[Swfdec] [Gnash-dev] client command-line or library for streaming audio and video - does it exist?

Luke Kenneth Casson Leighton lkcl at lkcl.net
Sun May 24 04:58:50 PDT 2009 

On Sun, May 24, 2009 at 1:22 AM, Eben Moglen <moglen at softwarefreedom.org> wrote:
> On Saturday, 23 May 2009, Luke Kenneth Casson Leighton wrote:
>
>   it's the RTMPE encryption that they're after.
>
>   perhaps eben moglen might be able to assist. moglen at softwarefreedom.org
>
> Thank you for the suggestion, Luke.  The Software Freedom Law Center
> provides free legal assistance to non-profit makers and distributors
> of FOSS.  If any current SFLC client, or any individual developer or
> non-profit community member receives a DMCA takedown notice or other
> legal communication from Adobe or others concerning this matter, we'd
> be happy to help.  Write help at softwarefreedom.org and mention this
> correspondence, or write me directly if you prefer.  In the meantime,
> though we should be alert, let's avoid jumping to conclusions.
>
> --
>  Eben Moglen                            v: 212-461-1901
>  Professor of Law, Columbia Law School  f: 212-580-0898       moglen@
>  Founding Director, Software Freedom Law Center            columbia.edu
>  1995 Broadway (68th Street), fl #17, NYC 10023        softwarefreedom.org

 eben, thank you.  i've alerted the author of rtmpdump, as, according to this:

http://linuxcentre.net/rtmpdump-can-be-used-to-download-copyrighted-works-like-a-web-browser/
http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=25159

it looks like sourceforge caved in and gave adobe his contact details.

a quick analysis of the algorithm show it to be nothing more advanced
than what SSL does.  there is no input from passwords.  the
verification process takes the size and a hash of the SWF file (which
is being executed in the browser) as inputs, and mashes it with
information that is pubicly exchanged.

there is no security.

there is only end-to-end secrecy (just like SSL).

anyone who know the algorithm and can download the swf file can
therefore obtain the content.  given that swf files are published on
web sites this all seems pretty dumb.

it's certainly not a "protection" mechanism.  it's more of a
"verification" procedure.  "have you now or at any time downloaded the
swf file? was that a mathematically-irrefutable yes?  okaay you can
have the content then".

make of that what you will, but i'd say that it's definitely not a
copyright protection mechanism.  all the information needed to obtain
the content is publicly available.

l.

More information about the Swfdec mailing list