Slashdot Mirror
Clean-Room RTMPE Spec Created From rtmpdump
lkcl writes "A clean-room RTMPE specification has been created using the source code of rtmpdump-v1.6 for guidance. Adobe recently issued a DMCA take-down notice against SourceForge, resulting in copies of rtmpdump hitting quite a few bittorrent sites worldwide."
Do what?
Unless rtmpdump was itself a clean room implementation, nothing based on it can be.
Quite.
good job for all those involved
I do not understand the immediate parent post.
IANAL, etc. but my distinct impression was that cleanrooming wouldn't(outside of curious edge cases) save you from the DMCA. For copyright claims, the more layers of cleanroom, the better; but the DMCA only cares if the code constitutes a circumvention device or not. It could be based on a cracked copy of some proprietary adobe tool, OSS based on network sniffing of the proprietary tool, written according to a spec based on the OSS implementation, or, for that matter, produced by the Oracle of Delphi based on instructions from Olympus.
If you're going to post an article about some obscure bullshit nobody's ever heard of, you could at least give people some hint at WTF you're talking about. "RTMPE" doesn't even show up on Wikipedia. God forbid you elaborate your terse, two sentence summary.
Rob Savoye (long time GNU developer) talks at FOSDEM 2009 about how he did the cleanroom reverse engineering of RTMP, on which rtmpdump is based.
Also he mentions about how wireshark includes an RTMP decoder based on his work.
http://www.fosdem.org/2009/interview/rob+savoye
Can't seem to find the link to the video of the actual talk, but it must be somewhere around there.
http://www.fosdem.org/2009/schedule/events/reverse_engineering
OK WTF is that all about and should I care?
Subbys, please don't assume everyone reading your article is as clued up as you and do try and add a little explanation to your text - especially if you use abbreviations.
Yeah, I could Google it, but that would be like needing an encyclopedia by your side just to read a newspaper.
Clearly, Slashdot editors are strategically shaved monkeys trained to click "accept" or "reject" in exchange for bananas.
Define obscure acronyms in the articles!
RTMP is the Real Time Messaging Protocol used by Adobe Flash
59KB is kind of absurdly small to justify a torrent, but what the hell, I'll seed it.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
The developer of the clean implementation does not see one byte of the original code, onnly the reversed specs. This is how the original IBM BIOS was cleaned, allowing the PC explosion.
What in the hell is this!? Ten links to d
We need people to nominate it on sourceforge
heres a handy dandy link(everyone who reads this should vote for it):
http://sourceforge.net/community/cca09/nominate/?project_name=rtmpdump&project_url=http://sourceforge.net/projects/rtmpdump/"
O.o
Adobe hasn't read 'How to win friends and Influence people'
My ism, it's full of beliefs.
Just as Prof. David Touretzky has his Gallery of DeCSS Descramblers, perhaps some other CS Prof would like to put up a website talking about the protocol?
I haven't looked at the code yet, but I'd assume that the bulk of it is considered acceptable by Adobe. So what small piece of it is the target of Adobe's DMCA takedown? Is it something that we can put on a T-shirt? :-)
coding is life
That's not what my mom told me a "clean room" meant.
I just went and nominated rtmpdump, and you, dear reader, should go nominate them, too!
I would find it deliciously amusing if we could get the /. editors to post this link as a new article, seeing as how /. shares corporate overlords with SourceForge.
coding is life
That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.
Unless other major developed countries have legislation substantially equivalent to 17 USC 1201, as MichaelSmith pointed out. France has DADVSI, for instance. The United States government has been pushing such legislation as part of "free trade" agreements with several countries. And even if the spec is reimplemented in a country with no DMCA-alike, it also matters once the implementation is imported into the United States.
***That's not what my mom told me a "clean room" meant.***
Maybe. Or maybe you never really understood what she was trying to tell you. Who's to know?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Here is some more detailed info on the RTMPdump DMCA takedown.
http://linuxcentre.net/rtmpdump-can-be-used-to-download-copyrighted-works-like-a-web-browser/
She just wants a clean basement.
Like providing a link to what it is where it says the word RTMPE, just in the old says of 1994 html. Where people did place more active links to blocks of text. Even a tooltip cannot hurt really. Or a moreinfo icon.
Who is lazy now? the author or the consumer?
But I forget, we dont expect much professionalism of design or human aesthetics here, it is a techy site, where like man pages can be written poorly.
Liberty freedom are no1, not dicks in suits.
Here's the DMCA takedown notice issued to the rtmpdump project:
http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=25159
Note that they are just claiming the ability to download copyrighted content as the reason for takedown (will we see a DMCA notice for IE and Firefox soon?). They might as easily use the same "reason" to issue notices to projects implementing this clean room specification.
The spec indeed uses [x:y] to mean bytes x through y,inclusive, unlike in Python, where the end is exclusive.
You think like a ReThuglican Jew
You're not correct. Clean room is legally carefully defined. It means reverse engineering a protocol or specification with no access to any outside information of any form. The germane importance of clean room is to prove that no tainted or protected information was used, as it clearly is in this case. Clean room requires an enormous amount of documentation which has not been produced here. This is not a clean room reimplementation by any stretch of the imagination.
You can get a clearer idea of the issues by reading about how Compaq defended itself against IBM when cloning the IBM PC BIOS, because it had carefully kept all documentation necessary to prove that its reimplementation was clean room, which is why IBM couldn't stop them from opening the PC clone market.
It's a far stronger statement than "no access to original code", which is effectively meaningless: you get caught ripping code off, you just write it again while looking at the ripoff? You do realize that'd entirely destroy every protection the GPL affords, don't you?
Clueless. Please don't pretend to yourself that you know what clean room means. Grandparent poster was correct. You are not.
StoneCypher is Full of BS
we needed another reason _not_ to use flash...?
And what about open rich web media initiative..? OGG+Vorbis is relatively successful in its own market.
By the way, Microsoft is surprisingly 'open' with Silverlight technology and sponsors Moonlight project. This could make Adobe not to be such 'close'.
Clean room is a way to make sure that you don't have any copyrighted code in your project. This will prevent a programmer from 'inadvertently' including a copyrighted code sequence in his new implementation.
However, it does nothing to protect against patents on methods in the code. If the patented methods are reproduced in the new code, they will still have patent issues.
I don't read your sig. Why are you reading mine?
What? It's done all the damn time. BSD developers re-write GPL code (particularly drivers) for BSD on a regular basis. They don't even "clean room" the development process: the GPL does not require any such thing.
No it does not. It simply requires that I, as the implementer of the "clean" version, have never had access to the "tainted" codebase. I can quite easily take the RTMPE specification published here and write my own implementation. Provided I never look at the rtmpdump source, Adobe have absolutely no recourse against me.
If you disagree I'd love to hear what law or laws you believe I would have broken, and what legal options Adobe would have...
i've updated the RTMPE.txt document, after doing some analysis this morning. there are two aspects to it: one is an end-to-end secrecy algorithm that is similar to SSL; the other aspect links the size and a hash of the original SWF file (through which the content is supposed to be streamed) into the handshake process.
there are no passwords used. there is no security. there is no authentication.
conclusion: RTMPE is definitely not a copyright protection mechanism. all the information needed to obtain the content is publicly available.
For the record,
yet another mirror
well outside the reach of the DMCA and also of software patents in particular.
I, also, was confused. This is the issue, as I understand it after reading some of the links.
Copyright holders want to be able to paste something resembling their previous business model onto the internet. The urge is understandable, but it's not really a plausible goal--consider the hoops that had to be jumped to get books on the Kindle--so we see attempts to enforce the business model with laws rather than code.
More concretely, if you're just sending a regular old HTTP request to get some flash video, it's vulnerable to a trivial replay attack--just resend your request from your downloader. Adding cookies makes the replay attack only slightly less trivial. So, Adobe engineered their own (presumably obfuscated; I haven't looked) protocol, RTMP. It was reverse-engineered. Adobe then released an encrypted variant of RTMP, RTMPE.
RTMPE was, of course, reverse-engineered, but because it used cryptography, it's apparently covered under the DMCA, and so Adobe can sue people who explain how to get around it.
The fundamental problem is that data is being sent to an untrusted player on an uncontrolled host. Without something like Trusted Computing, it's impossible to completely prevent users from doing what they want with data that you send to them--which is why this is a DRM issue.
In short, it's the same DRM story. Companies try to use bound-to-fail technologies to prevent users from doing what they want with data on their own machines--usually, this means copying it--and when this inevitably fails, they start suing people. We're at the "suing people" stage.
Laws do not persuade just because they threaten. --Seneca
About two years ago we were trying to create an h264 streaming solution since flash had just implemented it. Things were going well encoding wise, but streaming h264 was a nightmare because the only protocol flash would let you stream it from was RTMP. And guess what, adobe wanted thousands for it's use (licensing was based on concurrent users IIRC).
I had a look at a few attempts to create RTMP servers but they were all in the alpha stage, and would mostly just get stuck in a loop. We even went so far as to start writing a h264 java implementation, before we gave up and did an mpeg4 one.
In the interests of open standards and preventing total domination of flash in streaming, I congratulate the RTMP developers. If you didn't know BBC's iplayer uses RTMP and as of recently (svn) xbmc has a plugin to play even it's h264 streams. IPlayer on the xbox, now thats cool.
Clean room is legally carefully defined.
[citation needed]
It's not as if copyright law explicitly makes exceptions for "clean room" procedures. It's something the judge decides on a case by case basis and is informed by precedent, and therefore is more like fair use -- which is hardly the most precise of definitions.
It means reverse engineering a protocol or specification with no access to any outside information of any form.
No. From Sony v Connectix, on appeal:
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Interesting. According to Wikipedia, rtmpdump included encryption keys taken from Adobe Flash, which unfortunately means Adobe most likely has a legitimate DMCA case against it and any other implementation that were to include a copy of the encryption keys. Clean rooming would be irrelevant if the actual encryption keys were included in any other project.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Clean rooming would be irrelevant if the actual encryption keys were included in any other project.
What if the software did not include the keys itself but provided an option to pull them from a known location on the internet (or maybe from torrents using a magnet link)?
I don't know, but if I were the one distributing the software I'd be afraid to include any links to the encryption keys.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
> DMCA only cares if the code constitutes a circumvention device or not.
A DMCA takedown notice, which is what Sourceforge received, is about copyright infringement. It is not about circumvention. Read the notice posted at ChillingEffects. Adobe has asserted that the RTMPE documents hosted at Sourceforge infringe its copyrights. If they are clean room implementations this cannot be true.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.