How Android YouTube App Is playing videos in Pakistan? - youtube

YouTube is blocked in Pakistan almost 2 years ago, but it still displaying videos... But YouTube is not accessible through any Brower without any proxy or vpn software...
please tell me how Android youtube app works, ???

I guess it depends on how the block is made.
If, say, they just restricted the access to "http://www.youtube.com", then the app may dedicated endpoints which go around their filtering.
Or again, if the block is made at IP level, the servers that hosts the APIs will have a totally different set of IPs than the website ones.
I'm just assuming, so don't take any of this for a fact.

Related

Getting suddenly a lot of request from CFNetwork/Darwin

I've noticed in the AWS console that our website got a lot of more requests than normally. Especially in the night hours (Europe time).
Then I've checked the nginx logs and now I know that a lot of devices with different IP addresses request the root of the website, most of them with the user agent swcd (unknown version) CFNetwork/978.0.7 Darwin/18.7.0. Sometimes one of the versions is different.
I have absolutely no idea what is going on so I hope that someone can help.
swcd runs on iOS and macOS devices and will periodically attempt to access /apple-app-site-association and /.well-known/apple-app-site-association. This is used for several features which mediate between an Apple native app and the web, including Shared Web Credentials, Handoff, and Universal Links.
This process will typically run overnight in the user's local time zone, but specific timing is not guaranteed.
See also Setting Up an App’s Associated Domains for more information on associated domains.
Hard to guess the cause of the spike without knowing more about your product - but some possible causes:
you recently released an update to your iOS or macOS app
a larger customer just signed up for your service or rolled out your product to more employees
a larger customer just deployed an iOS or macOS operating system update to their managed devices
Anyway, I would ignore the spike. If it's causing you trouble, ensure your load balancer is configured correctly.
Recently this same behavior was detected by our CDN and our WAF's, and what we detected here in some clients, was a botnet doing enumeration of users in a distributed way, there is even a name for it, user enumeration spraying.
Anyone who doesn't know how web attacks work would say this is normal.
Looks to me like someone with a botnet is trying to take advantage of the shared web credentials to compromise your site, doing it at night to try to avoid detection. Other evidence is the "a lot of devices with different IP addresses request the root of the website". If it was just a "viral" event, just certain classes of devices would show, rather than a wide diversity of devices. Accessing the root of the web-site -- these are devices that have never been to your site before. It's not a denial of service attack because they are doing it at night, therefore not denying anybody their service, and night is the natural time for break-ins.
I'm not a cracker myself, just an old-school developer, and I'm not even terribly familiar with ios, but I could not remain silent while there was a possibility that your web site was attacked without you at least suspecting and investigating. HTH.

Obfuscate calls/responses from app to allow video playback from a network-denied server

Our sports application is being picked up by schools here in the United States. Our application allows the school's basketball team to upload videos for remote playback, etc. etc.
We use Vimeo as our video processing, hosting, and distribution partner. The app makes calls to Vimeo's servers for specific video playback.
Unfortunately, many schools have networks that block traffic to specific sites, including Facebook, YouTube, and Vimeo.
Is there a process in which we may obscure the network call and response, circumventing the network blocks? Initial thought is to man in the middle myself, possibly routing the calls through and effectively hiding the fact that the response is from a Vimeo server?
Here is an example email I have received from a network admin of a school:
Mr. yourNameHere,
We've had this come up for other instances in our school. Here is the official response from our IT department:
"We do not have the ability to whitelist Vimeo videos on an individual level. It's unfortunate that the site is hosting their content on Vimeo, as an unfiltered Vimeo environment is not suggested for educational environments."
There are too many other "genres" of content available on Vimeo to allow open access.
We have a workaround that is available to staff and faculty only. It will not be made available at the student level, again, because of the vast array of inappropriate content that is accessible on Vimeo.
Staff and faculty can navigate to blockpage.com which will force a content filter login to pop up. Faculty can then input their credentials and gain full access to subsequent sites as long as that filter window is left open. This workaround process has already been made available to staff and faculty in the past.
He may not understand that as this is an iOS application, the blockpage workaround is not a help in this situation.
You can proxy the API calls through your own server (which has many additional benefits), but that may not work for playback. You probably don't want to deal with the bandwith required to proxy the streaming video content.
Luckily the playable video files do not come from the vimeo.com domain. The vimeo api provides a player.vimeo.com url, which redirects to a different hostname. If these networks only block vimeo.com, you might be in the clear.

Service to host streaming videos for mobile access where urls are not trackable

I'm building an iOS app and Android app that will display a series of private videos. Someone will purchase the app for x amount and then have access to the videos through that app only.
I already know a couple of ways to do that part. But the real trick is hiding the video urls to traffic sniffers/etc. I don't want anyone to be able to detect the video urls, or at least the endpoint will reject a request without an auth token.
So I could build my own Node/Express server, incorporate wowza maybe with Amazon to store the files - but that is a lot of work.
So what is the simplest solution to stream my videos to mobile without people being able to load up the videos outside of the app?
It looks like you'll need to implement some sort of authentication system, so that even if they get the video url somehow, they will be unable to view it without the authentication key.
Your videos should be hosted in a directory on your server that is inaccessible from the web. Then use some sort of index page which takes a parameter for the video ID and does the authentication before serving up the video file contents.

Does the Sony qx10 api support multiple simultaneous clients?

Apologies in advance for the general-ness of the question.
I'm writing a multiple client iOS app for viewing the video feed from a single camera. Can the QX10 api support two (or 3) iPad's discovering/viewing the same QX10 at the same time?
I've been looking QX10 sample code, the camera api docs, StackOverflow, and of course the dev website and haven't seen an answer. I'd just buy the bloody thing to test with, but there are none nearby and I was hoping to avoid having to mail order/return it if it didn't work.
....And we're not locked into HW. If there's a better option, I'm open....
I don't believe it does. For ios, the camera creates a network that the ios connects to. (In ios settings/wireless) Any further attempts to connect to the camera from another device fail. Since the API only works after a network connection is established, I don't see how the API could possibly allow 2 devices could connect at once.
(No extraneous words in this post b/c that will get edited which auto down votes the question.....ahhh internet)
I did not try it, but you could use a computer with nat. For example an openrwt router to open up multiple wifi interfaces, one to connect to the camera, using the 10.0.0.0 network the camera uses and then an other network to connect your clients with NAT.
The question would be when the API would start to get confused.
So depending on what you want, maybe some mapper on that helper-computer could
do some proxying of information.
So in theory with an external box, maybe, but as Oldmicah said, it seems that only
one device can connect at the time (at least my QX100 also behaves like that). :(

Upload video and share link - API?

I am developing an app that shares video across several social sites (Facebook, Twitter, Pinterest and SMS and Email).
Not all of these services does video upload (like Twitter), and sharing the video on multiple networks is time consuming for the user.
I am looking for a service that will allow users to upload videos, and the service will then provide a url the user can share on the social sites. It would be great if this is possible without having to create user accounts, but only one developer account.
All videos will be less than 3 minutes in length.
Hope this makes sense.
I have been thinking about creating an app linked YouTube account, but that might cause problems since users can upload all kinds of things and that might get the account shut down.
Hoping to keep costs down on this one, and not have to host all the videos on my own servers (AWS or something like that).
Hope you have got some ideas.
Thanks!
This is not a programming or even a technical question.
viddur.com might do what you want — its a startup and they probably don't have a public api yet, though. Other than that, no one will offer you this service for free. It cost between 0.01-03 cents to encode video (and you have to do it multiple times per video to support varios platforms). Encoding and hosting video is not as cheap as static images. You're basically trying to create a product around a free service that doesn't exist.
TL:DR: Abandon your idea, and only post technical questions to Stackoverflow.

Resources