Forgot your password?
typodupeerror
Firefox Media Mozilla Patents

Firefox 33 Integrates Cisco's OpenH264 194

Posted by Unknown Lamer
from the monty-does-it-better dept.
NotInHere (3654617) writes As promised, version 33 of the Firefox browser will fetch the OpenH264 module from Cisco, which enables Firefox to decode and encode H.264 video, for both the <video> tag and WebRTC, which has a codec war on this matter. The module won't be a traditional NPAPI plugin, but a so-called Gecko Media Plugin (GMP), Mozilla's answer to the disliked Pepper API. Firefox had no cross-platform support for H.264 before. Note that only the particular copy of the implementation built and blessed by Cisco is licensed to use the h.264 patents.
This discussion has been archived. No new comments can be posted.

Firefox 33 Integrates Cisco's OpenH264

Comments Filter:
  • by Anonymous Coward

    Even though the codec source code is available, it is compiled by Cisco and provided to Mozilla. Something in me doesn't 100% trust that Cisco won't use this as an opportunity to put hidden spyware on everyone's computers. The US gov't can force American companies to secretly implement spyware, right?

    • by ledow (319597) on Wednesday July 23, 2014 @09:41AM (#47514971) Homepage

      But with access to the source code, it's easily possible to verify that the binary supplied corresponds to the source.

      That's how we know that TrueCrypt has no "binary" backdoors - we just try different combinations of compiling, noting the differences, until we find the one that Cisco used. If we never find the exact combination, the differences between a "known good" compile of the original source and the final binary make the amount of code to blind-check almost negligible in comparison.

      It's when people DON'T provide source that you should be suspicious, or when you can't get close to their source providing their binary.

      • by wonkey_monkey (2592601) on Wednesday July 23, 2014 @10:12AM (#47515189) Homepage

        But with access to the source code, it's easily possible to verify that the binary supplied corresponds to the source.

        Is it that easy? My understanding was that you'd at least have to have identical versions of the compilation tools to have any hope of coming close to a bit-for-bit match on the binary.

        • by Kardos (1348077) on Wednesday July 23, 2014 @10:19AM (#47515263)

          Seems like a problem with a simple solution: Cisco needs to publish their build procedure.

        • by Wrath0fb0b (302444) on Wednesday July 23, 2014 @11:16AM (#47515705)

          No. In fact it's absurdly difficult to reliably create reproducible builds [debian.org]. Debian has been working on this since at least 2009 (afaict) and has been plowing through issues but you still can't get an identical Kernel [debian.org] as the .deb. Heck, it was 8 weeks just for the Tor browser [debian.org].

          It's not just the compilation tools, it's the entire build environment that needs to be homogenized. All kinds of components will insert uname/hostname and paths into the binary, filesystems list the contents of a directory in undefined order, timestamps and permissions are embedded into tarballs and documentation, different locale produces other weirdness.

          tl;dr: it's much harder than just installing an identical version of clang and hitting make.

          [ And, as an aside, this goes back decades. The infrastructure around builds was never designed with reproducibility as a design goal. We are basically retrofitting this new requirement on decades of legacy code that never even considered that we would want such a thing ... ]

          • by vux984 (928602)

            No. In fact it's absurdly difficult to reliably create reproducible builds.

            Yes and no. Yes, absolutely, its absurdly difficult to create identical binaries, for the reasons you mentioned.

            But you can pretty reasonably get close enough to make manual inspection of the differences easy enough. And as you said the differences are usually filepaths, hostnames, timestamps etc so one can identify the difference as benign pretty easily.

            That's not good enough for general build reproducibility, but for one off code t

            • The only thing you can cryptographically sign is a binary. The rest is inspection by hand which won't scale.

          • by BitZtream (692029)

            Once you remove the strings from the app in question and look at the code, no its not really all that difficult.

    • Who modded this troll, it should be modded insightful? Are the NSA operatives getting in quick these days ?

      • They sure seem to be, or at least groveling apologists if not operatives.

      • by Anonymous Coward

        Are the NSA operatives getting in quick these days ?

        Operation Frist Post

    • by Actually, I do RTFA (1058596) on Wednesday July 23, 2014 @10:05AM (#47515133)

      Cisco heard your concerns and has responded: Development and maintenance will be overseen by a board from industry and the open source community.

      • by Tokolosh (1256448)

        How do we know that the board members have not been served with national security letter gag orders?

        • by BitZtream (692029)

          How do we know that we haven't been served with national security letters??!?!?!?!

          Seriously, nothing will make you happy. Sad part is you're whining about this sort of thing, but you still use a computer that boots from proprietary code on a proprietary processor. The BIOS/EFI is the easiest place to insert a back door and is in fact the place that many motherboards emulate physical hardware using system management mode of the CPU.

          But hey, you worry about cisco back dooring your video codec used by the br

          • by HiThere (15173)

            It's a reasonable thing to worry about, but not to fixate on. As you pointed out there are worse problems.

            OTOH, this is a plugin that directly manages communication over the net, so it's quite appropriate to be somewhat concerned.

      • They're probably the same people who signed off the switches I bought. The same switches that conveniently changed into a hub* after a couple of months. Maybe they expected them to be rebooted constantly.

        * Entries weren't being added to the ARP table, probably because of a timestamp overflow.

    • by ArcadeMan (2766669) on Wednesday July 23, 2014 @10:10AM (#47515179)

      That's why I know I'm safe. I use OS X, which is a closed-source OS. And since it's closed, the government doesn't have access to it.

      I love the smell of bad logic in the morning.

    • by Anonymous Coward on Wednesday July 23, 2014 @11:43AM (#47515925)

      Not only will it be your choice to accept the binary, but Mozilla also shares those concerns. Hence why they're sandboxing the CDM plugins to limit their access and ability to do anything except what they advertise. We'll have the choice to trust Mozilla's work, disable it, or partake in an effort to confirm that it's as legit as we want, so I honestly fail to see any major issue here.

    • by smash (1351) on Wednesday July 23, 2014 @12:03PM (#47516075) Homepage Journal
      Why the fuck would they bother, when they can just do that to all of the backbone routers you use?
    • by higuita (129722)

      Don't forget that the GMP only have access to a certain number of firefox functions and runs inside a sandbox [mozilla.org]. That code is treated as insecure and as it have a very defined objective, is easier to sandbox (ie: no filesystem access, no network, etc).

      Yes, is not perfect, but it's a good workaround for those software patents and DRM.

      Those that still don't trust it, can choose to not install the Cisco OpenH264, its a "plugin" after all

  • Great (Score:4, Insightful)

    by Burz (138833) on Wednesday July 23, 2014 @09:42AM (#47514975) Journal

    I always wanted a backdoor in my browser.

    • by smash (1351)
      If you think CIsco need to backdoor your browser to own all your shit, you are tragically naive.
    • I always wanted a backdoor in my browser.

      I really did try searching for how this plugin retrieval works but must not have use the right search terms.

      To stay license compliant *AND* safe, Mozilla should sign the modules as they become available, and Firefox should only download them if both Mozilla's and Cisco's signatures verify.

      That being done, there's very little difference between Mozilla shipping the code to you as part of a Firefox update and having the browser fetch it afterwards.

      But if Mozilla is _on

      • by Burz (138833)

        Why should Mozilla use their own key to sign code they did not compile themselves?

    • I always wanted a backdoor in my browser.

      You must be new here. Posting a link to an open backdoor, to be viewed in your browser, was once a slashdot tradition.

  • by Anonymous Coward on Wednesday July 23, 2014 @09:50AM (#47515039)

    They've already destroyed FF and changed it from a browser with its own identity into Chrome's obsessed former friend who mimics her every move and style and is planning to kill her and assume her identity some day.

    Honestly, there's nothing left to call Firefox now. If I want a browser like Chrome, I'll run Chrome. If I want a browser like Firefox, then I have to use an old one or a fork.

    Stop punching your users in the face, and give them back the control they had over their browser.

    • by roca (43122)

      You have control. As the article says:
      > Users will have options to activate or deactivate it

      • You have control. As the article says:
        > Users will have options to activate or deactivate it

        It sounds like the person to whom you're replying deactivated Firefox quite some time ago.

    • Unlike Chrome, you can get the normal UI of Firefox. I have customized it such that My Firefox 31 looks almost exactly like Firefox 3.6.

  • by Anonymous Coward on Wednesday July 23, 2014 @09:58AM (#47515087)

    (reads summary)

    Hum, Interesting...firefox 33 integrates, mumble, mumble...wait, something's not right with this picture.

    (Scrolls back a few lines on the RSS feed)

    Firefox 31 Released [slashdot.org]

    Aha! I knew it. Latest version is 31! Must be a typo...

    (One angry RTFA later)

    Oh, hang on...They are referring to the yet unreleased, possibly future version of Firefox. With no indication whatsoever of that fact in the summary, even though a (stable?) version of Firefox was just recently released, as highlighted on this very same website less than 24 hours ago.

    ...

    Would it have killed anyone to point this out somewhere? You know, for those of us at home who don't keep up with Firefox's versioning madness?

    • You don't have to keep track of Firefox version. By this time next month they'll announce FireFox 40, with H.265 support.

    • Version 31 was yesterday's version. 33 will be tomorrow's version.

  • At fucking last (Score:2, Interesting)

    by ArcadeMan (2766669)

    Can we finally use the tag with H.264 files and just forget about the rest?

    • Re: (Score:2, Informative)

      by ArcadeMan (2766669)

      Always really preview before clicking submit.

      Can we finally use the the <video> tag with H.264 files and just forget about the rest?

      • Always really preview before clicking submit.

        Can we finally use the the <video> tag with H.264 files and just forget about the rest?

        No, since Firefox is currently limiting the use of this plugin to WebRTC - which basically means it's not available for anything actual users want to do, such as watch html5 video.

        • Another stupid idea by the Firefox team, then.

        • The article mentions Youtube, without giving any specifics. Seems they're shipping the plugin greyed out, disabled etc. and then WebRTC stuff will work (does anyone have either used that?) and then maybe you'll be able to use html5 video in some future version, maybe.

          Setting the politics aside, and even whether they intend or not to provide html5 video support, it feels better to do that staged release. I sure would want that the kinks, bugs, networking and security issues are worked out before it is unleas

          • by evilviper (135110)

            The article mentions Youtube, without giving any specifics. Seems they're shipping the plugin greyed out, disabled etc. and then WebRTC stuff will work (does anyone have either used that?) and then maybe you'll be able to use html5 video in some future version, maybe.

            You don't need H.264 for Youtube. You can watch everything there, and at several other sites using the "Video WithOut Flash" plugin:

            https://addons.mozilla.org/en-... [mozilla.org]

            It works pretty damn well.

        • No, since Firefox is currently limiting the use of this plugin to WebRTC - which basically means it's not available for anything actual users want to do, such as watch html5 video.

          Thankfully, that is incorrect. The OpenH.264 decoder can be used for HTML video elements. Though the last I heard Mozilla is still working on AAC audio licensing.

          https://blog.mozilla.org/blog/2013/10/30/video-interoperability-on-the-web-gets-a-boost-from-ciscos-h-264-codec/ [mozilla.org]

          Firefox already supports H.264 for the video element usi

      • OpenH264 only ships with a video decoder, no AAC audio decoder. The hack Cisco made with OpenH264 won't work, as the AAC licensing pool company removed [livejournal.com] caps. For WebRTC, this is no problem, as opus will be used as audio encoding.
        But MP4 won't work. Perhaps there is potential for a matroska-based h.264+opus format, as when IE and safari (which don't have opus for the audio element yet) implement WebRTC, they need opus encoders and decoders. Then its only a small step to support this mixed format.

  • bad for standards (Score:5, Insightful)

    by l2718 (514756) on Wednesday July 23, 2014 @10:05AM (#47515129)
    Mozilla capitulating on the tag has serious implications for web standards. By including patent-encumbered code in the browser they take the rug from under those in the www foundation that argue for free web standards. Yes, some websites wanted to use H.264 for video encoding, but Mozilla shouldn't have abetted them.
    • This has nothing to do with the "tag" itself, which does not specify codecs. Yes, this is still a compromise, but many of us have been compromising for years on various aspects of freedom and openness. Choose your battles carefully and you can win the war: Mozilla has already achieved so much for the open web, and I'm confident the upward slope will continue.
      • This has nothing to do with the "tag" itself, which does not specify codecs.

        IIRC at one stage it specified vorbis/theora as a baseline which every implementation should support but under pressure from apple and MS they took that out.

    • Re: (Score:3, Interesting)

      by ArcadeMan (2766669)

      I'm all for open standards and less patents, but H.264 videos and H.264 decoding hardware has been used everywhere for almost a decade now. Even if something free and open-source had been able to replace it, we're on the verge of switching to H.265 which is about twice as good as H.264.

      • I'm sure the transition to H265 will be at least a decade long (do unreleased AMD and Intel CPUs even support it? I think not). H264 will stay for a long time. Even MP3 has been outdated for like 10+ years but still is massively used.

      • by tepples (727027)

        H.264 videos and H.264 decoding hardware has been used everywhere for almost a decade now.

        Make it two decades and we'll talk.

        we're on the verge of switching to H.265 which is about twice as good as H.264.

        Not so fast though. When I made a similar point [slashdot.org], people mentioned that video providers will continue because they have the choice of decoding H.265 in battery-gulping software or H.264 in battery-sipping hardware.

    • It also still doesn't give anyone permission to generate their own h.264 video files (outside of webrtc "video-chatting" inside the browser) legally without paying someone a patent "poll-tax" for permission, so this is still "consume-only".

      I'm also under the impression that there are,absurdly, potential patent-license issues with the .mp4 file format that h.264 video is most often stored in.

      Finally, of course unless the usual obstructionist Apple and Microsoft ever implement opus codec support, this also

      • Re:bad for standards (Score:5, Informative)

        by tlhIngan (30335) <slashdot@wSLACKWAREorf.net minus distro> on Wednesday July 23, 2014 @12:05PM (#47516105)

        It also still doesn't give anyone permission to generate their own h.264 video files (outside of webrtc "video-chatting" inside the browser) legally without paying someone a patent "poll-tax" for permission, so this is still "consume-only".
        I'm also under the impression that there are,absurdly, potential patent-license issues with the .mp4 file format that h.264 video is most often stored in.

        Finally, of course unless the usual obstructionist Apple and Microsoft ever implement opus codec support, this also doesn't give you the legal ability to include sound (mp3 or aac, typically, for h.264 videos) with the video. Hope everybody likes silent movies...

        If you have a camcorder, the license to create h.264 is present as part of the camcorder. This includes phones and everything else people submit to YouTube, for example.

        The only constraint is that if you post content online, you cannot take payment on the content itself - i.e., you can put it online, you can put ads around it, but you cannot force someone to pay to view that content (commercial activity). So those videos on YouTube where you have to pay in order to view them come under a different license.

        As for the Mp4 format being patented - it's RAND by Apple ages ago (MP4 is a subset of the QuickTime MOV format). If Apple's asserting any patents on the format, that is. But since people mass-license the h.264 patents through the MPEG-LA, that means any patents Apple has on MP4 are included in the license fee you pay to create or display the content.

        Sound is licensed under a separate agreement - MP3 or AAC. Again, your typical MPEG-LA license for h.264 will probably include use licenses for AAC (most typical format) so you can have a soundtrack.

        If not, there's always PCM as well - handled by the format just fine.

        • If you have a camcorder, the license to create h.264 is present as part of the camcorder. This includes phones and everything else people submit to YouTube, for example.

          It doesn't include video game footage or anything else that's edited because as I understand it, the video editing software needs to have its own licensed encoder.

    • by westlake (615356) on Wednesday July 23, 2014 @10:52AM (#47515497)

      Yes, some websites wanted to use H.264 for video encoding, but Mozilla shouldn't have abetted them.

      H.264 is here.

      HEVC not far down the road.

      The geek sees everything in terms of the "open" web.

      But there is more to digital video than video distribution through the web.

      Which is why the mainstream commercial codecs dominate here.

      Why hardware and software support for these codecs are baked into the smartphone, tablet, PC, graphics card, HDTV, video game console, Blu-ray player. The prosumer HD camcorder, medical and industrial video systems and so on, endlessly.

      • by evilviper (135110)

        The geek sees everything in terms of the "open" web.

        But there is more to digital video than video distribution through the web.

        The "distribution" is orthogonal to the codec being used. Most of the things that make a good "digital video" codec for the "web", also make it exceptionally good for physical media, dedicated hardware, etc., etc.

        Which is why the mainstream commercial codecs dominate here.

        No, MPEG codecs dominate, because they had NO open competitors, until *just now*.

        VP3 was okay at the time, but

    • Code implementing software patents can still be Free/Open Source Software. I mean, isn't that what x264 and VLC is? The un-FOSS-like restriction is one enforced by the government and patent trolls, not the software project.

      Just because one country makes it illegal means you should, or even have to, spread it all around the world.

      Mozilla isn't even offering people the option to enable h.264 in some alternative fashion (maybe a user could provide it themselves, maybe Firefox searches the OS or hardware for an

  • by RogueWarrior65 (678876) on Wednesday July 23, 2014 @10:17AM (#47515241)

    Serious question: What's the best way to handle video on the web given a few requirements? First, the content needs to be hosted on the same site as the website. Why? Because sites like Youtube and Vimeo have control over it. They can unilaterally decide to take something down. They will also present related video. For someone trying to market product, you shouldn't make it easy for a prospective customer to find your competitors. Second, the video has to work on both Macs and PCs. Third, the video has to work on Internet Explorer as early as v.8 because too many users don't know any better.

    • by smash (1351)
      video tag. for the IE8 users, give them alt text.
    • Virtually all of the popular file formats for video are essentially containers that have mpeg4 video inside. Therefore, essentially any player can play mpeg4. The difference is which package files they can open, so just use a plain .mpg file rather than a proprietary package like .wmv.

      If you want to embed the video that's fine, but also provide a link to the mpeg file itself. A plain link to a mpg file is like a plain link to an html page - it will work for anyone.

    • by tepples (727027)
      To an extent it depends on what your video is of. I'd assume that users of Internet Explorer 8 at home have far less disposable income than users of Firefox, Chrome, Safari, or new IE. Will they be paying for your video or for the product that your video advertises?
      • Not exactly a valid assumption. Government users tend to use IE primarily because they have to access other government sites that were built by the lowest bidder who often only work on Windows and only works on IE. Hell, while most of the world uses Acrobat for forms, the feds contracted with IBM to build some IT stuff and they're using this goofy holdover from their acquisition of Lotus.

        • sites that were built by the lowest bidder who often only work on Windows and only works on IE

          All supported Windows desktop operating systems can run IE 9 or later. Besides, whether and why government employees on government equipment and government time would be watching your video still depends on what the video is of. It might be better in a specific case to download the video to watch in a native, non-web application, or to have the IT department authorize installation of a second browser for "general interest" web sites.

  • by rossdee (243626) on Wednesday July 23, 2014 @10:30AM (#47515361)

    So thats whats gonna be in FF33, which is 2 versions from now.

    FF31 has just been released AFAIK

    So whats new (or broken) in FF31 - should I upgrade from FF30 ?

    • https://www.mozilla.org/en-US/... [mozilla.org]

      CSS3 variables I think has been getting the most attention.

    • FF31 has just been released AFAIK

      So whats new (or broken) in FF31 - should I upgrade from FF30 ?

      Unless you like Australis, you may want to 'upgrade' to Pale Moon 24.

  • ActiveX again. (Score:3, Interesting)

    by mar.kolya (2448710) on Wednesday July 23, 2014 @10:45AM (#47515439)

    So, at least on Linux this 'thing' doesn't come packaged with the browser in a package. Instead browser DOWNLOADS this crap from the net. ActiveX, anyone?

    Very-very-very disappointing. Looks like Mozilla have forgotten what their mission was behind all those gay-rights fights.

  • I know some will mock this, but there is a heck of a lot of Flash content out there, and Firefox really should work with Adobe for an unloadable plugin for getting an up to date Flash player on all platforms. There is really far too much Flash content out there to ignore this need. Make it something that can be disabled, and unloaded as a plugin, sure. If you don't want it, you won't have to have it loaded, so it keeps everyone happy. I think that getting Ogg support into the browser and other open codecs w

    • >I think that getting Ogg support into the browser and other open codecs will help us transition away from the Flash over time,

      Also, Flash Cc, the authoring tool, can now output HTML5 rather than SWF, so all the existing Flash projects can be recompiled to no longer require the plugin. Support isn't 100% yet, but that's the direction Adobe is going. The programming language within Flash has always been a dialect of JavaScript/Emacscript, so it is pretty simple for Adobe to start using the browser's Jav

  • This split between supported formats on various browsers is ridiculous. Embed it into the next FireFox so that video tags support H.264. Make it something you can disable if you're paranoid. There will be plenty of time to examine it and make sure there isn't a back door (which would be a stupid thing for Cisco to attempt!)

You can do this in a number of ways. IBM chose to do all of them. Why do you find that funny? -- D. Taylor, Computer Science 350

Working...