Re: [FFmpeg-devel] [PATCH] ipfsgateway: Remove default gateway

From: Mark Gaiser <markg85@gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH] ipfsgateway: Remove default gateway
Date: Thu, 11 Aug 2022 19:56:04 +0200
Message-ID: <CAPd6JnEhWXSj9C_NOBLGcM9rMgRK_xH4cxpXGAdi=SYm4BqUZA@mail.gmail.com> (raw)
In-Reply-To: <b2c7db27-5bda-4b59-00ad-e54274855316@rothenpieler.org>

On Thu, Aug 11, 2022 at 7:35 PM Timo Rothenpieler <timo@rothenpieler.org>
wrote:

> On 11.08.2022 19:21, Mark Gaiser wrote:
> > On Thu, Aug 11, 2022 at 6:49 PM Timo Rothenpieler <timo@rothenpieler.org
> >
> > wrote:
> >
> >> On 11.08.2022 18:26, Mark Gaiser wrote:
> >>> Hi all,
> >>>
> >>> On the IPFS side we do have a solution for that with CAR files, you can
> >>> read more about that here [1].
> >>> Within the scope of this ipfs gateway protocol handler there isn't a
> >>> solution yet to use CAR files, it is on our radar but still in the
> >>> discussion phase.
> >>>
> >>> On the cURL side we had this same discussion with 2 possible solutions
> >> [2].
> >>> For completeness, i'll list them here in full too:
> >>>
> >>> 1. An error message that gives no example but instead points the user
> to
> >>> documentation on how to get it working.
> >>> === cURL example
> >>> $ curl
> ipfs://bafkreicysg23kiwv34eg2d7qweipxwosdo2py4ldv42nbauguluen5v6am
> >>> Error: local gateway not found and/or IPFS_GATEWAY is not set
> >>> Learn how to run one: https://docs.ipfs.tech/install/command-line/
> >>> ===
> >>>
> >>> 2. An error message that makes the user aware of IPFS and provides a
> >>> solution to get it working immediately.
> >>> === cURL example
> >>> $ curl
> ipfs://bafkreicysg23kiwv34eg2d7qweipxwosdo2py4ldv42nbauguluen5v6am
> >>> Error: local gateway not found and/or IPFS_GATEWAY is not set.
> >>> Try: IPFS_GATEWAY=https://ipfs.io
> >>> or run your own: https://docs.ipfs.tech/install/command-line/
> >>> ===
> >>>
> >>> Within the cURL implementation we're going for point 1.
> >>> The same idea can very well apply to ffmpeg too. Different texts that
> >> match
> >>> the different context, but in the same spirit.
> >>>
> >>> Now ffmpeg is a bit different here. First and foremost because it
> >> predates
> >>> the curl.
> >>> But also because the default fallback gateway was an explicitly
> requested
> >>> feature from the ffmpeg side to give an "it always works" feeling.
> >>> ffmpeg therefore has a fourth option: Do nothing and keep it as-is.
> >>
> >> I'm not sure who requested that, but I doubt "tunnel all user traffic
> >> through some random third parties server" was the idea there.
> >>
> >
> > Here's the conversation requesting this very feature:
> > https://ffmpeg.org/pipermail/ffmpeg-devel/2022-March/293835.html
>
> I generally agree with the points brought up there.
> But my conclusion very much is not "just put a somewhat random default
> into the code".
> Even a list of defaults is not Okay.
> We can't hardcode "magic servers".
>

This is just your - valued! -  opinion, but still just 1. I insist on
waiting to hear from Michael to hear a decision on this, mainly because he
was quite persistent in asking for this feature to begin with.
The risks were clear and - somewhat - mentioned in the post I linked to
before yet the decision was still to proceed.

Since then and now nothing has changed. No exploit was found. The only
thing that happened was a blog post from the cURL maintainer that merely
highlighted this issue. Still no abuse by any means.
That doesn't mean it will never be hacked. As I highlighted in that same
post, as that gateway gets used more and more it simply becomes an
increasingly attractive target for hackers to target.
And let's not forget that ffmpeg still warns you right now when that
fallback gateway is used.

> If it's not possible to make the protocol work without them, it likely
> shouldn't have been merged in the first place.
> Why can't it access the files directly, but only via some magic http
> gateway?
> Why does it need special code in ffmpeg in the first place, if you can
> just access it via that http proxy-gateway anyway?
>

No, we're not going to have that discussion again.
I outlined this in detail in every single patch round (we had 13 rounds) so
i'd recommend you to re-read that
https://ffmpeg.org/pipermail/ffmpeg-devel/2022-April/295097.html
If that's still unclear then you can read much more about it here too:
https://blog.ipfs.io/2022-08-01-ipfs-and-ffmpeg/

> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".