
WebRTC is almost here, and it will change the web - denismars
http://venturebeat.com/2012/08/13/webrtc-is-almost-here-and-it-will-change-the-web/
======
mtgx
Since Skype is moving to fully centralized service that can be even more
easily wiretapped by Governments around the world (not just US), I'm very
excited about the "revolutionary" (literally) capabilities of this protocol,
as people will be able to speak 1-on-1 without interference, if the
communication is also encrypted. Does being encrypted or not depend on that
specific WebRTC client, or does it come encrypted by default like SPDY?

~~~
msutherl
Don't make the mistake of thinking that because the communication channel is
"encrypted", it is secure. SSL can already be compromised (so much for
trusting encrypted transport) and the WebRTC client code could be compromised
(always a problem).

~~~
Egregore
Can you please provide links on how SSL can be compromised?

~~~
rmc
It's not SSL per se, but the Certification Authority system that is weak. If
you get one of the root CA certs, you can make any SSL cert a valid SSL cert
for any domain name.

~~~
Egregore
It's correct that if root CA is compromised you can make fakes.

To protect against this attack browsers should warn when certificate changes,
there even is a long standing bug for firefox in mozilla:

<https://bugzilla.mozilla.org/show_bug.cgi?id=471798>

------
vectorpush
Look, you're kidding yourself if you think that WebRTC is going to liberate
you from the prying eyes of government surveillance. As a developer, I'm
_very_ excited about the possibilities that WebRTC enables (websockets just
can't cut it in many instances), but computer science is not a panacea for
political apathy. P2P is nothing new, and anybody who cares to secure their
online communications can already do so with ease, everyone else is happy
enough to self document their activities on Facebook.

~~~
thebigshane
Please explain how I can have a secure online conversation with my mother
easily. (Easy for me, easy for her). Is it going to involve setting up my own
trusted server somewhere? Is it going to involve downloading some large
undocumented project and have to build myself (on my box and her box)? Is it
going to require troubleshooting arcane protocols, firewalls, and xml files?

I haven't seen an easy way to have secure email (without teaching the other
side of the conversation cryptography), secure voip/voice (without the trouble
above), or secure chat (without using my own server).

I'm not saying easy ways don't exist; I'm saying I don't know what or where
they are.

~~~
taligent
No offence but I don't think the government could possibly care less about you
or the conversation with your mother. There is a long list of far more
important and interesting people for them to worry about.

How about using whatever is the easiest, most enjoyable and trouble free setup
for her to use.

~~~
justsee
I didn't downvote you either, but I call this response the narcissistic defect
of security / privacy analysis. The "I'm not interesting / I've got nothing to
hide / X is not interested in me" level of analysis which is about as shallow
as you can go in considering privacy / security.

Because looked at from a societal level, more secure citizen communications
means a society less able to be manipulated / blackmailed / spied on by bad
actors, both domestic and foreign. It doesn't matter if _this particular_
mother never says anything interesting / compromising in communications with
her child, because there are many other situations where they will. Their
child might be a politican, councillor, businessman doing signficant overseas
deals, political activist, dissident.

Your logic is faulty on a number of levels:

* assumes only the US government is a potentially bad actor. This is simply not the case.

* assumes the political / technical climate will never become more hostile to milder expressions of dissent between citizens.

* assumes the parent poster's communications with his mother does not contain any interesting information to any potentially bad actors

Ultimately though, with all the theorizing aside, the parent is simply wanting
a solution that provides secure communication with family members which is a
very uncontroversial, reasonable goal to have.

------
phase_9
Yet another HTML5 "Game Changer" which has already been available as part of
the Adobe Flash Platform[1] for the best part of three years.

Just saying :)

For those down-voting me; I find this attitude very strange. If the tools were
present in another widely deployed runtime, but were heavily under utilised
then why are people getting so excited about them this time around?

I guess some people just love to hate Flash.

[1] <http://labs.adobe.com/technologies/cirrus/>

~~~
wmeredith
Well, stop saying. This is like arguing about the features of a lake when
everyone else is playing in the ocean. Flash is proprietary and it doesn't run
on mobile. These are both near show-stoppers in, and of, themselves. Combine
the two and well, _it doesn't matter what else it does_.

Until flash runs on mobile and/or is an open standard, it won't be relevant to
the future of the web most developers (myself included) want to build.

~~~
daleharvey
Exactly this, the fact that its available in open standards is a game changer
for me.

The fact that it has been possible with various other technologies for years
is not news (for me)

------
shawndumas
"This is the most significant step forward in web browser connectivity since
2004, when Google launched Gmail and AJAX was coined."

Microsoft --> AJAX[1]. And yes, I know that they aren't saying that Google -->
AJAX but it kinda leaves that impression.

\----

[http://garrettsmith.net/blog/archives/2006/01/microsoft_inve...](http://garrettsmith.net/blog/archives/2006/01/microsoft_inven_1.html)

~~~
scriptproof
Microsoft invented XMLHTTP, an ActiveX object, not XMLHttpRequest, that is
similar but not proprietary, and a part of Ajax. And Ajax is a term invented
by Garrett - and not Microsoft - that includes several W3C formats.

~~~
huggyface
"AJAX" the term is a meaningless bit of inaccurate noise (it is wrong in
almost every way). No idea what your bit about XMLHttpRequest was, given that
was nothing more than a formalizing and cross-platform implementation of
Microsoft's COM object (which itself was originally written for Outlook Web
Access).

Like the GP that bit about AJAX was just all wrong. Garrett is so
astonishingly irrelevant in all of this, as is the AJAX me-too title. Google
was very important, but only insofar as they legitimized the technique and
made a lot of people realize that this crazy web thing was a lot more powerful
than people often thought. And it wasn't gmail -- it was Google Suggests. That
was an atomic bomb on webapps that proved that highly dynamic pages were
possible and preferable.

Me - using XmlHttp(Request) since 2001.

------
Mizza
Even this is a naive understanding of how WebRTC will change the web.
Resiliency and decentralization in ways we've never seen before!

For more information, check us out at <http://WebP2P.org> and join in #webp2p
on Freenode!

------
AndrewDucker
At the moment, NAT means that lots of connections have to go through a central
server, at least to set up the connection. With IPv6, that need should vanish
(providing you aren't firewalled by your router).

The two things combined should remove a lot of middlemen.

~~~
dustismo
Exactly. Almost everyone is behind a router so there is no way this is going
to be as useful as stated in the article.

~~~
arendn
P2P firewall traversal is pretty common these days. Checkout STUN/ICE/TURN.

------
silentOpen
"Through an open standards approach, WebRTC integrates browser-to-browser
communications directly into the fabric of the Internet."

Why is this source credible?

------
ZoFreX
While this tech is exciting for a wide variety of reasons, this blog post
completely misses the point for me in its efforts to hype this.

> imagine it amplified by secure, real-time transmissions of audio and video

Ok, I'm imagining it. And I'll still be imagining it in 12 months time,
because WebRTC does nothing to fix the outstanding issues in setting up secure
communications.

> Skype, Cisco, and Polycom will all see their conferencing technology
> commoditized.

Really? Surely you could have said that Cisco / Polycom would be destroyed by
Skype, but that didn't happen. Why would in-browser conferencing, which will
almost certainly be a worse experience than Skype, which is itself a far worse
experience than dedicated conference hardware/software, commoditize conference
technology?

And for that matter, why did the wide variety of already-existing browser-
based conferencing tech not do this?

Personally I'm more excited about ideas like P2P downloading, and using DHTs
to disseminate information.

~~~
JoshTriplett
> Why would in-browser conferencing, which will almost certainly be a worse
> experience than Skype

What would give you that impression?

A site that lets you automatically join a conference call just by visiting a
page seems far more usable than Skype.

~~~
ZoFreX
Because a general purpose device (in this case, the browser) generally falls
behind in a few ways compared to a specific purpose device (in this case
Skype). A few examples:

Stability: For Skype to break, you need to either crash Skype or the entire
computer or O/S. For your in-browser conferencing, you just need the web
browser to crash.

Connectivity: Skype has put huge amounts of work into punching through
firewalls, and has many settings dedicated to that. Furthermore it's a common
enough option on SOHO/consumer routers to let it through. P2P browser
connectivity just isn't there yet.

Security: Our firewall at work is configured to allow Skype through. I doubt
it's configured to let browsers open direct raw socket connections to any IP
and port they please. I can't even begin to imagine how a network
administrator is supposed to lock these capabilities down, other than
completely disallowing them.

UX: Again, Skype is a dedicated program so it can do a lot more. It can keep a
little overlay window open in the corner of your screen so you can look at a
web page or document but keep an eye on your call. It can hook into the O/S to
ensure your microphone is selected and unmuted. It can tell your music player
to pause when a call comes in. None of this is possible with a browser (yes,
you could add APIs, but where do you stop - are browsers going to become the
next JVM, creating a cross-platform API that plasters over the differences
between O/S's?)

My last point is mildly tangential: Why would P2P in-browser conferencing
disrupt Skype / Polycom when it has literally zero perceivable difference to
the end-user compared to regular client-server in-browser conferencing (other
than the fact that with P2P you will be able to connect to fewer people than
in the client-server model)?

------
tinfoilhat
from <http://www.webrtc.org/running-the-demos#TOC-Demos> : Justin Uberti
(Chrome-webrtc team member) has sent in a App Engine based 1:1 video calling
app. <http://apprtc.appspot.com/> source code:
[http://code.google.com/p/webrtc-
samples/source/browse/trunk/...](http://code.google.com/p/webrtc-
samples/source/browse/trunk/apprtc/)

after source code reading (and chrome dev console output observing) you have
to realize: 1\. there is need of 'signaling server' 2\. session encryption
keys are exchanged through that server

yes, anyone could setup their small server and call through it an make sure
tls / ssl cert of their server is intact etc. that will not be a case for avg
Joe. not to mention tat browser itself will be an attack vector.

------
rmc
This is very interesting, especially the peer-to-peer browser stuff. With all
the attacks on pirate sites lately, it would be interesting to have a new
playground for new P2P apps. Joe Soap would be able to get onto P2P by just
opening a web page.

------
mildweed
Just in time for Google Fiber here in Kansas City. Excellent timing.

------
jan_g
Is no one here worried about (again!) audio/video codecs and presence
implementation? As far as I've read webrtc specs there are no specifics,
they've left implementation details in the hands of implementors.

I fear that Microsoft will push something skype-specific, Google (and possibly
Mozilla) vp8 and xmpp/jingle, who knows what Apple will do with Safari. And
different clients/browsers won't be able to communicate between themselves.

~~~
slurgfest
vp8/xmpp/jingle are open standards with open implementations, and Safari is a
Webkit browser with a pretty good track record. Whatever Apple's problems, it
doesn't seem too uncomfortable with using stuff that is BSD licensed.

Nobody can force Microsoft to support open standards, without the leverage of
popular adoption and demand. So it makes no sense to wait on Microsoft to
support open standards before trying to use them.

So if browsers can't talk to each other, whose fault is that? If Microsoft
decides to be the odd man out, it's Microsoft's fault. If everyone else allows
open standards to be suppressed as they wait for Microsoft, then they will be
responsible for a world where Microsoft controls everything. Is that really
what you are looking for here?

Anyway, these days Microsoft has shifted more support away from things like
Silverlight, so I think there is a good hope that things will not be just like
the bad old days.

~~~
bzbarsky
VP8 is BSD-licensed. It's not supported in Safari and Apple has said they have
no plans to do so.

That's because this whole codec thing is about patent licensing, not copyright
licensing, so the fact that the code is BSD-licensed for copyright purposes is
irrelevant.

The result is that for the HTML video tag, for example, it's Apple and
Microsoft that don't support VP8 and Theora, and Mozilla and Opera that don't
support H.264, all for patent licensing, not copyright, reasons. The
corresponding situation with WebRTC is still in flux.

------
metaxyy
I can't tell what they mean by this: "If all goes according to plan, over 50%
of all web browsers will support this capability in the next three to four
months."

There are only five browsers that count, so why didn't they just say "three of
the five major browsers?" Or, if they mean more than 50% of browser
installations, are we really at the point where we can get 50% of all browser
installations updated within a couple of months?

~~~
mtgx
Yes, I think Chrome and Firefox can achieve that within 3-4 months.

------
vitno
for a great multi-user demo of webRTC check out <https://bitly.com/webrtcio>

and it's resulting library, webRTC.io

------
moonchrome
Here comes the glorious HTML5 revolution, reinventing things that were around
for decades, but now that it's "a standard" and "in javascript" it changes
_everything_. First it was sockets, then it was WebGL now P2P. I wonder what
revolution we will have next - a standardized file system access.

~~~
macspoofing
Actually yeah. It does make a difference if it runs in a browser.

------
tenko
I remember this demo from march, got me all excited :)

live streaming video to a webpage, from your phone, that's incredible

[http://dl.dropbox.com/u/3531958/iphone/webrtc-opera-
mobile-1...](http://dl.dropbox.com/u/3531958/iphone/webrtc-opera-
mobile-12.ogv)

------
magnusgraviti
I just started learning more about WebRTC and it looks like an interesting
foundation for numerous startups. New technology among others to help solving
specific tasks.

------
ajankovic
_These capabilities open the door to a new wave of advanced web applications._

I have read this line as:

 _These capabilities open the door to a new wave of advanced web security
issues._

------
christopherscot
which should make it about 2016 when we can use it in IE

~~~
vvnraman
Actually you can use it in IE right now using Chrome Frame. Read this for more
detailed info - [https://groups.google.com/forum/#!msg/discuss-
webrtc/tKoh1wr...](https://groups.google.com/forum/#!msg/discuss-
webrtc/tKoh1wrI8ig/MPTdCHpgcm4J\[1-25\]).

~~~
molmalo
But when Windows 8 comes out, Chrome Frame will stop being a valid solution,
at least for IE's "[Metro|Windows 8|Modern]-style UI" version.

------
FakeUserNames
Most def. the way things are trending, this is the new big thing. Look Out,
the Revolution Sez Go!

------
moe
And when you screw off the wheel it can double as a mop!

What exactly does it help to have your video-feed drive around on a
broomstick?

I can see the entertainment value for a couple days. But when it's time to get
work done again I sure as hell don't see people preferring a video broomstick
next to their desk over a plain old skype-window...

~~~
slurgfest
Not sure what you're getting at by "drive around on a broomstick." To be sure,
the article is more breathless than it needs to be. WebRTC seems to my
untutored eye to be a boring, practical, good idea.

Skype is a proprietary service which (last I checked) still requires you to
locally install their binary, and is completely under the control of one
company... as a risk-averse person I wouldn't bet the farm building on top of
any technology which requires me to swear fealty to Skype or Facebook, because
who knows what will happen in a year?

------
rohit01
Nice post. WebRTC is great!

------
suryaprakashrao
very interesting

------
barista
>This is the most significant step forward in web browser connectivity since
2004, when Google launched Gmail and AJAX was coined

That's not quite right. Microsoft invented XMLHTTP, the interface which XHR is
based on, in '98 or '99 for Outlook Web Access.

~~~
dustismo
Notice that he said "AJAX was coined" in 2004 not that the technology was
invented.

~~~
isnotchicago
In the parent's defense, the rest of that paragraph and the chart below it
downplay Microsoft's role in favor of Google's, which could be viewed as "not
quite right".

