Since Skype is moving to fully centralized service that can be even more easily wiretapped by Governments around the world (not just US), I'm very excited about the "revolutionary" (literally) capabilities of this protocol, as people will be able to speak 1-on-1 without interference, if the communication is also encrypted. Does being encrypted or not depend on that specific WebRTC client, or does it come encrypted by default like SPDY?
Don't make the mistake of thinking that because the communication channel is "encrypted", it is secure. SSL can already be compromised (so much for trusting encrypted transport) and the WebRTC client code could be compromised (always a problem).
Look, you're kidding yourself if you think that WebRTC is going to liberate you from the prying eyes of government surveillance. As a developer, I'm very excited about the possibilities that WebRTC enables (websockets just can't cut it in many instances), but computer science is not a panacea for political apathy. P2P is nothing new, and anybody who cares to secure their online communications can already do so with ease, everyone else is happy enough to self document their activities on Facebook.
Please explain how I can have a secure online conversation with my mother easily. (Easy for me, easy for her). Is it going to involve setting up my own trusted server somewhere? Is it going to involve downloading some large undocumented project and have to build myself (on my box and her box)? Is it going to require troubleshooting arcane protocols, firewalls, and xml files?
I haven't seen an easy way to have secure email (without teaching the other side of the conversation cryptography), secure voip/voice (without the trouble above), or secure chat (without using my own server).
I'm not saying easy ways don't exist; I'm saying I don't know what or where they are.
It will make it a lot harder. Right now governments have backdoors in apps like Skype, and all Skype's traffic is now routed through Microsoft's servers.
With WebRTC governments would have to perform man-in-the-middle attacks, which is pretty damn hard for P2P-style connections.
Yet another HTML5 "Game Changer" which has already been available as part of the Adobe Flash Platform[1] for the best part of three years.
Just saying :)
For those down-voting me; I find this attitude very strange. If the tools were present in another widely deployed runtime, but were heavily under utilised then why are people getting so excited about them this time around?
Well, stop saying. This is like arguing about the features of a lake when everyone else is playing in the ocean. Flash is proprietary and it doesn't run on mobile. These are both near show-stoppers in, and of, themselves. Combine the two and well, it doesn't matter what else it does.
Until flash runs on mobile and/or is an open standard, it won't be relevant to the future of the web most developers (myself included) want to build.
Well, it's usually very hard to copy other people's flash code that you might see somewhere. With webRTC/javascript, all you really need to do is "view source". This, plus mashups with other web APIs, makes webRTC a much more powerful platform than flash.
Microsoft invented XMLHTTP, an ActiveX object, not XMLHttpRequest, that is similar but not proprietary, and a part of Ajax. And Ajax is a term invented by Garrett - and not Microsoft - that includes several W3C formats.
AJAX as a term and design idea was coined in 2005[1], which is what intent of the quote (though it too is technically inaccurate]. The quote you listed is talking about coining the term, not inventing the technology.
If you read the article you linked, it also says this:
"Finally -- 6 years later -- Jesse James Garrett of Adaptive Path coined a catchy phrase: the term Ajax was born."
At the moment, NAT means that lots of connections have to go through a central server, at least to set up the connection. With IPv6, that need should vanish (providing you aren't firewalled by your router).
The two things combined should remove a lot of middlemen.
While this tech is exciting for a wide variety of reasons, this blog post completely misses the point for me in its efforts to hype this.
> imagine it amplified by secure, real-time transmissions of audio and video
Ok, I'm imagining it. And I'll still be imagining it in 12 months time, because WebRTC does nothing to fix the outstanding issues in setting up secure communications.
> Skype, Cisco, and Polycom will all see their conferencing technology commoditized.
Really? Surely you could have said that Cisco / Polycom would be destroyed by Skype, but that didn't happen. Why would in-browser conferencing, which will almost certainly be a worse experience than Skype, which is itself a far worse experience than dedicated conference hardware/software, commoditize conference technology?
And for that matter, why did the wide variety of already-existing browser-based conferencing tech not do this?
Personally I'm more excited about ideas like P2P downloading, and using DHTs to disseminate information.
after source code reading (and chrome dev console output observing) you have to realize:
1. there is need of 'signaling server'
2. session encryption keys are exchanged through that server
yes, anyone could setup their small server and call through it an make sure tls / ssl cert of their server is intact etc. that will not be a case for avg Joe. not to mention tat browser itself will be an attack vector.
This is very interesting, especially the peer-to-peer browser stuff. With all the attacks on pirate sites lately, it would be interesting to have a new playground for new P2P apps. Joe Soap would be able to get onto P2P by just opening a web page.
Is no one here worried about (again!) audio/video codecs and presence implementation? As far as I've read webrtc specs there are no specifics, they've left implementation details in the hands of implementors.
I fear that Microsoft will push something skype-specific, Google (and possibly Mozilla) vp8 and xmpp/jingle, who knows what Apple will do with Safari. And different clients/browsers won't be able to communicate between themselves.
vp8/xmpp/jingle are open standards with open implementations, and Safari is a Webkit browser with a pretty good track record. Whatever Apple's problems, it doesn't seem too uncomfortable with using stuff that is BSD licensed.
Nobody can force Microsoft to support open standards, without the leverage of popular adoption and demand. So it makes no sense to wait on Microsoft to support open standards before trying to use them.
So if browsers can't talk to each other, whose fault is that? If Microsoft decides to be the odd man out, it's Microsoft's fault. If everyone else allows open standards to be suppressed as they wait for Microsoft, then they will be responsible for a world where Microsoft controls everything. Is that really what you are looking for here?
Anyway, these days Microsoft has shifted more support away from things like Silverlight, so I think there is a good hope that things will not be just like the bad old days.
I can't tell what they mean by this: "If all goes according to plan, over 50% of all web browsers will support this capability in the next three to four months."
There are only five browsers that count, so why didn't they just say "three of the five major browsers?" Or, if they mean more than 50% of browser installations, are we really at the point where we can get 50% of all browser installations updated within a couple of months?
Here comes the glorious HTML5 revolution, reinventing things that were around for decades, but now that it's "a standard" and "in javascript" it changes everything. First it was sockets, then it was WebGL now P2P. I wonder what revolution we will have next - a standardized file system access.
I just started learning more about WebRTC and it looks like an interesting foundation for numerous startups. New technology among others to help solving specific tasks.
[+] [-] mtgx|13 years ago|reply
[+] [-] msutherl|13 years ago|reply
[+] [-] luciferous|13 years ago|reply
[+] [-] vectorpush|13 years ago|reply
[+] [-] thebigshane|13 years ago|reply
I haven't seen an easy way to have secure email (without teaching the other side of the conversation cryptography), secure voip/voice (without the trouble above), or secure chat (without using my own server).
I'm not saying easy ways don't exist; I'm saying I don't know what or where they are.
[+] [-] rorrr|13 years ago|reply
With WebRTC governments would have to perform man-in-the-middle attacks, which is pretty damn hard for P2P-style connections.
[+] [-] phase_9|13 years ago|reply
Just saying :)
For those down-voting me; I find this attitude very strange. If the tools were present in another widely deployed runtime, but were heavily under utilised then why are people getting so excited about them this time around?
I guess some people just love to hate Flash.
[1] http://labs.adobe.com/technologies/cirrus/
[+] [-] wmeredith|13 years ago|reply
Until flash runs on mobile and/or is an open standard, it won't be relevant to the future of the web most developers (myself included) want to build.
[+] [-] naner|13 years ago|reply
Yes. Flash has performance and implementation issues. And developers can't do anything to improve the situation.
[+] [-] sp332|13 years ago|reply
[+] [-] matsiyatzy|13 years ago|reply
[+] [-] rmc|13 years ago|reply
[+] [-] salmanapk|13 years ago|reply
[+] [-] shawndumas|13 years ago|reply
Microsoft --> AJAX[1]. And yes, I know that they aren't saying that Google --> AJAX but it kinda leaves that impression.
----
http://garrettsmith.net/blog/archives/2006/01/microsoft_inve...
[+] [-] scriptproof|13 years ago|reply
[+] [-] mburns|13 years ago|reply
If you read the article you linked, it also says this:
"Finally -- 6 years later -- Jesse James Garrett of Adaptive Path coined a catchy phrase: the term Ajax was born."
[1] http://www.adaptivepath.com/ideas/ajax-new-approach-web-appl...
[+] [-] Mizza|13 years ago|reply
For more information, check us out at http://WebP2P.org and join in #webp2p on Freenode!
[+] [-] AndrewDucker|13 years ago|reply
The two things combined should remove a lot of middlemen.
[+] [-] rfolstad|13 years ago|reply
[+] [-] dustismo|13 years ago|reply
[+] [-] drivebyacct2|13 years ago|reply
(4 months ago I had a demo working using ROAP and STUN before they switched to JSEP. I'm literally in the middle of upgrading it to the new API.)
The "setup" for the connections in the central server is trivial with a tiny websockets server and a few messages shuttled back and forth.
[+] [-] silentOpen|13 years ago|reply
Why is this source credible?
[+] [-] ZoFreX|13 years ago|reply
> imagine it amplified by secure, real-time transmissions of audio and video
Ok, I'm imagining it. And I'll still be imagining it in 12 months time, because WebRTC does nothing to fix the outstanding issues in setting up secure communications.
> Skype, Cisco, and Polycom will all see their conferencing technology commoditized.
Really? Surely you could have said that Cisco / Polycom would be destroyed by Skype, but that didn't happen. Why would in-browser conferencing, which will almost certainly be a worse experience than Skype, which is itself a far worse experience than dedicated conference hardware/software, commoditize conference technology?
And for that matter, why did the wide variety of already-existing browser-based conferencing tech not do this?
Personally I'm more excited about ideas like P2P downloading, and using DHTs to disseminate information.
[+] [-] JoshTriplett|13 years ago|reply
What would give you that impression?
A site that lets you automatically join a conference call just by visiting a page seems far more usable than Skype.
[+] [-] tinfoilhat|13 years ago|reply
after source code reading (and chrome dev console output observing) you have to realize: 1. there is need of 'signaling server' 2. session encryption keys are exchanged through that server
yes, anyone could setup their small server and call through it an make sure tls / ssl cert of their server is intact etc. that will not be a case for avg Joe. not to mention tat browser itself will be an attack vector.
[+] [-] rmc|13 years ago|reply
[+] [-] mildweed|13 years ago|reply
[+] [-] jan_g|13 years ago|reply
I fear that Microsoft will push something skype-specific, Google (and possibly Mozilla) vp8 and xmpp/jingle, who knows what Apple will do with Safari. And different clients/browsers won't be able to communicate between themselves.
[+] [-] slurgfest|13 years ago|reply
Nobody can force Microsoft to support open standards, without the leverage of popular adoption and demand. So it makes no sense to wait on Microsoft to support open standards before trying to use them.
So if browsers can't talk to each other, whose fault is that? If Microsoft decides to be the odd man out, it's Microsoft's fault. If everyone else allows open standards to be suppressed as they wait for Microsoft, then they will be responsible for a world where Microsoft controls everything. Is that really what you are looking for here?
Anyway, these days Microsoft has shifted more support away from things like Silverlight, so I think there is a good hope that things will not be just like the bad old days.
[+] [-] metaxyy|13 years ago|reply
There are only five browsers that count, so why didn't they just say "three of the five major browsers?" Or, if they mean more than 50% of browser installations, are we really at the point where we can get 50% of all browser installations updated within a couple of months?
[+] [-] mtgx|13 years ago|reply
[+] [-] taligent|13 years ago|reply
It does neglect to mention that not all Firefox browsers do self-update so that would need to be factored in.
[+] [-] vitno|13 years ago|reply
and it's resulting library, webRTC.io
[+] [-] moonchrome|13 years ago|reply
[+] [-] macspoofing|13 years ago|reply
[+] [-] tenko|13 years ago|reply
live streaming video to a webpage, from your phone, that's incredible
http://dl.dropbox.com/u/3531958/iphone/webrtc-opera-mobile-1...
[+] [-] magnusgraviti|13 years ago|reply
[+] [-] ajankovic|13 years ago|reply
I have read this line as:
These capabilities open the door to a new wave of advanced web security issues.
[+] [-] christopherscot|13 years ago|reply
[+] [-] vvnraman|13 years ago|reply
[+] [-] FakeUserNames|13 years ago|reply