Slashdot Mirror
TransGaming Tagging Downloads to Combat Piracy
SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."
Microsoft did this with Windows XP beta to see what beta testers were "leaking" the information. Somebody figured it out though and testers were in an uproar shortly thereafter. Frankly, if you buy (or rent) electronic hardware from a store, the serial number is recorded on the receipt to avoid a switcheroo... this is simply an extension of that in my opinion. Not a good thing for people who misuse their licenses... but nothing major for people who follow the rules.
Another point I'd like to make. Lets say that transgaming's servers get rooted and their archives infected with some arbitrarily nasty virus. How can I trust that the file I'm getting is not infected? I'll even go one step further... How can I be sure that this has not already happened?
You can't be sure.
For now, take the
that's what i'd try to do. rpm's be damned. heh
They DO have an open cvs-server. Kindof make you think that they are not so scared about people downloading their app?
My $5x10^-2
From the article:
Bytes 0x10 through 0x23 in the tgz are the signature. They are unique in every download and are probably recorded by transgaming to know who downloaded what archive. Also, all hopes of using md5 or any other form of checksumming to verify valid files are out the window.
So there you have it. Gentoo is forced to download from Transgaming's website and they keep changing signatures. Unless you are installed a warezed copy of it, MD5 checksums arn't going to be of much use.
From Transgamers point of view... yes.. yes it is.
Not Meta-modding due to apathy.
Not necessarily. Just do
/usr/portage/
/usr/portage/distfiles. Then, so long as you don't remove it, the md5sum will match. Hope this helps!
# cd
# ebuild app-emulation/cedega/cedega-4.0.1.ebuild digest
and it will ask you to place the tarball in
So if these bytes are ignored, what happens if somebody inserts a trojan at that spot? The MD5 is already ignoring it, so no one would have any clue.
Personally, I intend to refuse to do business with companies that have this, or some similar policy.
I like to be able to be certain that the file I am installing came from the people that it purports to have come from. That means I need to be able to check signatures, or get in on a CD. I don't really care that much which. (I lie. I vastly prefer CDs because I frequently reformat my hard disk and switch distributions regularly.)
I think we've pushed this "anyone can grow up to be president" thing too far.
Here you go:
Uhm, well if you are getting Cedega (WineX) legit then you are going to be getting it from TransGaming.com - so you know the source is OK. If not you are pirating and thats bad. Ofcourse if you are concerned about TG.COM being hacked, they could just as easily modify the MD5sum on the website.
So your argument doesn't apply in this case.
Shouldn't there be some kind of license inheritance there?
As far as I know, Wine is under GNU LGPL, a weak copyleft license. There exist free software licenses with even weaker "inheritance" properties (as you put them) or "viral" properties (as Microsoft put them), such as the various permissive licenses such as those of zlib, FreeBSD, X11, and the like.
It's not lying. They aren't preventing anyone from doing anything legal (granted by the license). They /asked/ people not to distribute it that way, but they sought no legal action.
In fact, the license says upfront why they provide the CVS and that they would prefer that people not use it to distribute binaries, etc. They ask that you don't do it, but they can't stop you. All they can do is threaten to stop offering the CVS.
The fact is, it doesn't affect piracy one bit, but now users gotta deal with additional BS. For example, piece together a new PC and put your copy of XP on it. Now, after activation fails, try to convince Microsoft that you destroyed or got rid of the old computer!
I have actually done this, and there is no problem at all. Ive changed my PC 5 times since I bought the XP license that requires activation, and only on the latest switch did the online activation fail. I rang a 0845 number (UK) and got hold of a very nice girl in a call center. All she asked me was if this installation was a unique install IE I hadnt installed it on other PCs. When I said yes, she reset my activations and gave me the option of activating through her or redoing the online activation, which I chose and was carried out without a problem.
Yes, anti piracy schemes get cracked, but cars also get broken into, you wouldnt see Ford selling cars without a doorlock. They are there to slow down the casual pirates, not the hardcore people.
As far as I know:
Most games have some sort of copy protection in them, making simple WINEing of the executable not work (tries doing magical windows assembly voodoo or some such).
What TransGaming have done is to take WINE (legally under a permissive licence) and continue to develop it for games, in addtion to licencing these copy protection schemes from the people who make them. They are under a contract to not reveal these copy protection schemes, and hence don't. Everything else is avaliable for download from their CVS repository.
^^The world as I understand it.
X11 / MIT yes.
Cedega itself is Aladin license. But it is no-so free:
Within hours after posting the ITP (Intent to Package) on the Debian
bug database and on the debian-devel mailing list, a mail from Trans-
Gaming's CEO/CTE Gavriel State was received, which indicates
1. "We noticed that you intend to package our AFPLed WineX package
for release in debian (presumably non-free). We would really prefer
that this not happen, for a number of reasons."
2. " We would prefer not to have to change our license to explicitly
prevent the distribution of binary packages, but if we have to we
will do so."
For those not blessed with Python: dd if=file.tar skip=36 | md5
Tired of free ipod spam sigs? Opt ou
Or just 'emerge --digest cedega'.
These will entirely destroy any kind of verification about the dist tarball, though, which is what the focus of the Transgaming forums post was about (and rightly so).
"You tried your best and failed miserably. The lesson is...never try. Heh!" -Homer
actually, each time you emerge sync after that, the md5 digest will get replaced. So it wont match after a sync.
This depends on the size of the archive, but edit.com works wonders when it is sufficiently small. It can open files in binary mode (see the open dialog box), but it can never let you input null bytes directly - copy & paste works though.
If it's big, then you'll need debug:
C:\>debug
-nname-of-archive.tgz
-l
-f cs:110 123 00
-w
-q
Why you'd want to do that for what as far as I can tell is a tgz of a Linux game though, I have no idea. Also, this was tested with a dummy file - I'm not going to even try getting the right file to test this.
(My testing was on WinXP, but AFAIK debug has been around since the DOS days - I remember seeing it in 5.0 era books, probably had been around longer)
Bioware also removed the copy-protection from the Windows version of
Neverwinter Nights, around 1.29, I think. It caused more trouble than good,
I guess.
(Can't be arsed to dig through the patchnotes)
the license was BSD b4...the jeremy decided to change it to LGPL,transgaming disagreed(obviously)
and then....i dont think there has been any contibutions from either side to the other
Those who want to use Cedega, but not pay the licensing fee, can just use the CVS tree download from the transgaming website, that comes free and no subscription required. All that is missing is the point2play system and their installer. What is to stop people packaging up the CVS version and distributing that instead?
IMHO the fact that they provide a CVS version negates the requirement to go and pirate it anyway.
Nick...
Electronic Music Made Using Linux http://soundcloud.com/polyp
Apparently it is watermarking...I downloaded two copies:
.tgzs of the same data would be different?
$tar xvzf cedega1.tgz
$ls
cedega1.tgz cedega2.tgz usr
$mv usr usr1
$tar xvzf cedgea2.tgz
$mv usr usr2
$ls
cedega1.tgz cedega2.tgz usr1 usr2
$diff -r usr1 usr2
$
'Nuff said. Its just a watermark, not in the actual files. If you do a:
$diff -rs usr1 usr2
it'll report that every file is identical, just to verify.
Then, make an unwatermarked version:
$mv usr1 usr
$tar czf cedega_clean.tgz usr
Sadly, if you compress the *exact* same folder twice with tar czf it will not md5sum the same (try it!). I can't say I know why. So basically, this helps with piracy but not with the verification problem. =( Don't know how to fix the ebuild problem. Anyone that knows more about why the md5sums for two
You can download and build the CVS version yourself: cvs instructions.
The GPL isn't involved here. The WINE project used to release under the X11 license, which permitted transgaming to take their code and make a proprietary fork anyway. They do make the code available through CVS, they just make it difficult, and have threatened anyone that tries to make it easier, or even thinks about distributing binaries from that source, even though the license allows them to do it (they told Debian they would change the license if necessary to prevent Debian from packaging this.)
WINE has since, sensibly, changed to the LGPL which should prevent this sort of nonsense in the future. Transgaming has never given back to the project they stole from, they release code only under the Alladin license which is not compatible with the original X11 license or the LGPL, so that the project that wrote the vast majority of the code in their product cannot use their work at all. These people are leeches!
Support WINE (www.winehq.com) and forget these ripoff artists. If you absolutely MUST have something in the transgaming tree, get it from CVS, and then reimplement it in your own words and submit it to the real WINE project ASAP.
Firstly, as mentioned in the transgaming forum, the twat that got all worked up about this has been using Gentoo for a grand total of 13 days, and he still has the nerve to mobilise everyone..to comlain[sic]../. will publish anything these days!!
How foolish we are to follow someone so blindly. If you look at the reference to how long the guy has been posting, it is August 3 2003, not 2004. So, the dude has been running Gentoo for quite some time.
Bryan R.
The price of freedom is eternal vigilance, or $12.50 as seen on eBay.....
WineX is a branch of a much older, BSD-licensed Wine. Wine was waiting for the changes from TransMetra to come back, and moved to a LGPL license when they realized the BSD license wasn't really what they wanted when the changes never came back.
Since he/she is a Gentoo user, I guess he/she may have been updating his system, downloading and checking (through md5sum) various packages at that time, and finding that all of them successfully installed, except TransGaming's one. This is enough to assume that the package was causing the trouble, not the system, at least in a first time. And it turned out to be correct.
As a side note, I don't think that cracking md5sum in a way that it'll return random hashes makes much sense. This is more likely to catch the user's attention than anything else. Unless of course the user gets upset and is stupid enough to plain disable checking "because it doesn't seem to work anymore", in which case I agree it could help a cracking operation.
Perhaps you might want to back up this "fact" with evidence ? Such as some examples of software that wasn't released on PC because of piracy ?
Of course. That's why there's no new games being released for PCs. None are being planned either. And there certainly is no freeware/FOSS ones either.
Slashdot confirms it - PC is dying :).
Apparently some companies think that it still makes sense to make games on PC. But what do they know :)
I must have imagined those hundreds of pirated PS2 and XBOX games on suprnova then.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Hi all,
0 9# 4009
I've posted an official response here:
http://transgaming.org/forum/viewtopic.php?p=40
Take care,
-Gav
--
Gavriel State, Co-CEO & CTO
TransGaming Technologies Inc.
gav@transgaming.com