[FFmpeg-user] Resolve (was Re: key frame)

Sun Jun 30 03:37:20 EEST 2024

On 29/06/2024 19.32, Carl Zwanzig wrote:
> Mark Filipak wrote in various messages:
>>
>>  Open ports shine on the Internet like stars in the sky. Open ports want to be found.
> 
> How does the world see those ports _inside_ your firewall? Please explain. (You do have an Internet 
> firewall, don't you? Which one?)

The TCP/IP stack and the ports are 'outside'. The firewall is between them and the OS networking.

>> Blackmagic was created to compete with Red. Red is solid. Blackmagic is a barefoot mother.

> Uh, no. BMD was formed in 2005 with the Decklink cards and some converters, their cinema cameras 
> didn't come out until around 2012. The converters and switchers are quite solid, AFAICT so is Resolve.

Okay. Thank you for that. I didn't know about Blackmagic until their cameras.

>> 1 - Blackmagic is not reprogramming routers to allow ports into
>> LANs. Ports are allowed in by default.

> What -are- you talking about? If your network firewall is allowing some ports inbound, that's not 
> the application software's problem.

It certainly is Resolve's doing. If the router (not the firewall) blocked inbound ports by default, 
then the Resolve installer would need to reconfigure the router in addition to the firewall. It 
doesn't do that. A cmd (bat) script in the Resolve installer opens the firewall ports. I know that 
because I saw it.

> Likewise, a web site that looks for open ports can only see what that firewall allows.

The port drivers and listeners are outside the firewall. They are the 'things' what the firewall 
application operates, if there is a listener. The ping of an inbound port is one of the command 
protocols that the listener, if it exists, responds to. I don't remember all the details. It's been 
30 years since I designed network hardware.

> (I think the 
> only in-bound connections I allow is ssh on a non-standard port, wireguard vpn, and? no, that's 
> about it. In-bound responses are allow when matched with outbound traffic. That's pretty standard 
> stuff.)

Yes, you are correct. Some people think -- ignorant notion -- that in order to get responses to 
outbound messages you have to enable the equivalent inbound port. That's not true. What inbound 
versus outbound designates is the 'who' that can initiate a conversation. An inbound port means that 
someone outside can initiate a conversation. That is called a "remote procedure". I don't allow 
those. A remote procedure call (RPC) is an OS function that handles remote procedures. I don't like 
RPCs but all OSes that I know of depend on them. I limit them by blocking ALL inbound ports, no 
exceptions. That does not affect useful computer operation in any way.

> Now let's get to non-routable IP addresses, like the 192.168 range.

That is the class-C local network.

> If you're using those and 
> they're properly filtered out there won't be inbound traffic to those ports, and outbound with NAT's 
> addresses can be easily blocked if you want.

Now you're 'talking' about the router. NAT (network address translation) happens at the router. The 
outside entity doesn't 'talk' to 192.168. It 'talks' to the IP address that is supplied by your ISP. 
If you have 2 computers in your LAN, then you either need 2 IPs from your ISP or you need NAT and 
port mapping.

> This is a non-problem to the vast majority of users and networks.

That's certainly true.

>>> FWIW Resolve uses a database approach to its projects.  (Avid uses files (bins aka .avb files) as 
>>> does Premiere.  That likely
>>> accounts for at least one of the open ports if not more
>>
>> I think you're referring to collaborative software, not databases.

> And under the collab software is.... a Database!!! (even sqlite is a database, and a pretty good 
> one, too; most cell phones and web browsers are using it.)

The collaboration software is an application. An application may use a database, but a database is 
not executable code, per se. A database can store application code -- a database can store anything 
that's made of '1's and '0's -- but a database doesn't 'connect' to the operating system and can't 
launch the code. If it can, it's more than a database.

>> Yup, trust me, I'm from Blackmagic. Are you a convenience fool? If so, you don't get on my LAN.

> Again, your loss. And your "walled garden" metaphorically has a couple of large holes in it.

Where?

> If you don't want to use Resolve, that's fine with pretty much everyone else, just don't go throwing 
> up nonsensical reasons and pretending that they're fact-based.

What's nonsensical, z!?

> z!