From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 3953E43AC0 for ; Thu, 11 Aug 2022 17:56:29 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2300668B937; Thu, 11 Aug 2022 20:56:26 +0300 (EEST) Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6769A68B49A for ; Thu, 11 Aug 2022 20:56:19 +0300 (EEST) Received: by mail-ed1-f43.google.com with SMTP id f22so23874732edc.7 for ; Thu, 11 Aug 2022 10:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc; bh=NzJ9vOZLFHUbdk45wAu1cPx4d6ePru0T9NzSUBH0ROM=; b=P+DXWeS8tZunCkHYcXwBkS3WGHlzJY083ZcJkvE1XFIT8JiCPAUuUjqr8YQiWASZ6p XTSIQe2ZjzePTdxHufhIMVPZ21ySiNZekoS2JcsCGh062ifkjzYNlYKxTMxyVj/L/UIs 0O2QaiWwEHzJqvqyisJjTW2zTsVDN2j+mB00v0ogRoyr8fy8KSl9+vPhUgF2lmzaxVF0 rVrJNiwxMZrtqjHOvGmo0C4sh6cxpKdI7XkS7CUVR393c+dW+QbmrfnGYsLSSgUsluPr YzHbDMqWCT3CLrWcGTBX8mrumtZDdBSJTibTE0gIL8SFUo+EHdVbY1UiVNXqgETOji1y xWDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc; bh=NzJ9vOZLFHUbdk45wAu1cPx4d6ePru0T9NzSUBH0ROM=; b=Yr734wq7zPO/iRXeJPwMS6kYeXW4H2Op8opfn+YY1B1+DspcNRkZOpoxZTAtdU6n0j AyTQc+dx0U8rvWRS9Guic4I8eWqlBRDHLIWgabuzxItu7MEEiYXJHqcdMKaTqj3qt5+g GcJ92kEzFDsBrJEVS0N1TKtFzHyWo99d2IVZCDVVDjCtXhgMrJ7yBw4C6yJ8gaNDsd25 JUkpYBfLEg8XtMuztyrzuI9gK4GjTOSvtymjDzn5ocgNT52g0G+uTlGX6yb8Ukm1gJkq 7fE8BbIYW8OU8EX7kbgfV+CTabj/ywB2F++zMJ91GVJXNwTE9fZIKYwJ6AiRHYusjRjF duOQ== X-Gm-Message-State: ACgBeo1EX5D0AKYe+YzrVd1aN7/yNSmQ6gKXXkBdqUbfnWnrQKHhvzFp O3GBCJl2Cgf0poYCpLU7kJ8uoN47t1HeAyTQAZuG2A1FdZw= X-Google-Smtp-Source: AA6agR41eOHatYOTBWhZKM1aP2A9UjTTN3Cjlepl/TP9RZUMeXF4/r5dHaJKBstrVFyK3lVja8YFcEvnlzHgR1BKMHw= X-Received: by 2002:a05:6402:e98:b0:441:a982:45bc with SMTP id h24-20020a0564020e9800b00441a98245bcmr211771eda.239.1660240578140; Thu, 11 Aug 2022 10:56:18 -0700 (PDT) MIME-Version: 1.0 References: <20220810222708.186270-1-derek.buitenhuis@gmail.com> <612e12d2-4df2-a2fc-5560-7acd93c2fc8f@rothenpieler.org> In-Reply-To: From: Mark Gaiser Date: Thu, 11 Aug 2022 19:56:04 +0200 Message-ID: To: FFmpeg development discussions and patches X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [FFmpeg-devel] [PATCH] ipfsgateway: Remove default gateway X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Thu, Aug 11, 2022 at 7:35 PM Timo Rothenpieler wrote: > On 11.08.2022 19:21, Mark Gaiser wrote: > > On Thu, Aug 11, 2022 at 6:49 PM Timo Rothenpieler > > > wrote: > > > >> On 11.08.2022 18:26, Mark Gaiser wrote: > >>> Hi all, > >>> > >>> On the IPFS side we do have a solution for that with CAR files, you can > >>> read more about that here [1]. > >>> Within the scope of this ipfs gateway protocol handler there isn't a > >>> solution yet to use CAR files, it is on our radar but still in the > >>> discussion phase. > >>> > >>> On the cURL side we had this same discussion with 2 possible solutions > >> [2]. > >>> For completeness, i'll list them here in full too: > >>> > >>> 1. An error message that gives no example but instead points the user > to > >>> documentation on how to get it working. > >>> === cURL example > >>> $ curl > ipfs://bafkreicysg23kiwv34eg2d7qweipxwosdo2py4ldv42nbauguluen5v6am > >>> Error: local gateway not found and/or IPFS_GATEWAY is not set > >>> Learn how to run one: https://docs.ipfs.tech/install/command-line/ > >>> === > >>> > >>> 2. An error message that makes the user aware of IPFS and provides a > >>> solution to get it working immediately. > >>> === cURL example > >>> $ curl > ipfs://bafkreicysg23kiwv34eg2d7qweipxwosdo2py4ldv42nbauguluen5v6am > >>> Error: local gateway not found and/or IPFS_GATEWAY is not set. > >>> Try: IPFS_GATEWAY=https://ipfs.io > >>> or run your own: https://docs.ipfs.tech/install/command-line/ > >>> === > >>> > >>> Within the cURL implementation we're going for point 1. > >>> The same idea can very well apply to ffmpeg too. Different texts that > >> match > >>> the different context, but in the same spirit. > >>> > >>> Now ffmpeg is a bit different here. First and foremost because it > >> predates > >>> the curl. > >>> But also because the default fallback gateway was an explicitly > requested > >>> feature from the ffmpeg side to give an "it always works" feeling. > >>> ffmpeg therefore has a fourth option: Do nothing and keep it as-is. > >> > >> I'm not sure who requested that, but I doubt "tunnel all user traffic > >> through some random third parties server" was the idea there. > >> > > > > Here's the conversation requesting this very feature: > > https://ffmpeg.org/pipermail/ffmpeg-devel/2022-March/293835.html > > I generally agree with the points brought up there. > But my conclusion very much is not "just put a somewhat random default > into the code". > Even a list of defaults is not Okay. > We can't hardcode "magic servers". > This is just your - valued! - opinion, but still just 1. I insist on waiting to hear from Michael to hear a decision on this, mainly because he was quite persistent in asking for this feature to begin with. The risks were clear and - somewhat - mentioned in the post I linked to before yet the decision was still to proceed. Since then and now nothing has changed. No exploit was found. The only thing that happened was a blog post from the cURL maintainer that merely highlighted this issue. Still no abuse by any means. That doesn't mean it will never be hacked. As I highlighted in that same post, as that gateway gets used more and more it simply becomes an increasingly attractive target for hackers to target. And let's not forget that ffmpeg still warns you right now when that fallback gateway is used. > If it's not possible to make the protocol work without them, it likely > shouldn't have been merged in the first place. > Why can't it access the files directly, but only via some magic http > gateway? > Why does it need special code in ffmpeg in the first place, if you can > just access it via that http proxy-gateway anyway? > No, we're not going to have that discussion again. I outlined this in detail in every single patch round (we had 13 rounds) so i'd recommend you to re-read that https://ffmpeg.org/pipermail/ffmpeg-devel/2022-April/295097.html If that's still unclear then you can read much more about it here too: https://blog.ipfs.io/2022-08-01-ipfs-and-ffmpeg/ > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".