Recherche avancée

Sur d’autres sites (7113)

• The new GDPR data protection regulation and potential consequences on Piwik

  7 septembre 2017, par Piwik Core Team — About, Privacy

  GDPR is a new data protection related regulation in Europe. GDPR stands for General Data Protection Regulation.

  The purpose of this European regulation is to strengthen and unify data protection for all individuals within the European Union. This also includes entities outside Europe willing to do business with European citizens. GDPR is a set of processes you need to follow within your organization to protect the privacy of European citizens.

  GDPR will start to apply in May 2018. It is recognized to be dissuasive because of the potential penalty of up to 4% of the yearly turnover, in case of infringement.

  Many articles have been written about GDPR including our previous article. Few of them are explaining how it will affect web analytics vendors : this is what this article is about.

  Am I really impacted by GDPR if I am a Piwik user ?

  As Piwik can collect personal data, the answer is yes. Piwik analytics data is impacted by the GDPR.

  As GDPR is a general concept, we decided from the official guidelines to assume what will be the potential consequences on the use of Piwik.

  There are 2 potential scenarios we can identify :

  • 1 – You are collecting personal data with Piwik
  • 2 – You are not collecting personal data with Piwik

  1 – Personal data collection with Piwik

  According to GDPR : IP addresses, cookies, UserID are personal data.

  IP addresses are personal data, so you will have to anonymize them unless you receive explicit consent from the visitor. Please view the following article in order to learn : how can I anonymize IP addresses in Piwik ?

  According to GDPR, cookies are personal data too. But as all cookies are not created equal it may be possible that some need to require user consent whereas other not. Whatever will be the final decision, you can learn about the first-party cookies created by Piwik and how to disable all tracking cookies in Piwik ?

  User ID, you are impacted if the User ID you assign is specific to an individual or if you can cross the User ID data further and find back the individual personal data.

  Any extra personal data you may collect with Piwik, it could be for example : first names, family names, e-mail address… You are able to collect such data using custom dimensions, custom variables…

  What are the rules I have to comply with ?

  By collecting personal data, you will have to respect EU citizens rights, which include :

  • The possibility for them to view the data you collected on them
  • The possibility to rectify some data concerning them
  • The possibility to delete their data when they request about it

  As you can imagine, for the first obligation, you will have to export all the data. So if a user is requesting it, you will have to export the data linked to his IP address(es). It can be easily exported as a .csv file for example.
  In order to do that, just create a segment according to the IP address of the user who requested it and then export the “Visitor log” report.
  If the personal data is not linked with the IP address but other attributes such as User ID or a custom dimension, you can provide the same data export by using the segment function and filtering on the personal data field.

  The data edit and deletion process on Piwik is a bit trickier as it currently requires administration system skills. We are planning to develop a new plugin for GDPR compliance (which will be available for free on the Marketplace). This plugin will let you edit and easily delete data of a particular user. Currently you can delete a specific user’s data by accessing the Piwik database and directly delete the different records for this specific user.

  2 – You are not collecting personal data with Piwik

  Unfortunately it is not because you do not collect personal data that you will not be affected by GDPR.
  The details of GDPR are not confirmed yet and GDPR could involve enabling the DoNotTrack setting by default on all browsers.
  Yes, you read it well, by default, unless the internet user uncheck this option, Piwik respecting DoNoTrack would not be able to track any user. If one needed to collect data anyway, Piwik Log Analytics and server-side tracking can be considered.

  If you need help regarding how to set up your Piwik installation in order to be GDPR compliant :

  Contact us

  Do you have a Piwik experience you would like to share with the community ? Please share it with us by contacting Piwik core team.

• Google’s YouTube Uses FFmpeg

  9 février 2011, par Multimedia Mike — General

  Controversy arose last week when Google accused Microsoft of stealing search engine results for their Bing search engine. It was a pretty novel sting operation and Google did a good job of visually illustrating their side of the story on their official blog.

  This reminds me of the fact that Google’s YouTube video hosting site uses FFmpeg for converting videos. Not that this is in the same league as the search engine shenanigans (it’s perfectly legit to use FFmpeg in this capacity, but to my knowledge, Google/YouTube has never confirmed FFmpeg usage), but I thought I would revisit this item and illustrate it with screenshots. This is not new information— I first empirically tested this fact 4 years ago. However, a lot of people wonder how exactly I can identify FFmpeg on the backend when I claim that I’ve written code that helps power YouTube.

  Short Answer
  How do I know YouTube uses FFmpeg to convert multimedia ? Because :

  1. FFmpeg can decode a number of impossibly obscure multimedia formats using code I wrote
  2. YouTube can transcode many of the same formats
  3. I screwed up when I wrote the code to support some of these weird formats
  4. My mistakes are still present when YouTube transcodes certain fringe formats

  Longer Answer (With Pictures !)
  Let’s take a video format named RoQ, developed by noted game designer Graeme Devine. Originated for use in the FMV-heavy game The 11th Hour, the format eventually found its way into the Quake 3 engine as well as many games derived from the same technology.

  Dr. Tim Ferguson reverse engineered the format (though it would later be open sourced along with the rest of the Q3 engine). I wrote a RoQ playback system for FFmpeg, and I messed up in doing so. I believe my coding error helps demonstrate the case I’m trying to make here.

  Observe what happened when I pushed the jk02.roq sample through YouTube in my original experiment 4 years ago :

  
  
  

  Do you see how the canyon walls bleed into the sky ? That’s not supposed to happen. FFmpeg doesn’t do that anymore but I was able to go back into the source code history to find when it did do that :

  
  
  

  Academic Answer
  FFmpeg fixed this bug in June of 2007 (thanks to Eric Lasota). The problem had to do with premature colorspace conversion in my original decoder.

  Leftovers
  I tried uploading the video again to see if the problem persists in YouTube’s transcoder. First bit of trivia : YouTube detects when you have uploaded the same video twice and rejects the subsequent attempts. So I created a double concatenation of the video and uploaded it. The problem is gone, illustrating that the backend is actually using a newer version of FFmpeg. This surprises me for somewhat esoteric reasons.

  Here’s another interesting bit of trivia for those who don’t do a lot of YouTube uploading— YouTube reports format details when you upload a video :

  
  
  

  So, yep, RoQ format. And you can wager that this will prompt me to go back through the litany of unusual formats that FFmpeg supports to see how YouTube responds.

• How to contribute to open source, for companies

  18 octobre 2010, par Dark Shikari — development, open source, x264

  I have seen many nigh-incomprehensible attempts by companies to contribute to open source projects, including x264. Developers are often simply boggled, wondering why the companies seem incapable of proper communication. The companies assume the developers are being unreceptive, while the developers assume the companies are being incompetent, idiotic, or malicious. Most of this seems to boil down to a basic lack of understanding of how open source works, resulting in a wide variety of misunderstandings. Accordingly, this post will cover the dos and don’ts of corporate contribution to open source.

  Do : contact the project using their preferred medium of communication.

  Most open source projects use public methods of communication, such as mailing lists and IRC. It’s not the end of the world if you mistakenly make contact with the wrong people or via the wrong medium, but be prepared to switch to the correct one once informed ! You may not be experienced using whatever form of communication the project uses, but if you refuse to communicate through proper channels, they will likely not be as inclined to assist you. Larger open source projects are often much like companies in that they have different parts to their organization with different roles. Don’t assume that everyone is a major developer !

  If you don’t know what to do, a good bet is often to just ask someone.

  Don’t : contact only one person.

  Open source projects are a communal effort. Major contributions are looked over by multiple developers and are often discussed by the community as a whole. Yet many companies tend to contact only a single person in lieu of dealing with the project proper. This has many flaws : to begin with, it forces a single developer (who isn’t paid by you) to act as your liaison, adding yet another layer between what you want and the people you want to talk to. Contribution to open source projects should not be a game of telephone.

  Of course, there are exceptions to this : sometimes a single developer is in charge of the entirety of some particular aspect of a project that you intend to contribute to, in which case this might not be so bad.

  Do : make clear exactly what it is you are contributing.

  Are you contributing code ? Development resources ? Money ? API documentation ? Make it as clear as possible, from the start ! How developers react, which developers get involved, and their expectations will depend heavily on what they think you are providing. Make sure their expectations match reality. Great confusion can result when they do not.

  This also applies in the reverse — if there’s something you need from the project, such as support or assistance with development of your patch, make that explicitly clear.

  Don’t : code dump.

  Code does not have intrinsic value : it is only useful as part of a working, living project. Most projects react very negatively to large “dumps” of code without associated human resources. That is, they expect you to work with them to finalize the code until it is ready to be committed. Of course, it’s better to work with the project from the start : this avoids the situation of writing 50,000 lines of code independently and then finding that half of it needs to be rewritten. Or, worse, writing an enormous amount of code only to find it completely unnecessary.

  Of course, the reverse option — keeping such code to yourself — is often even more costly, as it forces you to maintain the code instead of the official developers.

  Do : ignore trolls.

  As mentioned above, many projects use public communication methods — which, of course, allow anyone to communicate, by nature of being public. Not everyone on a project’s IRC or mailing list is necessarily qualified to officially represent the project. It is not too uncommon for a prospective corporate contributor to be turned off by the uninviting words of someone who isn’t even involved in the project due to assuming that they were. Make sure you’re dealing with the right people before making conclusions.

  Don’t : disappear.

  If you are going to try to be involved in a project, you need to stay in contact. We’ve had all too many companies who simply disappear after the initial introduction. Some tell us that we’ll need an NDA, then never provide it or send status updates. You may know why you’re not in contact — political issues at the company, product launch crunches, a nice vacation to the Bahamas — but we don’t ! If you disappear, we will assume that you gave up.

  Above all, don’t assume that being at a large successful company makes you immune to these problems. If anything, these problems seem to be the most common at the largest companies. I didn’t name any names in this post, but practically every single one of these rules has been violated at some point by companies looking to contribute to x264. In the larger scale of open source, these problems happen constantly. Don’t fall into the same traps that many other companies have.

  If you’re an open source developer reading this post, remember it next time you see a company acting seemingly nonsensically in an attempt to contribute : it’s quite possible they just don’t know what to do. And just because they’re doing it wrong doesn’t mean that it isn’t your responsibility to try to help them do it right.