Just an interesting observation I had about this once when I noticed that kernel quic implementations weren't very fast.
KTLS is mostly useful if paired with sendfile (I'm ignoring io_uring because I'm not as up to date on that). Otherwise you have to context switch back to userspace constantly.
Assuming the files are encrypted anyway for DRM reasons: why should static content like movies be TLSed? I know I know, "TLS all the things", but it sounds like a high cost at Netflix scale.
To prevent a browser mixed content warning maybe (I didn't attend the presentation). Apparently 15% of Netflix viewing happens in browsers. Inside an Apple TV app, the default requires TLS and while exceptions are apparently allowed they require a justification in App Store review: https://developer.apple.com/documentation/security/preventin...
I refused to connect my TV to the internet and use a Vero V for all of my watching needs. The Vero V is absolutely worse than most other experiences, but I'm happy.
It seems like it took engineering work, but TLS isn't their bottleneck when the data flow is structured correctly for the hardware (which is kind of the thesis of a lot of the Netflix CDN node optimization stuff).
Just an interesting observation I had about this once when I noticed that kernel quic implementations weren't very fast.
KTLS is mostly useful if paired with sendfile (I'm ignoring io_uring because I'm not as up to date on that). Otherwise you have to context switch back to userspace constantly.
Assuming the files are encrypted anyway for DRM reasons: why should static content like movies be TLSed? I know I know, "TLS all the things", but it sounds like a high cost at Netflix scale.
To prevent a browser mixed content warning maybe (I didn't attend the presentation). Apparently 15% of Netflix viewing happens in browsers. Inside an Apple TV app, the default requires TLS and while exceptions are apparently allowed they require a justification in App Store review: https://developer.apple.com/documentation/security/preventin...
Stops Comcast from seeing the metadata and knowing exactly what their mutual customers are streaming.
wait till you hear about what smart tvs do..
I refused to connect my TV to the internet and use a Vero V for all of my watching needs. The Vero V is absolutely worse than most other experiences, but I'm happy.
It seems like it took engineering work, but TLS isn't their bottleneck when the data flow is structured correctly for the hardware (which is kind of the thesis of a lot of the Netflix CDN node optimization stuff).
Nice seeing BSD s getting some use.