May 30th, 2007

  • evan

vbr side channel

Here's a summary of some research I recently heard about. The basic idea is that even if a media stream is encrypted, variable bit rate encodings of the media will have bit-dense and bit-light regions in the same rough places, giving even the encrypted stream an identifiable fingerprint. They claim 98% accuracy in identifying movies playing from a Slingbox.
  • evan

google gears

Google Gears launched! Due to there temporarily being no desk space by my actual team, I happen to sit right in the middle of the Gears team, so I got to overhear and inject my opinion into all sorts of discussions.

Since most of the media presentations are a bit confusing, here's a more brief summary of what this actually is: Gears is a browser plugin that provides a few more functions to Javascript, all of which are aimed at enhancing offline apps. One module lets you "capture" (cache) URLs, so they continue to work while offline; another provides an SQLite API; and the last lets you run JS in separate threads outside of the main browser JS thread.

Here's one interesting aspect of the off/online bits that wasn't immediately obvious to me. A computer can't really know if it's "online" -- an IP address, or even connectivity to the internet doesn't guarantee that its server can respond -- and for an app that "just works offline" all you care about is whether the server can respond. So the offline cache works like this: you can't tell programmatically tell whether you're on or offline unless your server exposes some sort of RPC for your app to test via AJAX. Once you've hooked your app into the offline cache, all page loads server from the cache and then Gears (via the browser, of course) relays the request for the actual content. (There's also a lower-level API available that lets you control directly when to fetch a resource.)

Another cool part to this is that it can roll an app out as a blob. It'd be bad if you cached some updated javascript libraries then lost the internet connection before you got all of them updated, so instead the update process pulls all the files and does an atomic switch.

The final cool thing to highlight: yes, you can use Greasemonkey to inject Gears calls into sites that don't already support it. (Boodman is one of the Gears developers...)

I've been working on (and finding Gears bugs with) a Gears-enabled release of lmnopuz, but it's blocking on some other changes in lmnopuz and all of that is blocking on a few other projects that are more urgent.