Friday, September 06, 2024

Accessing a Video Encoder via API

In this day and age APIs have become an integral part of connecting systems and data sharing. They function on both hardware and software providing a uniform way of communication. However, not every system (hard or software) facilitates an API, or although supported is known publicly. Recently I figured out a rather unexpected range of devices to possess a similar facility.


My workplace employs a few mid-range video encoders to provide live and on-demand audio/video streams to public platforms. They belong to a Chinese brand named “Digicast”. We use few encoders belonging to a couple of hardware versions, which in turn runs different firmware versions. My problem begins with having to manage these encoders and needing to enable/disable/reboot them daily or frequently.


Although Digicast’s firmware provides a simple web interface (with simple authentication), having to login to each device every time is troublesome. It is in this backdrop that I started researching on creating a simpler and efficient way of achieving the aforementioned tasks. For this, I had to provide instructions via a program, and for that, I needed an accessible API. Then one day, while I was checking the HTTP request/response headers to/from the encoders, there was an XML response to be seen. It contained several tags with values I was already familiar with (refer Image 1). This got me thinking, that if there is an XML response there should be a request mechanism (i.e. API access).

 

(Image 1)

 

However, countless searches on Google or any other search engine wasn’t fruitful. There is absolutely nothing on this on the web (I propose that you try). So I wrote to the company support and surprisingly they responded promptly. It took more than a couple of mails to make them understand my need and eventually they gave me an API documentation. Then, a dozen mails back and forth, and I had all I needed to proceed. I’ll be attaching the documentation for the “DMB-8900A Classic ProVideo Streaming Encoder” below, so that anyone could download and use it.

 

Now let’s take a look at some basic API calls and their purposes.

 

For example, following is a request to retrieve the current status of the encoder:
http://172.16.7.5/get_ctl?type=hdmi_ext 

You could read the XML output and search for the relevant tag/value to get the status of the stream. In my case, it would be <rtmp_second_enable> with a value of “0” or “1” accordingly. The documentation given at the end contains descriptions of other tags.

 

We could also give instructions to the encoder. For example, the following is for rebooting:
http://172.16.7.5/set_ctl?type=reboot

 

To enable/disable a stream, the value of “rtmp_enable” is set to “1” or “0” respectively:
http://192.168.5.5/set_ctl?type=hdmi_ext&rtmp_enable=1

 

Note the difference in the two end points “get_ctl” and “set_ctl” depending on whether you’re retrieving data or sending a command.

 

If you examine the attached document, there are plenty of other data you could retrieve using these API calls to accomplish your needs. I also must mention that API endpoints and parameters for later firmware versions may differ, and in that case, you’d have to get in touch with support and request the documentation. It’s rather surprising that the company hasn’t published this documentation online. It would make life easier for both their customers and support personnel.


[ API document ]



Thursday, December 28, 2017

Social Detox

The year is coming to an end and it’s been a while since I last wrote on this blog. In fact not once during the last couple of years! I wasn’t taking a break from the “web” or from my daily work. And I did miss writing to this, besides it was a bit frustrating. But what I intend in writing today is to enlighten how the opposite of it could be rewarding and is sought after by an increasing number of individuals.

“Social Detox” (reduced from Social Media Detoxification) is what I’m referring to. The word social has an interesting meaning in this day and age. It’s often perceived as social media and the interactions thereof, especially in internet jargon. The widespread use and penetration of social networks to all spheres of society is a somewhat remarkable phenomenon, even in less developed countries. I have personal experiences to attest this fact.

Social networking has always been entwined with its pros and cons, although they aren’t a problem for everyone, always. But there are terms being coined like F.A.D. (Facebook Addiction Disorder), “echo chambers” and the inevitable distractions and consumption of time. So, the affected, started seeking a way out.

You’d probably heard of the “99 days of freedom” campaign. It’s basically a pledge you make to not visit Facebook for 99 days, while informing others of your decision in advance. I’ve seen several of my friends adopting the practice in recent times. Some even did it regularly. When they are back, they usually express a feeling which encompasses a high degree of satisfaction. I of course haven’t done it, but thought of how it would have felt to them. Then my thoughts stumbled across a few parallels.

Have you lived/camped in the middle of a jungle for a few days with no mobile phone connectivity? Have you been on a spiritual retreat with no interactions with the world outside? If yes, then you should understand what I’m implying. These are even considered as recreational activities. In fact, camping in a jungle - with no artificial light sources - is prescribed by some psychologists as a remedy for sleeping disorders, because it “resets” our biological clock. All this only endorses the essence of programs like the “99 days” experiment.

What’s special is how the withdrawal from an addiction or a frequent habit could lead to an elated level of mind. The abstinence affects a change in our psyche. That’s where the detox part really makes sense, since it cleanses you of the distractions or non-benefits. It also breaks the chain and the monotonous routine, giving us real change.


Monday, August 25, 2014

“No Fly Zone”

In general this hasn’t been a good year for the field of aviation. Starting from Flight 370, then Flight 17, then a couple of crashes in Brazil and Iraq, it’s been bad news one after the other. Causes of the afore-mentioned tragedies vary, with the exception of “MH370” which basically disappeared. Hence it’s rather coincidental that I came to hear an aviation-related mobile announcement in my neighborhood of Boralesgamuwa a fortnight ago. A van was airing a notice which gave a meaning similar to the following:

“We request you to avoid flying any kites in this area as it may cause a threat to aircrafts and passengers onboard.”

A fair enough request, given that the Ratmalana Airport is only about 2km away. But this was the first time I heard such a statement from the authorities. So I did some searching to see if kites are that hazardous as portrayed. And was surprised with the first article I stumbled upon. Apparently a nylon thread seemed to be the cause of a helicopter crash in the Philippines which killed two crew members and seven people on the ground! An important piece of information in that article is regarding the regulations and distance prohibiting kite-flying. I wondered if there were similar regulations in our country as well. Therefore I phoned the airport and inquired. According to the officer who answered me, there were no such specific laws or regulations which prohibited the leisure-time activity, but they will request the relevant local police stations to take action to clear the “sky paths” if needed. When I inquired of the height and distance from the airport that might be acceptable to fly a kite, he didn’t give any numbers. But explained to me how aeroplanes and low-flying helicopters encounter difficulties while approaching or departing the airport. August being the kite-season was a reason for the announcement to go out.

Further searching on regulations, I came across a couple: Hong Kong and the US. Notice the height/distance factors which are clearly mentioned and also the word “balloon” in the FAA page. The ATC of Netherlands has a more detailed page with maps highlighting prohibited areas in different colors along with a descriptive legend. May be our local authorities also should improve on this aspect. Enact regulations if there aren’t any and publish them on the official websites.

Still whatever the law may be, we as responsible and thoughtful citizens need to think of this stuff pretty seriously. And if you or your child needs to fly a kite, Galle Face Green is always there.☺

Monday, May 06, 2013

Volunteering in an Internet Age

As Wikipedia puts it (partly) volunteering is: “An altruistic activity and is intended to promote good or improve human quality of life. In return, this activity produces a feeling of self-worth and respect; however, there is no financial gain”. But the most fascinating thing about this definition is that it holds true for this age too. Many verbs have received different definitions in contemporary times, but some have adopted accordingly. “Volunteer” is one.

A couple or a decade ago, it was all about charity related work where you would offer your effort and/or skills for a social event. But now there are many other activities that one could perform on the internet, which upholds the same values. It’s mainly two-fold as skills & effort, but eventually the same thing. As with offline volunteering, these are mainly performed for proprietary entities or non-profit organisations. At the end of the day, the world benefits, the online community benefits.

Although the topmost activity in this sphere is devoted to the Open-source movement, I wish to focus on a few popular products/websites that rely on Crowdsourcing. Crowdsourcing itself is a new-age term, which could be broadly defined as, “obtaining the efforts of a crowd (volunteers)”.

Wikipedia is the best and most popular example. What more, even this article has a couple of hyperlinks to it already. This online encyclopaedia is almost totally built on the efforts of thousands of contributing volunteers. Not only the submissions, but moderations too are handled in a similar nature by ‘administrators’ who are chosen from the previously mentioned fervent contributors. That helps in maintaining the credibility, which is always a common question raised against crowd-sourced content.

My next focus is a company, and a popular one in Google Inc. Google’s products have now become necessary platforms for thousands of other products and services both online & offline. For example, Google Maps is one such platform. The fact that people are able to contribute to it has resulted in the rapid expansion and improvement of the product itself. Anyone could contribute to “GMaps” through the Map Maker tool which was launched about 5 years ago. Talking about maps, a special mention of a non-commercial/non-profit counterpart in OpenStreetMap also needs to be made. There may be differences in content and quality between the two, but they both acquire and deliver the same kind of service.

Apart from maps and among many others, there were other programmes such as (now suspended) “Google in Your Language”, where they obtained the contributions from volunteers in order to localize their products.

Even though there is no guarantee on the numerous types of ways your contributions could be used in a final output, the age old saying of “volunteer to make a better world” still stands, even in this day and age with a sense of self-satisfaction.

Tuesday, February 12, 2013

Base64 encoding and its proper use

A friend of mine recently unveiled a new version of his website. Given that I too had worked on it sometime back, I decided to check it out. The main points I looked out for was security holes, since there were numerous such flaws which I fixed years ago.  Rather unsurprisingly the password reset feature of the site had one such ‘vulnerability’. It was done anew and the method used was not the most recommended although many developers opt for it. It wasn’t a bug, but a bad implementation ready to be exploited.

The culprit was an incorrect use of base64 encoding. For me, the main uses of base64 are storage and transmission of non-secret data. Although in the case of storage it’s something like hashing binary data etc. The last part ‘non-secret’ is very important. Because if one was to use the same for ‘secret’ information, then again it’s a non-recommended use. In the above scenario that was the exact thing that happened. A piece of data which was meant to be secret and easily non-readable was sent publicly after encoding with base64. And as most developers know, it’s just a jiffy to decode base64. So what I did was decode the string value, only to find out that two values were concatenated. One value was the victim’s email and the other a randomly generated string which wasn’t that hard to identify. Then it was merely to modify the above value with a known user’s email. And voila! I could reset his/her password.

Mentioned above was how a badly implemented encoding could make your web application vulnerable. And this is not something associated with low-profile companies, but even Facebook had a similar situation which was revealed in this article at 'Hacker News'.

The remedies are many, depending on how far you’d be content with given that security isn’t a 100% achievable thing. One solution is to make the random ‘salt’ a highly cryptic value. Another is to use a well-recognized encryption mechanism. Or you could even develop your own encrypt function although security experts warn against this. A rather straightforward and often used method is to implement one-way hashing such as MD5. All this methods have their advantages and perils. It’s up to the developer to decide which is best depending on factors such as performance, importance, accessibility, etc.