Re: [backstage] iPlayer download client for the Mac
You've spelt belam as belham again. Maybe you keep thinking of that lovely bit of south london. But that was balham or the band balaam and the angel. Jem On 2/6/08 13:47, Nick Reynolds-FMT [EMAIL PROTECTED] wrote: LOL It didn't say we want secure DRM but not TOO secure either -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Sent: 30 May 2008 16:42 To: backstage@lists.bbc.co.uk Subject: Re: [backstage] iPlayer download client for the Mac Ryan Morrison wrote: You say Didn't the Trust tell the BBC to produce download clients for other platforms as soon as possible? But didn't the Trust also set the conditions for DRM? It doesn't say how secure the DRM has to be. And security wise it doesn't really need to be secure at all. After all the Beeb are blasting the programs out of transmitters, in digital form, at higher quality. Security is defined by weakest link. So as long as you make some small effort you're fine, you can't lower the security any more than it is now because their is none. The BBC keeps saying we need someone to write DRM for us, stop being such a bunch of lazy people and do it yourself. Helpfully the BBC pre-knows all the restrictions they want (so no need to actually encode the rights data ;)). A *very* simple method: 1. Assign client software a key or set of keys (symmetric or asymmetric doesn't really matter) 2. Take MP4* file prepend the files broadcast date(s). 3. Chose random symmetric encryption key 4. Cypher that data 5. Prepend a copy of the symmetric key encrypted with each client encryption key 6. Client decrypts with it's key and checks the broadcast date, if it's over 7 days old it refuses to play. 7. Job done, go to nearest pub (additionally actually test the software ;)) C = E_c1(k),E_c2(k),...,E_cN(k),E_k(T,P) Where C_x donates encryption under key x. c1,c2 to cN represents client keys 1 2 and N (repeat as needed) k is the item (or episode key) P is the item (or episode) T is the broadcast timestamp Decryption is left as an exercise for the reader^. As long as you don't use a Stream cypher the user will need to know the items key to tamper with the broadcast date, and if they have that key they can decrypt anyway! Might want to use some more complex method for encoding rights data. Weakness is the client key or item key could be compromised, but all DRM schemes have this weakness. It's stronger than plaintext so no less secure the Digital TV. Could probably code that in a few days (provided you have some kind of cryptography library available) * or any other format. ^ if you really can't work out how to do it then ask, but you really should have at least one person capable of understanding this The point here isn't so much that someone has made a download client but has made a download client that allows for the download of DRM free iPlayer files - which is against the terms the BBC have agreed for the iPlayer (I think that's right). The point is the BBC could have added a very simple DRM scheme and have done the same thing. Whether you agree with that or not - it is simple fact. Haven't seen the rights that the BBC have agreed. But if it says Windows DRM Only I would strongly suspect that the agreement may be illegal, particularly given EU vs Microsoft's ruling about tying. Would the BBC care to show us all this alleged document that is tying their hands? And Jem isn't trying to censor the internet - just asking that you talk about 'getting around the DRM on iPlayer files' somewhere that isn't run by the BBC. Trying to restrict discussion of certain topics isn't censorship? What precisely do you call it then? Andy - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
RE: [backstage] iPlayer download client for the Mac
Sorry - but should you be doing this via the backstage list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jem Stone Sent: 02 June 2008 14:07 To: backstage@lists.bbc.co.uk Subject: Re: [backstage] iPlayer download client for the Mac You've spelt belam as belham again. Maybe you keep thinking of that lovely bit of south london. But that was balham or the band balaam and the angel. Jem On 2/6/08 13:47, Nick Reynolds-FMT [EMAIL PROTECTED] wrote: LOL It didn't say we want secure DRM but not TOO secure either -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Sent: 30 May 2008 16:42 To: backstage@lists.bbc.co.uk Subject: Re: [backstage] iPlayer download client for the Mac Ryan Morrison wrote: You say Didn't the Trust tell the BBC to produce download clients for other platforms as soon as possible? But didn't the Trust also set the conditions for DRM? It doesn't say how secure the DRM has to be. And security wise it doesn't really need to be secure at all. After all the Beeb are blasting the programs out of transmitters, in digital form, at higher quality. Security is defined by weakest link. So as long as you make some small effort you're fine, you can't lower the security any more than it is now because their is none. The BBC keeps saying we need someone to write DRM for us, stop being such a bunch of lazy people and do it yourself. Helpfully the BBC pre-knows all the restrictions they want (so no need to actually encode the rights data ;)). A *very* simple method: 1. Assign client software a key or set of keys (symmetric or asymmetric doesn't really matter) 2. Take MP4* file prepend the files broadcast date(s). 3. Chose random symmetric encryption key 4. Cypher that data 5. Prepend a copy of the symmetric key encrypted with each client encryption key 6. Client decrypts with it's key and checks the broadcast date, if it's over 7 days old it refuses to play. 7. Job done, go to nearest pub (additionally actually test the software ;)) C = E_c1(k),E_c2(k),...,E_cN(k),E_k(T,P) Where C_x donates encryption under key x. c1,c2 to cN represents client keys 1 2 and N (repeat as needed) k is the item (or episode key) P is the item (or episode) T is the broadcast timestamp Decryption is left as an exercise for the reader^. As long as you don't use a Stream cypher the user will need to know the items key to tamper with the broadcast date, and if they have that key they can decrypt anyway! Might want to use some more complex method for encoding rights data. Weakness is the client key or item key could be compromised, but all DRM schemes have this weakness. It's stronger than plaintext so no less secure the Digital TV. Could probably code that in a few days (provided you have some kind of cryptography library available) * or any other format. ^ if you really can't work out how to do it then ask, but you really should have at least one person capable of understanding this The point here isn't so much that someone has made a download client but has made a download client that allows for the download of DRM free iPlayer files - which is against the terms the BBC have agreed for the iPlayer (I think that's right). The point is the BBC could have added a very simple DRM scheme and have done the same thing. Whether you agree with that or not - it is simple fact. Haven't seen the rights that the BBC have agreed. But if it says Windows DRM Only I would strongly suspect that the agreement may be illegal, particularly given EU vs Microsoft's ruling about tying. Would the BBC care to show us all this alleged document that is tying their hands? And Jem isn't trying to censor the internet - just asking that you talk about 'getting around the DRM on iPlayer files' somewhere that isn't run by the BBC. Trying to restrict discussion of certain topics isn't censorship? What precisely do you call it then? Andy - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive:
Re: [backstage] iPlayer download client for the Mac
These people that press reply all. Idiots. All of them. ;) Sorry to Nick for exposing my missive to him to the general public. Sorry to Martin for discussing his surname to the general public. And for the record . I flipping hated Balaam and the Angel. Poppy goth rubbish. Jem On 2/6/08 14:19, Nick Reynolds-FMT [EMAIL PROTECTED] wrote: Sorry - but should you be doing this via the backstage list -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jem Stone Sent: 02 June 2008 14:07 To: backstage@lists.bbc.co.uk Subject: Re: [backstage] iPlayer download client for the Mac You've spelt belam as belham again. Maybe you keep thinking of that lovely bit of south london. But that was balham or the band balaam and the angel. Jem On 2/6/08 13:47, Nick Reynolds-FMT [EMAIL PROTECTED] wrote: LOL It didn't say we want secure DRM but not TOO secure either -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Sent: 30 May 2008 16:42 To: backstage@lists.bbc.co.uk Subject: Re: [backstage] iPlayer download client for the Mac Ryan Morrison wrote: You say Didn't the Trust tell the BBC to produce download clients for other platforms as soon as possible? But didn't the Trust also set the conditions for DRM? It doesn't say how secure the DRM has to be. And security wise it doesn't really need to be secure at all. After all the Beeb are blasting the programs out of transmitters, in digital form, at higher quality. Security is defined by weakest link. So as long as you make some small effort you're fine, you can't lower the security any more than it is now because their is none. The BBC keeps saying we need someone to write DRM for us, stop being such a bunch of lazy people and do it yourself. Helpfully the BBC pre-knows all the restrictions they want (so no need to actually encode the rights data ;)). A *very* simple method: 1. Assign client software a key or set of keys (symmetric or asymmetric doesn't really matter) 2. Take MP4* file prepend the files broadcast date(s). 3. Chose random symmetric encryption key 4. Cypher that data 5. Prepend a copy of the symmetric key encrypted with each client encryption key 6. Client decrypts with it's key and checks the broadcast date, if it's over 7 days old it refuses to play. 7. Job done, go to nearest pub (additionally actually test the software ;)) C = E_c1(k),E_c2(k),...,E_cN(k),E_k(T,P) Where C_x donates encryption under key x. c1,c2 to cN represents client keys 1 2 and N (repeat as needed) k is the item (or episode key) P is the item (or episode) T is the broadcast timestamp Decryption is left as an exercise for the reader^. As long as you don't use a Stream cypher the user will need to know the items key to tamper with the broadcast date, and if they have that key they can decrypt anyway! Might want to use some more complex method for encoding rights data. Weakness is the client key or item key could be compromised, but all DRM schemes have this weakness. It's stronger than plaintext so no less secure the Digital TV. Could probably code that in a few days (provided you have some kind of cryptography library available) * or any other format. ^ if you really can't work out how to do it then ask, but you really should have at least one person capable of understanding this The point here isn't so much that someone has made a download client but has made a download client that allows for the download of DRM free iPlayer files - which is against the terms the BBC have agreed for the iPlayer (I think that's right). The point is the BBC could have added a very simple DRM scheme and have done the same thing. Whether you agree with that or not - it is simple fact. Haven't seen the rights that the BBC have agreed. But if it says Windows DRM Only I would strongly suspect that the agreement may be illegal, particularly given EU vs Microsoft's ruling about tying. Would the BBC care to show us all this alleged document that is tying their hands? And Jem isn't trying to censor the internet - just asking that you talk about 'getting around the DRM on iPlayer files' somewhere that isn't run by the BBC. Trying to restrict discussion of certain topics isn't censorship? What precisely do you call it then? Andy - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit
Re: [backstage] iPlayer download client for the Mac
2008/6/2 Jem Stone [EMAIL PROTECTED]: These people that press reply all. Idiots. All of them. ;) Sorry to Nick for exposing my missive to him to the general public. Sorry to Martin for discussing his surname to the general public. And for the record . I flipping hated Balaam and the Angel. Poppy goth rubbish. http://www.balaamandtheangel.com/ no!! Brian Butterworth http://www.ukfree.tv - independent digital television and switchover advice, since 2002
Re: [backstage] BBC website review: Site failing to act as 'trusted guide
Martin, 2008/6/2 Martin Belam [EMAIL PROTECTED]: One thing I find delnaive/del interesting here is (and I could be wrong because I haven't waded through all of the reports) is that they don't seem to have a benchmark of what other similar sites might expect their figures to be for internal search use versus external search use. I've read though the whole document now (I got stuck on a train the other day) and I have to say that the whole thing seems just a little bit 'out of date' as a general idea. I can't for the lift of me understand why the BBC would want to run a search engine in the first place. Search engines are used to get those all important queries that you can run adverts against. Given that the bbc.co.uk site doesn't have adverts that seems a bit of a waste of time. I could see the BBC having a special search engine for, say, children. That would make sense. But you could do this using a customzied Google search and not have it cost a penny. Another way the BBC could do it, perhaps, would be to support a public domain search engine project. Perhaps. IMHO the internal search engine is not that brilliant. It is of no use whatsoever for finding breaking news and all those other things that I tend to use Google for. I would be happy to expand if required. The concern that the Trust seems to have is that BBC Search isn't keeping up with Google, Live Search etc. Nor do they seem to have given any indication of what they think the 'right' balance would be, or whether they think other sites might also experiencing a drop-off in site search usage The trend appears to be downwards (just) and for Google, Live Search etc is it up. That's as sophisticated as it gets. m - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/ -- Please email me back if you need any more help. Brian Butterworth http://www.ukfree.tv - independent digital television and switchover advice, since 2002
Re: [backstage] iPlayer download client for the Mac
Jeremy Stone wrote: Can we have this discussion somewhere else ? This makes life harder for the iPlayer team who will have to look again at what they're doing. this makes life harder for the backstage team who want this list to carry on as unmoderated. We know this stuff is going but discussion and links to it on a bbc hosted list is a no-no as we've pointed out before. I'm sorry to have to agree with Andy (Stude) here, however it seems to me that Andy (Halsall)'s post to the mailing list [1] back in March is as relevant now as it was then. The immediate question that, I would like to ask $[spokesman|admin|person] is, in reference to [1], Why? I appreciate the desire to make things as easy as possible for the poor techies in the middle however, I'm not sure that this is being best solved by *not* asking the difficult questions. As I said before, I am really sorry pushing a sensitive topic however as I have stated, I don't think the importance of it can be understated. [1] http://www.mail-archive.com/backstage@lists.bbc.co.uk/msg07774.html -- www.tdobson.net If each of us have one object, and we exchange them, then each of us still has one object. If each of us have one idea, and we exchange them, then each of us now has two ideas. - George Bernard Shaw - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/