JohnTheodore/farstream.txt

## farstream.txt
17:16 -!- Topic for #farstream: GStreamer voice/video calling library | http://www.freedesktop.org/wiki/Farstream | Farstream 0.2.0 for GStreamer 1.0 and 0.1.2 for GStreamer
          0.10 | Please stay for long enough for us to answer your questions, if you have a question, just ask it
17:16 -!- Topic set by ocrete [~ocrete@gentoo/developer/tester] [Tue Sep 25 17:06:06 2012]


(ocrete is the maintainer of farstream)


16:33 < unstable> Does gstreamer support ZRTP? What is the story there? Is there a link / bug report talking about it? Are there plans to make the rough plugin integrated into
                  the gstreamer mainline project?
16:50 < unstable> ocrete: ping
16:53 < ocrete> ZRTP we don'T support
16:54 < ocrete> ZRTP is basically a way to negotiate the SRTP key .. but instead of using the signalling, it'S done in-band (inside the media channel)
16:54 < ocrete> someone could write a pair of element to support it.. but I personally have no interest as I believe that DTLS-SRTP will win
16:54 < ocrete> DTLS-SRTP... is a way to negotiate SRTP keys in the signalling (like zrtp)... but using the TLS protocol, so it's more standard, etc
16:55 < ocrete> and dtls-srtp is what the browsers will support for WebRTC
16:55 < ocrete> and I've written experimental dtls-srtp for gstreamer
16:55 < unstable> ocrete: So I'm not familiar with farstream/gstreamer/pidgin/empathy internals. Though I'd like to have encrypted voice/video calling capabilities. Preferably
                  without Microsoft storing the keys in a database to give out to people.
16:55 < ocrete> but it's currently blocked on getting the dtls bits into glib
16:55 < unstable> ocrete: I'm interested in starting a crowd funding campaign on kickstarter/bountysource to try and make this possible.
16:56 < unstable> I've come here to try and get filled in on exactly what needs to be done.

16:56 < unstable> The pidgin developers told me that farstream/gstreamer was the place to go. They said if it supported ZRTP that encrypted voice/video calling could work.
16:56 < unstable> Does that sound right to you?
16:56 < ocrete> sure, if we had zrtp, they woudl have nothing to do
16:57 < unstable> I think the situation currently is fairly ripe for getting donations to a bountysource campaign, it could spread on hacker news/reddit etc.
16:57 < ocrete> but imho, the right solution is dtls
16:57 < ocrete> which is already implemented at the gstreamer level
16:57 < unstable> If dtls is already implemented in gstreamer, why can't empathy/pidgin use encrypted voice/video calling?
16:57 < ocrete> it's just a matter of integrating into farstream.. and then into pidgin (as they will have to do the key management... but they already have that for regular
                TLS, etc)
16:57 < ocrete> dtls is not merged.
16:59 < unstable> dtls needs to be merged to the master gstreamer branch?
16:59 < unstable> Though glib is blocking on some issue as to why it hasn't merged yet?
16:59 < ocrete> needs to be merged into glib first
16:59 < ocrete> and well, ryan (the glib maintainer) has some very valid points
17:00 < unstable> ocrete: Do you know ryan's handle?
17:01 < unstable> Or do you have a link to a bug report? My google fu is failing me.
17:01 < ocrete> we discussed it on irc
17:01 < ocrete> I tried to make GIOStreams handle datagrams.. and he thinks it should be a separate abstraction
17:02 < unstable> What about https://github.com/wernerd/gstzrtp ?
17:02 < unstable> That project seems to have been working over a year ago.
17:03 < ocrete> first time I hear of that project
17:03 < unstable> ocrete: So if the glib maintainer ryan has valid points about blocking dtls from being merged, which is blocking from gstreamer having it, which is blocking
                  from people having encrypted voice/video calls.. what is the next best solution?
17:04 < ocrete> skype ?
17:04 < unstable> ocrete: That's proprietary, and it's known that Microsoft is archiving the encryption keys for the data.
17:04 < unstable> I assume that was sarcasm.
17:05 < ocrete> arg that uses openssl
17:06 < unstable> ocrete: Would that still work?
17:07 < unstable> It's abstracted away to empathy/pidgin right? So if it's suboptimal currently by using openssl, then it gets changed to dtls down the road.. it will just
                  keep working for pidgin/empathy yes?
17:08 < unstable> I think a lot of people (particularly with the recent news) would be extremely happy to have encrypted voice/video, even if it's a bit kludgy.
17:08 < ocrete> no no, the openssl problem is licensing
17:08 < ocrete> openssl isn't gpl compatible, so can'T be used with empathy or pidgin
17:08 < unstable> aww man
17:10 < unstable> ocrete: So that guy's plugin can't legally be used by anyone? Since it's violating copyright law when it's distributed?
17:10 < unstable> Or at least people can compile the source themselves (which practically no one will do).
17:10 < unstable> but you can't distribute binaries?
17:11 < ocrete> you can use it, just can't distribute it together
17:11 < ocrete> (the GPL doesn'T govern use, only distribution)(
17:11 < ocrete> yea exactly
17:11 < unstable> o I see, openssl has a horrible license. "* 3. All advertising materials mentioning features or use of this* software must display the following
                  acknowledgment:* "This product includes software developed by the OpenSSL Project* for use in the OpenSSL Toolkit. (http://www.openssl.org/)
17:12 < ocrete> well, I haven't looked at his source code in details... maybe it can be replaced with gnutls without too much effort
17:12 < unstable> ocrete: You're the maintainer of farstream?
17:12 < ocrete> yep
17:13 < unstable> ocrete: Do you agree that if farstream implements some cryptographic solution that is included with gstreamer (at least my ubuntu has it installed by
                  default), that then empathy/pidgin/whoever else uses gstreamer.. can enable encrypted voice/video calls?
17:14 < unstable> Is this possible? Or is there someone else who can block it? Like the glib guy (even if for what sounds like perfectly valid reasons)
17:14 < ocrete> well, it's just as matter of doing the actual work
17:14 < unstable> also, is this a valid solution (the plugin) for solving the problem?
17:14 < ocrete> he's not really blocking it.. just asking for the thing to be done right
17:15 < unstable> ocrete: If you do the work, is it likely someone else will block the change for some reason?
17:15 < ocrete> I'm not sure exactly what he does (and well, reviewing his code would take time... and it seems that part of it is gplv3, but that can probably be solved)
17:15 < ocrete> ah no, since I'm a commiter in farstream, gstreamer, etc ;)
17:15 < ocrete> I just don't have the time
17:15 < ocrete> and no one cares enough
17:15 < unstable> ocrete: What if I start a bounty for it, and I get a bunch of people to donate money?
17:16  * ocrete doesn't believe in bountyware
17:16 < unstable> If the money piles up, can you allocate time.. and find a way to unblock empathy/pidgin/other userland apps to enable encrypted voice/video for
                  gstreamer/farstream?
17:17 < unstable> ocrete: Well I suspect a lot of people are very upset about what's been happening in the news lately. Though they don't have the technical capability to
                  write code and defend their privacy. You do.
17:18 < ocrete> tbh, plain srtp is almost there.. as soon as gst 1.2 is released (in like a month or two), I'll try to find the time to implement that... whcih would get you
                the same level of security as you have with your IM
17:18 < unstable> Having said that, I think these upset people would be willing to donate money. This is one of the few avenues they have access to.
17:18 -!- mlundblad [~marcus@217.142.147.24] has quit [Ping timeout: 246 seconds]
17:22 < ocrete> I doubt they'd be willing to give enough money for it to be worthwhile (see how that failed for Geary)
17:23 < unstable> ocrete: What integer in USD would be enough?
17:24 < ocrete> not sure exactly
17:24 < unstable> ocrete: Well ballpark it. It doesn't have to be exact. Your best guess based on the information you currently have.
17:24 < ocrete> probably under 50k
17:25 < ocrete> maybe over
17:25 < unstable> ocrete: How many man hours do you estimate it would take? (ball parked/based on the info you have).
17:25 < ocrete> a couple months
17:25 < unstable> That's full time, say 40 hour work weeks?
17:26 < ocrete> kind of
17:26 < ocrete> for someone who knows what he's doing
17:27 < unstable> So 40 * 9 weeks would be 360 hours. 360 * $50 an hour would be $18k
17:27 < ocrete> then you multiple by 3 because we're a consulting firm ;)
17:28 < ocrete> and well 9 weeks is very short for months
17:31 < unstable> ocrete: What language, c?
17:31 < ocrete> yep
17:37 < unstable> ocrete: How were the jitsi ( https://jitsi.org/Documentation/ZrtpFAQ ) people able to do it?
17:37 < ocrete> their thing is java
17:37 < ocrete> and they're a company which does that full time
17:37 < ocrete> actually, jitsi might be a good choice also
17:38 < unstable> ocrete: A good choice for what?
17:39 < ocrete> a free softwave voip cient with encrypted calls
17:40 < unstable> yea, it does work. Though it's buggy in various ways.
17:40 < unstable> I don't understand why they made their own client, why gstreamer/libpurple exist.
17:40 < ocrete> theirs is quite old
17:40 < ocrete> and it's java
17:40 < ocrete> so portable
17:40 < unstable> So it predates libpurple?
17:41 < unstable> or the gaim library I should say
17:41 < unstable> https://jitsi.org/Development/CompletedRoadmap
17:41 < ocrete> paralle
17:41 < unstable> They go back to 2006
17:42 < ocrete> but originally they only did sip
17:42 < ocrete> and gaim was for im protocols
17:42 < ocrete> jitsi was more comparable to ekiga (nee gnome-meeting)
17:42 < unstable> gaim goes back to 1998
17:42 < unstable> yea
17:42 < unstable> I see.
17:43 < ocrete> so it was before both things were merged
	17:16 -!- Topic for #farstream: GStreamer voice/video calling library \| http://www.freedesktop.org/wiki/Farstream \| Farstream 0.2.0 for GStreamer 1.0 and 0.1.2 for GStreamer
	0.10 \| Please stay for long enough for us to answer your questions, if you have a question, just ask it
	17:16 -!- Topic set by ocrete [~ocrete@gentoo/developer/tester] [Tue Sep 25 17:06:06 2012]


	(ocrete is the maintainer of farstream)


	16:33 < unstable> Does gstreamer support ZRTP? What is the story there? Is there a link / bug report talking about it? Are there plans to make the rough plugin integrated into
	the gstreamer mainline project?
	16:50 < unstable> ocrete: ping
	16:53 < ocrete> ZRTP we don'T support
	16:54 < ocrete> ZRTP is basically a way to negotiate the SRTP key .. but instead of using the signalling, it'S done in-band (inside the media channel)
	16:54 < ocrete> someone could write a pair of element to support it.. but I personally have no interest as I believe that DTLS-SRTP will win
	16:54 < ocrete> DTLS-SRTP... is a way to negotiate SRTP keys in the signalling (like zrtp)... but using the TLS protocol, so it's more standard, etc
	16:55 < ocrete> and dtls-srtp is what the browsers will support for WebRTC
	16:55 < ocrete> and I've written experimental dtls-srtp for gstreamer
	16:55 < unstable> ocrete: So I'm not familiar with farstream/gstreamer/pidgin/empathy internals. Though I'd like to have encrypted voice/video calling capabilities. Preferably
	without Microsoft storing the keys in a database to give out to people.
	16:55 < ocrete> but it's currently blocked on getting the dtls bits into glib
	16:55 < unstable> ocrete: I'm interested in starting a crowd funding campaign on kickstarter/bountysource to try and make this possible.
	16:56 < unstable> I've come here to try and get filled in on exactly what needs to be done.

	16:56 < unstable> The pidgin developers told me that farstream/gstreamer was the place to go. They said if it supported ZRTP that encrypted voice/video calling could work.
	16:56 < unstable> Does that sound right to you?
	16:56 < ocrete> sure, if we had zrtp, they woudl have nothing to do
	16:57 < unstable> I think the situation currently is fairly ripe for getting donations to a bountysource campaign, it could spread on hacker news/reddit etc.
	16:57 < ocrete> but imho, the right solution is dtls
	16:57 < ocrete> which is already implemented at the gstreamer level
	16:57 < unstable> If dtls is already implemented in gstreamer, why can't empathy/pidgin use encrypted voice/video calling?
	16:57 < ocrete> it's just a matter of integrating into farstream.. and then into pidgin (as they will have to do the key management... but they already have that for regular
	TLS, etc)
	16:57 < ocrete> dtls is not merged.
	16:59 < unstable> dtls needs to be merged to the master gstreamer branch?
	16:59 < unstable> Though glib is blocking on some issue as to why it hasn't merged yet?
	16:59 < ocrete> needs to be merged into glib first
	16:59 < ocrete> and well, ryan (the glib maintainer) has some very valid points
	17:00 < unstable> ocrete: Do you know ryan's handle?
	17:01 < unstable> Or do you have a link to a bug report? My google fu is failing me.
	17:01 < ocrete> we discussed it on irc
	17:01 < ocrete> I tried to make GIOStreams handle datagrams.. and he thinks it should be a separate abstraction
	17:02 < unstable> What about https://github.com/wernerd/gstzrtp ?
	17:02 < unstable> That project seems to have been working over a year ago.
	17:03 < ocrete> first time I hear of that project
	17:03 < unstable> ocrete: So if the glib maintainer ryan has valid points about blocking dtls from being merged, which is blocking from gstreamer having it, which is blocking
	from people having encrypted voice/video calls.. what is the next best solution?
	17:04 < ocrete> skype ?
	17:04 < unstable> ocrete: That's proprietary, and it's known that Microsoft is archiving the encryption keys for the data.
	17:04 < unstable> I assume that was sarcasm.
	17:05 < ocrete> arg that uses openssl
	17:06 < unstable> ocrete: Would that still work?
	17:07 < unstable> It's abstracted away to empathy/pidgin right? So if it's suboptimal currently by using openssl, then it gets changed to dtls down the road.. it will just
	keep working for pidgin/empathy yes?
	17:08 < unstable> I think a lot of people (particularly with the recent news) would be extremely happy to have encrypted voice/video, even if it's a bit kludgy.
	17:08 < ocrete> no no, the openssl problem is licensing
	17:08 < ocrete> openssl isn't gpl compatible, so can'T be used with empathy or pidgin
	17:08 < unstable> aww man
	17:10 < unstable> ocrete: So that guy's plugin can't legally be used by anyone? Since it's violating copyright law when it's distributed?
	17:10 < unstable> Or at least people can compile the source themselves (which practically no one will do).
	17:10 < unstable> but you can't distribute binaries?
	17:11 < ocrete> you can use it, just can't distribute it together
	17:11 < ocrete> (the GPL doesn'T govern use, only distribution)(
	17:11 < ocrete> yea exactly
	17:11 < unstable> o I see, openssl has a horrible license. "* 3. All advertising materials mentioning features or use of this* software must display the following
	acknowledgment:* "This product includes software developed by the OpenSSL Project* for use in the OpenSSL Toolkit. (http://www.openssl.org/)
	17:12 < ocrete> well, I haven't looked at his source code in details... maybe it can be replaced with gnutls without too much effort
	17:12 < unstable> ocrete: You're the maintainer of farstream?
	17:12 < ocrete> yep
	17:13 < unstable> ocrete: Do you agree that if farstream implements some cryptographic solution that is included with gstreamer (at least my ubuntu has it installed by
	default), that then empathy/pidgin/whoever else uses gstreamer.. can enable encrypted voice/video calls?
	17:14 < unstable> Is this possible? Or is there someone else who can block it? Like the glib guy (even if for what sounds like perfectly valid reasons)
	17:14 < ocrete> well, it's just as matter of doing the actual work
	17:14 < unstable> also, is this a valid solution (the plugin) for solving the problem?
	17:14 < ocrete> he's not really blocking it.. just asking for the thing to be done right
	17:15 < unstable> ocrete: If you do the work, is it likely someone else will block the change for some reason?
	17:15 < ocrete> I'm not sure exactly what he does (and well, reviewing his code would take time... and it seems that part of it is gplv3, but that can probably be solved)
	17:15 < ocrete> ah no, since I'm a commiter in farstream, gstreamer, etc ;)
	17:15 < ocrete> I just don't have the time
	17:15 < ocrete> and no one cares enough
	17:15 < unstable> ocrete: What if I start a bounty for it, and I get a bunch of people to donate money?
	17:16 * ocrete doesn't believe in bountyware
	17:16 < unstable> If the money piles up, can you allocate time.. and find a way to unblock empathy/pidgin/other userland apps to enable encrypted voice/video for
	gstreamer/farstream?
	17:17 < unstable> ocrete: Well I suspect a lot of people are very upset about what's been happening in the news lately. Though they don't have the technical capability to
	write code and defend their privacy. You do.
	17:18 < ocrete> tbh, plain srtp is almost there.. as soon as gst 1.2 is released (in like a month or two), I'll try to find the time to implement that... whcih would get you
	the same level of security as you have with your IM
	17:18 < unstable> Having said that, I think these upset people would be willing to donate money. This is one of the few avenues they have access to.
	17:18 -!- mlundblad [~marcus@217.142.147.24] has quit [Ping timeout: 246 seconds]
	17:22 < ocrete> I doubt they'd be willing to give enough money for it to be worthwhile (see how that failed for Geary)
	17:23 < unstable> ocrete: What integer in USD would be enough?
	17:24 < ocrete> not sure exactly
	17:24 < unstable> ocrete: Well ballpark it. It doesn't have to be exact. Your best guess based on the information you currently have.
	17:24 < ocrete> probably under 50k
	17:25 < ocrete> maybe over
	17:25 < unstable> ocrete: How many man hours do you estimate it would take? (ball parked/based on the info you have).
	17:25 < ocrete> a couple months
	17:25 < unstable> That's full time, say 40 hour work weeks?
	17:26 < ocrete> kind of
	17:26 < ocrete> for someone who knows what he's doing
	17:27 < unstable> So 40 * 9 weeks would be 360 hours. 360 * $50 an hour would be $18k
	17:27 < ocrete> then you multiple by 3 because we're a consulting firm ;)
	17:28 < ocrete> and well 9 weeks is very short for months
	17:31 < unstable> ocrete: What language, c?
	17:31 < ocrete> yep
	17:37 < unstable> ocrete: How were the jitsi ( https://jitsi.org/Documentation/ZrtpFAQ ) people able to do it?
	17:37 < ocrete> their thing is java
	17:37 < ocrete> and they're a company which does that full time
	17:37 < ocrete> actually, jitsi might be a good choice also
	17:38 < unstable> ocrete: A good choice for what?
	17:39 < ocrete> a free softwave voip cient with encrypted calls
	17:40 < unstable> yea, it does work. Though it's buggy in various ways.
	17:40 < unstable> I don't understand why they made their own client, why gstreamer/libpurple exist.
	17:40 < ocrete> theirs is quite old
	17:40 < ocrete> and it's java
	17:40 < ocrete> so portable
	17:40 < unstable> So it predates libpurple?
	17:41 < unstable> or the gaim library I should say
	17:41 < unstable> https://jitsi.org/Development/CompletedRoadmap
	17:41 < ocrete> paralle
	17:41 < unstable> They go back to 2006
	17:42 < ocrete> but originally they only did sip
	17:42 < ocrete> and gaim was for im protocols
	17:42 < ocrete> jitsi was more comparable to ekiga (nee gnome-meeting)
	17:42 < unstable> gaim goes back to 1998
	17:42 < unstable> yea
	17:42 < unstable> I see.
	17:43 < ocrete> so it was before both things were merged