- From: Florian Bösch <pyalot@gmail.com>
- Date: Tue, 12 Feb 2013 22:29:38 +0100
- To: Mark Watson <watsonm@netflix.com>
- Cc: "<public-html-media@w3.org>" <public-html-media@w3.org>
- Message-ID: <CAOK8ODg3rXMxZoQxKpjFKp8fc_915hummwcpMDZ7kEdKodh2_A@mail.gmail.com>
On Tue, Feb 12, 2013 at 9:51 PM, Mark Watson <watsonm@netflix.com> wrote: > Please see my other comment about the different things being protected. > I don't know what weird bizarro world you live in where you think you can "protect" anything that goes on a users computer. Let me break it to you the hard way, you can't. End of story. That's it. As soon as you have anything running on a users computer, the user can do anything to your "trusted" software whatsoever. This my friend is the world where you intercept and fake syscalls, disassemble binaries, grab memory from living ram, instrument foreign binaries, compile your own drivers, compile your own browser, compile your own kernel and a pleathora of other techniques to completely root your scheme. What you call "protection" is nothing more than a slight of hand. It's nothing more than cheap obfuscation. It's not magic. It's a magic trick. It only works on those who don't know how it works. And it only takes one who knows, to break it for everybody. You're talking as if the implementation of that DRM will be the grand masterpiece of integrity. It's not. It's cheap parlor trick. People 10x or 100x as intelligent as you or me will read your code and will break in a matter of minutes, and they put on bittorrent, pastebins and on bitbucket, github and gists. There is no such as a "secret" once you have thing on a users computer, none whatsoever. Please stop fooling yourself. And please stop fooling your clients, because, they don't know any better. They can't even imagine what I'm talking about. When you go into meeting and tell your clients "this runtime is secure" you're lying. You're lying out of your arse. There's no such thing in DRM as secure. None whatsoever. You cannot protect anything at all. Just stahp. Alright? I'm not as dumb as the content people you have meetings with. >
Received on Tuesday, 12 February 2013 21:30:05 UTC