mahlfra nairie vincents

0 views
Skip to first unread message

Eugene Hill

unread,
Aug 2, 2024, 2:56:25 AM8/2/24
to progonpaki

And there are so many ways we can do that! We can support companies that use safe, fair workplace practices. We can contact our politicians and make our voices heard. We can make dietary choices that are better for the planet.

There are some funny, smart, gloriously accessible shows that are written by or prominently feature people who are very different than most of us reading this blog. We can watch a sitcom starring an Indian woman and eye guzzle a comedy/drama featuring a transgender sex worker and then queue up a drama with the first Black female lead in 40 years.

I watched two great, very different female coming-of-age movies on Netflix recently. 1) We Are The Best! about a group of girls in Sweden who start their own punk band and 2) Girlhood about a French African girl who joins an all-girl gang and how the decisions she makes affect her family and her future. Highly recommend both!

I am playing with the Netflix API. I am confused on what they want as the 'UserID'. (for a protected query)I am sending in this string (after authentication) to get the User's queue: -public.netflix.com/users/'userID'/queues

Maybe I am not even approaching it from the right angle. Any documentation or code I have found glosses over that part (My netflix ID doesn't work and I assume it should be part of the oauth token I get back, not my normal netflix ID)

This assignment is a two-parter, ladies: Start by setting up a lounge chair in your living room, slathering on some coconut-scented sunscreen, and cracking open Valley of the Dolls by Jacqueline Susann. What better way to feel like you're on vacation than by reading a trashy novel in a faux-tropical setting? Once you've gotten to know these characters, queue up your DVD player and watch them come to life on the small screen.

This one's got it all--Patty Duke and Sharon Tate, amazing fashion on the sidewalks of New York and the Hollywood Hills, a glimpse into the lives of the rich and famous, cigarettes, psychiatric hospitals, European royalty, drugs, sex, cat fights...

By signing up you agree to our User Agreement (including the class action waiver and arbitration provisions), our Privacy Policy & Cookie Statement and to receive marketing and account-related emails from Glamour. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

I am curious what the general take of the recent Netflix announcement is with regard to our ability to control the traffic. Announcement here . I have an opinion as to whether it is necessary, but that is another subject altogether.

It is clear there is only so much application ID that can occur if the data is encrypted, but can it be combined with URL rules to control the traffic? We would, for example, have to know all of the URLs/subnets that youtube (or Netflix) videos are streamed from. Is that even possible?

We have yet to implement any decryption, but I see that it is going to have to happen at some point. But if we implemented it, is anything going to be able to keep up with the decryption process when it is decrypting a bunch streaming data?

With decryption, you have access to the sub-functions within that application (ie: being able to tell the difference between netflix queue management and streaming, or the difference between facebook-posting and facebook-file-transfer).

Jared is absolutely correct regarding using decryption to enable inspection. To address the performance concern: whether or not decryption has an appreciable effect on your performance depends entirely on *how much* you are decrypting. Each platform has specific upper limits in terms of the maximum number of concurrent decrypted sessions. The additional overhead caused by decryption will depend on this volume. You can limit the scope of decrypted traffic using different criteria (e.g. URL category). This approach will let you inspect things that need to be, like youtube, facebook, etc. while not wasting resources on sessions that probably don't need to be (e.g. online banking, healthcare, etc).

It depends if Netflix just wants to protect the name of the content being watched, or if they really want hide the fact you watch Netflix at all. Like Jared said, you can see the domain name during the SSL/TLS handshake, so you will still be able to block Netflix if you want. After all, if a user cannot login to the main page, he won't be able to watch anything.

The problem I see is more with the QoS. The content is currently streamed from a lot of servers using domain names ending in *.nflxvideo.net. If Netflix encrypts those streams and change the domain name to something less obvious, the firewall will see it as generic encrypted traffic and the QoS rule for Netflix won't match, unless you have a decryption rule in place. I guess there will also be the option of simply giving a low priority to generic encrypted trafic.

Maybe a better example is: Someone logs onto Google.com, then goes to youtube via the google apps link. Unless I am missing something, the PA is seeing this traffic as SSL as the call to google is already encrypted.

Bob, that's a perfect example. If google uses *.google.com as a certificate for all of their properties (including youtube, gmail, google-search, google-hangouts, etc.) then it will become increasingly difficult to identify, inspect, and secure the traffic within that SSL tunnel without performing SSL decryption.

90f70e40cf
Reply all
Reply to author
Forward
0 new messages