-------- Original Message -------- Subject: Watch a live video, share your PC with CNN Date: Thu, 5 Feb 2009 11:40:13 -0800 From: Alan Paganelli <alanandsuzanne@xxxxxxxxxxxxx> Reply-To: Blind-chit-chat@xxxxxxxxxxxxxxx To: <blind-chit-chat@xxxxxxxxxxxxxxx>If you would like to subscribe tothis news letter here is a link for the free version. They also have a paid account with more content. The good news is anybody can afford a paid subscription for a year. You send them what you can afford. This news letter has saved my bacon more times then I can count. Here's the link to the free version. http://windowssecrets.com/links/zc6u8g799k2jd/882624h/?url=WindowsSecrets.com%2Finfo%2F <http://windowssecrets.com/links/zc6u8g799k2jd/882624h/?url=WindowsSecrets.com%2Finfo%2F>
TOP STORY Watch a live video, share your PC with CNN Brian Livingston By Brian LivingstonMany people who watched live streaming video of the inauguration of U.S. President Barack Obama on Jan. 20 may not realize that their PC was used to send the video
to other PCs, too.Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN's to send live video to other viewers. The P2P application is called Octoshape Grid Delivery and is managed by Octoshape
ApS, a company based in Copenhagen, Denmark.Web surfers who visit CNN.com and select a live video stream for the first time see in their browsers a dialog box, shown in Figure 1, saying, "This site requires the Octoshape Grid Delivery enhancement for Adobe Flash Player." The dialog box doesn't appear when playing an ordinary video file, only when starting a live feed. (Feeds labeled LIVE typically appear in the upper-right corner of CNN.com's home page during
business hours.) CNN Octoshape dialog boxFigure 1. Users who select a CNN.com live video feed see a dialog box to install
the Octoshape Grid Delivery application. According to Octoshape's end-user license agreement(EULA), what's installed is a peer-to-peer app that will "deliver parts of the video
and audio stream to other end users of the Software."Why should you care? Windows Secrets contributing editor Ryan Russell, using a network sniffer, measured Octoshape using upstream bandwidth of 320 kilobits per second on
a broadband connection. Dan Ferrell, in a commenton contributing editor Susan Bradley's blog, reports seeing 600 Kbps of upstream traffic. At first glance, Ferrell adds, the multiple connections to his PC looked
on his security alert system like some kind of SQL attack. The Internet Storm Center, an Internet security organization, reportedthat traffic on Jan. 20 had jumped to a level thousands of times higher than usual on port 8247, which is used for UDP, the User Datagram Protocol. (See Figure 2.) The center quickly identified the source as legitimate CNN but security consultant Raul Siles warned in his report, "It would be easy for an attacker to hide his actions
on this port if we simply ignore it." ISC Octoshape UDP trafficFigure 2. The Internet Storm Center measured an enormous increase in UDP traffic
on Jan. 20.In a telephone interview, Octoshape's P2P nature was confirmed by Mike Wise, group technical advisor for platform R&D at Turner Broadcasting System, the parent of CNN. Wise emphasized that the news network had selected the most considerate software for the job: "The Octoshape technology uses a congestion control mechanism that's less aggressive than TCP and most UDP implementations." As one example of the way Octoshape gives priority to user tasks, he explained, "we chose an implementation that wouldn't interfere with consumer's VoIP [Voice over Internet Protocol] applications." As a European company, Octoshape's technology was initially used on the continent to stream live feeds of such high-profile events as the Eurovision Song Contest and the UEFA Cup. "We're their first big United States customer, as least that I know
of," says Wise."We did some limited trials leading up to the election" on Nov. 4, as Wise describes it. The big test came with the Jan. 20 inaugural address. More than 26 million live feeds (including restarts of crashed streams) were served that day by CNN.com, according
to a Jan. 25 article and chartin the New York Times. CNN's nearest rivals served "only" 9.1 million (MSNBC) and
8 million (AP).To my surprise, I've seen only a few blogs comment on the implications of CNN using so much upstream bandwidth and almost no headlines in the mainstream U.S. media. Most Internet service providers support far less bandwidth in the upstream direction (from a PC to the Internet) than they do downstream (from the Internet to a PC). But that isn't the only concern with CNN's use of people's Internet connections:
Deceptive marketing.Octoshape's dialog box warns that playing a live video "requires" installing new software. Despite this, however, if you click "no" to Octoshape, you can play the feed using the streaming video capability built into Windows Media Player or Adobe's Flash Player, although possibly with less fidelity. Small links to choose one of the two standard formats appear in the bottom-right corner of the playback window. The Octoshape EULA doesn't become available until after the user is required to select "yes" or "no" to install the app. But even if the EULA appeared before the buttons, burying in legalese the commandeering of a person's PC isn't my idea of "informed consent." Only a clear explanation of the repurposing of a PC's bandwidth in on-screen text, readable without scrolling is an adequate way to inform users of such a technique.
Cost-shifting to ISPs.CNN's use of Octoshape might make live feeds look somewhat smoother to end users,
but the primary benefit is a reduction in cost to the cable news network. The TorrentFreak blogcites an unnamed insider as saying 30% of CNN's live feed traffic was served from individual PCs and not the network's own servers. That saves CNN big time on bandwidth.
But the cost doesn't just disappear it's shifted to ISPs. Brett Glass, the owner of Lariat.net, a small ISP in Laramie, Wyoming, testified before the FCClast year on cost-shifting. Bandwidth, he explains, can cost hundreds of dollars per Mbps per month to providers in rural areas like his. "CNN is setting up a server on the ISP's network without permission or compensation," he told me in an interview.
"CNN's not a charity, in fact it's doing a lot better than some ISPs." Costs to end users.Many ISPs around the world restrict how much bandwidth users can consume. Those providers charge by the megabyte for any traffic above that level. Users who installed Octoshape's app and served traffic upstream as well as down may get an unpleasant surprise in their next monthly bill. Octoshape anticipated this in the company's
EULAby saying, "You are responsible for any telecommunication or other connectivity
charges incurred through the use of the Software."In addition, ISP terms of service usually prohibit customers from using their Internet connection to host a server. The FCC ruled last year against Comcast, a major U.S.
ISP, on peer-to-peer restrictions, as explained in an Ars Technica article . But other legal issues on home-grown servers remain unsettled.(In an interview, Comcast spokeswoman Jenny Moyer declined to address CNN's use of Octoshape, saying, "I don't think it's anything we're going to be able to comment
on at this time.") Ludicrous license terms. Anyone who reads Octoshape's EULAafter clicking "yes" to install the app finds that they've agreed to some hilarious
prohibitions:"You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case
you not are allowed to use or distribute such information." Company policies on outbound traffic.No one has suggested that Octoshape is doing anything other than relaying live video
streams to other PCs. In a blog comment, Johan Ryman, Octoshape manager of strategic partnership and sales, assures users that the app is well-behaved and stops consuming upstream bandwidth within five seconds
of a live stream being closed.Many companies, however, have policies against sending data outside their LAN. How many CIOs will be comfortable with an app that sends unknown information to random
PCs? Use of Flash's install mechanism.Octoshape is the only outside company that's allowed to download software using the Adobe Flash Player's so-called Express Install feature, according to a Flash
Magazine technical analysis. Express Install is used by Adobe to push updates and other software, such as Acrobat
Connect and the Adobe AIR runtime.IT admins who'd like to turn off the installation of Octoshape within their companies
could disable Flash's update mechanism, as explained in Adobe TechNote 16701594. But doing so would disable all auto-updates from Adobe, not just Octoshape.
Security vulnerabilities.The Octoshape app is supported by an established company and is not any kind of virus or worm. However, most programs have bugs, and Octoshape specifically communicates with its own servers and other PCs in ways that are not apparent to end users. Any Web site you visit that is "Octoshape aware" can invoke the application. If a security vulnerability is discovered in the Octoshape software, hackers could exploit
the weakness.Media players expose PC users to serious security flaws more often than Windows itself
does, as WS associate editor Scott Dunn reported on Aug. 16, 2007. For instance, several new vulnerabilities were discovered in Flash Player version
9 in 2008 alone, including one rated "highly critical," according to advisories by the security firm Secunia. In a follow-up article on Sept. 6, 2007, Scott reported that Flash Player 9 was found to be unpatched in 62% of the Windows PCs that participated in a test. End users can correct these holes by patching the
player or upgrading to version 10, but too few do so. Corporate revolving doors.It's remarkable to see how a small company in Denmark has managed to gain exclusive contracts with Adobe and CNN. I'm all for innovative software firms selling cutting-edge
technology.At the same time, I wonder how these relationships came into being. Last month, Octoshape hired as its new U.S. CEO Scott Brown, previously a vice president of Turner Broadcasting,
according to the Business of Video blog. Sounds like the connection between CNN and Octoshape is getting stronger all the
time.The question isn't whether peer-to-peer technology is "good" or "bad." P2P is here
to stay.But if all TV programs are going to be streamed live by media giants, as I'm sure will eventually happen, the question is what impact this will have on Internet bandwidth
and who will pay for it.I'd like to see the computer industry start a well-publicized discussion in the major news media about this. If we're going to stream TV across the Internet, shouldn't
we select an open standard (the TorrentFreak blog likes P2P-Next), rather than proprietary technology that's restricted to a few parties with patents?
What to do if you have Octoshape on your PCAs I mentioned earlier, the Octoshape app isn't currently a threat. But I personally would rather put up with a slightly jerky video than run an application on my PC
that's sending God-knows-what to who-knows-whom. Fortunately, the Octoshape program isn't hard to find or remove: Step 1.To find out whether the Octoshape app is running, you can use Windows' built-in Task Manager. (Right-click a blank space on the Task Bar, and then click Task Manager.)
As Susan Bradley shows in a blog post, when you're viewing a live stream from CNN.com, you'll see in Task Manager a service
called octoshape.exe.(In the illustration on her blog, instances of the service are shown to be consuming 63MB of RAM, but a lot of this memory may be taken up by the Flash Player itself.)
Step 2.To remove Octoshape's app, you can use the Control Panel in either Windows XP or
Vista. In XP, the applet is called Add or Remove Programs. In Vista, it's Programs and Features.The "Octoshape add-in for Adobe Flash Player" is the name of the program to uninstall. Strangely, there isn't an uninstaller for the Mac version of the app. You have to
manually delete the Octoshape folder.These removal procedures are explained in detail at the bottom of the Octoshape Grid
Delivery FAQ .There's much more to write on this subject, but I'll stop here. If you have additional
specifics on any of this, please send a tip via the Windows Secrets contact page . Thanks! Regards, AlanPlease click on: http://www.home.earthlink.net/~alanandsuzanne/ <http://www.home.earthlink.net/%7Ealanandsuzanne/>.
There, you'll find files of my arrangements and performances played on the Yamaha Tyros keyboard. I often add files so check back regularly! The albums in Technics format formerly on my website are still available upon request. __._,_.___Messages in this topic <http://groups.yahoo.com/group/Blind-chit-chat/message/90082;_ylc=X3oDMTM1bDAzMmdoBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEbXNnSWQDOTAwODIEc2VjA2Z0cgRzbGsDdnRwYwRzdGltZQMxMjMzODYyODIwBHRwY0lkAzkwMDgy> (1) Reply (via web post) <http://groups.yahoo.com/group/Blind-chit-chat/post;_ylc=X3oDMTJwYTgxYmV0BF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEbXNnSWQDOTAwODIEc2VjA2Z0cgRzbGsDcnBseQRzdGltZQMxMjMzODYyODIw?act=reply&messageNum=90082> | Start a new topic <http://groups.yahoo.com/group/Blind-chit-chat/post;_ylc=X3oDMTJkZWl0ZzI3BF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDbnRwYwRzdGltZQMxMjMzODYyODIw> Messages <http://groups.yahoo.com/group/Blind-chit-chat/messages;_ylc=X3oDMTJkZzNiNTk0BF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDbXNncwRzdGltZQMxMjMzODYyODIw> | Files <http://groups.yahoo.com/group/Blind-chit-chat/files;_ylc=X3oDMTJlaTRxYjdvBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDZmlsZXMEc3RpbWUDMTIzMzg2MjgyMA--> | Photos <http://groups.yahoo.com/group/Blind-chit-chat/photos;_ylc=X3oDMTJkdGkyYWVxBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDcGhvdARzdGltZQMxMjMzODYyODIw> | Links <http://groups.yahoo.com/group/Blind-chit-chat/links;_ylc=X3oDMTJlNzhtYzZhBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDbGlua3MEc3RpbWUDMTIzMzg2MjgyMA--> | Database <http://groups.yahoo.com/group/Blind-chit-chat/database;_ylc=X3oDMTJiN3JnMTZhBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDZGIEc3RpbWUDMTIzMzg2MjgyMA--> | Polls <http://groups.yahoo.com/group/Blind-chit-chat/polls;_ylc=X3oDMTJlZmZqNDZvBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDcG9sbHMEc3RpbWUDMTIzMzg2MjgyMA--> | Calendar <http://groups.yahoo.com/group/Blind-chit-chat/calendar;_ylc=X3oDMTJjOHUxOGc3BF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA2Z0cgRzbGsDY2FsBHN0aW1lAzEyMzM4NjI4MjA->
Recent Activity * 3 New Members <http://groups.yahoo.com/group/Blind-chit-chat/members;_ylc=X3oDMTJldm90bXE3BF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA3Z0bARzbGsDdm1icnMEc3RpbWUDMTIzMzg2MjgyMA-->Visit Your Group <http://groups.yahoo.com/group/Blind-chit-chat;_ylc=X3oDMTJkcWVqOWJtBF9TAzk3MzU5NzE0BGdycElkAzMxMDU1NARncnBzcElkAzE3MDUxODkwNTIEc2VjA3Z0bARzbGsDdmdocARzdGltZQMxMjMzODYyODIw>
Check out theY! Groups blog <http://us.ard.yahoo.com/SIG=13o68mj6q/M=493064.12016258.12582637.8674578/D=groups/S=1705189052:NC/Y=YAHOO/EXP=1233870020/L=/B=3VLySkPDhEY-/J=1233862820509577/A=5191952/R=0/SIG=112mhte3e/*http://www.ygroupsblog.com/blog/>
Stay up to speed on all things Groups! Yahoo! Groupsw/ John McEnroe <http://us.ard.yahoo.com/SIG=13oebsgil/M=493064.12016283.12445687.8674578/D=groups/S=1705189052:NC/Y=YAHOO/EXP=1233870020/L=/B=3lLySkPDhEY-/J=1233862820509577/A=5202322/R=0/SIG=11aijbghb/*http://new.groups.yahoo.com/allbrangroup>
Join the All-Bran Day 10 Club. Yahoo! GroupsCat Owners Group <http://us.ard.yahoo.com/SIG=13o6ffe3e/M=493064.12016263.12445670.8674578/D=groups/S=1705189052:NC/Y=YAHOO/EXP=1233870020/L=/B=31LySkPDhEY-/J=1233862820509577/A=5522126/R=0/SIG=11kt0eu7c/*http://advision.webevents.yahoo.com/domoreforcats/>
Connect and share with others who love their cats . __,_._,___ blind_html To unsubscribe, please send a blank email to blind_html-request@xxxxxxxxxxxxx with unsubscribe in the subject line. To access the archives, please visit: http://www.freelists.org/archive/blind_html Thanks