Clean-Room RTMPE Spec Created From rtmpdump 115
lkcl writes "A clean-room RTMPE specification has been created using the source code of rtmpdump-v1.6 for guidance. Adobe recently issued a DMCA take-down notice against SourceForge, resulting in copies of rtmpdump hitting quite a few bittorrent sites worldwide."
Re:The OP doesn't know what "clean room" means (Score:5, Informative)
Quite.
Re:Someone doesn't know what "clean room" means (Score:5, Informative)
Well, one thing is clean-room IMPLEMENTATION. A very different thing is clean room SPECIFICATION (whatever that's supposed to mean).
The article clearly states that this one's a spec.
Re:Someone doesn't know what "clean room" means (Score:2, Informative)
Indeed "Someone" doesn't know what "clean room" means. That "Someone" is you.
p.s. I commented because I don't have mod points for the other comment (http://tech.slashdot.org/comments.pl?sid=1243387&cid=28070177) which seems to have been downmodded.
Mods: How difficult would it have been to look up wikipedia (http://en.wikipedia.org/wiki/Clean_room_design) before downmodding the guy ?
FOSDEM talk about the reverse engineering work (Score:3, Informative)
Rob Savoye (long time GNU developer) talks at FOSDEM 2009 about how he did the cleanroom reverse engineering of RTMP, on which rtmpdump is based.
Also he mentions about how wireshark includes an RTMP decoder based on his work.
http://www.fosdem.org/2009/interview/rob+savoye
Can't seem to find the link to the video of the actual talk, but it must be somewhere around there.
http://www.fosdem.org/2009/schedule/events/reverse_engineering
RTMPE? WTF! (Score:2, Informative)
OK WTF is that all about and should I care?
Subbys, please don't assume everyone reading your article is as clued up as you and do try and add a little explanation to your text - especially if you use abbreviations.
Yeah, I could Google it, but that would be like needing an encyclopedia by your side just to read a newspaper.
Re:FOSDEM talk about the reverse engineering work (Score:4, Informative)
Can't seem to find the link to the video of the actual talk, but it must be somewhere around there.
The FOSDEM site doesn't seem to have links to the 2009 videos on their main page, but at least they don't have index files in the appropriate directories on their web server, allowing us to dig it up.
Reverse Engineering of Proprietary Network Protocols, Tools, and Techniques:
Ogg Theora (239M) [belnet.be]
Xvid.avi (183M) [belnet.be]
Define acronyms in the article! (Score:5, Informative)
Clearly, Slashdot editors are strategically shaved monkeys trained to click "accept" or "reject" in exchange for bananas.
Define obscure acronyms in the articles!
RTMP is the Real Time Messaging Protocol [wikipedia.org] used by Adobe Flash
Re:The OP doesn't know what "clean room" means (Score:5, Informative)
The developer of the clean implementation does not see one byte of the original code, onnly the reversed specs. This is how the original IBM BIOS was cleaned, allowing the PC explosion.
Re:RTMPE? WTF! (Score:5, Informative)
OK WTF is that all about...
RTMP is the Real Time Messaging Protocol that Adobe has developed for streaming stuff over the Internet.
Red5 [wikipedia.org] is a Free Software (LGPL) implementation of the RTMP.
Cygnal [gnashdev.org] is the Gnash project's [gnashdev.org] RTMP server (also Free Software).
Also see more docs on RTMP on the Gnash wiki [gnashdev.org], and RTMPE on this other wiki [multimedia.cx].
... and should I care?
Would you like to have control over the software that you run and use? Are you concerned about your software and/or hardware implementing things like the Broadcast Flag [wikipedia.org]? Do you believe in Free Software because it gives you control over your computer?
If you answered "yes" to any of those questions, then you probably should care, as what's going on right now is making it difficult or impossible for you to run Free Software (or even to pick software) to interact with the RTMP protocol -- a protocol that a given website might require you to use to interact with their media content.
Re:Why? (Score:3, Informative)
That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.
Unless they have their own DCMA. Trade agreements tend to make these things spread to other countries.
Re:Someone doesn't know what "clean room" means (Score:4, Informative)
Someone doesn't know what "clean room" means
Evidently, you don't. It's really quite simple: Party A looks at the rtmpdump source code and writes a document describing the protocol at the level necessary to create a compatible implementation. Party B looks at the document describing the protocol and creates an implementation of the protocol that contains no source code from rtmpdump. Party B now has a clean-room implementation of RTMPE.
Re:WTF is RTMPE? (Score:5, Informative)
Importation of the reimplementation (Score:4, Informative)
That is easy to deal with, just hand off the spec to a developer outside the USA. The DMCA does not matter anywhere else.
Unless other major developed countries have legislation substantially equivalent to 17 USC 1201, as MichaelSmith pointed out. France has DADVSI, for instance. The United States government has been pushing such legislation as part of "free trade" agreements with several countries. And even if the spec is reimplemented in a country with no DMCA-alike, it also matters once the implementation is imported into the United States.
more detailed info on the RTMPdump DMCA takedown (Score:3, Informative)
Here is some more detailed info on the RTMPdump DMCA takedown.
http://linuxcentre.net/rtmpdump-can-be-used-to-download-copyrighted-works-like-a-web-browser/ [linuxcentre.net]
Re:The OP doesn't know what "clean room" means (Score:4, Informative)
Here's the DMCA takedown notice issued to the rtmpdump project:
http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=25159 [chillingeffects.org]
Note that they are just claiming the ability to download copyrighted content as the reason for takedown (will we see a DMCA notice for IE and Firefox soon?). They might as easily use the same "reason" to issue notices to projects implementing this clean room specification.
Re:The OP doesn't know what "clean room" means (Score:4, Informative)
You're not correct. Clean room is legally carefully defined. It means reverse engineering a protocol or specification with no access to any outside information of any form. The germane importance of clean room is to prove that no tainted or protected information was used, as it clearly is in this case. Clean room requires an enormous amount of documentation which has not been produced here. This is not a clean room reimplementation by any stretch of the imagination.
You can get a clearer idea of the issues by reading about how Compaq defended itself against IBM when cloning the IBM PC BIOS, because it had carefully kept all documentation necessary to prove that its reimplementation was clean room, which is why IBM couldn't stop them from opening the PC clone market.
It's a far stronger statement than "no access to original code", which is effectively meaningless: you get caught ripping code off, you just write it again while looking at the ripoff? You do realize that'd entirely destroy every protection the GPL affords, don't you?
Clueless. Please don't pretend to yourself that you know what clean room means. Grandparent poster was correct. You are not.
Re:Why? (Score:3, Informative)
http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=25159 [chillingeffects.org]
It's a takedown. Technically, based on the letter itself, I think they abused this one.
Copyrights, not patents (Score:3, Informative)
Clean room is a way to make sure that you don't have any copyrighted code in your project. This will prevent a programmer from 'inadvertently' including a copyrighted code sequence in his new implementation.
However, it does nothing to protect against patents on methods in the code. If the patented methods are reproduced in the new code, they will still have patent issues.
RTMPE nothing more effective than SSL (Score:3, Informative)
i've updated the RTMPE.txt document, after doing some analysis this morning. there are two aspects to it: one is an end-to-end secrecy algorithm that is similar to SSL; the other aspect links the size and a hash of the original SWF file (through which the content is supposed to be streamed) into the handshake process.
there are no passwords used. there is no security. there is no authentication.
conclusion: RTMPE is definitely not a copyright protection mechanism. all the information needed to obtain the content is publicly available.
A more human-readable summary. (Score:4, Informative)
I, also, was confused. This is the issue, as I understand it after reading some of the links.
Copyright holders want to be able to paste something resembling their previous business model onto the internet. The urge is understandable, but it's not really a plausible goal--consider the hoops that had to be jumped to get books on the Kindle--so we see attempts to enforce the business model with laws rather than code.
More concretely, if you're just sending a regular old HTTP request to get some flash video, it's vulnerable to a trivial replay attack--just resend your request from your downloader. Adding cookies makes the replay attack only slightly less trivial. So, Adobe engineered their own (presumably obfuscated; I haven't looked) protocol, RTMP. It was reverse-engineered. Adobe then released an encrypted variant of RTMP, RTMPE.
RTMPE was, of course, reverse-engineered, but because it used cryptography, it's apparently covered under the DMCA, and so Adobe can sue people who explain how to get around it.
The fundamental problem is that data is being sent to an untrusted player on an uncontrolled host. Without something like Trusted Computing, it's impossible to completely prevent users from doing what they want with data that you send to them--which is why this is a DRM issue.
In short, it's the same DRM story. Companies try to use bound-to-fail technologies to prevent users from doing what they want with data on their own machines--usually, this means copying it--and when this inevitably fails, they start suing people. We're at the "suing people" stage.
Re:The OP doesn't know what "clean room" means (Score:3, Informative)
Clean room is legally carefully defined.
[citation needed]
It's not as if copyright law explicitly makes exceptions for "clean room" procedures. It's something the judge decides on a case by case basis and is informed by precedent, and therefore is more like fair use -- which is hardly the most precise of definitions.
It means reverse engineering a protocol or specification with no access to any outside information of any form.
No. From Sony v Connectix, on appeal:
Re:The OP doesn't know what "clean room" means (Score:3, Informative)
Interesting. According to Wikipedia [wikipedia.org], rtmpdump included encryption keys taken from Adobe Flash, which unfortunately means Adobe most likely has a legitimate DMCA case against it and any other implementation that were to include a copy of the encryption keys. Clean rooming would be irrelevant if the actual encryption keys were included in any other project.