code to the Daala project now. So while it sucks that this the end of this round, some solace can be taken in knowing this is a temporary, stop-gap measure.

      I really recommend reading the full post though, he makes some very interesting observations.
      ^This. I can't wait for Daala

      Also, to all the people complaining about why V8/9 isn't the standard, think about it. Aside from releasing the spec and implementing it in their own browser, does Google actively try and promote it elsewhere? NO. They don't even help Mozilla implement the codec. V9 probably won't be in Firefox for another year or so because Google just wants to be the one with all the fancy toys and doesn't want other people to have what they have.
      Some of you will say "Well it's not up to Google to implement it elsewhere" and you're right, but seeing as Firefox is the next biggest non-IE browser, you'd think they'd at least say "Well, we want this to be the standard, right? We should probably get it in Firefox ASAP!".

      Thus, I am perfectly with h.264 being standard for now, until Daala comes along and we can all collectively drool over it.

      Comment


      • #33
        While I understand (and sorta agree) with Mozilla's rationale behind their alignment with Cisco I can't help but wonder how's that going to affect Firefox. Are they going to ship Cisco's binary to simplify the support across platforms or will they stick to the somewhat more troublesome platform-specific solutions like GStreamer (FX24 and still can't play mp3s...)?

        Comment


        • #34
          Software patents? Not applicable here (for now). Suck on that, MPEG LA.

          Comment


          • #35
            Originally posted by Kostas View Post
            While I understand (and sorta agree) with Mozilla's rationale behind their alignment with Cisco I can't help but wonder how's that going to affect Firefox. Are they going to ship Cisco's binary to simplify the support across platforms or will they stick to the somewhat more troublesome platform-specific solutions like GStreamer (FX24 and still can't play mp3s...)?
            FF can't ship the binary itself, that's been made clear. The license doesn't transfer from Cisco, Cisco is simply allowing their solution to be used in any product (and releasing the source, though that's useless for distribution purposes and is primarily useful for testing). Instead, when you install FireFox, it will detect whether your OS has H.264 support, and if it doesn't, it will download the binary from Cisco's servers and install it as part of FireFox. Exactly how it will interface with FireFox isn't known at this point, but it would probably be akin to a plugin (possibly more integrated, depending on whether they want sandboxing or want it to be seamless).

            Originally posted by Brendan Eich
            Firefox will automatically download and install the appropriate binary module onto each userís machine when needed, unless disabled in the userís preferences.
            Originally posted by Brendan Eich
            @Sam: not preinstalled; downloaded for Firefox users whose OS lacks H.264. Firefox OS and Firefox for Android use the OS codec.

            Comment


            • #36
              It's not end users who need this H264 codec version

              Originally posted by uid313 View Post
              H.264 is old anyways!

              Better use H.265, VP9 or Daala instead.
              It's distributors like Mozilla, and any institutional/business users in legally sensitive positions. Example: I distribute non-monetized videos only, and maybe a dozen clones of my personal OS varient. My OS is encrypted on top of all else. I have no assets or wages (revenue) to target in court. As a result, I can use libX264 in utter impunity. A big nonprofit with powerful corporate enemies (think Greenpeace or PETA?) would be in quite another situation due to fear that a snitch might be sent in to find any actionable issue, with software patents as good as anything. That could drive them to Windoze or Crapple, to the NSA's benefit. I've never worked in one, but I would suspect this to be the case. Mozilla at any rate can use an already-installed codec, but until not could not distribute, which with Flash on the way out could have put them at a severe disadvantate at least in the office environment.

              Comment


              • #37
                Originally posted by Daktyl198 View Post
                ^This. I can't wait for Daala
                Be prepared to wait as it is poised to compete (if it can) against whatever comes AFTER HEVC and VP9, as such it's FAR OFF in the future.

                Originally posted by Daktyl198 View Post
                NO. They don't even help Mozilla implement the codec.
                What is this, do you have anything to back this claim with? Not that Mozilla would necessarily need any help but I'd like to see anything indicating that Google would not help Mozilla in this regard, particularly since they've jointly worked on implementing VP8 based WebRTC across both Firefox and Chrome.

                Originally posted by Daktyl198 View Post
                V9 probably won't be in Firefox for another year or so because Google just wants to be the one with all the fancy toys and doesn't want other people to have what they have.
                Are you retarded? The VP9 stable decoder is already out in the latest ffmpeg, Mozilla can support it in Firefox whenever they want to. If you have to wait a year then it's because Mozilla won't implement it.

                The source code is available, ffmpeg devs downloaded it and implemented it, so can Mozilla, or are you telling me they need some dev from Google to come over and help them?

                Originally posted by Daktyl198 View Post
                Some of you will say "Well it's not up to Google to implement it elsewhere" and you're right, but seeing as Firefox is the next biggest non-IE browser, you'd think they'd at least say "Well, we want this to be the standard, right? We should probably get it in Firefox ASAP!".
                What are they supposed to do, hijack the Firefox git server? They have made the decoder available for anyone to implement, again Mozilla can implement it whenever they want.

                Comment


                • #38
                  Originally posted by tga.d View Post
                  FF can't ship the binary itself, that's been made clear. The license doesn't transfer from Cisco, Cisco is simply allowing their solution to be used in any product (and releasing the source, though that's useless for distribution purposes and is primarily useful for testing). Instead, when you install FireFox, it will detect whether your OS has H.264 support, and if it doesn't, it will download the binary from Cisco's servers and install it as part of FireFox. Exactly how it will interface with FireFox isn't known at this point, but it would probably be akin to a plugin (possibly more integrated, depending on whether they want sandboxing or want it to be seamless).
                  Skimmed over that part. Thanks for clearing it up.

                  In that case it definitely seems more like a political decision in view of the upcoming vote rather that technically driven one.
                  Edit: ^not that that's necessarily a bad thing

                  Comment


                  • #39
                    Good idea for a stop gap I guess. Let's make sure it remains a stop gap.

                    Daala + Opus in a Matroska container will be the way I store my videos in the future.

                    Comment


                    • #40
                      Originally posted by DrYak View Post
                      The thing with the internet is, no matter through where your data go, as long as it is correctly encrypted, it's secure.
                      As long as end-to-end encryption is used, it doesn't matter in whose hand the internet is.

                      Thus, the best point of attack wouldn't be the actual internet traffic (The privacy conscientious people would be using ZRTP/SRTP to transfert the video over an encrypted channel). As the encryption it self, if done correctly, can't be broken, it's much more easy to attack communication at steps en either side of the encrypted channel itself.
                      Compression and decompression are points where the video data is in clear and are potential attack points.

                      A binary-only codec could either be compromised or simply be broken.

                      In Cisco's case, at least we can check the source-code to make sure there are no exploitable bugs in there.
                      But then we need a way to make sure that the downloaded binary matched the audited code.

                      Otherwise, no matter how many layers of encryption you stack underneath, there's no point in it if the codec leaks data before encryption.
                      That simply doesn't make any sense. How exactly is the codec going to leak information? Is it simply going to pipe everything from your machine to an NSA IP address after it decodes on your machine? Do you really think people aren't going to notice the GBs of data flowing out of their network? Or is it going to do some kind of fancy visual recognition AI code that tries to figure out what's going on and translates that into a small text file somehow? That's probably even more ridiculous. All this stuff would get caught the second it happened to anyone. The point of breaking encryption is that they can just record what goes over the channel without you noticing. Putting something in the codec does NOTHING. If it did, codecs would include encryption already. They don't, because that's not what codecs do.

                      If you truly want to be secure, you need an air gap between your machine and the network. Nothing else is 100% effective. I guarantee you the NSA has a full handbook full of undisclosed flaws they've found in linux and OSS software that they can exploit against any target they want, just like they have 0 day exploits for windows and proprietary software.

                      It's kind of amusing actually - what you are asking for is DRM, isn't it? Some way of preventing an outside source from copying your private video. lol
                      Last edited by smitty3268; 10-30-2013, 11:36 PM.

                      Comment


                      • #41
                        Originally posted by smitty3268 View Post
                        That simply doesn't make any sense. How exactly is the codec going to leak information? Is it simply going to pipe everything from your machine to an NSA IP address after it decodes on your machine? Do you really think people aren't going to notice the GBs of data flowing out of their network? Or is it going to do some kind of fancy visual recognition AI code that tries to figure out what's going on and translates that into a small text file somehow? That's probably even more ridiculous. All this stuff would get caught the second it happened to anyone. The point of breaking encryption is that they can just record what goes over the channel without you noticing. Putting something in the codec does NOTHING. If it did, codecs would include encryption already. They don't, because that's not what codecs do.
                        The codec would only have to provide a backdoor to the system. This could then be used as an infection vector to infect the user's computer with malware/spyware.

                        If you truly want to be secure, you need an air gap between your machine and the network. Nothing else is 100% effective.
                        Bullshit. No, nothing is 100% effective, and nothing can ever be 100% effective - that's fine, because we only need it to be 99.999...% effective for all practical purposes. Saying "nothing is 100% effective" is just a red herring, entirely irrelevant, because it's not what security and privacy is about.

                        Hey, if someone happens to guess your 4096-bit keyword, your crypto is broken... it could happen! The chances are 1 in 24096, but it could happen - therefore, no crypto is 100% secure! Yet, in practice, we can use that crypto, because it's practically impossible to guess that keyword. It's theoretically not 100% effective/secure, but it doesn't have to be to be usable.

                        I guarantee you the NSA has a full handbook full of undisclosed flaws they've found in linux and OSS software that they can exploit against any target they want, just like they have 0 day exploits for windows and proprietary software.
                        Again, bullshit. If you have evidence, show it, or gtfo. That's just the kind of sour-grapes-whining heard from windows fanboys when you point out to them that Microsoft freely and voluntarily shares all Windows exploits & vulnerabilities to NSA before they are patched. "Oh, but I'm sure they have Linux exploits too!" Never any evidence is given for these claims, just that it has to be there... it can't be that windows is inferior in any way, oh no...

                        The NSA is not some kind of X Files or Men in black, they don't have any alien technology. Linux is used in many security-conscious applications, and security professionals are constantly auditing the code. A properly hardened Linux-system will not be easily penetrated by NSA, if the user doesn't do anything stupid.

                        It's kind of amusing actually - what you are asking for is DRM, isn't it? Some way of preventing an outside source from copying your private video. lol
                        You also seem to be very confused about what DRM is. DRM != privacy software.

                        Example: PGP is a way of preventing an outside source from reading your communications/viewing your data, it's an encryption method. A software used for privacy. The users have control here, only the sender and intended recipient of the communication/data have access to it. The key here is user control.

                        DRM is fundamentally user-hostile: it's a way of wresting the control of the computer away from the user. It's a way to make software/data "tamper proof", in order to prevent copying/unauthorized use/etc.

                        There's a very clear difference: one is for the benefit for the user, and is entirely controlled by the user. The other is user-hostile, and can never be in the user's control, can never be open-source.

                        Comment


                        • #42
                          Codec in browser only sees public video

                          Originally posted by smitty3268 View Post
                          That simply doesn't make any sense. How exactly is the codec going to leak information? Is it simply going to pipe everything from your machine to an NSA IP address after it decodes on your machine? Do you really think people aren't going to notice the GBs of data flowing out of their network? Or is it going to do some kind of fancy visual recognition AI code that tries to figure out what's going on and translates that into a small text file somehow? That's probably even more ridiculous. All this stuff would get caught the second it happened to anyone. The point of breaking encryption is that they can just record what goes over the channel without you noticing. Putting something in the codec does NOTHING. If it did, codecs would include encryption already. They don't, because that's not what codecs do.

                          If you truly want to be secure, you need an air gap between your machine and the network. Nothing else is 100% effective. I guarantee you the NSA has a full handbook full of undisclosed flaws they've found in linux and OSS software that they can exploit against any target they want, just like they have 0 day exploits for windows and proprietary software.

                          It's kind of amusing actually - what you are asking for is DRM, isn't it? Some way of preventing an outside source from copying your private video. lol
                          A codec used in a browser could not send back the URL of a played video, it could not see it. A video published from a browser can be tracked by much easier means-and need not be played in browser to be published from it anyway, so again the codec is a non-issue. Even if the codec was presumed malicious, at worst that would not even give parity with Flash, what with all you have to do to keep out malicious Flash code, Flash cookies, and who knows what else. Assuming you still use libx264 in Kdenlive, Mplayer, Gstreamer, Xine, etc, the codec used in the browser won't even interact with your raw files, which should be the only ones you have to be able to deny ownership of. If you have INCOMING video you need to be able to deny ownership of, and Torbrowser won't play it, then you need a public access hotspot anyway, and possibly a live disk OS as a precaution against browser fingerprinting. Use one that comes with all the codecs like Mint so you can use it exactly as shipped.

                          Even if Cisco does something huge like creating a write version of the codec that runs in GPU and works with FOSS video editors, someone running just watching total up and down network activity in Conky or gnome-system-monitor with no browser open could compare network activity between it and Libx264 to verify that it was not trying to phone home. I've done this myself to verify a browser not sending data with every keystroke in the URL line, when I compared Chromium with the known spyware on and turned off. Testing anything else would work exactly the same way, hell you don't even need Wireshark unless you are verifying WHAT is being phoned home to, like the folks who busted Google for spyware when Chrome first came out did.

                          I would not worry about video codecs other than flash, which is a whole closed binary. I would worry about keyloggers, browser Trojans, and especially about unencrypted hard drives vulnerable to police raids. At least I went to encryption before instead of after a 2008 raid on my house, and it seems they never cracked it. Yes, CISCO is known for hardware compromised by the NSA and others: mostly for routers, the main targets of the NSA's surveillance of the network. My guess is routers handling large volumes of traffic are the targets here, and desperately need FOSS firmware to put a stop to it.

                          Comment


                          • #43
                            Sigh... I really shouldn't get involved in these conversations because it always devolves into idiocy. All i'm asking for is a little common sense. In a list of applications the NSA could target, a codec would rank about 1 millionth out of about a million apps. It makes zero sense, because there are literally thousands of easier targets. The NSA isn't stupid.

                            Originally posted by dee. View Post
                            Again, bullshit. If you have evidence, show it, or gtfo.
                            LOL. So you won't believe any 0 day exploits exist unless i can prove it by showing them? If i could, then they'd be fixed and wouldn't exist... Anyway, go on any hacker site. There are people out there selling exploits to FOSS software like Firefox just like any of the proprietary browsers. There's no reason why browsers would be fundamentally different in this respect than any other software system. Common sense, people.

                            You also seem to be very confused about what DRM is. DRM != privacy software.
                            DRM literally means digital rights management. If you want to use it to manage the rights of your own data, privacy software is exactly what it becomes. There's no difference. The only thing you mean is that standard DRM is controlled by others instead of you.

                            Ok, enough of this. I'm refusing to waste any more time on this stupid topic. You will not draw me into another long flamefest BO$$ style.

                            Comment


                            • #44
                              It's not that difficult to think of a scenario using a codec. Try:

                              1. The codec is setup to detect certain videos.
                              2. NSA adds that video as an ad to all Youtube videos, targeted to your IP/browser.
                              3. You are now infected.

                              Comment


                              • #45
                                > In a list of applications the NSA could target, a codec would rank about 1 millionth out of about a million apps.
                                > It makes zero sense, because there are literally thousands of easier targets. The NSA isn't stupid.

                                They aren't stupid, and have automatic resources like computers, so with them they go for all the targets they can, not only for the easy ones (which can be achieved, or not, depending on the case).

                                > If i could [prove that], then they'd be fixed and wouldn't exist...

                                It's basically accusations without proofs. People dislike when they suffer that (e.g. "son of a bitch"), but someone likes doing that to others.

                                > Anyway, go on any hacker site. There are people out there selling exploits to FOSS software like Firefox just like any of the proprietary
                                > browsers. There's no reason why browsers would be fundamentally different in this respect than any other software system. Common sense,
                                > people.

                                If someone believed that is true, they would go there, buy it, and then get the DOMINATION. Ow!

                                > DRM literally means digital rights management.

                                If someone believes that a thing is what marketing says it is... For example if MoneyCorp Inc. is planning a product to make people dependent on it, people can be sure that MoneyCorp is not going to call the product "Dependence maker".

                                Comment

                                Working...
                                X