Streaming video on JAG?

[lokki]

I have a client who is asking about peak and sustained transfer speeds for serving streaming video, or at least doing progressive d/l so the clip can play before it's complete.

So, this is really a handful of questions for me. I appreciate any insights, comments, etc.

First... is there a stated peak/sustained transfer rate to be aware of? I realize that this can be a serious drain on resources, which brings me to the next point.

Has anyone used remotely hosted streaming video servers? I remember RealMedia used to offer the services, mostly at an enterprise level. I'm looking for something that is very affordable, and some information on how best to use these kinds of services. Cue segue to third question.

What can you tell me about video on the web in general? I'm only passingly familiar with video, mostly wrt Flash video and downloaded files. Realizing that WMV, FLV, MOV and a couple of others can do progressive d/l which approximates streaming, and things like MPG must be cached or saved locally, what is recommended? How is filetype selection related to content type? Is is really just a matter of preference?

The client's site currently has a page with both an MOV and an FLV file. Both load and are supposed to wait for user interaction before they start playing. I have convinced him that there's no need for clients to have to use up bandwidth waiting for two large video files to come down, then only selecting one. My proposed solution was to ditch the MOV file and offer the FLV as a link which popped up a chromeless window. And now... the last question!

The client doesn't want to ditch the MOV file because a handful of his client use Macs, and QT is a native player, apparently (big shock, huh?). I have no data on popularity of the QT player, but I personally hate the thing. My recent experience with the Flash video format is quite good, and it appears to be much lighter. However, I haven't looked into compatibility with the Mac's browser. The question is, does anyone have good resources for finding such information, e.g., technologies cross sections and penetrations?

Whew!! Lots of stuff. Thanks for reading!

[jason]

Most of the video work that I've done has been in QuickTime format. We generally use Sorenson 3 compression for video and a couple of Audio compressors, depending on the type of audio used (mostly voice vs. mostly music). In the past we usually used the progressive download method ("Internet Fast Start" or something like that in the quicktime output dialog) but more recently we've started using a QuickTime server to stream our clips.

I don't think this actually answered a single question you've asked. Unfortunately, that's about all I know about our video process since we have video people that do all of the compression and stuff--I just make sure they play from the web. If you want to know more about our process, I can find out.

--Jason

[Gwaihir]

First... is there a stated peak/sustained transfer rate to be aware of? I realize that this can be a serious drain on resources

Jag calls the bandwith "burstable" and from what people around these boards state - including one guy actually streaming stuff already - it indeed is and generally manages to keep up with all but the widest DSL / cable lines your visitors might have. I.e. the bottleneck is usually NOT the server, but the visitors own connection.

As for resource drain: sending a file over is not much of a resource drain. It is relatively little work for a server - no calculations to be done or such. It just gets you through your bandwith real fast.

[lokki]

after talking a bit more with the client, the decision appears to be FLV (Flash Video). I will need to look at changing the MIME settings on the server. Anyone know if that's allowed through shell access, or do I have to submit a ticket?

Also, the question came up about what NIC Jag is using on the shared machines. Anyone? Beuhller?

[jason]

You can set custom MIME types in Cpanel or (I believe) .htaccess.

I don't know about the NIC, though.

--Jason

[tank]

Keep in mind that that true FLV streaming can only be acomplished on a FlashCom server. I remember a topic about it where we talked extensivly on the subject. Maybe do a search for it. If you can't find it here, it may have been on a different board and I can track it down for your reference.

My preference and what we usually try to suggest for our clients is to use the sorrenson Compressor and then deliver it via the Flash Player. The flash player is installed on more machines than the latest version of quicktime or whatever other media software you can use. I will say that our clients have usually been focused on the masses and have not been concerned with users that browse with no Flash (who does that anyway j/k) This really make for a seemless expierence for the user in that you can load a very small load in movie and have it lead in while the main movie downloads enough to start playing.

On Edit: Here is the thread. it talks about audio but hte same theory applies to video.
Internet Radio

[Gwaihir]

The flash player is installed on more machines than the latest version of quicktime or whatever other media software you can use. I will say that our clients have usually been focused on the masses and have not been concerned with users that browse with no Flash (who does that anyway j/k)]

Users that don't want to be affected by the security issues with Flash that even Microsoft is currently warning about perhaps? I'm afraid that might cause a bit of a dent in flash penetration.

[tank]

care to elaborate?

I've heard some talk about this but have yet to see a proof of concept. Only theory and speculation. PC's are still being shipped from major manufactures with the Microsoft Flash Plugin pre-installed in the main disk image and was disdributed in SP1 and SP2 releases for XP.

The only thing I've seen is The Active X object that Microsoft uses to run all embeded objects (including Flash) has security flaws come up from time to time. But again, this has nothing to do with Flash itself but more targeted attacks on Microsoft by hackers.

On Edit
One thing to note however is that Flash is just as subseptible to bad programming practices just as any other PHP script. It's just as vulnerable to XSS or SQL injection as the rest of the internet. Again the problem lies with the programmer.. not Flash itself... despite all the blog entries I've read stating things like "Database Hacked... Flash responsible". If they aren't checking every value that is passed back and forth then they are running a non-secure web ap. Blaming Flash for that is like blaming PHP becasue someone is passing their database password in the querystring of some script.

But again, I've seen no proof of concept of how flash will allow a programmer to invade your personal PC in the attempt to aquire information. I know there has been some holes in the past.. even recently I think I read where the Flash 7 player was recomended to be upgraded to version 8. but the counterpoint is that all software that is used by the public requires updates.. Microsoft, Firefox, Flash, Linux, etc... But I just can't see how the path forward can be conceived as "Don't Use Flash". Microsoft's position is "Upgrade to the latest player".

[Gwaihir]

care to elaborate?

http://www.eweek.com/article2/0,1895,1885204,00.asp

Indeed MS's recommendation is to upgrade to the latest player, but they also mention that as a workaround one can simply disable flash. No doubt a number of companies will do just that, as they do with any add on that isn't strictly necessary but is suddenly considered to be posing a risk.

[tank]

Yeah, that is what I read on the upgrade alouth not fro that source. It will be interestig to see what position large corporation will take on this. I know that with my day job as an engineer for a large worldwide Engineering & Construction company we use several online aps that utilize flash. Hopefully the push will be to just upgrade. I personally think ti will take the same road as the upgrades for things liek IE and Windows. We'll get the actuall patch about 14 days after the release of them and in the meantime we'll just run vulnerable machines.

[Vin DSL]

One thing to note however is that Flash is just as subseptible to bad programming practices just as any other PHP script. It's just as vulnerable to XSS or SQL injection as the rest of the internet...

But again, I've seen no proof of concept of how flash will allow a programmer to invade your personal PC in the attempt to aquire information...

Here you go! Read and heed:

http://www.macromedia.com/devnet/sec...mpsb02-08.html

I ran across this a while back, and changed my evil ways. I'd never even thought about 'AllowScriptAccess' before I read this -- however, I'm not the only one that fell into this trap, and LOTS of other authors are still pumping out vulnerable code. Live n' learn...

[lokki]

Keep in mind that that true FLV streaming can only be acomplished on a FlashCom server.

Quite so... I've enabled the FLV as a progressive d/l, which seems to work pretty well. I wish there were something easy to change in the page code to allow specifying the buffer percentage before strating playback, though. Possible in the swf file, but it would be nice as a parameter in the page itself.

Anyway, the FLV is playing fine with no other changes to Jag's machines. That means (after a little more testing) I will kill the other formats and just serve the flash video. Makes it a lot easier to track, especially when I move to doing the uploads/links dynamically via PHP.

Thanks all, and please keep up the discussion. While I think the security profile has changed, it's still good to hear what others are thinkging and dealing with.

[Vin DSL]

Speaking of videos, this is just wrong...

http://media.putfile.com/Bush-Speech

[tank]

Here you go! Read and heed:

http://www.macromedia.com/devnet/sec...mpsb02-08.html

I ran across this a while back, and changed my evil ways. I'd never even thought about 'AllowScriptAccess' before I read this -- however, I'm not the only one that fell into this trap, and LOTS of other authors are still pumping out vulnerable code. Live n' learn...

Wow.. that is over 3 years old. And as it states in the release it was patched with a newer player. It doesn't even talk about "SameDomain" for script access which is also safe to use. That's like me taunting you with old security releases for PHP-Nuke 6.X or somthing. It's true that they existed but if you run the latest software there is no problem.

Ultimatly it seems that it is up to the user to besure ALL the software on their system is up to date.