HTML Video Check-in – iOS 7 vs. iOS 8
Since iOS 8 went live on the 17th and I updated a few of my devices over the weekend, I decided to do some quick testing of web video playback. I wanted to see if there were any little, undocumented changes that would affect our custom, cross-platform video player, or our general approach to working with HTML video – like the changes to exiting fullscreen video that came in the update from iOS 6 -> iOS 7. 1
Overall, things seem pretty much the same between iOS 7 -> iOS 8, and in a quick runthrough, REPlayer looks to be working just fine.
Cannot Access Alternate Audio Tracks
One interesting change to note, especially since it relates directly to our current series on Alternate Audio Streams in HTML Video, is that the native interface (iOS default controls used when video is fullscreen) for selecting Sub-Title/CC tracks – or Alternate Audio tracks when they’re available – no longer seems to recognize/display the audio tracks in iOS 8.
Sub-Title selection still works just fine, but the Audio Section (and Audio Tracks) do not display in iOS8. We confirmed this by verifying our test m3u8 still contains Alternate Audio tracks in the manifest. Viewing the same video on a device running iOS7 will display, and allow the selection of, both Sub-Title and Audio Tracks, while iOS8 will only display the subtitle tracks.
Off the bat, I’m assuming this is a bug, not a feature, and it will be addressed in future updates, though it could also be a result of the transition from QTKit to AVFoundation as the new iOS Media Framework. 2
One other possible cause for the discrepancy, is the different versions of WebKit used between the two. 3
As of this writing, this does not seem to be a known issue according to the release notes.
Be sure to check back on Wednesday 10/1 as we continue our series on Alternate Audio Tracks in HTML Video – addressing some of the options and implementations available for providing user-selectable alternate audio streams using various formats, and suggest solutions for reaching the widest number of browsers and devices.
This week we’ll be featuring an in-depth writeup of alternate audio in HLS and other playlist-based formats.
In iOS6 - when you switched to fullscreen video, there were 2 options available for exiting fullscreen:
- One was to tap the “Exit Fullscreen” icon in the lower right side of the control bar (Two arrows on a diagonal that were pointing inwards towards each other – the inverse of the icon used to enter fullscreen)
- This would exit fullscreen, and maintain the current playback state of the video, i.e., if the video was playing in fullscreen, it would continue to be playing after leaving fullscreen – if the video was paused in fullscreen, it would remain paused after leaving fullscreen
- The other was to tap on the text-button “DONE” in the upper left of the fullscreen interface
- This would exit fullscreen and pause the video, regardless of current playback state
In iOS7 - the “Exit Fullscreen” icon was removed, and the only option was to use “DONE” – this meant that whenever you exited fullscreen in iOS7, the video would be paused every time. Meaning that an extra tap on the Play Button was necessary in order to resume playback.
AVFoundation was added in iOS 7 and existed alongside QTKit, though developers were strongly encouraged to make the switch – Have not yet found explicit documentation of the status/availability of QTKit in iOS8
- User Agent String of an iPhone 5S running iOS 8.0 reports WebKit v600.1.4
- Full User Agent String -
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A365 Safari/600.1.4
- Full User Agent String -
- User Agent String of an iPhone 5S running iOS 7.1 reports WebKit v537.51.2
- Full User Agent String -
Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53
- Full User Agent String -
On May 13th, we had the pleasure of being a part of the Varnish Summit in New York. Our own David Hassoun gave a great session on using Varnish Plus to help create your own CDN, and had a great time meeting with the other Varnish users there. This event was a great networking opportunity, and a fantastic way to get together with other Varnish users to see how they have been using the product. Since no two deployments will be the same, it has been amazing to see how this tool gets used and the creativity that everyone uses in their own deployment. If you missed the summit and David’s session, you can view it here: http://youtu.be/P7YPFMF5wGo?t=30m25s.
Now, the new round of summits are about to start, though no US date has been announced yet. However, we are hoping that will change soon! Untill something get’s solidified for the US, and for those of you out there who are in Europe, there are currently three dates that you can register to attend. Paris on October 16th, Frankfurt on October 30th, and Stockholm on November 20th. With any luck, there will be live streaming available so those of us unable to make the trip can still attend the conference and get some great information. You can register for any of these dates here, http://info.varnish-software.com/varnish-summits-autumn-2014-registration.
Check back here as we will pass along any information about a US summit as it comes, and keep making your websites fly!
If you’re using Varnish as your web accelerator or media caching server and want to learn more about it, we’ll be holding online administrator training next week. It’s not too late to register so see you there!
Recently, I was tasked with building a video player that would play live streams via IP Multicast on a supported network and automagically switch to Unicast on an unsupported network. Problem is, with IP Multicast the clients will make a connection and just wait around for data without bombing out. This is because the clients are connected to the IP Multicast address space via their network hardware and not a server endpoint in many other types of streaming.
In the past, this type of configuration might be implemented through a connection timeout in the video player logic. However, I wanted a seamless and immediate way to fall back without making the user have to wait. Enter Apache mod_rewrite.
The general workflow I wanted to follow was this:
- The end user hits the video player page on the Apache server
- The video player seamlessly and immediately point itself at the right stream.
- Everyone’s happy
I accomplished the above with a little mod_rewrite magic in my Apache config.
First, I needed to make sure clients on specific subnets would play back the live stream using Unicast. Second, I needed to properly redirect all other clients to the live stream using IP Multicast. Also, I needed to make sure that VOD requests would be ignored.
Here’s a gist of my rewrites along with some commentary.
Recently RealEyes joined the Varnish Software family, and became the first North American reseller and training partner. This is a very exciting partnership and runs in line with our goals and vision for effective delivery of streaming media. The Varnish Plus product is an amazing tool for caching your website and streaming media.
In June we delivered our first public Varnish Administration Class and we, as well as the attendees, were thrilled with the results. That said, we are proud to be able to offer more training sessions within the balance of this year. On September 18th and 19th in Boston, MA and on November 13th and 14th in Denver, CO, we will hold live public classes. These classes will feature a combination of lecture and hands on training, and with the additional option of taking the Varnish certification test at the end of the second day. On August 21st and 22nd, we’ll have an online class. The online class offers the same course material, but no certification test at the end of the course. As always, the sessions will provide valuable and resourceful information for users of Varnish with a heavy emphasis on implementation, deployment, customization, and monitoring. This is a great opportunity for Varnish users of all skill levels to become better users.
If you’re still curious about what Varnish does in general, please have a look at the New York Times website, and be sure to pay attention to the load times of the images and other media. It also works wonders for on-demand content, as well. Check out Vimeo.
Still not convinced? OK, take a quick look at VG (Verdens Gang), which is Norway’s largest newspaper. VG is leveraging Varnish for their exclusive, real time article cloud:
“Some months later @ VG Multimedia 12 squid servers hit the dust and were replaced by 1 server running Varnish. One server handling all requests (45 Million a week) faster than before and with a noticeable carbon footprint reduction.”
If you want even more in depth technical info, check out this article on data visualization the most read articles at VG with Varnish: http://tech.vg.no/2014/03/07/visualizing-the-most-read-articles-on-vg/
Want to learn more about Varnish and how you can use it to make your website fly? Contact us today and we’ll get you going with Varnish!
I’ve been asked a lot of questions and have done a lot of work recently around security hardening for HTTP Streaming with Adobe Media Server (AMS) and Apache. Content protection and sever security and hardening is an evolving beast and the best thing to do is to keep in mind what needs to be secure and how it can possibly be circumvented. However, there’s some basic things to know and a couple tips I can shed some light on within the span of a blog post.
First, with HTTP streaming I think of security in three major categories:
- Server security
- Content protection over the wire
- Content protection while at rest and preventing unauthorized access
When considering the origin of your content, you need to follow the general server hardening and security processes:
- Decreasing access to root level accounts.
- Protecting authentication info such as passwords and certs. Changing them from time to time as well.
- Keeping the Operating System and server applications patched.
- Using firewalls to decrease the network attack surface of your server.
- Auditing the server files and logs and using some IDS systems.
- The list goes on…
After you’ve done due diligence when it comes to your server, then next you need to concern yourself with AMS and Apache as well. Here’s a couple tips to keep in mind:
Adobe Media Server
- Adobe has an AMS Hardening guide for you to review: http://www.adobe.com/devnet/adobe-media-server/articles/hardening_guide.html
- Adobe has a security response page you should know about, complete with notification service: http://helpx.adobe.com/security/alertus.html
The version of Apache bundled with AMS is 2.2.x. Unfortunately, due to the modules needed for HTTP Streaming you can’t upgrade to a newer version of Apache such as 2.4. However, you can lock 2.2 down as far as you need. Here’s some tips on that:
- There’s tons of Apache configuration security hardening posts on the Internet if you google for them. Here’s an example: http://www.tecmint.com/apache-security-tips/
- You should also keep an eye on the Apache security vulnerabilities page: http://httpd.apache.org/security/vulnerabilities_22.html
- Using SSL? Worried about Hearthbleed? Here’s information on how to test against it: http://chandank.com/blog/how-to-test-heart-bleed-ssl-vulnerabilities-cve-2014-0160
AMS and Apache – Ongoing
A really good way to see how well your lockdown efforts are going is to run a vulnerability scanner against your server. This not only will give you an idea of what’s still exposed, but it’s also a good way to check your server from time to time as new vulnerabilities are found. Here’s a scanner that I like using: http://go.beyondtrust.com/community
Content Protection Over the Wire
Now that your server is secure, you need to figure out how to protect your content as it traverses the network between your AMS/Apache origin and the end-user’s video player. SSL is always an option, but did you know that AMS has some built-in DRM protection that doesn’t need to use SSL?
- Content protection for HTTP Dynamic Streaming (HDS) to Flash Player and Adobe AIR (a.k.a PHDS): http://help.adobe.com/en_US/adobemediaserver/devguide/WS5262178513756206-4b6aabd1378392bb59-7fff.html
- Content protection for HTTP Live Streaming (HLS) to iOS and other HLS-supported clients (a.k.a PHLS): http://help.adobe.com/en_US/adobemediaserver/devguide/WS5262178513756206-4b6aabd1378392bb59-7fe8.html
Content Protection While at Rest and Preventing Unauthorized Access
How do we prevent unauthorized access and protect the content that the end user has streamed to their local machine?
Prevent Unauthorized Access
There’s a number of things you can do to prevent unauthorized access. Without going too far into implementation details, this step requires:
- Some co-ordination with the application developers on your team to basically create a binding between the video player and the wrapping application. For instance, the video player would require some kind of token to be passed in before it will play back content. This token can be anything from a shared secret to some information acquired through a valid SSO sign-on.
- If you’re using PHDS, once the player is bound to your system, then you can leverage Protected SWF Verification for PHDS to make sure only your player can play back the PHDS content: http://www.adobe.com/devnet/adobe-media-server/articles/swf-verification-protected-http-dynamic-streaming.html
- If you’re using HLS, it’s much trickier and not quite as all encompassing, but someting you might keep in mind is locking down requests for content through token rewrites that have a short expiration ttl: https://code.google.com/p/mod-auth-token/
Content Protection While at Rest
This one’s easy…for now. If you use PHDS or PHLS as mentioned in the previous section, the data itself is protect with DRM. Basically, a simple AMS bundled version of Adobe Access DRM.
Don’t consider this article and the referenced links as an end-all be all to HTTP Streaming Security with AMS/Apache. It’s just a quick summary of some of the things to consider.
In my consulting experience, I’ve had a wide variety of consulting clients each with varying needs for security. Some implement everything, some a subset and most of the time there’s custom development, consulting, and testing involved. Also, security is a trade-off, the more secure you make something the less functionality there will be for you to leverage. So, implement your security while keeping your required functionality in mind. And test, Test, TEST your configurations against your production use cases.
Hope you enjoyed the read. If you’re ever in need of advice or help with implementing your HTTP Streaming Security, feel free to drop us a line: http://www.realeyes.com/contact/
Last month we had the pleasure of attending the NAB 2014 conference in Las Vegas, Nevada.
I even came out of Lost Wages a little ahead, so for now I can still call it Las Vegas. We’ll just have to wait until my next visit to see what I call it after I leave.
Since this was my first time in attendance, I wanted to see as much as I possibly could without saturating my brain with products and information. When you’re at a conference with 90,000+ attendees and hundreds of exhibitors, it’s easy to get overwhelmed. With that in mind, I made a little mental agenda to focus on relevance versus irrelevance.
What’s really cool about working for a small software development, consulting, training, and integration company like RealEyes, is that we get to deal firsthand with many real world use cases that are never the same. It keeps all of us on our toes and helps us be more knowledgeable in our niche.
Now back to NAB. To anyone who is reading this blog post and has been there before or is familiar with the conference overall knows that it’s the big leagues. Companies from all over the world that either already have an impact or are trying to have an impact are there. From hardware to software and everything in between, they’re there.
One thing I had never considered was how many moving parts go into broadcasting. It’s insane. Since my primary focus deals in streaming solutions, encoding and web collaboration, I never think about what it takes to produce the content, just how to get it out there and deliver it successfully. And since I don’t think we’re going to be delving into video and/or broadcast production any time soon (or are we?), we have to be resourceful with best practices for content delivery.
Varnish Plus is what we feel will offer the proverbial, “icing on the cake” for our end-to-end solution approach. What is it exactly? It’s an HTTP accelerator. Simply put, it’s like supercharging your car. While it’s already been established as the web accelerator of choice in Europe, we are excited to be the premiere Varnish Plus resale, implementation and training partner here in the United States.
Please contact us directly to find out how you can supercharge your content delivery.
On Tuesday, May 13th, David Hassoun spoke about Varnish Plus at the Varnish Software Summit in NYC. The topic was Varnish Plus – Building an Enterprise CDN for HTTP Dynamic Streaming. Feel free to check out the live stream recording: https://www.youtube.com/watch?v=P7YPFMF5wGo David’s talk starts 31 minutes in.
Adobe has recently released some new versions of Adobe Media Server. However, if you discussed them or noticed that they’ve been released you may be encountering confusion around the versions 5.0.4 and 5.0.5.
Adobe Media Server – Version 5.0.4
Adobe Media Server – Version 5.0.5
AMS 5.0.5 is a maintenance update released on 3/31/14 to address product issues and is the on-premise version of AMS. You can download the updater from the AMS/FMS Updaters Index. Feel free to take a look at the issue fix list in the release notes to see if this update applies to your situation. (Note: There is no 5.0.5 branded documentation as far as we know, so for now you can reference the AMS 5.0.3 documentation.)
So there you have it, a breakdown on the current AMS 5.x versions and some helpful links to curb the confusion. Enjoy!
This was a valid question, especially when you think of how HDS delivery works. In a nutshell, HDS delivery consists of a manifest(s) file and then a large number of HDS fragment files. Due to the number of files involved in streaming just one video it’s important to have a basic understanding of how an edge cache works.
Here’s some quick tips to keep in mind when using Varnish Plus with Apache/AMS:
1. Varnish Plus uses an object time to live (ttl) to determine expiration and then a least recently used (lru) algorithm to decide what to boot when the cache is full and the remaining objects haven’t yet expired. Here’s some more details.
2. When monitoring your Varnish Plus server, you can keep an eye on how often things are being purged with the varnishstat command’s n_lru_nuked field. Monitoring this counter will allow you to know when the size of your cache needs to be increased.
3. When sizing your Varnish Plus cache, you need to keep in mind that Varnish Plus has a tracking overhead of about 1k per object. This means that for any video you need to factor in the overhead. Take for instance, a 5 minute video being streamed via HDS. With a default Apache/AMS configuration streaming that 5 minute video will require an F4M manifest file and then 75 fragment files. (The AMS/Apache default fragment size is 4 seconds) So for that video there will be about 76k of overhead.
Using the tips above, you should be able to calculate the size of cache you need and keep an eye on it as well. However, if you find yourself in need of any Varnish Plus or Apache/AMS consulting, feel free to reach out to us!