Luke Maurits

I had some unexpected downtime of this website (but not my mail service) recently which actually went undiagnosed for a few days. The cause was an annoying bug in lighttpd – annoying not so much because it is there, since everybody makes mistakes, but annoying because they actually seem reluctant to admit that there is a problem, even though there clearly is. A few days ago I set up an IPv6 tunnel with the very cool guys at SixXS. I can’t get native IPv6 from my ISP, but tunnel brokers like SixXS can act as an intermediary – my computer wraps IPv6 packets up inside IPv4 packets, send them to an IPv6 capable host in the SixXS system, which passes on the IPv6 packets over the actual IPv6 internet, and then wraps the response back up in IPv4 and sends it back to me. This offers practically all the benefits of IPv6 without me actually having it per se. In particular, I can now accept incoming IPv6 connections to my mail and web servers, and so now do so. It turns out, however, that enabling IPv6 support in Lighttpd has the effect of disabling IPv4 support on all Unix OSes other than Linux (because Linux takes the non-standard and technically wrong approach of having IPv6 sockets accept incoming IPv4 connections). I didn’t notice this immediately, of course, because I could access my pages just fine – via my IPv6 tunnel. Anybody on an IPv4-only connection (and that’s pretty much everybody) wouldn’t have been able to connect. Sorry about this.

Another quick thing: last night I learned, via undeadly.org of an astonishing little thing called HQTube: a Greasemonkey script which, using the well-known mplayer-plugin for Firefox, lets you watch YouTube videos inside your browser using mplayer, even if you don’t have Flash installed. Even more incredible than the fact that this exists and works is that it has been around since at least May 14, 2008 (date of the last update), and people are only just discovering this now. People using BSD operating systems that don’t have Flash support have been jumping through all sorts of hoops for years in an effort to get Flash working, and YouTube is normally a huge part of the motivation to do this. None of the other methods I’ve read about are close to being as easy or robust as this one solution seems to be. It should be much better known than it is.

There was an article in The Australian about a fortnight ago called “Police take a tip from YouTube”, discussing the plans of the NSW police (New South Wales is Australia’s oldest and most populous state) to roll out a website where private citizens can
anonymously upload photos and videos taken with their mobile phones which may be of assistance in solving crimes. The situation is somewhat reminiscent of what I wrote about last December in my Cryptographic Cameras article (see the “Emergency Response” section), an article heavily inspired by an essay by Bruce Schneier and others, and one which I really should get around to finishing sometime soon.

This is a really interesting idea and one I’ll tentatively call “good”. There are a few things which cause concern – there is obviously no system in place to guarantee the authenticity of uploaded photos and videos, as would be done using digital signatures in a true “cryptographic camera” system. This means that we can’t immediately discount the possibility of people uploading doctored media in an attempt to deceive police (perhaps framing an innocent, perhaps in an attempt to lead police away from actual leads) – I’m not sure whether the generally poor quality of mobile phone media would make Photoshopping harder or easier. Also, because the presence of GPS facilities in mobile phones is still pretty rare, there is no way to confirm that photos or video footage are actually of the location an uploader claims them to be, as there, again, would be in a true “cryptographic camera” system. Obviously, this is less of a problem the more distinctive the proclaimed location is.

The first thing that struck me as curious was the level of indirection introduced by having people upload their media through a website rather than sending it direct, and possibly even live, via the phone itself using MMS messages or video calls. When it’s possible to make one, a live video call has substantially more value than a recorded video uploaded after the fact precisely because it removes the possibility of doctoring a video. The reason this isn’t currently being considered, apparently, is a desire to
preserve the anonymity of the people doing the uploading. I realise this might seem unusual to some international readers, for whom mobile phones can be entirely anonymous – while honeymooning in Europe earlier this year my wife and
I were able to buy pre-paid SIM cards in Poland and the Czech Republic without leaving any sort of record of who we were. In Australia, you can’t get a mobile phone of any kind (to my knowledge, anyway) without showing a driver’s license or some other accepted form of ID, which means that your mobile number can always be linked directly back to you. On the one hand, I’m impressed and pleased that the police actually realise and really seem to care that anonymity is a valid concern here, but on the other, I’m not sure this solution is entirely effective. It’s a sure thing this website will record the IP addresses of uploaders, and in 9 cases out of 10 the police can track this to an individual or at least a household.

But whatever shortcomings this plan has for the time being, they’re sure to improve with time. GPS will eventually be standard in mobile phones, and it would be astonishingly stupid of handset manufacturers not to give users the option to “geotag” their photos and videos by embedding GPS data. If evidence arises that doctored material is being submitted, digital signatures could certainly be implemented if the police wanted to put enough money behind it.  Ultimately, regardless of whether this experiment succeeds or fails, the very fact that the police are even considering using technology to provide private citizens the ability to conveniently and anonymously contribute to crime fighting is a fantastic and exciting thing.

At the same time, I would throw just as much if not more support behind a parallel site run by private citizens which is all about letting people provide photos and footage of police officers in action, letting us watch the watchers while we’re not helping them.

Before the main thrust of this entry, I just wanted to point out that I (finally) got around to putting up at least a first version of my article on password storage, which has been linked to by my SQL injection article for a long time but hasn’t actually existed until earlier this week. Enjoy, and feedback is welcome!

Anyway, the main point of this article is that lately I have found myself ever more dissatisfied over the lack of availability of Flash on my home desktop machine. For those of you who didn’t realise, Flash is only available as a binary plugin for the mainstream operating systems and NetBSD isn’t amongst those. Getting Flash to work in NetBSD has always been a bit hit and miss. There are a wide range of possible solutions (and I discuss most of them, I think, in my NetBSD survival guide), mostly
based around various kinds of emulation. These solutions work to wildly varying degrees, depending on everything from the versions of Flash, NetBSD and Firefox involved to, apparently, the current phase of the moon. At the moment, Flash is effectively not working for me – video is jerky and intermittent and audio is non-existent. It’s not good enough for 9 out of 10 uses of Flash.

Now, this has been the situation for years, ever since I started using NetBSD.  But I used to absolutely not care. You only need to go a few years back in time to arrive at an internet in which Flash was completely and utterly useless and technical people could quite happily go without it. The uses of Flash could be summarised almost completely as:

• Hideous banner adverts on websites which included video and/or sound. These things are often mind blowingly obnoxious (doing things like playing sound when rolled over with the mouse) and invariably not interesting enough to be
  worth the increased loading time and security risk.
• Website navigation systems created by incompetent and inconsiderate web developers who had no concept of convenience or accessibility and were perfectly happy to make people with dial up connections wait for 10 minutes to their site and for people who didn’t use a supported OS or browser to simply not be able to see it. Invariably, these navigation systems offered nothing of value which couldn’t be achieved using faster, safer, and more accessible HTML, perhaps with Javascript, and the associated websites were entirely missable.  There’s a great rant about the problems with this sort of site here.
• Interactive games or lengthy animations, the kind of things people email around to everybody they have ever met. Most of the time these things were fairly mindless, unwelcome distraction from actual work. Sometimes they were genuinely amusing (I used to be quite fond of the Strongbad email animations on Homestar Runner). In either case, they were something one could live without pretty easily.

These 3 categories accounted for 90% of the Flash on the web. I used to consider Flash as a cancer on the web, sucking up vast resources and creating substantial division amongst the online community, while rarely contributing anything of value. I was happy, even proud, to not have a working Flash installation on my computer. I felt liberated. And then YouTube came along.

At first I simply ignored YouTube as well. I thought the idea of using Flash to distribute video was stupid. I did not understand what the problem would be with simply providing direct links to mpeg or avi video files which could be downloaded via
HTTP or FTP. This would let anybody enjoy these videos regardless of their personal choice of operating system or browser. Furthermore, in the early days YouTube seemed to me to be little more than the new version of the final dot point in my list of Flash uses above – a way to distribute stupid, possibly amusing (but probably not) 5 minute videos that wasted my time. And some of the comments left on YouTube videos rank very highly amongst the stupidest things that humans have ever written
(a point made in this xkcd comic). YouTube? No, thanks.

However, today I am forced to admit that YouTube has become useful. Maybe it became useful a long time ago and I missed it while grumbling with my stone tools and bearskin clothes in my Flash-free cave, I’m not sure. To be sure, there is still a tremendous amount of crap on YouTube, complete with shockingly stupid comments. But at the same time, a lot of intelligent, creative people are using YouTube to broadcast stuff which is genuinely interesting, educational or useful. After
Itojun passed away I learned that he had posted a series of videos on YouTube explaining the basics of (what else?) IPV6, in both Japanese and English.   Just last night, my brother-in-law Gareth pointed me in the direction of some YouTube videos by
Johnny Chung Lee, a hacker from CMU, who has done some really clever stuff with the Nintendo Wii’s “Wiimote”, like building quick and cheap head-tracking hardware, electronic whiteboards and finger trackers. I also recently found via Reddit a
video demonstrating “Shredz64″, a port of the popular Guitar Hero game to the Commodore 64, which uses the actual PlayStation guitar controller, hooked up to the C64 through a home-made adapter. These are just some things I’ve found relatively recently and thought were awesome – I have to assume there is a plethora of similar stuff on YouTube.

It’s not just YouTube, either. YouTube has popularised the notion of embedded video streaming in web sites. It crops up in a lot of places, and it’s often used for good things. Google’s technical talks come to mind first, but they’re not alone. Not only is there a lot of other stuff out there now, but it’s clear that there is only going to be more in the future. For better or worse, this is the medium that the internet community as a whole has chosen. I don’t doubt that if, for instance, internet-based citizen journalism takes off (and I sincerely hope that it does), YouTube or YouTube-like technology will be behind it.

Clearly, the situation regarding Flash has changed since I last evaluated it.  It now looks like these days I have more to lose than I do to gain by forsaking Flash. This is a sad situation, to be sure. It’s always a sad situation when in order to fully participate in the wonder of the internet one has to have one’s freedom of choice of OS and browser limited by the will of a company which stubbornly refuses to release source code, or at least file format documentation (Why not, Adobe? The Flash player is (financially) free anyway!). But pragmatism has to trump idealism at some point. Maybe, with Flash, this point has been reached?