Home » Recreation » Archive by category "Television" (Page 2)

利用 Side-channel 資訊判斷被 HTTPS 保護的 Netflix 影片資訊

在「Netflix found to leak information on HTTPS-protected videos」這篇看到了研究員透過 VBR 所透露出的 side channel 資訊,成功的取得了被 HTTPS 保護的 Netflix 影片資訊。這對於美國的 ISP 是個大利多 (加上之前通過的法案),但對於個人隱私則是嚴重的打擊。

這項研究的準確率非常高:

To support our analysis, we created a fingerprint database comprised of 42,027 Netflix videos. Given this collection of fingerprints, we show that our system can differentiate between videos with greater than 99.99% accuracy. Moreover, when tested against 200 random 20-minute video streams, our system identified 99.5% of the videos with the majority of the identifications occurring less than two and a half minutes into the video stream.

而且他們居然是用這樣的單機分析:

null

苦啊...

用程式自動同步字幕與聲音

Hacker News 上看到的專案,readbeyond/aeneas

aeneas is a Python/C library and a set of tools to automagically synchronize audio and text (aka forced alignment).

馬上想到的是... 這根本就是字幕組的福音 XDDD

支援的語言:

Confirmed working on 38 languages: AFR, ARA, BUL, CAT, CYM, CES, DAN, DEU, ELL, ENG, EPO, EST, FAS, FIN, FRA, GLE, GRC, HRV, HUN, ISL, ITA, JPN, LAT, LAV, LIT, NLD, NOR, RON, RUS, POL, POR, SLK, SPA, SRP, SWA, SWE, TUR, UKR

除了 ENG 以外,有 JPN... XD

YouTube 開始與內容商合作,推出 YouTube TV 服務

YouTube 推出 YouTube TV 服務:「Finally, live TV made for you」。

直接打了幾個大頻道,尤其是運動類的頻道:

Live TV streaming from ABC, CBS, FOX, NBC, ESPN, regional sports networks and dozens of popular cable networks.

比較完整的頻道資訊可以參考這張:

可以錄影:

A cloud DVR, with no storage limits.

跨電腦、平板與手機:

A service that works great on all your screens.

價錢也只有目前常態性的一半 (相較於買比較完整的 cable 方案),USD$35/month,而且不用簽長期合約:

Half the cost of cable with zero commitments. A YouTube TV membership is only $35 a month and there are no commitments—you can cancel anytime.

這的確有殺傷性了... 加上 YouTube 的需求所累積的頻寬,應該會比起 Netflix 當時遇到的問題少?

電信商對 Zero Rating 與網路中立性的問題

在「AT&T users will be able to stream DirecTV Now without using their data」這邊才看到 FCC 在這個月月初針對電信商對特定服務的 zero rating 發出警告:「The FCC tells AT&T it may be violating net neutrality with its DirecTV plans」:

AT&T is far from the only US carrier to zero rate data. T-Mobile has been ostentatiously offering free data for music and movies for a year now, and Verizon also zero rates video from its Go90 app. But in zero rating DirecTV, the FCC thinks AT&T may have gone too far.

AT&T 說任何人只要付錢都可以參加這個 plan:

AT&T’s argument is that any company that participates in its Sponsored Data program has to pay AT&T for it, and that includes DirecTV.

但問題還是在 AT&T 擁有 DirecTV,所以是左手付到右手:

Except, again, AT&T owns DirecTV, so even if one division is paying another, the overall company still ends up not paying any money.

而且這筆金額其實不小:

The situation for other companies is very different — and the FCC believes that the price they’d have to pay is “significant[.]”

不過總統快換人了,很有可能會往更糟的方向前進...

Netflix 對 sendfile() 在 TLS 情況下的加速

Netflix 對於寫了一篇關於隱私保護的技術細節:「Protecting Netflix Viewing Privacy at Scale」。

其中講到 2012 年的 Netflix Open Connect 中的 Open Connect Appliance (OCA,放伺服器到 ISP 機房的計畫) 只有單台伺服器 8Gbps,到現在 2016 可以達到 90Gbps:

As we mentioned in a recent company blog post, since the beginning of the Open Connect program we have significantly increased the efficiency of our OCAs - from delivering 8 Gbps of throughput from a single server in 2012 to over 90 Gbps from a single server in 2016.

早期的 Netflix 走 sendfile() 將影片丟出去,這在 kernel space 處理,所以很有效率:

當影片本身改走 HTTPS (TLS) 時,其中一個遇到的效能問題是導致 sendfile() 無法使用,而必須在 userland space 加密後改走回傳統的 write() 架構,這對於效能影響很大:

所以他們就讓 kernel 支援 AES 系列加密 (包括 AES-GCM 與 AES-CBC),效能的提昇大約是 30%:

Our changes in both the BoringSSL and ISA-L test situations significantly increased both CPU utilization and bandwidth over baseline - increasing performance by up to 30%, depending on the OCA hardware version.

文章開頭也有提到選 AES-GCM 與 AES-CBC 的一些來龍去脈,主要是 AES-GCM 的安全強度比較好,另外考慮到舊的 client 不支援 AES-GCM 時會使用 AES-CBC:

We evaluated available and applicable ciphers and decided to primarily use the Advanced Encryption Standard (AES) cipher in Galois/Counter Mode (GCM), available starting in TLS 1.2. We chose AES-CGM over the Cipher Block Chaining (CBC) method, which comes at a higher computational cost. The AES-GCM cipher algorithm encrypts and authenticates the message simultaneously - as opposed to AES-CBC, which requires an additional pass over the data to generate keyed-hash message authentication code (HMAC). CBC can still be used as a fallback for clients that cannot support the preferred method.

另外 OCA 機器本身也都夠新,支援 AES-NI 指令集,效能上不是太大的問題:

All revisions of Open Connect Appliances also have Intel CPUs that support AES-NI, the extension to the x86 instruction set designed to improve encryption and decryption performance. We needed to determine the best implementation of AES-GCM with the AES-NI instruction set, so we investigated alternatives to OpenSSL, including BoringSSL and the Intel Intelligent Storage Acceleration Library (ISA-L).

不過在「Netflix Open Connect Appliance Deployment Guide」(26 July 2016 版) 這份文件裡看起來還是用多條 10Gbps 透過 LACP 接上去:

You must be able to provision 2-4 x 10 Gbps ethernet ports in a LACP LAG per OCA. The exact quantity depends on the OCA type.

可能是下一版準備要上 40Gbps 或 100Gbps 的準備...?

Google 產品 (包括 YouTube) 使用 HTTPS 的情況

YouTube 公佈了 Google 產品使用 HTTPS 的情況,這次包括了 YouTube 在內:「YouTube's road to HTTPS」。

Netflix 與 YouTube 在北美是兩個最大的 internet 流量 (Netflix, YouTube video streaming dominate internet traffic in North America),要注意的是 Netflix 也是全上 HTTPS (It wasn’t easy, but Netflix will soon use HTTPS to secure video streams):

Netflix makes up a huge part of internet downloads, the company said, with the streaming service accounting for 37.1 per cent of all downstream traffic in North America during September and October.

YouTube accounted for the second-largest share of download traffic, at 17.9 per cent, followed by regular internet browsing at 6.1 per cent.

海外的部份 YouTube 就更高了,所以 YouTube 的 HTTPS rate 其實對整個 internet 很重要。而 YouTube 宣佈目前已經有 97% 的量上 HTTPS 了,應該是 Google 資料中心最大的流量:

We're proud to announce that in the last two years, we steadily rolled out encryption using HTTPS to 97 percent of YouTube's traffic.

DVD 的發行時間差異導致盜版

MPAA 資助的報告顯示 DVD 的發行時間差異導致盜版:「DVD Release Delays Boost Piracy and Hurt Sales, Study Shows」,報告在「Windows of Opportunity: The Impact of Piracy and Delayed International Availability on DVD Sales」這邊可以看到。

用真實資料計算得到:

"When we run our regressions on Spain and Italy alone, we observe a 10% drop in sales for every 10-day delay in legal availability, as compared to a 2% drop in sales for every 10-day delay in the entire sample," the paper reads.

"Our results suggest that an additional 10-day delay between the availability of digital piracy and the legitimate DVD release date in a particular country is correlated with a 2-3% reduction in DVD sales in that country," the researchers write.

時效的重要...

最近最歡樂 (?) 的 DMCA Takedown...

最近最歡樂的 DMCA Takedown 消息,FoxFamily Guy (蓋酷家庭) 的劇情裡引用了一段從 YouTube 上的遊戲影片 (Double Dribble - NES - Automatic Shot),然後節目播出後 Fox 發 DMCA Takedown 下架掉這個影片:「Fox 'Stole' a Game Clip, Used it in Family Guy & DMCA'd the Original」。

Family Guy 那段片段在「Family Guy Double Dribble」這邊可以看到。

只要在沒有嚴格的懲罰機制 (懲罰「偽造版權擁有人」的行為),這種大公司侵犯小市民權利的現象只會愈來愈嚴重...

Archives