Slashdot Mirror

YouTube uses VP9. Netflix uses VP9. Between the two of them they account for a huge chunk of all video watched on the web. You've probably watched a lot of VP9 encoded video without even realising it.

So by your own admission your argument is pointless and meritless. It's good to admit that you're wrong.

Remember that both VP8 and VP9 succeeded in being royalty-free video formats. YouTube uses VP9 and has done for a long time. Netflix uses VP9. AV1 will also succeed in being a royalty-free format.

As you have admitted, lawsuit scaremongering is a non-argument.

It was mentioned what 3rd party tools were being used.

https://opensource.googleblog....

Where? I don't see any credit given to the people who actually wrote the fuzz software in blog post referenced in TFA.

What do you expect a front page NYT article?

I expect to see proper attribution. Normally I wouldn't care but Google is requiring people to credit it's bot which primarily executes software Google didn't write. This is BS in my view.

There's more to 64 bit than just the bigger address space. Annoyingly Google don't seem to be giving much away here beyond "stability, performance, and security"

The interwebs seem to support that there's a performance improvement but the difference isn't huge.

The ZDNet article really adds nothing over Google's blog post. Would've made more sense to have the summary link directly to that.

https://youtube-creators.googl...

For example here is a specific video on a channel with around 52K subscribers, but the video itself only has a few thousand "views" explicitly.

https://www.youtube.com/watch?...

There are many other videos with "views" on that channel though and it should be possible for a smaller channel with very few subscribers to have a much higher view total across all videos on that channel.

I have not built up an infrastructure depending on computers I don't own, don't control

I'm interested in how you eliminated dependencies on your home ISP's DHCP server

I have static IPs.

First, most home ISPs charge extra per month for that. Second, Comcast requires subscribers with a static IP to either forfeit the static IP or rent and use Comcast's modem, which reintroduces "depending on computers I don't own, don't control", and moving to an area whose cable company is not Comcast can prove cost prohibitive, particularly if your work is unrelated to your website.

I don't serve HTTPS. I'm not collecting information about you, or serving illegal or secret information.

Making even a completely public, completely static website available over cleartext HTTP and not HTTPS has three consequences. First, the most popular western web search engine will demote your site. Second, you run the risk of a rogue ISP injecting pop-up advertisements and other malware into your pages, as Comcast has done (source 1; source 2). Third, you cannot make resources on your site available for transclusion into sites that do use HTTPS due to the mixed content policy.

And without advertisement exchanges or subscription payment servers, how do you afford to keep your server powered on and connected to the Internet?

I work.

Is your work related to your website? If not, what benefit do you gain from having a website, and do you ever have to take time off your day job to keep it updated?

When many people concentrate their dependencies on something such as Amazon's cloud, when the cloud dies or is successfully attacked, everyone goes down.

The same is true of DNS or a major home ISP. Or is your argument "only those dependencies that are provably absolutely necessary, and not a single one more"?

Thawte says they'll continue to work, but the Chrome page here:

https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html

"contain an intermediate or leaf certificate signed with a SHA-1-based signature"

makes it sound like they're going to be blocked. Anyone know for sure? I have hundreds of them.

I'm not sure why I am even arguing with a stupid AC

It's because you're desperate to be right, which is unfortunate because you're not. And you still haven't answered the question: why does AV1 exist?

On the other hand I have already shipped software that streams 4K w/ HEVC in about 20 million devices, and growing.

Over 25 billion hours of VP9 video had already been streamed by April, 2015. 20 million devices is small time.

My guess: bandwidth conservation.

Yes, that's the explicit goal. Better quality in fewer bits.

I'll also add that I've seen no good data that shows that VP9 encoders perform better over a wide range of content than H.264.

Don't worry. Netflix has and YouTube has

HTML5 is a poor substitute for Flash video

HTML5 outperforms Flash video and gives you the opportunity to use the VP9 video codec which outperforms H.264.

Then skip the puff piece and hit the source. Google raw data... https://www.google.com/transpa... Google blog about the data... https://security.googleblog.co...

Note that adblock did not blank the content for me. Perhaps because I lock down java?

It wasn't a "small" mistake.

The investigation concluded that WoSign knowingly and intentionally misissued certificates in order to circumvent browser restrictions and CA requirements. Further, it determined that StartCom, another CA, had been purchased by WoSign, and had replaced infrastructure, staff, policies, and issuance systems with WoSign's. When presented with this evidence, WoSign and StartCom management actively attempted to mislead the browser community about the acquisition and the relationship of these two companies. For both CAs, we have concluded there is a pattern of issues and incidents that indicate an approach to security that is not in concordance with the responsibilities of a publicly trusted CA.

https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

The summary is complete gibberish. For anyone interested, Google's own paper describing their NMT architecture is here:

http://arxiv.org/abs/1609.08144

and a Google Reseach blog entry describing it's production rollout (initially for Chinese-English) is here:

https://research.googleblog.com/2016/09/a-neural-network-for-machine.html

The executive summary is that this is a "seq2seq" artificial neural net model using an 8-layer LSTM (variety of recurrent neural network) to encode the source language into a representation vector, and another 8-layer LSTM to decode it into the target language. A lot of the performance improvement is in the details rather than this now-standard seq2seq approach.

The "vector" being discussed doesn't represent words but rather the entire sentence/sequence being translated. This is the amazing thing about these seq2seq architectures - that a variable length sentence can be represented by a fixed length vector!

The representation of words used to feed into this type of seq2seq model is often a wordvec/GloVe embedding (not WordNet), but per the Google paper they are using a sub-word encoding in this case.

Not even Google likes Google's codecs.

I don't have Flash installed and most of the YouTube videos I watch use VP9 (right click on the video and select "Stats for Nerds" to see which codec is used). VP9 does work better than H.264. YouTube didn't roll out VP9 support for the fun of it. I use Firefox so maybe switch to that for better YouTube viewing.

I see Slashdot is too busy bitching about SJWs and global warming to read actual tech news anymore.

In answer to both Bruce Perens and destinyland, Google has open-sourced the TensorFlow library and created a public API to access their pre-trained instance of the library. Both of these announcements were made to a wider audience in March at Google's NEXT cloud conference, but it was publicly known since at least November 2015, when it appeared on Slashdot with a link to the source on GitHub.

That Slashdot posting got 37 comments. You people should be ashamed of yourselves.

In retrospect, if what you are interested in is mostly the applications, then you should definitely look at ChromeOS: https://chrome.googleblog.com/...

They announced it last year.

Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.

• The Nexus 5 went on sale Nov 2013, so updates to major Android versions ceased Nov 2015. (Marshmallow was released Oct 2015)
• It was discontinued Mar 2015, so should continue to receive Marshmallow security patches until Sep 2017.

And that's a problem. If you replace your Nexus 5 with a 5X today, how long can you expect updates for? That phone is also a year old now.

Google is upset that Android is getting fragmented, but they are culprits too. You can't have it both ways.

Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.

• The Nexus 5 went on sale Nov 2013, so updates to major Android versions ceased Nov 2015. (Marshmallow was released Oct 2015)
• It was discontinued Mar 2015, so should continue to receive Marshmallow security patches until Sep 2017.

I have a Nexus 5, so I wasn't expecting it to get Nougat. It would've been nice if it did, but frankly I've been looking to upgrade anyway. It's a great phone (especially with Marshmallow), but it's limited by only being able to have one cellular radio active at a time. In theory I should be able to talk on the phone while simultaneously web browsing over LTE. But the hardware only supports a single active cellular radio. Wasn't a big deal when I first got the phone, but now I'm tethering more and I find I'm either unable to receive phone calls or text messages while tethered, or the call will interrupt LTE causing dropped Internet connections.

The whole OS update scene is a mess right now. Android drops support for old devices quickly. Windows 10 forces you to receive updates whether you want them or not. Apple supports their devices for a long time, but if you update a device and find it makes the device dog slow, you can't uninstall the update like you can with Android and Windows. Nobody seems to be able to get this right. Something like: support for 5 years, forced updates (so carriers can't screw you over), but you can uninstall updates which give you problems.

Dude, you've had years. All video streaming platforms have been transitioning to HTML5 for the last few years. YouTube started their transition to HTML5 over 6 years ago and switched to HTML5 by default 18 months ago.

According to Google's blog post:

Today we're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used. By adding a post-quantum algorithm on top of the existing one, we are able to experiment without affecting user security. The post-quantum algorithm might turn out to be breakable even with today's computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer. Alternatively, if the post-quantum algorithm turns out to be secure then it'll protect the connection even against a future, quantum computer.

If I read this correctly, they are using "New Hope" in combination with an existing algorithm.

More use of Plus+Codes! More use of Plus+Codes! Please add forward AND reverse lookups.

https://maps.googleblog.com/20...
Also called Open Location Code http://openlocationcode.com/

This is a great way to mark specific locations to a few meters or to a block or to a metro area. Just provide more digits to the codes to get more accurate.
https://github.com/google/open...

Humans without addresses need an easy way to share their location with sufficient accuracy, but not too much. What3Words has the right idea, but it is proprietary. GPS is completely open, but unuseable by humans.

Some engineers created Plus+Codes which include a resolution as more datum are provided. Google Maps supports plus+codes in the search box, but doesn't output those codes.

There are webapps and multiple language interfaces to libraries. The libraries are Apache licensed. Very business friendly.

https://github.com/google/open... has a nice explanation for why this is useful and needed. There are alternatives, but each is proprietary. Location should be freely available worldwide. Think about places like Nepal or Costa Rica where there either aren't addresses or they use addresses which apply to 50 other homes too? This is a big problem in the undeveloped world (though I wouldn't call Costa Rica or Kathmandu, Nepal undeveloped). There are places in rural USA and Europe where plus+code use would be very helpful too.

Right, this isn't a general-purpose DSP but a custom ASIC designed to run their TensorFlow graphs efficiently.

Mine did give me a warning yesterday. It's probable that the rule was quickly retracted.

Note that it wasn't a malware warning - it was a "DECEPTIVE SITE" warning, the ruleset against fake download buttons. Possibly targeting the "Anonymous download!" deceptive ads under magnet links.

It may be in line with Google's recently proclaimed war on fake download buttons.

Back in the day, you'd buy a separate SSL endpoint to handle the encryption

Also back in the day, you'd buy a separate IP address for each customer that wants to employ TLS. That became very expensive in the era of IPv4 address exhaustion. This requirement ended on April 8, 2014, when Windows XP reached the end of extended support. Internet Explorer for Windows XP had been the last major web browser not to support Server Name Indication, which makes name-based virtual hosting practical for HTTPS and other TLS-based protocols.

In other words: HTTPS is approximately identical to HTTP in terms of cost

This is true so long as you either A. have root on your web server or B. have a means of automating installation of renewed certificates. Some shared hosting providers are so far behind on Let's Encrypt implementation that people have become passive-aggressive, making a Ruby script to automatically send an e-mail to the host's support department to get a renewed cert installed.

There is another cost: mixed content blocking. A lot of sites rely on external resources not yet available through HTTPS, and web browsers block HTTP resources embedded in an HTTPS page. Sponsors are a big one; not until September 2013 did a major ad network become available through HTTPS.

This is a built in feature of gmail, just add +whatever before the @ in the email address. https://gmail.googleblog.com/2...

To paraphrase XKCD, I have been posting my public key for 37 years now but nobody has ever asked me for it or used it for anything as far as I can tell.

How many of the Mathematicians and Engineers working on those programs had computers at their disposal?

Erm. Many of them - https://search.googleblog.com/...

I had in fact been wondering for quite some time how come a technology oriented site isn't securing traffic with TLS.

Because until relatively recently (September 2013), ad networks did not support HTTPS. Thus browsers would block ads as mixed content. So in order to make the ads appear, Slashdot would redirect HTTPS visits from non-subscribers to HTTP.