Seriously now you need to put things in perspective here, it's not some kernel drivers controlling the cooling of a nuclear reactor we are talking about, but some installer, basically a glorified self extractor.

It might not be what some peoples consider to be the most elegant solution, but apparently it cover the very basic features GoG wanted from it (prevent the average joe from accidentally extracting the installer, etc... ). Like I said I doubt that having a 100% tamper proof installer was really very high on their priority list.

What secure ? they wanted to prevent non-technical peoples from being able to do something stupid with the installer, they weren't creating some e-banking application. And what "secure networking code" ? Galaxy is basically a downloader with some multi-player component what are you afraid it could do ?

Like I said to the previous poster, put things in perspective here. Peoples might not like how the installer handle some things but in the end apart from the password controversy there is nothing "wrong". They won't corrupt your computer, they are not a security risk (unless you download them from some torrent site), it won't work any worse than the previous version, etc...

And if really you don't want to accept compromises in the quality of the software you run on your computer then you better turn it off right now and start learning assembler to create your own OS, because most software, especially bigger ones, are full of such "compromises", often a thousand time worse, full of ugly legacy code that nobody is brave (or insane) enough to touch, full of thing that could be done a millionth time better but weren't because it wasn't a priority and it work the way it is, etc... "Not optimal" doesn't necessarily mean "broken".

Yes and ?

it won't happen over night, if in 8 years Microsoft announce they will drop support for Win32 executable and GoG is no longer around to provide updated installer, you can use the last Windows supporting them to execute them and save the installation folder.

Also, unless you expect every games to have an alternative open source engine available (Which would be great but sadly not realistic) , you will need some sort of WindowBox (or Wine 3.0) to run most games, and if it's able to run the game then it will most probably be also able to run the installer too.

And you get exactly that except that the pre-packaged installation is what GoG is selling, they never said the were providing the games as a .tag.gz or .7z archive, they provide an installer for the OS they support and if you want to use the files on another you are free to do it but you have to be ready to go through some "extra hassles".

And how do you extract the files from your second hand CD ? Many old games installers weren't created using InnoSetup and you have no guarantee to be able to extract their content without executing them.

And pirated copies usually use the original installer unless they have a good reason no to do so (i.e. the game come from Steam and doesn't have an installer), so if the pirated copies are pirated GoG games they will use the GoG installer, if they are not then they will use either the Group's own installer or the original one, no guarantee those will be compatible with InnoExtract either.

So in the end using this thread script and a RAR extractor is probably a lot more easier than the alternative you proposed.

But I am putting things into perspective. I use pieces of software that are orders of magnitude more complex than GOG's installers, and yet they manage not to annoy me to this degree. It is precisely perspective - that this is, as you put it, a glorified self extractor - that makes what would normally just be an ugly implementation detail a huge problem relative to its purpose. It's one of those "you had one job" type of deals.

I mean, just as an analogy: I have no idea of how well engineered the components inside my PC are. It generally works well for me, and even though I'm aware that it must be stuffed with legacy designs that are far from optimal, it doesn't bother me. On the other hand, there's USB connectors. I can't tell you how many times I've tried to connect a device into my computer and had to flip around the cable because USB plugs are blindly designed to be symmetrical. It's a far smaller design detail than, say, whatever the particulars of the mechanisms in my hard drive are. Yet it is one I interface with directly, and thus discern its deficiency far more clearly than by knowing about, say, the advantages of RISC processors over their CISC counterparts.

It's the same situation here. Installers, by your own admission, are relatively simple software. And, given that this site loudly advertises certain philosophies, I have certain reasonable expectations of how I want this relatively simple software to be. For something that basically just has to carry over data over to my computer, disabling a type of access when it clearly could have and has been done otherwise is, relatively speaking, put into perspective, a giant problem. It undermines a huge part of the reason why I like buying from here. You might not care about it, and that's fine, but you can't deny that there is a discernible difference, and all I am stating is that I have a strong preference for the way it was done before.

Bypassing the EULA is not going to fall under anitcircumvention laws. They explicitly mention "protection measures" or if you translate it into more appropriate terms, restriction measures (that's what DRM should be understood for - Digital Restrictions Management), that's the true intention of it.

First to give you some background of these corrupted laws:

1. DRM proponents realized quite early on, that DRM is ineffective to reduce piracy. It's broken once and after that pirates never deal with it.
2. They devised a legal mechanism (undemocratically, using WTO trade agreements as a backdoor to pressure local parliaments) which prohibits breaking DRM (see examples of such laws in different countries here: https://en.wikipedia.org/wiki/Anti-circumvention ) and as well prohibits anyone to tell others how to break it (that violates free speech rights by the way).
3. While that mechanism didn't reduce piracy in the slightest either, they also realized that it allows them expanding the copyright law way beyond what it was intended for. I.e. they can create new laws without going through the normal democratic process. For example using that law they can forbid fair use (even though according to copyright law itself, fair use is perfectly fine), or they can prohibit free speech (as above), i.e. censorship.
4. Once they realized that (or may be they knew it all along?) they started using DRM to advance all kind of agendas using the approach in #3 (forget about piracy - that's practically never what DRM is used for).

Now, the whole intention of anticircumvention laws is to be a legal shield for DRM. Or may be really the whole intention is to expand the copyright law, and DRM is just a tool for that, it doesn't really matter. The main point - they are tightly related. So, you can use their own crooked intention to measure what DRM is. If anything is falling under those laws - it's DRM (that's how DRM proponents themselves understood it after all). And if it is DRM, it's falling under these laws. In mathematical terms it's called necessity and sufficiency. I.e. while it's not a definition, it's a clear cut indicator which you can use to determine whether something is DRM or not.

I'd avoid using such definition, since it externalizes some factors (like pirates attempting to break it). As was mentioned above, DRM doesn't need to be broken or attempted to be broken to be called DRM.

You can use a simpler test for it. If something is an intentional artificial restriction on how some digital goods (data or code) can be used, it's DRM. I.e. it's a measure of reducing usability of the product.

For example digital locks on mobile devices which prevent users from switching to another carrier is a form of DRM. Pirates wouldn't care to break it in order to copy that small piece of software. But any normal person would be interested to break it in order to switch networks (and it has nothing to do with piracy). And unsurprisingly anticircumvention laws prohibit it. I.e. they are used here to prevent competition in the mobile networks. So you can easily see how this garbage is used way beyond what copyright law was intended for. But the test above works, and you can easily call it DRM.

When the elegant solution for stopping accidental extraction is a grand total of no code changes, then why do this at all?

please keep in mind that Gowor dropped out of this thread because he didn't want his remarks to be interpretated as if he was speaking on behalf of the company. As he said, he is just a coder. If you continue to treat his arguments as offical company policy in legal affairs, he probably won't dare to open his mouth again in this thread :p


While I personally don't care about any potential DMCA conflict, I bothers me a bit that we might get into conflict with the upcoming new GOG policy. Because it states explicitly:

"... don’t modify, merge, distribute, translate, reverse engineer,
decompile, disassemble, or create derivative works of GOG
services or GOG content ..."

I rather want a long-term solution that doesn't (potentially) make me break the "Terms of use" every time I unpack an installer.
I would like it even more if the above paragraph would be removed from the policy alltogether, but for some strange reason this policy change hasn't generated the usual shitstorm that normally occurs when gog users see their freedom threatened.
Following this new policy to the letter would forbid most mods, engine rewrites, etc from this forum.

Did I miss a "we've changed our terms" e-mail? I was completely unaware of that change.

(Though, at the same time, I'm not going to panic over it. That looks fairly typical for something lawyers would put in without even a second thought.)

http://www.gog.com/forum/general/upcoming_update_to_gogcom_policies/page1

Can't say I remember anything about an email, I always deleted my messages once I read them. xD

Wow, this is a depressing way to start the new year...

Other users in this thread have done a very good job detailing the concerns of this change, but after having voted for the wishlist made my shmerl, I wanted to show my support against these package changes within the thread in a way other than saying "ditto, what they said".

I buy from GOG largely for the DRM-free position in their games.

After a while, I learned that the policies of GOG (the software packaging in question) allowed for a great deal of cross-platform gaming (another tenant of DRM-free in my opinion) with help from the community. Even though it wasn't officially supported, it was the kick I wanted to move from Windows to Linux as my primary OS (a change I don't regret).

As such, I threw my wallet behind GOG and now sit at 643 out of the current 888 offered with the goal of collecting them all.

I am also finally at a point where I spend my alloted gaming money primarily toward brand new games at full price instead of waiting for sales (to support the attractiveness of GOG to developers, and to further support developers).
The sad twist is that it sounds like I have to hold back further purchases because GOG may be yet another site where I feel the need to question what I'm actually getting from my purchases.

I still have trust that the GOG team will pull through and not harm the efforts of those who wish to try playing their games on other systems. But I am going to watch for news of this before I bring out my credit card for the time being.

So.. in addition to there being encryption to crack just to access the content that you paid for in non-pre-approved ways, doing anything of the kind will be explicitly forbidden in the terms of use too.

I don't know what to say anymore.

I was thinking more about the words "reverse-engineer", "decompile", "disassemble", techniques without which we wouldn't know the passwords to the new installers.

But yes, I did expect better from GOG than pretty much any other commercial software distributor.

These happen to be the same techniques without which we wouldn't have GOG itself – pretty much all patches and fixes that enable old games to function on current systems are the result of reverse engineering. This is also why I don't think GOG are going to be extremely strict regarding these clauses.