It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like:Chrome,Firefox,Internet Explorer orOpera

×
What I don't know ; Enough about the intricacies and implications of Open Source, especially effecting Galaxy
What I do know ; This is getting the most votes on the wishlist
What I suspect ; Many of those voters share my top line :)
I think it's better to ask for an API rather than GOG open source Galaxy or the Downloader.
avatar
opticq: I think it's better to ask for an API rather than GOG open source Galaxy or the Downloader.
It's already asked in parallel. One doesn't preclude the other. See here.

And GOG already plan to publish the protocol, it's not really something that we need to ask, except may be about the ETA.
Post edited May 11, 2015 by shmerl
avatar
shmerl: snip
Of course, I just don't think GOG will do either because, APIs change so fast these days and they run the risk of tarnishing the brand image due to subpar forks of their clients.
avatar
shmerl: snip
avatar
opticq: Of course, I just don't think GOG will do either because, APIs change so fast these days and they run the risk of tarnishing the brand image due to subpar forks of their clients.
They can mange publishing updates for the protocol. In cases when things change, servers usually support several versions in parallel for a while to allow clients to catch up.

"Tarnishing image" is a weird concern. It's like for e-mail service to worry that someone can make a buggy e-mail client.
Post edited May 11, 2015 by shmerl
avatar
shmerl: snip
For the first part sure they can do that, I was just saying I don't think GOG will.

The 2nd I meant a fork of Galaxy or the downloader itself. Email services don't open source their own clients up for forking.
avatar
shmerl: snip
avatar
opticq: For the first part sure they can do that, I was just saying I don't think GOG will.

The 2nd I meant a fork of Galaxy or the downloader itself. Email services don't open source their own clients up for forking.
There are many open source e-mail clients, so I'm not sure what you are saying. You don't blame bugs in KMail or Thunderbird as tarnishing any e-mail service they connect to, right?

My point is, bugs in the client don't tarnish the server. There can be tons of clients with their own bugs. Bugs are there to be fixed. Having more clients actually helps fixing bugs in the server itself too.
Post edited May 11, 2015 by shmerl
avatar
shmerl: I can think only of one downside that open source projects bring - they require more management.
There are more "downsides" than that, but probably one of the most important.

Many people have the wrong idea that Open Source is "just Upload it on Github" and than everybody will be happy.
The reality is much more complicated:
- Educate Developers, because Open Source require additional skills and concepts
- Decide the License.. GPL, MIT, and so on...
- Crosscheck how to bring the code to this level of license
- Define Guidelines (companies have their guidelines, but in that case you need to write something for outsiders)
- Create Internal and External Workflow (Unit Test, CI, etc)
- Have at least one Developer and one "Community Manager" which take care of "community management" (Pull request, Handle Complaints, etc)
- Decide if and how people could use the code (parts are handled by License, but what about API Keys availability for Server-Connection?)

And this is just a small list I made now. Even if somebody will not like: Look how long it takes for Microsoft to Open-Source their .Net Framework and they put a lot of efforts in it (Manpower, Money, Commitment). Sure the GoG Galaxy Client is not that complicated and therefore would not take over a year for a 45% Coverage of "migrate the code to Open Source". Still it's not just "a bit more management"...

So will these efforts make a big impact for the development and evolving of the client?

Another Downside: Defiant children - Syndrome
If you observe the development of other "bigger" open source projects you will see that they took time to build their current state. And some of them can only work, because there is a Repository Owner who just reject stuff and don't comment or even discuss about some topics.

Nobody will be angry if Linus do it. But what about GoG?
What if they decline any "Reverse-Engineered Skype-Client with Ingame Chat" - Pullrequest? Some people would complain, some would make a fork and suddenly we have several clients out there with an illegal feature. GoG will maybe enforced to stop these client from working: So GoG will be the bad guy (not DMCA, not the forks)

And how many of you can remember the "good old days" when a friend told you he has a new modified MSN/ICQ Messenger which is really cool and you should also install and suddenly these clients were Scamware? Do we need something like that for GoG?

As for the installer: I don't mind if it's open source. The possible risk/impact is quite low.
As for a client: I don't see any real reason for being open source because the possible risk is too big (if you have a steam-like client in mind in features and functionality ... except the DRM)

Just some additional words about the Overall "Open Source"-Religion:

Miss understandings
Open Source is no guarantee of trust, security or stability. Open Source is just an opportunity.

Whats?! But!
Open Source give the opportunity to check the code. It gives the opportunity to make penetration tests and see if anything is strange. But in the end somebody has to do it and anybody else have to believe/trust in him/her.

In the last 1.5 years we saw many open source projects fail in security. Some of these bugs were really old and nobody found them. Because nobody checked it. Everybody believed that "someone would do it and would write if something is strange". Just because Edward Snowden appeared (and hinted that some popular Open-Source has big flaws), a few people started to do the dirty work and make checks... so by coincidence really old bugs were found.

The same goes on trust.
Whatsapp has now the Textsecure Encryption implemented. Still nobody could check the servers (And there are some assumption that it is not well implemented).
If you bring it to GoG Galaxy: Nobody would know if the client or the server would be 100% as the source code is. And because some crucial information are not in the source code (lets say API Keys for the service) we could not be cross checking by just compile the code and run.

You even saw it on TrueCrypt -> It took quite a lot of work to audit the software. Even if it was open source...

It goes down to two simple questions
How many of you are able to contribute by coding? How many of you are willing to do it?

Because: "Somebody" is in the end often just "nobody".
avatar
Telaran: And this is just a small list I made now. Even if somebody will not like: Look how long it takes for Microsoft to Open-Source their .Net Framework and they put a lot of efforts in it
That's a very poor example, because MS were the prime case of being anti free software. Opening .NET happened against their internal way of doing things. So the fact that it was far from easy for them is their own fault.

Open source doesn't guarantee security. It improves potential for security. Ponder that.

I'm not sure why you bring Whatsapp as an example of anything. It's a horrible abomination of a service which can't be secure by its own definition. It uses non compliant XMPP and device ID instead of user name and password. Developers of this monstrosity are to be blamed for any damage it can cause.
Post edited May 11, 2015 by shmerl
avatar
shmerl: snip
Ok what I meant was 1st party services don't open source their clients i.e. Google doesn't open source their Hangouts messenger app on Windows.
avatar
shmerl: snip
avatar
opticq: Ok what I meant was 1st party services don't open source their clients i.e. Google doesn't open source their Hangouts messenger app on Windows.
That's a perfect anti example, and Eric Schmidt should be blamed for it. Initially Google were big supporters of instant messaging interoperability. They contributed to XMPP, used XMPP in their own service (Google Talk) which allowed any XMPP client to work with it (there was no need for them to open the client because it was pretty useless in comparison with tons of existing open XMPP clients out there). Not only that, Google opened their XMPP server for federation, allowing users of other XMPP servers to communicate with users of Google Talk (same idea as e-mail has for years).

Then came this "social" craze and Eric Schmidt. He killed Google Talk and pushed Hangouts as a presumably "better" alternative. OK, if it's better, why didn't they propose it as IETF standard like XMPP is? Because it's Eric Schmidt for you. His excuse is "no one else cared [about interoperability], so why Google should?" How lame is it? He could as well say that he succumbed to the usual greed and control urge.

After that Google went down the slope. Their XMPP server didn't add server to server encryption, failing to federate with any up to date XMPP service (cutting off all the users who had Google Talk contacts from communicating with them). And etc. and etc.

So, Hangouts is a perfect example how things should not be done.
Post edited May 11, 2015 by shmerl
avatar
Telaran: And this is just a small list I made now. Even if somebody will not like: Look how long it takes for Microsoft to Open-Source their .Net Framework and they put a lot of efforts in it
avatar
shmerl: That's a very poor example, because MS were the prime case of being anti free software. Opening .NET happened against their internal way of doing things. So the fact that it was far from easy for them is their own fault.
Making software open source (if developer and concept didn't had it in mind from start) is never easy. And Microsoft is still a good example because they put all their efforts in making .Net completely open source and cross platform and they still need their time (even with contribution from others).
Currently I am a .Net Developer and I like the new approach from Microsoft. I'm not against open source. Just about the "everything has to be open source"-Mantra.

avatar
shmerl: Open source doesn't guarantee security. It improves potential for security. Ponder that.
Is the "potential" reason enough to put all the mentioned effort I earlier stated? Sure "Security by obscurity" isn't the best approach, but at least one which can currently be done without a lot of change ... or should GoG stop the development of the Galaxy client until its open source and afterwards start with the real feature/functionality? Even if they have enough manpower, I would estimate at least 4 Months in real time (just the management would take several weeks -> Licensing-Decision, Crosscheck Law, Review Code and Tools used, Possible Discussion with publisher)

avatar
shmerl: 'm not sure why you bring Whatsapp as an example of anything. It's a horrible abomination of a service which can't be secure by its own definition. It uses non compliant XMPP and device ID instead of user name and password. Developers of this monstrosity are to be blamed for any damage it can cause.
It's a example of the client/server-issue (and I did that on purpose because there are many Whatsapp User which believe in that crap of "E2E Encryption"-advertisement). As long you don't be able to verify a server infrastructure, as this long you cannot talk about trust and the usage open source parts will not change the fact (if you like: Take Threema or even Telegram as other examples).
The chance, that the GoG Galaxy server-code will be available is less than 0,00%. So we could only validate the client and the calls to the server .. and I don't think that this will be enough for "real trust".
avatar
Telaran: Currently I am a .Net Developer and I like the new approach from Microsoft. I'm not against open source. Just about the "everything has to be open source"-Mantra.
Is that where you get this notion? :) MS never let their historic attitude go. Here it is:
https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists

avatar
Telaran: Is the "potential" reason enough to put all the mentioned effort I earlier stated?
It's not the only reason. But it's a valid reason which you ignored.

Sure, if you have open server you can also have better trust for the server. But it doesn't preclude improving trust for the client.

Whatsapp / Telegram are perfect example of server being an issue, yes. But client itself is also an issue. So your argument that if server can't be trusted, it's irrelevant if client is trusted for something else is not really valid.
Post edited May 11, 2015 by shmerl