[mschuster91]

That must have been a hell of a workload. Thanks for this.

There are three pieces that left me shivering:

> After discussion with my original contact at Adobe they didn’t have access to the DRM code for Flash.

WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.

> though I’ll admit something about sending binary blobs to a graphics driver gives me the chills.

What a joke that DRM crap is. Hasn't been sending crap to graphics drivers been a cause of a boatload of exploits, and they're still doing so?

> The stability issues are likely down to interactions with third party code (such as AV) which inject their own code into Chrome processes.

LOLOLOLOL. For what is this even needed, given that AV software usually has kernel-level code anyway? Also, why on earth do AV vendors think they can mess around with third-party software?

The only ones who get clogged up with the inevitable bug reports are software devs who don't test their own software across all possible AV solutions - I doubt any company except Apple, Microsoft, Google's Android and Chrome divisions and Adobe actually have the install base for doing such tests "in the wild" like Chrome did.

[ajdlinux]

> WHAT? Adobe ships (to them!) unknown, unauditable binary crap to users? Security by obscurity or what? This is totally irresponsible of Adobe.

I understood this to mean that James' Adobe contact doesn't have access to their DRM code, not that Adobe as a company doesn't.

[tiraniddo]

That's exactly it. The contact had flash source but they get the DRM code shipped as a binary library so never see the source of it. A lot of companies, MS, Google, Adobe compartmentalise their drm team, effectively at the behest of the media companies as its all smoke and mirrors anyway. trying to protect things like encryption keys and the like. Typically therefore the binaries are also obfuscated heavily.