Slashdot Mirror
TransGaming Tagging Downloads to Combat Piracy
SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."
Microsoft did this with Windows XP beta to see what beta testers were "leaking" the information. Somebody figured it out though and testers were in an uproar shortly thereafter. Frankly, if you buy (or rent) electronic hardware from a store, the serial number is recorded on the receipt to avoid a switcheroo... this is simply an extension of that in my opinion. Not a good thing for people who misuse their licenses... but nothing major for people who follow the rules.
Another point I'd like to make. Lets say that transgaming's servers get rooted and their archives infected with some arbitrarily nasty virus. How can I trust that the file I'm getting is not infected? I'll even go one step further... How can I be sure that this has not already happened?
You can't be sure.
For now, take the
that's what i'd try to do. rpm's be damned. heh
They DO have an open cvs-server. Kindof make you think that they are not so scared about people downloading their app?
My $5x10^-2
From the article:
Bytes 0x10 through 0x23 in the tgz are the signature. They are unique in every download and are probably recorded by transgaming to know who downloaded what archive. Also, all hopes of using md5 or any other form of checksumming to verify valid files are out the window.
So there you have it. Gentoo is forced to download from Transgaming's website and they keep changing signatures. Unless you are installed a warezed copy of it, MD5 checksums arn't going to be of much use.
Not necessarily. Just do
/usr/portage/
/usr/portage/distfiles. Then, so long as you don't remove it, the md5sum will match. Hope this helps!
# cd
# ebuild app-emulation/cedega/cedega-4.0.1.ebuild digest
and it will ask you to place the tarball in
Here you go:
The fact is, it doesn't affect piracy one bit, but now users gotta deal with additional BS. For example, piece together a new PC and put your copy of XP on it. Now, after activation fails, try to convince Microsoft that you destroyed or got rid of the old computer!
I have actually done this, and there is no problem at all. Ive changed my PC 5 times since I bought the XP license that requires activation, and only on the latest switch did the online activation fail. I rang a 0845 number (UK) and got hold of a very nice girl in a call center. All she asked me was if this installation was a unique install IE I hadnt installed it on other PCs. When I said yes, she reset my activations and gave me the option of activating through her or redoing the online activation, which I chose and was carried out without a problem.
Yes, anti piracy schemes get cracked, but cars also get broken into, you wouldnt see Ford selling cars without a doorlock. They are there to slow down the casual pirates, not the hardcore people.
As far as I know:
Most games have some sort of copy protection in them, making simple WINEing of the executable not work (tries doing magical windows assembly voodoo or some such).
What TransGaming have done is to take WINE (legally under a permissive licence) and continue to develop it for games, in addtion to licencing these copy protection schemes from the people who make them. They are under a contract to not reveal these copy protection schemes, and hence don't. Everything else is avaliable for download from their CVS repository.
^^The world as I understand it.
X11 / MIT yes.
Cedega itself is Aladin license. But it is no-so free:
Within hours after posting the ITP (Intent to Package) on the Debian
bug database and on the debian-devel mailing list, a mail from Trans-
Gaming's CEO/CTE Gavriel State was received, which indicates
1. "We noticed that you intend to package our AFPLed WineX package
for release in debian (presumably non-free). We would really prefer
that this not happen, for a number of reasons."
2. " We would prefer not to have to change our license to explicitly
prevent the distribution of binary packages, but if we have to we
will do so."
For those not blessed with Python: dd if=file.tar skip=36 | md5
Tired of free ipod spam sigs? Opt ou
Or just 'emerge --digest cedega'.
These will entirely destroy any kind of verification about the dist tarball, though, which is what the focus of the Transgaming forums post was about (and rightly so).
"You tried your best and failed miserably. The lesson is...never try. Heh!" -Homer
Those who want to use Cedega, but not pay the licensing fee, can just use the CVS tree download from the transgaming website, that comes free and no subscription required. All that is missing is the point2play system and their installer. What is to stop people packaging up the CVS version and distributing that instead?
IMHO the fact that they provide a CVS version negates the requirement to go and pirate it anyway.
Nick...
Electronic Music Made Using Linux http://soundcloud.com/polyp
Apparently it is watermarking...I downloaded two copies:
.tgzs of the same data would be different?
$tar xvzf cedega1.tgz
$ls
cedega1.tgz cedega2.tgz usr
$mv usr usr1
$tar xvzf cedgea2.tgz
$mv usr usr2
$ls
cedega1.tgz cedega2.tgz usr1 usr2
$diff -r usr1 usr2
$
'Nuff said. Its just a watermark, not in the actual files. If you do a:
$diff -rs usr1 usr2
it'll report that every file is identical, just to verify.
Then, make an unwatermarked version:
$mv usr1 usr
$tar czf cedega_clean.tgz usr
Sadly, if you compress the *exact* same folder twice with tar czf it will not md5sum the same (try it!). I can't say I know why. So basically, this helps with piracy but not with the verification problem. =( Don't know how to fix the ebuild problem. Anyone that knows more about why the md5sums for two
You can download and build the CVS version yourself: cvs instructions.
Firstly, as mentioned in the transgaming forum, the twat that got all worked up about this has been using Gentoo for a grand total of 13 days, and he still has the nerve to mobilise everyone..to comlain[sic]../. will publish anything these days!!
How foolish we are to follow someone so blindly. If you look at the reference to how long the guy has been posting, it is August 3 2003, not 2004. So, the dude has been running Gentoo for quite some time.
Bryan R.
The price of freedom is eternal vigilance, or $12.50 as seen on eBay.....
Hi all,
0 9# 4009
I've posted an official response here:
http://transgaming.org/forum/viewtopic.php?p=40
Take care,
-Gav
--
Gavriel State, Co-CEO & CTO
TransGaming Technologies Inc.
gav@transgaming.com