Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Entertainment Games

TransGaming Tagging Downloads to Combat Piracy 512

SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."
This discussion has been archived. No new comments can be posted.

TransGaming Tagging Downloads to Combat Piracy

Comments Filter:
  • by ChronoWiz ( 709439 ) on Monday August 16, 2004 @12:03AM (#9977853) Journal
    This is a real pain because it actually breaks the gentoo ebuilds!
    • by codergeek42 ( 792304 ) <peter@thecodergeek.com> on Monday August 16, 2004 @12:34AM (#9977993) Homepage Journal
      Not necessarily. Just do

      # cd /usr/portage/
      # ebuild app-emulation/cedega/cedega-4.0.1.ebuild digest

      and it will ask you to place the tarball in /usr/portage/distfiles. Then, so long as you don't remove it, the md5sum will match. Hope this helps!
      • by Nasarius ( 593729 ) on Monday August 16, 2004 @12:45AM (#9978036)
        You're right, but that's just a workaround. There's no way for the Gentoo developers to really fix this without disabling an important security feature of portage.
      • by KentoNET ( 465732 ) on Monday August 16, 2004 @03:10AM (#9978453)
        Or just 'emerge --digest cedega'.

        These will entirely destroy any kind of verification about the dist tarball, though, which is what the focus of the Transgaming forums post was about (and rightly so).
      • Yes, here you can download cedega from www.evil-black-hat.com/trojans/cedega.tgz.
        Don't worry about the modifications it makes to /etc/passwd, they're necessary for the game to run.
    • Have the portage, instead of simply downloading the file, do this:
      • Step 1: download the file.
      • Step 2: Blank out the watermark, saving it elsewhere.
      • Step 3: MD5sum the watermark-free file.
      • Step 4: Restore the watermark.
      • Step 5: Act like nothing's wrong. [plastic.com]

      <flame>I've always held that Gentoo users are like Debian users, but with less ingenuity ;-).</flame> Should Gentoo choose to use it, I'd love an email saying thanks, but I formally reserve no rights.

  • easy workaround (Score:5, Interesting)

    by Sparr0 ( 451780 ) <sparr0@gmail.com> on Monday August 16, 2004 @12:03AM (#9977854) Homepage Journal
    unzip two copies, find any differences, produce a third copy with random garbage in place of whatever the watermark is.
    • by riprjak ( 158717 ) on Monday August 16, 2004 @12:07AM (#9977869)
      Or, as an alternative; fsck transgaming and use traditional WINE... or simply use the gentoo ebuild tools to generate a new MD5 hash based on the .tgz you downloaded... you *DO* trust transgaming's own binaries, dont you??? hmmm??? :)
      • Trust (Score:5, Insightful)

        by Kaseijin ( 766041 ) on Monday August 16, 2004 @12:49AM (#9978053)
        simply use the gentoo ebuild tools to generate a new MD5 hash based on the .tgz you downloaded... you *DO* trust transgaming's own binaries, dont you??? hmmm??? :)
        You may have been joking, but whoever modded this insightful presumably wasn't. The Portage hash check assures the user that the Cedega tarball isn't really a rootkit uploaded by whoever 0wned TransGaming's server. It would be best if all publishers cryptographically signed their releases, but since most don't, comparing hashes with a trusted third party like Gentoo is a reasonable compromise.
        • Re:Trust (Score:5, Funny)

          by riprjak ( 158717 ) on Monday August 16, 2004 @01:29AM (#9978167)
          I can assure you I was as surprised as anyone to be modded insightful or interesting... I expected a funny or two.

          For reference people; NEVER do what I suggested to manually change the expected MD5 hash. Kaseijin is dead right in suggesting that the cause of variance may indeed be due to l337 hax0rz pwnZing a server and modding the downloads to infect your system...

          In fact, Kaseijins entire comment is informative, mine was a joke in VERY bad taste.

          Hell, I dont recommend taking my advice at the best of times :)

          err!
          jak
          • Re:Trust (Score:4, Funny)

            by Anonymous Coward on Monday August 16, 2004 @02:04AM (#9978276)
            This is slashdot; you can't underestimate the intelligence of the mods.

            insightful or interesting is mod-speak for "me no understand, but you sound smarts"
          • by anti-NAT ( 709310 ) on Monday August 16, 2004 @03:12AM (#9978463) Homepage

            Reading through the post, it is surprising that, after at least 10 downloads, he (she?) never suspected that the MD5 utility being used has either become corrupt, or has been cracked, causing it to not produce correct hash output.

            After the third or fouth failure, you should start considering more unlikely causes - corrupt MD5 utility, OS bugs, memory errors, etc. Any one of those could have cause the problems being described.

    • Re:easy workaround (Score:5, Informative)

      by pc486 ( 86611 ) on Monday August 16, 2004 @12:09AM (#9977883) Homepage
      From the article:

      Bytes 0x10 through 0x23 in the tgz are the signature. They are unique in every download and are probably recorded by transgaming to know who downloaded what archive. Also, all hopes of using md5 or any other form of checksumming to verify valid files are out the window.

      So there you have it. Gentoo is forced to download from Transgaming's website and they keep changing signatures. Unless you are installed a warezed copy of it, MD5 checksums arn't going to be of much use.
    • Re:easy workaround (Score:4, Informative)

      by desplesda ( 742182 ) on Monday August 16, 2004 @12:10AM (#9977886) Homepage
      The guy who posted this, Q3Man, posted this followup:
      With some help from cyph in #cedega, I've come to the conclusion that the builds are infact watermarked, although simply tagged might be a better description. Bytes 0x10 through 0x23 in the tgz are the signature. They are unique in every download and are probably recorded by transgaming to know who downloaded what archive. Also, all hopes of using md5 or any other form of checksumming to verify valid files are out the window.
    • Marker (Score:5, Funny)

      by mfh ( 56 ) on Monday August 16, 2004 @12:26AM (#9977966) Homepage Journal
      And I was going to the trouble of getting out my magic marker and drawing on the download!
    • Re:easy workaround (Score:5, Insightful)

      by Jah-Wren Ryel ( 80510 ) on Monday August 16, 2004 @12:42AM (#9978027)
      It seems that

      a) Only the .TGZ, aka .tar.gz for real unix people, is marked. So, just re-tar it and the tag (that ain't even deserving of the term watermark) is gone.

      b) If they did something more hardcore, two copies would not necessarily be enough remove all identifiers. It isn't hard to come up with a scheme in which there are multiple sets of tags and any one combination of those tags defines a single download, but if say, 3 of the 4 tags are the same, then a straight diff only picks up 1 of the 4 tags and thus leaves the other 3 to identify a group of downloads from which both "pirates" took their copies. Play enough games assigning different users to different sets of tags for different releases and you could probably narrow down the pool to the exact people who are participating in unauthorized sharing in a month or two. It just a practical application of set theory to do it.
  • blargh (Score:3, Interesting)

    by B3ryllium ( 571199 ) on Monday August 16, 2004 @12:05AM (#9977859) Homepage
    Come on people, is it really THIS important to protect stuff?

    Why not focus on a service-based business model, like the MMORPG setup?

    One-off profits are nowhere near as lucrative as service contracts, after all.

    Pshaw, software fingerprinting protection is just silly ...
    • Re:blargh (Score:4, Insightful)

      by Dorsai65 ( 804760 ) <[dkmerriman] [at] [gmail.com]> on Monday August 16, 2004 @12:11AM (#9977889) Homepage Journal
      Me, when I do a lot of work, I like to get paid for it. TG is 'fronting' the money needed to develope until they sell the product; if they don't sell enough, then it's not worth it to them to keep doing it and they fold up their tent and go home. If somebody likes their stuff *that* much, then pay for it.
    • Re:blargh (Score:3, Insightful)

      by conway ( 536486 )
      Thats exactly why TransGaming is a subscription based service. You pay $5/month, and get access to any new versions that come out, support, and a vote in the games TG works on next.
  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Monday August 16, 2004 @12:05AM (#9977861)
    Comment removed based on user account deletion
    • Re:Tis good! (Score:4, Insightful)

      by OverlordQ ( 264228 ) * on Monday August 16, 2004 @12:10AM (#9977885) Journal
      Look at nearly every product with 'activation' or a 'cd-key' and it's been cracked. All these 'protections' do is make it easier for pirates to pirate and harder for legit users to get to work.
      • Re:Tis good! (Score:3, Insightful)

        by Spoing ( 152917 )
        1. Look at nearly every product with 'activation' or a 'cd-key' and it's been cracked. All these 'protections' do is make it easier for pirates to pirate and harder for legit users to get to work.

        (corrections appreciated)

        That's not the case here. This isn't restricting use at all...just making it clear which copy goes where (if found later).

        If they put in code to actively thwart copying -- and I agree it would 'make it easier for pirates to pirate and harder for legit users' to use what they bought --

    • by etymxris ( 121288 ) * on Monday August 16, 2004 @12:13AM (#9977899)
      I was recently getting back into gaming and considering becoming a Transgaming subscriber again. Maybe I would have chosen not to anyway, but I'm certainly not after this. Not because it's really worse than anything any other proprietary software company would do, but because it reminds me of why I prefer free (libre) software over proprietary software.

      I remember when Transgaming was going to open source everything they wrote, if only they got enough subscribers. Well that pipe dream fell through. I'll stick to free software. There's no going back on such a promise with free software.
      • by cleverhandle ( 698917 ) on Monday August 16, 2004 @12:19AM (#9977930)

        I remember when Transgaming was going to open source everything they wrote, if only they got enough subscribers. Well that pipe dream fell through.

        Um... AFAIK, everything is in CVS apart from the copy protection code, which they have contracts not to release. What more can you ask for? If you want to play games with copy protection (that being basically all of them), what other choice do you see for them?

  • by nayigeta ( 792068 ) on Monday August 16, 2004 @12:06AM (#9977864) Homepage Journal
    How would one verify that an archive is correct, or packaged from a reliable source, if the md5sum differs?

    In my opinion, the cons outweight the pros for doing so.

    • How would one verify that an archive is correct,

      Well, how about the following?

      1) Use dd (or some other tool) to zero-out the range that they keep modifying, and then verify checksum.

      2) Uncompress (and possibly untar) the package, then do an MD5 sum on all the files in the package. If they only modify one, unimportant, file, you can easily just do an MD5 on the rest. It might even be simpler than that... The changed bytes may exist only in the package, and may not have changed any files inside the t

  • Don't Like it? (Score:4, Insightful)

    by Dr. Bent ( 533421 ) <benNO@SPAMint.com> on Monday August 16, 2004 @12:06AM (#9977867) Homepage
    Don't buy it.
  • by tisme ( 414989 ) on Monday August 16, 2004 @12:07AM (#9977871)
    Microsoft did this with Windows XP beta to see what beta testers were "leaking" the information. Somebody figured it out though and testers were in an uproar shortly thereafter. Frankly, if you buy (or rent) electronic hardware from a store, the serial number is recorded on the receipt to avoid a switcheroo... this is simply an extension of that in my opinion. Not a good thing for people who misuse their licenses... but nothing major for people who follow the rules.
    • by Trelane ( 16124 ) on Monday August 16, 2004 @12:20AM (#9977939) Journal
      Except that it's a major PITA for those of us who do subscribe and do like the integration/installation ease of Gentoo.

      Just like it's a major PITA to carry around all those double-danged game CDs despite the fact that I could install the full version on my laptop and not have to worry about tracking the original media and making sure it doesn't get lost/damaged/stolen. Does it hurt the pirates? No, they are just using a burned copy anyway; they can make a burned copy as a backup. Backups don't work for me, the legal user, but they sure work well for the pirates! Gee, thanks!

      [BTW, a major thank you to Bioware and Unreal Tournament 2004: at least for the Linux native versions, no cd is required to play! Yaaaay!]
      • Re:NWN (Score:3, Informative)

        by EvilIdler ( 21087 )
        Bioware also removed the copy-protection from the Windows version of
        Neverwinter Nights, around 1.29, I think. It caused more trouble than good,
        I guess.

        (Can't be arsed to dig through the patchnotes)
  • by zoloto ( 586738 ) on Monday August 16, 2004 @12:08AM (#9977877)

    Another point I'd like to make. Lets say that transgaming's servers get rooted and their archives infected with some arbitrarily nasty virus. How can I trust that the file I'm getting is not infected? I'll even go one step further... How can I be sure that this has not already happened?


    You can't be sure.
    For now, take the .rpm or .deb and use a utility that takes X and turns it into .tgz i think slackware has this utility.

    that's what i'd try to do. rpm's be damned. heh
  • CVS anyone? (Score:3, Informative)

    by ernstp ( 641161 ) <ernstp AT gmail DOT com> on Monday August 16, 2004 @12:09AM (#9977882)
    They DO have an open cvs-server. Kindof make you think that they are not so scared about people downloading their app?

    My $5x10^-2
    • Re:CVS anyone? (Score:3, Informative)

      by conway ( 536486 )
      The CVS does not include some parts. Most notably, things which make games with copy protection run correctly (since the code is licensed from Macrovision, or something). There are also other missing pieces such as "Point2Play" (sp?) which lets you keep different wine settings for different games, and I believe comes with presets for many games to run properly.
  • It's not so bad... (Score:4, Insightful)

    by chrispyman ( 710460 ) on Monday August 16, 2004 @12:13AM (#9977900)
    Honestly, thats probably the most non-intrusive copy protection there could be. The problem is why did they include it without telling anyone? These people paid for it, so don't they deserve an explanation? And even more odd is that, since their "protection" scheme is now known, whats to stop, say, a pirate from altering the archive and putting it on P2P?
  • Is it worth it? (Score:3, Informative)

    by TeraCo ( 410407 ) on Monday August 16, 2004 @12:17AM (#9977918) Homepage
    Is this tiny loss of personal privacy worth the increase in TransGaming's security?

    From Transgamers point of view... yes.. yes it is.

    • Re:Is it worth it? (Score:3, Interesting)

      by HiThere ( 15173 ) *
      And from my point of view, no, I'm not going to sign up again for a new subscription. I never used it much anyway, and if they're going to act like that they can take a flying leap.

      I've been a bit suspicious ever since they split from Wine, but this is the point beyond the limit. If I can't check signatures, why should I trust them?

  • No surprise here (Score:5, Insightful)

    by Lord Byron II ( 671689 ) on Monday August 16, 2004 @12:17AM (#9977919)
    I think it was no secret that this was going to happen eventually, although the article makes it sound like just the tgz is tagged, not the binaries themselves. So you should be able to open it, re-zip it, and be on your way. I hope that they are providing md5's for those of us who are smart enough to check.

    But from reading the article, I don't get the impression that this is an anti-piracy effort either. Consider that the RPMs and DEBs are unaffected. Could be anti-piracy, but it could also be just a download counting system or maybe per-user customization.

    Certainly, it seems clear that they're not actively tracking you and that they're not going to be able to tell if you happen to install it on your desktop and laptop. The only way you're going to get in trouble (if that is indeed their goal) is if your unaltered tgz starts appearing en masse on the p2p networks.

  • by Anonymous Coward on Monday August 16, 2004 @12:18AM (#9977922)
    If Linux is going to go bigtime on the desktop, you are just going to have to put up with this kind of stuff. Hell, I would bet that distributors put even more protection on commercial Linux apps/games since (pardon my generalization) Linux users are used to software being free (as in beer). Prepare for it to get worse in the coming years.
    • Personally, I intend to refuse to do business with companies that have this, or some similar policy.

      I like to be able to be certain that the file I am installing came from the people that it purports to have come from. That means I need to be able to check signatures, or get in on a CD. I don't really care that much which. (I lie. I vastly prefer CDs because I frequently reformat my hard disk and switch distributions regularly.)
  • Loss of Privacy? (Score:5, Insightful)

    by LochNess ( 239443 ) on Monday August 16, 2004 @12:18AM (#9977924) Homepage
    Is this tiny loss of personal privacy worth the increase in TransGaming's security?


    If you don't download it, you don't have any "loss" of privacy.

    People throw around the idea of the loss of privacy as though they are being compelled to download whatever it is.
  • by zarthrag ( 650912 ) on Monday August 16, 2004 @12:19AM (#9977927)
    ..but I feel their pain.

    I've discussed this option before, and it's difficult to do without developing an entirely new online distribution format, however it is (in the end) an infinite uphill battle when it comes to copyprotecting non-multiplayer games. Signing a download will simply thward willy-nilly copiers. Any warez producer worth their salt will breeze by this one by either producing their own archives by simply ferreting out the watermark.

    I'm not familiar with cedega, but I'm sure it's no different from any other title. If it ain't an MMO, you can't attain near-zero piracy - period.

    Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer. No updates, no piracy, no privacy.
    • by ZorbaTHut ( 126196 ) on Monday August 16, 2004 @07:37AM (#9979229) Homepage
      . . . and I feel their pain . . .

      . . . but I still don't agree.

      There's a game called Gish. I played the demo. I loved it. I bought it and installed it. And still loved it!

      So I brought it to a friend's house, and installed it there, and we played it, and she said "this game rocks!". And before I left I erased it. She said she'd probably buy it.

      So I brought it to another friend's house, a few days later! Or I tried to. Because, see, I'd just been downloading it off their website, but their website locked me out because I'd downloaded it too many times. So I emailed them, and they said yes, they'd unlock it so I could download it again, but I was only allowed to install it three times. The verification system wouldn't let me install it more than that.

      What the hell? They hadn't mentioned this before. Like, you know. When I paid them money for it.

      So I complained, and they refused to do anything. It's to protect against piracy! It's for everyone's better good! If you need to install it more than three times, why not just buy another copy? It's not that expensive!

      I'd been planning to install it on my second computer so I could play around with it when my main computer was doing computationally intensive stuff.

      I'd been planning to reformat and rebuild my main computer in half a year or so, and obviously that would require reinstalling as well.

      Three installs? What the hell? I paid good money for this game. I BOUGHT this game. Why am I being treated like a criminal?

      Well, make the crime fit the punishment, I guess. I downloaded the crack. It took about a tenth as long as it had taken to argue with them about copy protection.

      I installed it on my friend's computer. We played it. I didn't bother deleting it. He said he'd probably have bought it if it wasn't for that 3-install limit (he reformats often.)

      I called up my first friend and told her the bad news. She thanked me for the warning, and said she'd changed her mind on buying it.

      I now have the crack stored on a server of mine so I can install it wherever I want.

      That sure helped them defend against piracy, didn't it?

      If you want people to buy your software, there's one and only one way to do it. You can't force them. You can't tell them they must. You simply make them want to. This, however, doesn't make me want to - and therefore it's a failure. Any software developer who thinks they can get around this is living in a state of denial. Accept piracy - and embrace piracy, because it can be a fantastic word-of-mouth network. One percent of a million users is a hell of a lot more sales than one hundred percent of a thousand users.
  • by vandan ( 151516 ) on Monday August 16, 2004 @12:20AM (#9977938) Homepage
    Obviously they're concerned about the amount of piracy.

    For the money that they charge, you'd think that people who actually choose to use their product could bring themselves to pay for it.

    I know there are a lot of people who take the 'boycott WineX' approach because they think WineX harms gaming on Linux in the long run. This post obviously has nothing to do with them, as they choose not to run it.

    For those of us who choose to run it, I really can't see what the problem with paying for it is. I've paid on 3 separate occassions. On each occasion I'd paid because another game I wanted to play was now supported, and I've been satisfied each time.

    So how about the leeches among us start supporting the rare breed of company that shows any interest in Linux on the desktop?
    • by cleverhandle ( 698917 ) on Monday August 16, 2004 @12:28AM (#9977971)

      So how about the leeches among us start supporting the rare breed of company that shows any interest in Linux on the desktop?

      No joke - somebody mod this fellow up. TG is, by all evidence I've seen, a totally community oriented gig. They let you vote on future developments, send status updates containing at least a modicum of technical detail, provide packages in all sorts of formats, and have their devs man their message boards with reasonable regularity. What the hell more could you ask of a company?

      If you rip off TG, you're ripping off the good guys. Don't even try to tell yourself otherwise.

      • by k8to ( 9046 ) on Monday August 16, 2004 @01:14AM (#9978122) Homepage
        Transgaming is selling a product based on Wine, a totally free software project. TransGaming has added to that codebase, but without contributing most of those additions back to the Wine codebase.

        They have brought value to their product, which is why it is worth any money at all, but they have not really been a team player with the free software community.

        In addition, there have been various sketchy issues, including a promise (unfulfilled) of opening their codebase when they get a bunch of subscribers. They also damaged sales of a native linux port by wine-porting it redundantly (kohan), have used linux-subscriber funds to port games to macintosh instead of linux which were not made available to linux subscribers.

        Now, these are oversimplified descriptions, and I'm not suggesting they are an evil bunch of people. But describing them as "totally community oriented" is simply inaccurate. There is also the contestable issue that they may be helping to prevent the growth of the native Linux games market by diverting demand to windows games, while also providing a poor linux gaming experience (look at the list of fully supported games, it's quite small). This view is not airtight but it's not invalid either.

        In short, they are not the "good guys". They are a business out to make a profit regardless of whether their actions are "good" or "bad".
  • by DroopyStonx ( 683090 ) on Monday August 16, 2004 @12:21AM (#9977947)
    If a person knows enough to be using Linux AND this application, chances are they can easily get around the watermark, so what's the point in it?

    I don't understand when companies go off on this tangent and act as if what they're doing will combat piracy. Piracy will always exist. No matter what you do, you can't get rid of it.

    Yeah, it's wrong, but people will do it. Just be thankful EVERYONE isn't doing it. Bottom line: it will not bring back your "lost" sales, and people will have a workaround in a matter of hours.

    There's also a reason why Microsoft more or less turns a blind eye to it - the more people who pirate a particular piece of software just means it's on that many more computers. MS would rather you have a pirated copy of Windows XP than to flat out run Linux simply because it gives them more of a place in the market.

    No one likes to think on the flipside of things, so go on and mod this as troll ;)
  • by nwbvt ( 768631 ) on Monday August 16, 2004 @12:45AM (#9978037)
    <sarcasm>
    I honestly do not understand why they would want to do this. To protect against software piracy? Who would do such a thing? Surely the general population has enough respect for software developers that they would refrain from pirating software without copy protection schemes.
    </sarcasm>
  • by Guspaz ( 556486 ) on Monday August 16, 2004 @12:47AM (#9978045)
    What happened to being able to download the source to WineX (Or Cedega) and compiling it yourself? Are TransGaming violating the GPL by not providing the source, or are they claiming that the subscription is to cover distribution costs to get around the GPL?

    Or, am I completely wrong, and does Transgaming provide the source on their website, just hidden somewhere?
    • You can download and build the CVS version yourself: cvs instructions [transgaming.com].
  • by cleverhandle ( 698917 ) on Monday August 16, 2004 @12:50AM (#9978058)

    I'm not really sure what the point of this watermarking is. It's really not copy protection - they would need a proper activation system to enforce that. And, even apart from the huge political backlash that would entail, I can't imagine that TG would devote the technical and clerical resources required to make an activation system work. Especially since so many Linux users change distros and hardware more often than their socks. They can't be crazy enough to try activation.

    So what's the point, then? Copies will still make their way through P2P. I guess they could go after people that share the file (if they're dumb enough not to wipe the watermark), but there's no way they'd do more than cancel that person's subscription. Again, apart from political issues, any legal proceedings would be ridiculously expensive for the damages involved. Are they saving dev time on support? No, not really - you have to have a subscription to access the message boards. There's IRC, I guess, but if a dev's sitting there already, that's not much of a loss.

    I feel like we're missing something here. The guys at TG are clearly not dumb. They can't believe this will help them sell more copies. There's got to be more to it somewhere...

  • Privacy? (Score:3, Insightful)

    by JamesKPolk ( 13313 ) on Monday August 16, 2004 @12:51AM (#9978062) Homepage
    How is this a loss of privacy unless you were planning to violate the company's copyright?

    Who is going to see your personally tagged tarball that you download?
  • by Ghostgate ( 800445 ) on Monday August 16, 2004 @01:12AM (#9978119)
    ... any action that makes things more difficult / inconvenient / annoying / etc. for legitimate users of a piece of software (or anything else - like an audio CD) is an action that should not be taken.

    When I am using software that I am a legitimate owner of, the last thing I want to do is jump through a million hoops just to prove I'm legit. For example, I'll be the first to admit that when I BUY a PC game, the first thing I do is go looking for a "no CD crack" to download. Why? Because I own the game and don't WANT to be forced to swap CDs all the time, just to constantly prove that I paid for the damn thing. I shouldn't have to. Honestly, it's insulting.

    AFAIK, every form of copy/piracy protection that has ever existed has been cracked, and typically in a relatively short amount of time. The ones doing the pirating don't care - they have come to expect it, and finding out how to crack the software will be widely preferred to forking over the cash anyway. The crackers/warez distributors don't care either - indeed, quite the opposite, as many crackers will love the chance to be the first to crack a new protection scheme. The only ones who care are the legitimate users, because they're the ones who usually suffer.
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Monday August 16, 2004 @02:47AM (#9978394)
    Comment removed based on user account deletion
  • by Graabein ( 96715 ) on Monday August 16, 2004 @03:23AM (#9978498) Journal
    Is this tiny loss of personal privacy worth the increase in TransGaming's security?

    No.

    And make that "perceived security".

  • by oldosadmin ( 759103 ) on Monday August 16, 2004 @03:28AM (#9978518) Homepage
    I love transgaming, and was encouraging everyone I heard was using CVS to buy a subscription... but not anymore. I won't buy stuff from a company that would do something like this... well, the fact they did it isn't so bad, the fact they hid it is.
  • CVS Tree (Score:4, Informative)

    by polyp2000 ( 444682 ) on Monday August 16, 2004 @05:26AM (#9978778) Homepage Journal
    Those who want to use Cedega, but not pay the licensing fee, can just use the CVS tree download from the transgaming website, that comes free and no subscription required. All that is missing is the point2play system and their installer. What is to stop people packaging up the CVS version and distributing that instead?

    IMHO the fact that they provide a CVS version negates the requirement to go and pirate it anyway.

    Nick...
  • Changes (Score:5, Informative)

    by rpdillon ( 715137 ) * on Monday August 16, 2004 @05:29AM (#9978790) Homepage
    Apparently it is watermarking...I downloaded two copies:

    $tar xvzf cedega1.tgz
    $ls
    cedega1.tgz cedega2.tgz usr
    $mv usr usr1
    $tar xvzf cedgea2.tgz
    $mv usr usr2
    $ls
    cedega1.tgz cedega2.tgz usr1 usr2
    $diff -r usr1 usr2
    $

    'Nuff said. Its just a watermark, not in the actual files. If you do a:

    $diff -rs usr1 usr2

    it'll report that every file is identical, just to verify.

    Then, make an unwatermarked version:

    $mv usr1 usr
    $tar czf cedega_clean.tgz usr

    Sadly, if you compress the *exact* same folder twice with tar czf it will not md5sum the same (try it!). I can't say I know why. So basically, this helps with piracy but not with the verification problem. =( Don't know how to fix the ebuild problem. Anyone that knows more about why the md5sums for two .tgzs of the same data would be different?
    • Re:Changes (Score:5, Insightful)

      by Craig Ringer ( 302899 ) on Monday August 16, 2004 @05:54AM (#9978870) Homepage Journal
      Most likely the MD5sums don't match because tar is storing the access times on the files. The access time will change when tar reads the file. To work around it, use the 'noatime' mount option on the FS or pass the appropriate parameters to tar so that it doesn't record atimes or resets them after reading the file.
  • by gavriels ( 55831 ) on Monday August 16, 2004 @12:28PM (#9982270)
    Hi all,

    I've posted an official response here:

    http://transgaming.org/forum/viewtopic.php?p=400 9# 4009

    Take care,
    -Gav

    --
    Gavriel State, Co-CEO & CTO
    TransGaming Technologies Inc.
    gav@transgaming.com

I program, therefore I am.

Working...