Posted May 10, 2021
Post edited May 10, 2021 by rjbuffchix
rjbuffchix
Online/Galaxy required = DRM.
Registered: Jun 2017
From United States
rjbuffchix
Online/Galaxy required = DRM.
Registered: Jun 2017
From United States
Posted May 10, 2021
low rated
I feel like an idiot on a fence, but for now, I hope you and the rest of the people on your list will at least accept my respect, and know that I admire your conviction, and that I believe you to be a good person who, with the added difficulty of substantial public scrutiny and criticism, is trying to do the right thing.
I don't know how you feel about this, but have you considered not doing a "stop buying entirely" style boycott and exploring some other way? That is essentially my approach: I am on the boycott list but will buy what I consider "must-haves", yet nothing further, and I'm unlikely to buy additional content for games I own, soundtracks etc, whereas in the past I would have wanted to support the store and DRM-free gaming as a whole. If there are not many must-have releases to me, it is effectively the same or close to "total 100% boycott".
I guess people can have different definitions and some will only consider a "true" boycott as one that is 100% entirely not spending, but for me the boycott idea is more in line with trying to follow a certain path or ideal, versus having to fully meet the standard 100% at all times. At the risk of bringing up controversial topics, consider how many people make an effort to follow a particular religion/philosophy, or to not eat/utilize animal products, etc. I think one can say they are [whatever] even if they don't meet a standard of complete perfection for it, as it were.
All that said, I will say practical considerations are most likely informing me the most. This is the place to buy DRM-free offline installers. My main concern with this store is that it will go further towards the DRM route and eventually perhaps eliminate the offline installers. So even if the actions of the store described in this topic are rather detestable imo, if you want the offline installers, "now" is the chance to get them, not necessarily "later." Also, all that said, I fully admire those of you in this topic who have stayed "100%" on your boycotting.
B1tF1ghter
Execute order $rep_string
Registered: Jun 2015
From Other
Posted May 10, 2021
low rated
Why?
Because it is written somewhere in the TOS and contract that you get those (that Galaxy is "100%" optional) and it doesn't matter if they someday change those as for any purchase the valid contract (PERMANENTLY) is the one that was live at the time of purchase.
Ergo:
If they would try to take away the offline installers to try to apply changes to past purchases they would be in pretty deep legal trouble. They would fall under a lot of customer protection laws.
More important is to ACTUALLY backup those. After participating in many threads in this forum for many years I am under an impression that majority of users here do NOT have valid backup strategy and they still show some sort of "DRM platform attitude" (remember - Steam offers you convenience of not having to rely on your local storage for installers - and it's very easy to get so deep into this "convenient thinking" to forget about it when stepping into DRM "free" platform).
So regardless of what GOG tries to pull - for those who don't already have the backup of everything they care about - now is the time to make it as future is uncertain.
It's not worth delaying and risking some major sh*tstorm when things go to sh*t and people would DDoS the GOG's storage servers.
I'm not suggesting it will happen any time soon.
But past few years' developments tought me it's certainly uncertain when this is going to happen and it's just now worth to delay backups indefinitely.
nightcraw1er.488
DRM Free is dead.
Registered: Apr 2012
From United Kingdom
Posted May 10, 2021
low rated
GOG is a lost cause. They gradually shedded everything they stood for and is one example of a company which only "listens" if it does not contradict their business plans.
In addition, I have the impression in order to "combat Valve", they go in bed with everyone who is against Valve, like Microsoft, Epic, Sony, there are no problems consorting with them and adding themselves DRM under their hood (just look in C:\ProgramData\Galaxy what it is doing and you do not get your games removed from an integration you have removed except bugging the support team). This is also easily demonstrated by having direct support for these companies / libraries in GOG Galaxy, but relegating Steam Support to a "community" plugin.
If you really wanna have a sane implementation of an overarchng launcher, get PlayNite. it also has a very GOG Galaxy community theme called Stardust for it and all your data is stored locally and not on somebody else's servers, like GOG does.
Oh, to add, it’s also a bit too focused on being a “launcher”, don’t understand the need for that, but some people insist on having everything installed. And it has functions to link accounts like steam and gog and download metadata. Me I wouldn’t use those. But it can also get metadata from igdb.
Post edited May 10, 2021 by nightcraw1er.488
nightcraw1er.488
DRM Free is dead.
Registered: Apr 2012
From United Kingdom
Posted May 10, 2021
Why?
Because it is written somewhere in the TOS and contract that you get those (that Galaxy is "100%" optional) and it doesn't matter if they someday change those as for any purchase the valid contract (PERMANENTLY) is the one that was live at the time of purchase.
Ergo:
If they would try to take away the offline installers to try to apply changes to past purchases they would be in pretty deep legal trouble. They would fall under a lot of customer protection laws.
More important is to ACTUALLY backup those. After participating in many threads in this forum for many years I am under an impression that majority of users here do NOT have valid backup strategy and they still show some sort of "DRM platform attitude" (remember - Steam offers you convenience of not having to rely on your local storage for installers - and it's very easy to get so deep into this "convenient thinking" to forget about it when stepping into DRM "free" platform).
So regardless of what GOG tries to pull - for those who don't already have the backup of everything they care about - now is the time to make it as future is uncertain.
It's not worth delaying and risking some major sh*tstorm when things go to sh*t and people would DDoS the GOG's storage servers.
I'm not suggesting it will happen any time soon.
But past few years' developments tought me it's certainly uncertain when this is going to happen and it's just now worth to delay backups indefinitely.
B1tF1ghter
Execute order $rep_string
Registered: Jun 2015
From Other
Posted May 10, 2021
If you mean the md5 extracted from GOG's API for downloaded files then sure (shame on GOG for using it).
But if you want to use it yourself for data hashing / integrity then shame on YOU for using it.
Md5 in this time is WORTHLESS already for YEARS.
It is waaaaay too easy to collide with it.
For any serious ANYTHING you should use at the very least sha256.
They cannot exactly LEGALLY do that.
nightcraw1er.488: Just explain it as that they have provided years for users to download the necessary files That would run entirely on an assumption that EVERY user had those literal "YEARS" to download the products.
That would mean one of two things then:
1.Either ignoring everybody who "just" got thier yet-to-be-downloaded products
2.Or assuming GOG had no income for several years (because all last purchases were "years ago")
As a corp you just cannot make such assumptions.
It's unfair for at least a chunk of userbase.
nightcraw1er.488: Other stores have fortunately given a small time window to download, such ass dot emu and shinyloot, but there is no requirement. Download everything immediately and backup, only safe way. There is (or at least used to be, it's been a while since I last checked it fundamentally) somewhere in TOS a text saying that in the "unlikely event" of them going down they will provide some time (WITH NOTICE) before closing their servers.
That's in theory. Don't ask me how they would act in practise.
But if you want to use it yourself for data hashing / integrity then shame on YOU for using it.
Md5 in this time is WORTHLESS already for YEARS.
It is waaaaay too easy to collide with it.
For any serious ANYTHING you should use at the very least sha256.
They cannot exactly LEGALLY do that.
That would mean one of two things then:
1.Either ignoring everybody who "just" got thier yet-to-be-downloaded products
2.Or assuming GOG had no income for several years (because all last purchases were "years ago")
As a corp you just cannot make such assumptions.
It's unfair for at least a chunk of userbase.
That's in theory. Don't ask me how they would act in practise.
Eli
Deus Ex Luminary
Registered: Sep 2009
From United States
Zrevnur
CENSORED by the --g of RED devotion
Registered: Mar 2011
From Germany
Posted May 10, 2021
low rated
And another potential legal issue: It would make Galaxy obligatory for updates. So if they advertised with Galaxy being fully optional (or even have it in the ToS) - that is then no longer true.
nightcraw1er.488
DRM Free is dead.
Registered: Apr 2012
From United Kingdom
Posted May 10, 2021
low rated
But if you want to use it yourself for data hashing / integrity then shame on YOU for using it.
Md5 in this time is WORTHLESS already for YEARS.
It is waaaaay too easy to collide with it.
For any serious ANYTHING you should use at the very least sha256.
That would mean one of two things then:
1.Either ignoring everybody who "just" got thier yet-to-be-downloaded products
2.Or assuming GOG had no income for several years (because all last purchases were "years ago")
As a corp you just cannot make such assumptions.
It's unfair for at least a chunk of userbase.
That's in theory. Don't ask me how they would act in practise.
Ha, yes.
And another potential legal issue: It would make Galaxy obligatory for updates. So if they advertised with Galaxy being fully optional (or even have it in the ToS) - that is then no longer true.
Post edited May 10, 2021 by nightcraw1er.488
B1tF1ghter
Execute order $rep_string
Registered: Jun 2015
From Other
Posted May 10, 2021
low rated
It not only allows SAME CHECKSUM for 2 different stacks of data * but it ALSO is UTTERLY WORTHLESS for detecting changes for the VERY SAME REASON.
* Md5 is fundamentally FLAWED on a DESIGN level. It imo should have never be let out into the wild and used.
It's a worthless trash. It always has been but people kept denying it for many years.
There is this expcetionally dumb attitude thing in IT industry (and I say that as a person involved in said industry) - something that I hate and never really understood - for a lack of a better term let's call this "lenient underestimation".
People worldwide choose to use "the least difficulty path" when designing software, as in:
Using the kind of algorithms or their complexity levels (say in conversion matrices for hashing), least derivation rounds, shortest possible string for filesystem timestamps, and so on.
It's like a self fulfilling prophecy "free for all".
I always found it beyond dumb.
You can LITERALLY calculate *when* things will INEVITABLY go to utter SH*T just because someone decided to prioritize ease of coding and / or SLIGHTLY, marginally, perhaps *undetectably*, faster code speed over than longterm reliability and longetivity.
So for example in 2038 things will majorly go to sh*t, it will get FAR WORSE than "year 2k", JUST BECAUSE some people decided to use attrociously "the shortest possible" lowered number space for timestamps almost EVERYWHERE in Linux code.
We are ALREADY IN 2K21 and BARELY ANYTHING is already fixed to fix the problem!
Like what the F!
Humans really do seem to be LAZY and LOVE waiting until the very last moment! >:(
In which case it may already be too late!
How is this related to MD5?
It is directly.
It:
1.Was badly designed therefore TECHNICALLY really WORTHLESS *since day one*
2.Was used for WAY TOO LONG by the industry and SOMEHOW it's STILL USED, even tho it was MULTIPLE TIMES already PROVEN it's WORTHLESS to the point it's DANGEROUS to use it.
I'm sorry dude but I don't feel like giving you a lecture on HOW and WHY.
It may take you YEARS to dig through enough docs to understand this.
So just note this:
MD5? WORTHLESS. Should not be used for ANYTHING. Not even for absurdly unimportant stuff. That is unless you are a masochist that loves pain and loosing time.
SHA1 - some people debate it, but it is BROKEN already, generally speaking use this only if you really NOT CARE about what you are hashing with it
sha256 - TECHNICALLY "still" "usable" tho this is about the time to stop using it if you SERIOUSLY care about data integrity in the longterm and security, it's ALREADY broken and it's imo pretty funny how most people in IT industry seem to not notice that at all
KNOWING how this all works and simultaneously using anything less than sha256 is INSANITY.
It's not really my problem that there are double standards EVERYWHERE and people delude themselves into thinking "it's 'still' fine for now".
It's not.
Things are different than most people in the industry worldwide report.
Don't repeat peoples mistakes.
Don't use double standards.
Don't cheap out.
Do it right or don't do it at all.
PLEASE, don't repeat others' mistakes just because majority is IDIOTS who don't know any better yet work in the industry!
If you care abour data integrity and security read this (as a starter, there is MUCH MUCH MUCH more to read on this):
https://en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
Tldr:
My personal advice is to use sha3-512 and something like Blake & ChaCha20 derivatives, as well as for example shake512 for data integrity. (use MORE THAN ONE per file)
You care if you CHANGED something in a file?
Well then MD5 should IMMEDIATELLY get out through a window for you.
Because you can LITERALLY get a bitflip in a file and the MD5 of it may not reflect the change with VERY high probability as that algorithm is badly DESIGNED.
I can tell you that for example HumbleBundle TOS is literally illegal in EU and it's only a matter of time until they get sued by somebody.
nightcraw1er.488
DRM Free is dead.
Registered: Apr 2012
From United Kingdom
Posted May 10, 2021
low rated
It not only allows SAME CHECKSUM for 2 different stacks of data * but it ALSO is UTTERLY WORTHLESS for detecting changes for the VERY SAME REASON.
* Md5 is fundamentally FLAWED on a DESIGN level. It imo should have never be let out into the wild and used.
It's a worthless trash. It always has been but people kept denying it for many years.
There is this expcetionally dumb attitude thing in IT industry (and I say that as a person involved in said industry) - something that I hate and never really understood - for a lack of a better term let's call this "lenient underestimation".
People worldwide choose to use "the least difficulty path" when designing software, as in:
Using the kind of algorithms or their complexity levels (say in conversion matrices for hashing), least derivation rounds, shortest possible string for filesystem timestamps, and so on.
It's like a self fulfilling prophecy "free for all".
I always found it beyond dumb.
You can LITERALLY calculate *when* things will INEVITABLY go to utter SH*T just because someone decided to prioritize ease of coding and / or SLIGHTLY, marginally, perhaps *undetectably*, faster code speed over than longterm reliability and longetivity.
So for example in 2038 things will majorly go to sh*t, it will get FAR WORSE than "year 2k", JUST BECAUSE some people decided to use attrociously "the shortest possible" lowered number space for timestamps almost EVERYWHERE in Linux code.
We are ALREADY IN 2K21 and BARELY ANYTHING is already fixed to fix the problem!
Like what the F!
Humans really do seem to be LAZY and LOVE waiting until the very last moment! >:(
In which case it may already be too late!
How is this related to MD5?
It is directly.
It:
1.Was badly designed therefore TECHNICALLY really WORTHLESS *since day one*
2.Was used for WAY TOO LONG by the industry and SOMEHOW it's STILL USED, even tho it was MULTIPLE TIMES already PROVEN it's WORTHLESS to the point it's DANGEROUS to use it.
I'm sorry dude but I don't feel like giving you a lecture on HOW and WHY.
It may take you YEARS to dig through enough docs to understand this.
So just note this:
MD5? WORTHLESS. Should not be used for ANYTHING. Not even for absurdly unimportant stuff. That is unless you are a masochist that loves pain and loosing time.
SHA1 - some people debate it, but it is BROKEN already, generally speaking use this only if you really NOT CARE about what you are hashing with it
sha256 - TECHNICALLY "still" "usable" tho this is about the time to stop using it if you SERIOUSLY care about data integrity in the longterm and security, it's ALREADY broken and it's imo pretty funny how most people in IT industry seem to not notice that at all
KNOWING how this all works and simultaneously using anything less than sha256 is INSANITY.
It's not really my problem that there are double standards EVERYWHERE and people delude themselves into thinking "it's 'still' fine for now".
It's not.
Things are different than most people in the industry worldwide report.
Don't repeat peoples mistakes.
Don't use double standards.
Don't cheap out.
Do it right or don't do it at all.
PLEASE, don't repeat others' mistakes just because majority is IDIOTS who don't know any better yet work in the industry!
If you care abour data integrity and security read this (as a starter, there is MUCH MUCH MUCH more to read on this):
https://en.wikipedia.org/wiki/SHA-2#Comparison_of_SHA_functions
Tldr:
My personal advice is to use sha3-512 and something like Blake & ChaCha20 derivatives, as well as for example shake512 for data integrity. (use MORE THAN ONE per file)
You care if you CHANGED something in a file?
Well then MD5 should IMMEDIATELLY get out through a window for you.
Because you can LITERALLY get a bitflip in a file and the MD5 of it may not reflect the change with VERY high probability as that algorithm is badly DESIGNED.
I can tell you that for example HumbleBundle TOS is literally illegal in EU and it's only a matter of time until they get sued by somebody.
B1tF1ghter
Execute order $rep_string
Registered: Jun 2015
From Other
Posted May 10, 2021
low rated
I realize you were probably sarcastic but weeding yourself to an utter chill will not relax YOU enough if you someday discover that 50+ % of your life's worth of backups are corrupt and you didn't manage to fix it in time because you used PROVEN PROFOUNDLY UNRELIABLE checksumming alg.
To put this into context:
It's SO BAD that if somebody would make SOMETHING LIKE MD5 *NOW* they would be likely called a TROLL.
It's not just bad. It's a waste of time.
It's not worth to use it at all unless you like deluding yourself and living on edge.
It's beyond unreliable.
It's COMPLETELY broken.
But hey, every man for himself, choose your own jam ;)
If you like masochistic "OH NO, oh My GOD" (yes, this IS a JOJO reference) then go ahead and contiune using it :D
To put this into context:
It's SO BAD that if somebody would make SOMETHING LIKE MD5 *NOW* they would be likely called a TROLL.
It's not just bad. It's a waste of time.
It's not worth to use it at all unless you like deluding yourself and living on edge.
It's beyond unreliable.
It's COMPLETELY broken.
But hey, every man for himself, choose your own jam ;)
If you like masochistic "OH NO, oh My GOD" (yes, this IS a JOJO reference) then go ahead and contiune using it :D
coffeecup
GOG is dead.
Registered: Mar 2010
From Vatican City
Posted May 11, 2021
low rated
Dunno, but IGDB support is built-in or at least there is a plugin for IGDB metadata and you can freely select your metadata sources. If you don't like GOG and or Steam for metadata, just remove the "metadata from the store" check boxes on the download metadata section.
nightcraw1er.488
DRM Free is dead.
Registered: Apr 2012
From United Kingdom
Posted May 11, 2021
low rated
Dunno, but IGDB support is built-in or at least there is a plugin for IGDB metadata and you can freely select your metadata sources. If you don't like GOG and or Steam for metadata, just remove the "metadata from the store" check boxes on the download metadata section.
Yes, I understand it is a launcher, really don’t understand this modern need for “launchers”, this is why i didn’t use launchbox. All I want is an excel replacement like collectorz.com without all the other nonsense. The good news on playnite is that it’s open source, could just stop out all I don’t want, and it was mentioned that v9 would have single database. In terms of metadata I have a huge amount already, and it’s grouped, hence why I was after custom fields like series, sub series, order. I would just write my own, but I wonder if it’s worth it.
Gudadantza
New User
Registered: Aug 2010
From Spain
Posted May 11, 2021
low rated
Just for the record, in Galaxy the external clients plugins can be disabled or deleted, and the things like time measuremet, autoupdating, cloud saves and the other Client features can be disabled as well. It can be used just as a database to add external games or for ordering managing/rationalizing your library, or for download/install the games in one pass or to use it as a downloader for the offline installers.
I understand that eventually everyone will use what they prefer, but what I don't want is to install an army of external random apps to make things even more complex and time demanding. Obviously I am referring to windows users, for now Galaxy is not available for Linux users nativelly.
I understand that eventually everyone will use what they prefer, but what I don't want is to install an army of external random apps to make things even more complex and time demanding. Obviously I am referring to windows users, for now Galaxy is not available for Linux users nativelly.