You can encode GOPs independently. I think the only dependency between GOP encoding processes is bit allocation, which probably works well enough if you simply assign each process an equal share of the total bit budget.
That's a pretty painful constraint for anything other than very flat constant bitrate encoding. You really want to be able to move bits between GOPs to optimize for consistant quality.
So WMP 10 didn't ignore the script commands by default? Sounds like a bad decision, but at least it's been corrected.
Oh, I'm sure WMP 10 does the right thing as well. I just didn't have a copy handy, and only personally tested in 9 and 11.
It's sad that Microsoft's policy of making every document a vector for code execution, which may have seemed to be a good idea in the early 90's, hasn't been thoroughly and consistently demolished. There are so many better ways to make these things happen (and the codec update service, which you pointed out that I mistakenly conflated with this problem, assuming it ever worked, is a better idea).
Again, this is NOT an issue of any code executing inside or via WMP. All that's happening is that in a non-default state, the player will open a URL in the default browser.
I think we're going in the correct direction here, particularly for web technologies. For example, Silverlight doesn't offer any way to call native code from the sandbox, not even with UAC or a user opt-in..NET itself has always been sandboxed by default.
The irony is that in all these years, I don't think I've ever seen WMP successfully find and install a codec it was missing. I just end up with a message saying it couldn't find the codec that doesn't even tell me which codec it was looking for. Then it turns out this all just another malware attack vector.
This doesn't have anything to do with the actual codec update service. All it does is bring up a web page that tries to make something bad happen.
And again, stock WMP 9 and 11 ignore the URL script commands, so the web page wouldn't even open unless the user had changed a default security setting.
There isn't any executable code involved here (or supported), unless you consider a URL executable code.
As described, it sounds like they're using a URL Script Marker, which is just a marker in the file that associates with a particular time in the stream. And which WMP ignores entirely by default, unless a user manually changed a security option.
This doesn't have anything to do with browsers, other than that the exploit also requires a browser that will allow malware to install.
I have more details below, but basically this requires all of:
1) An "infected" file being opened 2) The user had previously changed a default WMP security setting 2) The user ignores a warning dialog 3) A default web browser that allows a malicious URL to install malware
Yes, same file format. It was originally called just.asf, but changed by default in the late 90's, IIRC, to different extensions for video and audio.
This enabled different icons for video and audio files, and easily filter between them so you didn't accidentally try to sync video to an audio-only player.
This is pretty standard practice..m4a, for example, is a MPEG-4 file with just audio..f4v is is a MPEG-4 file known to be compatible with Flash.
The original article is rather overblown by the real-world behavior here. I just whipped out a WMA file with a URL marker, renamed it to.mp3, and tried it to see what would happen.
With Windows Media Player 11 installed (out as an optional update for two years for XP, and default in Vista):
Trying to open up an ASF file with a.mp3 extension prompts a dialog reading:
"The file you are attempting to play has an extension (.mp3) that does not match the file format. Playing the file may result in unexpected behavior."
So, if a user opened one of these files, they'd have an immediate warning something was up.
However, if they play the file, nothing will happen if the player is in the stock state. Script commands don't run unless the user has gone into Tools > Options > Security and checked the "Run script commands if present" (which is off by default).
And if a user somehow got one of these modified files AND has ignored the first dialog AND changed the default security option, all they're going to get is a new web page opening up in the default browser, which would then be subject to other security on the machine.
So, current Windows installs appaer to be secure by default against this exploit.
Of course, Win 98 and Win 2K were radically different kernels.
Vista SP1 and Windows Server 2008 are the *SAME* kernel
As was said upthread, if want you want is a workstation that doesn't use all the Vista services, it's easier and cheaper to just turn off the services you don't want:).
You seem needlessly pessimistic. Lots of people are able to use transit daily to good effect in a number of cities. And we know how to incrementally expand that. It'll be a painful transition period for people who work in distant suburbs, yes, but people will change their lifestyles to one they can afford in the end. And there's plenty of incremental steps, like carpooling, charter buses, etcetera, that work with the current infrastructure.
As Herb Stein once said, "if it can't go on this way forever, it won't."
And lots of people have been commuting by themselves because the cost of it wasn't high enough for them to change their behavior. Higher costs will definitely change behavior.
And as we see transit use go up, revenue for transit goes up as well, leading to further investment; we're already seeing Portland's light rail at capacity during peak hours. It can take a while to build out new infrastucture, but planning is alread preceedign apace.
Ah, but it's not like there isn't a big improvement in taking someone from doing pure every-day commuting and just using a car for errands that makes sense. If we can drop vehicle miles per day by even 20% in a metro area, that's a big difference.
That's the idea behind stuff like FlexCar - a car for the times you really need it, but that you don't have to deal with when you don't.
Anyway, we have a model for US cities where a less car centric lifestyle works, so it's not a question of us being culturally incompatible with the concept.
There are places where it doesn't work, but painful gas prices are a powerful economic incentive. We're seeing huge drops in home prices in places where long commutes are mandatory already.
If someone can't afford a long single-car commute, than they won't:). The question is what they're going to do instead.
We might see a lot more scooters and motorcycles on the road soon.
Oh, there are certainly spread-out suburbs. But a lot of the older East Coast cities make a 100% public transit lifestyle possible, and in places like NYC, often dramatically preferrable.
And other cities have made good investements to enable people to not need a daily car. Here in Portland OR, the mix of bike routes, buses, light rail, and FlexCar-like services keep a lot of people out of single-occupancy cars for the daily commute. A similar lifestyle is possible in Seattle. And we see companies like Google and Microsoft offering free employee-only transit services to help easy congestion and parking problems. Plus employees do work on their commute thanks to on-bus WiFi, instead of arriving at work exhaused and enraged by traffic:).
So, we've got a long way to go, and places (Texas?) very hard to transition to a non-car lifestyle. But we have other places showing it really can be done.
Plus there's better car options. I saw a couple SMART cars on I-5 today...
That's one of the coolest things that NBC is going to be doing.
Since they're doing streaming, they're not limited to the physical channels they have available, so they can do many simultanous events in their entirety (and have the whole things available for on demand).
And because they can do advertising around the video frame instead of having to cut to ads, they can keep the events going end-to-end without interruption.
Video compression, and media processing in general, can scale up to 1000+ parallel threads, although current apps will need to be re-architected. I regularly have my 8-core workstation tied up for 24+ hours doing media processing, so this sounds really good to me!
Current compression products (Rhozet's Carbon Coder is the biggest example) can already scale up happily to 16 and 32 cores.
Speaking for my own work in Microsoft, we get a ton of cool stuff from MSR in little ways. I've probably got a half-dozen interesting video things I'm talking with them about. None of which will be a product in itself, but would be incorporated into improvements to existing products and platforms.
One cool thing that came out of MSR in my own work is the new video deinterlacer in Expression Encoder 2. Huge improvement over the old one in Windows Media Encoder. It didn't get a big "Produced by Microsoft Research!" on the box or anything, but that's an example of MSR technlogy making it into a product.
There's no reason you can't have one of our four or whatever DVDs for months on end, without late fees. That's one of the main points of NetFlix I thought.
It's technically possible to index silverlight 1 content, because it's content is "loose Xaml files", which means the site has xml files alongside html/js/etc, that is rendered by the silverlight 1 engine.
Silverlight 2 has the same capabilities, but noone will use them, because using C# for application/interaction logic is way more productive than using Javascript. Silverlight 2 sites using C# have the following structure Well, the XAML (markup GUI, and what's probably interesting to index) and code are still in different files. A developer can choose to put the XAML outside the.xap and the code in it. And if it's an unencrypted.xap (as most would be), it'd be easy enough for a search engine to look inside the.xap to find the XAML.
Searchability of XAML is definitely something we're working on, and have guidelines for how to develop apps that are easily searched and index.
They actually use SeaDragon (the name of the technology) on CSI, for those sections you're talking about. Obviously they lie about what it's doing, but that's the software you see. And thus CSI induces rage and envy into photo retouchers and digital media experts around the world:).
I've been asked by relatives to take a blurry picture and zoom into non existent detail, and when I say it's impossible and a violation of information theory, they tell me that they can do it on CSI, so it can't be that hard...
Silverlight is going to allow.NET code, not just Ruby. Do we really need this? Do we really need to introduce multiple client-side languages like this? We're just creating more avenues to exploit clients. Adobe has had years to get Flash right and we're still finding exploits that can be used to install malware in the background.
Couple that with injection attacks being discovered on popular web sites and the growing use of Deep Packet Inspection and, honestly, we might as well just allow everyone in the world root access to all of our machines. There certainly have been some serious Flash vulnerabilities over the years, but have there been many with Silverlight and.NET before it? Bear in mind that Silverlight is a subset of.NET, which has had security as a strong focus for years. And Silverlight provides no way to access native code from the plugin at all; it only runs in its sandbox.
Also, in the end the number of languages that can compile into.NET bytecode and run in the CLR/DLR doesn't really change the threat matrix. It's really the runtime we have to sweat, and the bytecode that could be used to attack it. What that bytecode gets compiled from is pretty irrelevant, since one should assume malicious attacker would be able to hand-code bytecode if that's what it took.
Note that Ruby scripting is being integrated into Silverlight More accurately, the dynamic language runtime is capable of handling Ruby among other languages. I'm sure all kinds of unusual languages could be implemented in it.
Slashdot Mirror
You can encode GOPs independently. I think the only dependency between GOP encoding processes is bit allocation, which probably works well enough if you simply assign each process an equal share of the total bit budget.
That's a pretty painful constraint for anything other than very flat constant bitrate encoding. You really want to be able to move bits between GOPs to optimize for consistant quality.
Well, once malicoius software has unfettered access to being able to edit your registry, you've got bigger problems then opening a random URL!
So WMP 10 didn't ignore the script commands by default? Sounds like a bad decision, but at least it's been corrected.
Oh, I'm sure WMP 10 does the right thing as well. I just didn't have a copy handy, and only personally tested in 9 and 11.
It's sad that Microsoft's policy of making every document a vector for code execution, which may have seemed to be a good idea in the early 90's, hasn't been thoroughly and consistently demolished. There are so many better ways to make these things happen (and the codec update service, which you pointed out that I mistakenly conflated with this problem, assuming it ever worked, is a better idea).
Again, this is NOT an issue of any code executing inside or via WMP. All that's happening is that in a non-default state, the player will open a URL in the default browser.
I think we're going in the correct direction here, particularly for web technologies. For example, Silverlight doesn't offer any way to call native code from the sandbox, not even with UAC or a user opt-in. .NET itself has always been sandboxed by default.
The irony is that in all these years, I don't think I've ever seen WMP successfully find and install a codec it was missing. I just end up with a message saying it couldn't find the codec that doesn't even tell me which codec it was looking for. Then it turns out this all just another malware attack vector.
This doesn't have anything to do with the actual codec update service. All it does is bring up a web page that tries to make something bad happen.
And again, stock WMP 9 and 11 ignore the URL script commands, so the web page wouldn't even open unless the user had changed a default security setting.
There isn't any executable code involved here (or supported), unless you consider a URL executable code.
As described, it sounds like they're using a URL Script Marker, which is just a marker in the file that associates with a particular time in the stream. And which WMP ignores entirely by default, unless a user manually changed a security option.
This doesn't have anything to do with browsers, other than that the exploit also requires a browser that will allow malware to install.
I have more details below, but basically this requires all of:
1) An "infected" file being opened
2) The user had previously changed a default WMP security setting
2) The user ignores a warning dialog
3) A default web browser that allows a malicious URL to install malware
Yes, same file format. It was originally called just .asf, but changed by default in the late 90's, IIRC, to different extensions for video and audio.
This enabled different icons for video and audio files, and easily filter between them so you didn't accidentally try to sync video to an audio-only player.
This is pretty standard practice. .m4a, for example, is a MPEG-4 file with just audio. .f4v is is a MPEG-4 file known to be compatible with Flash.
I launched up a VPC session with XP and WMP 9 installed, and verified the same behavior:
Warning that the extension doesn't match the content
Script command execution off by default.
Since WMP 9 is installed with XP SP 2, this suggests that SP 2-3 and Vista should be unaffected in stock state.
The ASF files pretend to be safe MP3s, but they include links that Windows automatically opens.
Actually, I just tested, and it appears Windows with the current Windows Media Player does not. See my post downthread for the details.
The original article is rather overblown by the real-world behavior here. I just whipped out a WMA file with a URL marker, renamed it to .mp3, and tried it to see what would happen.
With Windows Media Player 11 installed (out as an optional update for two years for XP, and default in Vista):
Trying to open up an ASF file with a .mp3 extension prompts a dialog reading:
"The file you are attempting to play has an extension (.mp3) that does not match the file format. Playing the file may result in unexpected behavior."
So, if a user opened one of these files, they'd have an immediate warning something was up.
However, if they play the file, nothing will happen if the player is in the stock state. Script commands don't run unless the user has gone into Tools > Options > Security and checked the "Run script commands if present" (which is off by default).
And if a user somehow got one of these modified files AND has ignored the first dialog AND changed the default security option, all they're going to get is a new web page opening up in the default browser, which would then be subject to other security on the machine.
So, current Windows installs appaer to be secure by default against this exploit.
Of course, Win 98 and Win 2K were radically different kernels.
Vista SP1 and Windows Server 2008 are the *SAME* kernel
As was said upthread, if want you want is a workstation that doesn't use all the Vista services, it's easier and cheaper to just turn off the services you don't want :).
You seem needlessly pessimistic. Lots of people are able to use transit daily to good effect in a number of cities. And we know how to incrementally expand that. It'll be a painful transition period for people who work in distant suburbs, yes, but people will change their lifestyles to one they can afford in the end. And there's plenty of incremental steps, like carpooling, charter buses, etcetera, that work with the current infrastructure.
As Herb Stein once said, "if it can't go on this way forever, it won't."
And lots of people have been commuting by themselves because the cost of it wasn't high enough for them to change their behavior. Higher costs will definitely change behavior.
And as we see transit use go up, revenue for transit goes up as well, leading to further investment; we're already seeing Portland's light rail at capacity during peak hours. It can take a while to build out new infrastucture, but planning is alread preceedign apace.
Ah, but it's not like there isn't a big improvement in taking someone from doing pure every-day commuting and just using a car for errands that makes sense. If we can drop vehicle miles per day by even 20% in a metro area, that's a big difference.
That's the idea behind stuff like FlexCar - a car for the times you really need it, but that you don't have to deal with when you don't.
Anyway, we have a model for US cities where a less car centric lifestyle works, so it's not a question of us being culturally incompatible with the concept.
There are places where it doesn't work, but painful gas prices are a powerful economic incentive. We're seeing huge drops in home prices in places where long commutes are mandatory already.
If someone can't afford a long single-car commute, than they won't :). The question is what they're going to do instead.
We might see a lot more scooters and motorcycles on the road soon.
Oh, there are certainly spread-out suburbs. But a lot of the older East Coast cities make a 100% public transit lifestyle possible, and in places like NYC, often dramatically preferrable.
And other cities have made good investements to enable people to not need a daily car. Here in Portland OR, the mix of bike routes, buses, light rail, and FlexCar-like services keep a lot of people out of single-occupancy cars for the daily commute. A similar lifestyle is possible in Seattle. And we see companies like Google and Microsoft offering free employee-only transit services to help easy congestion and parking problems. Plus employees do work on their commute thanks to on-bus WiFi, instead of arriving at work exhaused and enraged by traffic :).
So, we've got a long way to go, and places (Texas?) very hard to transition to a non-car lifestyle. But we have other places showing it really can be done.
Plus there's better car options. I saw a couple SMART cars on I-5 today...
Bittorrent isn't exactly designe for low-latency live broadcasting :).
Have you watched any of the Olympics sample content yet? If you have enough bandwidth, I think it looks pretty darn good.
That's one of the coolest things that NBC is going to be doing.
Since they're doing streaming, they're not limited to the physical channels they have available, so they can do many simultanous events in their entirety (and have the whole things available for on demand).
And because they can do advertising around the video frame instead of having to cut to ads, they can keep the events going end-to-end without interruption.
Video compression, and media processing in general, can scale up to 1000+ parallel threads, although current apps will need to be re-architected. I regularly have my 8-core workstation tied up for 24+ hours doing media processing, so this sounds really good to me!
Current compression products (Rhozet's Carbon Coder is the biggest example) can already scale up happily to 16 and 32 cores.
Eh?
Speaking for my own work in Microsoft, we get a ton of cool stuff from MSR in little ways. I've probably got a half-dozen interesting video things I'm talking with them about. None of which will be a product in itself, but would be incorporated into improvements to existing products and platforms.
One cool thing that came out of MSR in my own work is the new video deinterlacer in Expression Encoder 2. Huge improvement over the old one in Windows Media Encoder. It didn't get a big "Produced by Microsoft Research!" on the box or anything, but that's an example of MSR technlogy making it into a product.
...a model which NetFlix perfectly supports!
There's no reason you can't have one of our four or whatever DVDs for months on end, without late fees. That's one of the main points of NetFlix I thought.
Silverlight 2 Beta was actually released today.
Runtime and SDK downloads and lots of other info about it here http://silverlight.net/GetStarted/
Silverlight 2 has the same capabilities, but noone will use them, because using C# for application/interaction logic is way more productive than using Javascript. Silverlight 2 sites using C# have the following structure Well, the XAML (markup GUI, and what's probably interesting to index) and code are still in different files. A developer can choose to put the XAML outside the
Searchability of XAML is definitely something we're working on, and have guidelines for how to develop apps that are easily searched and index.
I've been asked by relatives to take a blurry picture and zoom into non existent detail, and when I say it's impossible and a violation of information theory, they tell me that they can do it on CSI, so it can't be that hard...
Couple that with injection attacks being discovered on popular web sites and the growing use of Deep Packet Inspection and, honestly, we might as well just allow everyone in the world root access to all of our machines. There certainly have been some serious Flash vulnerabilities over the years, but have there been many with Silverlight and
Also, in the end the number of languages that can compile into