as people have said, just because something is open source it doesn't mean you can use it without paying for the patents which are embodied in it.

you could study the source code and learn how Cisco did their implementation, but then you could taint yourself if you contributed to a different codec project (h264 based or other) because then you are opening yourself up to deliberate patent violations!

so your choices might boil down to...

* use the Cisco codec code as-is (you could build it from sources or using a pre-compiled binary),
* use x264 (and hope any patent work-rounds will save you),
* use a fully licensed h264 codec from the mpeg-la
* use an alternative codec which has been announced to be free of patent encumbrance and shelter under that umbrella (vp8?)

I don't like this move.
This announcement comes from them just one week before an important decision ... mmmm
If they choose the H.264 codec for WebRTC now, then will be pretty logical continue in the same way for its successor and so we will continue to stay under a license problem (and its relative payment) in the future.
If they do so, It will be a very idiot decision but, you know, the money's power can be very strong...

There are ways to produce deterministic builds to be checked.

Tor, Bitcoin, and several others security package use such an approach: the build environment is precisely defined. Anyone can download the source, replicate exactly the build environment and check if they obtain similar binaries or not.
(It was also suggested as a possible improvement for TrueCrypt)

To appease the "NSA / FSB / MSS is spying on my calls" crowd, you need to use a similar deterministic build approach, so anyone can test if the source code matches official build by Cisco.

I find it hilarious that people are worried the NSA might slip a backdoor into some video codec, while they are continuing to use the internet whose entirety from your home to the backbone is wholly controlled by big business and government. Codecs aren't even encrypted - they'd still need to break SSL or some other encryption system this is running under, just like any other communication going on.

It's a battle that's already been lost, though. People have been arguing over this stuff for years, trying to promote open codecs like Theora, or VP8 or VP9 - and they've gotten nowhere. H.264 may not be open, but it *is* a defacto standard - much like MS Word, it's what the world is actually using. How do you convince people not to use H.264, when they go out and buy a phone or camera, and the videos it produces are in H.264 format? And they don't know what a codec is, and why you're making a fuss about it, when all the software they use can open them just fine...

Ummm, the hangouts transition to webrtc? Yeah, that was evil...


I don't know why cisco is doing this. H.264 is an old codec. H.265/VP9 is here, now. ASICs are starting to come out that support those formats.

Nothing open about this

All this boils down to is Cisco giving out freeware binary codecs so American Linux users can get their codecs from Cisco instead of breaking US patent laws and getting the "European" or "non-US" version of their distro which has the patented codecs already. And of course they can decide to stop doing giving these out at any time, and they might do that because it costs them money.

Oh and they'll release their implementation under BSD license, yippee. But it's still patented so if you actually compile and use that implementation you're a criminal. This is why Brendan Eich carefully says Cisco's release is "gratis" and "open source" but never says "libre" or "free". Most non-US users can now legally compile or modify that codec, but they already have another libre H.264 implementation available so why should they care?

Open source != Patent free. don't confuse things.

Open source != Patent free. People living in one of those 5 or 6 countries with the abomination of software patents, beware.

For the rest of us, it means basically random company released the source for their (yet another) implementation of an h264 encoder/decoder. By now, i don't think there is any h264 codec better optimized than the (already opensource) x264 project, simply because its been in (open) development and optimized for much longer. The same occurs to mp3 with the Lame project, there is simply no better encoder out there; so everyone else might as well open source or abandon theirs. Of course, maybe a trick or two could be learned from the source of Cisco's but at this point in time its a rather boring announcement.

Of course Cisco does not own all the patents involving the format. In those forgotten places where such a thing matters, nothing has changed. Pay your dues to the corporate overlords or abolish software patents... Good luck.

The thing with the internet is, no matter through where your data go, as long as it is correctly encrypted, it's secure.
As long as end-to-end encryption is used, it doesn't matter in whose hand the internet is.

Thus, the best point of attack wouldn't be the actual internet traffic (The privacy conscientious people would be using ZRTP/SRTP to transfert the video over an encrypted channel). As the encryption it self, if done correctly, can't be broken, it's much more easy to attack communication at steps en either side of the encrypted channel itself.
Compression and decompression are points where the video data is in clear and are potential attack points.

A binary-only codec could either be compromised or simply be broken.

In Cisco's case, at least we can check the source-code to make sure there are no exploitable bugs in there.
But then we need a way to make sure that the downloaded binary matched the audited code.

Otherwise, no matter how many layers of encryption you stack underneath, there's no point in it if the codec leaks data before encryption.

The whole h264 binary/open whatever shit should not be part of the internet. And i truly hope google will abuse its power to get vp8/9 in.


And why on earth we don't already have a webrtc based open service (ie jabber).