It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
Gutigen: Call it however You want, but this whole password protected installer is simply a DRM. Great job GOG, You had to fuck up the one feature which made GOG stand up in the crowd.
Agreed!
avatar
Gowor: Wow

When I left this thread, my last words were that I'll try to get "Wine mode" nogui switch working again, and one paragraph before - that I'm open to ideas that could be implemented. Thanks for some by the way.

After partially debugging the Wine fix, I returned to this thread, and noticed that it escalated quite a bit overnight.
While I'm open to ideas (and I implemented some requested changes before, like the way Foxit is installed), I'm only a programmer, not a PR person. I'm afraid in this situation I cannot continue this discussion. Sorry, it doesn't mean I don't care about this issue, but I’m here to write code and I wouldn’t like to be misunderstood.
As Benanov said, you might want to get the PR team ready.

It isn't something such as "gog games being distributed with malware on torrents" that is making news, but this very encryption itself, here: http://www.gamingonlinux.com/articles/gogs-installer-encryption-proving-to-be-difficult-for-linux-users.4761

Might I add, that GamingonLinux.com is probably the best Linux gaming site around. I know you didn't intend to create this situation but this is exactly what happens when you force an unneeded protection in someone's throat.

If I was you, I'd get that password off and try something different, like the community has proposed in the past few pages.
Post edited December 30, 2014 by Ganni1987
avatar
Gowor: Wow

When I left this thread, my last words were that I'll try to get "Wine mode" nogui switch working again, and one paragraph before - that I'm open to ideas that could be implemented. Thanks for some by the way.

After partially debugging the Wine fix, I returned to this thread, and noticed that it escalated quite a bit overnight.
While I'm open to ideas (and I implemented some requested changes before, like the way Foxit is installed), I'm only a programmer, not a PR person. I'm afraid in this situation I cannot continue this discussion. Sorry, it doesn't mean I don't care about this issue, but I’m here to write code and I wouldn’t like to be misunderstood.
Cheer up. :)

The technical details are beyond my current abilities, and therefore I don't understand some points of the debate, but let me just tell you it is nice to see one of Gog's programmers post on the forums and explain things. IMHO, people should calm down and discuss. Gowor's proven that Gog design is open to user input. Let them consider your advise, no need to flare up.
Post edited December 30, 2014 by Dalswyn
avatar
Ganni1987: As Benanov said, you might want to get the PR team ready.
What exactly do you guys hope for?
The PR team will only do its job by sugarcoating and not changing the facts,
so that GoG can carry on shitting on their former values and selling the mess as finest mousse au chocolat... and people will take it.
Best case would be, that they just didn't think this through, but seeing the recent development my hopes are low.
Post edited December 30, 2014 by Klumpen0815
avatar
Klumpen0815: What exactly do you guys hope for?
You may be right that the PR team will lack authority to say anything meaningful. We may need someone higher up.

I want them to acknowledge that intentionally placing digital restrictions on purchased files in an attempt to prevent anything but pre-approved ways of using them goes blatantly against their mission statement.

I want them to promise to stop doing that and either fix the affected installers, or (since they're large, and not everyone wants to re-download them) at least visibly show the passwords to each of them on their site.

Finally, if they think it's important that I'm left with any feeling of positivity after this treatment, they could even say sorry. But that's up to them.
avatar
Benanov: And now I'm locked out of my purchase and contemplating a refund.
since you have found this thread, you are not locked out of your purchases :p
just go back a couple of pages to the scripts posted there and you can simply unpack the installer.
it's really not much different than using innoextract (from a purely pragmatic viewpoint)
avatar
immi101: since you have found this thread, you are not locked out of your purchases :p
It is good that this is at least currently possible, but it's a small comfort akin to the DVD encryption being at least pretty easy to break when what you paid for was to not have to resort to that..

Maybe we should put up a site with md5sums of the gameids for those who find it hard to scrape the information or calculate them. We could call them "GOG no-installer cracks". Or a maybe make a web form by the name of "GOG keyfile generator".. ;(
*shrug*
if you can type "innoextract installer.exe" into your terminal, you should be able to download the script posted here[1], and type "gog_unrar.py installer.exe" ...
I wouldn't waste too much effort on something like your proposal.

[1] https://gist.github.com/ssokolow/7368450647df37c40830
avatar
Gowor: Wow

When I left this thread, my last words were that I'll try to get "Wine mode" nogui switch working again, and one paragraph before - that I'm open to ideas that could be implemented. Thanks for some by the way.

After partially debugging the Wine fix, I returned to this thread, and noticed that it escalated quite a bit overnight.
While I'm open to ideas (and I implemented some requested changes before, like the way Foxit is installed), I'm only a programmer, not a PR person. I'm afraid in this situation I cannot continue this discussion. Sorry, it doesn't mean I don't care about this issue, but I’m here to write code and I wouldn’t like to be misunderstood.
That's understandable. But since you're not the right person to continue this discussion, you should at least pass what's going on to those at GOG that can and should continue it, so that they show up and do so. Because now it almost sounds like you've made the decision that any discussion between GOG and us is closed now.

And I'm not sure that the PR people are the right ones - this is a matter that goes beyond PR; the discussion needs someone at GOG to go into the substance of the matter, and not just defend the public image of GOG.

As for taking in ideas and suggestions - if the password won't be removed, I don't see how taking in any of the suggestions made here, on top of the password, improves the situation.

So, please, before going back to writing code, make an effort and bring this matter to the attention of the decision making people at GOG.



avatar
Ganni1987: As Benanov said, you might want to get the PR team ready.

It isn't something such as "gog games being distributed with malware on torrents" that is making news, but this very encryption itself, here: http://www.gamingonlinux.com/articles/gogs-installer-encryption-proving-to-be-difficult-for-linux-users.4761

Might I add, that GamingonLinux.com is probably the best Linux gaming site around. I know you didn't intend to create this situation but this is exactly what happens when you force an unneeded protection in someone's throat.

If I was you, I'd get that password off and try something different, like the community has proposed in the past few pages.
I may be missing something, but how exactly does the link you provided support the effort made here and count as affecting GOG's public image? In spite of the number of views, there are few comments, and among them even fewer that are supportive.
avatar
HypersomniacLive: As for taking in ideas and suggestions - if the password won't be removed, I don't see how taking in any of the suggestions made here, on top of the password, improves the situation.
Well by making the new installers work with Wine like the old ones. Something he already said he would be working when he would have time.

I am starting to think that GoG is or will soon regret having used InnoSetup and not any of the other setup creation program for which no extraction tool exists, it would have simplified their lives...
avatar
Ganni1987: It isn't something such as "gog games being distributed with malware on torrents" that is making news, but this very encryption itself, here: http://www.gamingonlinux.com/articles/gogs-installer-encryption-proving-to-be-difficult-for-linux-users.4761
I came across this article too. GamingOnLinux is one of the sites that my RSS reader checks regularly.
avatar
Gersen: I am starting to think that GoG is or will soon regret having used InnoSetup and not any of the other setup creation program for which no extraction tool exists, it would have simplified their lives...
Selling former DRM-games as DRM-free isn't simplifying their lives either. But that's their business and why we are here and not at steam ;-)
avatar
HypersomniacLive: I may be missing something, but how exactly does the link you provided support the effort made here and count as affecting GOG's public image? In spite of the number of views, there are few comments, and among them even fewer that are supportive.
I've noticed that site doesn't generally get a lot of commenters, but I do believe that site gets a lot of Linux readers. I can't say for certain if it is affecting the public image or not, but I'm sure a lot of people have read it.
avatar
Gowor: -Rars are used for convenience, as they have some features that the old archives lack. For example when making a test build of the game, it's faster for us to update the archives than to repack them from scratch when making small changes for testers.
You can update/add to a 7zip just the same, and it's completely free and open-source, not $29.99 for WinRAR.

avatar
Gowor: -Yes, the archives are password-protected. Here's why:

The supported way of installing the games is by using the Installer, which apart from unpacking the files, also creates registry entries, shortcuts, compatibility fixes etc. We want to avoid having the situation, when user will see a unprotected rar file, download and unpack it, and get a "broken" installation, because he didn't use the installer.
There were situations, when users would download just a single part of the installer, or try to unrar it manually (because apparently some browsers detect our new archives as rar files), or even try to open the .bin files with the VLC Video Player.
In such a situation I think it's better to give immediate "it won't work that way" message, rather than allow someone to make a "partial" installation, which may or may not work, without any information.
The main point of an installer is to put everything in the right place, because most people can't find their way out of a wet cardboard box, much less find and put everything in the right place on their own computer (mainly Windows). I don't know about Windows, but on Linux I really don't need to install any games; Good games often come in a nice neat archive with everything in place and can run in place (nothing to move). Didn't some Windows games used to run right off a CD or DVD without install?

avatar
Gowor: Another reason - I want to avoid the situation where someone tampers with the archives (let's say adding malware, or some illegal content), and uploads the modified version on torrents. I don't want the GOG Installer installing anything else than it was supposed to, and it doesn't matter how it was obtained.

The Installer is designed mostly for reliability and ease of use for any user. And it's intentionally designed as it is.

Mind you - if you are using the supported installation mode, you don't have to enter the password anywhere. Nor is it in any way dependent on username, or hardware, or anything else. It's more or less hardcoded into the installer (I see you guys already figured out how), as much as the decompression algorithm. You can still use the installer exactly as you could since the beginning of GOG, and install your games wherever, whenever, and however many times you want. It doesn't detect where was it downloaded from either. That hasn't changed at all.
You're saying someone can't extract the password, extract the archive, put malware in the archive, and put the same password on the new archive? And considering you can add to RARs without repackaging them, can't someone add malware without repackaging them (never tested such a strange thing)?

And to put it simply, no one can say that you guys don't care about gamers: You even care about the safety and security of those who pirate your games! I mean, personally, even if I owned the most generous, friendly, and open gaming company, I would say "Screw you pirates, you get what you deserve (for trusting pirate rippers and for stealing a game that you should normally purchase if you truly think it's a game worth playing)".

And finally, as mentioned before, adding a password does NOT ensure file integrity (be it from malware or a bad connection or a badly uploaded file). Hashes do ensure file integrity. I recommend a combination of reasonably long hashes, because even hashes can be mimicked to a degree. But while getting a modified file to have the same single hash as the original file is possible, getting it to have 2 or more different types of hashes to be the same nears absolute impossibility. Just include the hashes on the download pages and have a note to check the hashes, as well as having the installer check the hashes. You don't need hashes on every file, just on the archives should be enough. Again, multiple hashes: md5sum (MD5 has known attacks where collisions can be produced), CRC32, sha1sum, sha256sum, whirlpool, etc. RHash program has a nice list of what it can make: http://rhash.anz.ru/
Post edited December 30, 2014 by MajorLunaC
http://www.bluesnews.com/s/157785/gog-com-on-rar-vs-drm