50 comments

[ 2.5 ms ] story [ 115 ms ] thread
This is genius! I was just this week trying to think of some way to abuse slow-loading of images by generating the image as data comes in.

This is perfect.

I too had idly been thinking about this while viewing a few Vine videos that were all using it seemed h264 on iOS.
One way to improve my Instant Background Uploader app [1] and make it actually instant would be by doing just that. Generate the image URL right away and start streaming it while the upload continues.

Instead of waiting for upload to finish before giving you a URL.

But you'd need control over the image hosting backend cuz ImageShack won't let you do it.

[1] https://github.com/shurcooL/InstantBackgroundUploader_OS-X https://github.com/shurcooL/InstantBackgroundUploader_Window...

Interestingly, I already have an image uploading service (that only I use).

It may be a little complicated to make it do this, given how it works currently, but I might try it out.

Great idea. But I guess the performance and latency must be an issue.
Interesting that npm is being used to deploy a regular old CLI application that has essentially nothing to do with javascript development. Are we seeing the future of package management with these distribution-agnostic tools?
It's written in javascript and requires nodejs to function, which comes with npm
This is a very common practice if the CLI application depends upon Node.js.
No, you're just seeing javascript come into its own as a general purpose language community. The surprising part isn't that it's being shipped in npm, it's more that people like programming these sorts of tools in javascript.

This sort of thing is common in Ruby and Python-land. And infinitely better than the `curl foo.io/trolol.sh | sh` we've seen emerge in the last couple of years.

(comment deleted)
s/emerge/re-emerge/

This kind of thing was somewhat common back when rsh / telnet were the usual ways of accessing remote systems.

People have been doing this with CPAN for many years. See: LWP and it's GET, POST, lwp-request utilities.
I really want to try the functionality of this, but I don't have npm... I might just have to get it. :(
Install from NodeJS.org it comes with npm. Note: this tool is apparently linux centric. You should have a development environment (c++, make, etc) installed as well as Python 2.7 in order to work with development modules.

As some module mature, they do offer bre-built binaries as needed.

Does the browser keep the entire gif in memory? That could be a problem with long lasting sessions...
The code creates a new buffer for each frame and then pushes that into the gif. There is no freeing of memory or any kind of ring buffer being setup. So yes, it keeps eating memory.
Perhaps a periodic page refresh would work around the issue. Then that brings up another question, is any part of the gif cached by the browser or downstream proxies / web accelerators?
The client side could wrap the gif image in iframe to control the refresh.
i saw a site linked on HN that was using that kind of technique to siplay public camera feeds, if anyone remember the link , would be great to share it again.
I wonder if this could be used as a way to crash browsers if there's no check for image sizes? Most sites allow user submitted images and over time one could stream big enough gif (...err jif) to crash idle tabs.
depends on browser, but I guess yes.
Very interesting. I have a tool that I use for supporting our iOS apps that streams screenshots of the users session to a browser window. Right now I just have that browser window refreshing every 2 - 3 seconds but this could be a much more interesting way to stream those screenshots. Non-technical users + no screen sharing on iOS is absolutely awful for supporting SaaS applications.
Cool, mjpeg might make more sense for vnc though, they animate fine ff at least.
This nicely solves a problem I've been asked about: how to share a screen securely (read-only). VNC protocol and implementations are too complex/sloppy so I don't trust them. An endless GIF, on the other hand...
What about a service like join.me or gotomeeting?
For this use case I don't trust implementations that I have source code for, due to their complexity. This is intended to share screens that lie behind a firewall. It wouldn't make sense to trust third-party code with closed source code and a similarly complex protocol (and undocumented). Neither would be logical to add this third party, the middle-man, as a point of failure and attack.
> VNC protocol and implementations are too complex/sloppy so I don't trust them.

The protocol is 50 pages long with pretty reasonable margins and it even has pictures: http://www.realvnc.com/docs/rfbproto.pdf

It is an afternoon read. Most desktop environments in Linux implement their own VNC server just because it isn't that complex and you can implement a subset of the protocol for a server anyway.

I imagine if there was a protocol flaw revealed (or even in the many implementations like libvncserver) it would be patched overnight. All of them support viewer-only mode. I like krfb, because by default it only uses access passes rather than a global password, so unless you give someone credentials of an access ticket nobody can login.

I bet an exploitation in the way gifs download and how http resolves file transfers in the dozens of implementations of both is much more likely to have an exploitable man in the middle or other mechanism to eavesdrop, if not take remote control.

+1 rfb protocol is not complex and properly documented
It depends on what you compare it to. I meant complex in the context of the use case I have in mind. It certainly IS much more complex (and powerful) than a simple GIF creator. But if you only need a one-way, low quality stream, RFB is overkill.
For my use case I'm not worried about the client's security (in fact, he's the one I'm interested in protecting the server from).

We probably are assuming very different tolerance thresholds on security. But even so, I don't think you can argue for any security advantages of typical implementations for a 50-page protocol when comparing them to a one-way simple GIF sender.

Is it possible to add mouse clicks via html image maps?
Yes, I was thinking about server-side image maps and link with target in invisible frame. Mouse movements are harder (if possible) to send without client side javascript
Is this supposed to install on Windows? I get a whole bunch of errors when I run "npm install -g vnc-over-gif", most of which seem to be related to node-gif.

Edit: Apparently they're related to unistd.h, which doesn't exist on Windows platforms. Too bad.

I might hack a bit on JS-only gif encoder this weekend but at the moment yes, you need to have proper development environment to compile under windows. unistd.h dependency might be an easy fix though
I am also currently working on a web-based remote desktop app as a side project. I am using socket.io (python port) and pngs, using transparency to only update the part of the image that changed between frames.

However, I also thought about using long-loading animated gifs, because:

1. Run-length encoding seems to be ideal for screenshots.

2. You can use transparency to only update pixels that changed between frames without need for an alpha layer.

3. Palette-based does not seem to be a big issue for screenshots, which typically have few colors.

4. You use an additional frames to update colors that are off [1]. That way you get the best of both worlds: low latency and high quality images.

Do you have any issues using gifs? Memory usage, closing connections, etc...?

[1] http://phil.ipal.org/tc.html#

GIF doesn't have RLE. It only has dictionary built from "previous pattern + 1 new pixel", so even transparent areas are wasteful (1+2+3+4+5+6px etc in optimal case and you have to restart when 4K-entry dictionary fills up).
"Requirements... netscape 2.0+"

Made me chuckle, but probably quite accurate.