folks, my apologies for breaking the threading, i'm replying externally. replies to various snippets here:
juan writes: > I think Adobe does this only to publicly show to its clients/partners > that they do everything they can to protect their content. well then they fucked up royally this time, didn't they. if they'd kept their fucking mouths shut and made sure that their lawyers dicks stayed in their trousers, i wouldn't have been alerted to the existence of RTMPE, would not have mirrored it, would not have written up a spec, and would not have noticed that RTMPE is yet another failed obfuscation attempt which achieves absolutely none of the stated goals. there's a _really_ good reason why SSL is used, and why SSL certificates are used: it's to stop man-in-the-middle attacks. you, dumb-shits (yes, you, adobe-shits) - the use of Diffie-Hellmann on its own is WELL KNOWN to be vulnerable to man-in-the-middle attacks, and it requires some form of PKI infrastructure (such as SSL certificates) to stop that happening. if your fucking stupid employees had bothered to read up on the basics of cryptography, they would have known that. even i didn't know until two days ago that diffie-hellmann when used on its own suffers from MITM vulnerabilities, but reading the _very_ first web page i encountered (which is on rsa.com) told me all about it. secondly: the use of "magic constants" is NOT an "encryption key". if it's publicly available, and it's unchangeable, it's not a key, is it? it's a ... what is it? coonnstaaaant. cleever peeopllle. thirdly: the use of the SWF file hash and size as a "verification key" is incompatible with claims that this somehow magically stops people from being able to download content. wronnggggg. anyone who has the SWF file hash and size can, in fact, download the content, simply by knowing, well... the SWF file hash and size. they do _not_ have to actually execute the SWF file itself. so you are back to the "Trusted Client" issue. quoting http://en.wikipedia.org/Trusted_client : "Trusted client software is considered fundamentally insecure: once the security is broken by one user, the break is trivially copyable and available to others." hmm, that's an interestingly flawed statement, there, on wikipedia. the assumption is that anything that is running client-side can be made secure _at all_. but... leaving that aside... this latter is where adobe is in deep shit. their claims and the reality expose them to legal liability for having deceived their customers about the level of security (i.e. - there _is_ none). juan further writes: > Even though they knew in advance the code and keys will be mirrored > all over the internet in a matter of days, as it's has happened. it's clear that adobe has a team of "fuck-all-else-to-do" lawyers who should, really, be fired preferably out of a cannon at adobe's earliest inconvenience. they're not paid to think strategically. they're not paid to think in the best interests of adobe. they're paid to think of ways that they can utilise the law, regardless of consequences. so i think, juan, that you're giving adobe's shit-for-brains "oo look there's a project that implements what we like to call 'our shit' let's go bully them" legal team far more credit than they deserve. andru writes: > The silence from Adobe on this thread is deafening. i'm guessing that even without their management telling them what to do, they're probably going "ohfuk." actually, you'll probably find that quite a few of them are wishing they could take their lawyers and/or management outside and beat the crap out of them with baseball bats, and that quite a few more are killing themselves laughing. andru further writes a lot of questions: > What does this mean for Open Source Flash? business as usual. > Are we now forbidden from ever having full interoperability? no, because there is no basis for the DMCA takedown notice (imo) 1) given that there _is_ no security 2) given that the measures used are so basic that they will be _plenty_ of prior art 3) not least of all is the fact that there has not been an actual court-case. only a _judge_ has the right to FORBID you from implementing full interoperability, not a snotty illegal letter from adobe. > Will some sites be forever unusable by Open Source players? only if you cower before the god that is adobe, o great adobe, i quail at the mere thought of offending your shit-ridden name (tm). > Are other Open Source projects that implement RTMP in the cross hairs? if there are then they only have to write to help @ softwarefreedom . org and the team there will be instantly all over adobe. > The implications of this move are profound, not for us, they're not. the only profoundness is how profoundly stupid the move was, by adobe. > the people on this mailing > list are the ones most likely to be affected, and we desperately need > some clarification from those of you who work at Adobe. no you don't :) you don't need adobe holding your hand and telling you how to make innovative free software that will itself encourage adobe themselves to do better. > Every minute > that you stay silent, you are contributing to the fear that this move > has associated with using the Flash platform. it's not fear, it's anger. the backlash against the stupidity of illegally using a pointless law for bullying purposes leaves people going either, "how can we make these people irrelevant? oo, HTML5 has video streaming! great! let's make that better!" or going "fuck you, adobe, we're going to implement RTMPE despite your illegal use of a DMCA takedown notice". if you do that, as one free software project already successfully has in the past 36 hours, and another has made it clear to me that they intend to do so in the next few weeks, and Adobe decide to get stroppy, then eben moglen has already made it clear that the Software Freedom Law Centre will help out. pigeon writes: > http://pigeonsnest.co.uk/stuff/rtmp/ thank you - added to the list :) gil writes: > That baby picture is just the cutest.... thank you :) i wonder how she'll react when she's a teenager, "ooo were you that cuute baby in the adobe fiasco? aww, little daarliiing." i mean, it's enough when family does that - strangers too? mwahahah. l. _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
