Profile

Cover photo
Justin Uberti
Works at Google
Attended University of Virginia
3,697 followers|750,536 views
AboutPostsPhotosYouTubeReviews

Stream

Justin Uberti

Shared publicly  - 
 
Great story on the history of AOL Instant Messenger, including interviews with a couple of the key folks who brought AIM to life. Defining quote from Eric Bosco, my old boss, on the tensions between the AIM (new) part of the company, and the AOL (old) part: "It was always AIM versus AOL. They hated us."

http://mashable.com/2014/04/15/aim-history/
In many ways, AOL Instant Messenger was right in line with the times, just at a company hanging on to a business model that would soon become obsolete.
5
1
Mickaël Rémond's profile photo
Add a comment...

Justin Uberti

Shared publicly  - 
 
Sunny Stockholm.
18
pamylao souvannasone's profile photoGustav Hållberg's profile photojabedali ansari's profile photo
3 comments
 
Nice… that you can't tell how bloody cold it's been :)
Add a comment...
 
Heartbleed's root cause: forgetting to sanity-check all size values in the protocol. Otherwise known as "Rule #1 of network programming".

See for yourself at https://github.com/openssl/openssl/commit/4817504d069b4c5082161b02a22116ad75f822b1#diff-38dc72994741420e2b6c5ee074941a45R1480
13
2
george oloo's profile photoMichael McDonnell's profile photoDave Cridland's profile photoJustin Uberti's profile photo
4 comments
 
The real bug is the failure of the stack to barf when the length is invalid.

The reason a standard fuzzer didn't catch this is because the heartbeat is encrypted. Any damage to the packet will be discarded by the TLS encryption layer.

This raises a pretty interesting point, namely that fuzzing must be done at multiple levels, i.e. both in the plaintext and encrypted domains.
Add a comment...

Justin Uberti

Shared publicly  - 
 
Why action games use UDP for their networking. Also applicable to WebRTC.

http://1024monkeys.wordpress.com/2014/04/01/game-servers-udp-vs-tcp/
19
5
george oloo's profile photoRandell Jesup's profile photo
Add a comment...

Justin Uberti

Shared publicly  - 
 
Mayday isn't the first "stealth" WebRTC app out there. Some other notable deployments:
http://www.onsip.com/blog/2013/05/01/are-facebook-voip-calls-on-android-using-webrtc
- http://bloggeek.me/vonage-webrtc-interview/

If you're curious whether a mobile app is using WebRTC, it's pretty easy to do with Wireshark. Set your PC up to share its Internet connection over Wifi, and then connect your device to the PC wifi. Run Wireshark on the PC wifi connection, and all will be revealed...
10
4
george oloo's profile photoRandell Jesup's profile photo
Add a comment...
Have him in circles
3,697 people
 
Stockholm at night.
9
pamylao souvannasone's profile photo
 
Beautiful
Add a comment...

Justin Uberti

Shared publicly  - 
 
Update on what's new in the latest versions of WebRTC.
 
An update from +Sam Dutton +Justin Uberti and +Serge Lachapelle from the Chrome WebRTC team. http://youtu.be/DvzDzIXoncg
22
1
Alexey Aylarov's profile photoRicardo De Lemos's profile photoRicardo Bastos's profile photoJustin Uberti's profile photo

Justin Uberti

Shared publicly  - 
 
Chrome and Chrome for Android are not affected by Heartbleed.
 
How does this affect webrtc? 
12
1
Patrik Purchart's profile photoLisa Larson-Kelley's profile photoShachar Zohar's profile photoJustin Uberti's profile photo
4 comments
 
Chrome-Firefox is OK too, since Firefox uses NSS instead of OpenSSL. Chrome either uses NSS or a version of SSL with heartbeats compiled out.
Add a comment...

Justin Uberti

Shared publicly  - 
5
Add a comment...

Justin Uberti

Shared publicly  - 
 
CloudShark version of the Amazon Mayday packet capture mentioned in my previous post. For some reason, CloudShark won't display the RTP packets as RTP, it simply labels them as UDP (and Decode As... doesn't work in the free version).

https://www.cloudshark.org/captures/3d38d2546518
4
1
george oloo's profile photo
Add a comment...
People
Have him in circles
3,697 people
Work
Occupation
Tech Lead, Google Real-time Communications
Employment
  • Google
    Tech Lead, 2006 - present
  • AOL
    Chief Architect, 1997 - 2006
  • IFusion Com
Basic Information
Gender
Male
Relationship
Married
Other names
juberti
Apps with Google+ Sign-in
Story
Tagline
Trained Professional
Bragging rights
Brief work history: Tech Lead for WebRTC, Google+ Hangouts, Gmail Call Phone, Google Video Chat, AOL Instant Messenger
Education
  • University of Virginia
    Mathematics, 1992 - 1995
They did a superb job fixing my iPad with a cracked screen. From unusable to good-as-new in a week. Price was very reasonable, and great customer service too - checked it over when I dropped it off, let me know what to expect, notified me when it was ready to pick up, super smooth transaction. I went to their Bellevue location, which is convenient but kind of tucked away in a nondescript office building.
Quality: ExcellentAppeal: Very goodService: Excellent
Public - a year ago
reviewed a year ago
1 review
Map
Map
Map