On 29/06/2024 19.32, Carl Zwanzig wrote:
Mark Filipak wrote in various messages:
Open ports shine on the Internet like stars in the sky. Open ports want to be
found.
How does the world see those ports _inside_ your firewall? Please explain. (You do have an Internet
firewall, don't you? Which one?)
The TCP/IP stack and the ports are 'outside'. The firewall is between them and
the OS networking.
Blackmagic was created to compete with Red. Red is solid. Blackmagic is a
barefoot mother.
Uh, no. BMD was formed in 2005 with the Decklink cards and some converters, their cinema cameras
didn't come out until around 2012. The converters and switchers are quite solid, AFAICT so is Resolve.
Okay. Thank you for that. I didn't know about Blackmagic until their cameras.
1 - Blackmagic is not reprogramming routers to allow ports into
LANs. Ports are allowed in by default.
What -are- you talking about? If your network firewall is allowing some ports inbound, that's not
the application software's problem.
It certainly is Resolve's doing. If the router (not the firewall) blocked inbound ports by default,
then the Resolve installer would need to reconfigure the router in addition to the firewall. It
doesn't do that. A cmd (bat) script in the Resolve installer opens the firewall ports. I know that
because I saw it.
Likewise, a web site that looks for open ports can only see what that firewall
allows.
The port drivers and listeners are outside the firewall. They are the 'things' what the firewall
application operates, if there is a listener. The ping of an inbound port is one of the command
protocols that the listener, if it exists, responds to. I don't remember all the details. It's been
30 years since I designed network hardware.
(I think the
only in-bound connections I allow is ssh on a non-standard port, wireguard vpn, and? no, that's
about it. In-bound responses are allow when matched with outbound traffic. That's pretty standard
stuff.)
Yes, you are correct. Some people think -- ignorant notion -- that in order to get responses to
outbound messages you have to enable the equivalent inbound port. That's not true. What inbound
versus outbound designates is the 'who' that can initiate a conversation. An inbound port means that
someone outside can initiate a conversation. That is called a "remote procedure". I don't allow
those. A remote procedure call (RPC) is an OS function that handles remote procedures. I don't like
RPCs but all OSes that I know of depend on them. I limit them by blocking ALL inbound ports, no
exceptions. That does not affect useful computer operation in any way.
Now let's get to non-routable IP addresses, like the 192.168 range.
That is the class-C local network.
If you're using those and
they're properly filtered out there won't be inbound traffic to those ports, and outbound with NAT's
addresses can be easily blocked if you want.
Now you're 'talking' about the router. NAT (network address translation) happens at the router. The
outside entity doesn't 'talk' to 192.168. It 'talks' to the IP address that is supplied by your ISP.
If you have 2 computers in your LAN, then you either need 2 IPs from your ISP or you need NAT and
port mapping.
This is a non-problem to the vast majority of users and networks.
That's certainly true.
FWIW Resolve uses a database approach to its projects. (Avid uses files (bins aka .avb files) as
does Premiere. That likely
accounts for at least one of the open ports if not more
I think you're referring to collaborative software, not databases.
And under the collab software is.... a Database!!! (even sqlite is a database, and a pretty good
one, too; most cell phones and web browsers are using it.)
The collaboration software is an application. An application may use a database, but a database is
not executable code, per se. A database can store application code -- a database can store anything
that's made of '1's and '0's -- but a database doesn't 'connect' to the operating system and can't
launch the code. If it can, it's more than a database.
Yup, trust me, I'm from Blackmagic. Are you a convenience fool? If so, you
don't get on my LAN.
Again, your loss. And your "walled garden" metaphorically has a couple of large
holes in it.
Where?
If you don't want to use Resolve, that's fine with pretty much everyone else, just don't go throwing
up nonsensical reasons and pretending that they're fact-based.
What's nonsensical, z!?
z!
_______________________________________________
ffmpeg-user mailing list
ffmpeg-user@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-user
To unsubscribe, visit link above, or email
ffmpeg-user-requ...@ffmpeg.org with subject "unsubscribe".
