Older blog entries for lkcl (starting at number 602)

Summary since Adobe's DMCA takedown notice against Sourceforge

  • analysis of the RTMPE specification shows it to be vulnerable to man-in-the-middle attacks, and to be nothing more than an obfuscation attempt using no passwords and no secure encryption keys of _any_ kind. Diffie-Hellman is utilised, but in a way that is subject to standard man-in-the-middle attacks; what Adobe calls "encryption" keys are nothing more than publicly-available "magic constants".

  • the developer of rtmpy.com has requested removal of his projects, which includes crtmpserver, from sourceforge, in protest at sourceforge's compliance with the illegal use of a DMCA take-down notice.
  • the same developer has successfully implemented RTMPE in crtmpserver.
  • the developers of rtmpy have indicated their intent to implement RTMPE in python.
  • eben moglen, of the software freedom law centre, has written to emphasise that the software freedom law centre is always available to help any free software developers who are attacked by large corporations.
  • dave touretzky, the professor who created the DeCSS gallery, has provided a mirror of the RTMPE specification on his web site.

so the shit is truly hitting the fan, for adobe.

whoopsie, guys. if you had left rtmpdump alone, i would never have seen the slashdot article. if i hadn't seen the slashdot article, i would never have mirrored rtmpdump. if i'd never mirrored rtmpdump, i would never have looked it it. i i had never looked at it, i would never have gone, "this is shit. i must write a spec, immediately". if i'd never written a spec, two teams of free software projects would never have implemented RTMPE.

how's that for not achieving the desired results? why don't you fire your shit-for-brains lawyers: they're only looking for ways to make money out of you, and are alienating the very people who could help you extend the reach, security and acceptability of your products and the protocols that you've designed: us free software developers.

until you get with the picture, though: FUCK you, adobe.

Analysis of RTMPE

RTMPE is definitely not a "Copyright Protection" mechanism.

An analysis of RTMPE (see "Analysis" section) shows that RTMPE does nothing more than what SSL already does (provide end-to-end secrecy) and simply mathematically links a publicly-downloadable and publicly-obtainable SWF file to the connection.

Bottom line: All the information required to obtain the content is publicly available. There is no "security".

If the information isn't publicly available (such as the SWF file to be executed in the web browser) then the content cannot be obtained, either.

Unfortunately, this leaves Adobe in the shit, if they've been claiming that SWF verification is somehow "secure". Anyone reading this who has bought into Adobe Technology on the basis of "security" or "protection" is advised to initiate legal action against Adobe, seeking compensation and damages for deceiving them about the level of "protection" of their Copyright material.

From Adobe's Web Site:

'(swf verification) ensures that only your SWF or AIR files can connect to your application or content on Flash Media Server'.

This is false. The correct interpretation is:

"if anyone can obtain the publicly-available SWF or AIR file (or a hash of it, and knows the SWF or AIR file's size) they can also connect to your application or content".

grep RTMPE.txt /var/log/apache2/lkcl.net/access.log | wc
   1012   23419  228797

ahh, now i can sleep better tonight.

hw6915 suspend/resume - might be fixed...

arg arg arg a post by paul psokolovsky on kernel-discuss@handhelds.org describes a horror-story debugging session in suspend/resume, where, it turned out, he hadn't converted _one_ device driver for the h4000 from a legacy struct device to the more up-to-date struct platform_device.

apparently you can't mix-and-match both in your hardware: you have to all struct device or all platform_device.

read more

Syndicated 2006-12-22 02:10:37 from lkcl's blog

quick, quick, slow...

argh.

things were going _so_ well on the htc sable (ipaq hw6915) and then i ran into suspend/resume hell for over a week, went to holland for another week, and i think i left the charger there, so i can't carry on until i find it.

in the mean-time, i've been playing with other devices: sound on the blueangel, which is hell, and the s3c2442-based htc hermes, which is hell. all in all, i don't feel like i've actually achieved anything, for over two weeks. and it's pissing me off.

read more

Syndicated 2006-12-19 03:39:43 from lkcl's blog

old kernels, reverse-engineering, new kernels...

the key rule to reverse-engineering is to only have one thing to change at any one time in order to find out its effect. or to have the minimum number of things.

at the moment, i have a particularly difficult task with the blueangel: the sound infrastructure for soc devices is undergoing a rewrite, and unfortunately it was never entirely completed for the blueangel back for 2.6.12.

however, if sound was played from wince at the time that haret booted into linux, sound _did_ at least work. so there was a 'known' state to test things.

read more

Syndicated 2006-12-12 02:28:58 from lkcl's blog

first post!

hooray! i discovered today that at some point over three years ago i must
have registered on kerneltrap. so i've decided to create a diary here for
os-related stuff, and syndicate it over on advogato.org. note to self: must ask steven if he can put more than _one_ syndication site link into advogato profile pages.

Syndicated 2006-12-10 13:52:47 from lkcl's blog

RTMPE

wheeee, whoopeeee, a RTMPE specification, written up in a few hours, from rtmpdump v1.6. slashdot submission got accepted - oh dear, well, luckily i'm leasing a decent server - let's see if it stays up for 24hrs...

Adobe's RTMP DMCA Stupidity

it suddenly occurred to me that the list of free software projects which implement RTMP includes red5, which is what facebook use for video, and gnash, which is both an FSF _and_ a Gnu high-priority project.

it seems to me that adobe have just landed themselves in deep shit. taking on yourselves (facebook), _and_ rubbing the GNU project up the wrong way _and_ taking on the FSF _and_ threatening sourceforge _and_ taking on a small, one-man free software project like rtmpdump...

that doesn't sound very smart to me.

22 May 2009 (updated 22 May 2009 at 19:04 UTC) »
RTMP

rtmpdump has had a take-down notice issued under the DMCA by adobe, against sourceforge.net, and sourceforge folded. i am deeply unimpressed.

so deeply unimpressed that i tracked down rtmpdump 1.6 and am making a copy available on my site, here. There is also a torrent available.

Adobe - go fuck yourselves.

593 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!