From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH] ipfsgateway: Remove default gateway
Date: Fri, 12 Aug 2022 17:05:17 +0200
Message-ID: <20220812150517.GI2088045@pb2> (raw)
In-Reply-To: <7ce22e69-d0ad-16b7-52c6-0a447ce05be2@rothenpieler.org>
[-- Attachment #1.1: Type: text/plain, Size: 3831 bytes --]
On Fri, Aug 12, 2022 at 12:03:17AM +0200, Timo Rothenpieler wrote:
> On 11.08.2022 22:18, Michael Niedermayer wrote:
> > On Thu, Aug 11, 2022 at 07:56:04PM +0200, Mark Gaiser wrote:
[...]
> > >
> > > This is just your - valued! - opinion, but still just 1. I insist on
> > > waiting to hear from Michael to hear a decision on this, mainly because he
> > > was quite persistent in asking for this feature to begin with.
> >
> > Iam quite happy to leave this discussion to others, last time it was
> > just that noone seemed to care over a really long time to comment
> > now it seems everyone really cares.
> > I think its very good that people are thinking about it now, it is a
> > rather annoying situation as each option is a tradeoff which sucks in
> > some form
> > Maybe the ultimate best would be a change at the IPFS protocol level
> > so that lean light clients could securely use the protocol easily
>
>
> The patch wasn't on my radar at all. I had assumed it was actually
> implementing IPFS in some fashion.
> Not via an entire external http gateway. I'm a bit confused that it's its
> whole own protocol.
Maybe thinking about http is the wrong mindset. Maybe DNS is a better analog
to grab data from DNS you can implement a full DNS server which recursivly
resolves the request starting from the root name servers (which it needs to have
hardcoded in some form) But this is something no application does because of
latency and wide support of easier name resolution on platforms
So what one does is to connect to local of ISP DNS server which caches results
and does resolve from the root servers if needed (either directly or though platform APIs)
Problem with IPFS is your ISP doesnt have a IPFS server nor do you have one
locally normally
Below is how i understand IPFS, please someone correct me if iam wrong, iam
listing this here as i think it makes sense for the dicussion to better understand
what IPFS is before arguing about it
IPFS seems closer to DNS in how it works than to how http works
if you want to grab something from IPFS it cant just do it, it needs to connect
to peers and find out which has the data.
If you start from zero (and some hardcoded peer list) that will take more time
than if there is a running node with active connections
So for better performance we want to use a IPFS node which persists before and
after the process with libavformat. This is the same as with a DNS server.
I suspect IPFS provides little security against loging,
If you run a IPFS node, others can likely find out what your node cached because
thats the whole point, of caching data, so that others can get it.
If you are concerned the http-ipfs gateway logs you, running your own node might
be worse. IIUC thats like a public caching DNS server
the other threat of the http-ipfs gateway modifying data can possible be prevented
with some effort.
IPFS urls IIUC contain the hash from a root of a merkle tree of the data so one
can take a subset of the data with some more hashes and verify that the data
matcheswhat the URL refers to. This also makes data immutable. There is
mutable data in IPFS called IPNS.
IPNS uses a hash of a public key allowing the private key owner only to modify
the data.
again it can in principle be checked that this is all unmodifed by any intermediate
that makes IPFS different fron DNS and HTTP(S) which cannot be checked from the
URL alone
Also i hope this whole thread can stay technical because this all is a technical
problem and a technical mailing list and it should have a technical solution.
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
During times of universal deceit, telling the truth becomes a
revolutionary act. -- George Orwell
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2022-08-12 15:05 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-10 22:27 Derek Buitenhuis
2022-08-11 12:08 ` Timo Rothenpieler
2022-08-11 16:26 ` Mark Gaiser
2022-08-11 16:49 ` Timo Rothenpieler
2022-08-11 17:21 ` Mark Gaiser
2022-08-11 17:35 ` Timo Rothenpieler
2022-08-11 17:56 ` Mark Gaiser
2022-08-11 19:18 ` Derek Buitenhuis
2022-08-11 20:18 ` Michael Niedermayer
2022-08-11 22:03 ` Timo Rothenpieler
2022-08-11 22:51 ` Derek Buitenhuis
2022-08-12 13:43 ` Mark Gaiser
2022-08-12 14:22 ` Vittorio Giovara
2022-08-12 14:30 ` Kieran Kunhya
2022-08-12 14:34 ` Mark Gaiser
2022-08-12 14:45 ` Kieran Kunhya
2022-08-12 14:48 ` Derek Buitenhuis
2022-08-12 14:50 ` Kieran Kunhya
2022-08-12 14:55 ` Nicolas George
2022-08-12 15:05 ` Michael Niedermayer [this message]
2022-08-12 17:01 ` Nicolas George
2022-08-12 17:18 ` Michael Niedermayer
2022-08-12 17:21 ` Timo Rothenpieler
2022-08-13 16:29 ` Michael Niedermayer
2022-08-13 19:06 ` Timo Rothenpieler
2022-08-14 18:00 ` Michael Niedermayer
2022-08-15 14:09 ` Nicolas George
2022-08-15 14:27 ` Jean-Baptiste Kempf
2022-08-17 15:03 ` Tomas Härdin
2022-08-18 14:31 ` Michael Niedermayer
2022-08-19 9:15 ` Tomas Härdin
2022-08-19 12:52 ` Mark Gaiser
2022-08-22 9:12 ` Tomas Härdin
2022-08-22 12:52 ` Nicolas George
2022-08-23 12:53 ` Ronald S. Bultje
2022-08-23 12:55 ` Nicolas George
2022-08-24 16:35 ` Tomas Härdin
2022-08-24 20:54 ` Michael Niedermayer
2022-08-27 7:05 ` Tomas Härdin
2022-08-28 14:14 ` Michael Niedermayer
2022-08-24 21:03 ` Michael Niedermayer
2022-08-24 21:18 ` Kieran Kunhya
2022-08-25 13:57 ` Michael Niedermayer
2022-08-25 14:41 ` Kieran Kunhya
2022-08-27 7:29 ` Tomas Härdin
2022-08-27 7:53 ` Paul B Mahol
2022-08-27 11:30 ` Tomas Härdin
2022-08-27 17:34 ` Baptiste Coudurier
2022-08-28 11:49 ` Tomas Härdin
2022-08-15 17:53 ` Michael Niedermayer
2022-08-15 19:35 ` Derek Buitenhuis
2022-08-15 19:37 ` James Almer
2022-08-15 21:47 ` Michael Niedermayer
2022-08-15 21:57 ` Nicolas George
2022-08-15 23:53 ` Mark Gaiser
2022-08-16 14:46 ` Michael Niedermayer
2022-08-14 13:24 thelostone123
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220812150517.GI2088045@pb2 \
--to=michael@niedermayer.cc \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git