Cross-platform (Mac & Windows) desktop app with DRM support - cross-platform

Can anyone suggest me options for developing a cross-platform desktop application (MacOS & Windows8.1+) which supports DRM playback.
I have looked into ElectronJS (does not support DRM inbuilt), Used castlabs fork of Electron with VMP enabled Widevine DRM support but getting a production ready license cert from Google Widevine takes ages.
So looking into more options where DRM playback (PlayReady, Widevine & FairPlay) can be enabled.

Since you already know of the Castlabs Electron fork. I don't think you are going to find a better solution really.
You can always license PlayReady and port it to all the platforms you want to support, the licensing for that is straightforward but the actual implementation would require a large amount of effort. It would likely be easier to just try and embed Chromeless Safari and Chromeless Edge on the respective platforms.

Related

Stream video from a stand alone desktop application(not browser) to a remote desktop application(not browser)

I'm trying to build a live video streaming application from a usb camera to an application running on a remote desktop. I've researched protocols like RTMP, RTSP, WebRTC. According to my understanding I can't use webRTC since it's only compatible in the browser and I'm not building my application for a browser here. Please help me choose the right protocol and also the media server.
You can, and many applications do, use WebRTC outside the browser. WebRTC implementations are available for many different platforms including iOS, Android and embedded systems.
You can even use Headless Chrome if you want to use the Chrome APIs without the visual parts of the browser.

Why desktop chrome only supports Widevine CDM security level L3?

I am curious why desktop Chrome only supports L3 CDM, while android Chrome and ChromeOS can support L1 CDM.
Is there any possible reason for that??
Just to roughly guess, two possible reason could be to support Linux platform and for wide usage of Chrome?
1) I read someone saying that to use L1 CDM 'secure media path' has to be implemented in graphic pipe line and Linux doesn't have it implemented.
2) Desktop Chrome doesn't wanna be restricted by H/W requirements?
The simple answer is that it is because it does not meet all the security requirements for Widevine L1, as you guessed.
The more complex answer is that this domain is evolving all the time, and different devices and browser combinations need to be looked at separately at any given time. For example Chrome on Android now does support Widevine L1:
https://developers.google.com/web/updates/2017/09/chrome-62-media-updates
The usual blocker on a device/browser combination are the lack of a secure media path, and/or the lack of a hardware root of trust integrated into the solution.

HTML5 / JavaScript game solution focusing on connectivity between server and client

Considering the simple-graphic turn-based games such as card games, backgammon, ... we can see most of them are still developed using Flash or other plugin-based solutions instead of pure JavaScript (Ajax/WebSocket).
I want to know what is the reason? Is the connectivity between a flash game and the server more reliable than the connectivity between JavaScript API (Ajax/WebSocket) and the server?
If no, why is the reason that still most of the card games (let say those we can see on Facebook) are developed using Flash?
The target audience of Facebook-games is very wide, from people with the latest and greatest technology to people who are still using Windows XP with IE8.
As you will almost definitely know, IE8 does not support newer technologies such as websockets/HTML5. It is even troublesome in IE9. Thus, the developers of the Facebook games build their games in Flash as that is a technology which will run in both older versions of IE and in the latest versions of Google Chrome. They can target a much bigger audience using Flash as when they were using HTML5.

Can Adobe AIR be used to create desktop/mobile apps written in Javascript that use the Web Audio API?

Can I use Adobe AIR to create applications using Javascript and the Web Audio API and then have said applications still retain their audio functionality after they are turned into stand alone desktop/mobile applications. I have not started using Adobe AIR yet so I am not acquainted with the software.
I don't think AIR's runtime includes Web Audio support; it may on iOS, if the user has iOS6 installed; won't have it on Android right now, and doubtful they keep it synced with current Chromium on desktop.

Capability based security in Windows 8/Windows Server 2012

I want to evaluate the new sandboxing mechanism in Windows 8/Windows Server 2012. I searched MSDN site for any resources but the documentation is extremely scarce. In comparison with FreeBSD Capsicum documentation, the one provided by Microsoft is just unusable.
How are we supposed to build robust sandboxed apps? Are the sandboxing APIs intended for metro style apps only?
I'm not sure what you mean by "sandboxing APIs". All "metro" (Windows 8 UI Applications) are sandboxed. I'm not aware of any way to sandbox desktop applications in the same way. See here.
Metro apps are pretty tightly sandboxed, and apps submitted to the
Windows Store need to declare many types of capabilities that they use
— not unlike Google Play's permissions list.
. . .
Windows 8 features a specific SDK for Metro style apps . . .
A quick explanation of capabilities: There are certain potentially sensitive things that you can do on a user's machine, such as access the Pictures library or use the webcam. If an app wants to do these things, the developer must declare a capability in the app's manifest. Then, when users download the app from the Windows Store, they can clearly see if the app is using any of this functionality. More info and a list of all of the capabilities is provided at App capability declarations.
Regarding sandboxing, there is some information at http://msdn.microsoft.com/en-us/library/ie/hh673561(v=vs.85).aspx. Yes, Metro-style apps are sandboxed in a way that desktop apps are not.
There is a whitepaper discussing security in Windows Store apps built with HTML5 at Secure development of Metro style apps with HTML5. There are also some common security scenarios documented.