JohnTheodore · December 18, 2015 12:49
diff --git a/farstream.txt b/farstream.txt
 17:16 -!- Topic for #farstream: GStreamer voice/video calling library | http://www.freedesktop.org/wiki/Farstream | Farstream 0.2.0 for GStreamer 1.0 and 0.1.2 for GStreamer 
          0.10 | Please stay for long enough for us to answer your questions, if you have a question, just ask it
 17:16 -!- Topic set by ocrete [~ocrete@gentoo/developer/tester] [Tue Sep 25 17:06:06 2012]


 (ocrete is the maintainer of farstream)


 16:33 < unstable> Does gstreamer support ZRTP? What is the story there? Is there a link / bug report talking about it? Are there plans to make the rough plugin integrated into 
                  the gstreamer mainline project?
 16:50 < unstable> ocrete: ping
 16:53 < ocrete> ZRTP we don'T support
 16:54 < ocrete> ZRTP is basically a way to negotiate the SRTP key .. but instead of using the signalling, it'S done in-band (inside the media channel)
 16:54 < ocrete> someone could write a pair of element to support it.. but I personally have no interest as I believe that DTLS-SRTP will win
 16:54 < ocrete> DTLS-SRTP... is a way to negotiate SRTP keys in the signalling (like zrtp)... but using the TLS protocol, so it's more standard, etc
 16:55 < ocrete> and dtls-srtp is what the browsers will support for WebRTC
 16:55 < ocrete> and I've written experimental dtls-srtp for gstreamer
 16:55 < unstable> ocrete: So I'm not familiar with farstream/gstreamer/pidgin/empathy internals. Though I'd like to have encrypted voice/video calling capabilities. Preferably 
                  without Microsoft storing the keys in a database to give out to people.
 16:55 < ocrete> but it's currently blocked on getting the dtls bits into glib
 16:55 < unstable> ocrete: I'm interested in starting a crowd funding campaign on kickstarter/bountysource to try and make this possible.
 16:56 < unstable> I've come here to try and get filled in on exactly what needs to be done.

 16:56 < unstable> The pidgin developers told me that farstream/gstreamer was the place to go. They said if it supported ZRTP that encrypted voice/video calling could work.
 16:56 < unstable> Does that sound right to you?
 16:56 < ocrete> sure, if we had zrtp, they woudl have nothing to do
 16:57 < unstable> I think the situation currently is fairly ripe for getting donations to a bountysource campaign, it could spread on hacker news/reddit etc.
 16:57 < ocrete> but imho, the right solution is dtls
 16:57 < ocrete> which is already implemented at the gstreamer level
 16:57 < unstable> If dtls is already implemented in gstreamer, why can't empathy/pidgin use encrypted voice/video calling?
 16:57 < ocrete> it's just a matter of integrating into farstream.. and then into pidgin (as they will have to do the key management... but they already have that for regular 
                TLS, etc)
 16:57 < ocrete> dtls is not merged.
 16:59 < unstable> dtls needs to be merged to the master gstreamer branch?
 16:59 < unstable> Though glib is blocking on some issue as to why it hasn't merged yet?
 16:59 < ocrete> needs to be merged into glib first
 16:59 < ocrete> and well, ryan (the glib maintainer) has some very valid points
 17:00 < unstable> ocrete: Do you know ryan's handle?
 17:01 < unstable> Or do you have a link to a bug report? My google fu is failing me.
 17:01 < ocrete> we discussed it on irc
 17:01 < ocrete> I tried to make GIOStreams handle datagrams.. and he thinks it should be a separate abstraction
 17:02 < unstable> What about https://github.com/wernerd/gstzrtp ?
 17:02 < unstable> That project seems to have been working over a year ago.
 17:03 < ocrete> first time I hear of that project
 17:03 < unstable> ocrete: So if the glib maintainer ryan has valid points about blocking dtls from being merged, which is blocking from gstreamer having it, which is blocking 
                  from people having encrypted voice/video calls.. what is the next best solution?
 17:04 < ocrete> skype ?
 17:04 < unstable> ocrete: That's proprietary, and it's known that Microsoft is archiving the encryption keys for the data.
 17:04 < unstable> I assume that was sarcasm.
 17:05 < ocrete> arg that uses openssl
 17:06 < unstable> ocrete: Would that still work?
 17:07 < unstable> It's abstracted away to empathy/pidgin right? So if it's suboptimal currently by using openssl, then it gets changed to dtls down the road.. it will just 
                  keep working for pidgin/empathy yes?
 17:08 < unstable> I think a lot of people (particularly with the recent news) would be extremely happy to have encrypted voice/video, even if it's a bit kludgy.
 17:08 < ocrete> no no, the openssl problem is licensing
 17:08 < ocrete> openssl isn't gpl compatible, so can'T be used with empathy or pidgin
 17:08 < unstable> aww man
 17:10 < unstable> ocrete: So that guy's plugin can't legally be used by anyone? Since it's violating copyright law when it's distributed?
 17:10 < unstable> Or at least people can compile the source themselves (which practically no one will do).
 17:10 < unstable> but you can't distribute binaries?
 17:11 < ocrete> you can use it, just can't distribute it together
 17:11 < ocrete> (the GPL doesn'T govern use, only distribution)(
 17:11 < ocrete> yea exactly
 17:11 < unstable> o I see, openssl has a horrible license. "* 3. All advertising materials mentioning features or use of this* software must display the following 
                  acknowledgment:* "This product includes software developed by the OpenSSL Project* for use in the OpenSSL Toolkit. (http://www.openssl.org/)
 17:12 < ocrete> well, I haven't looked at his source code in details... maybe it can be replaced with gnutls without too much effort
 17:12 < unstable> ocrete: You're the maintainer of farstream?
 17:12 < ocrete> yep
 17:13 < unstable> ocrete: Do you agree that if farstream implements some cryptographic solution that is included with gstreamer (at least my ubuntu has it installed by 
                  default), that then empathy/pidgin/whoever else uses gstreamer.. can enable encrypted voice/video calls?
 17:14 < unstable> Is this possible? Or is there someone else who can block it? Like the glib guy (even if for what sounds like perfectly valid reasons)
 17:14 < ocrete> well, it's just as matter of doing the actual work
 17:14 < unstable> also, is this a valid solution (the plugin) for solving the problem?
 17:14 < ocrete> he's not really blocking it.. just asking for the thing to be done right
 17:15 < unstable> ocrete: If you do the work, is it likely someone else will block the change for some reason?
 17:15 < ocrete> I'm not sure exactly what he does (and well, reviewing his code would take time... and it seems that part of it is gplv3, but that can probably be solved)
 17:15 < ocrete> ah no, since I'm a commiter in farstream, gstreamer, etc ;)
 17:15 < ocrete> I just don't have the time
 17:15 < ocrete> and no one cares enough
 17:15 < unstable> ocrete: What if I start a bounty for it, and I get a bunch of people to donate money?
 17:16  * ocrete doesn't believe in bountyware
 17:16 < unstable> If the money piles up, can you allocate time.. and find a way to unblock empathy/pidgin/other userland apps to enable encrypted voice/video for 
                  gstreamer/farstream?
 17:17 < unstable> ocrete: Well I suspect a lot of people are very upset about what's been happening in the news lately. Though they don't have the technical capability to 
                  write code and defend their privacy. You do.
 17:18 < ocrete> tbh, plain srtp is almost there.. as soon as gst 1.2 is released (in like a month or two), I'll try to find the time to implement that... whcih would get you 
                the same level of security as you have with your IM
 17:18 < unstable> Having said that, I think these upset people would be willing to donate money. This is one of the few avenues they have access to.
 17:18 -!- mlundblad [[email protected]] has quit [Ping timeout: 246 seconds]
 17:22 < ocrete> I doubt they'd be willing to give enough money for it to be worthwhile (see how that failed for Geary)
 17:23 < unstable> ocrete: What integer in USD would be enough?
 17:24 < ocrete> not sure exactly
 17:24 < unstable> ocrete: Well ballpark it. It doesn't have to be exact. Your best guess based on the information you currently have.
 17:24 < ocrete> probably under 50k
 17:25 < ocrete> maybe over
 17:25 < unstable> ocrete: How many man hours do you estimate it would take? (ball parked/based on the info you have).
 17:25 < ocrete> a couple months
 17:25 < unstable> That's full time, say 40 hour work weeks?
 17:26 < ocrete> kind of
 17:26 < ocrete> for someone who knows what he's doing
 17:27 < unstable> So 40 * 9 weeks would be 360 hours. 360 * $50 an hour would be $18k
 17:27 < ocrete> then you multiple by 3 because we're a consulting firm ;)
 17:28 < ocrete> and well 9 weeks is very short for months
 17:31 < unstable> ocrete: What language, c?
 17:31 < ocrete> yep
 17:37 < unstable> ocrete: How were the jitsi ( https://jitsi.org/Documentation/ZrtpFAQ ) people able to do it?
 17:37 < ocrete> their thing is java
 17:37 < ocrete> and they're a company which does that full time
 17:37 < ocrete> actually, jitsi might be a good choice also
 17:38 < unstable> ocrete: A good choice for what?
 17:39 < ocrete> a free softwave voip cient with encrypted calls
 17:40 < unstable> yea, it does work. Though it's buggy in various ways.
 17:40 < unstable> I don't understand why they made their own client, why gstreamer/libpurple exist.
 17:40 < ocrete> theirs is quite old
 17:40 < ocrete> and it's java
 17:40 < ocrete> so portable
 17:40 < unstable> So it predates libpurple?
 17:41 < unstable> or the gaim library I should say
 17:41 < unstable> https://jitsi.org/Development/CompletedRoadmap
 17:41 < ocrete> paralle
 17:41 < unstable> They go back to 2006
 17:42 < ocrete> but originally they only did sip
 17:42 < ocrete> and gaim was for im protocols
 17:42 < ocrete> jitsi was more comparable to ekiga (nee gnome-meeting)
 17:42 < unstable> gaim goes back to 1998
 17:42 < unstable> yea
 17:42 < unstable> I see.
 17:43 < ocrete> so it was before both things were merged
	17:16 -!- Topic for #farstream: GStreamer voice/video calling library \| http://www.freedesktop.org/wiki/Farstream \| Farstream 0.2.0 for GStreamer 1.0 and 0.1.2 for GStreamer
	0.10 \| Please stay for long enough for us to answer your questions, if you have a question, just ask it
	17:16 -!- Topic set by ocrete [~ocrete@gentoo/developer/tester] [Tue Sep 25 17:06:06 2012]


	(ocrete is the maintainer of farstream)


	16:33 < unstable> Does gstreamer support ZRTP? What is the story there? Is there a link / bug report talking about it? Are there plans to make the rough plugin integrated into
	the gstreamer mainline project?
	16:50 < unstable> ocrete: ping
	16:53 < ocrete> ZRTP we don'T support
	16:54 < ocrete> ZRTP is basically a way to negotiate the SRTP key .. but instead of using the signalling, it'S done in-band (inside the media channel)
	16:54 < ocrete> someone could write a pair of element to support it.. but I personally have no interest as I believe that DTLS-SRTP will win
	16:54 < ocrete> DTLS-SRTP... is a way to negotiate SRTP keys in the signalling (like zrtp)... but using the TLS protocol, so it's more standard, etc
	16:55 < ocrete> and dtls-srtp is what the browsers will support for WebRTC
	16:55 < ocrete> and I've written experimental dtls-srtp for gstreamer
	16:55 < unstable> ocrete: So I'm not familiar with farstream/gstreamer/pidgin/empathy internals. Though I'd like to have encrypted voice/video calling capabilities. Preferably
	without Microsoft storing the keys in a database to give out to people.
	16:55 < ocrete> but it's currently blocked on getting the dtls bits into glib
	16:55 < unstable> ocrete: I'm interested in starting a crowd funding campaign on kickstarter/bountysource to try and make this possible.
	16:56 < unstable> I've come here to try and get filled in on exactly what needs to be done.

	16:56 < unstable> The pidgin developers told me that farstream/gstreamer was the place to go. They said if it supported ZRTP that encrypted voice/video calling could work.
	16:56 < unstable> Does that sound right to you?
	16:56 < ocrete> sure, if we had zrtp, they woudl have nothing to do
	16:57 < unstable> I think the situation currently is fairly ripe for getting donations to a bountysource campaign, it could spread on hacker news/reddit etc.
	16:57 < ocrete> but imho, the right solution is dtls
	16:57 < ocrete> which is already implemented at the gstreamer level
	16:57 < unstable> If dtls is already implemented in gstreamer, why can't empathy/pidgin use encrypted voice/video calling?
	16:57 < ocrete> it's just a matter of integrating into farstream.. and then into pidgin (as they will have to do the key management... but they already have that for regular
	TLS, etc)
	16:57 < ocrete> dtls is not merged.
	16:59 < unstable> dtls needs to be merged to the master gstreamer branch?
	16:59 < unstable> Though glib is blocking on some issue as to why it hasn't merged yet?
	16:59 < ocrete> needs to be merged into glib first
	16:59 < ocrete> and well, ryan (the glib maintainer) has some very valid points
	17:00 < unstable> ocrete: Do you know ryan's handle?
	17:01 < unstable> Or do you have a link to a bug report? My google fu is failing me.
	17:01 < ocrete> we discussed it on irc
	17:01 < ocrete> I tried to make GIOStreams handle datagrams.. and he thinks it should be a separate abstraction
	17:02 < unstable> What about https://github.com/wernerd/gstzrtp ?
	17:02 < unstable> That project seems to have been working over a year ago.
	17:03 < ocrete> first time I hear of that project
	17:03 < unstable> ocrete: So if the glib maintainer ryan has valid points about blocking dtls from being merged, which is blocking from gstreamer having it, which is blocking
	from people having encrypted voice/video calls.. what is the next best solution?
	17:04 < ocrete> skype ?
	17:04 < unstable> ocrete: That's proprietary, and it's known that Microsoft is archiving the encryption keys for the data.
	17:04 < unstable> I assume that was sarcasm.
	17:05 < ocrete> arg that uses openssl
	17:06 < unstable> ocrete: Would that still work?
	17:07 < unstable> It's abstracted away to empathy/pidgin right? So if it's suboptimal currently by using openssl, then it gets changed to dtls down the road.. it will just
	keep working for pidgin/empathy yes?
	17:08 < unstable> I think a lot of people (particularly with the recent news) would be extremely happy to have encrypted voice/video, even if it's a bit kludgy.
	17:08 < ocrete> no no, the openssl problem is licensing
	17:08 < ocrete> openssl isn't gpl compatible, so can'T be used with empathy or pidgin
	17:08 < unstable> aww man
	17:10 < unstable> ocrete: So that guy's plugin can't legally be used by anyone? Since it's violating copyright law when it's distributed?
	17:10 < unstable> Or at least people can compile the source themselves (which practically no one will do).
	17:10 < unstable> but you can't distribute binaries?
	17:11 < ocrete> you can use it, just can't distribute it together
	17:11 < ocrete> (the GPL doesn'T govern use, only distribution)(
	17:11 < ocrete> yea exactly
	17:11 < unstable> o I see, openssl has a horrible license. "* 3. All advertising materials mentioning features or use of this* software must display the following
	acknowledgment:* "This product includes software developed by the OpenSSL Project* for use in the OpenSSL Toolkit. (http://www.openssl.org/)
	17:12 < ocrete> well, I haven't looked at his source code in details... maybe it can be replaced with gnutls without too much effort
	17:12 < unstable> ocrete: You're the maintainer of farstream?
	17:12 < ocrete> yep
	17:13 < unstable> ocrete: Do you agree that if farstream implements some cryptographic solution that is included with gstreamer (at least my ubuntu has it installed by
	default), that then empathy/pidgin/whoever else uses gstreamer.. can enable encrypted voice/video calls?
	17:14 < unstable> Is this possible? Or is there someone else who can block it? Like the glib guy (even if for what sounds like perfectly valid reasons)
	17:14 < ocrete> well, it's just as matter of doing the actual work
	17:14 < unstable> also, is this a valid solution (the plugin) for solving the problem?
	17:14 < ocrete> he's not really blocking it.. just asking for the thing to be done right
	17:15 < unstable> ocrete: If you do the work, is it likely someone else will block the change for some reason?
	17:15 < ocrete> I'm not sure exactly what he does (and well, reviewing his code would take time... and it seems that part of it is gplv3, but that can probably be solved)
	17:15 < ocrete> ah no, since I'm a commiter in farstream, gstreamer, etc ;)
	17:15 < ocrete> I just don't have the time
	17:15 < ocrete> and no one cares enough
	17:15 < unstable> ocrete: What if I start a bounty for it, and I get a bunch of people to donate money?
	17:16 * ocrete doesn't believe in bountyware
	17:16 < unstable> If the money piles up, can you allocate time.. and find a way to unblock empathy/pidgin/other userland apps to enable encrypted voice/video for
	gstreamer/farstream?
	17:17 < unstable> ocrete: Well I suspect a lot of people are very upset about what's been happening in the news lately. Though they don't have the technical capability to
	write code and defend their privacy. You do.
	17:18 < ocrete> tbh, plain srtp is almost there.. as soon as gst 1.2 is released (in like a month or two), I'll try to find the time to implement that... whcih would get you
	the same level of security as you have with your IM
	17:18 < unstable> Having said that, I think these upset people would be willing to donate money. This is one of the few avenues they have access to.
	17:18 -!- mlundblad [[email protected]] has quit [Ping timeout: 246 seconds]
	17:22 < ocrete> I doubt they'd be willing to give enough money for it to be worthwhile (see how that failed for Geary)
	17:23 < unstable> ocrete: What integer in USD would be enough?
	17:24 < ocrete> not sure exactly
	17:24 < unstable> ocrete: Well ballpark it. It doesn't have to be exact. Your best guess based on the information you currently have.
	17:24 < ocrete> probably under 50k
	17:25 < ocrete> maybe over
	17:25 < unstable> ocrete: How many man hours do you estimate it would take? (ball parked/based on the info you have).
	17:25 < ocrete> a couple months
	17:25 < unstable> That's full time, say 40 hour work weeks?
	17:26 < ocrete> kind of
	17:26 < ocrete> for someone who knows what he's doing
	17:27 < unstable> So 40 * 9 weeks would be 360 hours. 360 * $50 an hour would be $18k
	17:27 < ocrete> then you multiple by 3 because we're a consulting firm ;)
	17:28 < ocrete> and well 9 weeks is very short for months
	17:31 < unstable> ocrete: What language, c?
	17:31 < ocrete> yep
	17:37 < unstable> ocrete: How were the jitsi ( https://jitsi.org/Documentation/ZrtpFAQ ) people able to do it?
	17:37 < ocrete> their thing is java
	17:37 < ocrete> and they're a company which does that full time
	17:37 < ocrete> actually, jitsi might be a good choice also
	17:38 < unstable> ocrete: A good choice for what?
	17:39 < ocrete> a free softwave voip cient with encrypted calls
	17:40 < unstable> yea, it does work. Though it's buggy in various ways.
	17:40 < unstable> I don't understand why they made their own client, why gstreamer/libpurple exist.
	17:40 < ocrete> theirs is quite old
	17:40 < ocrete> and it's java
	17:40 < ocrete> so portable
	17:40 < unstable> So it predates libpurple?
	17:41 < unstable> or the gaim library I should say
	17:41 < unstable> https://jitsi.org/Development/CompletedRoadmap
	17:41 < ocrete> paralle
	17:41 < unstable> They go back to 2006
	17:42 < ocrete> but originally they only did sip
	17:42 < ocrete> and gaim was for im protocols
	17:42 < ocrete> jitsi was more comparable to ekiga (nee gnome-meeting)
	17:42 < unstable> gaim goes back to 1998
	17:42 < unstable> yea
	17:42 < unstable> I see.
	17:43 < ocrete> so it was before both things were merged