From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=irif.fr header.i=@irif.fr header.a=rsa-sha256 header.s=dkim-irif header.b=hxWdxTIl Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 185D2A67F60 for ; Sun, 5 May 2024 21:14:48 +0200 (CEST) Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 445JEmuN005094; Sun, 5 May 2024 21:14:48 +0200 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id C7DAD549CF; Sun, 5 May 2024 21:14:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:references :in-reply-to:subject:subject:from:from:message-id:date:date :received:received; s=dkim-irif; t=1714936485; x=1715800486; bh= 89GjMqdkDiRZ/oyyVsI7X7ekQaN171dLPZZ0tsrfb08=; b=hxWdxTIlsd8DDbkj wJ6yNKsRWwpLzKwEwOdoyGSm2saaTqGNf/FhVCmZzmbTZ5q0jX4HbfNmAYLDpzuV 9cthuZ2t0kLR2x1+v0cR9AA3tRz/ymk+Il5pcAUZeB5ADSMqXFkZGaqjIMFnLgbZ axOLIqubdEaX7Uu1z2Uwj30U64cBDtXa8Oau3nHwg9X1FhDB9YzgRGt3MqhVxkaI Fp4WelNqI/8aDEBNVEjSnnRsS9cciruFdN0GECVBuwV7DpqMUwgjusgp42VcOyKy ZhkwPDvr4aHqogTPkFqV8T2WvwEaNPOyn2fHJedDhiU4B/M7/zIT7nUt4oseK/7c gbK6VQ== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id gJVMIvVPcJXp; Sun, 5 May 2024 21:14:45 +0200 (CEST) Received: from pirx.irif.fr (82-64-141-196.subs.proxad.net [82.64.141.196]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 38843548DF; Sun, 5 May 2024 21:14:44 +0200 (CEST) Date: Sun, 05 May 2024 21:14:44 +0200 Message-ID: <87msp4dqaj.wl-jch@irif.fr> From: Juliusz Chroboczek To: Francis Bolduc In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.3 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sun, 05 May 2024 21:14:48 +0200 (CEST) X-Miltered: at korolev with ID 6637DAA8.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 6637DAA8.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 6637DAA8.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham Message-ID-Hash: MFQGREVZDM4SNG6Q4235ZEMMUGVV3UBE X-Message-ID-Hash: MFQGREVZDM4SNG6Q4235ZEMMUGVV3UBE X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.9 Precedence: list Subject: [Galene] Re: Blur background List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hello Francis, I'd really like to have background blur in Galene, but I don't see any good way to do it without impairing the user's privacy. > + > + > + > + > + That's problematic. One of the design criteria of Galene is that it preserves the user's privacy. These links imply that everytime somebody connects to any instance of Galene in the workld, the jsdelivr.net distribution network is informed of the fact. So either we bundle all the scripts in Galene, or this cannot go in. > async function start() { > + > + offscreen = new OffscreenCanvas(1920, 1080); > + > + segmenter = await bodySegmentation.createSegmenter( > + bodySegmentation.SupportedModels.MediaPipeSelfieSegmentation, > + { > + runtime: 'mediapipe', > + solutionPath: > 'https://cdn.jsdelivr.net/npm/@mediapipe/selfie_segmentation', > + modelType: 'general' > + } > + ); This should be done lazily, in the filter, not at startup. > + w.Header().Set("Access-Control-Allow-Origin", "*") > + w.Header().Set("Access-Control-Allow-Methods", "GET") > + w.Header().Set("Access-Control-Allow-Headers", "Content-Type") That's a potential security hole, since it makes Galene vulnerable to cross-origin scripting attacks. What we do in Galene is to only set these headers conditionally, in places that are known to be safe. See for example https://github.com/jech/galene/blob/master/webserver/whip.go#L178 -- Juliusz